[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 27 21:13:03 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6fe2874 by security tracker role at 2025-08-27T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,186 @@
-CVE-2025-58050
+CVE-2025-9533 (A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. ...)
+ TODO: check
+CVE-2025-9532 (A flaw has been found in Portabilis i-Educar up to 2.10. This impacts ...)
+ TODO: check
+CVE-2025-9531 (A vulnerability was detected in Portabilis i-Educar up to 2.10. This a ...)
+ TODO: check
+CVE-2025-9529 (A weakness has been identified in Campcodes Payroll Management System ...)
+ TODO: check
+CVE-2025-9528 (A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vuln ...)
+ TODO: check
+CVE-2025-9527 (A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects t ...)
+ TODO: check
+CVE-2025-9526 (A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected ...)
+ TODO: check
+CVE-2025-9525 (A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this v ...)
+ TODO: check
+CVE-2025-9523 (A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is ...)
+ TODO: check
+CVE-2025-5187 (A vulnerability exists in the NodeRestriction admission controller in ...)
+ TODO: check
+CVE-2025-5101 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2025-58218 (Deserialization of Untrusted Data vulnerability in enituretechnology S ...)
+ TODO: check
+CVE-2025-58217 (Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant ...)
+ TODO: check
+CVE-2025-58216 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58212 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58211 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58209 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58208 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58205 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58204 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in E ...)
+ TODO: check
+CVE-2025-58203 (Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Ex ...)
+ TODO: check
+CVE-2025-58202 (Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippet ...)
+ TODO: check
+CVE-2025-58201 (Missing Authorization vulnerability in AfterShip & Automizely AfterShi ...)
+ TODO: check
+CVE-2025-58198 (Missing Authorization vulnerability in Xpro Xpro Theme Builder allows ...)
+ TODO: check
+CVE-2025-58197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58193 (Missing Authorization vulnerability in Uncanny Owl Uncanny Automator a ...)
+ TODO: check
+CVE-2025-58192 (Missing Authorization vulnerability in Xylus Themes WP Bulk Delete all ...)
+ TODO: check
+CVE-2025-57821 (Basecamp's Google Sign-In adds Google sign-in to Rails applications. P ...)
+ TODO: check
+CVE-2025-56694 (Client-side password validation (CWE-602) in lumasoft fotoShare Cloud ...)
+ TODO: check
+CVE-2025-55618 (In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker ca ...)
+ TODO: check
+CVE-2025-55582 (D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watc ...)
+ TODO: check
+CVE-2025-55495 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2025-55422 (In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulne ...)
+ TODO: check
+CVE-2025-54598 (The Bevy Event service through 2025-07-22, as used for eBay Seller Eve ...)
+ TODO: check
+CVE-2025-53105 (GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a F ...)
+ TODO: check
+CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an S ...)
+ TODO: check
+CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The / ...)
+ TODO: check
+CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection vulnerabilit ...)
+ TODO: check
+CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple stored cro ...)
+ TODO: check
+CVE-2025-50985 (diskover-web v2.3.0 Community Edition is vulnerable to multiple reflec ...)
+ TODO: check
+CVE-2025-50984 (diskover-web v2.3.0 Community Edition is vulnerable to multiple boolea ...)
+ TODO: check
+CVE-2025-50983 (SQL Injection vulnerability exists in the sortKey parameter of the GET ...)
+ TODO: check
+CVE-2025-50979 (NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories ...)
+ TODO: check
+CVE-2025-50978 (In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerabilit ...)
+ TODO: check
+CVE-2025-50977 (A template injection vulnerability leading to reflected cross-site scr ...)
+ TODO: check
+CVE-2025-50972 (SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticate ...)
+ TODO: check
+CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnera ...)
+ TODO: check
+CVE-2025-4225 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-43882 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified ...)
+ TODO: check
+CVE-2025-43730 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper N ...)
+ TODO: check
+CVE-2025-43729 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect ...)
+ TODO: check
+CVE-2025-43728 (Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection M ...)
+ TODO: check
+CVE-2025-3601 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-34161 (Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote ...)
+ TODO: check
+CVE-2025-34159 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote ...)
+ TODO: check
+CVE-2025-34157 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored ...)
+ TODO: check
+CVE-2025-30064 (An insufficiently secured internal function allows session generation ...)
+ TODO: check
+CVE-2025-30063 (The configuration file containing database logins and passwords is rea ...)
+ TODO: check
+CVE-2025-30061 (In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL i ...)
+ TODO: check
+CVE-2025-30060 (In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vu ...)
+ TODO: check
+CVE-2025-30059 (In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" functio ...)
+ TODO: check
+CVE-2025-30058 (In the PatientService.pl service, the "getPatientIdentifier" function ...)
