Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4416eeab by security tracker role at 2025-08-21T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2025-9311 (A vulnerability was identified in itsourcecode Apartment
Management Sy ...)
+ TODO: check
+CVE-2025-9310 (A vulnerability was determined in yeqifu carRental up to
3fabb7eae93d2 ...)
+ TODO: check
+CVE-2025-9309 (A vulnerability was found in Tenda AC10 16.03.10.13. Affected
is an un ...)
+ TODO: check
+CVE-2025-9308 (A vulnerability has been found in yarnpkg Yarn up to 1.22.22.
This imp ...)
+ TODO: check
+CVE-2025-9307 (A flaw has been found in PHPGurukul Online Course Registration
3.1. Th ...)
+ TODO: check
+CVE-2025-9306 (A vulnerability was detected in SourceCodester Advanced School
Managem ...)
+ TODO: check
+CVE-2025-9305 (A security vulnerability has been detected in SourceCodester
Online Ba ...)
+ TODO: check
+CVE-2025-9304 (A weakness has been identified in SourceCodester Online Bank
Managemen ...)
+ TODO: check
+CVE-2025-9303 (A security flaw has been discovered in TOTOLINK A720R
4.1.5cu.630_B202 ...)
+ TODO: check
+CVE-2025-9302 (A vulnerability was identified in PHPGurukul User Management
System 1. ...)
+ TODO: check
+CVE-2025-9301 (A vulnerability was determined in cmake 4.1.20250725-gb5cce23.
This af ...)
+ TODO: check
+CVE-2025-9300 (A vulnerability was found in saitoha libsixel up to 1.10.3.
Affected b ...)
+ TODO: check
+CVE-2025-9299 (A vulnerability has been found in Tenda M3 1.0.0.12. Affected
by this ...)
+ TODO: check
+CVE-2025-9298 (A flaw has been found in Tenda M3 1.0.0.12. Affected is the
function f ...)
+ TODO: check
+CVE-2025-9297 (A vulnerability was detected in Tenda i22 1.0.0.3(4687). This
impacts ...)
+ TODO: check
+CVE-2025-9296 (A security vulnerability has been detected in Emlog Pro up to
2.5.18. ...)
+ TODO: check
+CVE-2025-8402 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-8064 (The Bible SuperSearch plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-7969 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7051 (On N-central, it is possible for any authenticated user to
read, write ...)
+ TODO: check
+CVE-2025-6465 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x
<= 10. ...)
+ TODO: check
+CVE-2025-57768 (Phproject is a high performance full-featured project
management syste ...)
+ TODO: check
+CVE-2025-57765 (WeGIA is a Web manager for charitable institutions. Prior to
3.4.7, a ...)
+ TODO: check
+CVE-2025-57764 (WeGIA is a Web manager for charitable institutions. Prior to
3.4.7, a ...)
+ TODO: check
+CVE-2025-57763 (WeGIA is a Web manager for charitable institutions. Prior to
3.4.7, th ...)
+ TODO: check
+CVE-2025-57762 (WeGIA is a Web manager for charitable institutions. Prior to
3.4.7, th ...)
+ TODO: check
+CVE-2025-57761 (WeGIA is a Web manager for charitable institutions. Prior to
3.4.10, t ...)
+ TODO: check
+CVE-2025-57755 (claude-code-router is a powerful tool to route Claude Code
requests to ...)
+ TODO: check
+CVE-2025-57754 (eslint-ban-moment is an Eslint plugin for final assignment in
VIHU. In ...)
+ TODO: check
+CVE-2025-57753 (vite-plugin-static-copy is rollup-plugin-copy for Vite with
dev server ...)
+ TODO: check
+CVE-2025-57751 (pyLoad is the free and open-source Download Manager written in
pure Py ...)
+ TODO: check
+CVE-2025-55744 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
+ TODO: check
+CVE-2025-55743 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
+ TODO: check
+CVE-2025-55742 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
+ TODO: check
+CVE-2025-55564 (Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via
the list p ...)
+ TODO: check
+CVE-2025-55524 (Insecure permissions in Agent-Zero v0.8.* allow attackers to
arbitrari ...)
