Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
416b8527 by security tracker role at 2025-08-29T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,128 @@
-CVE-2025-40927 [Sanitize all user-supplied values before inserting into HTTP
headers]
+CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File
Reading vulne ...)
+ TODO: check
+CVE-2025-9619 (A security flaw has been discovered in E4 Sistemas Mercatus ERP
2.00.0 ...)
+ TODO: check
+CVE-2025-9610 (A vulnerability was determined in code-projects Online Event
Judging S ...)
+ TODO: check
+CVE-2025-9609 (A vulnerability was found in Portabilis i-Educar up to 2.10.
This vuln ...)
+ TODO: check
+CVE-2025-9608 (A vulnerability has been found in Portabilis i-Educar up to
2.10. This ...)
+ TODO: check
+CVE-2025-9607 (A flaw has been found in Portabilis i-Educar up to 2.10.
Affected by t ...)
+ TODO: check
+CVE-2025-9606 (A vulnerability was detected in Portabilis i-Educar up to 2.10.
Affect ...)
+ TODO: check
+CVE-2025-9605 (A security vulnerability has been detected in Tenda AC21 and
AC23 16.0 ...)
+ TODO: check
+CVE-2025-9604 (A vulnerability was identified in coze-studio up to 0.2.4. The
impacte ...)
+ TODO: check
+CVE-2025-9603 (A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4.
The af ...)
+ TODO: check
+CVE-2025-9602 (A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted
is the ...)
+ TODO: check
+CVE-2025-9601 (A vulnerability was detected in itsourcecode Apartment
Management Syst ...)
+ TODO: check
+CVE-2025-9600 (A security vulnerability has been detected in itsourcecode
Apartment M ...)
+ TODO: check
+CVE-2025-9599 (A weakness has been identified in itsourcecode Apartment
Management Sy ...)
+ TODO: check
+CVE-2025-9598 (A security flaw has been discovered in itsourcecode Apartment
Manageme ...)
+ TODO: check
+CVE-2025-9597 (A vulnerability was identified in itsourcecode Apartment
Management Sy ...)
+ TODO: check
+CVE-2025-9596 (A vulnerability was determined in itsourcecode Sports
Management Syste ...)
+ TODO: check
+CVE-2025-9595 (A vulnerability was found in code-projects Student Information
Managem ...)
+ TODO: check
+CVE-2025-9594 (A vulnerability has been found in itsourcecode Apartment
Management Sy ...)
+ TODO: check
+CVE-2025-9593 (A flaw has been found in itsourcecode Apartment Management
System 1.0. ...)
+ TODO: check
+CVE-2025-9592 (A vulnerability was detected in itsourcecode Apartment
Management Syst ...)
+ TODO: check
+CVE-2025-9591 (A security vulnerability has been detected in ZrLog up to
3.1.5. This ...)
+ TODO: check
+CVE-2025-9590 (A vulnerability was identified in Weaver E-Mobile Mobile
Management Pl ...)
+ TODO: check
+CVE-2025-9589 (A vulnerability was determined in Cudy WR1200EA
2.3.7-20250113-121810. ...)
+ TODO: check
+CVE-2025-9586 (A vulnerability was identified in Comfast CF-N1 2.6.0. This
vulnerabil ...)
+ TODO: check
+CVE-2025-9585 (A vulnerability was determined in Comfast CF-N1 2.6.0. This
affects th ...)
+ TODO: check
+CVE-2025-9441 (The iATS Online Forms plugin for WordPress is vulnerable to
time-based ...)
+ TODO: check
+CVE-2025-9374 (The Ultimate Tag Warrior Importer plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-8861 (TSA developed by Changing has a Missing Authentication
vulnerability, ...)
+ TODO: check
+CVE-2025-8858 (Clinic Image System developed by Changing has a SQL Injection
vulnerab ...)
+ TODO: check
+CVE-2025-8857 (Clinic Image System developed by Changing contains hard-coded
Credenti ...)
+ TODO: check
+CVE-2025-8619 (The OSM Map Widget for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-8290 (The List Subpages plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-8147 (The LWSCache plugin for WordPress is vulnerable to unauthorized
modifi ...)
+ TODO: check
+CVE-2025-58333
+ REJECTED
+CVE-2025-58332
+ REJECTED
+CVE-2025-58331
+ REJECTED
+CVE-2025-58330
+ REJECTED
+CVE-2025-58329
+ REJECTED
+CVE-2025-58328
+ REJECTED
+CVE-2025-58327
+ REJECTED
+CVE-2025-58326
+ REJECTED
+CVE-2025-58323 (NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a
local attac ...)
+ TODO: check
+CVE-2025-58062 (LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp
developer. P ...)
+ TODO: check
+CVE-2025-58061 (OpenEBS Local PV RawFile allows dynamic deployment of Stateful
Persist ...)
+ TODO: check
+CVE-2025-58058 (xz is a pure golang package for reading and writing
xz-compressed file ...)
+ TODO: check
+CVE-2025-54777 (Uncaught exception issue exists in Multiple products in bizhub
series. ...)
+ TODO: check
+CVE-2025-54142 (Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling
via an OP ...)
+ TODO: check
+CVE-2025-53508 (Multiple products provided by iND Co.,Ltd contain an OS
command inject ...)
+ TODO: check
+CVE-2025-53507 (Multiple products provided by iND Co.,Ltd contain an insecure
storage ...)
+ TODO: check
+CVE-2025-48979 (An Improper Input Validation in UISP Application could allow a
Command ...)
+ TODO: check
+CVE-2025-43284 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43268 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43255 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43187 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-39247 (There is an Access Control Vulnerability in some HikCentral
Profession ...)
+ TODO: check
+CVE-2025-39246 (There is an Unquoted Service Path Vulnerability in some
HikCentral Foc ...)
+ TODO: check
+CVE-2025-39245 (There is a CSV Injection Vulnerability in some HikCentral
Master Lite ...)
+ TODO: check
+CVE-2024-54568 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-54554 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2024-44271 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-13987 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2025-40927 (CGI::Simple versions before 1.282 for Perl has a HTTP response
splitti ...)
- libcgi-simple-perl 1.282-1
[trixie] - libcgi-simple-perl <no-dsa> (Minor issue)
[bookworm] - libcgi-simple-perl <no-dsa> (Minor issue)
@@ -13800,6 +13924,7 @@ CVE-2025-53862 (A flaw was found in Ansible. Three API
endpoints are accessible
CVE-2025-53861 (A flaw was found in Ansible. Sensitive cookies without
security flags ...)
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype,
flags are ...)
+ {DSA-5990-1}
- libxslt <unfixed> (bug #1109122)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379274
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
@@ -431709,7 +431834,7 @@ CVE-2020-17135 (Azure DevOps Server Spoofing
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure)
+CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure
Vulnera ...)
NOT-FOR-US: Microsoft
CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/416b8527d9659c1d5a8c4dac87a6b3903e80d5d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/416b8527d9659c1d5a8c4dac87a6b3903e80d5d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
