Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77fbe6c1 by security tracker role at 2025-07-08T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,572 @@
-CVE-2025-48386
+CVE-2025-7363 (The TitleIcon extension for MediaWiki is vulnerable to stored
XSS thro ...)
+ TODO: check
+CVE-2025-7362 (The MsUpload extension for MediaWiki is vulnerable to stored
XSS via t ...)
+ TODO: check
+CVE-2025-7345 (A flaw exists in gdk\u2011pixbuf within the
gdk_pixbuf__jpeg_image_loa ...)
+ TODO: check
+CVE-2025-7326 (Weak authentication in EOLASP.NET Core allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2025-7193 (A vulnerability was found in itsourcecode Agri-Trading Online
Shopping ...)
+ TODO: check
+CVE-2025-7192 (A vulnerability was found in D-Link DIR-645 up to 1.05B01 and
classifi ...)
+ TODO: check
+CVE-2025-7191 (A vulnerability has been found in code-projects Student
Enrollment Sys ...)
+ TODO: check
+CVE-2025-7190 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-7189 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7188 (A vulnerability classified as critical was found in
code-projects Chat ...)
+ TODO: check
+CVE-2025-7187 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-7186 (A vulnerability was found in code-projects Chat System 1.0. It
has bee ...)
+ TODO: check
+CVE-2025-7185 (A vulnerability was found in code-projects Library System 1.0.
It has ...)
+ TODO: check
+CVE-2025-7184 (A vulnerability was found in code-projects Library System 1.0.
It has ...)
+ TODO: check
+CVE-2025-7183 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0 ...)
+ TODO: check
+CVE-2025-7182 (A vulnerability has been found in itsourcecode Student
Transcript Proc ...)
+ TODO: check
+CVE-2025-7181 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-7180 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7179 (A vulnerability classified as critical was found in
code-projects Libr ...)
+ TODO: check
+CVE-2025-7178 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-7177 (A vulnerability was found in PHPGurukul Car Washing Management
System ...)
+ TODO: check
+CVE-2025-7176 (A vulnerability was found in PHPGurukul Hospital Management
System 1.0 ...)
+ TODO: check
+CVE-2025-7175 (A vulnerability was found in code-projects E-Commerce Site 1.0.
It has ...)
+ TODO: check
+CVE-2025-7174 (A vulnerability was found in code-projects Library System 1.0
and clas ...)
+ TODO: check
+CVE-2025-7173 (A vulnerability has been found in code-projects Library System
1.0 and ...)
+ TODO: check
+CVE-2025-7172 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-7171 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7170 (A vulnerability classified as critical was found in
code-projects Crim ...)
+ TODO: check
+CVE-2025-7169 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-7037 (SQL injection in Ivanti Endpoint Manager before version 2024
SU3 and 2 ...)
+ TODO: check
+CVE-2025-6996 (Improper use of encryption in the agent of Ivanti Endpoint
Manager bef ...)
+ TODO: check
+CVE-2025-6995 (Improper use of encryption in the agent of Ivanti Endpoint
Manager bef ...)
+ TODO: check
+CVE-2025-6771 (OS command injection in Ivanti Endpoint Manager Mobile (EPMM)
before v ...)
+ TODO: check
+CVE-2025-6770 (OS command injection in Ivanti Endpoint Manager Mobile (EPMM)
before v ...)
+ TODO: check
+CVE-2025-6744 (The The Woodmart theme for WordPress is vulnerable to arbitrary
shortc ...)
+ TODO: check
+CVE-2025-5464 (Insertion of sensitive information into a log file in Ivanti
Connect S ...)
+ TODO: check
+CVE-2025-5463 (Insertion of sensitive information into a log file in Ivanti
Connect S ...)
+ TODO: check
+CVE-2025-5451 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
+ TODO: check
+CVE-2025-5450 (Improper access control in the certificate management component
of Iva ...)
