Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d386d4e9 by security tracker role at 2025-07-14T08:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2025-7620 (The cross-browser document creation component produced by
Digitware Sy ...)
+ TODO: check
+CVE-2025-7619 (BatchSignCS, a background Windows application developed by
WellChoose, ...)
+ TODO: check
+CVE-2025-7586 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has
been de ...)
+ TODO: check
+CVE-2025-7585 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-7584 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-7583 (A vulnerability has been found in PHPGurukul Online Fire
Reporting Sys ...)
+ TODO: check
+CVE-2025-7582 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-7581 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7580 (A vulnerability classified as critical was found in
code-projects Voti ...)
+ TODO: check
+CVE-2025-7579 (A vulnerability was found in chinese-poetry 0.1. It has been
rated as ...)
+ TODO: check
+CVE-2025-7578 (A vulnerability was found in Teledyne FLIR FB-Series O and FLIR
FH-Ser ...)
+ TODO: check
+CVE-2025-7577 (A vulnerability was found in Teledyne FLIR FB-Series O and FLIR
FH-Ser ...)
+ TODO: check
+CVE-2025-7576 (A vulnerability was found in Teledyne FLIR FB-Series O and FLIR
FH-Ser ...)
+ TODO: check
+CVE-2025-7575 (A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77
and cla ...)
+ TODO: check
+CVE-2025-7574 (A vulnerability, which was classified as critical, was found in
LB-LIN ...)
+ TODO: check
+CVE-2025-7573 (A vulnerability, which was classified as critical, has been
found in L ...)
+ TODO: check
+CVE-2025-7572 (A vulnerability classified as critical was found in LB-LINK
BL-AC1900, ...)
+ TODO: check
+CVE-2025-7571 (A vulnerability classified as critical has been found in UTT
HiPER 840 ...)
+ TODO: check
+CVE-2025-7570 (A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328.
It has ...)
+ TODO: check
+CVE-2025-7569 (A vulnerability was found in Bigotry OneBase up to 1.3.6. It
has been ...)
+ TODO: check
+CVE-2025-7568 (A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has
been c ...)
+ TODO: check
+CVE-2025-7567 (A vulnerability was found in ShopXO up to 6.5.0 and classified
as prob ...)
+ TODO: check
+CVE-2025-7566 (A vulnerability has been found in jshERP up to 3.5 and
classified as c ...)
+ TODO: check
+CVE-2025-7565 (A vulnerability, which was classified as critical, was found in
LB-LIN ...)
+ TODO: check
+CVE-2025-7564 (A vulnerability, which was classified as critical, has been
found in L ...)
+ TODO: check
+CVE-2025-7563 (A vulnerability classified as critical was found in PHPGurukul
Online ...)
+ TODO: check
+CVE-2025-7562 (A vulnerability classified as critical has been found in
PHPGurukul On ...)
+ TODO: check
+CVE-2025-7561 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-7560 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-7559 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-7558 (A vulnerability was found in code-projects Voting System 1.0
and class ...)
+ TODO: check
+CVE-2025-7557 (A vulnerability has been found in code-projects Voting System
1.0 and ...)
+ TODO: check
+CVE-2025-7556 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-7555 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7554 (A vulnerability classified as problematic was found in Sapido
RB-1802 ...)
+ TODO: check
+CVE-2025-7553 (A vulnerability classified as critical has been found in D-Link
DIR-81 ...)
+ TODO: check
+CVE-2025-7552 (A vulnerability was found in Dromara Northstar up to 7.3.5. It
has bee ...)
+ TODO: check
+CVE-2025-7551 (A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has
been d ...)
+ TODO: check
+CVE-2025-7550 (A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has
been c ...)
+ TODO: check
+CVE-2025-7549 (A vulnerability was found in Tenda FH1201 1.2.0.14(408) and
classified ...)
+ TODO: check
+CVE-2025-7548 (A vulnerability has been found in Tenda FH1201 1.2.0.14(408)
and class ...)
+ TODO: check
+CVE-2025-7547 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-7546 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7545 (A vulnerability classified as problematic was found in GNU
Binutils 2. ...)
+ TODO: check
+CVE-2025-7544 (A vulnerability was found in Tenda AC1206 15.03.06.23. It has
been rat ...)
