[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 27 Aug 2025 01:13:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1ec0c5bc by security tracker role at 2025-08-27T08:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-9514 (A vulnerability has been found in macrozheng mall up to 1.0.3. 
This im ...)
+       TODO: check
+CVE-2025-9513 (A flaw has been found in editso fuso up to 1.0.4-beta.7. This 
affects  ...)
+       TODO: check
+CVE-2025-9511 (A vulnerability was identified in itsourcecode Apartment 
Management Sy ...)
+       TODO: check
+CVE-2025-9510 (A security vulnerability has been detected in itsourcecode 
Apartment M ...)
+       TODO: check
+CVE-2025-9509 (A security flaw has been discovered in itsourcecode Apartment 
Manageme ...)
+       TODO: check
+CVE-2025-9508 (A vulnerability was detected in itsourcecode Apartment 
Management Syst ...)
+       TODO: check
+CVE-2025-9507 (A weakness has been identified in itsourcecode Apartment 
Management Sy ...)
+       TODO: check
+CVE-2025-9506 (A vulnerability has been found in Campcodes Online Loan 
Management Sys ...)
+       TODO: check
+CVE-2025-9505 (A flaw has been found in Campcodes Online Loan Management 
System 1.0.  ...)
+       TODO: check
+CVE-2025-9504 (A vulnerability was detected in Campcodes Online Loan 
Management Syste ...)
+       TODO: check
+CVE-2025-9503 (A security vulnerability has been detected in Campcodes Online 
Loan Ma ...)
+       TODO: check
+CVE-2025-9502 (A weakness has been identified in Campcodes Online Loan 
Management Sys ...)
+       TODO: check
+CVE-2025-9492 (A vulnerability was determined in Campcodes Online Water 
Billing Syste ...)
+       TODO: check
+CVE-2025-9277 (The SiteSEO \u2013 SEO Simplified plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-8490 (The All-in-One WP Migration and Backup plugin for WordPress is 
vulnera ...)
+       TODO: check
+CVE-2025-7732 (The Lazy Load for Videos plugin for WordPress is vulnerable to 
Stored  ...)
+       TODO: check
+CVE-2025-57846 (Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an 
issue wi ...)
+       TODO: check
+CVE-2025-57820 (Svelte devalue is a utility library. Prior to version 5.3.2, a 
string  ...)
+       TODO: check
+CVE-2025-57797 (Incorrect privilege assignment vulnerability exists in 
ScanSnap Manage ...)
+       TODO: check
+CVE-2025-49040 (Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt 
allows  ...)
+       TODO: check
+CVE-2025-49039 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-49035 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-48081 (Path Traversal: '.../...//' vulnerability in Printeers 
Printeers Print ...)
+       TODO: check
+CVE-2025-35115 (Agiloft Release 28 downloads critical system packages over an 
insecure ...)
+       TODO: check
+CVE-2025-35114 (Agiloft Release 28 contains several accounts with default 
credentials  ...)
+       TODO: check
+CVE-2025-35113 (Agiloft Release 28 does not properly neutralize special 
elements used  ...)
+       TODO: check
+CVE-2025-35112 (Agiloft Release 28 contains an XML External Entities 
vulnerability in  ...)
+       TODO: check
+CVE-2025-26417 (In checkWhetherCallingAppHasAccess of DownloadProvider.java, 
there is  ...)
+       TODO: check
+CVE-2025-22413 (In multiple functions of hyp-main.c, there is a possible 
privilege esc ...)
+       TODO: check
+CVE-2025-22412 (In multiple functions of sdp_server.cc, there is a possible 
use after  ...)
+       TODO: check
+CVE-2025-22411 (In process_service_attr_rsp of sdp_discovery.cc, there is a 
possible u ...)
+       TODO: check
+CVE-2025-22410 (In multiple locations, there is a possible way to execute 
arbitrary co ...)
+       TODO: check
+CVE-2025-22409 (In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible 
way to ex ...)
+       TODO: check
+CVE-2025-22408 (In rfc_check_send_cmd of rfc_utils.cc, there is a possible way 
to exec ...)
+       TODO: check
+CVE-2025-22407 (In hidd_check_config_done of hidd_conn.cc, there is a possible 
way to  ...)
+       TODO: check
+CVE-2025-22406 (In bnepu_check_send_packet of bnep_utils.cc, there is a 
possible way t ...)
+       TODO: check
+CVE-2025-22405 (In multiple locations, there is a possible way to execute 
arbitrary co ...)
+       TODO: check
+CVE-2025-22404 (In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible 
way to exe ...)
+       TODO: check
+CVE-2025-22403 (In sdp_snd_service_search_req of sdp_discovery.cc, there is a 
possible ...)
+       TODO: check
+CVE-2025-0093 (In handleBondStateChanged of AdapterService.java, there is a 
possible  ...)
+       TODO: check
+CVE-2025-0092 (In handleBondStateChanged of AdapterService.java, there is a 
possible  ...)
+       TODO: check
+CVE-2025-0086 (In onResult of AccountManagerService.java, there is a possible 
way to  ...)
+       TODO: check
+CVE-2025-0084 (In multiple locations, there is a possible out of bounds write 
due to  ...)
+       TODO: check
+CVE-2025-0083 (In multiple locations, there is a possible way to access 
content acros ...)
+       TODO: check
+CVE-2025-0082 (In multiple functions of StatusHint.java and 
TelecomServiceImpl.java,  ...)
+       TODO: check
+CVE-2025-0081 (In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, 
there is ...)
