[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 11 21:12:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bb88b19 by security tracker role at 2025-08-11T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2025-8866 (YugabyteDB Anywhere web server does not properly enforce authenticatio ...)
+ TODO: check
+CVE-2025-8865 (The YugabyteDB tablet server contains a flaw in its YCQL query handlin ...)
+ TODO: check
+CVE-2025-8864 (Shared Access Signature token is not masked in the backup configuratio ...)
+ TODO: check
+CVE-2025-8863 (YugabyteDB diagnostic information was transmitted over HTTP, which cou ...)
+ TODO: check
+CVE-2025-8862 (YugabyteDB has been collecting diagnostics information from YugabyteDB ...)
+ TODO: check
+CVE-2025-8859 (A vulnerability was identified in code-projects eBlog Site 1.0. Affect ...)
+ TODO: check
+CVE-2025-8853 (Official Document Management System developed by 2100 Technology has a ...)
+ TODO: check
+CVE-2025-8852 (A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. Thi ...)
+ TODO: check
+CVE-2025-8851 (A vulnerability was determined in LibTIFF up to 4.5.1. Affected by thi ...)
+ TODO: check
+CVE-2025-8847 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected ...)
+ TODO: check
+CVE-2025-8846 (A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affec ...)
+ TODO: check
+CVE-2025-8845 (A vulnerability was identified in NASM Netwide Assember 2.17rc0. This ...)
+ TODO: check
+CVE-2025-8844 (A vulnerability was determined in NASM Netwide Assember 2.17rc0. This ...)
+ TODO: check
+CVE-2025-8843 (A vulnerability was found in NASM Netwide Assember 2.17rc0. This affec ...)
+ TODO: check
+CVE-2025-8842 (A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affec ...)
+ TODO: check
+CVE-2025-8841 (A vulnerability was identified in zlt2000 microservices-platform up to ...)
+ TODO: check
+CVE-2025-8840 (A vulnerability was determined in jshERP up to 3.5. Affected is an unk ...)
+ TODO: check
+CVE-2025-8839 (A vulnerability was found in jshERP up to 3.5. This issue affects some ...)
+ TODO: check
+CVE-2025-8838 (A vulnerability has been found in WinterChenS my-site up to 1f7525f159 ...)
+ TODO: check
+CVE-2025-8837 (A vulnerability was identified in JasPer up to 4.2.5. This affects the ...)
+ TODO: check
+CVE-2025-8672 (MacOS version of GIMP bundles a Python interpreter that inherits the T ...)
+ TODO: check
+CVE-2025-8285 (Mattermost Confluence Plugin version <1.5.0 fails to check the access ...)
+ TODO: check
+CVE-2025-7679 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
+ TODO: check
+CVE-2025-7677 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
+ TODO: check
+CVE-2025-54525 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
+ TODO: check
+CVE-2025-54478 (Mattermost Confluence Plugin version <1.5.0 fails to enforce authentic ...)
+ TODO: check
+CVE-2025-54463 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
+ TODO: check
+CVE-2025-54458 (Mattermost Confluence Plugin version <1.5.0 fails to check the access ...)
+ TODO: check
+CVE-2025-54063 (Cherry Studio is a desktop client that supports for multiple LLM provi ...)
+ TODO: check
+CVE-2025-53910 (Mattermost Confluence Plugin version <1.5.0 fails to check the access ...)
+ TODO: check
+CVE-2025-53857 (Mattermost Confluence Plugin version <1.5.0 fails to check the access ...)
+ TODO: check
+CVE-2025-53514 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
+ TODO: check
+CVE-2025-53191 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
+ TODO: check
+CVE-2025-53190 (A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08. ...)
+ TODO: check
+CVE-2025-53189 (Authorization Bypass Through User-Controlled Key vulnerability in ABB ...)
+ TODO: check
+CVE-2025-53188 (Insufficiently Protected Credentials vulnerability in ABB Aspect.This ...)
+ TODO: check
+CVE-2025-53187 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-52931 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
+ TODO: check
+CVE-2025-51824 (libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() fu ...)
