[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 27 09:12:49 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ec0c5bc by security tracker role at 2025-08-27T08:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-9514 (A vulnerability has been found in macrozheng mall up to 1.0.3. This im ...)
+ TODO: check
+CVE-2025-9513 (A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects ...)
+ TODO: check
+CVE-2025-9511 (A vulnerability was identified in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9510 (A security vulnerability has been detected in itsourcecode Apartment M ...)
+ TODO: check
+CVE-2025-9509 (A security flaw has been discovered in itsourcecode Apartment Manageme ...)
+ TODO: check
+CVE-2025-9508 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
+ TODO: check
+CVE-2025-9507 (A weakness has been identified in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9506 (A vulnerability has been found in Campcodes Online Loan Management Sys ...)
+ TODO: check
+CVE-2025-9505 (A flaw has been found in Campcodes Online Loan Management System 1.0. ...)
+ TODO: check
+CVE-2025-9504 (A vulnerability was detected in Campcodes Online Loan Management Syste ...)
+ TODO: check
+CVE-2025-9503 (A security vulnerability has been detected in Campcodes Online Loan Ma ...)
+ TODO: check
+CVE-2025-9502 (A weakness has been identified in Campcodes Online Loan Management Sys ...)
+ TODO: check
+CVE-2025-9492 (A vulnerability was determined in Campcodes Online Water Billing Syste ...)
+ TODO: check
+CVE-2025-9277 (The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-8490 (The All-in-One WP Migration and Backup plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-7732 (The Lazy Load for Videos plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-57846 (Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue wi ...)
+ TODO: check
+CVE-2025-57820 (Svelte devalue is a utility library. Prior to version 5.3.2, a string ...)
+ TODO: check
+CVE-2025-57797 (Incorrect privilege assignment vulnerability exists in ScanSnap Manage ...)
+ TODO: check
+CVE-2025-49040 (Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows ...)
+ TODO: check
+CVE-2025-49039 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49035 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48081 (Path Traversal: '.../...//' vulnerability in Printeers Printeers Print ...)
+ TODO: check
+CVE-2025-35115 (Agiloft Release 28 downloads critical system packages over an insecure ...)
+ TODO: check
+CVE-2025-35114 (Agiloft Release 28 contains several accounts with default credentials ...)
+ TODO: check
+CVE-2025-35113 (Agiloft Release 28 does not properly neutralize special elements used ...)
+ TODO: check
+CVE-2025-35112 (Agiloft Release 28 contains an XML External Entities vulnerability in ...)
+ TODO: check
+CVE-2025-26417 (In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is ...)
+ TODO: check
+CVE-2025-22413 (In multiple functions of hyp-main.c, there is a possible privilege esc ...)
+ TODO: check
+CVE-2025-22412 (In multiple functions of sdp_server.cc, there is a possible use after ...)
+ TODO: check
+CVE-2025-22411 (In process_service_attr_rsp of sdp_discovery.cc, there is a possible u ...)
+ TODO: check
+CVE-2025-22410 (In multiple locations, there is a possible way to execute arbitrary co ...)
+ TODO: check
+CVE-2025-22409 (In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to ex ...)
+ TODO: check
+CVE-2025-22408 (In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to exec ...)
+ TODO: check
+CVE-2025-22407 (In hidd_check_config_done of hidd_conn.cc, there is a possible way to ...)
+ TODO: check
+CVE-2025-22406 (In bnepu_check_send_packet of bnep_utils.cc, there is a possible way t ...)
+ TODO: check
+CVE-2025-22405 (In multiple locations, there is a possible way to execute arbitrary co ...)
+ TODO: check
+CVE-2025-22404 (In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to exe ...)
+ TODO: check
+CVE-2025-22403 (In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible ...)
+ TODO: check
+CVE-2025-0093 (In handleBondStateChanged of AdapterService.java, there is a possible ...)
+ TODO: check
+CVE-2025-0092 (In handleBondStateChanged of AdapterService.java, there is a possible ...)
+ TODO: check
+CVE-2025-0086 (In onResult of AccountManagerService.java, there is a possible way to ...)
+ TODO: check
+CVE-2025-0084 (In multiple locations, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2025-0083 (In multiple locations, there is a possible way to access content acros ...)
+ TODO: check
+CVE-2025-0082 (In multiple functions of StatusHint.java and TelecomServiceImpl.java, ...)
+ TODO: check
+CVE-2025-0081 (In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is ...)
+ TODO: check
+CVE-2025-0080 (In multiple locations, there is a possible way to overlay the installa ...)
