[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 26 09:12:15 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbe45f53 by security tracker role at 2025-08-26T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2025-9476 (A vulnerability has been found in SourceCodester Human Resource Inform ...)
+ TODO: check
+CVE-2025-9475 (A flaw has been found in SourceCodester Human Resource Information Sys ...)
+ TODO: check
+CVE-2025-9474 (A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Aff ...)
+ TODO: check
+CVE-2025-9473 (A security vulnerability has been detected in SourceCodester Online Ba ...)
+ TODO: check
+CVE-2025-9472 (A vulnerability was found in itsourcecode Apartment Management System ...)
+ TODO: check
+CVE-2025-9471 (A vulnerability has been found in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9470 (A flaw has been found in itsourcecode Apartment Management System 1.0. ...)
+ TODO: check
+CVE-2025-9469 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
+ TODO: check
+CVE-2025-9468 (A security vulnerability has been detected in itsourcecode Apartment M ...)
+ TODO: check
+CVE-2025-9461 (A weakness has been identified in diyhi bbs up to 6.8. The impacted el ...)
+ TODO: check
+CVE-2025-9444 (A vulnerability has been found in 1000projects Online Project Report S ...)
+ TODO: check
+CVE-2025-9443 (A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affect ...)
+ TODO: check
+CVE-2025-9440 (A security vulnerability has been detected in 1000projects Online Proj ...)
+ TODO: check
+CVE-2025-9439 (A weakness has been identified in 1000projects Online Project Report S ...)
+ TODO: check
+CVE-2025-9438 (A security flaw has been discovered in 1000projects Online Project Rep ...)
+ TODO: check
+CVE-2025-9434 (A vulnerability was determined in 1000projects Online Project Report S ...)
+ TODO: check
+CVE-2025-9433 (A vulnerability was found in mtons mblog up to 3.5.0. The impacted ele ...)
+ TODO: check
+CVE-2025-9432 (A vulnerability has been found in mtons mblog up to 3.5.0. The affecte ...)
+ TODO: check
+CVE-2025-9431 (A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unkno ...)
+ TODO: check
+CVE-2025-9430 (A vulnerability was detected in mtons mblog up to 3.5.0. This issue af ...)
+ TODO: check
+CVE-2025-9429 (A security vulnerability has been detected in mtons mblog up to 3.5.0. ...)
+ TODO: check
+CVE-2025-9426 (A weakness has been identified in itsourcecode Online Tour and Travel ...)
+ TODO: check
+CVE-2025-9425 (A security flaw has been discovered in itsourcecode Online Tour and Tr ...)
+ TODO: check
+CVE-2025-9424 (A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected ...)
+ TODO: check
+CVE-2025-9423 (A vulnerability was determined in Campcodes Online Water Billing Syste ...)
+ TODO: check
+CVE-2025-9422 (A vulnerability was found in oitcode samarium up to 0.9.6. This impact ...)
+ TODO: check
+CVE-2025-9421 (A vulnerability has been found in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9420 (A flaw has been found in itsourcecode Apartment Management System 1.0. ...)
+ TODO: check
+CVE-2025-9419 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
+ TODO: check
+CVE-2025-9418 (A security vulnerability has been detected in itsourcecode Apartment M ...)
+ TODO: check
+CVE-2025-9172 (The Vibes plugin for WordPress is vulnerable to time-based SQL Injecti ...)
+ TODO: check
+CVE-2025-8627 (The TP-Link KP303 Smartplugcan be issued unauthenticated protocol comm ...)
+ TODO: check
+CVE-2025-8447 (An improper access control vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2025-6188 (On affected platforms running Arista EOS, maliciously formed UDP packe ...)
+ TODO: check
+CVE-2025-5931 (The Dokan Pro plugin for WordPress is vulnerable to privilege escalati ...)
+ TODO: check
+CVE-2025-57814 (request-filtering-agent is an http(s).Agent implementation that blocks ...)
+ TODO: check
+CVE-2025-57809 (XGrammar is an open-source library for efficient, flexible, and portab ...)
+ TODO: check
+CVE-2025-57805 (The Scratch Channel is a news website. In versions 1 and 1.1, a POST r ...)
+ TODO: check
+CVE-2025-57804 (h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...)
+ TODO: check
+CVE-2025-57704 (Delta Electronics EIP Builder version 1.11 is vulnerable to a File Par ...)
+ TODO: check
+CVE-2025-53419 (Delta Electronics COMMGR has Code Injection vulnerability.)
+ TODO: check
+CVE-2025-53418 (Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability ...)
+ TODO: check
+CVE-2025-41702 (The JWT secret key is embedded in the egOS WebGUI backend and is reada ...)
+ TODO: check
+CVE-2024-8860 (The Tourfic plugin for WordPress is vulnerable to unauthorized modific ...)
+ TODO: check
CVE-2025-9417 (A weakness has been identified in itsourcecode Apartment Management Sy ...)
NOT-FOR-US: itsourcecode System
CVE-2025-9416 (A security flaw has been discovered in oitcode samarium up to 0.9.6. T ...)
@@ -14903,16 +14991,19 @@ CVE-2024-37657 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a re
CVE-2024-37656 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote a ...)
NOT-FOR-US: Gnuboard
CVE-2024-25178 (LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an ...)
+ {DLA-4283-1}
- luajit 2.1.0+openresty20240314-1
[bookworm] - luajit <no-dsa> (Minor issue)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/1152
NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8 (v2.1)
CVE-2024-25177 (LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an ...)
+ {DLA-4283-1}
- luajit 2.1.0+openresty20240314-1
[bookworm] - luajit <no-dsa> (Minor issue)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/1147
NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f (v2.1)
CVE-2024-25176 (LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a s ...)
+ {DLA-4283-1}
- luajit 2.1.0+openresty20240314-1
[bookworm] - luajit <no-dsa> (Minor issue)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/1149
@@ -414984,6 +415075,7 @@ CVE-2020-24374 (A DNS rebinding vulnerability in Freebox v5 before 1.5.29.)
CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...)
NOT-FOR-US: Freebox
CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...)
+ {DLA-4283-1}
- luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/603
NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/12ab596997b9cb27846a5b254d11230c3f9c50c8 (v2.1)
@@ -433492,7 +433584,7 @@ CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices
CVE-2020-15891
RESERVED
CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...)
- {DLA-2296-1}
+ {DLA-4283-1 DLA-2296-1}
- luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant; bug #966148)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6
@@ -473162,6 +473254,7 @@ CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...)
+ {DLA-4283-1}
- luajit 2.1.0~beta3+git20210112+dfsg-2 (bug #946053; unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
NOTE: Negligible security impact. The debug library is unsafe per se and one is
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbe45f53d3757f1c115ad79ccfc5a0264e63c7cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbe45f53d3757f1c115ad79ccfc5a0264e63c7cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250826/d74a2089/attachment.htm>
More information about the debian-security-tracker-commits
mailing list