[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 28 21:12:59 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a2bcbbc by security tracker role at 2025-08-28T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,408 @@
+CVE-2025-9584 (A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this iss ...)
+ TODO: check
+CVE-2025-9583 (A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by thi ...)
+ TODO: check
+CVE-2025-9582 (A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ...)
+ TODO: check
+CVE-2025-9581 (A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the ...)
+ TODO: check
+CVE-2025-9580 (A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. Th ...)
+ TODO: check
+CVE-2025-9579 (A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted e ...)
+ TODO: check
+CVE-2025-9578 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
+CVE-2025-9577 (A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. Th ...)
+ TODO: check
+CVE-2025-9576 (A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Im ...)
+ TODO: check
+CVE-2025-9575 (A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE65 ...)
+ TODO: check
+CVE-2025-9376 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
+ TODO: check
+CVE-2025-9352 (The Pronamic Google Maps plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-9346 (The Booking Calendar plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-9345 (The File Manager, Code Editor, and Backup by Managefy plugin for WordP ...)
+ TODO: check
+CVE-2025-9344 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...)
+ TODO: check
+CVE-2025-9195 (Improper input validation in firmware of some Solidigm DC Products may ...)
+ TODO: check
+CVE-2025-8977 (The Simple Download Monitor plugin for WordPress is vulnerable to time ...)
+ TODO: check
+CVE-2025-8897 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
+ TODO: check
+CVE-2025-8603 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-8073 (The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2025-7956 (The Ajax Search Lite plugin for WordPress is vulnerable to Basic Infor ...)
+ TODO: check
+CVE-2025-7955 (The RingCentral Communications plugin for WordPress is vulnerable to A ...)
+ TODO: check
+CVE-2025-7812 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin fo ...)
+ TODO: check
+CVE-2025-6255 (The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2025-6203 (A malicious user may submit a specially-crafted complex payload that o ...)
+ TODO: check
+CVE-2025-58335 (In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284. ...)
+ TODO: check
+CVE-2025-58334 (In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users w ...)
+ TODO: check
+CVE-2025-58322 (NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attac ...)
+ TODO: check
+CVE-2025-58127 (Improper Certificate Validation in Checkmk Exchange plugin Dell Powers ...)
+ TODO: check
+CVE-2025-58126 (Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN ...)
+ TODO: check
+CVE-2025-58125 (Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 ...)
+ TODO: check
+CVE-2025-58124 (Improper Certificate Validation in Checkmk Exchange plugin check-mk-ap ...)
+ TODO: check
+CVE-2025-58123 (Improper Certificate Validation in Checkmk Exchange plugin BGP Monitor ...)
+ TODO: check
+CVE-2025-58081 (Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 an ...)
+ TODO: check
+CVE-2025-58072 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2025-58059 (Valtimo is a platform for Business Process Automation. In versions bef ...)
+ TODO: check
+CVE-2025-58049 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2025-58048 (Paymenter is a free and open-source webshop solution for hostings. Pri ...)
+ TODO: check
+CVE-2025-58047 (Volto is a React based frontend for the Plone Content Management Syste ...)
+ TODO: check
+CVE-2025-57845
+ REJECTED
+CVE-2025-57819 (FreePBX is an open-source web-based graphical user interface. FreePBX ...)
+ TODO: check
+CVE-2025-57767 (Asterisk is an open source private branch exchange and telephony toolk ...)
+ TODO: check
+CVE-2025-57759 (Contao is an Open Source CMS. In versions starting from 5.3.0 and prio ...)
+ TODO: check
+CVE-2025-57758 (Contao is an Open Source CMS. In versions starting from 5.0.0 and prio ...)
+ TODO: check
+CVE-2025-57757 (Contao is an Open Source CMS. In versions starting from 5.0.0 and prio ...)
+ TODO: check
+CVE-2025-57756 (Contao is an Open Source CMS. In versions starting from 4.9.14 and pri ...)
+ TODO: check
+CVE-2025-57220 (An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmw ...)
+ TODO: check
+CVE-2025-57219 (Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4. ...)
+ TODO: check
+CVE-2025-57218 (Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to co ...)
+ TODO: check
+CVE-2025-57217 (Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to co ...)
+ TODO: check
+CVE-2025-57215 (Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-56236 (FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2025-55583 (D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an una ...)
+ TODO: check
+CVE-2025-55175 (QuickCMS is vulnerable to Reflected XSS via sLangEditparameter in admi ...)
+ TODO: check
+CVE-2025-54995 (Asterisk is an open source private branch exchange and telephony toolk ...)
+ TODO: check
+CVE-2025-54819 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54762 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allo ...)
+ TODO: check
+CVE-2025-54742 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
+ TODO: check
+CVE-2025-54738 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-54734 (Missing Authorization vulnerability in bPlugins B Slider allows Exploi ...)
