Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ade2392 by security tracker role at 2025-06-26T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2025-6710 (MongoDB Server may be susceptible to stack overflow due to JSON
parsin ...)
+ TODO: check
+CVE-2025-6709 (The MongoDB Server is susceptible to a denial of service
vulnerability ...)
+ TODO: check
+CVE-2025-6707 (Under certain conditions, an authenticated user request may
execute wi ...)
+ TODO: check
+CVE-2025-6706 (An authenticated user may trigger a use after free that may
result in ...)
+ TODO: check
+CVE-2025-6703 (Improper Input Validation vulnerability in Mozilla neqo leads
to an un ...)
+ TODO: check
+CVE-2025-6702 (A vulnerability, which was classified as problematic, was found
in lin ...)
+ TODO: check
+CVE-2025-6701 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-6700 (A vulnerability classified as problematic was found in Xuxueli
xxl-sso ...)
+ TODO: check
+CVE-2025-6699 (A vulnerability classified as problematic has been found in
LabRedesCe ...)
+ TODO: check
+CVE-2025-6698 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It
has been ...)
+ TODO: check
+CVE-2025-6697 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It
has been ...)
+ TODO: check
+CVE-2025-6696 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It
has been ...)
+ TODO: check
+CVE-2025-6695 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and
classifie ...)
+ TODO: check
+CVE-2025-6694 (A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0
and clas ...)
+ TODO: check
+CVE-2025-6693 (A vulnerability, which was classified as critical, was found in
RT-Thr ...)
+ TODO: check
+CVE-2025-6677 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-6676 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-6675 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-6674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-6562 (Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt
Electronic ...)
+ TODO: check
+CVE-2025-6561 (Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt
Electron ...)
+ TODO: check
+CVE-2025-6212 (The Ultra Addons for Contact Form 7 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-5995 (Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29)
and earl ...)
+ TODO: check
+CVE-2025-5966 (Zohocorp ManageEngine Exchange reporter Plus version5722 and
below are ...)
+ TODO: check
+CVE-2025-5842 (The Modern Design Library plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-5682 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-5366 (Zohocorp ManageEngine Exchange reporter Plus version5722 and
below are ...)
+ TODO: check
+CVE-2025-5338 (The Royal Elementor Addons plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-53122 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-53121 (Multiple stored XSS were found on different nodes with
unsanitized par ...)
+ TODO: check
+CVE-2025-53013 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
+ TODO: check
+CVE-2025-53007 (arduino-esp32 provides an Arduino core for the ESP32. Versions
prior t ...)
+ TODO: check
+CVE-2025-53002 (LLaMA-Factory is a tuning library for large language models. A
remote ...)
+ TODO: check
+CVE-2025-52904 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52903 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52902 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52900 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
+ TODO: check
+CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model
Context Protoc ...)
+ TODO: check
+CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token
Service (STS) ...)
+ TODO: check
+CVE-2025-51672 (A time-based blind SQL injection vulnerability was identified
in the P ...)
+ TODO: check
+CVE-2025-51671 (A SQL injection vulnerability was discovered in the PHPGurukul
Dairy F ...)
+ TODO: check
+CVE-2025-50350 (PHPGurukul Pre-School Enrollment System Project v1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-49603 (Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1
has Inc ...)
+ TODO: check
+CVE-2025-49592 (n8n is a workflow automation platform. Versions prior to
1.98.0 have a ...)
+ TODO: check
+CVE-2025-49003 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-48923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48922 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48921 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open
Social ...)
+ TODO: check
+CVE-2025-44141 (A Cross-Site Scripting (XSS) vulnerability exists in the node
creation ...)
+ TODO: check
+CVE-2025-3773 (A sensitive information exposure vulnerability in System
Information ...)
+ TODO: check
+CVE-2025-3771 (A path or symbolic link manipulation vulnerability in SIR 1.0.3
and pr ...)
