[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 29 09:12:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
416b8527 by security tracker role at 2025-08-29T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,128 @@
-CVE-2025-40927 [Sanitize all user-supplied values before inserting into HTTP headers]
+CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulne ...)
+ TODO: check
+CVE-2025-9619 (A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.0 ...)
+ TODO: check
+CVE-2025-9610 (A vulnerability was determined in code-projects Online Event Judging S ...)
+ TODO: check
+CVE-2025-9609 (A vulnerability was found in Portabilis i-Educar up to 2.10. This vuln ...)
+ TODO: check
+CVE-2025-9608 (A vulnerability has been found in Portabilis i-Educar up to 2.10. This ...)
+ TODO: check
+CVE-2025-9607 (A flaw has been found in Portabilis i-Educar up to 2.10. Affected by t ...)
+ TODO: check
+CVE-2025-9606 (A vulnerability was detected in Portabilis i-Educar up to 2.10. Affect ...)
+ TODO: check
+CVE-2025-9605 (A security vulnerability has been detected in Tenda AC21 and AC23 16.0 ...)
+ TODO: check
+CVE-2025-9604 (A vulnerability was identified in coze-studio up to 0.2.4. The impacte ...)
+ TODO: check
+CVE-2025-9603 (A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The af ...)
+ TODO: check
+CVE-2025-9602 (A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the ...)
+ TODO: check
+CVE-2025-9601 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
+ TODO: check
+CVE-2025-9600 (A security vulnerability has been detected in itsourcecode Apartment M ...)
+ TODO: check
+CVE-2025-9599 (A weakness has been identified in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9598 (A security flaw has been discovered in itsourcecode Apartment Manageme ...)
+ TODO: check
+CVE-2025-9597 (A vulnerability was identified in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9596 (A vulnerability was determined in itsourcecode Sports Management Syste ...)
+ TODO: check
+CVE-2025-9595 (A vulnerability was found in code-projects Student Information Managem ...)
+ TODO: check
+CVE-2025-9594 (A vulnerability has been found in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9593 (A flaw has been found in itsourcecode Apartment Management System 1.0. ...)
+ TODO: check
+CVE-2025-9592 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
+ TODO: check
+CVE-2025-9591 (A security vulnerability has been detected in ZrLog up to 3.1.5. This ...)
+ TODO: check
+CVE-2025-9590 (A vulnerability was identified in Weaver E-Mobile Mobile Management Pl ...)
+ TODO: check
+CVE-2025-9589 (A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. ...)
+ TODO: check
+CVE-2025-9586 (A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerabil ...)
+ TODO: check
+CVE-2025-9585 (A vulnerability was determined in Comfast CF-N1 2.6.0. This affects th ...)
+ TODO: check
+CVE-2025-9441 (The iATS Online Forms plugin for WordPress is vulnerable to time-based ...)
+ TODO: check
+CVE-2025-9374 (The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-8861 (TSA developed by Changing has a Missing Authentication vulnerability, ...)
+ TODO: check
+CVE-2025-8858 (Clinic Image System developed by Changing has a SQL Injection vulnerab ...)
+ TODO: check
+CVE-2025-8857 (Clinic Image System developed by Changing contains hard-coded Credenti ...)
+ TODO: check
+CVE-2025-8619 (The OSM Map Widget for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-8290 (The List Subpages plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-8147 (The LWSCache plugin for WordPress is vulnerable to unauthorized modifi ...)
+ TODO: check
+CVE-2025-58333
+ REJECTED
+CVE-2025-58332
+ REJECTED
+CVE-2025-58331
+ REJECTED
+CVE-2025-58330
+ REJECTED
+CVE-2025-58329
+ REJECTED
+CVE-2025-58328
+ REJECTED
+CVE-2025-58327
+ REJECTED
+CVE-2025-58326
+ REJECTED
+CVE-2025-58323 (NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attac ...)
+ TODO: check
+CVE-2025-58062 (LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. P ...)
+ TODO: check
+CVE-2025-58061 (OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persist ...)
+ TODO: check
+CVE-2025-58058 (xz is a pure golang package for reading and writing xz-compressed file ...)
+ TODO: check
+CVE-2025-54777 (Uncaught exception issue exists in Multiple products in bizhub series. ...)
+ TODO: check
+CVE-2025-54142 (Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OP ...)
+ TODO: check
+CVE-2025-53508 (Multiple products provided by iND Co.,Ltd contain an OS command inject ...)
+ TODO: check
+CVE-2025-53507 (Multiple products provided by iND Co.,Ltd contain an insecure storage ...)
+ TODO: check
+CVE-2025-48979 (An Improper Input Validation in UISP Application could allow a Command ...)
+ TODO: check
+CVE-2025-43284 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2025-43268 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43255 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2025-43187 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
+CVE-2025-39247 (There is an Access Control Vulnerability in some HikCentral Profession ...)
+ TODO: check
+CVE-2025-39246 (There is an Unquoted Service Path Vulnerability in some HikCentral Foc ...)
+ TODO: check
+CVE-2025-39245 (There is a CSV Injection Vulnerability in some HikCentral Master Lite ...)
+ TODO: check
+CVE-2024-54568 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-54554 (This issue was addressed with improved handling of symlinks. This issu ...)
+ TODO: check
+CVE-2024-44271 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-13987 (Improper neutralization of input during web page generation ('Cross-si ...)
+ TODO: check
+CVE-2025-40927 (CGI::Simple versions before 1.282 for Perl has a HTTP response splitti ...)
- libcgi-simple-perl 1.282-1
[trixie] - libcgi-simple-perl <no-dsa> (Minor issue)
[bookworm] - libcgi-simple-perl <no-dsa> (Minor issue)
@@ -13800,6 +13924,7 @@ CVE-2025-53862 (A flaw was found in Ansible. Three API endpoints are accessible
CVE-2025-53861 (A flaw was found in Ansible. Sensitive cookies without security flags ...)
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flags are ...)
+ {DSA-5990-1}
- libxslt <unfixed> (bug #1109122)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379274
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
@@ -431709,7 +431834,7 @@ CVE-2020-17135 (Azure DevOps Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure)
+CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure Vulnera ...)
NOT-FOR-US: Microsoft
CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/416b8527d9659c1d5a8c4dac87a6b3903e80d5d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/416b8527d9659c1d5a8c4dac87a6b3903e80d5d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/1781b2e9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list