+ TODO: check
+CVE-2025-53545 (Press, a Frappe custom app that runs Frappe Cloud, manages
infrastruct ...)
+ TODO: check
+CVE-2025-53513 (The /charms endpoint on a Juju controller lacked sufficient
authorizat ...)
+ TODO: check
+CVE-2025-53512 (The /log endpoint on a Juju controller lacked sufficient
authorization ...)
+ TODO: check
+CVE-2025-53480 (The CheckUser extension\u2019s Special:Investigate page has a
vulnerab ...)
+ TODO: check
+CVE-2025-53479 (The CheckUser extension\u2019s Special:CheckUser interface is
vulnerab ...)
+ TODO: check
+CVE-2025-53372 (node-code-sandbox-mcp is a Node.js\u2013based Model Context
Protocol s ...)
+ TODO: check
+CVE-2025-53355 (MCP Server Kubernetes is an MCP Server that can connect to a
Kubernete ...)
+ TODO: check
+CVE-2025-50130 (A heap-based buffer overflow vulnerability exists in
VS6Sim.exe contai ...)
+ TODO: check
+CVE-2025-4663 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2025-49760 (External control of file name or path in Windows Storage
allows an aut ...)
+ TODO: check
+CVE-2025-49756 (Use of a broken or risky cryptographic algorithm in Office
Developer P ...)
+ TODO: check
+CVE-2025-49753 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49744 (Heap-based buffer overflow in Microsoft Graphics Component
allows an a ...)
+ TODO: check
+CVE-2025-49742 (Integer overflow or wraparound in Microsoft Graphics Component
allows ...)
+ TODO: check
+CVE-2025-49740 (Protection mechanism failure in Windows SmartScreen allows an
unauthor ...)
+ TODO: check
+CVE-2025-49739 (Improper link resolution before file access ('link following')
in Visu ...)
+ TODO: check
+CVE-2025-49738 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2025-49737 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-49735 (Use after free in Windows KDC Proxy Service (KPSSVC) allows an
unautho ...)
+ TODO: check
+CVE-2025-49733 (Use after free in Windows Win32K - ICOMP allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-49732 (Heap-based buffer overflow in Microsoft Graphics Component
allows an a ...)
+ TODO: check
+CVE-2025-49731 (Improper handling of insufficient permissions or privileges in
Microso ...)
+ TODO: check
+CVE-2025-49730 (Time-of-check time-of-use (toctou) race condition in Microsoft
Windows ...)
+ TODO: check
+CVE-2025-49729 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49727 (Heap-based buffer overflow in Windows Win32K - GRFX allows an
authoriz ...)
+ TODO: check
+CVE-2025-49726 (Use after free in Windows Notification allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-49725 (Use after free in Windows Notification allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-49724 (Use after free in Windows Connected Devices Platform Service
allows an ...)
+ TODO: check
+CVE-2025-49723 (Missing authorization in Windows StateRepository API allows an
authori ...)
+ TODO: check
+CVE-2025-49722 (Uncontrolled resource consumption in Windows Print Spooler
Components ...)
+ TODO: check
+CVE-2025-49721 (Heap-based buffer overflow in Windows Fast FAT Driver allows
an unauth ...)
+ TODO: check
+CVE-2025-49719 (Improper input validation in SQL Server allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-49718 (Use of uninitialized resource in SQL Server allows an
unauthorized att ...)
+ TODO: check
+CVE-2025-49717 (Heap-based buffer overflow in SQL Server allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-49716 (Uncontrolled resource consumption in Windows Netlogon allows
an unauth ...)
+ TODO: check
+CVE-2025-49714 (Trust boundary violation in Visual Studio Code - Python
extension allo ...)
+ TODO: check
+CVE-2025-49711 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-49706 (Improper authentication in Microsoft Office SharePoint allows
an autho ...)