+ TODO: check
+CVE-2025-3722 (A path traversal vulnerability in System Information Reporter
(SIR) 1. ...)
+ TODO: check
+CVE-2025-36034 (IBM InfoSphere DataStage Flow Designer in IBM InfoSphere
Information S ...)
+ TODO: check
+CVE-2025-34049 (An OS command injection vulnerability exists in the OptiLink
ONT1GEW G ...)
+ TODO: check
+CVE-2025-34048 (A path traversal vulnerability exists in the web management
interface ...)
+ TODO: check
+CVE-2025-34047 (A path traversal vulnerability exists in the Leadsec SSL VPN
(formerly ...)
+ TODO: check
+CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the
Fanwei E-Of ...)
+ TODO: check
+CVE-2025-34045 (A path traversal vulnerability exists in WeiPHP 5.0, an open
source We ...)
+ TODO: check
+CVE-2025-34044 (A remote command injection vulnerability exists in the
confirm.php int ...)
+ TODO: check
+CVE-2025-34043 (A remote command injection vulnerability exists in Vacron
Network Vide ...)
+ TODO: check
+CVE-2025-34042 (An authenticated command injection vulnerability exists in the
Beward ...)
+ TODO: check
+CVE-2025-30131 (An issue was discovered on IROAD Dashcam FX2 devices. An
unauthenticat ...)
+ TODO: check
+CVE-2025-29331 (An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a
remote a ...)
+ TODO: check
+CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root
access to ...)
+ TODO: check
+CVE-2024-56915 (Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to
Cross Si ...)
+ TODO: check
+CVE-2024-52928 (Arc before 1.26.1 on Windows has a bypass issue in the site
settings t ...)
+ TODO: check
+CVE-2024-11584 (cloud-initthrough 25.1.2 includes the systemd socket
unitcloud-init-ho ...)
+ TODO: check
CVE-2025-6669 (A vulnerability was found in gooaclok819 sublinkX up to 1.8. It
has be ...)
NOT-FOR-US: gooaclok819 sublinkX
CVE-2025-6668 (A vulnerability was found in code-projects Inventory Management
System ...)
@@ -245469,17 +245605,17 @@ CVE-2022-41862 (In PostgreSQL, a modified,
unauthenticated server can send an un
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88
(REL_12_14)
NOTE: GSSAPI encryption support introduced in
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b0b39f72b9904bcb80f97b35837ccff1578aa4b8
(REL_12_BETA1)
CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or
home serv ...)
- {DLA-3342-1}
+ {DLA-4232-1 DLA-3342-1}
- freeradius 3.2.0+dfsg-1
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62
(release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM
option, ...)
- {DLA-3342-1}
+ {DLA-4232-1 DLA-3342-1}
- freeradius 3.2.0+dfsg-1
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708
(release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on unknown option in
EAP-SIM")
CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element()
leaks i ...)
- {DLA-3342-1}
+ {DLA-4232-1 DLA-3342-1}
- freeradius 3.2.0+dfsg-1
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937
(release_3_0_26)
CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer
dereference may o ...)
@@ -718595,8 +718731,7 @@ CVE-2013-1426 (Cross-site Scripting (XSS) in Mahara
before 1.5.9 and 1.6.x befor
NOTE: https://bugs.launchpad.net/mahara/+bug/1153423
CVE-2013-1425 (ldap-git-backup before 1.0.4 exposes password hashes due to
incorrect ...)
- ldap-git-backup 1.0.4-1 (bug #699227)
-CVE-2013-1424 [matplotlib buffer overrun]
- RESERVED
+CVE-2013-1424 (Buffer overflow vulnerability in matplotlib.This issue affects
matplot ...)
- matplotlib 1.4.2-3.1 (low; bug #775691)
[wheezy] - matplotlib <no-dsa> (Minor issue)
[squeeze] - matplotlib <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ade2392a9fff96ec3b42581dea667d3eb8dca3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ade2392a9fff96ec3b42581dea667d3eb8dca3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
