Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
764f8816 by security tracker role at 2025-07-19T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,178 @@
-CVE-2025-38350 [net/sched: Always pass notifications when child class becomes
empty]
+CVE-2025-7814 (A vulnerability classified as critical was found in
code-projects Food ...)
+ TODO: check
+CVE-2025-7807 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-7806 (A vulnerability classified as critical was found in Tenda FH451
1.0.0. ...)
+ TODO: check
+CVE-2025-7805 (A vulnerability classified as critical has been found in Tenda
FH451 1 ...)
+ TODO: check
+CVE-2025-7803 (A vulnerability was found in descreekert wx-discuz up to
12bd4745c63ec ...)
+ TODO: check
+CVE-2025-7802 (A vulnerability was found in PHPGurukul Complaint Management
System 2. ...)
+ TODO: check
+CVE-2025-7801 (A vulnerability has been found in BossSoft CRM 6.0 and
classified as c ...)
+ TODO: check
+CVE-2025-7800 (A vulnerability classified as problematic was found in cgpandey
hotelm ...)
+ TODO: check
+CVE-2025-7798 (A vulnerability classified as critical has been found in
Beijing Shenz ...)
+ TODO: check
+CVE-2025-7797 (A vulnerability was found in GPAC up to 2.4. It has been rated
as prob ...)
+ TODO: check
+CVE-2025-7796 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2025-7795 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-7794 (A vulnerability classified as critical was found in Tenda FH451
1.0.0. ...)
+ TODO: check
+CVE-2025-7793 (A vulnerability classified as critical has been found in Tenda
FH451 1 ...)
+ TODO: check
+CVE-2025-7792 (A vulnerability was found in Tenda FH451 1.0.0.9. It has been
rated as ...)
+ TODO: check
+CVE-2025-7791 (A vulnerability was found in PHPGurukul Online Security Guards
Hiring ...)
+ TODO: check
+CVE-2025-7790 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has
been cl ...)
+ TODO: check
+CVE-2025-7789 (A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and
classifie ...)
+ TODO: check
+CVE-2025-7788 (A vulnerability has been found in Xuxueli xxl-job up to 3.1.1
and clas ...)
+ TODO: check
+CVE-2025-7787 (A vulnerability, which was classified as critical, was found in
Xuxuel ...)
+ TODO: check
+CVE-2025-7786 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7785 (A vulnerability classified as problematic was found in thinkgem
JeeSit ...)
+ TODO: check
+CVE-2025-7784 (A flaw was found in the Keycloak identity and access management
system ...)
+ TODO: check
+CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data
allows ...)
+ TODO: check
+CVE-2025-7697 (The Integration for Google Sheets and Contact Form 7, WPForms,
Element ...)
+ TODO: check
+CVE-2025-7696 (The Integration for Pipedrive and Contact Form 7, WPForms,
Elementor, ...)
+ TODO: check
+CVE-2025-7669 (The Avishi WP PayPal Payment Button plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-7661 (The Partnersk\xfd syst\xe9m Martinus plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-7658 (The Temporarily Hidden Content plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-7655 (The Live Stream Badger plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-7653 (The EPay.bg Payments plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-7444 (The LoginPress Pro plugin for WordPress is vulnerable to
authenticatio ...)
+ TODO: check
+CVE-2025-7396 (In wolfSSL release 5.8.2 blinding support is turned on by
default for ...)
+ TODO: check
+CVE-2025-7395 (A certificate verification error in wolfSSL when building with
the WOL ...)
+ TODO: check
+CVE-2025-7394 (In the OpenSSL compatibility layer implementation, the function
RAND_p ...)
+ TODO: check
+CVE-2025-6721 (The Vchasno Kasa plugin for WordPress is vulnerable to
unauthorized ac ...)
+ TODO: check
+CVE-2025-6720 (The Vchasno Kasa plugin for WordPress is vulnerable to
unauthorized lo ...)
+ TODO: check
+CVE-2025-6233 (Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x
<= 10.5 ...)
