Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
832c0c2e by security tracker role at 2025-06-20T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,354 @@
-CVE-2025-38083 [net_sched: prio: fix a race in prio_tune()]
+CVE-2025-6363 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-6362 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-6361 (A vulnerability classified as critical was found in
code-projects Simp ...)
+ TODO: check
+CVE-2025-6360 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-6359 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6358 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6357 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6356 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6355 (A vulnerability has been found in SourceCodester Online Hotel
Reservat ...)
+ TODO: check
+CVE-2025-6354 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-6353 (A vulnerability classified as problematic was found in
code-projects R ...)
+ TODO: check
+CVE-2025-6352 (A vulnerability classified as problematic has been found in
code-proje ...)
+ TODO: check
+CVE-2025-6351 (A vulnerability was found in itsourcecode Employee Record
Management S ...)
+ TODO: check
+CVE-2025-6347 (A vulnerability was found in code-projects Responsive Blog
1.0/1.12.4/ ...)
+ TODO: check
+CVE-2025-6346 (A vulnerability was found in SourceCodester Advance Charity
Management ...)
+ TODO: check
+CVE-2025-6345 (A vulnerability was found in SourceCodester My Food Recipe 1.0
and cla ...)
+ TODO: check
+CVE-2025-6344 (A vulnerability has been found in code-projects Online Shoe
Store 1.0 ...)
+ TODO: check
+CVE-2025-6343 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-6342 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-6341 (A vulnerability classified as problematic was found in
code-projects S ...)
+ TODO: check
+CVE-2025-6340 (A vulnerability classified as problematic has been found in
code-proje ...)
+ TODO: check
+CVE-2025-6339 (A vulnerability was found in ponaravindb Hospital Management
System 1. ...)
+ TODO: check
+CVE-2025-6337 (A vulnerability was found in TOTOLINK A3002R and A3002RU
3.0.0-B202308 ...)
+ TODO: check
+CVE-2025-6336 (A vulnerability was found in TOTOLINK EX1200T
4.1.2cu.5232_B20210713. ...)
+ TODO: check
+CVE-2025-6335 (A vulnerability was found in DedeCMS up to 5.7.2 and classified
as cri ...)
+ TODO: check
+CVE-2025-6334 (A vulnerability has been found in D-Link DIR-867 1.0 and
classified as ...)
+ TODO: check
+CVE-2025-6333 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-6332 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-6331 (A vulnerability classified as critical was found in PHPGurukul
Directo ...)
+ TODO: check
+CVE-2025-6330 (A vulnerability classified as critical has been found in
PHPGurukul Di ...)
+ TODO: check
+CVE-2025-6329 (A vulnerability was found in ScriptAndTools Real Estate
Management Sys ...)
+ TODO: check
+CVE-2025-6328 (A vulnerability was found in D-Link DIR-815 1.01. It has been
declared ...)
+ TODO: check
+CVE-2025-6323 (A vulnerability was found in PHPGurukul Pre-School Enrollment
System 1 ...)
+ TODO: check
+CVE-2025-6322 (A vulnerability was found in PHPGurukul Pre-School Enrollment
System 1 ...)
+ TODO: check
+CVE-2025-6321 (A vulnerability has been found in PHPGurukul Pre-School
Enrollment Sys ...)
+ TODO: check
+CVE-2025-6320 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-6257 (The Euro FxRef Currency Converter plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-6193 (A command injection vulnerability was discovered in the
TrustyAI Expla ...)
+ TODO: check
+CVE-2025-5963 (The Postbox's configuration on macOS, specifically the presence
of ent ...)
+ TODO: check
+CVE-2025-5255 (The Phoenix Code's configuration on macOS, specifically the
presence o ...)
+ TODO: check
+CVE-2025-5121 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-52825 (Cross-Site Request Forgery (CSRF) vulnerability in Rameez
Iqbal Real E ...)
+ TODO: check
+CVE-2025-52822 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-52821 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-52802 (Missing Authorization vulnerability in enguerranws Import
YouTube vide ...)
