Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4fef6de4 by security tracker role at 2025-07-01T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,144 @@
+CVE-2025-6963 (A vulnerability has been found in Campcodes Employee Management
System ...)
+ TODO: check
+CVE-2025-6962 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-6961 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-6960 (A vulnerability classified as critical was found in Campcodes
Employee ...)
+ TODO: check
+CVE-2025-6959 (A vulnerability classified as critical has been found in
Campcodes Emp ...)
+ TODO: check
+CVE-2025-6958 (A vulnerability was found in Campcodes Employee Management
System 1.0. ...)
+ TODO: check
+CVE-2025-6957 (A vulnerability was found in Campcodes Employee Management
System 1.0. ...)
+ TODO: check
+CVE-2025-6956 (A vulnerability was found in Campcodes Employee Management
System 1.0. ...)
+ TODO: check
+CVE-2025-6955 (A vulnerability was found in Campcodes Employee Management
System 1.0 ...)
+ TODO: check
+CVE-2025-6954 (A vulnerability has been found in Campcodes Employee Management
System ...)
+ TODO: check
+CVE-2025-6953 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2025-6952 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-6951 (A vulnerability classified as problematic was found in SAFECAM
X300 up ...)
+ TODO: check
+CVE-2025-6756 (The Ultra Addons for Contact Form 7 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-6600 (An exposure of sensitive information vulnerability was
identified in G ...)
+ TODO: check
+CVE-2025-6224 (Certificate generation in juju/utils using the cert.NewLeaf
function c ...)
+ TODO: check
+CVE-2025-5314 (The Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed,
PDF vie ...)
+ TODO: check
+CVE-2025-5072 (Resource leak vulnerability in ASR180x\u3001ASR190x in
con_mgrallows R ...)
+ TODO: check
+CVE-2025-53107 (@cyanheads/git-mcp-server is an MCP server designed to
interact with G ...)
+ TODO: check
+CVE-2025-53104 (gluestack-ui is a library of copy-pasteable components &
patterns craf ...)
+ TODO: check
+CVE-2025-53103 (JUnit is a testing framework for Java and the JVM. From
version 5.12.0 ...)
+ TODO: check
+CVE-2025-53100 (RestDB's Codehooks.io MCP Server is an MCP server on the
Codehooks.io ...)
+ TODO: check
+CVE-2025-53099 (Sentry is a developer-first error tracking and performance
monitoring ...)
+ TODO: check
+CVE-2025-52294 (Insufficient validation of the screen lock mechanism in Trust
Wallet v ...)
+ TODO: check
+CVE-2025-50641 (Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow
in the ad ...)
+ TODO: check
+CVE-2025-50405 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to
Incorrect ...)
+ TODO: check
+CVE-2025-50404 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to
Integer Ov ...)
+ TODO: check
+CVE-2025-49492 (Out-of-bounds write in ASR180x in lte-telephony, May cause a
buffer u ...)
+ TODO: check
+CVE-2025-49491 (Improper Resource Shutdown or Release vulnerability in ASR
Falcon_Linu ...)
+ TODO: check
+CVE-2025-49490 (Resource leak vulnerability in ASR180x in router allows
Resource Leak ...)
+ TODO: check
+CVE-2025-49489 (Improper Resource Shutdown or Release vulnerability in ASR
Falcon_Linu ...)
+ TODO: check
+CVE-2025-49488 (Improper Resource Shutdown or Release vulnerability in ASR180x
\u3001A ...)
+ TODO: check
+CVE-2025-49483 (Improper Resource Shutdown or Release vulnerability in ASR180x
\u3001A ...)
+ TODO: check
+CVE-2025-49482 (Improper Resource Shutdown or Release vulnerability in ASR180x
\u3001A ...)
+ TODO: check
+CVE-2025-49481 (Improper Resource Shutdown or Release vulnerability in ASR180x
\u3001A ...)
+ TODO: check
+CVE-2025-49480 (Out-of-bounds access in ASR180x \u3001ASR190x in
lte-telephony, This ...)
+ TODO: check
+CVE-2025-49029 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-48379 (Pillow is a Python imaging library. In versions 11.2.0 to
before 11.3. ...)
+ TODO: check
+CVE-2025-46259 (Missing Authorization vulnerability in POSIMYTH Innovation The
Plus Ad ...)
+ TODO: check
+CVE-2025-45872 (zrlog v3.1.5 was discovered to contain a Server-Side Request
Forgery ( ...)
+ TODO: check
+CVE-2025-45083 (Incorrect access control in Ullu (Android version v2.9.929 and
IOS ver ...)
+ TODO: check
+CVE-2025-45081 (Misconfigured settings in IITB SSO v1.1.0 allow attackers to
access se ...)
+ TODO: check
+CVE-2025-45080 (YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use
unencrypt ...)
+ TODO: check
+CVE-2025-45006 (Improper mstatus.SUM bit retention (non-zero) in Open-Source
RISC-V Pr ...)
+ TODO: check
+CVE-2025-41656 (An unauthenticated remote attacker can run arbitrary commands
on the a ...)
+ TODO: check
+CVE-2025-41648 (An unauthenticated remote attacker can bypass the login to the
web app ...)
