Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67e2712e by security tracker role at 2025-07-21T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based
Buffer Overf ...)
+ TODO: check
+CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a
Reflected ...)
+ TODO: check
+CVE-2025-7919 (WinMatrix3 Web package developed by Simopro Technology has a
SQL Injec ...)
+ TODO: check
+CVE-2025-7918 (WinMatrix3 Web package developed by Simopro Technology has a
SQL Injec ...)
+ TODO: check
+CVE-2025-7917 (WinMatrix3 Web package developed by Simopro Technology has an
Arbitrar ...)
+ TODO: check
+CVE-2025-7916 (WinMatrix3 developed by Simopro Technology has an Insecure
Deserializa ...)
+ TODO: check
+CVE-2025-7915 (A vulnerability was found in Chanjet CRM 1.0 and classified as
critica ...)
+ TODO: check
+CVE-2025-7914 (A vulnerability has been found in Tenda AC6 15.03.06.50 and
classified ...)
+ TODO: check
+CVE-2025-7913 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2025-7912 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-7911 (A vulnerability classified as critical was found in D-Link
DI-8100 1.0 ...)
+ TODO: check
+CVE-2025-7910 (A vulnerability classified as critical has been found in D-Link
DIR-51 ...)
+ TODO: check
+CVE-2025-7909 (A vulnerability was found in D-Link DIR-513 1.0. It has been
rated as ...)
+ TODO: check
+CVE-2025-7908 (A vulnerability was found in D-Link DI-8100 1.0. It has been
declared ...)
+ TODO: check
+CVE-2025-7907 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1.
It has b ...)
+ TODO: check
+CVE-2025-7369 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2025-7354 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2025-7344 (The EAI developed by Digiwin has a Privilege Escalation
vulnerability, ...)
+ TODO: check
+CVE-2025-7343 (The SFT developed by Digiwin has a SQL Injection vulnerability,
allowi ...)
+ TODO: check
+CVE-2025-54352 (WordPress 3.5 through 6.8.2 allows remote attackers to guess
titles of ...)
+ TODO: check
+CVE-2025-54319 (An issue was discovered in Westermo WeOS 5 (5.24 through
5.24.4). A th ...)
+ TODO: check
+CVE-2025-53771 (Improper limitation of a pathname to a restricted directory
('path tra ...)
+ TODO: check
+CVE-2025-4685 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for
Gutenberg ...)
+ TODO: check
+CVE-2025-4570 (An insecure sensitive key storage issue was found in
MyASUS.potentiall ...)
+ TODO: check
+CVE-2025-4569 (An insecure sensitive key storage issue was found in
MyASUS.potentiall ...)
+ TODO: check
+CVE-2025-4049 (Use of hard-coded, the same among all vulnerable installations
SQLite ...)
+ TODO: check
+CVE-2025-24938 (The web application allows user input to pass unfiltered to a
command ...)
+ TODO: check
+CVE-2025-24937 (File contents could be read from the local file system by an
attacker. ...)
+ TODO: check
+CVE-2025-24936 (The web application allows user input to pass unfiltered to a
command ...)
+ TODO: check
+CVE-2025-0664 (A locally authenticated, privileged user can craft a malicious
OpenSSL ...)
+ TODO: check
CVE-2025-7906 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1
and class ...)
NOT-FOR-US: yangzongzhuan RuoYi
CVE-2025-7905 (A vulnerability has been found in itsourcecode Insurance
Management Sy ...)
@@ -257253,7 +257313,7 @@ CVE-2022-40148
CVE-2022-40147 (A vulnerability has been identified in Industrial Edge
Management (All ...)
NOT-FOR-US: Siemens
CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- {DLA-3619-1}
+ {DLA-4243-1 DLA-3619-1}
- batik 1.15+dfsg-1 (bug #1020589)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3
NOTE: https://issues.apache.org/jira/browse/BATIK-1335
@@ -261342,7 +261402,7 @@ CVE-2022-38650 (A remote unauthenticated insecure
deserialization vulnerability
CVE-2022-38649 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
NOT-FOR-US: Airflow Pinot provider
CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- {DLA-3619-1}
+ {DLA-4243-1 DLA-3619-1}
- batik 1.15+dfsg-1 (bug #1020589)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4
NOTE: https://issues.apache.org/jira/browse/BATIK-1333
@@ -262087,7 +262147,7 @@ CVE-2020-36593
CVE-2020-36592
RESERVED
CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- {DLA-3619-1}
+ {DLA-4243-1 DLA-3619-1}
- batik 1.15+dfsg-1 (bug #1020589)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2
NOTE: https://issues.apache.org/jira/browse/BATIK-1331
@@ -433311,7 +433371,7 @@ CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and
earlier is vulnerable to serv
NOTE:
https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183
NOTE: https://issues.apache.org/jira/browse/XGC-122
CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request
forgery, caused ...)
- {DLA-3619-1}
+ {DLA-4243-1 DLA-3619-1}
- batik 1.14-1 (bug #984829)
[stretch] - batik <no-dsa> (Minor issue)
NOTE:
https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e2712ef80c344ae5598f7f6fbd32a04929ff9e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e2712ef80c344ae5598f7f6fbd32a04929ff9e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
