Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8afdcd51 by security tracker role at 2025-06-16T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,114 @@
-CVE-2025-40916
+CVE-2025-6179 (Permissions Bypass in Extension Management in Google ChromeOS
...)
+ TODO: check
+CVE-2025-6177 (Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2
and pote ...)
+ TODO: check
+CVE-2025-6172 (Permission vulnerability in the mobile application
(com.afmobi.boompla ...)
+ TODO: check
+CVE-2025-6170 (A flaw was found in the interactive shell of the xmllint
command-line ...)
+ TODO: check
+CVE-2025-6137 (A vulnerability classified as critical has been found in
TOTOLINK T10 ...)
+ TODO: check
+CVE-2025-6136 (A vulnerability was found in Projectworlds Life Insurance
Management S ...)
+ TODO: check
+CVE-2025-6135 (A vulnerability was found in Projectworlds Life Insurance
Management S ...)
+ TODO: check
+CVE-2025-6134 (A vulnerability was found in Projectworlds Life Insurance
Management S ...)
+ TODO: check
+CVE-2025-6133 (A vulnerability was found in Projectworlds Life Insurance
Management S ...)
+ TODO: check
+CVE-2025-6132 (A vulnerability has been found in Chanjet CRM 1.0 and
classified as cr ...)
+ TODO: check
+CVE-2025-6131 (A vulnerability, which was classified as problematic, was found
in Cod ...)
+ TODO: check
+CVE-2025-6130 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-6129 (A vulnerability classified as critical was found in TOTOLINK
EX1200T 4 ...)
+ TODO: check
+CVE-2025-6128 (A vulnerability classified as critical has been found in
TOTOLINK EX12 ...)
+ TODO: check
+CVE-2025-6127 (A vulnerability was found in PHPGurukul Nipah Virus Testing
Management ...)
+ TODO: check
+CVE-2025-6126 (A vulnerability was found in PHPGurukul Rail Pass Management
System 1. ...)
+ TODO: check
+CVE-2025-6125 (A vulnerability was found in PHPGurukul Rail Pass Management
System 1. ...)
+ TODO: check
+CVE-2025-6124 (A vulnerability was found in code-projects Restaurant Order
System 1.0 ...)
+ TODO: check
+CVE-2025-6123 (A vulnerability has been found in code-projects Restaurant
Order Syste ...)
+ TODO: check
+CVE-2025-6122 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-6121 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2025-6120 (A vulnerability classified as critical was found in Open Asset
Import ...)
+ TODO: check
+CVE-2025-6119 (A vulnerability classified as critical has been found in Open
Asset Im ...)
+ TODO: check
+CVE-2025-6118 (A vulnerability was found in Das Parking Management System
\u505c\u8f6 ...)
+ TODO: check
+CVE-2025-6117 (A vulnerability was found in Das Parking Management System
\u505c\u8f6 ...)
+ TODO: check
+CVE-2025-6116 (A vulnerability was found in Das Parking Management System
\u505c\u8f6 ...)
+ TODO: check
+CVE-2025-6115 (A vulnerability was found in D-Link DIR-619L 2.06B01 and
classified as ...)
+ TODO: check
+CVE-2025-6114 (A vulnerability has been found in D-Link DIR-619L 2.06B01 and
classifi ...)
+ TODO: check
+CVE-2025-6113 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2025-6087 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in t ...)
+ TODO: check
+CVE-2025-5689 (A flaw was found in the temporary user record that authd uses
in the p ...)
+ TODO: check
+CVE-2025-5309 (The chat feature within Remote Support (RS) and Privileged
Remote Acce ...)
+ TODO: check
+CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse
untrusted P ...)
+ TODO: check
+CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-49124 (Untrusted Search Path vulnerability in Apache Tomcat installer
for Win ...)
+ TODO: check
+CVE-2025-48988 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2025-48976 (Allocation of resources for multipart headers with
insufficient limits ...)
+ TODO: check
+CVE-2025-46710 (Possible kernel exceptions caused by reading and writing
kernel heap d ...)
