Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1cf51c1b by security tracker role at 2025-07-20T08:12:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2025-7877 (A vulnerability, which was classified as critical, has been
found in M ...)
+ TODO: check
+CVE-2025-7876 (A vulnerability classified as critical was found in Metasoft
\u7f8e\u7 ...)
+ TODO: check
+CVE-2025-7875 (A vulnerability classified as critical has been found in
Metasoft \u7f ...)
+ TODO: check
+CVE-2025-7874 (A vulnerability was found in Metasoft \u7f8e\u7279\u8f6f\u4ef6
MetaCRM ...)
+ TODO: check
+CVE-2025-7873 (A vulnerability was found in Metasoft \u7f8e\u7279\u8f6f\u4ef6
MetaCRM ...)
+ TODO: check
+CVE-2025-7872 (A vulnerability was found in Portabilis i-Diario 1.5.0 and
classified ...)
+ TODO: check
+CVE-2025-7871 (A vulnerability has been found in Portabilis i-Diario 1.5.0 and
classi ...)
+ TODO: check
+CVE-2025-7870 (A vulnerability, which was classified as problematic, was found
in Por ...)
+ TODO: check
+CVE-2025-7869 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7868 (A vulnerability classified as problematic was found in
Portabilis i-Ed ...)
+ TODO: check
+CVE-2025-7867 (A vulnerability classified as problematic has been found in
Portabilis ...)
+ TODO: check
+CVE-2025-7866 (A vulnerability was found in Portabilis i-Educar 2.9.0. It has
been ra ...)
+ TODO: check
+CVE-2025-7865 (A vulnerability was found in thinkgem JeeSite up to 5.12.0. It
has bee ...)
+ TODO: check
+CVE-2025-7864 (A vulnerability was found in thinkgem JeeSite up to 5.12.0. It
has bee ...)
+ TODO: check
+CVE-2025-7863 (A vulnerability was found in thinkgem JeeSite up to 5.12.0 and
classif ...)
+ TODO: check
+CVE-2025-7862 (A vulnerability has been found in TOTOLINK T6
4.1.5cu.748_B20211015 an ...)
+ TODO: check
+CVE-2025-7861 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-7860 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7859 (A vulnerability classified as critical was found in
code-projects Chur ...)
+ TODO: check
+CVE-2025-7858 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
+ TODO: check
+CVE-2025-7857 (A vulnerability was found in PHPGurukul Apartment Visitors
Management ...)
+ TODO: check
+CVE-2025-7856 (A vulnerability was found in PHPGurukul Apartment Visitors
Management ...)
+ TODO: check
+CVE-2025-7855 (A vulnerability classified as critical was found in Tenda FH451
1.0.0. ...)
+ TODO: check
+CVE-2025-7854 (A vulnerability classified as critical has been found in Tenda
FH451 1 ...)
+ TODO: check
+CVE-2025-54314 (Thor before 1.4.0 can construct an unsafe shell command from
library i ...)
+ TODO: check
+CVE-2025-53770 (Deserialization of untrusted data in on-premises Microsoft
SharePoint ...)
+ TODO: check
CVE-2025-XXXX [exposes .zip passwords while (un)archiving]
- krusader <unfixed> (bug #1108942)
CVE-2025-7853 (A vulnerability was found in Tenda FH451 1.0.0.9. It has been
rated as ...)
@@ -14060,6 +14112,7 @@ CVE-2025-31134 (FreshRSS is a self-hosted RSS feed
aggregator. Prior to version
CVE-2025-30415 (Denial of service due to improper handling of malformed input.
The fol ...)
NOT-FOR-US: Acronis
CVE-2025-2336 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1107519)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-2336
@@ -25577,6 +25630,7 @@ CVE-2025-1551 (IBM Operational Decision Manager
8.11.0.1, 8.11.1.0, 8.12.0.1, an
CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability
was ident ...)
NOT-FOR-US: huggingface/transformers
CVE-2025-0716 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1104485)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-0716
@@ -96047,11 +96101,13 @@ CVE-2024-8604 (A vulnerability classified as
problematic has been found in Sourc
CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software
versions p ...)
NOT-FOR-US: TechExcel Back Office Software
CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in
<sourc ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1088805)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8373
NOTE: PoC:
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in
Angula ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1088804)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8372
@@ -157962,6 +158018,7 @@ CVE-2024-23322 (Envoy is a high-performance
edge/middle/service proxy. Envoy wil
CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot
framework wri ...)
NOT-FOR-US: nonebot2
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1088803)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <postponed> (Fix along with the next DLA)
@@ -217325,18 +217382,21 @@ CVE-2023-26120 (This affects all versions of the
package com.xuxueli:xxl-job. HT
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from
0 and b ...)
NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to
Regular E ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1036694)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
NOTE: PoC:
https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to
Regular E ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1036694)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
NOTE: PoC:
https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to
Regular ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1036694)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <no-dsa> (Minor issue)
@@ -297766,6 +297826,7 @@ CVE-2022-25846
CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable
to Deser ...)
NOT-FOR-US: com.alibaba:fastjson
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular
Expression D ...)
+ {DLA-4242-1}
- angular.js 1.8.3-2 (bug #1014779)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <not-affected> (vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf51c1b9970cb6f0868bb684a2032d06840bcf1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf51c1b9970cb6f0868bb684a2032d06840bcf1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
