[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 04 Jun 2025 13:13:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
62ca93a1 by security tracker role at 2025-06-04T20:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2025-5688 (We have identified a buffer overflow issue allowing 
out-of-bounds writ ...)
+       TODO: check
+CVE-2025-5609 (A vulnerability classified as critical was found in Tenda AC18 
15.03.0 ...)
+       TODO: check
+CVE-2025-5608 (A vulnerability classified as critical has been found in Tenda 
AC18 15 ...)
+       TODO: check
+CVE-2025-5607 (A vulnerability was found in Tenda AC18 15.03.05.05. It has 
been rated ...)
+       TODO: check
+CVE-2025-5606 (A vulnerability was found in Tenda AC18 15.03.05.05. It has 
been decla ...)
+       TODO: check
+CVE-2025-5604 (A vulnerability was found in Campcodes Hospital Management 
System 1.0  ...)
+       TODO: check
+CVE-2025-5603 (A vulnerability has been found in Campcodes Hospital Management 
System ...)
+       TODO: check
+CVE-2025-5602 (A vulnerability, which was classified as critical, was found in 
Campco ...)
+       TODO: check
+CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 
to 4.2.1 ...)
+       TODO: check
+CVE-2025-5600 (A vulnerability, which was classified as critical, has been 
found in T ...)
+       TODO: check
+CVE-2025-5599 (A vulnerability classified as critical was found in PHPGurukul 
Student ...)
+       TODO: check
+CVE-2025-5598 (Path Traversal vulnerability in WF Steuerungstechnik GmbH 
airleader MA ...)
+       TODO: check
+CVE-2025-5597 (Improper Authentication vulnerability in WF Steuerungstechnik 
GmbH air ...)
+       TODO: check
+CVE-2025-5596 (A vulnerability was found in FreeFloat FTP Server 1.0. It has 
been cla ...)
+       TODO: check
+CVE-2025-5595 (A vulnerability was found in FreeFloat FTP Server 1.0 and 
classified a ...)
+       TODO: check
+CVE-2025-5594 (A vulnerability has been found in FreeFloat FTP Server 1.0 and 
classif ...)
+       TODO: check
+CVE-2025-5593 (A vulnerability, which was classified as critical, was found in 
FreeFl ...)
+       TODO: check
+CVE-2025-5592 (A vulnerability, which was classified as critical, has been 
found in F ...)
+       TODO: check
+CVE-2025-5584 (A vulnerability was found in PHPGurukul Hospital Management 
System 4.0 ...)
+       TODO: check
+CVE-2025-5583 (A vulnerability classified as critical has been found in 
CodeAstro Rea ...)
+       TODO: check
+CVE-2025-5582 (A vulnerability was found in CodeAstro Real Estate Management 
System 1 ...)
+       TODO: check
+CVE-2025-5581 (A vulnerability was found in CodeAstro Real Estate Management 
System 1 ...)
+       TODO: check
+CVE-2025-5580 (A vulnerability was found in CodeAstro Real Estate Management 
System 1 ...)
+       TODO: check
+CVE-2025-48962 (Sensitive information disclosure due to SSRF. The following 
products a ...)
+       TODO: check
+CVE-2025-48961 (Local privilege escalation due to insecure folder permissions. 
The fol ...)
+       TODO: check
+CVE-2025-48960 (Weak server key used for TLS encryption. The following 
products are af ...)
+       TODO: check
+CVE-2025-48959 (Local privilege escalation due to insecure file permissions. 
The follo ...)
+       TODO: check
+CVE-2025-48935 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. 
Starting in ...)
+       TODO: check
+CVE-2025-48934 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. 
Prior to ve ...)
+       TODO: check
+CVE-2025-48888 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. 
Starting in ...)
+       TODO: check
+CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
+       TODO: check
+CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
+       TODO: check
+CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to 
escalate ...)
+       TODO: check
+CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to 
escalate ...)
+       TODO: check
+CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection 
in the Q ...)
+       TODO: check
+CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
+       TODO: check
+CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability 
in vers ...)
+       TODO: check
+CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
+       TODO: check
+CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
+       TODO: check
+CVE-2025-30415 (Denial of service due to improper handling of malformed input. 
The fol ...)
+       TODO: check
+CVE-2025-2336 (Improper sanitization of the value of the 'href' and 
'xlink:href' attr ...)
+       TODO: check
+CVE-2025-29094 (Cross Site Scripting vulnerability in Motivian Content 
Mangment System ...)
+       TODO: check
+CVE-2025-29093 (File Upload vulnerability in Motivian Content Mangment System 
v.41.0.0 ...)
+       TODO: check
+CVE-2025-27811 (A local privilege escalation in the 
razer_elevation_service.exe in Raz ...)
+       TODO: check
+CVE-2025-23106 (An issue was discovered in Samsung Mobile Processor Exynos 
2200, 1480, ...)
+       TODO: check
+CVE-2025-23101 (An issue was discovered in Samsung Mobile Processor Exynos 
1380. A Use ...)
+       TODO: check
+CVE-2025-23096 (An issue was discovered in Samsung Mobile Processor Exynos 
1280, 2200, ...)
+       TODO: check
+CVE-2025-23095 (An issue was discovered in Samsung Mobile Processor Exynos 
1280, 2200, ...)
+       TODO: check
+CVE-2025-22245 (VMware NSX contains a stored Cross-Site Scripting (XSS) 
vulnerability  ...)
