Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dffa598a by security tracker role at 2025-07-07T20:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,253 @@
+CVE-2025-7259 (An authorized user can issue queries with duplicate _id fields,
that l ...)
+ TODO: check
+CVE-2025-7143 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2025-7142 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7141 (A vulnerability classified as problematic was found in
SourceCodester ...)
+ TODO: check
+CVE-2025-7140 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2025-7139 (A vulnerability was found in SourceCodester Best Salon
Management Syst ...)
+ TODO: check
+CVE-2025-7138 (A vulnerability was found in SourceCodester Best Salon
Management Syst ...)
+ TODO: check
+CVE-2025-7137 (A vulnerability was found in SourceCodester Best Salon
Management Syst ...)
+ TODO: check
+CVE-2025-7136 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-7135 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-7134 (A vulnerability classified as critical was found in Campcodes
Online R ...)
+ TODO: check
+CVE-2025-7133 (A vulnerability classified as problematic has been found in
CodeAstro ...)
+ TODO: check
+CVE-2025-7132 (A vulnerability was found in Campcodes Payroll Management
System 1.0. ...)
+ TODO: check
+CVE-2025-7131 (A vulnerability was found in Campcodes Payroll Management
System 1.0. ...)
+ TODO: check
+CVE-2025-7130 (A vulnerability was found in Campcodes Payroll Management
System 1.0. ...)
+ TODO: check
+CVE-2025-7129 (A vulnerability was found in Campcodes Payroll Management
System 1.0 a ...)
+ TODO: check
+CVE-2025-7128 (A vulnerability has been found in Campcodes Payroll Management
System ...)
+ TODO: check
+CVE-2025-7127 (A vulnerability, which was classified as critical, was found in
itsour ...)
+ TODO: check
+CVE-2025-7126 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2025-7125 (A vulnerability classified as critical was found in
itsourcecode Emplo ...)
+ TODO: check
+CVE-2025-7124 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-7123 (A vulnerability was found in Campcodes Complaint Management
System 1.0 ...)
+ TODO: check
+CVE-2025-7122 (A vulnerability was found in Campcodes Complaint Management
System 1.0 ...)
+ TODO: check
+CVE-2025-7121 (A vulnerability was found in Campcodes Complaint Management
System 1.0 ...)
+ TODO: check
+CVE-2025-7120 (A vulnerability was found in Campcodes Complaint Management
System 1.0 ...)
+ TODO: check
+CVE-2025-7119 (A vulnerability has been found in Campcodes Complaint
Management Syste ...)
+ TODO: check
+CVE-2025-7057 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7056 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-6811 (Mescius ActiveReports.NET TypeResolutionService Deserialization
of Unt ...)
+ TODO: check
+CVE-2025-6810 (Mescius ActiveReports.NET ReadValue Deserialization of
Untrusted Data ...)
+ TODO: check
+CVE-2025-6807 (Marvell QConvergeConsole getDriverTmpPath Directory Traversal
Informat ...)
+ TODO: check
+CVE-2025-6806 (Marvell QConvergeConsole decryptFile Directory Traversal
Arbitrary Fil ...)
+ TODO: check
+CVE-2025-6805 (Marvell QConvergeConsole deleteEventLogFile Directory Traversal
Arbitr ...)
+ TODO: check
+CVE-2025-6804 (Marvell QConvergeConsole compressFirmwareDumpFiles Directory
Traversal ...)
+ TODO: check
+CVE-2025-6803 (Marvell QConvergeConsole compressDriverFiles Directory
Traversal Infor ...)
+ TODO: check
+CVE-2025-6802 (Marvell QConvergeConsole getFileFromURL Unrestricted File
Upload Remot ...)
+ TODO: check
+CVE-2025-6801 (Marvell QConvergeConsole saveNICParamsToFile Directory
Traversal Arbit ...)
+ TODO: check
+CVE-2025-6800 (Marvell QConvergeConsole restoreESwitchConfig Directory
Traversal Info ...)
+ TODO: check
+CVE-2025-6799 (Marvell QConvergeConsole getFileUploadBytes Directory Traversal
Inform ...)
+ TODO: check
+CVE-2025-6798 (Marvell QConvergeConsole deleteAppFile Directory Traversal
Arbitrary F ...)
+ TODO: check
+CVE-2025-6797 (Marvell QConvergeConsole getFileUploadBytes Directory Traversal
Inform ...)
+ TODO: check
+CVE-2025-6796 (Marvell QConvergeConsole getAppFileBytes Directory Traversal
Informati ...)
+ TODO: check
+CVE-2025-6795 (Marvell QConvergeConsole getFileUploadSize Directory Traversal
Informa ...)
+ TODO: check
+CVE-2025-6794 (Marvell QConvergeConsole saveAsText Directory Traversal Remote
Code Ex ...)
+ TODO: check
+CVE-2025-6793 (Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal
Arbitr ...)