+ TODO: check
+CVE-2025-49705 (Heap-based buffer overflow in Microsoft Office PowerPoint
allows an un ...)
+ TODO: check
+CVE-2025-49704 (Improper control of generation of code ('code injection') in
Microsoft ...)
+ TODO: check
+CVE-2025-49703 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-49702 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2025-49701 (Improper authorization in Microsoft Office SharePoint allows
an author ...)
+ TODO: check
+CVE-2025-49700 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-49699 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-49698 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-49697 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2025-49696 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2025-49695 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-49694 (Null pointer dereference in Microsoft Brokering File System
allows an ...)
+ TODO: check
+CVE-2025-49693 (Double free in Microsoft Brokering File System allows an
authorized at ...)
+ TODO: check
+CVE-2025-49691 (Heap-based buffer overflow in Windows Media allows an
unauthorized att ...)
+ TODO: check
+CVE-2025-49690 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-49689 (Integer overflow or wraparound in Virtual Hard Disk (VHDX)
allows an u ...)
+ TODO: check
+CVE-2025-49688 (Double free in Windows Routing and Remote Access Service
(RRAS) allows ...)
+ TODO: check
+CVE-2025-49687 (Out-of-bounds read in Microsoft Input Method Editor (IME)
allows an au ...)
+ TODO: check
+CVE-2025-49686 (Null pointer dereference in Windows TCP/IP allows an
authorized attack ...)
+ TODO: check
+CVE-2025-49685 (Use after free in Microsoft Windows Search Component allows an
authori ...)
+ TODO: check
+CVE-2025-49684 (Buffer over-read in Storage Port Driver allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-49683 (Integer overflow or wraparound in Virtual Hard Disk (VHDX)
allows an u ...)
+ TODO: check
+CVE-2025-49682 (Use after free in Windows Media allows an authorized attacker
to eleva ...)
+ TODO: check
+CVE-2025-49681 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-49680 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2025-49679 (Numeric truncation error in Windows Shell allows an authorized
attacke ...)
+ TODO: check
+CVE-2025-49678 (Null pointer dereference in Windows NTFS allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-49677 (Use after free in Microsoft Brokering File System allows an
authorized ...)
+ TODO: check
+CVE-2025-49676 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49675 (Use after free in Kernel Streaming WOW Thunk Service Driver
allows an ...)
+ TODO: check
+CVE-2025-49674 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49673 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49672 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49671 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-49670 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49669 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49668 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49667 (Double free in Windows Win32K - ICOMP allows an authorized
attacker to ...)
+ TODO: check
+CVE-2025-49666 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
+ TODO: check
+CVE-2025-49665 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-49664 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-49663 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-49661 (Untrusted pointer dereference in Windows Ancillary Function
Driver for ...)
+ TODO: check
+CVE-2025-49660 (Use after free in Windows Event Tracing allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-49659 (Buffer over-read in Windows TDX.sys allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2025-49658 (Out-of-bounds read in Windows TDX.sys allows an authorized
attacker to ...)
+ TODO: check
+CVE-2025-49657 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-48824 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-48823 (Cryptographic issues in Windows Cryptographic Services allows
an unaut ...)
+ TODO: check
+CVE-2025-48822 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2025-48821 (Use after free in Windows Universal Plug and Play (UPnP)
Device Host a ...)
+ TODO: check
+CVE-2025-48820 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2025-48819 (Sensitive data storage in improperly locked memory in Windows
Universa ...)
+ TODO: check
+CVE-2025-48818 (Time-of-check time-of-use (toctou) race condition in Windows
BitLocker ...)
+ TODO: check
+CVE-2025-48817 (Relative path traversal in Remote Desktop Client allows an
unauthorize ...)
+ TODO: check
+CVE-2025-48816 (Integer overflow or wraparound in HID class driver allows an
authorize ...)
+ TODO: check
+CVE-2025-48815 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-48814 (Missing authentication for critical function in Windows Remote
Desktop ...)