+ TODO: check
+CVE-2025-40729 (Reflected Cross-Site Scripting (XSS) in
/customer_support/index.php in ...)
+ TODO: check
+CVE-2025-40728 (SQL injection vulnerability in Customer Support System v1.0.
This vuln ...)
+ TODO: check
+CVE-2025-40727 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in '/se ...)
+ TODO: check
+CVE-2025-40726 (Reflected Cross-Site Scripting (XSS) vulnerability in
/pages/search-re ...)
+ TODO: check
+CVE-2025-3602 (Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP
2023.Q3.1 throu ...)
+ TODO: check
+CVE-2025-3594 (Path traversal vulnerability with the downloading and
installation of ...)
+ TODO: check
+CVE-2025-3526 (SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and
Liferay DX ...)
+ TODO: check
+CVE-2025-3464 (A race condition vulnerability exists in Armoury Crate. This
vulnerabi ...)
+ TODO: check
+CVE-2025-36632 (In Tenable Agent versions prior to 10.8.5 on a Windows host,
it was fo ...)
+ TODO: check
+CVE-2025-32798 (Conda-build contains commands and tools to build conda
packages. Prior ...)
+ TODO: check
+CVE-2025-32797 (Conda-build contains commands and tools to build conda
packages. Prior ...)
+ TODO: check
+CVE-2025-2327 (A flaw exists in FlashArray whereby the Key Encryption Key
(KEK) is lo ...)
+ TODO: check
+CVE-2025-2091 (An open redirection vulnerability in M-Files mobile
applications for A ...)
+ TODO: check
+CVE-2025-25265 (A web application for configuring the controller is accessible
at a sp ...)
+ TODO: check
+CVE-2025-25264 (An unauthenticated remote attacker can take advantage of the
current o ...)
+ TODO: check
+CVE-2025-24388 (A vulnerability in the OTRS Admin Interface and Agent
Interface (versi ...)
+ TODO: check
+CVE-2025-40916 (Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a
weak rand ...)
NOT-FOR-US: Mojolicious-Plugin-CaptchaPNG
CVE-2025-6169 (The WIMP website co-construction management platform from
HAMASTAR Tec ...)
NOT-FOR-US: HAMASTAR Technology
@@ -66,9 +176,9 @@ CVE-2025-1411 (IBM Security Verify Directory Container
10.0.0.0 through 10.0.3.1
NOT-FOR-US: IBM
CVE-2024-25573 (Unsanitized user-supplied data saved in the PingFederate
Administrativ ...)
NOT-FOR-US: PingFederate
-CVE-2025-47869
+CVE-2025-47869 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
NOT-FOR-US: Apache NuttX RTOS
-CVE-2025-47868
+CVE-2025-47868 (Out-of-bounds Write resulting in possible Heap-based Buffer
Overflow v ...)
NOT-FOR-US: Apache NuttX RTOS
CVE-2025-6070 (The Restrict File Access plugin for WordPress is vulnerable to
Directo ...)
NOT-FOR-US: WordPress plugin
@@ -333,15 +443,15 @@ CVE-2024-38823 (Salt's request server is vulnerable to
replay attacks when not u
- salt <removed>
CVE-2024-38822 (Multiple methods in the salt master skip minion token
validation. Ther ...)
- salt <removed>
-CVE-2025-49794
+CVE-2025-49794 (A use-after-free vulnerability was found in libxml2. This
issue occurs ...)
- libxml2 <unfixed> (bug #1107755)
[bookworm] - libxml2 <postponed> (Minor issue; revisit when fixed
upstream)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
-CVE-2025-49795
+CVE-2025-49795 (A NULL pointer dereference vulnerability was found in libxml2
when pro ...)
- libxml2 <unfixed> (bug #1107753)
[bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
-CVE-2025-49796
+CVE-2025-49796 (A vulnerability was found in libxml2. Processing certain
sch:name elem ...)