+ TODO: check
+CVE-2025-6714 (MongoDB Server's mongos component can become unresponsive to
new conne ...)
+ TODO: check
+CVE-2025-6713 (An unauthorized user may leverage a specially crafted
aggregation pipe ...)
+ TODO: check
+CVE-2025-6712 (MongoDB Server may be susceptible to disruption caused by high
memory ...)
+ TODO: check
+CVE-2025-6711 (An issue has been identified in MongoDB Server where unredacted
querie ...)
+ TODO: check
+CVE-2025-6663 (GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote
Code E ...)
+ TODO: check
+CVE-2025-6386 (The parisneo/lollms repository is affected by a timing attack
vulnerab ...)
+ TODO: check
+CVE-2025-6210 (A vulnerability in the ObsidianReader class of the
run-llama/llama_ind ...)
+ TODO: check
+CVE-2025-6209 (A path traversal vulnerability exists in run-llama/llama_index
version ...)
+ TODO: check
+CVE-2025-6044 (An Improper Access Control vulnerability in the Stylus Tools
component ...)
+ TODO: check
+CVE-2025-5472 (The JSONReader in run-llama/llama_index versions 0.12.28 is
vulnerable ...)
+ TODO: check
+CVE-2025-53543 (Kestra is an event-driven orchestration platform. The error
message in ...)
+ TODO: check
+CVE-2025-53540 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2,
ESP32-S3, ES ...)
+ TODO: check
+CVE-2025-53539 (FastAPI Guard is a security library for FastAPI that provides
middlewa ...)
+ TODO: check
+CVE-2025-53536 (Roo Code is an AI-powered autonomous coding agent. Prior to
3.22.6, if ...)
+ TODO: check
+CVE-2025-53535 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2025-53532 (giscus is a commenting system powered by GitHub Discussions. A
bug in ...)
+ TODO: check
+CVE-2025-53531 (WeGIA is a web manager for charitable institutions. The Wegia
server h ...)
+ TODO: check
+CVE-2025-53530 (WeGIA is a web manager for charitable institutions. The Wegia
server h ...)
+ TODO: check
+CVE-2025-53529 (WeGIA is a web manager for charitable institutions. An SQL
Injection v ...)
+ TODO: check
+CVE-2025-53527 (WeGIA is a web manager for charitable institutions. A
Time-Based Blind ...)
+ TODO: check
+CVE-2025-53526 (WeGIA is a web manager for charitable institutions. An XSS
Injection v ...)
+ TODO: check
+CVE-2025-53525 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-53499 (: Missing Authorization vulnerability in Wikimedia Foundation
Mediawik ...)
+ TODO: check
+CVE-2025-53498 (: Insufficient Logging vulnerability in Wikimedia Foundation
Mediawiki ...)
+ TODO: check
+CVE-2025-53497 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53496 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53495 (Missing Authorization vulnerability in Wikimedia Foundation
Mediawiki ...)
+ TODO: check
+CVE-2025-53491 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53488 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-53487 (The ApprovedRevs extension for MediaWiki is vulnerable to
stored XSS i ...)
+ TODO: check
+CVE-2025-53486 (The WikiCategoryTagCloud extension is vulnerable to reflected
XSS via ...)
+ TODO: check
+CVE-2025-53478 (The CheckUser extension\u2019s Special:Investigate interface
is vulner ...)
+ TODO: check
+CVE-2025-53377 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-53376 (Dokploy is a self-hostable Platform as a Service (PaaS) that
simplifie ...)
+ TODO: check
+CVE-2025-53375 (Dokploy is a self-hostable Platform as a Service (PaaS) that
simplifie ...)
+ TODO: check
+CVE-2025-53374 (Dokploy is a self-hostable Platform as a Service (PaaS) that
simplifie ...)
+ TODO: check
+CVE-2025-53373 (Natours is a Tour Booking API. The attacker can easily take
over any v ...)
+ TODO: check
+CVE-2025-52492 (A vulnerability has been discovered in the firmware of Paxton
Paxton10 ...)
+ TODO: check
+CVE-2025-4779 (lunary-ai/lunary versions prior to 1.9.24 are vulnerable to
stored cro ...)
+ TODO: check
+CVE-2025-48367 (Redis is an open source, in-memory database that persists on
disk. An ...)
+ TODO: check
+CVE-2025-47202 (In RRC in Samsung Mobile Processor, Wearable Processor, and
Modem Exyn ...)
+ TODO: check
+CVE-2025-45479 (Insufficient security mechanisms for created containers in
educoder ch ...)
+ TODO: check
+CVE-2025-45065 (employee record management system in php and mysql v1 was
discovered t ...)
+ TODO: check
+CVE-2025-43933 (fblog through 983bede allows account takeover via the password
reset f ...)
+ TODO: check
+CVE-2025-43932 (JobCenter through 7e7b0b2 allows account takeover via the
password res ...)
