Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
653757a4 by security tracker role at 2025-05-27T08:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-5232 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-5231 (A vulnerability classified as critical was found in PHPGurukul
Company ...)
+ TODO: check
+CVE-2025-5230 (A vulnerability classified as critical has been found in
PHPGurukul On ...)
+ TODO: check
+CVE-2025-5229 (A vulnerability was found in Campcodes Online Hospital
Management Syst ...)
+ TODO: check
+CVE-2025-5228 (A vulnerability was found in D-Link DI-8100 up to 20250523. It
has bee ...)
+ TODO: check
+CVE-2025-5227 (A vulnerability was found in PHPGurukul Small CRM 3.0 and
classified a ...)
+ TODO: check
+CVE-2025-5226 (A vulnerability has been found in PHPGurukul Small CRM 3.0 and
classif ...)
+ TODO: check
+CVE-2025-5225 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-5224 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
+ TODO: check
+CVE-2025-5221 (A vulnerability was found in FreeFloat FTP Server 1.0.0. It has
been c ...)
+ TODO: check
+CVE-2025-5220 (A vulnerability was found in FreeFloat FTP Server 1.0.0 and
classified ...)
+ TODO: check
+CVE-2025-5219 (A vulnerability has been found in FreeFloat FTP Server 1.0.0
and class ...)
+ TODO: check
+CVE-2025-5218 (A vulnerability, which was classified as critical, was found in
FreeFl ...)
+ TODO: check
+CVE-2025-5217 (A vulnerability, which was classified as critical, has been
found in F ...)
+ TODO: check
+CVE-2025-5216 (A vulnerability classified as critical was found in PHPGurukul
Student ...)
+ TODO: check
+CVE-2025-5215 (A vulnerability classified as critical has been found in D-Link
DCS-50 ...)
+ TODO: check
+CVE-2025-5214 (A vulnerability was found in Kashipara Responsive Online
Learing Platf ...)
+ TODO: check
+CVE-2025-5213 (A vulnerability was found in projectworlds Responsive
E-Learning Syste ...)
+ TODO: check
+CVE-2025-5212 (A vulnerability was found in PHPGurukul Employee Record
Management Sys ...)
+ TODO: check
+CVE-2025-5211 (A vulnerability was found in PHPGurukul Employee Record
Management Sys ...)
+ TODO: check
+CVE-2025-5210 (A vulnerability has been found in PHPGurukul Employee Record
Managemen ...)
+ TODO: check
+CVE-2025-5208 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2025-5207 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-5206 (A vulnerability classified as critical was found in Pixelimity
1.0. Af ...)
+ TODO: check
+CVE-2025-5205 (A vulnerability classified as critical has been found in 1000
Projects ...)
+ TODO: check
+CVE-2025-5204 (A vulnerability classified as problematic has been found in
Open Asset ...)
+ TODO: check
+CVE-2025-4783 (The Exclusive Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-4683 (The MStore API \u2013 Create Native Android & iOS Apps On The
Cloud pl ...)
+ TODO: check
+CVE-2025-4682 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks,
Patterns & ...)
+ TODO: check
+CVE-2025-48828 (Certain vBulletin versions might allow attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2025-48827 (vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows
unauthent ...)
+ TODO: check
+CVE-2025-48794
+ REJECTED
+CVE-2025-48793
+ REJECTED
+CVE-2025-48792
+ REJECTED
+CVE-2025-48791
+ REJECTED
+CVE-2025-48790
+ REJECTED
+CVE-2025-48789
+ REJECTED
+CVE-2025-48788
+ REJECTED
+CVE-2025-48787
+ REJECTED
+CVE-2025-48786
+ REJECTED
+CVE-2025-48744 (In SIGB PMB before 8.0.1.2, attackers can achieve Local File
Inclusion ...)
+ TODO: check
+CVE-2025-48743 (SIGB PMB before 8.0.1.2 allows SQL injection.)
+ TODO: check
+CVE-2025-48742 (The installer in SIGB PMB before 8.0.1.2 allows remote code
execution.)
+ TODO: check
+CVE-2025-48382 (Fess is a deployable Enterprise Search Server. Prior to
version 14.19. ...)
+ TODO: check
+CVE-2025-48054 (Radashi is a TypeScript utility toolkit. Prior to version
12.5.1, the ...)
+ TODO: check
+CVE-2025-33079 (IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could
allow an a ...)
+ TODO: check
+CVE-2025-2407 (Missing Authentication & Authorization in Web-API in Mobatime
AMX MTAP ...)
+ TODO: check
+CVE-2025-26211 (Gibbon before 29.0.00 allows CSRF.)
+ TODO: check
+CVE-2025-23393 (A Improper Neutralization of Script-Related HTML Tags in a Web
Page (B ...)
+ TODO: check
+CVE-2024-47090 (Improper neutralization of input in Nagvis before version
1.9.47 which ...)
+ TODO: check
+CVE-2024-38866 (Improper neutralization of input in Nagvis before version
1.9.47 which ...)
+ TODO: check
CVE-2025-5222 [Stack buffer overflow in the SRBRoot::addTag function]
- icu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368600
@@ -2896,11 +2998,13 @@ CVE-2025-4209
CVE-2025-4169 (The Posts per Cat [Unmaintained plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-48175 (In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has
integer o ...)
+ {DLA-4179-1}
- libavif 1.2.1-1.1 (bug #1105883)
NOTE:
https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844
NOTE: https://github.com/AOMediaCodec/libavif/pull/2769
NOTE:
https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd
(v1.3.0)
CVE-2025-48174 (In libavif before 1.3.0, makeRoom in stream.c has an integer
overflow ...)
+ {DLA-4179-1}
- libavif 1.2.1-1.1 (bug #1105885)
NOTE: https://github.com/AOMediaCodec/libavif/pull/2768
NOTE:
https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029
(v1.3.0)
@@ -12575,6 +12679,7 @@ CVE-2025-30002 (A vulnerability has been identified in
TeleControl Server Basic
CVE-2025-2564 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x
<= 9.11 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-2291 (Password can be used past expiry in PgBouncer due to auth_query
not ta ...)
+ {DLA-4180-1}
- pgbouncer 1.24.1-1 (bug #1103394)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/9912ee7f1af2e1b81d4d624a0da1cb49075ee78a
(pgbouncer_1_24_1)
CVE-2025-29905 (A vulnerability has been identified in TeleControl Server
Basic (All v ...)
@@ -304227,7 +304332,7 @@ CVE-2021-3937
CVE-2021-3936
RESERVED
CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a
man-in-th ...)
- {DLA-2922-1}
+ {DLA-4180-1 DLA-2922-1}
- pgbouncer 1.16.1-1
[buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653757a4bc55c0e8b47d23ad7ac2992b436ce868
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653757a4bc55c0e8b47d23ad7ac2992b436ce868
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
