[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 07 Aug 2025 01:23:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bb4c246d by security tracker role at 2025-08-07T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2025-8086
+       REJECTED
+CVE-2025-7770 (Tigo Energy's CCA device is vulnerable to insecure session ID 
generati ...)
+       TODO: check
+CVE-2025-7769 (Tigo Energy's CCA is vulnerable to a command injection 
vulnerability i ...)
+       TODO: check
+CVE-2025-7768 (Tigo Energy's Cloud Connect Advanced (CCA) device contains 
hard-coded  ...)
+       TODO: check
+CVE-2025-6634 (A maliciously crafted TGA file, when linked or imported into 
Autodesk  ...)
+       TODO: check
+CVE-2025-6633 (A maliciously crafted RBG file, when parsed through Autodesk 
3ds Max,  ...)
+       TODO: check
+CVE-2025-6632 (A maliciously crafted PSD file, when linked or imported into 
Autodesk  ...)
+       TODO: check
+CVE-2025-54885 (Thinbus Javascript Secure Remote Password is a browser SRP6a 
implement ...)
+       TODO: check
+CVE-2025-54882 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
+       TODO: check
+CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In 
version ...)
+       TODO: check
+CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In 
versions ...)
+       TODO: check
+CVE-2025-54788 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-54786 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-54785 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-54784 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-54783 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-51058 (Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to 
Server-sid ...)
+       TODO: check
+CVE-2025-51057 (A local file inclusion (LFI) vulnerability in Vedo Suite 
version 2024. ...)
+       TODO: check
+CVE-2025-51056 (An unrestricted file upload vulnerability in Vedo Suite 
version 2024.1 ...)
+       TODO: check
+CVE-2025-51055 (Insecure Data Storage of credentials has been found in 
/api_vedo/confi ...)
+       TODO: check
+CVE-2025-51054 (Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, 
which al ...)
+       TODO: check
+CVE-2025-51053 (A Cross-site scripting (XSS) vulnerability in /api_vedo/ in 
Vedo Suite ...)
+       TODO: check
+CVE-2025-51052 (A path traversal vulnerability in Vedo Suite 2024.17 allows 
remote aut ...)
+       TODO: check
+CVE-2025-50740 (AutoConnect 1.4.2, an Arduino library, is vulnerable to a 
cross site s ...)
+       TODO: check
+CVE-2025-47908 (Middleware causes a prohibitive amount of heap allocations 
when proces ...)
+       TODO: check
+CVE-2025-46660 (An issue was discovered in 4C Strategies Exonaut 21.6. 
Passwords, stor ...)
+       TODO: check
+CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 
21.6. I ...)
+       TODO: check
+CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may 
cause \u20 ...)
+       TODO: check
+CVE-2025-35970 (On multiple products of SEIKO EPSON and FUJIFILM Corporation, 
the init ...)
+       TODO: check
+CVE-2025-32094 (An issue was discovered in Akamai Ghost, as used for the 
Akamai CDN pl ...)
+       TODO: check
+CVE-2025-29866 (: External Control of File Name or Path vulnerability in 
TAGFREE X-Fre ...)
+       TODO: check
+CVE-2025-29865 (: Improper Limitation of a Pathname to a Restricted Directory 
('Path T ...)
+       TODO: check
+CVE-2024-55402 (4C Strategies Exonaut before v22.4 was discovered to contain 
an access ...)
+       TODO: check
+CVE-2024-55399 (4C Strategies Exonaut before v21.6.2.1-1 was discovered to 
contain a S ...)
+       TODO: check
+CVE-2024-55398 (4C Strategies Exonaut before v22.4 was discovered to contain 
insecure  ...)
+       TODO: check
+CVE-2023-3194
+       REJECTED
 CVE-2025-8667 (A vulnerability, which was classified as critical, was found in 
Skywor ...)
        NOT-FOR-US: kyworkAI DeepResearchAgent
 CVE-2025-8665 (A vulnerability, which was classified as critical, has been 
found in a ...)
@@ -58,7 +130,7 @@ CVE-2025-45766 (poco v1.14.1-release was discovered to 
contain weak encryption.)
        - poco <undetermined>
        NOTE: https://github.com/pocoproject/poco/issues/4921
        TODO: check upstream status, might not be a bug in poco
-CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption.)
+CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption. 
NOTE: thi ...)
        TODO: check
 CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 
is vulne ...)
        NOT-FOR-US: IBM
@@ -580,35 +652,35 @@ CVE-2012-10034 (ClanSphere 2011.3 is vulnerable to a 
local file inclusion (LFI)
        NOT-FOR-US: ClanSphere
 CVE-2012-10031 (BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a 
stack-based buf ...)
        NOT-FOR-US: BlazeVideo HDTV Player Pro
-CVE-2025-8583
+CVE-2025-8583 (Inappropriate implementation in Permissions in Google Chrome 
prior to  ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8582
+CVE-2025-8582 (Insufficient validation of untrusted input in Core in Google 
Chrome pr ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8581
+CVE-2025-8581 (Inappropriate implementation in Extensions in Google Chrome 
prior to 1 ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8580
+CVE-2025-8580 (Inappropriate implementation in Filesystems in Google Chrome 
prior to  ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8579
+CVE-2025-8579 (Inappropriate implementation in Picture In Picture in Google 
Chrome pr ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8578
+CVE-2025-8578 (Use after free in Cast in Google Chrome prior to 139.0.7258.66 
allowed ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8577
+CVE-2025-8577 (Inappropriate implementation in Picture In Picture in Google 
Chrome pr ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8576
+CVE-2025-8576 (Use after free in Extensions in Google Chrome prior to 
139.0.7258.66 a ...)
        {DSA-5971-1}
        - chromium 139.0.7258.66-1
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb4c246d7d67510981f0a3b419cc8f17c3bc99cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb4c246d7d67510981f0a3b419cc8f17c3bc99cb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to