+ TODO: check
+CVE-2025-52795 (Cross-Site Request Forgery (CSRF) vulnerability in aharonyan
WP Front ...)
+ TODO: check
+CVE-2025-52794 (Cross-Site Request Forgery (CSRF) vulnerability in
Creative-Solutions ...)
+ TODO: check
+CVE-2025-52793 (Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu
Esselin ...)
+ TODO: check
+CVE-2025-52792 (Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP
User Styl ...)
+ TODO: check
+CVE-2025-52791 (Cross-Site Request Forgery (CSRF) vulnerability in
devfelixmoira Knowl ...)
+ TODO: check
+CVE-2025-52790 (Cross-Site Request Forgery (CSRF) vulnerability in r-win
WP-DownloadCo ...)
+ TODO: check
+CVE-2025-52789 (Cross-Site Request Forgery (CSRF) vulnerability in George Lewe
Lewe Ch ...)
+ TODO: check
+CVE-2025-52784 (Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi
Bluff Po ...)
+ TODO: check
+CVE-2025-52783 (Cross-Site Request Forgery (CSRF) vulnerability in
themelocation Chang ...)
+ TODO: check
+CVE-2025-52782 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52781 (Cross-Site Request Forgery (CSRF) vulnerability in Beee
TinyNav allows ...)
+ TODO: check
+CVE-2025-52780 (Cross-Site Request Forgery (CSRF) vulnerability in Mohammad
Parsa Logo ...)
+ TODO: check
+CVE-2025-52772 (Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque
(a11n) ...)
+ TODO: check
+CVE-2025-52733 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52719 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-52715 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52713 (Server-Side Request Forgery (SSRF) vulnerability in BoldGrid
Post and ...)
+ TODO: check
+CVE-2025-52711 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid
Post and P ...)
+ TODO: check
+CVE-2025-52710 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52708 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52707 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52484 (RISC Zero is a general computing platform based on zk-STARKs
and the R ...)
+ TODO: check
+CVE-2025-50051 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50050 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50049 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50048 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50047 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50046 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50045 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50044 (Cross-Site Request Forgery (CSRF) vulnerability in Rameez
Iqbal Real E ...)
+ TODO: check
+CVE-2025-50043 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50042 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50041 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50038 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50037 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50036 (Cross-Site Request Forgery (CSRF) vulnerability in Yamna
Khawaja Maili ...)
+ TODO: check
+CVE-2025-50035 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50034 (Missing Authorization vulnerability in Mahmudul Hasan Arif
Enhanced Bl ...)
+ TODO: check
+CVE-2025-50033 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50030 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50027 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50026 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50025 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50024 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50023 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50022 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50021 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50020 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50019 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50018 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50017 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50016 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50015 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50014 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50013 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50012 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50010 (Missing Authorization vulnerability in Zapier Zapier for
WordPress all ...)
+ TODO: check
+CVE-2025-50009 (Missing Authorization vulnerability in Climax Themes Kata Plus
allows ...)
+ TODO: check
+CVE-2025-50008 (Missing Authorization vulnerability in cscode WooCommerce
Manager R ...)
+ TODO: check
+CVE-2025-4981 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x
<= 10. ...)
+ TODO: check
+CVE-2025-4102 (The Beaver Builder Plugin (Starter Version) plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2025-49998 (Missing Authorization vulnerability in Wetail WooCommerce
Fortnox Inte ...)
+ TODO: check
+CVE-2025-49997 (Missing Authorization vulnerability in Syed Balkhi Giveaways
and Conte ...)
+ TODO: check
+CVE-2025-49996 (Missing Authorization vulnerability in osama.esh WP Visitor
Statistics ...)
+ TODO: check
+CVE-2025-49995 (Authorization Bypass Through User-Controlled Key vulnerability
in dFac ...)
+ TODO: check
+CVE-2025-49993 (Missing Authorization vulnerability in Cookie Script
Cookie-Script.com ...)
+ TODO: check
+CVE-2025-49991 (Missing Authorization vulnerability in tggfref WP-Recall
allows Access ...)