+ TODO: check
+CVE-2025-54733 (Missing Authorization vulnerability in Miles All Bootstrap Blocks allo ...)
+ TODO: check
+CVE-2025-54731 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-54725 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-54724 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54720 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-54716 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54714 (Missing Authorization vulnerability in Dylan James Zephyr Project Mana ...)
+ TODO: check
+CVE-2025-54710 (Missing Authorization vulnerability in bPlugins Tiktok Feed allows Acc ...)
+ TODO: check
+CVE-2025-54544 (QuickCMS is vulnerable to Stored XSS viaaDirFilesDescriptionsparameter ...)
+ TODO: check
+CVE-2025-54543 (QuickCMS is vulnerable to Stored XSS viasDescriptionMetaparameter in p ...)
+ TODO: check
+CVE-2025-54542 (QuickCMS sends password and login via GET Request. This allows alocal ...)
+ TODO: check
+CVE-2025-54541 (QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion ...)
+ TODO: check
+CVE-2025-54540 (QuickCMS is vulnerable to Reflected XSS viasSortparameter in admin's p ...)
+ TODO: check
+CVE-2025-54029 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-53970 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allo ...)
+ TODO: check
+CVE-2025-53588 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-53584 (Deserialization of Untrusted Data vulnerability in emarket-design WP T ...)
+ TODO: check
+CVE-2025-53583 (Deserialization of Untrusted Data vulnerability in emarket-design Empl ...)
+ TODO: check
+CVE-2025-53579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53578 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53576 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53572 (Deserialization of Untrusted Data vulnerability in emarket-design WP E ...)
+ TODO: check
+CVE-2025-53396 (Incorrect permission assignment for critical resource issue exists in ...)
+ TODO: check
+CVE-2025-53337 (Missing Authorization vulnerability in Ashan Perera LifePress allows E ...)
+ TODO: check
+CVE-2025-53334 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53328 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53326 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53250 (Server-Side Request Forgery (SSRF) vulnerability in Chartbeat Chartbea ...)
+ TODO: check
+CVE-2025-53248 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53247 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53244 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53243 (Deserialization of Untrusted Data vulnerability in emarket-design Empl ...)
+ TODO: check
+CVE-2025-53230 (Missing Authorization vulnerability in honzat Page Manager for Element ...)
+ TODO: check
+CVE-2025-53227 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53225 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53224 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53223 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53220 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53216 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53215 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52761 (Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel ...)
+ TODO: check
+CVE-2025-52460 (Files or directories accessible to external parties issue exists in SS ...)
+ TODO: check
+CVE-2025-52054 (An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wir ...)
+ TODO: check
+CVE-2025-51972 (A SQL Injection vulnerability exists in the login.php of PuneethReddyH ...)
+ TODO: check
+CVE-2025-51971 (A reflected Cross-Site Scripting (XSS) vulnerability exists in registe ...)
+ TODO: check
+CVE-2025-51969 (A SQL Injection vulnerability exists in the product.php page of Puneet ...)
+ TODO: check
+CVE-2025-51968 (A SQL Injection vulnerability exists in the action.php file of Puneeth ...)
+ TODO: check
+CVE-2025-51967 (A Reflected Cross-site Scripting (XSS) vulnerability exists in the the ...)
+ TODO: check
+CVE-2025-51643 (Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbon ...)
+ TODO: check
+CVE-2025-49407 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49405 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49404 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49402 (Missing Authorization vulnerability in favethemes Houzez CRM allows Ex ...)
+ TODO: check
+CVE-2025-49388 (Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculou ...)
+ TODO: check
+CVE-2025-49387 (Unrestricted Upload of File with Dangerous Type vulnerability in add-o ...)
+ TODO: check
+CVE-2025-49383 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48963 (Local privilege escalation due to improper soft link handling. The fol ...)
+ TODO: check
+CVE-2025-48365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48364 (Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allo ...)
+ TODO: check
+CVE-2025-48363 (Cross-Site Request Forgery (CSRF) vulnerability in Metin Sara\xe7 Popu ...)
+ TODO: check
+CVE-2025-48362 (Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou ...)
+ TODO: check
+CVE-2025-48361 (Insertion of Sensitive Information Into Sent Data vulnerability in Sae ...)
+ TODO: check
+CVE-2025-48360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48359 (Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT You ...)
+ TODO: check
+CVE-2025-48358 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48357 (Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Centu ...)
+ TODO: check
+CVE-2025-48356 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48354 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48353 (Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank Wo ...)
+ TODO: check
+CVE-2025-48352 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48351 (Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento ...)
+ TODO: check
+CVE-2025-48350 (Missing Authorization vulnerability in Neuralabz LTD AutoWP allows Exp ...)
