Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2d70077 by security tracker role at 2025-06-23T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2025-6547 (Improper Input Validation vulnerability in pbkdf2 allows
Signature Spo ...)
+ TODO: check
+CVE-2025-6545 (Improper Input Validation vulnerability in pbkdf2 allows
Signature Spo ...)
+ TODO: check
+CVE-2025-6518 (A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It
has be ...)
+ TODO: check
+CVE-2025-6517 (A vulnerability was found in Dromara MaxKey up to 4.1.7 and
classified ...)
+ TODO: check
+CVE-2025-6516 (A vulnerability has been found in HDF5 up to 1.14.6 and
classified as ...)
+ TODO: check
+CVE-2025-6513 (Standard Windows users can access the configuration file for
database ...)
+ TODO: check
+CVE-2025-6512 (On a client with a non-admin user, a script can be integrated
into a r ...)
+ TODO: check
+CVE-2025-6511 (A vulnerability classified as critical has been found in
Netgear EX615 ...)
+ TODO: check
+CVE-2025-6510 (A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138.
It has b ...)
+ TODO: check
+CVE-2025-6509 (A vulnerability was found in seaswalker spring-analysis up to
4379cce8 ...)
+ TODO: check
+CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute
shell com ...)
+ TODO: check
+CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests
containing SameS ...)
+ TODO: check
+CVE-2025-52967 (gateway_proxy_handler in MLflow before 3.1.0 lacks
gateway_path valida ...)
+ TODO: check
+CVE-2025-52939 (Out-of-bounds Write vulnerability in dail8859 NotepadNext
(src/lua/src ...)
+ TODO: check
+CVE-2025-52938 (Out-of-bounds Read vulnerability in dail8859 NotepadNext
(src/lua/src ...)
+ TODO: check
+CVE-2025-52937 (Vulnerability in PointCloudLibrary PCL
(surface/src/3rdparty/opennurbs ...)
+ TODO: check
+CVE-2025-52936 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
+ TODO: check
+CVE-2025-52935 (Integer Overflow or Wraparound vulnerability in dragonflydb
dragonfly ...)
+ TODO: check
+CVE-2025-52922 (Innoshop through 0.4.1 allows directory traversal via
FileManager API ...)
+ TODO: check
+CVE-2025-52921 (In Innoshop through 0.4.1, an authenticated attacker could
exploit the ...)
+ TODO: check
+CVE-2025-52920 (Innoshop through 0.4.1 allows Insecure Direct Object Reference
(IDOR) ...)
+ TODO: check
+CVE-2025-52879 (In JetBrains TeamCity before 2025.03.3 reflected XSS in the
NPM Regist ...)
+ TODO: check
+CVE-2025-52878 (In JetBrains TeamCity before 2025.03.3 usernames were exposed
to the u ...)
+ TODO: check
+CVE-2025-52877 (In JetBrains TeamCity before 2025.03.3 reflected XSS on
diskUsageBuild ...)
+ TODO: check
+CVE-2025-52876 (In JetBrains TeamCity before 2025.03.3 reflected XSS on the
favoriteIc ...)
+ TODO: check
+CVE-2025-52875 (In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the
Performa ...)
+ TODO: check
+CVE-2025-52542
+ REJECTED
+CVE-2025-50349 (PHPGurukul Pre-School Enrollment System Project V1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-50348 (PHPGurukul Pre-School Enrollment System Project V1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-49574 (Quarkus is a Cloud Native, (Linux) Container First framework
for writi ...)
+ TODO: check
+CVE-2025-49144 (Notepad++ is a free and open-source source code editor. In
versions 8. ...)
+ TODO: check
+CVE-2025-49126 (Visionatrix is an AI Media processing tool using ComfyUI. In
versions ...)
+ TODO: check
+CVE-2025-48700 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15
and 9.0 a ...)
+ TODO: check
+CVE-2025-48026 (A vulnerability in the WebApl component of Mitel OpenScape
Xpressions ...)
+ TODO: check
+CVE-2025-46101 (SQL Injection vulnerability in Beakon Software Beakon Learning
Managem ...)
+ TODO: check
+CVE-2025-44528 (An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX
CC26XX SDK ...)
+ TODO: check
+CVE-2025-2172 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and
8.0.0 fa ...)
+ TODO: check
+CVE-2025-2171 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and
8.0.0 do ...)
+ TODO: check
+CVE-2025-27387 (OPPO Clone Phone uses a weak password WiFi hotspot to transfer
files, ...)
+ TODO: check
+CVE-2025-23049 (Meridian Technique Materialise OrthoView through 7.5.1 allows
OS Comma ...)
