[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 6 21:12:21 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af1ceb1a by security tracker role at 2025-08-06T20:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2025-8667 (A vulnerability, which was classified as critical, was found in Skywor ...)
+	TODO: check
+CVE-2025-8665 (A vulnerability, which was classified as critical, has been found in a ...)
+	TODO: check
+CVE-2025-8620 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
+CVE-2025-8616 (A weakness identified in OpenText Advanced Authentication where aMalic ...)
+	TODO: check
+CVE-2025-8419 (A vulnerability was found in Keycloak-services. Special characters use ...)
+	TODO: check
+CVE-2025-8130
+	REJECTED
+CVE-2025-7771 (ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces th ...)
+	TODO: check
+CVE-2025-7202 (A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related ...)
+	TODO: check
+CVE-2025-6013 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) ldap auth method ...)
+	TODO: check
+CVE-2025-5197 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
+	TODO: check
+CVE-2025-53786 (On April 18th 2025, Microsoft announced Exchange Server Security Chang ...)
+	TODO: check
+CVE-2025-51624 (Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.)
+	TODO: check
+CVE-2025-51532 (Incorrect access control in Sage DPW v2024.12.003 allows unauthorized  ...)
+	TODO: check
+CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024 ...)
+	TODO: check
+CVE-2025-51308 (In Gatling Enterprise versions below 1.25.0, a low-privileged user tha ...)
+	TODO: check
+CVE-2025-51306 (In Gatling Enterprise versions below 1.25.0, a user logging-out can st ...)
+	TODO: check
+CVE-2025-51040 (Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized a ...)
+	TODO: check
+CVE-2025-50286 (A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows ...)
+	TODO: check
+CVE-2025-50234 (MCCMS v2.7.0 has an SSRF vulnerability located in the index() method o ...)
+	TODO: check
+CVE-2025-50233 (A vulnerability in QCMS version 6.0.5 allows authenticated users to re ...)
+	TODO: check
+CVE-2025-48394 (An attacker with authenticated and privileged access could modify the  ...)
+	TODO: check
+CVE-2025-48393 (The server identity check mechanism for firmware upgrade performed via ...)
+	TODO: check
+CVE-2025-46391 (CWE-284: Improper Access Control)
+	TODO: check
+CVE-2025-46390 (CWE-204: Observable Response Discrepancy)
+	TODO: check
+CVE-2025-46389 (CWE-620: Unverified Password Change)
+	TODO: check
+CVE-2025-46388 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
+	TODO: check
+CVE-2025-46387 (CWE-639 Authorization Bypass Through User-Controlled Key)
+	TODO: check
+CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key)
+	TODO: check
+CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.)
+	TODO: check
+CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption.)
+	TODO: check
+CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...)
+	TODO: check
+CVE-2025-3320 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...)
+	TODO: check
+CVE-2025-38747 (Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a  ...)
+	TODO: check
+CVE-2025-38746 (Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains a ...)
+	TODO: check
+CVE-2025-36020 (IBM Guardium Data Protection could allow a remote attacker to obtain s ...)
+	TODO: check
+CVE-2025-30127 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Onc ...)
+	TODO: check
+CVE-2025-2028 (Lack of TLS validation when downloading a CSV file including mapping f ...)
+	TODO: check
+CVE-2025-23335 (NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT ...)
+	TODO: check
+CVE-2025-23334 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23333 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23331 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23327 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23326 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23325 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23324 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23323 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23322 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23321 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23320 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23319 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23318 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-23317 (NVIDIA Triton Inference Server contains a vulnerability in the HTTP se ...)
+	TODO: check
+CVE-2025-23311 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+	TODO: check
+CVE-2025-23310 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+	TODO: check
+CVE-2025-22470 (CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versio ...)
+	TODO: check
+CVE-2025-22469 (OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX- ...)
+	TODO: check
+CVE-2025-20332 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+	TODO: check
+CVE-2025-20331 (A vulnerability in the web-based management interface of Cisco ISE and ...)
+	TODO: check
+CVE-2025-20215 (A vulnerability in the meeting-join functionality of Cisco Webex Meeti ...)
+	TODO: check
+CVE-2024-8244 (The filepath.Walk and filepath.WalkDir functions are documented as not ...)
+	TODO: check
+CVE-2024-52885 (The Mobile Access Portal's File Share application is vulnerable to a d ...)
+	TODO: check
 CVE-2025-8656 (Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulne ...)
 	NOT-FOR-US: Kenwood
 CVE-2025-8655 (Kenwood DMX958XR libSystemLib Command injection Remote Code Execution  ...)
@@ -352,7 +474,7 @@ CVE-2012-10024 (XBMC version 11, including builds up to the 2012-11-04 nightly r
 	- xbmc <removed>
 CVE-2012-10023 (A stack-based buffer overflow vulnerability exists in FreeFloat FTP Se ...)
 	NOT-FOR-US: FreeFloat FTP Server
-CVE-2025-8556
+CVE-2025-8556 (A flaw was found in CIRCL's implementation of the FourQ elliptic curve ...)
 	- golang-github-cloudflare-circl 1.6.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2371624
 	NOTE: https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm
@@ -455,27 +577,35 @@ CVE-2012-10034 (ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI)
 CVE-2012-10031 (BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buf ...)
 	NOT-FOR-US: BlazeVideo HDTV Player Pro
 CVE-2025-8583
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8582
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8581
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8580
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8579
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8578
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8577
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8576
+	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8551 (A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rate ...)
@@ -65218,7 +65348,7 @@ CVE-2024-55591 (AnAuthentication Bypass Using an Alternate Path or Channel vulne
 	NOT-FOR-US: FortiGuard
 CVE-2024-55000 (Sourcecodester House Rental Management system v1.0 is vulnerable to Cr ...)
 	NOT-FOR-US: Sourcecodester House Rental Management system
-CVE-2024-54021 (An improper neutralization of crlf sequences in http headers ('http re ...)
+CVE-2024-54021 (An Improper Neutralization of CRLF Sequences in HTTP Headers ('http re ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-53996
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af1ceb1a7333316fb2b86cd6d0a5362cae1278d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af1ceb1a7333316fb2b86cd6d0a5362cae1278d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250806/9e09d859/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list