+ TODO: check
+CVE-2025-7543 (A vulnerability was found in PHPGurukul User Registration &
Login and ...)
+ TODO: check
+CVE-2025-7542 (A vulnerability was found in PHPGurukul User Registration &
Login and ...)
+ TODO: check
+CVE-2025-7541 (A vulnerability has been found in code-projects Online
Appointment Boo ...)
+ TODO: check
+CVE-2025-7451 (The iSherlock developed by Hgiga has an OS Command Injection
vulnerabi ...)
+ TODO: check
+CVE-2025-7380 (A stored Cross-Site Scripting (XSS) vulnerability exists in the
Access ...)
+ TODO: check
+CVE-2025-29606 (py-libp2p before 0.2.3 allows a peer to cause a denial of
service (res ...)
+ TODO: check
+CVE-2025-25180 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2025-1384 (Least Privilege Violation (CWE-272) Vulnerability exists in the
commun ...)
+ TODO: check
+CVE-2024-58258 (SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in
the API m ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0042]
- rust-static-alloc <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0042.html
@@ -221,11 +329,11 @@ CVE-2025-6851 (The Broken Link Notifier plugin for
WordPress is vulnerable to Se
NOT-FOR-US: WordPress plugin
CVE-2025-6838 (The Broken Link Notifier plugin for WordPress is vulnerable to
CSV Inj ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-6788 (CWE-668: Exposure of Resource to Wrong Sphere vulnerability
exists tha ...)
+CVE-2025-6788 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability
exists t ...)
NOT-FOR-US: Schneider Electric
CVE-2025-6549 (An Incorrect Authorization vulnerability in the web server of
Juniper ...)
NOT-FOR-US: Juniper
-CVE-2025-6438 (CWE-611: Improper Restriction of XML External Entity Reference
vulnera ...)
+CVE-2025-6438 (A CWE-611: Improper Restriction of XML External Entity
Referenc ...)
NOT-FOR-US: Schneider Electric
CVE-2025-53642 (haxcms-nodejs and haxcms-php are backends for HAXcms. The
logout funct ...)
NOT-FOR-US: HAXcms
@@ -281,15 +389,15 @@ CVE-2025-52089 (A hidden remote support feature protected
by a static secret in
NOT-FOR-US: TOTOLINK
CVE-2025-51591 (A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4
allows attac ...)
TODO: check
-CVE-2025-50125 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
+CVE-2025-50125 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50124 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
+CVE-2025-50124 (A CWE-269: Improper Privilege Management vulnerability
exists tha ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50123 (CWE-94: Improper Control of Generation of Code ('Code
Injection') vuln ...)
+CVE-2025-50123 (A CWE-94: Improper Control of Generation of Code ('Code
Injection') v ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50122 (CWE-331: Insufficient Entropy vulnerability exists that could
cause ro ...)
+CVE-2025-50122 (ACWE-331: Insufficient Entropy vulnerability exists that could
cause r ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50121 (CWE-78: Improper Neutralization of Special Elements used in an
OS Comm ...)
+CVE-2025-50121 (ACWE-78: Improper Neutralization of Special Elements used in
an OS Com ...)
NOT-FOR-US: Schneider Electric
CVE-2025-47964 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -2878,19 +2986,19 @@ CVE-2025-49087
[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md
-CVE-2025-6491 [NULL Pointer Dereference in PHP SOAP Extension via Large XML
Namespace Prefix]
+CVE-2025-6491 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.*
before ...)
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x
NOTE: Fixed by:
https://github.com/php/php-src/commit/9cb3d8d200f0c822b17bda35a2a67a97b039d3e1
(php-8.1.33)
-CVE-2025-1220 [Null byte termination in hostnames]
+CVE-2025-1220 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.*
before ...)
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r
NOTE: Fixed by:
https://github.com/php/php-src/commit/cac8f7f1cf4939f55f06b68120040f057682d89c
(php-8.1.33)
-CVE-2025-1735 [pgsql extension does not check for errors during escaping]
+CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.*
before ...)
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d386d4e927014a6f7f6828fd45e4038f07f15bd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d386d4e927014a6f7f6828fd45e4038f07f15bd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
