Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d75fe6fc by security tracker role at 2025-07-01T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,167 @@
-CVE-2025-6554
+CVE-2025-6940 (A vulnerability classified as critical was found in TOTOLINK
A702R 4.0 ...)
+ TODO: check
+CVE-2025-6939 (A vulnerability classified as critical has been found in
TOTOLINK A300 ...)
+ TODO: check
+CVE-2025-6938 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6937 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6936 (A vulnerability was found in code-projects Simple Pizza
Ordering Syste ...)
+ TODO: check
+CVE-2025-6935 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0 ...)
+ TODO: check
+CVE-2025-6934 (The Opal Estate Pro \u2013 Property Management and Submission
plugin f ...)
+ TODO: check
+CVE-2025-6932 (A vulnerability, which was classified as problematic, was found
in D-L ...)
+ TODO: check
+CVE-2025-6931 (A vulnerability classified as problematic was found in D-Link
DCS-6517 ...)
+ TODO: check
+CVE-2025-6930 (A vulnerability classified as critical has been found in
PHPGurukul Zo ...)
+ TODO: check
+CVE-2025-6929 (A vulnerability was found in PHPGurukul Zoo Management System
2.1. It ...)
+ TODO: check
+CVE-2025-6925 (A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0
and cla ...)
+ TODO: check
+CVE-2025-6917 (A vulnerability has been found in code-projects Online Hotel
Booking 1 ...)
+ TODO: check
+CVE-2025-6916 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2025-6915 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-6914 (A vulnerability classified as critical was found in PHPGurukul
Student ...)
+ TODO: check
+CVE-2025-6913 (A vulnerability classified as critical has been found in
PHPGurukul St ...)
+ TODO: check
+CVE-2025-6912 (A vulnerability was found in PHPGurukul Student Record System
3.2. It ...)
+ TODO: check
+CVE-2025-6911 (A vulnerability was found in PHPGurukul Student Record System
3.2. It ...)
+ TODO: check
+CVE-2025-6910 (A vulnerability was found in PHPGurukul Student Record System
3.2. It ...)
+ TODO: check
+CVE-2025-6909 (A vulnerability has been found in PHPGurukul Old Age Home
Management S ...)
+ TODO: check
+CVE-2025-6908 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-6907 (A vulnerability classified as critical was found in
code-projects Car ...)
+ TODO: check
+CVE-2025-6906 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-6905 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-6904 (A vulnerability was found in code-projects Car Rental System
1.0. It h ...)
+ TODO: check
+CVE-2025-6903 (A vulnerability was found in code-projects Car Rental System
1.0. It h ...)
+ TODO: check
+CVE-2025-6902 (A vulnerability was found in code-projects Inventory Management
System ...)
+ TODO: check
+CVE-2025-6901 (A vulnerability was found in code-projects Inventory Management
System ...)
+ TODO: check
+CVE-2025-6900 (A vulnerability has been found in code-projects Library System
1.0 and ...)
+ TODO: check
+CVE-2025-6899 (A vulnerability, which was classified as critical, was found in
D-Link ...)
+ TODO: check
+CVE-2025-6081 (Insufficiently Protected Credentials in LDAP in Konica
Minoltabizhub 2 ...)
+ TODO: check
+CVE-2025-5967 (A stored cross-site scripting vulnerability in ENS HX 10.0.4
allows a ...)
+ TODO: check
+CVE-2025-53416
+ REJECTED
+CVE-2025-53415 (Delta Electronics DTM SoftProject File Parsing Deserialization
of Untr ...)
+ TODO: check
+CVE-2025-53096 (Sunshine is a self-hosted game stream host for Moonlight.
Prior to ver ...)
+ TODO: check
+CVE-2025-53095 (Sunshine is a self-hosted game stream host for Moonlight.
Prior to ver ...)
+ TODO: check
+CVE-2025-53017
+ REJECTED
+CVE-2025-53005 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-53004 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-53003 (The Janssen Project is an open-source identity and access
management ( ...)
