[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 8 21:12:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25716366 by security tracker role at 2025-08-08T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-8749 (Path Traversal vulnerability in API Endpoint in Mobile Industrial Robo ...)
+	TODO: check
+CVE-2025-8748 (MiR software versions prior to version 3.0.0 are affected by a command ...)
+	TODO: check
+CVE-2025-8738 (A vulnerability has been found in zlt2000 microservices-platform up to ...)
+	TODO: check
+CVE-2025-8737 (A vulnerability, which was classified as problematic, was found in zlt ...)
+	TODO: check
+CVE-2025-8736 (A vulnerability, which was classified as critical, has been found in G ...)
+	TODO: check
+CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow up to ...)
+	TODO: check
+CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU Bison  ...)
+	TODO: check
+CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been rated  ...)
+	TODO: check
+CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been declare ...)
+	TODO: check
+CVE-2025-8731 (A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430A ...)
+	TODO: check
+CVE-2025-8730 (A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.0 ...)
+	TODO: check
+CVE-2025-8729 (A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classifie ...)
+	TODO: check
+CVE-2025-8393 (A TLS vulnerability exists in the phone application used to manage a   ...)
+	TODO: check
+CVE-2025-8356 (In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path T ...)
+	TODO: check
+CVE-2025-8355 (In Xerox FreeFlow Core version 8.0.4, improper handling of XML input a ...)
+	TODO: check
+CVE-2025-8284 (By default, the Packet Power Monitoring and Control Web Interface do n ...)
+	TODO: check
+CVE-2025-8088 (A path traversal vulnerability affecting the Windows version of WinRAR ...)
+	TODO: check
+CVE-2025-5095 (Burk Technology ARC Solo's password change mechanism can be utilized w ...)
+	TODO: check
+CVE-2025-53606 (Deserialization of Untrusted Data vulnerability in Apache Seata (incub ...)
+	TODO: check
+CVE-2025-53520 (The affected product allows firmware updates to be downloaded from EG4 ...)
+	TODO: check
+CVE-2025-52914 (A vulnerability in the Suite Applications Services component of Mitel  ...)
+	TODO: check
+CVE-2025-52913 (A vulnerability in the NuPoint Unified Messaging (NPM) component of Mi ...)
+	TODO: check
+CVE-2025-52586 (The MOD3 command traffic between the monitoring application and the  i ...)
+	TODO: check
+CVE-2025-50928 (Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a ...)
+	TODO: check
+CVE-2025-50927 (A reflected cross-site scripting (XSS) vulnerability in the List All F ...)
+	TODO: check
+CVE-2025-50468 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
+	TODO: check
+CVE-2025-50467 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
+	TODO: check
+CVE-2025-50466 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
+	TODO: check
+CVE-2025-50465 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
+	TODO: check
+CVE-2025-4796 (The Eventin plugin for WordPress is vulnerable to privilege escalation ...)
+	TODO: check
+CVE-2025-4576 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+	TODO: check
+CVE-2025-48913 (If untrusted users are allowed to configure JMS for Apache CXF, previo ...)
+	TODO: check
+CVE-2025-47872 (The public-facing product registration endpoint server responds  diffe ...)
+	TODO: check
+CVE-2025-46414 (The affected product does not limit the number of attempts for inputti ...)
+	TODO: check
+CVE-2025-36119 (IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obta ...)
+	TODO: check
+CVE-2025-36023 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and  ...)
+	TODO: check
+CVE-2012-10053 (Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulne ...)
+	TODO: check
+CVE-2012-10052 (EGallery version 1.2 contains an unauthenticated arbitrary file upload ...)
+	TODO: check
+CVE-2012-10051 (Photodex ProShow Producer version 5.0.3256 contains a stack-based buff ...)
+	TODO: check
+CVE-2012-10050 (CuteFlow version 2.11.2 and earlier contains an arbitrary file upload  ...)
+	TODO: check
+CVE-2012-10049 (WebPageTest version 2.6 and earlier contains an arbitrary file upload  ...)
+	TODO: check
+CVE-2012-10048 (Zenoss Core 3.x contains a command injection vulnerability in the show ...)
+	TODO: check
+CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a ...)
+	TODO: check
+CVE-2012-10046 (The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2 ...)
+	TODO: check
+CVE-2012-10045 (XODA version 0.4.5 contains an unauthenticated file upload vulnerabili ...)
+	TODO: check
+CVE-2012-10044 (MobileCartly version 1.0 contains an arbitrary file creation vulnerabi ...)
+	TODO: check
+CVE-2012-10043 (A stack-based buffer overflow vulnerability exists in ActFax Server ve ...)
+	TODO: check
+CVE-2012-10042 (Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnera ...)
+	TODO: check
+CVE-2012-10041 (WAN Emulator v2.3 contains two unauthenticated command execution vulne ...)
+	TODO: check
+CVE-2012-10036 (Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary f ...)
+	TODO: check
+CVE-2010-10013 (An unauthenticated remote command execution vulnerability exists in Aj ...)
+	TODO: check
 CVE-2025-8708 (A vulnerability was found in Antabot White-Jotter 0.22. It has been de ...)
 	NOT-FOR-US: Antabot White-Jotter
 CVE-2025-8707 (A vulnerability was found in Huuge Box App 1.0.3 on Android. It has be ...)
@@ -133674,7 +133776,7 @@ CVE-2024-20392 (A vulnerability in the web-based management API of Cisco AsyncOS
 	NOT-FOR-US: Cisco
 CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of Cisco Se ...)
 	NOT-FOR-US: Cisco
-CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could ...)
+CVE-2024-20383 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
 	NOT-FOR-US: Cisco
 CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
 	NOT-FOR-US: Cisco
@@ -446575,8 +446677,8 @@ CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Captur
 	NOT-FOR-US: Aquaforest TIFF Server
 CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...)
 	NOT-FOR-US: Aquaforest TIFF Server
-CVE-2020-9322
-	RESERVED
+CVE-2020-9322 (The /users endpoint in Statamic Core before 2.11.8 allows XSS to add a ...)
+	TODO: check
 CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
 	- traefik <itp> (bug #983289)
 CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257163664b8160c8ffe12c54c6898e1c852c5446

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257163664b8160c8ffe12c54c6898e1c852c5446
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250808/1033f1a9/attachment.htm>

More information about the debian-security-tracker-commits mailing list