Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c09228f8 by security tracker role at 2025-09-02T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2025-9830 (A security flaw has been discovered in PHPGurukul Beauty
Parlour Manag ...)
+ TODO: check
+CVE-2025-9829 (A vulnerability was identified in PHPGurukul Beauty Parlour
Management ...)
+ TODO: check
+CVE-2025-9828 (A vulnerability was determined in Tenda CP6 11.10.00.243. The
affected ...)
+ TODO: check
+CVE-2025-9784 (A flaw was found in Undertow where malformed client requests
can trigg ...)
+ TODO: check
+CVE-2025-9696 (The SunPower PVS6's BluetoothLE interface is vulnerable due to
its use ...)
+ TODO: check
+CVE-2025-9573 (The ns_backup extension through 13.0.2 for TYPO3 allows command
inject ...)
+ TODO: check
+CVE-2025-9276 (Cockroach Labs cockroach-k8s-request-cert Empty Root Password
Authenti ...)
+ TODO: check
+CVE-2025-9275 (Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds
Write ...)
+ TODO: check
+CVE-2025-9274 (Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized
Pointe ...)
+ TODO: check
+CVE-2025-9273 (CData API Server MySQL Misconfiguration Information Disclosure
Vulnera ...)
+ TODO: check
+CVE-2025-9189 (There is an out of bounds write vulnerability due to improper
bounds c ...)
+ TODO: check
+CVE-2025-9188 (There is a deserialization of untrusted data vulnerability in
Digilent ...)
+ TODO: check
+CVE-2025-8614 (NoMachine Uncontrolled Search Path Element Local Privilege
Escalation ...)
+ TODO: check
+CVE-2025-8613 (Vacron Camera ping Command Injection Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2025-8302 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer
Overflow Lo ...)
+ TODO: check
+CVE-2025-8301 (Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY
Heap-bas ...)
+ TODO: check
+CVE-2025-8300 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer
Overflow Lo ...)
+ TODO: check
+CVE-2025-8299 (Realtek rtl81xx SDK Wi-Fi Driver
MgntActSet_TEREDO_SET_RS_PACKET Heap- ...)
+ TODO: check
+CVE-2025-8298 (Realtek RTL8811AU rtwlanu.sys
N6CQueryInformationHandleCustomized11nOi ...)
+ TODO: check
+CVE-2025-7976 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted
Data R ...)
+ TODO: check
+CVE-2025-7975 (Anritsu ShockLine CHX File Parsing Directory Traversal Remote
Code Exe ...)
+ TODO: check
+CVE-2025-7974 (rocket.chat Incorrect Authorization Information Disclosure
Vulnerabili ...)
+ TODO: check
+CVE-2025-6685 (ATEN eco DC Missing Authorization Privilege Escalation
Vulnerability. ...)
+ TODO: check
+CVE-2025-6519 (E3 Site Supervisor (firmware version < 2.31F01) has a default
admin us ...)
+ TODO: check
+CVE-2025-5662 (A deserialization vulnerability exists in the H2O-3 REST API
(POST /99 ...)
+ TODO: check
+CVE-2025-57778 (There is an out of bounds write vulnerability due to improper
bounds c ...)
+ TODO: check
+CVE-2025-57777 (There is an out of bounds write vulnerability due to improper
bounds c ...)
+ TODO: check
+CVE-2025-57776 (There is an out of bounds write vulnerability due to improper
bounds c ...)
+ TODO: check
+CVE-2025-57775 (There is a heap-based Buffer Overflow vulnerability due to
improper bo ...)
+ TODO: check
+CVE-2025-57774 (There is an out of bounds write vulnerability due to improper
bounds c ...)
+ TODO: check
+CVE-2025-57616 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) A u ...)
+ TODO: check
+CVE-2025-57615 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) An ...)
+ TODO: check
+CVE-2025-57614 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Int ...)
+ TODO: check
+CVE-2025-57613 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) A n ...)
+ TODO: check
+CVE-2025-57612 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Nul ...)
+ TODO: check
+CVE-2025-57611 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Nul ...)
+ TODO: check
+CVE-2025-57140 (rsbi-pom 4.7 is vulnerable to SQL Injection in the
/bi/service/model/D ...)