+ TODO: check
+CVE-2025-55523 (An issue in the component /api/download_work_dir_file.py of
Agent-Zero ...)
+ TODO: check
+CVE-2025-55522 (Cross-site scripting (XSS) vulnerability in the component
/common/repo ...)
+ TODO: check
+CVE-2025-55521 (An issue in the component /settings/localisation of Akaunting
v3.1.18 ...)
+ TODO: check
+CVE-2025-55420 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in /ind ...)
+ TODO: check
+CVE-2025-55383 (Moss before v0.15 has a file upload vulnerability. The
"upload" functi ...)
+ TODO: check
+CVE-2025-55371 (Incorrect access control in the component
/controller/PersonController ...)
+ TODO: check
+CVE-2025-55370 (Incorrect access control in the component
\controller\ResourceControll ...)
+ TODO: check
+CVE-2025-55368 (Incorrect access control in the component
\controller\RoleController.j ...)
+ TODO: check
+CVE-2025-55367 (Incorrect access control in the component
\controller\SupplierControll ...)
+ TODO: check
+CVE-2025-55366 (Incorrect access control in the component
\controller\UserController.j ...)
+ TODO: check
+CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2025-55231 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55230 (Untrusted pointer dereference in Windows MBT Transport driver
allows a ...)
+ TODO: check
+CVE-2025-55229 (Improper verification of cryptographic signature in Windows
Certificat ...)
+ TODO: check
+CVE-2025-55107 (There is a stored Cross-site Scripting vulnerability in Esri
Portal ...)
+ TODO: check
+CVE-2025-55106 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
+CVE-2025-55105 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
+CVE-2025-55104 (A stored cross-site scripting (XSS) vulnerability exists
ArcGIS HUB an ...)
+ TODO: check
+CVE-2025-55103 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
+CVE-2025-54460 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-53795 (Improper authorization in Microsoft PC Manager allows an
unauthorized ...)
+ TODO: check
+CVE-2025-53763 (Improper access control in Azure Databricks allows an
unauthorized att ...)
+ TODO: check
+CVE-2025-53251 (Unrestricted Upload of File with Dangerous Type vulnerability
in An-Th ...)
+ TODO: check
+CVE-2025-52395 (An issue in Roadcute API v.1 allows a remote attacker to
execute arbit ...)
+ TODO: check
+CVE-2025-52352 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796
provides a conf ...)
+ TODO: check
+CVE-2025-52351 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a
newly g ...)
+ TODO: check
+CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version
1.2.2 and ...)
+ TODO: check
+CVE-2025-51989 (HTML injection vulnerability in the registration interface in
Evolutio ...)
+ TODO: check
+CVE-2025-51818 (MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the
Backups.ph ...)
+ TODO: check
+CVE-2025-50860 (SQL Injection in the listdomains function in Easy Hosting
Control Pane ...)
+ TODO: check
+CVE-2025-48956 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2025-47184 (An XML external entities (XXE) injection vulnerability in the
/init AP ...)
+ TODO: check
+CVE-2025-43756 (<!--td {border: 1px solid #cccccc;}br
{mso-data-placement:same-cell;}- ...)
+ TODO: check
+CVE-2025-43755 (A Stored cross-site scripting vulnerability in the Liferay
Portal 7.4. ...)
+ TODO: check
+CVE-2025-43754 (Username enumeration vulnerability in Liferay Portal 7.4.0
through 7.4 ...)
+ TODO: check
+CVE-2025-41415 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-3128 (A remote unauthenticated attacker who has bypassed
authentication coul ...)
+ TODO: check
+CVE-2025-38743 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0,
contains a ...)
+ TODO: check
+CVE-2025-38742 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0,
contains a ...)
+ TODO: check
+CVE-2025-34158 (Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are
affecte ...)
+ TODO: check
+CVE-2025-27721 (Unauthorized users can access INFINITT PACS System
Managerwithout prop ...)
+ TODO: check
+CVE-2025-27714 (An attacker could exploit this vulnerability by uploading
arbitrary f ...)