+       TODO: check
+CVE-2025-0080 (In multiple locations, there is a possible way to overlay the 
installa ...)
+       TODO: check
+CVE-2025-0079 (In multiple locations, there is a possible way that avdtp and 
avctp ch ...)
+       TODO: check
+CVE-2025-0078 (In main of main.cpp, there is a possible way to bypass SELinux 
due to  ...)
+       TODO: check
+CVE-2025-0075 (In process_service_search_attr_req of sdp_server.cc, there is a 
possib ...)
+       TODO: check
+CVE-2025-0074 (In process_service_attr_rsp of sdp_discovery.cc, there is a 
possible w ...)
+       TODO: check
+CVE-2024-49740 (In multiple locations, there is a possible crash loop due to 
resource  ...)
+       TODO: check
+CVE-2024-47192 (An issue was discovered in Mahara 23.04.8 and 24.04.4. The use 
of a ma ...)
+       TODO: check
+CVE-2024-35203 (Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site 
scriptin ...)
+       TODO: check
+CVE-2021-4459 (An authorized remote attacker can access files and directories 
outside ...)
+       TODO: check
 CVE-2025-9491 (Microsoft Windows LNK File UI Misrepresentation Remote Code 
Execution  ...)
        NOT-FOR-US: Microsoft
 CVE-2025-9483 (A flaw has been found in Linksys RE6250, RE6300, RE6350, 
RE6500, RE700 ...)
@@ -2487,14 +2597,14 @@ CVE-2025-38555 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2025-38554 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/9bbffee67ffd16360179327b57f3b1245579ef08 (6.17-rc1)
-CVE-2025-55298 [imagemagick GHSA-9ccg-6pjw-x645]
+CVE-2025-55298 (ImageMagick is free and open-source software used for editing 
and mani ...)
        - imagemagick <unfixed> (bug #1111586)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/d789bdf7aabb955b88fbc95653aa9dbf6c5d259f
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/731ce3a7aa7fabebaa322711c04ce5f5cf22edf4
-CVE-2025-55212 [imagemagick GHSA-fh55-q5pj-pxgw]
+CVE-2025-55212 (ImageMagick is free and open-source software used for editing 
and mani ...)
        - imagemagick <unfixed> (bug #1111587)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af
@@ -3089,7 +3199,7 @@ CVE-2025-9047 (A vulnerability has been found in 
projectworlds Visitor Managemen
        NOT-FOR-US: Project Worlds
 CVE-2025-9046 (A vulnerability was identified in Tenda AC20 16.03.08.12. This 
issue a ...)
        NOT-FOR-US: Tenda
-CVE-2025-9028 (A vulnerability was found in code-projects Online Medicine 
Guide 1.0.  ...)
+CVE-2025-9028 (A flaw has been found in code-projects Online Medicine Guide 
1.0. This ...)
        NOT-FOR-US: code-projects
 CVE-2025-9027 (A vulnerability has been found in code-projects Online Medicine 
Guide  ...)
        NOT-FOR-US: code-projects
@@ -139448,7 +139558,7 @@ CVE-2023-33310 (Improper Limitation of a Pathname to 
a Restricted Directory ('Pa
        NOT-FOR-US: WordPress plugin
 CVE-2023-32297 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-32244 (Improper Privilege Management vulnerability in XTemos Woodmart 
Core al ...)
+CVE-2023-32244 (Improper Privilege Management vulnerability in xtemos Woodmart 
Core al ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-32129 (Missing Authorization vulnerability in Sparkle WP Editorialmag 
editori ...)
        NOT-FOR-US: WordPress plugin
@@ -167956,7 +168066,7 @@ CVE-2024-0034 (In BackgroundLaunchProcessController, 
there is a possible way to
        NOT-FOR-US: Android
 CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible 
missing s ...)
        NOT-FOR-US: Android
-CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a 
possible ...)
+CVE-2024-0032 (In multiple locations, there is a possible way to request 
access to di ...)
        NOT-FOR-US: Android
 CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there 
is a p ...)
        NOT-FOR-US: Android
@@ -229110,7 +229220,7 @@ CVE-2023-26011 (Cross-Site Request Forgery (CSRF) 
vulnerability in Tim Eckel Rea
        NOT-FOR-US: WordPress plugin
 CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WPMo ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-26009 (Improper Privilege Management vulnerability in favethemes 
Houzez Login ...)
+CVE-2023-26009 (Improper Privilege Management vulnerability in Favethemes 
Houzez Login ...)
        NOT-FOR-US: Favethemes Houzez
 CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Ajay ...)
        NOT-FOR-US: WordPress plugin
@@ -253756,8 +253866,8 @@ CVE-2023-21127 (In readSampleData of 
NuMediaExtractor.cpp, there is a possible o
        NOT-FOR-US: Android
 CVE-2023-21126 (In bindOutputSwitcherAndBroadcastButton of 
MediaControlPanel.java, the ...)
        NOT-FOR-US: Android
-CVE-2023-21125
-       RESERVED
+CVE-2023-21125 (In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a 
possible way to ...)
+       TODO: check
 CVE-2023-21124 (In run of multiple files, there is a possible escalation of 
privilege  ...)
        NOT-FOR-US: Android
 CVE-2023-21123 (In multiple functions of multiple files, there is a possible 
way to by ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ec0c5bcda2e5f26d7fd789564e12ed4d37c080f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ec0c5bcda2e5f26d7fd789564e12ed4d37c080f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to