+ TODO: check
+CVE-2025-48812 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-48811 (Missing support for integrity check in Windows
Virtualization-Based Se ...)
+ TODO: check
+CVE-2025-48810 (Processor optimization removal or modification of
security-critical co ...)
+ TODO: check
+CVE-2025-48809 (Processor optimization removal or modification of
security-critical co ...)
+ TODO: check
+CVE-2025-48808 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-48806 (Use after free in Microsoft MPEG-2 Video Extension allows an
authorize ...)
+ TODO: check
+CVE-2025-48805 (Heap-based buffer overflow in Microsoft MPEG-2 Video Extension
allows ...)
+ TODO: check
+CVE-2025-48804 (Acceptance of extraneous untrusted data with trusted data in
Windows B ...)
+ TODO: check
+CVE-2025-48803 (Missing support for integrity check in Windows
Virtualization-Based Se ...)
+ TODO: check
+CVE-2025-48802 (Improper certificate validation in Windows SMB allows an
authorized at ...)
+ TODO: check
+CVE-2025-48800 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-48799 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2025-48003 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-48002 (Integer overflow or wraparound in Windows Hyper-V allows an
authorized ...)
+ TODO: check
+CVE-2025-48001 (Time-of-check time-of-use (toctou) race condition in Windows
BitLocker ...)
+ TODO: check
+CVE-2025-48000 (Use after free in Windows Connected Devices Platform Service
allows an ...)
+ TODO: check
+CVE-2025-47999 (Missing synchronization in Windows Hyper-V allows an
authorized attack ...)
+ TODO: check
+CVE-2025-47998 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-47996 (Integer underflow (wrap or wraparound) in Windows MBT
Transport driver ...)
+ TODO: check
+CVE-2025-47994 (Deserialization of untrusted data in Microsoft Office allows
an unauth ...)
+ TODO: check
+CVE-2025-47993 (Improper access control in Microsoft PC Manager allows an
authorized a ...)
+ TODO: check
+CVE-2025-47991 (Use after free in Microsoft Input Method Editor (IME) allows
an author ...)
+ TODO: check
+CVE-2025-47988 (Improper control of generation of code ('code injection') in
Azure Mon ...)
+ TODO: check
+CVE-2025-47987 (Heap-based buffer overflow in Windows Cred SSProvider Protocol
allows ...)
+ TODO: check
+CVE-2025-47986 (Use after free in Universal Print Management Service allows an
authori ...)
+ TODO: check
+CVE-2025-47985 (Untrusted pointer dereference in Windows Event Tracing allows
an autho ...)
+ TODO: check
+CVE-2025-47984 (Protection mechanism failure in Windows GDI allows an
unauthorized att ...)
+ TODO: check
+CVE-2025-47982 (Improper input validation in Windows Storage VSP Driver allows
an auth ...)
+ TODO: check
+CVE-2025-47981 (Heap-based buffer overflow in Windows SPNEGO Extended
Negotiation allo ...)
+ TODO: check
+CVE-2025-47980 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-47978 (Out-of-bounds read in Windows Kerberos allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-47976 (Use after free in Windows SSDP Service allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-47975 (Double free in Windows SSDP Service allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2025-47973 (Buffer over-read in Virtual Hard Disk (VHDX) allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-47972 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-47971 (Buffer over-read in Virtual Hard Disk (VHDX) allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-47422 (Advanced Installer before 22.6 has an uncontrolled search path
element ...)
+ TODO: check
+CVE-2025-47178 (Improper neutralization of special elements used in an sql
command ('s ...)
+ TODO: check
+CVE-2025-47159 (Protection mechanism failure in Windows Virtualization-Based
Security ...)
+ TODO: check
+CVE-2025-47135 (Dimension versions 4.1.2 and earlier are affected by an
out-of-bounds ...)
