[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 7 09:12:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb4c246d by security tracker role at 2025-08-07T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2025-8086
+	REJECTED
+CVE-2025-7770 (Tigo Energy's CCA device is vulnerable to insecure session ID generati ...)
+	TODO: check
+CVE-2025-7769 (Tigo Energy's CCA is vulnerable to a command injection vulnerability i ...)
+	TODO: check
+CVE-2025-7768 (Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded  ...)
+	TODO: check
+CVE-2025-6634 (A maliciously crafted TGA file, when linked or imported into Autodesk  ...)
+	TODO: check
+CVE-2025-6633 (A maliciously crafted RBG file, when parsed through Autodesk 3ds Max,  ...)
+	TODO: check
+CVE-2025-6632 (A maliciously crafted PSD file, when linked or imported into Autodesk  ...)
+	TODO: check
+CVE-2025-54885 (Thinbus Javascript Secure Remote Password is a browser SRP6a implement ...)
+	TODO: check
+CVE-2025-54882 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
+	TODO: check
+CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In version ...)
+	TODO: check
+CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In versions ...)
+	TODO: check
+CVE-2025-54788 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-54786 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-54785 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-54784 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-54783 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-51058 (Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-sid ...)
+	TODO: check
+CVE-2025-51057 (A local file inclusion (LFI) vulnerability in Vedo Suite version 2024. ...)
+	TODO: check
+CVE-2025-51056 (An unrestricted file upload vulnerability in Vedo Suite version 2024.1 ...)
+	TODO: check
+CVE-2025-51055 (Insecure Data Storage of credentials has been found in /api_vedo/confi ...)
+	TODO: check
+CVE-2025-51054 (Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which al ...)
+	TODO: check
+CVE-2025-51053 (A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite ...)
+	TODO: check
+CVE-2025-51052 (A path traversal vulnerability in Vedo Suite 2024.17 allows remote aut ...)
+	TODO: check
+CVE-2025-50740 (AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site s ...)
+	TODO: check
+CVE-2025-47908 (Middleware causes a prohibitive amount of heap allocations when proces ...)
+	TODO: check
+CVE-2025-46660 (An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stor ...)
+	TODO: check
+CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. I ...)
+	TODO: check
+CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
+	TODO: check
+CVE-2025-35970 (On multiple products of SEIKO EPSON and FUJIFILM Corporation, the init ...)
+	TODO: check
+CVE-2025-32094 (An issue was discovered in Akamai Ghost, as used for the Akamai CDN pl ...)
+	TODO: check
+CVE-2025-29866 (: External Control of File Name or Path vulnerability in TAGFREE X-Fre ...)
+	TODO: check
+CVE-2025-29865 (: Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
+	TODO: check
+CVE-2024-55402 (4C Strategies Exonaut before v22.4 was discovered to contain an access ...)
+	TODO: check
+CVE-2024-55399 (4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a S ...)
+	TODO: check
+CVE-2024-55398 (4C Strategies Exonaut before v22.4 was discovered to contain insecure  ...)
+	TODO: check
+CVE-2023-3194
+	REJECTED
 CVE-2025-8667 (A vulnerability, which was classified as critical, was found in Skywor ...)
 	NOT-FOR-US: kyworkAI DeepResearchAgent
 CVE-2025-8665 (A vulnerability, which was classified as critical, has been found in a ...)
@@ -58,7 +130,7 @@ CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.)
 	- poco <undetermined>
 	NOTE: https://github.com/pocoproject/poco/issues/4921
 	TODO: check upstream status, might not be a bug in poco
-CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption.)
+CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: thi ...)
 	TODO: check
 CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...)
 	NOT-FOR-US: IBM
@@ -580,35 +652,35 @@ CVE-2012-10034 (ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI)
 	NOT-FOR-US: ClanSphere
 CVE-2012-10031 (BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buf ...)
 	NOT-FOR-US: BlazeVideo HDTV Player Pro
-CVE-2025-8583
+CVE-2025-8583 (Inappropriate implementation in Permissions in Google Chrome prior to  ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8582
+CVE-2025-8582 (Insufficient validation of untrusted input in Core in Google Chrome pr ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8581
+CVE-2025-8581 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8580
+CVE-2025-8580 (Inappropriate implementation in Filesystems in Google Chrome prior to  ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8579
+CVE-2025-8579 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8578
+CVE-2025-8578 (Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8577
+CVE-2025-8577 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8576
+CVE-2025-8576 (Use after free in Extensions in Google Chrome prior to 139.0.7258.66 a ...)
 	{DSA-5971-1}
 	- chromium 139.0.7258.66-1
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb4c246d7d67510981f0a3b419cc8f17c3bc99cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb4c246d7d67510981f0a3b419cc8f17c3bc99cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250807/92264833/attachment.htm>

More information about the debian-security-tracker-commits mailing list