Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ed436ee by security tracker role at 2025-07-30T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2025-8353 (UI synchronization issue in the Just-in-Time (JIT) access
request appr ...)
+ TODO: check
+CVE-2025-8331 (A vulnerability was found in code-projects Online Farm System
1.0 and ...)
+ TODO: check
+CVE-2025-8330 (A vulnerability has been found in code-projects Vehicle
Management 1.0 ...)
+ TODO: check
+CVE-2025-8329 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-8328 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-8327 (A vulnerability classified as critical was found in
code-projects Exam ...)
+ TODO: check
+CVE-2025-8326 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-8312 (Deadlock in PAM automatic check-in feature in Devolutions
Server allow ...)
+ TODO: check
+CVE-2025-6348 (The Smart Slider 3 plugin for WordPress is vulnerable to
time-based SQ ...)
+ TODO: check
+CVE-2025-54656 (** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization
for Log ...)
+ TODO: check
+CVE-2025-54584 (GitProxy is an application that stands between developers and
a Git re ...)
+ TODO: check
+CVE-2025-54583 (GitProxy is an application that stands between developers and
a Git re ...)
+ TODO: check
+CVE-2025-54582
+ REJECTED
+CVE-2025-54581 (vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3
and bel ...)
+ TODO: check
+CVE-2025-54576 (OAuth2-Proxy is an open-source tool that can act as either a
standalon ...)
+ TODO: check
+CVE-2025-54575 (ImageSharp is a 2D graphics library. In versions below 2.1.11
and 3.0. ...)
+ TODO: check
+CVE-2025-54573 (CVAT is an open source interactive video and image annotation
tool for ...)
+ TODO: check
+CVE-2025-54572 (The Ruby SAML library is for implementing the client side of a
SAML au ...)
+ TODO: check
+CVE-2025-54433 (Bugsink is a self-hosted error tracking service. In versions
1.4.2 and ...)
+ TODO: check
+CVE-2025-54430 (dedupe is a python library that uses machine learning to
perform fuzzy ...)
+ TODO: check
+CVE-2025-54425 (Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2,
15.0.0 t ...)
+ TODO: check
+CVE-2025-54410 (Moby is an open source container framework developed by Docker
Inc. th ...)
+ TODO: check
+CVE-2025-54388 (Moby is an open source container framework developed by Docker
Inc. th ...)
+ TODO: check
+CVE-2025-53944 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
+ TODO: check
+CVE-2025-53357 (GLPI, which stands for Gestionnaire Libre de Parc
Informatique, is a F ...)
+ TODO: check
+CVE-2025-53113 (GLPI, which stands for Gestionnaire Libre de Parc
Informatique, is a F ...)
+ TODO: check
+CVE-2025-53112 (GLPI is a Free Asset and IT Management Software package, that
provides ...)
+ TODO: check
+CVE-2025-53111 (GLPI is a Free Asset and IT Management Software package. In
versions 0 ...)
+ TODO: check
+CVE-2025-53022 (TrustedFirmware-M (aka Trusted Firmware for M profile Arm
CPUs) before ...)
+ TODO: check
+CVE-2025-53008 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2025-52897 (GLPI is a Free Asset and IT Management Software package. In
versions 9 ...)
+ TODO: check
+CVE-2025-52567 (GLPI is a Free Asset and IT Management Software package, Data
center m ...)
+ TODO: check
+CVE-2025-52187 (GetProjectsIdea Create School Management System 1.0 is
vulnerable to C ...)
+ TODO: check
+CVE-2025-51954 (playground.electronhub.ai v1.1.9 was discovered to contain a
cross-sit ...)
+ TODO: check
+CVE-2025-51951 (andisearch v0.5.249 was discovered to contain a cross-site
scripting ( ...)
+ TODO: check
+CVE-2025-50777 (The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home
Security C ...)
+ TODO: check
+CVE-2025-50578 (LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability
in how it ...)
+ TODO: check
+CVE-2025-50464 (A buffer overflow vulnerability exists in the upload.cgi
module of the ...)
+ TODO: check
+CVE-2025-47001 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46811 (A Missing Authentication for Critical Function vulnerability
in SUSE M ...)
+ TODO: check
+CVE-2025-45620 (An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote
attacker to o ...)
+ TODO: check
+CVE-2025-45619 (An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a
remote atta ...)
