[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 21 21:12:15 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4416eeab by security tracker role at 2025-08-21T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2025-9311 (A vulnerability was identified in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9310 (A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d2 ...)
+ TODO: check
+CVE-2025-9309 (A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an un ...)
+ TODO: check
+CVE-2025-9308 (A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This imp ...)
+ TODO: check
+CVE-2025-9307 (A flaw has been found in PHPGurukul Online Course Registration 3.1. Th ...)
+ TODO: check
+CVE-2025-9306 (A vulnerability was detected in SourceCodester Advanced School Managem ...)
+ TODO: check
+CVE-2025-9305 (A security vulnerability has been detected in SourceCodester Online Ba ...)
+ TODO: check
+CVE-2025-9304 (A weakness has been identified in SourceCodester Online Bank Managemen ...)
+ TODO: check
+CVE-2025-9303 (A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B202 ...)
+ TODO: check
+CVE-2025-9302 (A vulnerability was identified in PHPGurukul User Management System 1. ...)
+ TODO: check
+CVE-2025-9301 (A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This af ...)
+ TODO: check
+CVE-2025-9300 (A vulnerability was found in saitoha libsixel up to 1.10.3. Affected b ...)
+ TODO: check
+CVE-2025-9299 (A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this ...)
+ TODO: check
+CVE-2025-9298 (A flaw has been found in Tenda M3 1.0.0.12. Affected is the function f ...)
+ TODO: check
+CVE-2025-9297 (A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts ...)
+ TODO: check
+CVE-2025-9296 (A security vulnerability has been detected in Emlog Pro up to 2.5.18. ...)
+ TODO: check
+CVE-2025-8402 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-8064 (The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-7969 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-7051 (On N-central, it is possible for any authenticated user to read, write ...)
+ TODO: check
+CVE-2025-6465 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10. ...)
+ TODO: check
+CVE-2025-57768 (Phproject is a high performance full-featured project management syste ...)
+ TODO: check
+CVE-2025-57765 (WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a ...)
+ TODO: check
+CVE-2025-57764 (WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a ...)
+ TODO: check
+CVE-2025-57763 (WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, th ...)
+ TODO: check
+CVE-2025-57762 (WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, th ...)
+ TODO: check
+CVE-2025-57761 (WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, t ...)
+ TODO: check
+CVE-2025-57755 (claude-code-router is a powerful tool to route Claude Code requests to ...)
+ TODO: check
+CVE-2025-57754 (eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In ...)
+ TODO: check
+CVE-2025-57753 (vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server ...)
+ TODO: check
+CVE-2025-57751 (pyLoad is the free and open-source Download Manager written in pure Py ...)
+ TODO: check
+CVE-2025-55744 (UnoPim is an open-source Product Information Management (PIM) system b ...)
+ TODO: check
+CVE-2025-55743 (UnoPim is an open-source Product Information Management (PIM) system b ...)
+ TODO: check
+CVE-2025-55742 (UnoPim is an open-source Product Information Management (PIM) system b ...)
+ TODO: check
+CVE-2025-55564 (Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list p ...)
+ TODO: check
+CVE-2025-55524 (Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrari ...)
+ TODO: check
+CVE-2025-55523 (An issue in the component /api/download_work_dir_file.py of Agent-Zero ...)
+ TODO: check
+CVE-2025-55522 (Cross-site scripting (XSS) vulnerability in the component /common/repo ...)
+ TODO: check
+CVE-2025-55521 (An issue in the component /settings/localisation of Akaunting v3.1.18 ...)
+ TODO: check
+CVE-2025-55420 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /ind ...)
+ TODO: check
+CVE-2025-55383 (Moss before v0.15 has a file upload vulnerability. The "upload" functi ...)
+ TODO: check
+CVE-2025-55371 (Incorrect access control in the component /controller/PersonController ...)
+ TODO: check
+CVE-2025-55370 (Incorrect access control in the component \controller\ResourceControll ...)
+ TODO: check
+CVE-2025-55368 (Incorrect access control in the component \controller\RoleController.j ...)
+ TODO: check
+CVE-2025-55367 (Incorrect access control in the component \controller\SupplierControll ...)
+ TODO: check
+CVE-2025-55366 (Incorrect access control in the component \controller\UserController.j ...)
+ TODO: check
+CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2025-55231 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-55230 (Untrusted pointer dereference in Windows MBT Transport driver allows a ...)
+ TODO: check
+CVE-2025-55229 (Improper verification of cryptographic signature in Windows Certificat ...)
+ TODO: check
+CVE-2025-55107 (There is a stored Cross-site Scripting vulnerability in Esri Portal ...)
+ TODO: check
+CVE-2025-55106 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2025-55105 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2025-55104 (A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB an ...)
+ TODO: check
+CVE-2025-55103 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2025-54460 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-53795 (Improper authorization in Microsoft PC Manager allows an unauthorized ...)
+ TODO: check
+CVE-2025-53763 (Improper access control in Azure Databricks allows an unauthorized att ...)
+ TODO: check
+CVE-2025-53251 (Unrestricted Upload of File with Dangerous Type vulnerability in An-Th ...)
