[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 1 09:13:04 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60849896 by security tracker role at 2025-08-01T08:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,82 @@
-CVE-2025-48073
+CVE-2025-8441 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-8439 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-8438 (A vulnerability classified as critical was found in code-projects Wazi ...)
+ TODO: check
+CVE-2025-8437 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-8436 (A vulnerability was found in projectworlds Online Admission System 1.0 ...)
+ TODO: check
+CVE-2025-8435 (A vulnerability was found in code-projects Online Movie Streaming 1.0. ...)
+ TODO: check
+CVE-2025-8434 (A vulnerability was found in code-projects Online Movie Streaming 1.0. ...)
+ TODO: check
+CVE-2025-8433 (A vulnerability was found in code-projects Document Management System ...)
+ TODO: check
+CVE-2025-8431 (A vulnerability has been found in PHPGurukul Boat Booking System 1.0 a ...)
+ TODO: check
+CVE-2025-7845 (The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-7725 (The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Cont ...)
+ TODO: check
+CVE-2025-7646 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+ TODO: check
+CVE-2025-7443 (The BerqWP \u2013 Automated All-In-One Page Speed Optimization for Cor ...)
+ TODO: check
+CVE-2025-5954 (The Service Finder SMS System plugin for WordPress is vulnerable to pr ...)
+ TODO: check
+CVE-2025-5947 (The Service Finder Bookings plugin for WordPress is vulnerable to priv ...)
+ TODO: check
+CVE-2025-5921 (The SureForms WordPress plugin before 1.7.2 does not sanitise and esc ...)
+ TODO: check
+CVE-2025-54939 (LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_pack ...)
+ TODO: check
+CVE-2025-54847
+ REJECTED
+CVE-2025-54846
+ REJECTED
+CVE-2025-54845
+ REJECTED
+CVE-2025-54844
+ REJECTED
+CVE-2025-54843
+ REJECTED
+CVE-2025-54842
+ REJECTED
+CVE-2025-54841
+ REJECTED
+CVE-2025-54840
+ REJECTED
+CVE-2025-54839
+ REJECTED
+CVE-2025-54657
+ REJECTED
+CVE-2025-4523 (The IDonate \u2013 Blood Donation, Request And Donor Management System ...)
+ TODO: check
+CVE-2025-45768 (pyjwt v2.10.1 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-31716 (In bootloader, there is a possible out of bounds write due to a missin ...)
+ TODO: check
+CVE-2025-23289 (NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerabili ...)
+ TODO: check
+CVE-2025-48073 (OpenEXR provides the specification and reference implementation of the ...)
- openexr <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm
-CVE-2025-48072
+CVE-2025-48072 (OpenEXR provides the specification and reference implementation of the ...)
- openexr <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361 (v3.3.3-rc)
-CVE-2025-48071
+CVE-2025-48071 (OpenEXR provides the specification and reference implementation of the ...)
- openexr <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f (v3.3.3-rc)
-CVE-2023-32251 [ksmbd: block asynchronous requests when making a delay on session setup]
+CVE-2023-32251 (A vulnerability has been identified in the Linux kernel's ksmbd compon ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/b096d97f47326b1e2dbdef1c91fab69ffda54d17 (6.4-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-699/
-CVE-2025-53399 [Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration]
+CVE-2025-53399 (In Sipwise rtpengine before 13.4.1.1, an origin-validation error in th ...)
- rtpengine <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/07/31/1
NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject
@@ -3429,6 +3491,7 @@ CVE-2025-7785 (A vulnerability classified as problematic was found in thinkgem J
CVE-2025-7784 (A flaw was found in the Keycloak identity and access management system ...)
- keycloak <itp> (bug #1088287)
CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data allows ...)
+ {DLA-4261-1}
- node-form-data 4.0.1-2 (bug #1109551)
NOTE: https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
NOTE: Fixed by: https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0 (v4.0.4)
@@ -4830,7 +4893,7 @@ CVE-2024-26292 (An authenticated Arbitrary File Deletion vulnerability enables a
NOT-FOR-US: Avid Nexis
CVE-2024-26291 (An Unauthenticated Arbitrary File Read vulnerability affects the Agent ...)
NOT-FOR-US: Avid Nexis
-CVE-2025-8454 [uscan must not skip OpenPGP check after failed check in previous run]
+CVE-2025-8454 (It was discovered that uscan, a tool to scan/watch upstream sources fo ...)
- devscripts <unfixed> (bug #1109251)
[trixie] - devscripts <no-dsa> (Can be fixed via a point release)
[bookworm] - devscripts <no-dsa> (Can be fixed via a point release)
@@ -5287,6 +5350,7 @@ CVE-2023-38329 (An issue was discovered in eGroupWare 17.1.20190111. A cross-sit
CVE-2023-38327 (An issue was discovered in eGroupWare 17.1.20190111. A User Enumeratio ...)
- egroupware <removed>
CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss ...)
+ {DLA-4262-1}
- libcommons-lang3-java <unfixed> (bug #1109125)
[bookworm] - libcommons-lang3-java <no-dsa> (Minor issue)
- libcommons-lang-java <unfixed> (bug #1109126)
@@ -7852,6 +7916,7 @@ CVE-2025-53605 (The protobuf crate before 3.7.2 for Rust allows uncontrolled rec
CVE-2025-53604 (The web-push crate before 0.10.3 for Rust allows a denial of service ( ...)
NOT-FOR-US: web-push Rust crate
CVE-2025-53603 (In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHas ...)
+ {DSA-5970-1 DLA-4260-1}
- sope 5.12.1-2 (bug #1108798)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/02/3
NOTE: https://github.com/Alinto/sope/pull/69
@@ -466471,8 +466536,8 @@ CVE-2019-19147
RESERVED
CVE-2019-19146
RESERVED
-CVE-2019-19145
- RESERVED
+CVE-2019-19145 (Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access ...)
+ TODO: check
CVE-2019-19144
RESERVED
CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6084989694a982895dc3a238c2baf7dd7a836b59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6084989694a982895dc3a238c2baf7dd7a836b59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250801/a7fe1a5f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list