+ TODO: check
+CVE-2025-56254 (PHPGurukul Employee Leave Management System 2.1 contains an
Insecure D ...)
+ TODO: check
+CVE-2025-55824 (ModStartCMS v9.5.0 has an arbitrary file write vulnerability,
which al ...)
+ TODO: check
+CVE-2025-55476 (FireShare FileShare 1.2.25 contains a time-based blind SQL
injection v ...)
+ TODO: check
+CVE-2025-55474 (Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS),
which a ...)
+ TODO: check
+CVE-2025-55473 (Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker
version ...)
+ TODO: check
+CVE-2025-55472 (SQL Injection vulnerability exists in Tirreno v0.9.5,
specifically in ...)
+ TODO: check
+CVE-2025-55373 (Incorrect access control in Beakon Application before v5.4.3
allows au ...)
+ TODO: check
+CVE-2025-55372 (An arbitrary file upload vulnerability in Beakon Application
before v5 ...)
+ TODO: check
+CVE-2025-54599 (The Bevy Event service through 2025-07-22, as used for eBay
Seller Eve ...)
+ TODO: check
+CVE-2025-52551 (E2 Facility Management Systems use a proprietary protocol that
allows ...)
+ TODO: check
+CVE-2025-52550 (E3 Site Supervisor Control (firmware version < 2.31F01)
firmware upgra ...)
+ TODO: check
+CVE-2025-52549 (E3 Site Supervisor Control (firmware version < 2.31F01)
generates the ...)
+ TODO: check
+CVE-2025-52548 (E3 Site Supervisor Control (firmware version < 2.31F01)
contains a hid ...)
+ TODO: check
+CVE-2025-52547 (E3 Site Supervisor Control (firmware version < 2.31F01) MGW
contains a ...)
+ TODO: check
+CVE-2025-52546 (E3 Site Supervisor Control (firmware version < 2.31F01) has a
floor pl ...)
+ TODO: check
+CVE-2025-52545 (E3 Site Supervisor Control (firmware version < 2.31F01) RCI
service co ...)
+ TODO: check
+CVE-2025-52544 (E3 Site Supervisor Control (firmware version < 2.31F01) has a
floor pl ...)
+ TODO: check
+CVE-2025-52543 (E3 Site Supervisor Control (firmware version < 2.31F01)
application se ...)
+ TODO: check
+CVE-2025-51966 (A cross-site scripting (XSS) vulnerability exists in the PDF
preview f ...)
+ TODO: check
+CVE-2025-50757 (Wavlink WN535K3 20191010 was found to contain a command
injection vuln ...)
+ TODO: check
+CVE-2025-50755 (Wavlink WN535K3 20191010 was found to contain a command
injection vuln ...)
+ TODO: check
+CVE-2025-50565 (Doubo ERP 1.0 has an SQL injection vulnerability due to a lack
of filt ...)
+ TODO: check
+CVE-2025-46810 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
packagin ...)
+ TODO: check
+CVE-2025-46047 (A User enumeration vulnerability in the
/CredentialsServlet/ForgotPass ...)
+ TODO: check
+CVE-2025-43726 (Dell Alienware Command Center 5.x (AWCC), versions prior to
5.10.2.0, ...)
+ TODO: check
+CVE-2025-41690 (A low-privileged attacker in bluetooth range may be able to
access the ...)
+ TODO: check
+CVE-2025-41031 (Lack of authorisation in Deporsite by T-INNOVA. This
vulnerability all ...)
+ TODO: check
+CVE-2025-41030 (Lack of authorisation in Deporsite by T-INNOVA. This
vulnerability all ...)
+ TODO: check
+CVE-2025-36162 (IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before
8.1.2.2 coul ...)
+ TODO: check
+CVE-2025-32100 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
+ TODO: check
+CVE-2025-32098 (An issue was discovered in Samsung Magician 6.3 through 8.3 on
Windows ...)
+ TODO: check
+CVE-2025-2414 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-2413 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-0670 (Authorization Bypass Through User-Controlled Key vulnerability
in Akin ...)
+ TODO: check
+CVE-2025-0640 (Authorization Bypass Through User-Controlled Key vulnerability
in Akin ...)