+ TODO: check
+CVE-2025-43018 (Certain HP LaserJet Pro printers may be vulnerable to
information disc ...)
+ TODO: check
+CVE-2025-36611 (Dell Encryption and Dell Security Management Server, versions
prior to ...)
+ TODO: check
+CVE-2025-36609 (Dell SmartFabric OS10 Software, versions prior to 10.6.0.5,
contains a ...)
+ TODO: check
+CVE-2025-36608 (Dell SmartFabric OS10 Software, versions prior to 10.6.0.5,
contains a ...)
+ TODO: check
+CVE-2025-30480 (Dell PowerProtect Data Manager, versions prior to 19.19,
contain(s) an ...)
+ TODO: check
+CVE-2025-30105 (Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of
Sensitiv ...)
+ TODO: check
+CVE-2025-30103 (Dell SmartFabric OS10 Software, versions prior to 10.6.0.5
contains a ...)
+ TODO: check
+CVE-2025-26332 (TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2,
contain( ...)
+ TODO: check
+CVE-2025-25692 (A PHAR deserialization vulnerability in the _getHeaders
function of Pr ...)
+ TODO: check
+CVE-2025-25691 (A PHAR deserialization vulnerability in the component
/themes/import o ...)
+ TODO: check
+CVE-2025-1394 (Failure to handle the error status returned by the buffer
management A ...)
+ TODO: check
+CVE-2025-1221 (A Zigbee Radio Co-Processor (RCP), which is using SiLabs
EmberZNet Zig ...)
+ TODO: check
+CVE-2024-45955 (Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL
Injection vi ...)
+ TODO: check
+CVE-2024-45515 (An issue was discovered in Zimbra Collaboration (ZCS) through
10.1. A ...)
+ TODO: check
+CVE-2023-2593 (A flaw exists within the Linux kernel's handling of new TCP
connection ...)
+ TODO: check
CVE-2025-8323 (The e-School from Ventem has a Arbitrary File Upload
vulnerability, al ...)
NOT-FOR-US: e-School from Ventem
CVE-2025-8322 (The e-School from Ventem has a Missing Authorization
vulnerability, al ...)
@@ -203,6 +317,7 @@ CVE-2025-0712 (An uncontrolled search path element
vulnerability can lead to loc
CVE-2025-7777
NOT-FOR-US: mirror-registry for Quay
CVE-2025-8292 (Use after free in Media Stream in Google Chrome prior to
138.0.7204.18 ...)
+ {DSA-5968-1}
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-38498 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
@@ -2040,7 +2155,7 @@ CVE-2025-8033 (The JavaScript engine did not handle
closed generators correctly
CVE-2025-8039 (In some cases search terms persisted in the URL bar even after
navigat ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8039
-CVE-2025-8038 (Thunderbird ignored paths when checking the validity of
navigations in ...)
+CVE-2025-8038 (Firefox ignored paths when checking the validity of navigations
in a f ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
CVE-2025-8032 (XSLT document loading did not correctly propagate the source
document ...)
@@ -2073,10 +2188,10 @@ CVE-2025-8030 (Insufficient escaping in the \u201cCopy
as cURL\u201d feature cou
CVE-2025-8037 (Setting a nameless cookie with an equals sign in the value
shadowed ot ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8037
-CVE-2025-8036 (Thunderbird cached CORS preflight responses across IP address
changes. ...)
+CVE-2025-8036 (Firefox cached CORS preflight responses across IP address
changes. Thi ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
-CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object`
and `emb ...)
+CVE-2025-8029 (Firefox executed `javascript:` URLs when used in `object` and
`embed` ...)
{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
@@ -75447,7 +75562,7 @@ CVE-2023-7255
REJECTED
CVE-2024-45106 (Improper authentication of an HTTP endpoint in the S3 Gateway
of Apach ...)
NOT-FOR-US: Apache Ozone
-CVE-2024-48916 [Authentication bypass in CEPH RadosGW]
+CVE-2024-48916 (Ceph is a distributed object, block, and file storage
platform. In ver ...)
{DSA-5825-1}
- ceph 18.2.4+ds-11 (bug #1088993)
[bullseye] - ceph <not-affected> (Vulnerable code introduce later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ed436eebea2b7830e2abe9ba4abfa1462ec4bd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ed436eebea2b7830e2abe9ba4abfa1462ec4bd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
