Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0becd4e by security tracker role at 2025-07-20T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2025-7906 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1
and class ...)
+ TODO: check
+CVE-2025-7905 (A vulnerability has been found in itsourcecode Insurance
Management Sy ...)
+ TODO: check
+CVE-2025-7904 (A vulnerability, which was classified as critical, was found in
itsour ...)
+ TODO: check
+CVE-2025-7903 (A vulnerability classified as problematic was found in
yangzongzhuan R ...)
+ TODO: check
+CVE-2025-7902 (A vulnerability classified as problematic has been found in
yangzongzh ...)
+ TODO: check
+CVE-2025-7901 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1.
It has b ...)
+ TODO: check
+CVE-2025-7898 (A vulnerability was found in Codecanyon iDentSoft 2.0. It has
been cla ...)
+ TODO: check
+CVE-2025-7897 (A vulnerability was found in harry0703 MoneyPrinterTurbo up to
1.2.6 a ...)
+ TODO: check
+CVE-2025-7896 (A vulnerability has been found in harry0703 MoneyPrinterTurbo
up to 1. ...)
+ TODO: check
+CVE-2025-7895 (A vulnerability, which was classified as critical, was found in
harry0 ...)
+ TODO: check
+CVE-2025-7894 (A vulnerability, which was classified as critical, has been
found in O ...)
+ TODO: check
+CVE-2025-7893 (A vulnerability classified as problematic was found in
Foresight News ...)
+ TODO: check
+CVE-2025-7892 (A vulnerability classified as problematic has been found in
IDnow App ...)
+ TODO: check
+CVE-2025-7891 (A vulnerability was found in InstantBits Web Video Cast App up
to 5.12 ...)
+ TODO: check
+CVE-2025-7890 (A vulnerability was found in Dunamu StockPlus App up to 7.62.10
on And ...)
+ TODO: check
+CVE-2025-7889 (A vulnerability was found in CallApp Caller ID App up to 2.0.4
on Andr ...)
+ TODO: check
+CVE-2025-7888 (A vulnerability was found in TDuckCloud tduck-platform 5.1 and
classif ...)
+ TODO: check
+CVE-2025-7887 (A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78
and cla ...)
+ TODO: check
+CVE-2025-7886 (A vulnerability, which was classified as critical, was found in
pmTick ...)
+ TODO: check
+CVE-2025-7885 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7884 (A vulnerability classified as problematic was found in
Eluktronics Con ...)
+ TODO: check
+CVE-2025-7883 (A vulnerability classified as critical has been found in
Eluktronics C ...)
+ TODO: check
+CVE-2025-7882 (A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726
Rel.59 ...)
+ TODO: check
+CVE-2025-7881 (A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726
Rel.59 ...)
+ TODO: check
+CVE-2025-7880 (A vulnerability was found in Metasoft \u7f8e\u7279\u8f6f\u4ef6
MetaCRM ...)
+ TODO: check
+CVE-2025-7879 (A vulnerability has been found in Metasoft
\u7f8e\u7279\u8f6f\u4ef6 Me ...)
+ TODO: check
+CVE-2025-7878 (A vulnerability, which was classified as critical, was found in
Metaso ...)
+ TODO: check
+CVE-2025-54317 (An issue was discovered in Logpoint before 7.6.0. An attacker
with ope ...)
+ TODO: check
+CVE-2025-54316 (An issue was discovered in Logpoint before 7.6.0. When
creating report ...)
+ TODO: check
+CVE-2025-46385 (CWE-918 Server-Side Request Forgery (SSRF))
+ TODO: check
+CVE-2025-46384 (CWE-434 Unrestricted Upload of File with Dangerous Type)
+ TODO: check
+CVE-2025-46383 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
+ TODO: check
+CVE-2025-46382 (CWE-200 Exposure of Sensitive Information to an Unauthorized
Actor)
+ TODO: check
CVE-2025-7877 (A vulnerability, which was classified as critical, has been
found in M ...)
NOT-FOR-US: Metasoft
CVE-2025-7876 (A vulnerability classified as critical was found in Metasoft
\u7f8e\u7 ...)
@@ -4572,13 +4638,13 @@ CVE-2024-58254
REJECTED
CVE-2023-50786 (Dradis through 4.16.0 allows referencing external images
(resources) o ...)
NOT-FOR-US: Dradis
-CVE-2025-47917
+CVE-2025-47917 (Mbed TLS before 3.6.4 allows a use-after-free in certain
situations of ...)
- mbedtls 3.6.4-1 (bug #1108791)
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md
-CVE-2025-48965
+CVE-2025-48965 (Mbed TLS before 3.6.4 has a NULL pointer dereference because
mbedtls_a ...)
- mbedtls 3.6.4-1 (bug #1108790)
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md
-CVE-2025-49087
+CVE-2025-49087 (In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing
discrepancy in ...)
- mbedtls 3.6.4-1 (bug #1108789)
[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0becd4e1e9e8328cc1031b44eafe43793786321
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0becd4e1e9e8328cc1031b44eafe43793786321
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
