[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 09 Jun 2025 01:12:32 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
42564534 by security tracker role at 2025-06-09T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-5894 (Smart Parking Management System from Honding Technology has a 
Missing  ...)
+       TODO: check
+CVE-2025-5893 (Smart Parking Management System from Honding Technology has an 
Exposur ...)
+       TODO: check
+CVE-2025-5867 (A vulnerability classified as critical was found in RT-Thread 
5.1.0. T ...)
+       TODO: check
+CVE-2025-5866 (A vulnerability classified as critical has been found in 
RT-Thread 5.1 ...)
+       TODO: check
+CVE-2025-5865 (A vulnerability was found in RT-Thread 5.1.0. It has been rated 
as cri ...)
+       TODO: check
+CVE-2025-5864 (A vulnerability was found in Tenda TDSEE App up to 1.7.12. It 
has been ...)
+       TODO: check
+CVE-2025-5863 (A vulnerability was found in Tenda AC5 15.03.06.47. It has been 
classi ...)
+       TODO: check
+CVE-2025-5862 (A vulnerability was found in Tenda AC7 15.03.06.44 and 
classified as c ...)
+       TODO: check
+CVE-2025-5861 (A vulnerability has been found in Tenda AC7 15.03.06.44 and 
classified ...)
+       TODO: check
+CVE-2025-5860 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
+       TODO: check
+CVE-2025-5859 (A vulnerability was found in PHPGurukul Nipah Virus Testing 
Management ...)
+       TODO: check
+CVE-2025-5858 (A vulnerability was found in PHPGurukul Nipah Virus Testing 
Management ...)
+       TODO: check
+CVE-2025-5857 (A vulnerability was found in code-projects Patient Record 
Management S ...)
+       TODO: check
+CVE-2025-5856 (A vulnerability has been found in PHPGurukul BP Monitoring 
Management  ...)
+       TODO: check
+CVE-2025-5855 (A vulnerability, which was classified as critical, was found in 
Tenda  ...)
+       TODO: check
+CVE-2025-5854 (A vulnerability, which was classified as critical, has been 
found in T ...)
+       TODO: check
+CVE-2025-5853 (A vulnerability classified as critical was found in Tenda AC6 
15.03.05 ...)
+       TODO: check
+CVE-2025-5852 (A vulnerability classified as critical has been found in Tenda 
AC6 15. ...)
+       TODO: check
+CVE-2025-5851 (A vulnerability was found in Tenda AC15 15.03.05.19_multi. It 
has been ...)
+       TODO: check
+CVE-2025-5850 (A vulnerability was found in Tenda AC15 15.03.05.19_multi. It 
has been ...)
+       TODO: check
+CVE-2025-5849 (A vulnerability was found in Tenda AC15 15.03.05.19_multi. It 
has been ...)
+       TODO: check
+CVE-2025-5848 (A vulnerability was found in Tenda AC15 15.03.05.19_multi and 
classifi ...)
+       TODO: check
+CVE-2025-4652 (The Broadstreet WordPress plugin before 1.51.8 does not 
sanitise and e ...)
+       TODO: check
+CVE-2025-3582 (The Newsletter  WordPress plugin before 8.85 does not sanitise 
and esc ...)
+       TODO: check
+CVE-2025-3581 (The Newsletter  WordPress plugin before 8.8.5 does not validate 
and es ...)
+       TODO: check
+CVE-2025-3461 (The Quantenna Wi-Fi chips ship with an unauthenticated telnet 
interfac ...)
+       TODO: check
+CVE-2025-3460 (The Quantenna Wi-Fi chipset ships with a local control script, 
set_tx_ ...)
+       TODO: check
+CVE-2025-3459 (The Quantenna Wi-Fi chipset ships with a local control script, 
transmi ...)
+       TODO: check
+CVE-2025-35010 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-35009 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-35008 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-35007 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-35006 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-35005 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-35004 (Products that incorporate the Microhard BulletLTE-NA2 and 
IPn4Gii-NA2  ...)
+       TODO: check
+CVE-2025-32459 (The Quantenna Wi-Fi chipset ships with a local control script, 
router_ ...)
+       TODO: check
+CVE-2025-32458 (The Quantenna Wi-Fi chipset ships with a local control script, 
router_ ...)
+       TODO: check
+CVE-2025-32457 (The Quantenna Wi-Fi chipset ships with a local control script, 
router_ ...)
+       TODO: check
+CVE-2025-32456 (The Quantenna Wi-Fi chipset ships with a local control script, 
router_ ...)
+       TODO: check
+CVE-2025-32455 (The Quantenna Wi-Fi chipset ships with a local control script, 
router_ ...)
+       TODO: check
 CVE-2025-5847 (A vulnerability has been found in Tenda AC9 15.03.02.13 and 
classified ...)
