[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 29 21:14:55 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3914e56 by security tracker role at 2025-08-29T20:14:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2025-9673 (A vulnerability was detected in Kakao \ud5e4\uc774\uce74\uce74\uc624 H ...)
+ TODO: check
+CVE-2025-9672 (A security vulnerability has been detected in Rejseplanen App up to 8. ...)
+ TODO: check
+CVE-2025-9671 (A weakness has been identified in UAB Paytend App up to 2.1.9 on Andro ...)
+ TODO: check
+CVE-2025-9670 (A security flaw has been discovered in mixmark-io turndown up to 7.2.1 ...)
+ TODO: check
+CVE-2025-9669 (A vulnerability has been found in Jinher OA 1.0. This issue affects so ...)
+ TODO: check
+CVE-2025-9667 (A vulnerability was detected in code-projects Simple Grading System 1. ...)
+ TODO: check
+CVE-2025-9666 (A security vulnerability has been detected in code-projects Simple Gra ...)
+ TODO: check
+CVE-2025-9665 (A weakness has been identified in code-projects Simple Grading System ...)
+ TODO: check
+CVE-2025-9664 (A security flaw has been discovered in code-projects Simple Grading Sy ...)
+ TODO: check
+CVE-2025-9663 (A vulnerability was identified in code-projects Simple Grading System ...)
+ TODO: check
+CVE-2025-9662 (A vulnerability was determined in code-projects Simple Grading System ...)
+ TODO: check
+CVE-2025-9660 (A vulnerability was found in SourceCodester Bakeshop Online Ordering S ...)
+ TODO: check
+CVE-2025-9659 (A vulnerability has been found in O2OA up to 10.0-410. The affected el ...)
+ TODO: check
+CVE-2025-9658 (A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown f ...)
+ TODO: check
+CVE-2025-9657 (A vulnerability was detected in O2OA up to 10.0-410. This issue affect ...)
+ TODO: check
+CVE-2025-9656 (A security vulnerability has been detected in PHPGurukul Directory Man ...)
+ TODO: check
+CVE-2025-9655 (A weakness has been identified in O2OA up to 10.0-410. This affects an ...)
+ TODO: check
+CVE-2025-9654 (A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0. ...)
+ TODO: check
+CVE-2025-9653 (A vulnerability was identified in Portabilis i-Educar up to 2.10. Affe ...)
+ TODO: check
+CVE-2025-9652 (A vulnerability was determined in Portabilis i-Educar up to 2.10. Affe ...)
+ TODO: check
+CVE-2025-9651 (A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532 ...)
+ TODO: check
+CVE-2025-9650 (A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d2 ...)
+ TODO: check
+CVE-2025-9649 (A security vulnerability has been detected in appneta tcpreplay 4.5.1. ...)
+ TODO: check
+CVE-2025-9647 (A weakness has been identified in mtons mblog up to 3.5.0. This issue ...)
+ TODO: check
+CVE-2025-9646 (A security flaw has been discovered in O2OA up to 10.0-410. This vulne ...)
+ TODO: check
+CVE-2025-9645 (A vulnerability was identified in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9644 (A vulnerability was determined in itsourcecode Apartment Management Sy ...)
+ TODO: check
+CVE-2025-9643 (A vulnerability was found in itsourcecode Apartment Management System ...)
+ TODO: check
+CVE-2025-9377 (The authenticated remote command execution (RCE) vulnerability exists ...)
+ TODO: check
+CVE-2025-9217 (The Slider Revolution plugin for WordPress is vulnerable to Path Trave ...)
+ TODO: check
+CVE-2025-9071 (Erroneously using an all-zero seed for RSA-OEAP padding instead of the ...)
+ TODO: check
+CVE-2025-8150 (The Events Addon for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-7383 (Padding oracle attack vulnerability in Oberon microsystem AG\u2019s Ob ...)
+ TODO: check
+CVE-2025-7071 (Padding oracle attack vulnerability in Oberon microsystem AG\u2019s oc ...)
+ TODO: check
+CVE-2025-5808 (Improper Input Validation vulnerability in OpenText Self Service Passw ...)
+ TODO: check
+CVE-2025-58158 (Harness Open Source is an end-to-end developer platform with Source Co ...)
+ TODO: check
+CVE-2025-56577 (An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain se ...)
+ TODO: check
+CVE-2025-55763 (Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (lates ...)
+ TODO: check
+CVE-2025-55750 (Gitpod is a developer platform for cloud development environments. In ...)
+ TODO: check
+CVE-2025-55580 (SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting ( ...)
+ TODO: check
+CVE-2025-55579 (SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Sc ...)
+ TODO: check
+CVE-2025-55304 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ TODO: check
+CVE-2025-55202 (Opencast is a free, open-source platform to support the management of ...)
+ TODO: check
+CVE-2025-55177 (Incomplete authorization of linked device synchronization messages in ...)