+ TODO: check
+CVE-2025-6227 (Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to
negoti ...)
+ TODO: check
+CVE-2025-6226 (Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x
<= 10.7 ...)
+ TODO: check
+CVE-2025-54309 (CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the
DMZ proxy ...)
+ TODO: check
+CVE-2025-54079 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54078 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54077 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54076 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54075 (MDC is a tool to take regular Markdown and write documents
interacting ...)
+ TODO: check
+CVE-2025-54073 (mcp-package-docs is an MCP (Model Context Protocol) server
that provid ...)
+ TODO: check
+CVE-2025-54059 (melange allows users to build apk packages using declarative
pipelines ...)
+ TODO: check
+CVE-2025-53945 (apko allows users to build and publish OCI container images
built from ...)
+ TODO: check
+CVE-2025-53901 (Wasmtime is a runtime for WebAssembly. Prior to versions
24.0.4, 33.0. ...)
+ TODO: check
+CVE-2025-53888 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
+CVE-2025-53762 (Permissive list of allowed inputs in Microsoft Purview allows
an autho ...)
+ TODO: check
+CVE-2025-52924 (In One Identity OneLogin before 2025.2.0, the SQL connection
"applicat ...)
+ TODO: check
+CVE-2025-52169 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was
discovere ...)
+ TODO: check
+CVE-2025-52168 (Incorrect access control in the dynawebservice component of
agorum Sof ...)
+ TODO: check
+CVE-2025-52166 (Incorrect access control in Software GmbH Agorum core open
v11.9.2 & v ...)
+ TODO: check
+CVE-2025-52164 (Software GmbH Agorum core open v11.9.2 & v11.10.1 was
discovered to st ...)
+ TODO: check
+CVE-2025-52163 (A Server-Side Request Forgery (SSRF) in the component
TunnelServlet of ...)
+ TODO: check
+CVE-2025-52162 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was
discovere ...)
+ TODO: check
+CVE-2025-50708 (An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote
attacker to o ...)
+ TODO: check
+CVE-2025-50586 (StudentManage v1.0 was discovered to contain Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2025-50585 (StudentManage v1.0 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2025-50584 (StudentManage v1.0 was discovered to contain a cross-site
scripting (X ...)
+ TODO: check
+CVE-2025-50583 (StudentManage v1.0 was discovered to contain a cross-site
scripting (X ...)
+ TODO: check
+CVE-2025-50582 (StudentManage v1.0 was discovered to contain a cross-site
scripting (X ...)
+ TODO: check
+CVE-2025-50581 (MRCMS v3.1.2 was discovered to contain a cross-site scripting
(XSS) vu ...)
+ TODO: check
+CVE-2025-50126 (A stored XSS vulnerability in the RSBlog! component
1.11.6-1.14.5 Joom ...)
+ TODO: check
+CVE-2025-50058 (A stored XSS vulnerability in the RSDirectory! component
1.0.0-2.2.8 J ...)
+ TODO: check
+CVE-2025-50057 (A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla
was dis ...)
+ TODO: check
+CVE-2025-50056 (A reflected XSS vulnerability in RSMail! component 1.19.20 -
1.22.26 2 ...)
+ TODO: check
+CVE-2025-49747 (Missing authorization in Azure Machine Learning allows an
authorized a ...)
+ TODO: check
+CVE-2025-49746 (Improper authorization in Azure Machine Learning allows an
authorized ...)
+ TODO: check
+CVE-2025-49486 (A stored XSS vulnerability in the Balbooa Gallery plugin
1.0.0-2.4.0 f ...)
+ TODO: check
+CVE-2025-49485 (A SQL injection vulnerability in the Balbooa Forms plugin
1.0.0-2.3.1. ...)
+ TODO: check
+CVE-2025-49484 (A SQL injection vulnerability in the JS Jobs plugin versions
1.0.0-1.4 ...)
+ TODO: check
+CVE-2025-47995 (Weak authentication in Azure Machine Learning allows an
authorized att ...)