+ TODO: check
+CVE-2025-30057 (In UHCRTFDoc, the filename parameter can be exploited to execute arbit ...)
+ TODO: check
+CVE-2025-30056 (The RunCommand function accepts any parameter, which is then passed fo ...)
+ TODO: check
+CVE-2025-30055 (The "system" function receives untrusted input from the user. If the " ...)
+ TODO: check
+CVE-2025-30048 (The "serverConfig" endpoint, which returns the module configuration in ...)
+ TODO: check
+CVE-2025-30041 (The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/Clin ...)
+ TODO: check
+CVE-2025-30040 (The vulnerability allows unauthenticated users to download a file cont ...)
+ TODO: check
+CVE-2025-30039 (Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions ...)
+ TODO: check
+CVE-2025-30038 (The vulnerability consists of a session ID leak when saving a file dow ...)
+ TODO: check
+CVE-2025-30037 (The system exposes several endpoints, typically including "/int/" in t ...)
+ TODO: check
+CVE-2025-30036 (Stored XSS vulnerability exists in the "Oddzia\u0142" (Ward) module, i ...)
+ TODO: check
+CVE-2025-2313 (In the Print.pl service, the "uhcPrintServerPrint" function allows exe ...)
+ TODO: check
+CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and ...)
+ TODO: check
+CVE-2025-20347 (A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and ...)
+ TODO: check
+CVE-2025-20344 (A vulnerability in the backup restore functionality of Cisco Nexus Das ...)
+ TODO: check
+CVE-2025-20342 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connectio ...)
+ TODO: check
+CVE-2025-20317 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connectio ...)
+ TODO: check
+CVE-2025-20296 (A vulnerability in the web-based management interface of Cisco UCS Man ...)
+ TODO: check
+CVE-2025-20295 (A vulnerability in the CLI of Cisco UCS Manager Software could allow a ...)
+ TODO: check
+CVE-2025-20294 (Multiple vulnerabilities in the CLI and web-based management interface ...)
+ TODO: check
+CVE-2025-20292 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2025-20290 (A vulnerability in the logging feature of Cisco NX-OS Software for Cis ...)
+ TODO: check
+CVE-2025-20262 (A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) ...)
+ TODO: check
+CVE-2025-20241 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
+ TODO: check
+CVE-2024-37777 (O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vu ...)
+ TODO: check
+CVE-2025-58050 (The PCRE2 library is a set of C functions that implement regular expre ...)
- pcre2 <unfixed>
[bookworm] - pcre2 <not-affected> (Vulnerable code not present)
[bullseye] - pcre2 <not-affected> (Vulnerable code not present)
@@ -30626,7 +30808,7 @@ CVE-2024-53827 (Ericsson Packet Core Controller (PCC) contains a vulnerability w
NOT-FOR-US: Ericsson
CVE-2024-51475 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML ...)
NOT-FOR-US: IBM
-CVE-2024-4665 (The EventPrime WordPress plugin before 3.5.0 does not properly valida ...)
+CVE-2024-4665 (The EventPrime WordPress plugin before 3.5.0 does not properly validat ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4091 (The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sa ...)
NOT-FOR-US: WordPress plugin
@@ -38578,7 +38760,7 @@ CVE-2025-2987 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side
NOT-FOR-US: IBM
CVE-2025-2839 (The WP Import Export Lite plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-2594 (The User Registration & Membership WordPress plugin before 4.1.3 does ...)
+CVE-2025-2594 (The User Registration & Membership WordPress plugin before 4.1.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2300 (Hitachi Ops Center Common Services within Hitachi Ops Center OVA conta ...)
NOT-FOR-US: Hitachi
@@ -65741,7 +65923,7 @@ CVE-2025-20881 (Out-of-bounds write in accessing buffer storing the decoded vide
NOT-FOR-US: Samsung
CVE-2025-1003 (A potential vulnerability has been identified in HP Anyware Agent for ...)
NOT-FOR-US: HP
-CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not properly prote ...)
+CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not properly protec ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0368 (The Banner Garden Plugin for WordPress plugin through 0.1.3 does not s ...)
NOT-FOR-US: WordPress plugin
@@ -101474,7 +101656,7 @@ CVE-2024-9292 (The Bridge Core plugin for WordPress is vulnerable to Stored Cros
NOT-FOR-US: WordPress plugin
CVE-2024-9021 (In the process of testing the Relevanssi WordPress plugin before 4.23 ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-8983 (Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering s ...)
+CVE-2024-8983 (Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8964 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6fe28743232f2b821f251e78b1f90ce469cba32
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6fe28743232f2b821f251e78b1f90ce469cba32
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250827/00885d5f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list