+ TODO: check
+CVE-2025-43931 (flask-boilerplate through a170e7c allows account takeover via
the pass ...)
+ TODO: check
+CVE-2025-43930 (Hashview 0.8.1 allows account takeover via the password reset
feature ...)
+ TODO: check
+CVE-2025-3920 (A vulnerability was identified in SUR-FBD CMMS where hard-coded
creden ...)
+ TODO: check
+CVE-2025-3777 (Hugging Face Transformers versions up to 4.49.0 are affected by
an imp ...)
+ TODO: check
+CVE-2025-3705 (A physical attacker with no privileges can gain full control of
the af ...)
+ TODO: check
+CVE-2025-3626 (A remote attacker with administrator account can gain full
control of ...)
+ TODO: check
+CVE-2025-3467 (An XSS vulnerability exists in langgenius/dify versions prior
to 1.1.3 ...)
+ TODO: check
+CVE-2025-3466 (langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to
unsanitized ...)
+ TODO: check
+CVE-2025-3264 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
+ TODO: check
+CVE-2025-3263 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
+ TODO: check
+CVE-2025-3262 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
+ TODO: check
+CVE-2025-3225 (An XML Entity Expansion vulnerability, also known as a 'billion
laughs ...)
+ TODO: check
+CVE-2025-3046 (A vulnerability in the `ObsidianReader` class of the
run-llama/llama_i ...)
+ TODO: check
+CVE-2025-3044 (A vulnerability in the ArxivReader class of the
run-llama/llama_index ...)
+ TODO: check
+CVE-2025-36014 (IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is
vulnerable t ...)
+ TODO: check
+CVE-2025-32023 (Redis is an open source, in-memory database that persists on
disk. Fro ...)
+ TODO: check
+CVE-2025-26780 (An issue was discovered in L2 in Samsung Mobile Processor and
Modem Ex ...)
+ TODO: check
+CVE-2025-20325 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and
9.1.10, a ...)
+ TODO: check
+CVE-2025-20324 (In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and
9.1.10 an ...)
+ TODO: check
+CVE-2025-20323 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and
9.1.10, a ...)
+ TODO: check
+CVE-2025-20322 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and
9.1.10, a ...)
+ TODO: check
+CVE-2025-20321 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and
9.1.10, an ...)
+ TODO: check
+CVE-2025-20320 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and
9.1.10, an ...)
+ TODO: check
+CVE-2025-20319 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and
9.1.10, a ...)
+ TODO: check
+CVE-2025-20300 (In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and
9.1.9 and ...)
+ TODO: check
+CVE-2025-1351 (IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a
user t ...)
+ TODO: check
+CVE-2024-43334 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-43190 (IBM Engineering Requirements Management DOORS 9.7.2.9, under
certain c ...)
+ TODO: check
+CVE-2024-37658 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a
remote a ...)
+ TODO: check
+CVE-2024-37657 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a
remote a ...)
+ TODO: check
+CVE-2024-37656 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a
remote a ...)
+ TODO: check
+CVE-2024-25178 (LuaJIT through 2.1 has an out-of-bounds read in the
stack-overflow han ...)
+ TODO: check
+CVE-2024-25177 (LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL
metatable, w ...)
+ TODO: check
+CVE-2024-25176 (LuaJIT through 2.1 has a stack-buffer-overflow in
lj_strfmt_wfnum in l ...)
+ TODO: check
+CVE-2023-51232 (Directory Traversal vulnerability in dagster-webserver Dagster
thru 1. ...)
+ TODO: check
CVE-2025-XXXX [RSS/SEARCH: Prevent opening local files if web page is expected]
- qbittorrent 5.1.0-2 (bug #1108843)
[bookworm] - qbittorrent <no-dsa> (Minor issue)
@@ -804,6 +1054,7 @@ CVE-2025-49005 (Next.js is a React framework for building
full-stack web applica
CVE-2024-11937 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-53367 (DjVuLibre is a GPL implementation of DjVu, a web-centric
format for di ...)
+ {DSA-5960-1}
- djvulibre 3.5.28-2.1 (bug #1108729)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/03/1
NOTE: Fixed by:
https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
@@ -3142,7 +3393,7 @@ CVE-2025-6032 (A flaw was found in Podman. The podman
machine init command fails
NOTE: https://github.com/advisories/GHSA-65gg-3w2w-hr4h
NOTE: Fixed by:
https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3
(main)
NOTE: Fixed by:
https://github.com/containers/podman/commit/1569c209829530b1f42e8c2fce851de8003ab3fe
(v5.5.2)
-CVE-2025-5987
+CVE-2025-5987 (A flaw was found in libssh when using the ChaCha20 cipher with
the Ope ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5987.txt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffa598ae56e59c697babf041891620f74679457
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffa598ae56e59c697babf041891620f74679457
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