+ TODO: check
+CVE-2025-53001
+ REJECTED
+CVE-2025-52997 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52996 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52995 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52901 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-52898 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
+ TODO: check
+CVE-2025-52896 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
+ TODO: check
+CVE-2025-52895 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
+ TODO: check
+CVE-2025-52491 (Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.)
+ TODO: check
+CVE-2025-4407 (Insufficient Session Expiration vulnerability in ABB Lite Panel
Pro.Th ...)
+ TODO: check
+CVE-2025-49521 (A flaw was found in the EDA component of the Ansible
Automation Platfo ...)
+ TODO: check
+CVE-2025-49520 (A flaw was found in Ansible Automation Platform\u2019s EDA
component w ...)
+ TODO: check
+CVE-2025-49493 (Akamai CloudTest before 60 2025.06.02 (12988) allows file
inclusion vi ...)
+ TODO: check
+CVE-2025-47871 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15,
10.8.x <= 10. ...)
+ TODO: check
+CVE-2025-46702 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15,
10.8.x <= 10. ...)
+ TODO: check
+CVE-2025-45931 (An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210
allows ...)
+ TODO: check
+CVE-2025-45143 (string-math v1.2.2 was discovered to contain a Regex Denial of
Service ...)
+ TODO: check
+CVE-2025-41439 (A reflected cross-site scripting vulnerability via a specific
paramete ...)
+ TODO: check
+CVE-2025-40734 (Reflected Cross-Site Scripting (XSS) vulnerability in Daily
Expense Ma ...)
+ TODO: check
+CVE-2025-40733 (Reflected Cross-Site Scripting (XSS) vulnerability in Daily
Expense Ma ...)
+ TODO: check
+CVE-2025-40732 (user enumeration vulnerability in Daily Expense Manager v1.0.
To explo ...)
+ TODO: check
+CVE-2025-40731 (SQL injection vulnerability in Daily Expense Manager v1.0.
This vulner ...)
+ TODO: check
+CVE-2025-40710 (Host Header Injection (HHI) vulnerability in the Hotspot
Shield VPN cl ...)
+ TODO: check
+CVE-2025-36593 (Dell OpenManage Network Integration, versions prior to 3.8,
contains a ...)
+ TODO: check
+CVE-2025-36056 (IBM System Storage Virtualization Engine TS7700 3957 VED R5.4
8.54.2.1 ...)
+ TODO: check
+CVE-2025-2895 (IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7
iFix1, 2. ...)
+ TODO: check
+CVE-2025-2141 (IBM System Storage Virtualization Engine TS7700 3957 VED R5.4
8.54.2.1 ...)
+ TODO: check
+CVE-2025-26074 (Orkes Conductor v3.21.11 allows remote attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2024-8419 (The endpoint hosts a script that allows an unauthorized remote
attacke ...)
+ TODO: check
+CVE-2024-53621 (A buffer overflow in the formSetCfm() function of Tenda AC1206
1200M 1 ...)
+ TODO: check
+CVE-2024-49365 (tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to
version ...)
+ TODO: check
+CVE-2024-49364 (tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to
version ...)
+ TODO: check
+CVE-2024-46993 (Electron is an open source framework for writing
cross-platform deskto ...)
+ TODO: check
+CVE-2024-46992 (Electron is an open source framework for writing
cross-platform deskto ...)
+ TODO: check
+CVE-2024-12915 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2023-47310 (A misconfiguration in the default settings of MikroTik
RouterOS 7 and ...)
+ TODO: check
+CVE-2025-6554 (Type confusion in V8 in Google Chrome prior to 138.0.7204.96
allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-32463 [Local Privilege Escalation via chroot option]
+CVE-2025-32463 (Sudo before 1.9.17p1 allows local users to obtain root access
because ...)