+ TODO: check
+CVE-2025-51823 (libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() func ...)
+ TODO: check
+CVE-2025-49221 (Mattermost Confluence Plugin version <1.5.0 fails to enforce authentic ...)
+ TODO: check
+CVE-2025-48731 (Mattermost Confluence Plugin version <1.5.0 fails to check the access ...)
+ TODO: check
+CVE-2025-45146 (ModelCache for LLM through v0.2.0 was discovered to contain an deseria ...)
+ TODO: check
+CVE-2025-44004 (Mattermost Confluence Plugin version <1.5.0 fails to check the authori ...)
+ TODO: check
+CVE-2025-44001 (Mattermost Confluence Plugin version <1.5.0 fails to check the access ...)
+ TODO: check
+CVE-2025-38499 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2025-25231 (Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal ...)
+ TODO: check
+CVE-2025-25229 (Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF ...)
+ TODO: check
+CVE-2012-10040 (Openfiler v2.x contains a command injection vulnerability in the syste ...)
+ TODO: check
+CVE-2012-10039 (ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection ...)
+ TODO: check
+CVE-2012-10038 (Auxilium RateMyPet contains an unauthenticated arbitrary file upload v ...)
+ TODO: check
+CVE-2012-10037 (PhpTax version 0.8 contains a remote code execution vulnerability in d ...)
+ TODO: check
CVE-2025-8854 (Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before ...)
NOT-FOR-US: bulletphysics bullet3
CVE-2025-8836 (A vulnerability was determined in JasPer up to 4.2.5. Affected by this ...)
@@ -632,6 +736,7 @@ CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In v
NOTE: Fixed by: https://github.com/go-acme/lego/commit/238454b5f74f3cfcbb244ff0d0dc914a4ad44b96 (v4.25.2)
NOTE: Workaround: CA endpoint should enforce HTTPS instead of HTTP.
CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In versions ...)
+ {DLA-4268-1}
- node-tmp <unfixed> (bug #1110532)
[trixie] - node-tmp <no-dsa> (Minor issue)
[bookworm] - node-tmp <no-dsa> (Minor issue)
@@ -721,9 +826,9 @@ CVE-2025-53786 (On April 18th 2025, Microsoft announced Exchange Server Security
NOT-FOR-US: Microsoft
CVE-2025-51624 (Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.)
NOT-FOR-US: Zone Bitaqati
-CVE-2025-51532 (Incorrect access control in Sage DPW v2024.12.003 allows unauthorized ...)
+CVE-2025-51532 (Incorrect access control in Sage DPW 2024_12_004 and earlier allows un ...)
NOT-FOR-US: Sage DPW
-CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024 ...)
+CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_ ...)
NOT-FOR-US: Sage DPW
CVE-2025-51308 (In Gatling Enterprise versions below 1.25.0, a low-privileged user tha ...)
NOT-FOR-US: Gatling Enterprise
@@ -3702,7 +3807,7 @@ CVE-2025-29628 (An issue in Gardyn 4 allows a remote attacker to obtain sensitiv
NOT-FOR-US: Gardyn
CVE-2024-48730 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote ...)
NOT-FOR-US: ETSI Open-Source MANO (OSM)
-CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote ...)
+CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x b ...)
NOT-FOR-US: ETSI Open-Source MANO (OSM)
CVE-2024-13976 (A DLL injection vulnerability exists in Commvault for Windows 11.20.0, ...)
NOT-FOR-US: Commvault
@@ -4282,7 +4387,8 @@ CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.4
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005
NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
-CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to Improper Ne ...)
+CVE-2025-8022
+ REJECTED
NOT-FOR-US: bun
CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable to Dire ...)
NOT-FOR-US: files-bucket-server Node.js module
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb88b19b5c424fe83dd329c968fba6ae4ccc626
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb88b19b5c424fe83dd329c968fba6ae4ccc626
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/a950ba51/attachment.htm>
More information about the debian-security-tracker-commits
mailing list