[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 19 Jun 2025 13:13:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3afcabc2 by security tracker role at 2025-06-19T20:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2025-6276 (A vulnerability was found in Brilliance Golden Link Secondary 
System u ...)
+       TODO: check
+CVE-2025-6275 (A vulnerability was found in WebAssembly wabt up to 1.0.37. It 
has bee ...)
+       TODO: check
+CVE-2025-6274 (A vulnerability was found in WebAssembly wabt up to 1.0.37. It 
has bee ...)
+       TODO: check
+CVE-2025-6273 (A vulnerability was found in WebAssembly wabt up to 1.0.37 and 
classif ...)
+       TODO: check
+CVE-2025-6272 (A vulnerability has been found in wasm3 0.5.0 and classified as 
proble ...)
+       TODO: check
+CVE-2025-6271 (A vulnerability, which was classified as problematic, was found 
in swf ...)
+       TODO: check
+CVE-2025-6270 (A vulnerability, which was classified as critical, has been 
found in H ...)
+       TODO: check
+CVE-2025-6269 (A vulnerability classified as critical was found in HDF5 up to 
1.14.6. ...)
+       TODO: check
+CVE-2025-6268 (A vulnerability classified as problematic has been found in 
Luna Imagi ...)
+       TODO: check
+CVE-2025-6267 (A vulnerability was found in zhilink 
\u667a\u4e92\u8054(\u6df1\u5733)\ ...)
+       TODO: check
+CVE-2025-6266 (A vulnerability was found in FLIR AX8 up to 1.46. It has been 
declared ...)
+       TODO: check
+CVE-2025-5234 (The Gutenverse News plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2025-5071 (The AI Engine plugin for WordPress is vulnerable to 
unauthorized modif ...)
+       TODO: check
+CVE-2025-52464 (Meshtastic is an open source mesh networking solution. In 
versions fro ...)
+       TODO: check
+CVE-2025-50200 (RabbitMQ is a messaging and streaming broker. In versions 
3.13.7 and p ...)
+       TODO: check
+CVE-2025-4738 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-49014 (jq is a command-line JSON processor. In version 1.8.0 a heap 
use after ...)
+       TODO: check
+CVE-2025-48886 (Hydra is a layer-two scalability solution for Cardano. Prior 
to versio ...)
+       TODO: check
+CVE-2025-36050 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores 
potentially ...)
+       TODO: check
+CVE-2025-33121 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12  is 
vulnerable to  ...)
+       TODO: check
+CVE-2025-33117 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12  could 
allow a pri ...)
+       TODO: check
+CVE-2024-24916 (Untrusted DLLs in the installer's directory may be loaded and 
executed ...)
+       TODO: check
 CVE-2025-6201 (The Pixel Manager for WooCommerce \u2013 Track Conversions and 
Analyti ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5524 (The OceanWP theme for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
@@ -1518,12 +1562,12 @@ CVE-2025-38005 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.12.30-1
        [bookworm] - linux 6.1.140-1
        NOTE: 
https://git.kernel.org/linus/fca280992af8c2fbd511bc43f65abb4a17363f2f (6.15-rc7)
-CVE-2025-31698 [ATS: Client IP address from PROXY protocol is not used for ACL]
+CVE-2025-31698 (ACL configured in ip_allow.config or remap.config does not use 
IP addr ...)
        - trafficserver <unfixed> (bug #1108044)
        NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/7
        NOTE: 
https://github.com/apache/trafficserver/commit/ce942e0acacd5cc9f38bd07565a1dfc5ffed0e33
 (9.2.11-rc0)
        NOTE: 
https://github.com/apache/trafficserver/commit/91a654dfa4de0c48aa222b87bfb909f9f21b03e0
 (master)
-CVE-2025-49763 [ATS: Remote DoS via memory exhaustion in ESI Plugin]
+CVE-2025-49763 (ESI plugin does not have the limit for maximum inclusion 
depth, and th ...)
        - trafficserver <unfixed> (bug #1108044)
        NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/7
        NOTE: 
https://github.com/apache/trafficserver/commit/2db8b8dc96e57fc292850f77b9783630cc9590b9
 (9.2.11-rc0)
@@ -1849,7 +1893,7 @@ CVE-2025-0320 (Local Privilege escalation allows a 
low-privileged user to gain S
        NOT-FOR-US: Citrix
 CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote 
attacker  ...)
        NOT-FOR-US: SeaCMS
-CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]
+CVE-2025-6019 (A Local Privilege Escalation (LPE) vulnerability was found in 
libblock ...)
        {DSA-5943-1 DLA-4221-1}
        - libblockdev 3.3.0-2.1
        NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
@@ -13856,6 +13900,7 @@ CVE-2025-0649 (Incorrect JSON input stringificationin 
Google's Tensorflow servin
 CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress 
is vulne ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
+       {DLA-4222-1}
        - activemq 5.17.6+dfsg-2 (bug #1104933)
        NOTE: https://issues.apache.org/jira/browse/AMQ-6596
        NOTE: Fixed by https://github.com/apache/activemq/pull/1399
@@ -21592,7 +21637,7 @@ CVE-2025-3533 (A vulnerability, which was classified as 
problematic, has been fo
        NOT-FOR-US: YouDianCMS
 CVE-2025-3423 (IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to 
cross-site scr ...)
        NOT-FOR-US: IBM
-CVE-2025-32896
+CVE-2025-32896 (# Summary  Unauthorized users can perform Arbitrary File Read 
and Dese ...)
        NOT-FOR-US: Apache SeaTunnel
 CVE-2025-24859 (A session management vulnerability exists in Apache Roller 
before vers ...)
        NOT-FOR-US: Apache Roller
@@ -639415,7 +639460,7 @@ CVE-2016-3401 (Unspecified vulnerability in Zimbra 
Collaboration before 8.7.0 al
 CVE-2016-3400 (NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows 
man-in ...)
        NOT-FOR-US: NetApp Data ONTAP
 CVE-2016-3399
-       RESERVED
+       REJECTED
 CVE-2016-3398
        RESERVED
 CVE-2014-9768 (IBM Tivoli NetView Access Services (NVAS) allows remote 
authenticated  ...)
@@ -823366,7 +823411,7 @@ CVE-2006-2360 (SQL injection vulnerability in 
charts.php in the Chart mod for ph
 CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the 
Chart mo ...)
        NOT-FOR-US: phpbb mod
 CVE-2006-2192
-       RESERVED
+       REJECTED
 CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary 
files  ...)
        {DSA-857-1}
        - graphviz 2.2.1-1sarge1 (bug #336985; low)
@@ -835991,7 +836036,7 @@ CVE-2005-2357 (Directory traversal vulnerability in 
EMC Navisphere Manager 6.4.1
 CVE-2005-2355
        REJECTED
 CVE-2005-2347
-       RESERVED
+       REJECTED
 CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote 
attackers ...)
        NOT-FOR-US: Novell
 CVE-2005-2345



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3afcabc2af4d0d3322ad5a63a8f390197183a0e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3afcabc2af4d0d3322ad5a63a8f390197183a0e0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to