- sudo 1.9.16p2-3
[bookworm] - sudo <not-affected> (Vulnerable code introduced later)
[bullseye] - sudo <not-affected> (Vulnerable code introduced later)
NOTE: https://www.sudo.ws/security/advisories/chroot_bug/
-CVE-2025-32462 [Local Privilege Escalation via host option]
+CVE-2025-32462 (Sudo before 1.9.17p1, when used with a sudoers file that
specifies a h ...)
+ {DSA-5954-1 DLA-4235-1}
- sudo 1.9.16p2-3
NOTE: https://www.sudo.ws/security/advisories/host_any/
CVE-2025-6297 [dpkg-deb: Fix cleanup for control member with restricted
directories]
@@ -1791,7 +1946,7 @@ CVE-2025-6496 (A vulnerability was found in HTACG
tidy-html5 5.8.0. It has been
[trixie] - tidy-html5 <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - tidy-html5 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/htacg/tidy-html5/issues/1141
-CVE-2025-6494 (A vulnerability was found in sparklemotion nokogiri up to
1.18.7. It h ...)
+CVE-2025-6494 (A vulnerability was found in sparklemotion nokogiri
c29c920907366cb74a ...)
- ruby-nokogiri <unfixed> (bug #1108237)
NOTE: https://github.com/sparklemotion/nokogiri/issues/3508
CVE-2025-6493 (A vulnerability was found in CodeMirror up to 5.17.0 and
classified as ...)
@@ -1804,7 +1959,7 @@ CVE-2025-52926 (In scan.rs in spytrap-adb before 0.3.5,
matches for known stalke
NOTE:
https://github.com/spytrap-org/spytrap-adb/commit/277cec542466b75cf5a8c532581243fd4b7b9713
(v0.3.5)
CVE-2025-6492 (A vulnerability has been found in MarkText up to 0.17.1 and
classified ...)
NOT-FOR-US: MarkText
-CVE-2025-6490 (A vulnerability was found in sparklemotion nokogiri up to
1.18.7 and c ...)
+CVE-2025-6490 (A vulnerability was found in sparklemotion nokogiri
c29c920907366cb74a ...)
- ruby-nokogiri <unfixed> (bug #1108238)
NOTE: https://github.com/sparklemotion/nokogiri/issues/3500
CVE-2025-6489 (A vulnerability has been found in itsourcecode Agri-Trading
Online Sho ...)
@@ -2542,7 +2697,7 @@ CVE-2025-50201 (WeGIA is a web manager for charitable
institutions. Prior to ver
NOT-FOR-US: WeGIA
CVE-2025-50183 (OpenList Frontend is a UI component for OpenList. Prior to
version 4.0 ...)
NOT-FOR-US: OpenList Frontend
-CVE-2025-50182 (urllib3 is a user-friendly HTTP client library for Python.
Prior to 2. ...)
+CVE-2025-50182 (urllib3 is a user-friendly HTTP client library for Python.
Starting in ...)
- python-urllib3 <unfixed> (bug #1108077)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5
@@ -8672,15 +8827,15 @@ CVE-2024-1440 (An open redirection vulnerability exists
in multiple WSO2 product
CVE-2024-12168 (Yandex Telemost for Desktop before 2.7.0has a DLL Hijacking
Vulnerabil ...)
NOT-FOR-US: Yandex Telemost for Desktop
CVE-2024-52035 (An integer overflow vulnerability exists in the OLE Document
File Allo ...)
- {DSA-5953-1}
+ {DSA-5953-1 DLA-4234-1}
- catdoc 1:0.95-6 (bug #1107168)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2131
CVE-2024-54028 (An integer underflow vulnerability exists in the OLE Document
DIFAT Pa ...)
- {DSA-5953-1}
+ {DSA-5953-1 DLA-4234-1}
- catdoc 1:0.95-6 (bug #1107168)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2132
CVE-2024-48877 (A memory corruption vulnerability exists in the Shared String
Table Re ...)
