[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 4 09:12:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e9e3435 by security tracker role at 2025-08-04T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2025-54962 (/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows au ...)
+ TODO: check
+CVE-2025-48499 (Out-of-bounds write vulnerability exists in FUJIFILM Business Innovati ...)
+ TODO: check
+CVE-2025-20702 (In the Airoha Bluetooth audio SDK, there is a possible unauthorized ac ...)
+ TODO: check
+CVE-2025-20701 (In the Airoha Bluetooth audio SDK, there is a possible way to pair Blu ...)
+ TODO: check
+CVE-2025-20700 (In the Airoha Bluetooth audio SDK, there is a possible permission bypa ...)
+ TODO: check
+CVE-2025-20698 (In Power HAL, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2025-20697 (In Power HAL, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2025-20696 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+ TODO: check
CVE-2025-8513 (A vulnerability, which was classified as problematic, was found in Cai ...)
NOT-FOR-US: Caixin News App
CVE-2025-8512 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -309,7 +325,7 @@ CVE-2025-46018 (CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a v
NOT-FOR-US: CSC Pay Mobile App
CVE-2025-45778 (A stored cross-site scripting (XSS) vulnerability in The Language Slot ...)
NOT-FOR-US: Language Sloth Web Application
-CVE-2025-45767 (jose v6.0.10 was discovered to contain weak encryption.)
+CVE-2025-45767 (jose v6.0.10 was discovered to contain weak encryption. NOTE: this is ...)
- node-jose <unfixed>
NOTE: https://github.com/panva/jose/security/advisories/GHSA-mwmr-4mj7-4hv
CVE-2025-45150 (Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows at ...)
@@ -44778,6 +44794,7 @@ CVE-2025-27788 (JSON is a JSON implementation for Ruby. Starting in version 2.10
NOTE: Introduced by: https://github.com/ruby/json/commit/5e6cfcf7242a83e79fbc83cb30b3b89373e98b19 (v2.10.0)
NOTE: Fixed by: https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208 (v2.10.2)
CVE-2025-27407 (graphql-ruby is a Ruby implementation of GraphQL. Starting in version ...)
+ {DLA-4263-1}
- ruby-graphql 2.2.17-1 (bug #1100442)
NOTE: https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
NOTE: https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f (v1.11.11)
@@ -328050,29 +328067,29 @@ CVE-2021-42534 (The affected product\u2019s web application does not properly ne
CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...)
NOT-FOR-US: Adobe
CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://github.com/adobe/XMP-Toolkit-SDK/compare/v2021.07...v2021.08
CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://github.com/adobe/XMP-Toolkit-SDK/commit/16e53564ae6c2689387479c04770f492075d5b7b (v2021.08)
@@ -333948,7 +333965,7 @@ CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a memor
CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
NOT-FOR-US: Adobe
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
@@ -333984,7 +334001,7 @@ CVE-2021-40718
CVE-2021-40717
RESERVED
CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
@@ -336283,7 +336300,7 @@ CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
CVE-2021-39848
RESERVED
CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
@@ -345948,7 +345965,7 @@ CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and e
CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
NOT-FOR-US: Adobe
CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
@@ -345964,55 +345981,55 @@ CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an
CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
@@ -346020,25 +346037,25 @@ CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a bu
CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
- {DLA-3585-1}
+ {DLA-4264-1 DLA-3585-1}
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e9e3435558a074b1ae0c76a8a0a70ef33a98210
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e9e3435558a074b1ae0c76a8a0a70ef33a98210
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250804/2821604d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list