[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 20 21:13:54 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da0010b1 by security tracker role at 2025-08-20T20:13:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,241 @@
+CVE-2025-9246 (A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE700 ...)
+ TODO: check
+CVE-2025-9245 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500 ...)
+ TODO: check
+CVE-2025-9244 (A security vulnerability has been detected in Linksys RE6250, RE6300, ...)
+ TODO: check
+CVE-2025-9241 (A weakness has been identified in elunez eladmin up to 2.7. This affec ...)
+ TODO: check
+CVE-2025-9240 (A security flaw has been discovered in elunez eladmin up to 2.7. Affec ...)
+ TODO: check
+CVE-2025-9239 (A vulnerability was identified in elunez eladmin up to 2.7. Affected b ...)
+ TODO: check
+CVE-2025-9238 (A vulnerability was determined in Swatadru Exam-Seating-Arrangement up ...)
+ TODO: check
+CVE-2025-9237 (A vulnerability was found in CodeAstro Ecommerce Website 1.0. This imp ...)
+ TODO: check
+CVE-2025-9236 (A vulnerability has been found in Portabilis i-Diario up to 2.10. This ...)
+ TODO: check
+CVE-2025-9235 (A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element ...)
+ TODO: check
+CVE-2025-9234 (A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected ...)
+ TODO: check
+CVE-2025-9233 (A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. ...)
+ TODO: check
+CVE-2025-9229 (Information disclosure vulnerability in error handling in MiR software ...)
+ TODO: check
+CVE-2025-9228 (MiR software versions prior to version 3.0.0 have insufficient authori ...)
+ TODO: check
+CVE-2025-9173 (A weakness has been identified in Emlog Pro up to 2.5.18. This issue a ...)
+ TODO: check
+CVE-2025-9074 (A vulnerability was identified in Docker Desktop that allows local run ...)
+ TODO: check
+CVE-2025-8612 (AOMEI Backupper Workstation Link Following Local Privilege Escalation ...)
+ TODO: check
+CVE-2025-8611 (AOMEI Cyber Backup Missing Authentication for Critical Function Remote ...)
+ TODO: check
+CVE-2025-8610 (AOMEI Cyber Backup Missing Authentication for Critical Function Remote ...)
+ TODO: check
+CVE-2025-8453 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
+ TODO: check
+CVE-2025-8449 (CWE-400: Uncontrolled Resource Consumption vulnerability exists that c ...)
+ TODO: check
+CVE-2025-8448 (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vu ...)
+ TODO: check
+CVE-2025-8415 (A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP AP ...)
+ TODO: check
+CVE-2025-8309 (There is an improper privilege management vulnerability identified in ...)
+ TODO: check
+CVE-2025-8102 (The Easy Digital Downloads plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-6183 (The StrongDM macOS client incorrectly processed JSON-formatted message ...)
+ TODO: check
+CVE-2025-6182 (The StrongDM Windows service incorrectly handled communication related ...)
+ TODO: check
+CVE-2025-6181 (The StrongDM Windows service incorrectly handled input validation. Aut ...)
+ TODO: check
+CVE-2025-6180 (The StrongDM Client insufficiently protected a pre-authentication toke ...)
+ TODO: check
+CVE-2025-5261 (Authorization Bypass Through User-Controlled Key vulnerability in Pik ...)
+ TODO: check
+CVE-2025-5260 (Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yaz\u01 ...)
+ TODO: check
+CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, ...)
+ TODO: check
+CVE-2025-57734 (In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in ...)
+ TODO: check
+CVE-2025-57733 (In JetBrains TeamCity before 2025.07.1 sMTP injection was possible all ...)
+ TODO: check
+CVE-2025-57732 (In JetBrains TeamCity before 2025.07.1 privilege escalation was possib ...)
+ TODO: check
+CVE-2025-57731 (In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via ...)
+ TODO: check
+CVE-2025-57730 (In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible v ...)
+ TODO: check
+CVE-2025-57729 (In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was ...)
+ TODO: check
+CVE-2025-57728 (In JetBrains IntelliJ IDEA before 2025.2 improper access control allow ...)
+ TODO: check
+CVE-2025-57727 (In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was po ...)
+ TODO: check
+CVE-2025-55751 (OnboardLite is the result of the Influx Initiative, our vision for an ...)
+ TODO: check
+CVE-2025-55746 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-55732 (Frappe is a full-stack web application framework. Prior to 15.74.2 and ...)
+ TODO: check
+CVE-2025-55731 (Frappe is a full-stack web application framework. A carefully crafted ...)
+ TODO: check
+CVE-2025-55503 (Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via th ...)
+ TODO: check
+CVE-2025-55499 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2025-55498 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2025-55483 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the f ...)
+ TODO: check
+CVE-2025-55482 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the f ...)
+ TODO: check
+CVE-2025-55444 (A SQL injection vulnerability exists in the id2 parameter of the cance ...)
+ TODO: check
+CVE-2025-54927 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
+ TODO: check
+CVE-2025-54926 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
+ TODO: check
+CVE-2025-54925 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+ TODO: check
+CVE-2025-54924 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+ TODO: check
+CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...)