+ TODO: check
+CVE-2025-0079 (In multiple locations, there is a possible way that avdtp and avctp ch ...)
+ TODO: check
+CVE-2025-0078 (In main of main.cpp, there is a possible way to bypass SELinux due to ...)
+ TODO: check
+CVE-2025-0075 (In process_service_search_attr_req of sdp_server.cc, there is a possib ...)
+ TODO: check
+CVE-2025-0074 (In process_service_attr_rsp of sdp_discovery.cc, there is a possible w ...)
+ TODO: check
+CVE-2024-49740 (In multiple locations, there is a possible crash loop due to resource ...)
+ TODO: check
+CVE-2024-47192 (An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a ma ...)
+ TODO: check
+CVE-2024-35203 (Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scriptin ...)
+ TODO: check
+CVE-2021-4459 (An authorized remote attacker can access files and directories outside ...)
+ TODO: check
CVE-2025-9491 (Microsoft Windows LNK File UI Misrepresentation Remote Code Execution ...)
NOT-FOR-US: Microsoft
CVE-2025-9483 (A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE700 ...)
@@ -2487,14 +2597,14 @@ CVE-2025-38555 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-38554 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9bbffee67ffd16360179327b57f3b1245579ef08 (6.17-rc1)
-CVE-2025-55298 [imagemagick GHSA-9ccg-6pjw-x645]
+CVE-2025-55298 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick <unfixed> (bug #1111586)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645
NOTE: https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d789bdf7aabb955b88fbc95653aa9dbf6c5d259f
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/731ce3a7aa7fabebaa322711c04ce5f5cf22edf4
-CVE-2025-55212 [imagemagick GHSA-fh55-q5pj-pxgw]
+CVE-2025-55212 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick <unfixed> (bug #1111587)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af
@@ -3089,7 +3199,7 @@ CVE-2025-9047 (A vulnerability has been found in projectworlds Visitor Managemen
NOT-FOR-US: Project Worlds
CVE-2025-9046 (A vulnerability was identified in Tenda AC20 16.03.08.12. This issue a ...)
NOT-FOR-US: Tenda
-CVE-2025-9028 (A vulnerability was found in code-projects Online Medicine Guide 1.0. ...)
+CVE-2025-9028 (A flaw has been found in code-projects Online Medicine Guide 1.0. This ...)
NOT-FOR-US: code-projects
CVE-2025-9027 (A vulnerability has been found in code-projects Online Medicine Guide ...)
NOT-FOR-US: code-projects
@@ -139448,7 +139558,7 @@ CVE-2023-33310 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
NOT-FOR-US: WordPress plugin
CVE-2023-32297 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-32244 (Improper Privilege Management vulnerability in XTemos Woodmart Core al ...)
+CVE-2023-32244 (Improper Privilege Management vulnerability in xtemos Woodmart Core al ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32129 (Missing Authorization vulnerability in Sparkle WP Editorialmag editori ...)
NOT-FOR-US: WordPress plugin
@@ -167956,7 +168066,7 @@ CVE-2024-0034 (In BackgroundLaunchProcessController, there is a possible way to
NOT-FOR-US: Android
CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible missing s ...)
NOT-FOR-US: Android
-CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a possible ...)
+CVE-2024-0032 (In multiple locations, there is a possible way to request access to di ...)
NOT-FOR-US: Android
CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a p ...)
NOT-FOR-US: Android
@@ -229110,7 +229220,7 @@ CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Rea
NOT-FOR-US: WordPress plugin
CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26009 (Improper Privilege Management vulnerability in favethemes Houzez Login ...)
+CVE-2023-26009 (Improper Privilege Management vulnerability in Favethemes Houzez Login ...)
NOT-FOR-US: Favethemes Houzez
CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...)
NOT-FOR-US: WordPress plugin
@@ -253756,8 +253866,8 @@ CVE-2023-21127 (In readSampleData of NuMediaExtractor.cpp, there is a possible o
NOT-FOR-US: Android
CVE-2023-21126 (In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, the ...)
NOT-FOR-US: Android
-CVE-2023-21125
- RESERVED
+CVE-2023-21125 (In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to ...)
+ TODO: check
CVE-2023-21124 (In run of multiple files, there is a possible escalation of privilege ...)
NOT-FOR-US: Android
CVE-2023-21123 (In multiple functions of multiple files, there is a possible way to by ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ec0c5bcda2e5f26d7fd789564e12ed4d37c080f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ec0c5bcda2e5f26d7fd789564e12ed4d37c080f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250827/e2e00176/attachment.htm>
More information about the debian-security-tracker-commits
mailing list