+ TODO: check
+CVE-2025-37099 (A remote code execution vulnerability exists in HPE Insight
Remote Sup ...)
+ TODO: check
+CVE-2025-37098 (A path traversal vulnerability exists in HPE Insight Remote
Support (I ...)
+ TODO: check
+CVE-2025-37097 (A vulnerability in HPE Insight Remote Support (IRS) prior to
v7.15.0.6 ...)
+ TODO: check
+CVE-2025-36582 (Dell NetWorker, versions 19.12.0.1 and prior, contains a
Selection of ...)
+ TODO: check
+CVE-2025-34081 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP
phpinfo() ...)
+ TODO: check
+CVE-2025-34080 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable
to Cross- ...)
+ TODO: check
+CVE-2025-34066 (An improper certificate validation vulnerability exists in
AVTECH IP c ...)
+ TODO: check
+CVE-2025-34065 (An authentication bypass vulnerability exists in AVTECH IP
camera, DVR ...)
+ TODO: check
+CVE-2025-34064 (A cloud infrastructure misconfiguration in OneLogin AD
Connector resul ...)
+ TODO: check
+CVE-2025-34063 (A cryptographic authentication bypass vulnerability exists in
OneLogin ...)
+ TODO: check
+CVE-2025-34062 (An information disclosure vulnerability exists in OneLogin AD
Connecto ...)
+ TODO: check
+CVE-2025-34060 (A PHP objection injection vulnerability exists in the Monero
Project\u ...)
+ TODO: check
+CVE-2025-34059 (An SQL injection vulnerability exists in the Dahua Smart Cloud
Gateway ...)
+ TODO: check
+CVE-2025-34058 (Hikvision Streaming Media Management Server v2.3.5 uses
default creden ...)
+ TODO: check
+CVE-2025-34056 (An OS command injection vulnerability exists in AVTECH IP
camera, DVR, ...)
+ TODO: check
+CVE-2025-34055 (An OS command injection vulnerability exists in AVTECH DVR,
NVR, and I ...)
+ TODO: check
+CVE-2025-34054 (An unauthenticated command injection vulnerability exists in
AVTECH DV ...)
+ TODO: check
+CVE-2025-34053 (An authentication bypass vulnerability exists in AVTECH IP
camera, DVR ...)
+ TODO: check
+CVE-2025-34052 (An unauthenticated information disclosure vulnerability exists
in AVTE ...)
+ TODO: check
+CVE-2025-34051 (A server-side request forgery vulnerability exists in multiple
firmwar ...)
+ TODO: check
+CVE-2025-34050 (Across-site request forgery (CSRF) vulnerability exists in the
web int ...)
+ TODO: check
+CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for
GLPI. P ...)
+ TODO: check
CVE-2024-35164
- guacamole-client <removed>
CVE-2024-39954
NOT-FOR-US: Apache EventMesh
-CVE-2025-6920
+CVE-2025-6920 (A flaw was found in the authentication enforcement mechanism of
a mode ...)
NOT-FOR-US: Red Hat AI Inference Server
CVE-2025-6940 (A vulnerability classified as critical was found in TOTOLINK
A702R 4.0 ...)
NOT-FOR-US: TOTOLINK
@@ -170,7 +306,7 @@ CVE-2025-32462 (Sudo before 1.9.17p1, when used with a
sudoers file that specifi
{DSA-5954-1 DLA-4235-1}
- sudo 1.9.16p2-3
NOTE: https://www.sudo.ws/security/advisories/host_any/
-CVE-2025-6297 [dpkg-deb: Fix cleanup for control member with restricted
directories]
+CVE-2025-6297 (It was discovered that dpkg-deb does not properly sanitize
directory p ...)
- dpkg <unfixed>
[bookworm] - dpkg <no-dsa> (Minor issue)
NOTE: Fixed by:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82
@@ -13712,7 +13848,7 @@ CVE-2024-55569 (An issue was discovered in Samsung
Mobile Processor, Wearable Pr
NOT-FOR-US: Samsung
CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R)
software insta ...)
NOT-FOR-US: Intel
-CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for
WordPress is ...)
+CVE-2024-13914 (The File Manager Advanced Shortcode plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4478 (A flaw was found in the FreeRDP used by Anaconda's remote
install feat ...)
- freerdp3 3.15.0+dfsg-2.1 (bug #1105917)
@@ -722012,9 +722148,9 @@ CVE-2013-0602 (Use-after-free vulnerability in Adobe
Reader and Acrobat 9.x befo
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0601 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5,
and 11. ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10
establish ...)
+CVE-2012-6428 (The Carlo Gavazzi EOS-Box stores hard-coded passwords in the
PHP fil ...)
NOT-FOR-US: Carlo Gavazzi EOS-Box
-CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box
with f ...)
+CVE-2012-6427 (The Carlo Gavazzi EOS-Box does not check the validity of the
data be ...)
NOT-FOR-US: Carlo Gavazzi EOS-Box
CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the
signature-verification cap ...)
- lemonldap-ng 1.2.2-3 (bug #696329)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fef6de44a8ec75d6385108463e3794ccbcc0e77
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fef6de44a8ec75d6385108463e3794ccbcc0e77
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