+ TODO: check
+CVE-2025-49990 (Missing Authorization vulnerability in contentstudio
ContentStudio all ...)
+ TODO: check
+CVE-2025-49989 (Missing Authorization vulnerability in App Cheap App Builder
allows Ex ...)
+ TODO: check
+CVE-2025-49988 (Missing Authorization vulnerability in Renzo Contact Form 7
AWeber Ext ...)
+ TODO: check
+CVE-2025-49987 (Missing Authorization vulnerability in WPFactory CRM ERP
Business Solu ...)
+ TODO: check
+CVE-2025-49986 (Missing Authorization vulnerability in thanhtungtnt Video List
Manager ...)
+ TODO: check
+CVE-2025-49985 (Server-Side Request Forgery (SSRF) vulnerability in Ali Irani
Auto Upl ...)
+ TODO: check
+CVE-2025-49984 (Server-Side Request Forgery (SSRF) vulnerability in Angelo
Mandato Pow ...)
+ TODO: check
+CVE-2025-49983 (Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle
WPThumb ...)
+ TODO: check
+CVE-2025-49982 (Missing Authorization vulnerability in aguilatechnologies WP
Customer ...)
+ TODO: check
+CVE-2025-49981 (Missing Authorization vulnerability in mahabub81 User Roles
and Capabi ...)
+ TODO: check
+CVE-2025-49980 (Missing Authorization vulnerability in WP Event Manager WP
User Profil ...)
+ TODO: check
+CVE-2025-49979 (Missing Authorization vulnerability in slui Media Hygiene
allows Explo ...)
+ TODO: check
+CVE-2025-49978 (Authorization Bypass Through User-Controlled Key vulnerability
in eyec ...)
+ TODO: check
+CVE-2025-49977 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Inventory WP Inv ...)
+ TODO: check
+CVE-2025-49976 (Missing Authorization vulnerability in WANotifier WANotifier
allows Ex ...)
+ TODO: check
+CVE-2025-49975 (Cross-Site Request Forgery (CSRF) vulnerability in Hossni
Mubarak JobW ...)
+ TODO: check
+CVE-2025-49974 (Missing Authorization vulnerability in upstreamplugin
UpStream: a Proj ...)
+ TODO: check
+CVE-2025-49973 (Missing Authorization vulnerability in GrandPlugins Image
Sizes Contro ...)
+ TODO: check
+CVE-2025-49972 (Cross-Site Request Forgery (CSRF) vulnerability in David Wood
TM Repla ...)
+ TODO: check
+CVE-2025-49971 (Missing Authorization vulnerability in aThemeArt Translations
eDS Resp ...)
+ TODO: check
+CVE-2025-49970 (Missing Authorization vulnerability in sparklewpthemes Hello
FSE Blog ...)
+ TODO: check
+CVE-2025-49969 (Missing Authorization vulnerability in Zara 4 Zara 4 Image
Compression ...)
+ TODO: check
+CVE-2025-49968 (Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML
Travel P ...)
+ TODO: check
+CVE-2025-49967 (Cross-Site Request Forgery (CSRF) vulnerability in
marcusjansen Live S ...)
+ TODO: check
+CVE-2025-49966 (Cross-Site Request Forgery (CSRF) vulnerability in Oganro
Oganro Trave ...)
+ TODO: check
+CVE-2025-49965 (Cross-Site Request Forgery (CSRF) vulnerability in Oganro
PixelBeds Ch ...)
+ TODO: check
+CVE-2025-49964 (Cross-Site Request Forgery (CSRF) vulnerability in indgeek
ClipLink al ...)
+ TODO: check
+CVE-2025-49873 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49132 (Pterodactyl is a free, open-source game server management
panel. Prior ...)
+ TODO: check
+CVE-2025-48706 (An issue was discovered in COROS PACE 3 through 3.0808.0. Due
to an ou ...)
+ TODO: check
+CVE-2025-48705 (An issue was discovered in COROS PACE 3 through 3.0808.0. Due
to a NUL ...)