- libxml2 <unfixed> (bug #1107752)
[bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
@@ -9645,7 +9755,7 @@ CVE-2025-31259 (The issue was addressed with improved
input sanitization. This i
CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2025-31257 (This issue was addressed with improved memory handling. This
issue is ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -9716,7 +9826,7 @@ CVE-2025-31218 (This issue was addressed by removing the
vulnerable code. This i
CVE-2025-31217 (The issue was addressed with improved input validation. This
issue is ...)
NOT-FOR-US: Apple
CVE-2025-31215 (The issue was addressed with improved checks. This issue is
fixed in w ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -9737,14 +9847,14 @@ CVE-2025-31208 (The issue was addressed with improved
checks. This issue is fixe
CVE-2025-31207 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2025-31206 (A type confusion issue was addressed with improved state
handling. Thi ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31205 (The issue was addressed with improved checks. This issue is
fixed in w ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -9752,7 +9862,7 @@ CVE-2025-31205 (The issue was addressed with improved
checks. This issue is fixe
NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
NOTE: https://project-zero.issues.chromium.org/issues/408172161
CVE-2025-31204 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -9791,7 +9901,7 @@ CVE-2025-24258 (A permissions issue was addressed with
additional restrictions.
CVE-2025-24225 (An injection issue was addressed with improved input
validation. This ...)
NOT-FOR-US: Apple
CVE-2025-24223 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -24207,7 +24317,7 @@ CVE-2025-30429 (A path handling issue was addressed
with improved validation. Th
CVE-2025-30428 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2025-30427 (A use-after-free issue was addressed with improved memory
management. ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -24258,7 +24368,7 @@ CVE-2025-24266 (A buffer overflow was addressed with
improved bounds checking. T
CVE-2025-24265 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2025-24264 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -24339,7 +24449,7 @@ CVE-2025-24218 (A privacy issue was addressed with
improved private data redacti
CVE-2025-24217 (This issue was addressed with improved redaction of sensitive
informat ...)
NOT-FOR-US: Apple
CVE-2025-24216 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -24350,7 +24460,7 @@ CVE-2025-24215 (The issue was addressed with improved
checks. This issue is fixe
CVE-2025-24214 (A privacy issue was addressed by not logging contents of text
fields. ...)
NOT-FOR-US: Apple
CVE-2025-24213 (This issue was addressed with improved handling of floats.
This issue ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -24363,14 +24473,14 @@ CVE-2025-24211 (This issue was addressed with
improved memory handling. This iss
CVE-2025-24210 (A logic error was addressed with improved error handling. This
issue i ...)
NOT-FOR-US: Apple
CVE-2025-24209 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
CVE-2025-24208 (A permissions issue was addressed with additional
restrictions. This i ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -27777,7 +27887,7 @@ CVE-2025-25758 (An issue in KukuFM Android v1.12.7
(11207) allows attackers to a
CVE-2024-54564 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2024-54551 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -30633,7 +30743,7 @@ CVE-2025-24439 (Substance3D - Sampler versions 4.5.2
and earlier are affected by
CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
NOT-FOR-US: Adobe
CVE-2025-24201 (An out-of-bounds write issue was addressed with improved
checks to pre ...)
- {DSA-5885-1 DSA-5877-1}
+ {DSA-5885-1 DSA-5877-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -31120,7 +31230,7 @@ CVE-2024-54473 (This issue was addressed with improved
redaction of sensitive in
CVE-2024-54469 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54467 (A cookie management issue was addressed with improved state
management ...)
- {DSA-5885-1}
+ {DSA-5885-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -31139,7 +31249,7 @@ CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0
through 6.1.2.6 and 6.2.0.0 th
CVE-2024-44227 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2024-44192 (The issue was addressed with improved checks. This issue is
fixed in w ...)
- {DSA-5885-1}
+ {DSA-5885-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8afdcd51c0a3d17d431efd32d58a3d57e99ae070
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8afdcd51c0a3d17d431efd32d58a3d57e99ae070
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
