Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ef698e4 by security tracker role at 2025-07-02T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,135 @@
-CVE-2025-38093 [arm64: dts: qcom: x1e80100: Add GPU cooling]
+CVE-2025-6943 (Secret Server version 11.7 and earlier is vulnerable to a SQL
report c ...)
+ TODO: check
+CVE-2025-6942 (The distributed engine versions 8.4.39.0 and earlier of Secret
Server ...)
+ TODO: check
+CVE-2025-6725 (In the PdfViewer component, a Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
+CVE-2025-53494 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53493 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53492 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53359 (ethereum is a common ethereum structs for Rust. Prior to
ethereum crat ...)
+ TODO: check
+CVE-2025-53358 (kotaemon is an open-source RAG-based tool for document
comprehension. ...)
+ TODO: check
+CVE-2025-53110 (Model Context Protocol Servers is a collection of reference
implementa ...)
+ TODO: check
+CVE-2025-53109 (Model Context Protocol Servers is a collection of reference
implementa ...)
+ TODO: check
+CVE-2025-53108 (HomeBox is a home inventory and organization system. Prior to
0.20.1, ...)
+ TODO: check
+CVE-2025-53106 (Graylog is a free and open log management platform. In
versions 6.2.0 ...)
+ TODO: check
+CVE-2025-53006 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-52891 (ModSecurity is an open source, cross platform web application
firewall ...)
+ TODO: check
+CVE-2025-52886 (Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std ...)
+ TODO: check
+CVE-2025-52842 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-52841 (Cross-Site Request Forgery (CSRF) vulnerability in Laundry on
Linux, M ...)
+ TODO: check
+CVE-2025-52559 (Zulip is an open-source team chat application. From versions
2.0.0-rc1 ...)
+ TODO: check
+CVE-2025-4946 (The Vikinger theme for WordPress is vulnerable to arbitrary
file delet ...)
+ TODO: check
+CVE-2025-49713 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2025-49588 (Linkwarden is a self-hosted, open-source collaborative
bookmark manage ...)
+ TODO: check
+CVE-2025-45814 (Missing authentication checks in the query.fcgi endpoint of
NS3000 v8. ...)
+ TODO: check
+CVE-2025-45813 (ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded
credenti ...)
+ TODO: check
+CVE-2025-45424 (Incorrect access control in Xinference before v1.4.0 allows
attackers ...)
+ TODO: check
+CVE-2025-45029 (WINSTAR WN572HP3 v230525 was discovered to contain a heap
overflow via ...)
+ TODO: check
+CVE-2025-43025 (HP Universal Print Driver is potentially vulnerable to denial
of servi ...)
+ TODO: check
+CVE-2025-39362 (Missing Authorization vulnerability in Mollie Mollie Payments
for WooC ...)
+ TODO: check
+CVE-2025-34092 (A cookie encryption bypass vulnerability exists in Google
Chrome\u2019 ...)
+ TODO: check
+CVE-2025-34091 (A padding oracle vulnerability exists in Google Chrome\u2019s
AppBound ...)
+ TODO: check
+CVE-2025-34090 (A security bypass vulnerability exists in Google Chrome
AppBound cooki ...)
+ TODO: check
+CVE-2025-34079 (An authenticated remote code execution vulnerability exists in
NSClien ...)
+ TODO: check
+CVE-2025-34078 (A local privilege escalation vulnerability exists in
NSClient++ 0.5.2. ...)
+ TODO: check
+CVE-2025-34076 (An authenticated local file inclusion vulnerability exists in
Microweb ...)
+ TODO: check
+CVE-2025-34075 (An authenticated virtual machine escape vulnerability exists
in HashiC ...)
+ TODO: check
+CVE-2025-34074 (An authenticated remote code execution vulnerability exists in
Lucee\u ...)
+ TODO: check
+CVE-2025-34073 (An unauthenticated command injection vulnerability exists in
stamparm/ ...)
+ TODO: check
+CVE-2025-34072 (A data exfiltration vulnerability exists in Anthropic\u2019s
deprecate ...)
+ TODO: check
+CVE-2025-34071 (A remote code execution vulnerability in GFI Kerio Control
9.4.5 allow ...)
+ TODO: check
+CVE-2025-34070 (A missing authentication vulnerability in the GFIAgent
component of GF ...)
+ TODO: check
+CVE-2025-34069 (An authentication bypass vulnerability exists in GFI Kerio
Control 9.4 ...)
+ TODO: check
+CVE-2025-34067 (An unauthenticated remote command execution vulnerability
exists in th ...)
+ TODO: check
+CVE-2025-34057 (An information disclosure vulnerability exists in Ruijie NBR
series ro ...)
+ TODO: check
+CVE-2025-2330 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for
WordPr ...)
+ TODO: check
+CVE-2025-27026 (A missing double-check feature in the WebGUI for CLI
deactivation in I ...)
+ TODO: check
+CVE-2025-27025 (The target device exposes a service on a specific TCP port
with a conf ...)