+ TODO: check
+CVE-2024-45347 (An unauthorized access vulnerability exists in the Xiaomi Mi
Connect S ...)
+ TODO: check
+CVE-2024-3511 (An incorrect authorization vulnerability exists in multiple
WSO2 produ ...)
+ TODO: check
+CVE-2023-50450 (An issue was discovered in Sensopart VISOR Vision Sensors
before 2.10. ...)
+ TODO: check
+CVE-2023-48978 (An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a
remote a ...)
+ TODO: check
+CVE-2023-47298 (An issue in NCR Terminal Handler 1.5.1 allows a low-level
privileged a ...)
+ TODO: check
+CVE-2023-47297 (A settings manipulation vulnerability in NCR Terminal Handler
v1.5.1 a ...)
+ TODO: check
+CVE-2023-47295 (A CSV injection vulnerability in NCR Terminal Handler v1.5.1
allows at ...)
+ TODO: check
+CVE-2023-47294 (An issue in NCR Terminal Handler v1.5.1 allows low-level
privileged au ...)
+ TODO: check
+CVE-2023-47032 (Password Vulnerability in NCR Terminal Handler v.1.5.1 allows
a remote ...)
+ TODO: check
+CVE-2023-47031 (An issue in NCR Terminal Handler v.1.5.1 allows a remote
attacker to e ...)
+ TODO: check
+CVE-2023-47030 (An issue in NCR Terminal Handler v.1.5.1 allows a remote
attacker to e ...)
+ TODO: check
+CVE-2023-47029 (An issue in NCR Terminal Handler v.1.5.1 allows a remote
attacker to e ...)
+ TODO: check
+CVE-2021-47688 (In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with
local acces ...)
+ TODO: check
CVE-2025-6503 (A vulnerability was found in code-projects Inventory Management
System ...)
NOT-FOR-US: code-projects
CVE-2025-6502 (A vulnerability has been found in code-projects Inventory
Management S ...)
@@ -681,7 +787,7 @@ CVE-2025-47293 (PowSyBl (Power System Blocks) is a
framework to build power syst
NOT-FOR-US: PowSyBl (Power System Blocks)
CVE-2025-5416 (A vulnerability has been identified in Keycloak that could lead
to una ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-4563
+CVE-2025-4563 (A vulnerability exists in the NodeRestriction admission
controller whe ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
@@ -2355,7 +2461,7 @@ CVE-2025-48945 (pycares is a Python module which provides
an interface to c-ares
NOTE:
https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
NOTE: Fixed by:
https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4
(v4.9.0)
CVE-2025-6199 (A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW
decoder. Wh ...)
- {DSA-5946-1}
+ {DSA-5946-1 DLA-4225-1}
- gdk-pixbuf 2.42.12+dfsg-3 (bug #1107994)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2373147
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/257
@@ -2638,33 +2744,39 @@ CVE-2025-6191 (Integer overflow in V8 in Google Chrome
prior to 137.0.7151.119 a
- chromium 137.0.7151.119-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-49180 (A flaw was found in the RandR extension, where the
RRChangeProviderPro ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d
CVE-2025-49179 (A flaw was found in the X Record extension. The
RecordSanityCheckRegis ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4
CVE-2025-49178 (A flaw was found in the X server's request handling. Non-zero
'bytes t ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2
CVE-2025-49177 (A flaw was found in the XFIXES extension. The
XFixesSetClientDisconnec ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af
CVE-2025-49176 (A flaw was found in the Big Requests extension. The request
length is ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.3 (bug #1108073)
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
NOTE: Followup:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
CVE-2025-49175 (A flaw was found in the X Rendering extension's handling of
animated c ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -87665,6 +87777,7 @@ CVE-2024-43800 (serve-static serves static files.
serve-static passes untrusted
NOTE:
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
(1.16.0)
NOTE:
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
(2.1.0)
CVE-2024-43799 (Send is a library for streaming files from the file system as
a http r ...)
+ {DLA-4224-1}
- node-send 1.1.0+~cs1.19.4-1 (bug #1081483)
[bookworm] - node-send 0.18.0+~cs1.19.1-3+deb12u1
NOTE:
https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
@@ -327848,7 +327961,7 @@ CVE-2021-38489
RESERVED
CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is
vulnerable to ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38487 (RTI Connext DDS Professional, Connext DDS Secure versions 4.2x
to 6.1. ...)
+CVE-2021-38487 (RTI Connext Professional versions 4.1 to 6.1.0, and Connext
Micro vers ...)
NOT-FOR-US: RTI Connext DDS
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 cl ...)
NOT-FOR-US: InHand Networks IR615 Router
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d700777c44ee25772749a14458cff21fef6b9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d700777c44ee25772749a14458cff21fef6b9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