+ TODO: check
+CVE-2025-47158 (Authentication bypass by assumed-immutable data in Azure
DevOps allows ...)
+ TODO: check
+CVE-2025-46732 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2025-46002 (An issue in Filemanager v2.5.0 and below allows attackers to
execute a ...)
+ TODO: check
+CVE-2025-46001 (An arbitrary file upload vulnerability in the
is_allowed_file_type() f ...)
+ TODO: check
+CVE-2025-46000 (An arbitrary file upload vulnerability in the component
/rsc/filemanag ...)
+ TODO: check
+CVE-2025-45157 (Insecure permissions in Splashin iOS v2.0 allow unauthorized
attackers ...)
+ TODO: check
+CVE-2025-45156 (Splashin iOS v2.0 fails to enforce server-side interval
restrictions f ...)
+ TODO: check
+CVE-2025-33014 (IBM Sterling B2B Integrator and IBM Sterling File Gateway
6.0.0.0 thro ...)
+ TODO: check
+CVE-2025-2425 (Time-of-check to time-of-use race condition vulnerability
potentially ...)
+ TODO: check
+CVE-2025-29757 (An incorrect authorisation check in the the'plant transfer'
function o ...)
+ TODO: check
+CVE-2024-13175 (Authorization Bypass Through User-Controlled Key vulnerability
in Vidc ...)
+ TODO: check
+CVE-2025-38350 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.37-1
NOTE:
https://git.kernel.org/linus/103406b38c600fec1fe375a77b27d87e314aea09 (6.16-rc5)
CVE-2025-7772 (The Malcure Malware Scanner \u2014 #1 Toolset for WordPress
Malware Re ...)
@@ -637,10 +811,10 @@ CVE-2025-40923 (Plack-Middleware-Session before version
0.35 for Perl generates
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31223483/
NOTE: https://github.com/plack/Plack-Middleware-Session/pull/52
NOTE:
https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be
(0.35)
-CVE-2025-27210
+CVE-2025-27210 (An incomplete fix has been identified for CVE-2025-23084 in
Node.js, s ...)
- nodejs <not-affected> (Only affects Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2025-security-releases#windows-device-names-con-prn-aux-bypass-path-traversal-protection-in-pathnormalize-cve-2025-27210---high
-CVE-2025-27209
+CVE-2025-27209 (The V8 release used in Node.js v24.0.0 has changed how string
hashes a ...)
- nodejs <not-affected> (Only affects Node 24)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2025-security-releases#hashdos-in-v8-cve-2025-27209---high
CVE-2025-7673 (A buffer overflow vulnerability in the URL parser of the zhttpd
web se ...)
@@ -3952,7 +4126,7 @@ CVE-2024-25176 (LuaJIT through 2.1 has a
stack-buffer-overflow in lj_strfmt_wfnu
NOTE: Fixed by:
https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc
(v2.1)
CVE-2023-51232 (Directory Traversal vulnerability in dagster-webserver Dagster
thru 1. ...)
NOT-FOR-US: dagster-webserver Dagster
-CVE-2025-54310 [RSS/SEARCH: Prevent opening local files if web page is
expected]
+CVE-2025-54310 (qBittorrent before 5.1.2 does not prevent access to a local
file that ...)
- qbittorrent 5.1.0-2 (bug #1108843)
[bookworm] - qbittorrent <no-dsa> (Minor issue)
[bullseye] - qbittorrent <postponed> (Minor issue)
@@ -57313,7 +57487,8 @@ CVE-2025-0509 (A security issue was found in Sparkle
before version 2.6.4. An at
- openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
CVE-2025-23237 (Improper neutralization of special elements used in an OS
command ('OS ...)
NOT-FOR-US: UD-LT2 firmware
-CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
+CVE-2025-23090
+ REJECTED
TODO: Duplicate of CVE-2025-23083, verify it with CNA, CNA contacted
for rejection
CVE-2025-23089
REJECTED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764f8816b00e7285c4f63925857dfd5e1d97e8e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764f8816b00e7285c4f63925857dfd5e1d97e8e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