+ TODO: check
+CVE-2025-27024 (Unrestricted access to OS file system in SFTP service in
Infinera G42 ...)
+ TODO: check
+CVE-2025-27023 (Lack or insufficent input validation in WebGUI CLI web in
Infinera G42 ...)
+ TODO: check
+CVE-2025-27022 (A path traversal vulnerability of the WebGUI HTTP endpoint in
Infinera ...)
+ TODO: check
+CVE-2025-27021 (The misconfiguration in the sudoers configuration of the
operating sys ...)
+ TODO: check
+CVE-2025-24335 (Nokia Single RAN baseband software versions earlier than
24R1-SR 2.1 M ...)
+ TODO: check
+CVE-2025-24334 (The Nokia Single RAN baseband software earlier than 23R2-SR
1.0 MP can ...)
+ TODO: check
+CVE-2025-24333 (Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP
contain ...)
+ TODO: check
+CVE-2025-24332 (Nokia Single RAN AirScale baseband allows an authenticated
administrat ...)
+ TODO: check
+CVE-2025-24331 (The Single RAN baseband OAM service is intended to run as an
unprivile ...)
+ TODO: check
+CVE-2025-24330 (Sending a crafted SOAP "provision" operation message PlanId
field with ...)
+ TODO: check
+CVE-2025-24329 (Sending a crafted SOAP "provision" operation message archive
field wit ...)
+ TODO: check
+CVE-2025-20310 (A vulnerability in the web UI of Cisco Enterprise Chat and
Email (ECE) ...)
+ TODO: check
+CVE-2025-20309 (A vulnerability in Cisco Unified Communications Manager
(Unified CM) a ...)
+ TODO: check
+CVE-2025-20308 (A vulnerability in Cisco Spaces Connector could allow an
authenticated ...)
+ TODO: check
+CVE-2025-20307 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
+ TODO: check
+CVE-2025-38093 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5ba21fa11f473c9827f378ace8c9f983de9e0287 (6.16-rc1)
-CVE-2025-38092 [ksmbd: use list_first_entry_or_null for opinfo_get_list()]
+CVE-2025-38092 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.12.32-1
NOTE:
https://git.kernel.org/linus/10379171f346e6f61d30d9949500a8de4336444a (6.15)
-CVE-2025-38091 [drm/amd/display: check stream id dml21 wrapper to get plane_id]
+CVE-2025-38091 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.32-1
NOTE:
https://git.kernel.org/linus/2ddac70fed50485aa4ae49cdb7478ce41d8d4715 (6.15-rc7)
-CVE-2025-46647
+CVE-2025-46647 (A vulnerability of pluginopenid-connect in Apache APISIX.
This vulner ...)
NOT-FOR-US: Apache APISIX
CVE-2025-6927
- mediawiki 1:1.43.3+dfsg-1
@@ -274,7 +394,7 @@ CVE-2025-34050 (Across-site request forgery (CSRF)
vulnerability exists in the w
NOT-FOR-US: AVTECH
CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for
GLPI. P ...)
NOT-FOR-US: Escalade GLPI plugin
-CVE-2024-35164
+CVE-2024-35164 (The terminal emulator of Apache Guacamole 1.5.5 and older does
not pro ...)
- guacamole-client <removed>
CVE-2024-39954
NOT-FOR-US: Apache EventMesh
@@ -33935,9 +34055,9 @@ CVE-2025-27704 (There is a cross-site scripting
vulnerability in the Secure Acce
NOT-FOR-US: Absolute Software
CVE-2025-27415 (Nuxt is an open-source web development framework for Vue.js.
Prior to ...)
NOT-FOR-US: Nuxt
-CVE-2025-26486 (Use of a Broken or Risky Cryptographic Algorithm, Use of
Password Hash ...)
+CVE-2025-26486 (Broken or Risky Cryptographic Algorithm, Use of Password Hash
With In ...)
NOT-FOR-US: Beta80 Life 1st Identity Manager
-CVE-2025-26485 (The Exposure of Sensitive Information to an Unauthorized Actor
vulner ...)
+CVE-2025-26485 (A vulnerability in Beta80 Life 1st enables the retrieval of
different ...)
NOT-FOR-US: Beta80 Life 1st Identity Manager
CVE-2025-26475 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS,
version(s) 5.26 ...)
NOT-FOR-US: Dell / EMC
@@ -62426,7 +62546,7 @@ CVE-2024-49817 (IBM Security Guardium Key Lifecycle
Manager 4.1, 4.1.1, 4.2.0, a
NOT-FOR-US: IBM
CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0,
and 4.2 ...)
NOT-FOR-US: IBM
-CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow
remote co ...)
+CVE-2024-49194 (Databricks JDBC Driver 2.x before 2.6.40 could potentially
allow remot ...)
NOT-FOR-US: Databricks JDBC Driver
CVE-2024-42194 (An improper handling of insufficient permissions or privileges
affects ...)
NOT-FOR-US: HCL
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef698e41fe5ff2c967cec5f0195969a62a5f17e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef698e41fe5ff2c967cec5f0195969a62a5f17e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