+ TODO: check
+CVE-2024-58259 (A vulnerability has been identified within Rancher Manager in
which it ...)
+ TODO: check
+CVE-2024-52284 (Unauthorized disclosure of sensitive data: Any user with `GET`
or `LIS ...)
+ TODO: check
+CVE-2024-51423 (Cross Site Scripting vulnerability in Infor Global HR GHR
v.11.23.03.0 ...)
+ TODO: check
+CVE-2024-48705 (Wavlink AC1200 with firmware versions M32A3_V1410_230602 and
M32A3_V14 ...)
+ TODO: check
+CVE-2024-12974 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-12973 (Origin Validation Error vulnerability in Akinsoft OctoCloud
allows HTT ...)
+ TODO: check
+CVE-2024-12972 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
CVE-2025-9815 (A weakness has been identified in alaneuler batteryKid up to
2.1 on ma ...)
TODO: check
CVE-2025-9814 (A security flaw has been discovered in PHPGurukul Beauty
Parlour Manag ...)
@@ -396,6 +554,7 @@ CVE-2025-58157 (gnark is a zero-knowledge proof system
framework. In version 0.1
CVE-2025-58156 (Centurion ERP is an ERP with a focus on ITSM and automation.
In versio ...)
NOT-FOR-US: Centurion ERP
CVE-2025-58068 (Eventlet is a concurrent networking library for Python. Prior
to versi ...)
+ {DLA-4289-1}
- python-eventlet 0.40.1-3 (bug #1112515)
[trixie] - python-eventlet <no-dsa> (Minor issue)
[bookworm] - python-eventlet <no-dsa> (Minor issue)
@@ -517,9 +676,9 @@ CVE-2025-55763 (Buffer Overflow in the URI parser of
CivetWeb 1.14 through 1.16
NOTE: https://github.com/civetweb/civetweb/pull/1347
CVE-2025-55750 (Gitpod is a developer platform for cloud development
environments. In ...)
NOT-FOR-US: Gitpod
-CVE-2025-55580 (SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site
Scripting ( ...)
+CVE-2025-55580 (SolidInvoice version 2.3.7 is vulnerable to a stored
cross-site script ...)
NOT-FOR-US: SolidInvoice
-CVE-2025-55579 (SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross
Site Sc ...)
+CVE-2025-55579 (SolidInvoice version 2.3.7 is vulnerable to a Stored
Cross-Site Script ...)
NOT-FOR-US: SolidInvoice
CVE-2025-55304 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
[experimental] - exiv2 0.28.7+dfsg-1
@@ -29591,9 +29750,9 @@ CVE-2025-5081 (A vulnerability classified as critical
was found in Campcodes Cyb
NOT-FOR-US: Campcodes
CVE-2025-5080 (A vulnerability classified as critical has been found in Tenda
FH451 1 ...)
NOT-FOR-US: Tenda
-CVE-2025-5079 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
+CVE-2025-5079 (A flaw has been found in PHPGurukul/Campcodes Online Shopping
Portal 1 ...)
NOT-FOR-US: Campcodes
-CVE-2025-5078 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
+CVE-2025-5078 (A vulnerability was detected in PHPGurukul/Campcodes Online
Shopping P ...)
NOT-FOR-US: Campcodes
CVE-2025-5077 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
NOT-FOR-US: Campcodes
@@ -114645,7 +114804,7 @@ CVE-2024-43373 (webcrack is a tool for reverse
engineering javascript. An arbitr
NOT-FOR-US: webcrack
CVE-2024-43357 (ECMA-262 is the language specification for the scripting
language ECMA ...)
NOT-FOR-US: ecma262 specification
-CVE-2024-42987 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack
overflow v ...)
+CVE-2024-42987 (Tenda FH1206 v02.03.01.35 was discovered to contain a
stack-based buff ...)
NOT-FOR-US: Tenda
CVE-2024-42986 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack
overflow v ...)
NOT-FOR-US: Tenda
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c09228f8ff8e8b498265460d0f404f47a9a66d74
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c09228f8ff8e8b498265460d0f404f47a9a66d74
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