+ TODO: check
+CVE-2025-24489 (An attacker could exploit this vulnerability by uploading
arbitrary f ...)
+ TODO: check
+CVE-2024-50641 (An authentication bypass vulnerability in
PandoraNext-TokensTool v0.6. ...)
+ TODO: check
+CVE-2024-45438 (An issue was discovered in TitanHQ SpamTitan Email Security
Gateway 8. ...)
+ TODO: check
CVE-2025-XXXX [OSSN-0094]
- nova 2:31.0.0-7 (bug #1111689)
- watcher 14.0.0-3 (bug #1111692)
@@ -663,7 +825,7 @@ CVE-2025-28977 (Improper Neutralization of Input During Web
Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a
stored cr ...)
NOT-FOR-US: Prism Central
-CVE-2025-9162
+CVE-2025-9162 (A flaw was found in
org.keycloak/keycloak-model-storage-service. The K ...)
- keycloak <itp> (bug #1088287)
CVE-2025-55033 (Dragging JavaScript links to the URL bar in Focus for iOS
could be uti ...)
NOT-FOR-US: Firefox Focus for iOS
@@ -684,7 +846,7 @@ CVE-2025-9186 (Spoofing issue in the Address Bar component
of Firefox Focus for
- firefox <not-affected> (Specific to Firefox Focus on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR
128.13, ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox-esr 128.14.0esr-1
- firefox <unfixed>
- thunderbird <unfixed>
@@ -701,7 +863,7 @@ CVE-2025-9182 ('Denial-of-service due to out-of-memory in
the Graphics: WebRende
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This
vulnerab ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -709,7 +871,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript
Engine component. This vul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D
component.' This ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -717,7 +879,7 @@ CVE-2025-9180 ('Same-origin policy bypass in the Graphics:
Canvas2D component.'
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP
process w ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -3791,15 +3953,19 @@ CVE-2025-53857 (Mattermost Confluence Plugin version
<1.5.0 fails to check the a
NOT-FOR-US: Mattermost Confluence Plugin
CVE-2025-53514 (Mattermost Confluence Plugin version <1.5.0 fails to handle
unexpected ...)
NOT-FOR-US: Mattermost Confluence Plugin
-CVE-2025-53191 (Missing Authentication for Critical Function vulnerability in
ABB Aspe ...)
+CVE-2025-53191
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53190 (A vulnerability in ABB Aspect.This issue affects Aspect:
before <3.08. ...)
+CVE-2025-53190
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53189 (Authorization Bypass Through User-Controlled Key vulnerability
in ABB ...)
+CVE-2025-53189
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53188 (Insufficiently Protected Credentials vulnerability in ABB
Aspect.This ...)
+CVE-2025-53188
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53187 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+CVE-2025-53187 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
NOT-FOR-US: ABB group
CVE-2025-52931 (Mattermost Confluence Plugin version <1.5.0 fails to handle
unexpected ...)
NOT-FOR-US: Mattermost Confluence Plugin
@@ -5751,6 +5917,7 @@ CVE-2025-54593 (FreshRSS is a free, self-hostable RSS
aggregator. In versions 1.
CVE-2025-54590 (webfinger.js is a TypeScript-based WebFinger client that runs
in both ...)
NOT-FOR-US: webfinger.js (not the same as src:node-webfinger)
CVE-2025-54574 (Squid is a caching proxy for the Web. In versions 6.3 and
below, Squid ...)
+ {DSA-5982-1}
- squid 6.5-1
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
NOTE:
https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988
(SQUID_6_4)
@@ -188492,6 +188659,7 @@ CVE-2023-46847 (Squid is vulnerable to a Denial of
Service, where a remote atta
NOTE:
https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
NOTE:
https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of
HTTP r ...)
+ {DSA-5982-1}
- squid 6.5-1 (bug #1055249)
[bullseye] - squid <ignored> (Minor impact, too intrusive to backport
to 5.x)
- squid3 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4416eeab513b750372400865a48b913f5fedfc85
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4416eeab513b750372400865a48b913f5fedfc85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