+ TODO: check
+CVE-2025-48059 (PowSyBl (Power System Blocks) is a framework to build power
system ori ...)
+ TODO: check
+CVE-2025-46179 (A SQL Injection vulnerability was discovered in the
askquery.php file ...)
+ TODO: check
+CVE-2025-46158 (An issue in redoxOS kernel before commit 5d41cd7c allows a
local attac ...)
+ TODO: check
+CVE-2025-45890 (Directory Traversal vulnerability in novel plus before v.5.1.0
allows ...)
+ TODO: check
+CVE-2025-45331 (brplot v420.69.1 contains a Null Pointer Dereference (NPD)
vulnerabili ...)
+ TODO: check
+CVE-2025-44635 (There are multiple unauthorized remote command execution
vulnerabiliti ...)
+ TODO: check
+CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit
verbose S ...)
+ TODO: check
+CVE-2025-3319 (IBM Spectrum Protect Server 8.1 through 8.1.26 could allow
attacker to ...)
+ TODO: check
+CVE-2025-3228 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x
<= 10. ...)
+ TODO: check
+CVE-2025-3227 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x
<= 10. ...)
+ TODO: check
+CVE-2025-34030 (An OS command injection vulnerability exists in sar2html
version 3.2.2 ...)
+ TODO: check
+CVE-2025-34029 (An OS command injection vulnerability exists in the Edimax
EW-7438RPn ...)
+ TODO: check
+CVE-2025-34024 (An OS command injection vulnerability exists in the Edimax
EW-7438RPn ...)
+ TODO: check
+CVE-2025-34023 (A path traversal vulnerability exists in the Karel IP1211 IP
Phone's w ...)
+ TODO: check
+CVE-2025-34022 (A path traversal vulnerability exists in multiple models of
Selea Targ ...)
+ TODO: check
+CVE-2025-34021 (A server-side request forgery (SSRF) vulnerability exists in
multiple ...)
+ TODO: check
+CVE-2025-32880 (An issue was discovered on COROS PACE 3 devices through
3.0808.0. It i ...)
+ TODO: check
+CVE-2025-32879 (An issue was discovered on COROS PACE 3 devices through
3.0808.0. It s ...)
+ TODO: check
+CVE-2025-32878 (An issue was discovered on COROS PACE 3 devices through
3.0808.0. It i ...)
+ TODO: check
+CVE-2025-32877 (An issue was discovered on COROS PACE 3 devices through
3.0808.0. It i ...)
+ TODO: check
+CVE-2025-32876 (An issue was discovered on COROS PACE 3 devices through
3.0808.0. The ...)
+ TODO: check
+CVE-2025-32875 (An issue was discovered in the COROS application through
3.8.12 for An ...)
+ TODO: check
+CVE-2025-32753 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1,
contains an ...)
+ TODO: check
+CVE-2025-2443 (An issue has been discovered in GitLab EE that allows for
cross-site-s ...)
+ TODO: check
+CVE-2025-25038 (An OS command injection vulnerability exists in MiniDVBLinux
version 5 ...)
+ TODO: check
+CVE-2025-25037 (An information disclosure vulnerability exists in Aquatronica
Controll ...)
+ TODO: check
+CVE-2025-25034 (A PHP object injection vulnerability exists in SugarCRM
versions prior ...)
+ TODO: check
+CVE-2024-7586 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
+ TODO: check
+CVE-2024-53298 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1,
contains a m ...)
+ TODO: check
+CVE-2024-4994 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2024-4025 (A Denial of Service (DoS) condition has been discovered in
GitLab CE/E ...)
+ TODO: check
+CVE-2025-38083 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/d35acc1be3480505b5931f17e4ea9b7617fea4d3 (6.16-rc2)
CVE-2025-6384 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
@@ -95,7 +445,7 @@ CVE-2025-47771 (PowSyBl (Power System Blocks) is a framework
to build power syst
TODO: check
CVE-2025-47293 (PowSyBl (Power System Blocks) is a framework to build power
system ori ...)