+ TODO: check
+CVE-2025-48349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48348 (Incorrect Privilege Assignment vulnerability in chandrashekharsahu Sit ...)
+ TODO: check
+CVE-2025-48347 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48343 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU ...)
+ TODO: check
+CVE-2025-48327 (Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allow ...)
+ TODO: check
+CVE-2025-48325 (Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin ...)
+ TODO: check
+CVE-2025-48324 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48323 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48321 (Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate tw ...)
+ TODO: check
+CVE-2025-48320 (Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello \u767e\ ...)
+ TODO: check
+CVE-2025-48319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48318 (Cross-Site Request Forgery (CSRF) vulnerability in shen2 \u591a\u8bf4\ ...)
+ TODO: check
+CVE-2025-48316 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48315 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48314 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48313 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48312 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48311 (Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible ...)
+ TODO: check
+CVE-2025-48310 (Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table ...)
+ TODO: check
+CVE-2025-48309 (Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress a ...)
+ TODO: check
+CVE-2025-48308 (Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newslette ...)
+ TODO: check
+CVE-2025-48307 (Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For I ...)
+ TODO: check
+CVE-2025-48306 (Cross-Site Request Forgery (CSRF) vulnerability in developers savyour ...)
+ TODO: check
+CVE-2025-48305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48304 (Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google ...)
+ TODO: check
+CVE-2025-48110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48109 (Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Bac ...)
+ TODO: check
+CVE-2025-48100 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-46409 (Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and e ...)
+ TODO: check
+CVE-2025-39496 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-36003 (IBM Security Verify Governance Identity Manager 10.0.2 could allow a r ...)
+ TODO: check
+CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the exists in the ...)
+ TODO: check
+CVE-2025-34522 (A heap-based buffer overflow vulnerability exists in the input parsing ...)
+ TODO: check
+CVE-2025-34521 (A reflected cross-site scripting (XSS) vulnerability exists in the web ...)
+ TODO: check
+CVE-2025-34520 (An authentication bypass vulnerability in Arcserve Unified Data Protec ...)
+ TODO: check
+CVE-2025-34163 (Dongsheng Logistics Software exposes an unauthenticated endpoint at /C ...)
+ TODO: check
+CVE-2025-34162 (An unauthenticated SQL injection vulnerability exists in the GetLyfsBy ...)
+ TODO: check
+CVE-2025-34160 (AnyShare contains a critical unauthenticated remote code execution vul ...)
+ TODO: check
+CVE-2025-31979 (A File Upload Validation Bypass vulnerability has been identified in t ...)
+ TODO: check
+CVE-2025-31977 (HCL BigFix SM is affected by cryptographic weakness due to weak or out ...)
+ TODO: check
+CVE-2025-31972 (HCL BigFix SM is affected by a Sensitive Information Exposure vulnerab ...)
+ TODO: check
+CVE-2025-31971 (AIML Solutions for HCL SX is vulnerable to a URL validation vulnerabil ...)
+ TODO: check
+CVE-2025-29364 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2025-25010 (Incorrect authorization in Kibana can lead to privilege escalation via ...)
+ TODO: check
+CVE-2025-0951 (Multiple plugins and/or themes for WordPress by LiquidThemes are vulne ...)
+ TODO: check
+CVE-2024-9648 (The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2024-49790 (IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to c ...)
+ TODO: check
+CVE-2024-48908 (lychee link checking action checks links in Markdown, HTML, and text f ...)
+ TODO: check
+CVE-2024-13986 (Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability ...)
+ TODO: check
+CVE-2024-13985 (A command injection vulnerability in Dahua EIMS versions prior to 2240 ...)
+ TODO: check
+CVE-2024-13984 (QiAnXin TianQing Management Center versions up to and including 6.7.0. ...)
+ TODO: check
+CVE-2024-13982 (SPON IP Network Broadcast System, a digital audio transmission platfor ...)
+ TODO: check
+CVE-2024-13981 (LiveBOS, an object-oriented business architecture middleware suite dev ...)
+ TODO: check
+CVE-2024-13980 (H3C Intelligent Management Center (IMC) versions up to and including E ...)
+ TODO: check
+CVE-2024-13979 (A SQL injection vulnerability exists in the St. Joe ERP system ("\u572 ...)
+ TODO: check
+CVE-2024-13807 (The Xagio SEO plugin for WordPress is vulnerable to Sensitive Informat ...)
+ TODO: check
+CVE-2023-7309 (A path traversal vulnerability exists in the Dahua Smart Park Integrat ...)
+ TODO: check
+CVE-2023-7308 (SecGate3600, a network firewall product developed by NSFOCUS, contains ...)
+ TODO: check
+CVE-2023-7307 (Sangfor Behavior Management System (also referred to as DC Management ...)