+ TODO: check
+CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in sFileNameparameter in t ...)
+ TODO: check
+CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in article creati ...)
+ TODO: check
+CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in page editor ...)
+ TODO: check
+CVE-2025-51991 (XWiki through version 17.3.0 is vulnerable to Server-Side Template Inj ...)
+ TODO: check
+CVE-2025-51990 (XWiki through version 17.3.0 is affected by multiple stored Cross-Site ...)
+ TODO: check
+CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS my-site ...)
+ TODO: check
+CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Sho ...)
+ TODO: check
+CVE-2025-50901 (JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains ...)
+ TODO: check
+CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru 1.3.0 allow ...)
+ TODO: check
+CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch Lebanon Mo ...)
+ TODO: check
+CVE-2025-47054 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46998 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46962 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46936 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46932 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46856 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46852 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46849 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-43757 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-43750 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-43749 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-43748 (Insufficient CSRF protection for omni-administrator users in Liferay P ...)
+ TODO: check
+CVE-2025-43746 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-43742 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-43741 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-36114 (IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote at ...)
+ TODO: check
+CVE-2025-32010 (A stack-based buffer overflow vulnerability exists in the Cloud API fu ...)
+ TODO: check
+CVE-2025-31355 (A firmware update vulnerability exists in the Firmware Signature Valid ...)
+ TODO: check
+CVE-2025-30256 (A denial of service vulnerability exists in the HTTP Header Parsing fu ...)
+ TODO: check
+CVE-2025-28041 (Incorrect access control in the doFilter function of itranswarp up to ...)
+ TODO: check
+CVE-2025-27129 (An authentication bypass vulnerability exists in the HTTP authenticati ...)
+ TODO: check
+CVE-2025-24496 (An information disclosure vulnerability exists in the /goform/getprodu ...)
+ TODO: check
+CVE-2025-24322 (An unsafe default authentication vulnerability exists in the Initial S ...)
+ TODO: check
+CVE-2025-20345 (A vulnerability in the debug logging function of Cisco Duo Authenticat ...)
+ TODO: check
+CVE-2025-20269 (A vulnerability in the web-based management interface of Cisco Evolved ...)
+ TODO: check
+CVE-2025-20131 (A vulnerability in the GUI of Cisco Identity Services Engine (ISE) cou ...)
+ TODO: check
+CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side request ...)
+ TODO: check
+CVE-2025-1139 (IBM Edge Application Manager 4.5 could allow a local user to read or m ...)
+ TODO: check
+CVE-2024-57491 (Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allow ...)
+ TODO: check
+CVE-2024-57157 (Incorrect access control in Jantent v1.1 allows attackers to bypass au ...)
+ TODO: check
+CVE-2024-57154 (Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers ...)
+ TODO: check
+CVE-2024-57152 (Incorrect access control in the preHandle function of my-site v1.0.2 a ...)
+ TODO: check
+CVE-2024-53495 (Incorrect access control in the preHandle function of my-site v1.0.2.R ...)
+ TODO: check
+CVE-2024-50640 (jeewx-boot 1.3 has an authentication bypass vulnerability in the preHa ...)
+ TODO: check
+CVE-2012-10061 (Sockso Music Host Server versions <= 1.5 are vulnerable to a path trav ...)
+ TODO: check
+CVE-2011-10030 (Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, creat ...)
+ TODO: check
+CVE-2011-10029 (Solar FTP Server fails to properly handle format strings passed to the ...)
+ TODO: check
+CVE-2011-10028 (The RealNetworks RealArcade platform includes an ActiveX control (Inst ...)
+ TODO: check
+CVE-2011-10027 (AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\r ...)
+ TODO: check
+CVE-2011-10026 (Spreecommerce versions prior to 0.50.x contain a remote command execut ...)
+ TODO: check
+CVE-2011-10025 (Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in i ...)
+ TODO: check
+CVE-2011-10024 (MJM Core Player (likely now referred to as MJM Player) 2011 is vulnera ...)
+ TODO: check
+CVE-2011-10023 (MJM QuickPlayer (likely now referred to as MJM Player) version 2010 co ...)
+ TODO: check
+CVE-2011-10022 (SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer ...)
+ TODO: check
+CVE-2011-10021 (Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow du ...)
+ TODO: check
+CVE-2011-10020 (Kaillera Server version 0.86 is vulnerable to a denial-of-service cond ...)
+ TODO: check
+CVE-2010-20103 (A malicious backdoor was embedded in the official ProFTPD 1.3.3c sourc ...)
+ TODO: check
+CVE-2010-20059 (FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated comma ...)
+ TODO: check
+CVE-2010-20049 (LeapFTP <3.1.x contains a stack-based buffer overflow vulnerability in ...)
+ TODO: check
+CVE-2010-20045 (FileWrangler <= 5.30 suffers from a stack-based buffer overflow vulner ...)
+ TODO: check
+CVE-2010-20042 (Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicod ...)
+ TODO: check
+CVE-2010-20010 (Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the / ...)