TODO: check
-CVE-2025-5416
+CVE-2025-5416 (A vulnerability has been identified in Keycloak that could lead
to una ...)
- keycloak <itp> (bug #1088287)
CVE-2025-4563
- kubernetes 1.20.5+really1.20.2-1
@@ -254,9 +604,9 @@ CVE-2025-36048 (IBM webMethods Integration Server 10.5,
10.7, 10.11, and 10.15 c
NOT-FOR-US: IBM
CVE-2025-29646 (An issue in upf in open5gs 2.7.2 and earlier allows a remote
attacker ...)
- open5gs <itp> (bug #1094791)
-CVE-2025-26199 (An issue in CloudClassroom PHP Project v.1.0 allows a remote
attacker ...)
+CVE-2025-26199 (CloudClassroom-PHP-Project v1.0 is affected by an insecure
credential ...)
NOT-FOR-US: CloudClassroom PHP Project
-CVE-2025-26198 (CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL
Injection in log ...)
+CVE-2025-26198 (CloudClassroom-PHP-Project v1.0 contains a critical SQL
Injection vuln ...)
NOT-FOR-US: CloudClassroom PHP Project
CVE-2025-23999 (Missing Authorization vulnerability in Cloudways Breeze allows
Exploit ...)
NOT-FOR-US: WordPress plugin or theme
@@ -1762,7 +2112,7 @@ CVE-2025-23252 (The NVIDIA NVDebug tool contains a
vulnerability that may allow
NOT-FOR-US: NVDebug
CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email
Marketing, ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-48945
+CVE-2025-48945 (pycares is a Python module which provides an interface to
c-ares. c-ar ...)
- pycares <unfixed>
[bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
[bullseye] - pycares <postponed> (Minor issue; can be fixed in next
update)
@@ -1973,7 +2323,7 @@ CVE-2025-45878 (A cross-site scripting (XSS)
vulnerability in the report manager
NOT-FOR-US: Miliaris Amigdala
CVE-2025-45526 (A denial of service (DoS) vulnerability has been identified in
the Jav ...)
NOT-FOR-US: microlight
-CVE-2025-45525 (A null pointer dereference vulnerability was discovered in
microlight. ...)
+CVE-2025-45525 (A NULL pointer dereference vulnerability has been identified
in the Ja ...)
NOT-FOR-US: microlight
CVE-2025-40674 (Reflected Cross-Site Scripting (XSS) in osCommerce v4. This
vulnerabil ...)
NOT-FOR-US: osCommerce
@@ -3521,7 +3871,7 @@ CVE-2025-49709 (Certain canvas operations could have lead
to memory corruption.
- firefox 139.0.4-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/#CVE-2025-49709
CVE-2025-49091 (KDE Konsole before 25.04.2 allows remote code execution in a
certain s ...)
- {DLA-4220-1}
+ {DSA-5945-1 DLA-4220-1}
- konsole 4:25.04.0-2 (bug #1107672)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/10/5
NOTE: https://kde.org/info/security/advisory-20250609-1.txt
@@ -27594,7 +27944,8 @@ CVE-2025-2909 (The lack of encryption in the DuoxMe
(formerly Blue) application
NOT-FOR-US: DuoxMe
CVE-2025-2908 (The exposure of credentials in the call forwarding
configuration modul ...)
NOT-FOR-US: MeetMe
-CVE-2025-2901 (A flaw was found in the JBoss EAP Management Console, where a
stored C ...)
+CVE-2025-2901
+ REJECTED
NOT-FOR-US: JBoss EAP Management Console
CVE-2025-2877 (A flaw was found in the Ansible Automation Platform's
Event-Driven Ans ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
@@ -168112,7 +168463,7 @@ CVE-2023-5831 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab 16.4.4+ds2-2
CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-5600
+CVE-2023-5600 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all
versions st ...)
- gitlab 16.4.4+ds2-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c0c2ed30cbe67b3da48f51a87fcd352f5b31d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c0c2ed30cbe67b3da48f51a87fcd352f5b31d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