+ TODO: check
+CVE-2018-25115 (Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-60 ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0051]
- rust-xcb <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0051.html
NOTE: https://github.com/rust-x-bindings/rust-xcb/issues/282
NOTE: https://github.com/rust-x-bindings/rust-xcb/issues/167
NOTE: https://github.com/rust-x-bindings/rust-xcb/pull/283
-CVE-2025-8067
+CVE-2025-8067 (A flaw was found in the Udisks daemon, where it allows unprivileged us ...)
+ {DSA-5989-1 DLA-4284-1}
- udisks2 2.10.90-3.1
NOTE: https://www.openwall.com/lists/oss-security/2025/08/28/1
NOTE: https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
NOTE: https://github.com/storaged-project/udisks/commit/280b127124332c6436bc8273ef677f218b435593 (master)
NOTE: https://github.com/storaged-project/udisks/commit/9ed2186f668c76aeb472de170d62b499d85a1915 (udisks-2.10.2)
-CVE-2024-58240 [tls: separate no-async decryption request handling from async]
+CVE-2024-58240 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/41532b785e9d79636b3815a64ddf6a096647d011 (6.8-rc7)
-CVE-2025-40779 [Kea crash upon interaction between specific client options and subnet selection]
+CVE-2025-40779 (If a DHCPv4 client sends a request with some specific options, and Kea ...)
- isc-kea <not-affected> (Vulnerable code introduced later, bug #1112247)
NOTE: https://kb.isc.org/docs/cve-2025-40779
NOTE: Backport: https://gitlab.isc.org/isc-projects/kea/-/issues/4055
@@ -333,6 +722,7 @@ CVE-2025-9482 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, R
CVE-2025-9481 (A security vulnerability has been detected in Linksys RE6250, RE6300, ...)
NOT-FOR-US: Linksys
CVE-2025-9478 (Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allow ...)
+ {DSA-5988-1}
- chromium 139.0.7258.154-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9190 (The configuration of Cursor on macOS, specifically the "RunAsNode" fus ...)
@@ -1682,7 +2072,7 @@ CVE-2025-38743 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, cont
NOT-FOR-US: Dell / EMC
CVE-2025-38742 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a ...)
NOT-FOR-US: Dell / EMC
-CVE-2025-34158 (Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affecte ...)
+CVE-2025-34158 (Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is aff ...)
NOT-FOR-US: Plex Media Server (PMS)
CVE-2025-27721 (Unauthorized users can access INFINITT PACS System Managerwithout prop ...)
NOT-FOR-US: INFINITT Healthcare
@@ -11837,7 +12227,7 @@ CVE-2025-6993 (The Ultimate WP Mail plugin for WordPress is vulnerable to Privil
CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V ...)
NOT-FOR-US: TP-Link
CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' ...)
- {DLA-4280-1}
+ {DSA-5987-1 DLA-4280-1}
- unbound 1.22.0-2 (bug #1109427)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/5bf82f246481098a6473f296b21fc1229d276c0f (release-1.23.1)
@@ -102664,7 +103054,7 @@ CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and Linux contains a vulnerabilit
CVE-2023-37822 (The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicat ...)
NOT-FOR-US: Eufy HomeBase 2 model T8010X
CVE-2024-8508 (NLnet Labs Unbound up to and including version 1.21.0 contains a vulne ...)
- {DLA-3952-1}
+ {DSA-5987-1 DLA-3952-1}
- unbound 1.21.1-1 (bug #1083282)
NOTE: Advisory: https://nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-8508.diff
@@ -124943,6 +125333,7 @@ CVE-2024-38525 (dd-trace-cpp is the Datadog distributed tracing for C++. When th
CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to help tea ...)
NOT-FOR-US: BigBlueButton
CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandle ...)
+ {DLA-4285-1}
- golang-github-gin-contrib-cors 1.7.6-1 (bug #1075962)
[trixie] - golang-github-gin-contrib-cors <no-dsa> (Minor issue)
[bookworm] - golang-github-gin-contrib-cors <no-dsa> (Minor issue)
@@ -142316,7 +142707,7 @@ CVE-2024-0445 (The The Plus Addons for Elementor plugin for WordPress is vulnera
CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote attackers to ca ...)
- {DLA-4280-1}
+ {DSA-5987-1 DLA-4280-1}
- unbound 1.20.0-1
[buster] - unbound <ignored> (Not affected by DoS, intrusive changes)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
@@ -338957,7 +339348,8 @@ CVE-2021-41876
RESERVED
CVE-2021-41875
RESERVED
-CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...)
+CVE-2021-41874
+ REJECTED
NOT-FOR-US: Portainer
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2bcbbcedd6ebd9b73f7803d7fec5f71d65860f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2bcbbcedd6ebd9b73f7803d7fec5f71d65860f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250828/d8a87e57/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list