Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5354797e by Salvatore Bonaccorso at 2025-07-19T20:14:34+02:00
Add CVE-2025-7783/node-form-data
- - - - -
0af07ab2 by Salvatore Bonaccorso at 2025-07-19T20:14:35+02:00
Process some NFUs
- - - - -
70f4ffa2 by Salvatore Bonaccorso at 2025-07-19T20:14:35+02:00
Add CVE-2025-53901/rust-wasmtime
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51,7 +51,9 @@ CVE-2025-7785 (A vulnerability classified as problematic was
found in thinkgem J
CVE-2025-7784 (A flaw was found in the Keycloak identity and access management
system ...)
- keycloak <itp> (bug #1088287)
CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data
allows ...)
- TODO: check
+ - node-form-data <unfixed>
+ NOTE:
https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
+ NOTE: Fixed by:
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0
(v4.0.4)
CVE-2025-7697 (The Integration for Google Sheets and Contact Form 7, WPForms,
Element ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7696 (The Integration for Pipedrive and Contact Form 7, WPForms,
Elementor, ...)
@@ -98,19 +100,20 @@ CVE-2025-54077 (WeGIA is an open source web manager with a
focus on the Portugue
CVE-2025-54076 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
NOT-FOR-US: WeGIA
CVE-2025-54075 (MDC is a tool to take regular Markdown and write documents
interacting ...)
- TODO: check
+ NOT-FOR-US: MDC
CVE-2025-54073 (mcp-package-docs is an MCP (Model Context Protocol) server
that provid ...)
NOT-FOR-US: mcp-package-docs
CVE-2025-54059 (melange allows users to build apk packages using declarative
pipelines ...)
- TODO: check
+ NOT-FOR-US: Melange
CVE-2025-53945 (apko allows users to build and publish OCI container images
built from ...)
- TODO: check
+ NOT-FOR-US: apko
CVE-2025-53901 (Wasmtime is a runtime for WebAssembly. Prior to versions
24.0.4, 33.0. ...)
- TODO: check
+ - rust-wasmtime <unfixed>
+ NOTE:
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc
CVE-2025-53888 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
NOT-FOR-US: RIOT-OS
CVE-2025-53762 (Permissive list of allowed inputs in Microsoft Purview allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-52924 (In One Identity OneLogin before 2025.2.0, the SQL connection
"applicat ...)
NOT-FOR-US: One Identity OneLogin
CVE-2025-52169 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was
discovere ...)
@@ -148,9 +151,9 @@ CVE-2025-50057 (A DOS vulnerability in RSFiles! component
1.16.3-1.17.7 Joomla w
CVE-2025-50056 (A reflected XSS vulnerability in RSMail! component 1.19.20 -
1.22.26 2 ...)
NOT-FOR-US: Joomla
CVE-2025-49747 (Missing authorization in Azure Machine Learning allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49746 (Improper authorization in Azure Machine Learning allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49486 (A stored XSS vulnerability in the Balbooa Gallery plugin
1.0.0-2.4.0 f ...)
NOT-FOR-US: Joomla
CVE-2025-49485 (A SQL injection vulnerability in the Balbooa Forms plugin
1.0.0-2.3.1. ...)
@@ -158,21 +161,21 @@ CVE-2025-49485 (A SQL injection vulnerability in the
Balbooa Forms plugin 1.0.0-
CVE-2025-49484 (A SQL injection vulnerability in the JS Jobs plugin versions
1.0.0-1.4 ...)
NOT-FOR-US: Joomla
CVE-2025-47995 (Weak authentication in Azure Machine Learning allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47158 (Authentication bypass by assumed-immutable data in Azure
DevOps allows ...)
NOT-FOR-US: Microsoft
CVE-2025-46732 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2025-46002 (An issue in Filemanager v2.5.0 and below allows attackers to
execute a ...)
- TODO: check
+ NOT-FOR-US: Filemanager
CVE-2025-46001 (An arbitrary file upload vulnerability in the
is_allowed_file_type() f ...)
- TODO: check
+ NOT-FOR-US: Filemanager
CVE-2025-46000 (An arbitrary file upload vulnerability in the component
/rsc/filemanag ...)
- TODO: check
+ NOT-FOR-US: Filemanager
CVE-2025-45157 (Insecure permissions in Splashin iOS v2.0 allow unauthorized
attackers ...)
- TODO: check
+ NOT-FOR-US: Splashin iOS
CVE-2025-45156 (Splashin iOS v2.0 fails to enforce server-side interval
restrictions f ...)
- TODO: check
+ NOT-FOR-US: Splashin iOS
CVE-2025-33014 (IBM Sterling B2B Integrator and IBM Sterling File Gateway
6.0.0.0 thro ...)
NOT-FOR-US: IBM
CVE-2025-2425 (Time-of-check to time-of-use race condition vulnerability
potentially ...)
@@ -304,7 +307,7 @@ CVE-2025-5344 (Bluebird devices contain a pre-loaded kiosk
application. This app
CVE-2025-54070 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2025-54068 (Livewire is a full-stack framework for Laravel. In Livewire v3
up to a ...)
- TODO: check
+ NOT-FOR-US: Livewire
CVE-2025-54066 (DiracX-Web is a web application that provides an interface to
interact ...)
NOT-FOR-US: DiracX-Web
CVE-2025-54064 (Rucio is a software framework that provides functionality to
organize, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a019f19956a26b33ba6a60cd61dd5a55d1d9e41c...70f4ffa2208f16ed5f19388c4e461f538e459b00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a019f19956a26b33ba6a60cd61dd5a55d1d9e41c...70f4ffa2208f16ed5f19388c4e461f538e459b00
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