+ TODO: check
+CVE-2025-47109 (After Effects versions 25.2, 24.6.6 and earlier are affected
by a NULL ...)
+ TODO: check
+CVE-2025-43587 (After Effects versions 25.2, 24.6.6 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2025-43580 (Audition versions 25.2, 24.6.3 and earlier are affected by an
Access o ...)
+ TODO: check
+CVE-2025-43019 (A potential security vulnerability has been identified in the
HP Suppo ...)
+ TODO: check
+CVE-2025-41224 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X
(All ver ...)
+ TODO: check
+CVE-2025-41223 (A vulnerability has been identified in RUGGEDCOM i800 (All
versions), ...)
+ TODO: check
+CVE-2025-41222 (A vulnerability has been identified in RUGGEDCOM i800 (All
versions), ...)
+ TODO: check
+CVE-2025-40742 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
+ TODO: check
+CVE-2025-40741 (A vulnerability has been identified in Solid Edge SE2025 (All
versions ...)
+ TODO: check
+CVE-2025-40740 (A vulnerability has been identified in Solid Edge SE2025 (All
versions ...)
+ TODO: check
+CVE-2025-40739 (A vulnerability has been identified in Solid Edge SE2025 (All
versions ...)
+ TODO: check
+CVE-2025-40738 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0) ...)
+ TODO: check
+CVE-2025-40737 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0) ...)
+ TODO: check
+CVE-2025-40736 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0) ...)
+ TODO: check
+CVE-2025-40735 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0) ...)
+ TODO: check
+CVE-2025-40721 (Reflected Cross-site Scripting (XSS) vulnerability in versions
prior t ...)
+ TODO: check
+CVE-2025-40720 (Reflected Cross-site Scripting (XSS) vulnerability in versions
prior t ...)
+ TODO: check
+CVE-2025-40719 (Reflected Cross-site Scripting (XSS) vulnerability in versions
prior t ...)
+ TODO: check
+CVE-2025-40718 (Improper error handling vulnerability in versions prior to
4.7.0 of Qu ...)
+ TODO: check
+CVE-2025-40717 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40716 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40715 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40714 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40713 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40712 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40711 (SQL injection vulnerability in versions prior to 4.7.0 of
Quiter Gatew ...)
+ TODO: check
+CVE-2025-40593 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
+ TODO: check
+CVE-2025-3648 (A vulnerability has been identified in the Now Platform that
could res ...)
+ TODO: check
+CVE-2025-3630 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0
through 6 ...)
+ TODO: check
+CVE-2025-37103 (Hard-coded login credentials were found in HPE Networking
Instant On ...)
+ TODO: check
+CVE-2025-37102 (An authenticated command injection vulnerability exists in the
Command ...)
+ TODO: check
+CVE-2025-36600 (Dell Client Platform BIOS contains an Improper Access Control
Applied ...)
+ TODO: check
+CVE-2025-33054 (Insufficient UI warning of dangerous operations in Remote
Desktop Clie ...)
+ TODO: check
+CVE-2025-30312 (Dimension versions 4.1.2 and earlier are affected by an
out-of-bounds ...)
+ TODO: check
+CVE-2025-2827 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and
6.2.0.0 throu ...)
+ TODO: check
+CVE-2025-2793 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0
through 6 ...)
+ TODO: check
+CVE-2025-29267 (SQL Injection vulnerability in Abis, Inc Adjutant Core
Accounting ERP ...)
+ TODO: check
+CVE-2025-27369 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to
informa ...)
+ TODO: check
+CVE-2025-27367 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to
improper ...)
+ TODO: check
+CVE-2025-27127 (A vulnerability has been identified in TIA Project-Server (All
version ...)
+ TODO: check
+CVE-2025-27061 (Memory corruption whhile handling the subsystem failure memory
during ...)
+ TODO: check
+CVE-2025-27058 (Memory corruption while processing packet data with
exceedingly large ...)