        NOT-FOR-US: Tenda
 CVE-2025-27563 (in OpenHarmony v5.0.3 and prior versions allow a local 
attacker cause  ...)
@@ -1699,6 +1779,7 @@ CVE-2025-48941 (MyBB is free and open source forum 
software. Prior to version 1.
 CVE-2025-48940 (MyBB is free and open source forum software. Prior to version 
1.8.39,  ...)
        NOT-FOR-US: MyBB
 CVE-2025-48866 (ModSecurity is an open source, cross platform web application 
firewall ...)
+       {DSA-5940-1}
        - modsecurity-apache 2.9.10-1 (bug #1107196)
        NOTE: 
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w
        NOTE: Fixed by: 
https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e
 (v2.9.10)
@@ -1870,7 +1951,7 @@ CVE-2025-5113 (The Diviotec professional series exposes a 
web interface. One end
 CVE-2025-4010 (The Netcom NTC 6200 and NWL 222 series expose a web interface 
to be co ...)
        NOT-FOR-US: Netcom NTC 6200 and NWL 222 series
 CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows 
remote  ...)
-       {DSA-5934-1}
+       {DSA-5934-1 DLA-4211-1}
        - roundcube 1.6.11+dfsg-1 (bug #1107073)
        NOTE: 
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
        NOTE: https://github.com/roundcube/roundcubemail/pull/9865
@@ -3948,7 +4029,7 @@ CVE-2025-4133 (The Blog2Social: Social Media Auto Post & 
Scheduler WordPress plu
 CVE-2025-48070 (Plane is open-source project management software. Versions 
prior to 0. ...)
        NOT-FOR-US: Plane
 CVE-2025-47947 (ModSecurity is an open source, cross platform web application 
firewall ...)
-       {DLA-4192-1}
+       {DSA-5940-1 DLA-4192-1}
        - modsecurity-apache 2.9.9-1 (bug #1106286)
        NOTE: 
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r
        NOTE: Fixed by: 
https://github.com/owasp-modsecurity/ModSecurity/commit/fdfc2d5b21610651b0cefceb397be2cfc7aac8bb
 (v2.9.9)
@@ -7708,14 +7789,14 @@ CVE-2025-22246 (Cloud Foundry UAA release versions from 
v77.21.0 to v7.31.0 are
        NOT-FOR-US: VMware
 CVE-2023-49641 (Billing Software v1.0 is vulnerable to multiple 
Unauthenticated SQL In ...)
        NOT-FOR-US: Kashipara Billing Software
-CVE-2025-47712
+CVE-2025-47712 (A flaw exists in the nbdkit "blocksize" filter that can be 
triggered b ...)
        - nbdkit 1.42.3-1 (bug #1105228)
        [bookworm] - nbdkit <no-dsa> (Minor issue)
        [bullseye] - nbdkit <postponed> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365724
        NOTE: Fixed by: 
https://gitlab.com/nbdkit/nbdkit/-/commit/a486f88d1eea653ea88b0bf8804c4825dab25ec7
 (v1.43.7)
        NOTE: Fixed by: 
https://gitlab.com/nbdkit/nbdkit/-/commit/c3ed72811aca5684490b198737b2f0b921741547
 (v1.42.3)
-CVE-2025-47711
+CVE-2025-47711 (There's a flaw in the nbdkit server when handling responses 
from its p ...)
        - nbdkit 1.42.3-1 (bug #1105227)
        [bookworm] - nbdkit <no-dsa> (Minor issue)
        [bullseye] - nbdkit <postponed> (Minor issue)
@@ -32978,11 +33059,11 @@ CVE-2024-10152 (The Simple Certain Time to Show 
Content WordPress plugin before
        NOT-FOR-US: WordPress plugin
 CVE-2024-0148 (NVIDIA Jetson Linux and IGX OS image contains a vulnerability 
in the U ...)
        NOT-FOR-US: NVIDIA
-CVE-2025-25209
+CVE-2025-25209 (The AuthPolicy metadata on Red Hat Connectivity Link contains 
an objec ...)
        NOT-FOR-US: RedHat RHCL
-CVE-2025-25208
+CVE-2025-25208 (A Developer persona can bring down the Authorino service, 
preventing t ...)
        NOT-FOR-US: RedHat RHCL
-CVE-2025-25207
+CVE-2025-25207 (The Authorino service in the Red Hat Connectivity Link is the 
authoriz ...)
        NOT-FOR-US: RedHat RHCL
 CVE-2025-1634 (A flaw was found in the quarkus-resteasy extension, which 
causes memor ...)
        NOT-FOR-US: Quarkus



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42564534d16af4d50fcbfbad733467274214c395

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42564534d16af4d50fcbfbad733467274214c395
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to