+       TODO: check
+CVE-2025-22244 (VMware NSX contains a stored Cross-Site Scripting (XSS) 
vulnerability  ...)
+       TODO: check
+CVE-2025-22243 (VMware NSX Manager UI is vulnerable to a stored Cross-Site 
Scripting ( ...)
+       TODO: check
+CVE-2025-20286 (A vulnerability in Amazon Web Services (AWS), Microsoft Azure, 
and Ora ...)
+       TODO: check
+CVE-2025-20279 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
+       TODO: check
+CVE-2025-20278 (A vulnerability in the CLI of multiple Cisco Unified 
Communications pr ...)
+       TODO: check
+CVE-2025-20277 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
+       TODO: check
+CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
+       TODO: check
+CVE-2025-20275 (A vulnerability in the file opening process of Cisco Unified 
Contact C ...)
+       TODO: check
+CVE-2025-20273 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
+       TODO: check
+CVE-2025-20261 (A vulnerability in the SSH connection handling of Cisco 
Integrated Man ...)
+       TODO: check
+CVE-2025-20259 (Multiple vulnerabilities in the update process of Cisco 
ThousandEyes E ...)
+       TODO: check
+CVE-2025-20163 (A vulnerability in the SSH implementation of Cisco Nexus 
Dashboard Fab ...)
+       TODO: check
+CVE-2025-20130 (A vulnerability in the API of Cisco Identity Services Engine 
(ISE) and ...)
+       TODO: check
+CVE-2025-20129 (A vulnerability in the web-based chat interface of Cisco 
Customer Coll ...)
+       TODO: check
+CVE-2025-1701 (CVE-2025-1701 is a high-severity vulnerability in the MIM Admin 
servic ...)
+       TODO: check
+CVE-2024-13967 (This vulnerability allows the successful attacker to gain 
unauthorized ...)
+       TODO: check
+CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled 
resource co ...)
+       TODO: check
 CVE-2025-48432 [Potential log injection via unescaped request path]
        - python-django <unfixed> (bug #1107282)
        NOTE: 
https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
@@ -118,7 +250,7 @@ CVE-2025-47724 (Delta Electronics CNCSoftlacks proper 
validation of the user-sup
        NOT-FOR-US: Delta Electronics
 CVE-2025-27444 (A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 
3.3.13 f ...)
        NOT-FOR-US: Joomla
-CVE-2025-24015 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with 
secure  ...)
+CVE-2025-24015 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. 
Versions 1. ...)
        NOT-FOR-US: Deno
 CVE-2025-20996 (Improper authorization in Smart Switch installed on 
non-Samsung Device ...)
        NOT-FOR-US: Samsung Mobile
@@ -291,7 +423,7 @@ CVE-2025-46154 (Foxcms v1.25 has a SQL time injection in 
the $_POST['dbname'] pa
        NOT-FOR-US: Foxcms
 CVE-2025-45855 (An arbitrary file upload vulnerability in the component 
/upload/GoodsC ...)
        NOT-FOR-US: erupt
-CVE-2025-45854 (An arbitrary file upload vulnerability in the component 
/server/execut ...)
+CVE-2025-45854 (/server/executeExec of JEHC-BPM 2.0.1 allows attackers to 
execute arbi ...)
        NOT-FOR-US: JEHC-BPM
 CVE-2025-44148 (Cross Site Scripting (XSS) vulnerability in MailEnable before 
v10 allo ...)
        NOT-FOR-US: MailEnable
@@ -450,9 +582,11 @@ CVE-2024-53013 (Memory corruption may occur while 
processing voice call registra
 CVE-2024-53010 (Memory corruption may occur while attaching VM when the HLOS 
retains a ...)
        NOT-FOR-US: Qualcomm
 CVE-2025-5068 (Use after free in Blink in Google Chrome prior to 137.0.7151.68 
allowe ...)
+       {DSA-5935-1}
        - chromium 137.0.7151.68-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5419 (Out of bounds read and write in V8 in Google Chrome prior to 
137.0.715 ...)
+       {DSA-5935-1}
        - chromium 137.0.7151.68-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5455 (An issue was found in the private API function qDecodeDataUrl() 
in QtC ...)
@@ -15228,6 +15362,7 @@ CVE-2025-30724 (Vulnerability in the Oracle BI 
Publisher product of Oracle Analy
 CVE-2025-30723 (Vulnerability in the Oracle BI Publisher product of Oracle 
Analytics ( ...)
        NOT-FOR-US: Oracle
 CVE-2025-30722 (Vulnerability in the MySQL Client product of Oracle MySQL 
(component:  ...)
+       {DLA-4208-1}
        - mysql-8.0 8.0.42-1 (bug #1103385)
        - mariadb <unfixed> (bug #1105976)
        [bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point 
release)
@@ -15304,6 +15439,7 @@ CVE-2025-30695 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2025-30694 (Vulnerability in the XML Database component of Oracle Database 
Server. ...)
        NOT-FOR-US: Oracle
 CVE-2025-30693 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       {DLA-4208-1}
        - mysql-8.0 8.0.42-1 (bug #1103385)
        - mariadb <unfixed> (bug #1105976)
        [bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point 
release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ca93a1eb4244fd113e81fcd19965dd096c76fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ca93a1eb4244fd113e81fcd19965dd096c76fc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to