+ TODO: check
+CVE-2025-27057 (Transient DOS while handling beacon frames with invalid IE
header leng ...)
+ TODO: check
+CVE-2025-27056 (Memory corruption during sub-system restart while processing
clean-up ...)
+ TODO: check
+CVE-2025-27055 (Memory corruption during the image encoding process.)
+ TODO: check
+CVE-2025-27052 (Memory corruption while processing data packets in diag
received from ...)
+ TODO: check
+CVE-2025-27051 (Memory corruption while processing command message in WLAN
Host.)
+ TODO: check
+CVE-2025-27050 (Memory corruption while processing event close when client
process ter ...)
+ TODO: check
+CVE-2025-27047 (Memory corruption while processing the TESTPATTERNCONFIG
escape path.)
+ TODO: check
+CVE-2025-27046 (Memory corruption while processing multiple simultaneous
escape calls.)
+ TODO: check
+CVE-2025-27044 (Memory corruption while executing timestamp video decode
command with ...)
+ TODO: check
+CVE-2025-27043 (Memory corruption while processing manipulated payload in
video firmwa ...)
+ TODO: check
+CVE-2025-27042 (Memory corruption while processing video packets received from
video f ...)
+ TODO: check
+CVE-2025-26636 (Processor optimization removal or modification of
security-critical co ...)
+ TODO: check
+CVE-2025-24474 (An Improper Neutralization of Special Elements used in an SQL
Command ...)
+ TODO: check
+CVE-2025-23365 (A vulnerability has been identified in TIA Administrator (All
versions ...)
+ TODO: check
+CVE-2025-23364 (A vulnerability has been identified in TIA Administrator (All
versions ...)
+ TODO: check
+CVE-2025-21466 (Memory corruption while processing a private escape command in
an even ...)
+ TODO: check
+CVE-2025-21454 (Transient DOS while processing received beacon frame.)
+ TODO: check
+CVE-2025-21450 (Cryptographic issue occurs due to use of insecure connection
method wh ...)
+ TODO: check
+CVE-2025-21449 (Transient DOS may occur while processing malformed length
field in SSI ...)
+ TODO: check
+CVE-2025-21446 (Transient DOS may occur when processing vendor-specific
information el ...)
+ TODO: check
+CVE-2025-21445 (Memory corruption while copying the result to the transmission
queue w ...)
+ TODO: check
+CVE-2025-21444 (Memory corruption while copying the result to the transmission
queue i ...)
+ TODO: check
+CVE-2025-21433 (Transient DOS when importing a PKCS#8-encoded RSA private key
with a z ...)
+ TODO: check
+CVE-2025-21432 (Memory corruption while retrieving the CBOR data from TA.)
+ TODO: check
+CVE-2025-21427 (Information disclosure while decoding this RTP packet Payload
when UE ...)
+ TODO: check
+CVE-2025-21426 (Memory corruption while processing camera TPG write request.)
+ TODO: check
+CVE-2025-21422 (Cryptographic issue while processing crypto API calls, missing
checks ...)
+ TODO: check
+CVE-2025-21195 (Improper link resolution before file access ('link following')
in Serv ...)
+ TODO: check
+CVE-2025-21168 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-21167 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-21166 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-21165 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-21164 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-21009 (Out-of-bounds read in decoding malformed frame header in
libsavsvc.so ...)
+ TODO: check
+CVE-2025-21008 (Out-of-bounds read in decoding frame header in libsavsvc.so
prior to A ...)
+ TODO: check
+CVE-2025-21007 (Out-of-bounds write in accessing uninitialized memory in
libsavsvc.so ...)
+ TODO: check
+CVE-2025-21006 (Out-of-bounds write in handling of macro blocks for MPEG4
codec in lib ...)
+ TODO: check
+CVE-2025-21005 (Improper access control in isemtelephony prior to Android 15
allows lo ...)