+ TODO: check
+CVE-2025-52395 (An issue in Roadcute API v.1 allows a remote attacker to execute arbit ...)
+ TODO: check
+CVE-2025-52352 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a conf ...)
+ TODO: check
+CVE-2025-52351 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly g ...)
+ TODO: check
+CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version 1.2.2 and ...)
+ TODO: check
+CVE-2025-51989 (HTML injection vulnerability in the registration interface in Evolutio ...)
+ TODO: check
+CVE-2025-51818 (MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.ph ...)
+ TODO: check
+CVE-2025-50860 (SQL Injection in the listdomains function in Easy Hosting Control Pane ...)
+ TODO: check
+CVE-2025-48956 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-47184 (An XML external entities (XXE) injection vulnerability in the /init AP ...)
+ TODO: check
+CVE-2025-43756 (<!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}- ...)
+ TODO: check
+CVE-2025-43755 (A Stored cross-site scripting vulnerability in the Liferay Portal 7.4. ...)
+ TODO: check
+CVE-2025-43754 (Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4 ...)
+ TODO: check
+CVE-2025-41415 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-3128 (A remote unauthenticated attacker who has bypassed authentication coul ...)
+ TODO: check
+CVE-2025-38743 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a ...)
+ TODO: check
+CVE-2025-38742 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a ...)
+ TODO: check
+CVE-2025-34158 (Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affecte ...)
+ TODO: check
+CVE-2025-27721 (Unauthorized users can access INFINITT PACS System Managerwithout prop ...)
+ TODO: check
+CVE-2025-27714 (An attacker could exploit this vulnerability by uploading arbitrary f ...)
+ TODO: check
+CVE-2025-24489 (An attacker could exploit this vulnerability by uploading arbitrary f ...)
+ TODO: check
+CVE-2024-50641 (An authentication bypass vulnerability in PandoraNext-TokensTool v0.6. ...)
+ TODO: check
+CVE-2024-45438 (An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8. ...)
+ TODO: check
CVE-2025-XXXX [OSSN-0094]
- nova 2:31.0.0-7 (bug #1111689)
- watcher 14.0.0-3 (bug #1111692)
@@ -663,7 +825,7 @@ CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a stored cr ...)
NOT-FOR-US: Prism Central
-CVE-2025-9162
+CVE-2025-9162 (A flaw was found in org.keycloak/keycloak-model-storage-service. The K ...)
- keycloak <itp> (bug #1088287)
CVE-2025-55033 (Dragging JavaScript links to the URL bar in Focus for iOS could be uti ...)
NOT-FOR-US: Firefox Focus for iOS
@@ -684,7 +846,7 @@ CVE-2025-9186 (Spoofing issue in the Address Bar component of Firefox Focus for
- firefox <not-affected> (Specific to Firefox Focus on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox-esr 128.14.0esr-1
- firefox <unfixed>
- thunderbird <unfixed>
@@ -701,7 +863,7 @@ CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics: WebRende
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vulnerab ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -709,7 +871,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.' This ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -717,7 +879,7 @@ CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.'
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP process w ...)
- {DSA-5980-1}
+ {DSA-5980-1 DLA-4277-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -3791,15 +3953,19 @@ CVE-2025-53857 (Mattermost Confluence Plugin version <1.5.0 fails to check the a
NOT-FOR-US: Mattermost Confluence Plugin
CVE-2025-53514 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
NOT-FOR-US: Mattermost Confluence Plugin
-CVE-2025-53191 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
+CVE-2025-53191
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53190 (A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08. ...)
+CVE-2025-53190
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53189 (Authorization Bypass Through User-Controlled Key vulnerability in ABB ...)
+CVE-2025-53189
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53188 (Insufficiently Protected Credentials vulnerability in ABB Aspect.This ...)
+CVE-2025-53188
+ REJECTED
NOT-FOR-US: ABB group
-CVE-2025-53187 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+CVE-2025-53187 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
NOT-FOR-US: ABB group
CVE-2025-52931 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
NOT-FOR-US: Mattermost Confluence Plugin
@@ -5751,6 +5917,7 @@ CVE-2025-54593 (FreshRSS is a free, self-hostable RSS aggregator. In versions 1.
CVE-2025-54590 (webfinger.js is a TypeScript-based WebFinger client that runs in both ...)
NOT-FOR-US: webfinger.js (not the same as src:node-webfinger)
CVE-2025-54574 (Squid is a caching proxy for the Web. In versions 6.3 and below, Squid ...)
+ {DSA-5982-1}
- squid 6.5-1
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
NOTE: https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (SQUID_6_4)
@@ -188492,6 +188659,7 @@ CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote atta
NOTE: https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
NOTE: https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of HTTP r ...)
+ {DSA-5982-1}
- squid 6.5-1 (bug #1055249)
[bullseye] - squid <ignored> (Minor impact, too intrusive to backport to 5.x)
- squid3 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4416eeab513b750372400865a48b913f5fedfc85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4416eeab513b750372400865a48b913f5fedfc85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250821/33edb457/attachment.htm>
More information about the debian-security-tracker-commits
mailing list