- {DSA-5953-1}
+ {DSA-5953-1 DLA-4234-1}
- catdoc 1:0.95-6 (bug #1107168)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128
CVE-2025-5436 (A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It
has be ...)
@@ -230293,6 +230448,7 @@ CVE-2022-46393 (An issue was discovered in Mbed TLS
before 2.28.2 and 3.x before
NOTE: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
NOTE: Fixed by
https://github.com/Mbed-TLS/mbedtls/commit/f385fcebee017973cf4137333628a78248f1f443
CVE-2022-46392 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x
before 3.3.0 ...)
+ {DLA-4236-1}
- mbedtls 2.28.2-1
[buster] - mbedtls <postponed> (Minor issue)
NOTE: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
@@ -309421,7 +309577,7 @@ CVE-2021-44733 (A use-after-free exists in
drivers/tee/tee_shm.c in the TEE subs
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain
out-of-memory condi ...)
- {DLA-3249-1}
+ {DLA-4236-1 DLA-3249-1}
[experimental] - mbedtls 2.28.0-0.1
- mbedtls 2.28.0-0.3 (bug #1002631)
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
@@ -313900,7 +314056,7 @@ CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash
(denial of service) after receivi
CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric
v1.4.0, v2.0.0 ...)
NOT-FOR-US: HyperLedger
CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and
earlier ...)
- {DLA-3249-1}
+ {DLA-4236-1 DLA-3249-1}
- mbedtls 2.28.0-1
NOTE: https://github.com/ARMmbed/mbedtls/issues/5136
NOTE: Backport 2.16: https://github.com/ARMmbed/mbedtls/pull/5311
@@ -334439,6 +334595,7 @@ CVE-2021-36649
CVE-2021-36648
RESERVED
CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the
function mbedt ...)
+ {DLA-4236-1}
- mbedtls 2.16.11-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
@@ -366288,7 +366445,7 @@ CVE-2021-24121
CVE-2021-24120
RESERVED
CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel
vulnerability in b ...)
- {DLA-3249-1 DLA-2826-1}
+ {DLA-4236-1 DLA-3249-1 DLA-2826-1}
- mbedtls 2.16.11-0.1
NOTE: Fixed in 2.26.0:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
CVE-2021-24118
@@ -721620,21 +721777,21 @@ CVE-2012-6443
CVE-2012-6453 (Cross-site scripting (XSS) vulnerability in the RSS Reader
extension b ...)
{DSA-2596-1}
- mediawiki-extensions 2.11 (bug #696179)
-CVE-2012-6442 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB,
1768-E ...)
+CVE-2012-6442 (When an affected product receives a valid CIP message from an
unauthor ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6441 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB,
1768-E ...)
+CVE-2012-6441 (An information exposure of confidential information results
when the d ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6440 (The web-server password-authentication functionality in
Rockwell Autom ...)
+CVE-2012-6440 (The Web server password authentication mechanism used by the
products ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6439 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB,
1768-E ...)
+CVE-2012-6439 (When an affected product receives a valid CIP message from an
unautho ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6438 (Buffer overflow in Rockwell Automation EtherNet/IP products;
1756-ENBT ...)
+CVE-2012-6438 (The device does not properly validate the data being sent to
the buffe ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6437 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB,
1768-E ...)
+CVE-2012-6437 (The device does not properly authenticate users and the
potential exis ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6436 (Buffer overflow in Rockwell Automation EtherNet/IP products;
1756-ENBT ...)
+CVE-2012-6436 (The device does not properly validate the data being sent to
the buffe ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
-CVE-2012-6435 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB,
1768-E ...)
+CVE-2012-6435 (When an affected product receives a valid CIP message from an
unauthor ...)
NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6434 (Multiple cross-site request forgery (CSRF) vulnerabilities in
e107_adm ...)
NOT-FOR-US: e107
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d75fe6fc508f9dcfffdbec7c72bed0674169efc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d75fe6fc508f9dcfffdbec7c72bed0674169efc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