+ TODO: check
+CVE-2025-21004 (Improper verification of intent by broadcast receiver in
System UI for ...)
+ TODO: check
+CVE-2025-21003 (Insecure storage of sensitive information in Emergency SOS
prior to SM ...)
+ TODO: check
+CVE-2025-21002 (Improper access control in LeAudioService prior to SMR
Jul-2025 Releas ...)
+ TODO: check
+CVE-2025-21001 (Improper access control in LeAudioService prior to SMR
Jul-2025 Releas ...)
+ TODO: check
+CVE-2025-21000 (Improper privilege management in Bluetooth prior to SMR
Jul-2025 Relea ...)
+ TODO: check
+CVE-2025-20999 (Improper authorization in accessing saved Wi-Fi password for
Galaxy Ta ...)
+ TODO: check
+CVE-2025-20998 (Improper access control in SamsungAccount for Galaxy Watch
prior to SM ...)
+ TODO: check
+CVE-2025-20997 (Incorrect default permission in Framework for Galaxy Watch
prior to SM ...)
+ TODO: check
+CVE-2025-20983 (Out-of-bounds write in checking auth secret in KnoxVault
trustlet prio ...)
+ TODO: check
+CVE-2025-20982 (Out-of-bounds write in setting auth secret in KnoxVault
trustlet prior ...)
+ TODO: check
+CVE-2025-0928 (In Juju versions prior to 3.6.8 and 2.9.52, any authenticated
controll ...)
+ TODO: check
+CVE-2025-0293 (CLRF injection in Ivanti Connect Secure before version 22.7R2.8
and Iv ...)
+ TODO: check
+CVE-2025-0292 (SSRF in Ivanti Connect Secure before version 22.7R2.8 and
Ivanti Polic ...)
+ TODO: check
+CVE-2024-55599 (An Improperly Implemented Security Check for Standard
vulnerability [C ...)
+ TODO: check
+CVE-2024-53009 (Memory corruption while operating the mailbox in Automotive.)
+ TODO: check
+CVE-2024-52965 (A missing critical step in authentication vulnerability
[CWE-304] in F ...)
+ TODO: check
+CVE-2024-49784 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker
than expe ...)
+ TODO: check
+CVE-2024-49783 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker
than ex ...)
+ TODO: check
+CVE-2024-36349 (A transient execution vulnerability in some AMD processors may
allow a ...)
+ TODO: check
+CVE-2024-36348 (A transient execution vulnerability in some AMD processors may
allow a ...)
+ TODO: check
+CVE-2024-31854 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
+ TODO: check
+CVE-2024-31853 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
+ TODO: check
+CVE-2023-52236 (A vulnerability has been identified in RUGGEDCOM i800 (All
versions), ...)
+ TODO: check
+CVE-2023-43039 (IBM OpenPages with Watson 9.0 is vulnerable to cross-site
scripting. T ...)
+ TODO: check
+CVE-2025-48386 (Git is a fast, scalable, distributed revision control system
with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr
NOTE: https://lore.kernel.org/git/[email protected]/
NOTE: Fixed by:
https://github.com/git/git/commit/9de345cb273cc7faaeda279c7e07149d8a15a319
(v2.43.7)
-CVE-2025-48385
+CVE-2025-48385 (Git is a fast, scalable, distributed revision control system
with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655
NOTE: https://lore.kernel.org/git/[email protected]/
NOTE: Fixed by:
https://github.com/git/git/commit/35cb1bb0b92c132249d932c05bbd860d410e12d4
(v2.43.7)
-CVE-2025-48384
+CVE-2025-48384 (Git is a fast, scalable, distributed revision control system
with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
NOTE: https://lore.kernel.org/git/[email protected]/
@@ -29,7 +587,7 @@ CVE-2025-27613
- git <unfixed>
NOTE: https://lore.kernel.org/git/[email protected]/
NOTE: Merge commit:
https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950
(v2.43.7)
-CVE-2024-36357 [TSA-L1 (TSA in the L1 data cache)]
+CVE-2024-36357 (A transient execution vulnerability in some AMD processors may
allow a ...)