+ TODO: check
+CVE-2010-10014 (Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow ...)
+ TODO: check
+CVE-2009-10005 (ContentKeeper Web Appliance (now maintained by Impero Software) versio ...)
+ TODO: check
CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR software ...)
NOT-FOR-US: MiR software
CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized modific ...)
@@ -330,6 +568,7 @@ CVE-2025-9186 (Spoofing issue in the Address Bar component of Firefox Focus for
- firefox <not-affected> (Specific to Firefox Focus on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, ...)
+ {DSA-5980-1}
- firefox-esr 128.14.0esr-1
- firefox <unfixed>
- thunderbird <unfixed>
@@ -346,6 +585,7 @@ CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics: WebRende
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vulnerab ...)
+ {DSA-5980-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -353,6 +593,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.' This ...)
+ {DSA-5980-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -360,6 +601,7 @@ CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.'
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP process w ...)
+ {DSA-5980-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -474,15 +716,15 @@ CVE-2025-51539 (EzGED3 3.5.0 contains an unauthenticated arbitrary file read vul
NOT-FOR-US: EzGED3
CVE-2025-51529 (Incorrect Access Control in the AJAX endpoint functionality in jonkast ...)
NOT-FOR-US: onkastonka Cookies and Content Security Policy plugin
-CVE-2025-51510 (MoonShine v3.12.5 was discovered to contain a SQL injection vulnerabil ...)
+CVE-2025-51510 (MoonShine was discovered to contain a SQL injection vulnerability unde ...)
NOT-FOR-US: MoonShine
CVE-2025-51506 (In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL inj ...)
NOT-FOR-US: HRForecast Suite
-CVE-2025-51489 (An arbitrary file upload vulnerability in MoonShine v3.12.4 allows att ...)
+CVE-2025-51489 (A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine ...)
NOT-FOR-US: MoonShine
-CVE-2025-51488 (A stored cross-site scripting (XSS) vulnerability in the Create Admin ...)
+CVE-2025-51488 (A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine ...)
NOT-FOR-US: MoonShine
-CVE-2025-51487 (A stored cross-site scripting (XSS) vulnerability in the Create Articl ...)
+CVE-2025-51487 (A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine ...)
NOT-FOR-US: MoonShine
CVE-2025-50938 (Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the ...)
NOT-FOR-US: Hustoj
@@ -6205,7 +6447,7 @@ CVE-2025-24119 (This issue was addressed through improved state management. This
NOT-FOR-US: Apple
CVE-2025-0712 (An uncontrolled search path element vulnerability can lead to local pr ...)
NOT-FOR-US: Beats (Windows Installer)
-CVE-2025-7777
+CVE-2025-7777 (The mirror-registry doesn't properly sanitize the host header HTTP hea ...)
NOT-FOR-US: mirror-registry for Quay
CVE-2025-8292 (Use after free in Media Stream in Google Chrome prior to 138.0.7204.18 ...)
{DSA-5968-1}
@@ -15151,7 +15393,7 @@ CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for G
NOT-FOR-US: Escalade GLPI plugin
CVE-2024-35164 (The terminal emulator of Apache Guacamole 1.5.5 and older does not pro ...)
- guacamole-client <removed>
-CVE-2024-39954
+CVE-2024-39954 (CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module ...)
NOT-FOR-US: Apache EventMesh
CVE-2025-6920 (A flaw was found in the authentication enforcement mechanism of a mode ...)
NOT-FOR-US: Red Hat AI Inference Server
@@ -16098,7 +16340,7 @@ CVE-2025-52555 (Ceph is a distributed object, block, and file storage platform.
NOTE: https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm
NOTE: Regression fix: https://github.com/ceph/ceph/pull/64356
NOTE: Regression tracked in Debian as: https://bugs.debian.org/1109470
-CVE-2025-4437
+CVE-2025-4437 (There's a vulnerability in the CRI-O application where when container ...)
- cri-o <itp> (bug #979702)
CVE-2025-6710 (MongoDB Server may be susceptible to stack overflow due to JSON parsin ...)
- mongodb <removed>
@@ -16713,7 +16955,7 @@ CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized varia
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 (libssh-0.11.2)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb (libssh-0.11.2)
-CVE-2025-4877
+CVE-2025-4877 (There's a vulnerability in the libssh package where when a libssh cons ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
[bullseye] - libssh <postponed> (Minor issue)
@@ -23674,7 +23916,7 @@ CVE-2025-5499 (A vulnerability classified as critical has been found in slackero
NOT-FOR-US: slackero phpwcms
CVE-2025-5498 (A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It ...)
NOT-FOR-US: slackero phpwcms
-CVE-2025-5497 (A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It ...)
+CVE-2025-5497 (A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. ...)
NOT-FOR-US: slackero phpwcms
CVE-2025-5495 (A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has b ...)
NOT-FOR-US: Netgear
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da0010b13bcbacd686cb74b55d3fed063b320df2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da0010b13bcbacd686cb74b55d3fed063b320df2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/4c7e42f0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list