- amd64-microcode <unfixed>
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -39,7 +597,7 @@ CVE-2024-36357 [TSA-L1 (TSA in the L1 data cache)]
NOTE: https://aka.ms/enter-exit-leak
NOTE:
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
TODO: check amd64-microcode update covering the updates
-CVE-2024-36350 [TSA-SQ (TSA in the Store Queues)]
+CVE-2024-36350 (A transient execution vulnerability in some AMD processors may
allow a ...)
- amd64-microcode <unfixed>
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -390,7 +948,7 @@ CVE-2025-53526 (WeGIA is a web manager for charitable
institutions. An XSS Injec
NOT-FOR-US: WeGIA
CVE-2025-53525 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
NOT-FOR-US: WeGIA
-CVE-2025-53499 (: Missing Authorization vulnerability in Wikimedia Foundation
Mediawik ...)
+CVE-2025-53499 (Missing Authorization vulnerability in Wikimedia Foundation
Mediawiki ...)
NOT-FOR-US: MediaWiki extension AbuseFilter
CVE-2025-53498 (: Insufficient Logging vulnerability in Wikimedia Foundation
Mediawiki ...)
NOT-FOR-US: MediaWiki extension AbuseFilter
@@ -15774,7 +16332,7 @@ CVE-2025-47279 (Undici is an HTTP/1.1 client for
Node.js. Prior to versions 5.29
NOTE: https://github.com/nodejs/undici/issues/3895
NOTE: https://github.com/nodejs/undici/pull/4088
NOTE: Fixed by:
https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25
(v7.5.0)
-CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege
Vulnerability)
+CVE-2025-47161 (Improper access control in Microsoft Defender for Endpoint
allows an a ...)
NOT-FOR-US: Lichess Lila
CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is
compatib ...)
NOT-FOR-US: Microsoft
@@ -18199,6 +18757,7 @@ CVE-2024-8973 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2025-0549 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2025-43904
+ {DSA-5961-1}
- slurm-wlm 24.11.5-1 (bug #1104929)
[bullseye] - slurm-wlm <end-of-life> (see #1071127)
NOTE:
https://lists.schedmd.com/mailman3/hyperkitty/list/[email protected]/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/
@@ -85819,7 +86378,7 @@ CVE-2024-43616 (Microsoft Office Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-43615 (Microsoft OpenSSH for Windows Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-43614 (Microsoft Defender for Endpoint for Linux Spoofing
Vulnerability)
+CVE-2024-43614 (Relative path traversal in Microsoft Defender for Endpoint
allows an a ...)
NOT-FOR-US: Microsoft
CVE-2024-43612 (Power BI Report Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -727165,13 +727724,13 @@ CVE-2012-5866 (Cross-site scripting (XSS)
vulnerability in include.php in Achiev
NOT-FOR-US: Achievo
CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5
allows re ...)
NOT-FOR-US: Achievo
-CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light
Photovoltaic Syst ...)
+CVE-2012-5864 (These Sinapsi devices do not check if users that visit pages
within t ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
-CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System
Monitor (aka ...)
+CVE-2012-5863 (These Sinapsi devices do not check for special elements in
commands se ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
-CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System
Monitor (aka ...)
+CVE-2012-5862 (These Sinapsi devices store hard-coded passwords in the PHP
file of th ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
-CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar
Light Pho ...)
+CVE-2012-5861 (These Sinapsi devices do not check the validity of the data
before ex ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a,
and 64 s ...)
NOT-FOR-US: ID-One COSMO
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77fbe6c1fdf81e5bcf3716645cb34e8d28bea3d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77fbe6c1fdf81e5bcf3716645cb34e8d28bea3d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