+ TODO: check
+CVE-2025-54877 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
+ TODO: check
+CVE-2025-54080 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ TODO: check
+CVE-2025-52861 (A path traversal vulnerability has been reported to affect VioStor. If ...)
+ TODO: check
+CVE-2025-52856 (An improper authentication vulnerability has been reported to affect V ...)
+ TODO: check
+CVE-2025-4644 (A Session Fixation vulnerability existed in Payload's SQLite adapter d ...)
+ TODO: check
+CVE-2025-4643 (Payload uses JSON Web Tokens (JWT) for authentication. After log out J ...)
+ TODO: check
+CVE-2025-47909 (Hosts listed in TrustedOrigins implicitly allow requests from the corr ...)
+ TODO: check
+CVE-2025-44033 (SQL injection vulnerability in oa_system oasys v.1.1 allows a remote a ...)
+ TODO: check
+CVE-2025-44015 (A command injection vulnerability has been reported to affect HybridDe ...)
+ TODO: check
+CVE-2025-43773 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 20 ...)
+ TODO: check
+CVE-2025-40709 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40708 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40707 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40706 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40705 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40704 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40703 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-40702 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the ...)
+ TODO: check
+CVE-2025-33038 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-33037 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-33036 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-33033 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-33032 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2025-30278 (An improper certificate validation vulnerability has been reported to ...)
+ TODO: check
+CVE-2025-30277 (An improper certificate validation vulnerability has been reported to ...)
+ TODO: check
+CVE-2025-30275 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-30274 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-30273 (An out-of-bounds write vulnerability has been reported to affect sever ...)
+ TODO: check
+CVE-2025-30272 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-30271 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2025-30270 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2025-30268 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-30267 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-30265 (A buffer overflow vulnerability has been reported to affect several QN ...)
+ TODO: check
+CVE-2025-30264 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2025-30263 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-30262 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-30261 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-30260 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-29900 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-29899 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-29898 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
+CVE-2025-29894 (An SQL injection vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-29893 (An SQL injection vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-29890 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-29889 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-29888 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-29887 (A command injection vulnerability has been reported to affect QuRouter ...)
+ TODO: check
+CVE-2025-29886 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-29882 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-29879 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-29878 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-29875 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-29874 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-22483 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2024-46917 (Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not val ...)
+ TODO: check
+CVE-2024-46916 (Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains fun ...)
+ TODO: check
+CVE-2024-46484 (TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injec ...)
+ TODO: check
+CVE-2024-13342 (The Booster for WooCommerce plugin for WordPress is vulnerable to arbi ...)
+ TODO: check
+CVE-2024-12923 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local ...)
+ TODO: check
CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulne ...)
NOT-FOR-US: Ai3 QbiCRMGateway
CVE-2025-9619 (A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.0 ...)
@@ -6784,7 +6994,7 @@ CVE-2024-55401 (An issue in 4C Strategies Exonaut before v22.4 allows attackers
NOT-FOR-US: 4C Strategies
CVE-2024-52680 (EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.ph ...)
NOT-FOR-US: EyouCMS
-CVE-2024-42048 (OpenOrange Business Framework 1.15.5 provides unprivileged users with ...)
+CVE-2024-42048 (OpenOrange Business Framework version 1.15.5 installs to a directory w ...)
NOT-FOR-US: OpenOrange Business Framework
CVE-2023-41532 (Hospital Management System v4 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Hospital Management System
@@ -37448,7 +37658,7 @@ CVE-2023-37535 (Insufficient URI protocol whitelist in HCL Domino Volt and Domin
CVE-2023-37517 (Missing "no cache" headers in HCL Leap permits sensitive data to be ca ...)
NOT-FOR-US: HCL
CVE-2025-47153 (Certain build processes for libuv and Node.js for 32-bit systems, such ...)
- {DLA-4152-1}
+ {DSA-5991-1 DLA-4152-1}
- nodejs 20.19.0+dfsg1-1 (bug #922075; bug #1076350)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892601
NOTE: https://github.com/nodejs/node-v0.x-archive/issues/4549
@@ -76163,7 +76373,7 @@ CVE-2024-12996
CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerability ...)
- {DLA-4241-1}
+ {DSA-5985-1 DLA-4241-1}
- ffmpeg 7:7.1.1-1
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
@@ -76171,14 +76381,14 @@ CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerab
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/c3c7ecfe48d464a0b06564f2e92504b1d9c91d69 (n7.1.1)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/097131a6474bd6294ff337fa92025df60dff907a (n5.1.7)
CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows unexpected addit ...)
- {DLA-4241-1}
+ {DSA-5985-1 DLA-4241-1}
- ffmpeg 7:7.1.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 (master)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897 (n7.1.1)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/9803800e0e8cd8e1e7695f77cfbf4e0db0abfe57 (n5.1.7)
CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows by ...)
- {DLA-4241-1}
+ {DSA-5985-1 DLA-4241-1}
- ffmpeg 7:7.1.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 (master)
@@ -77394,7 +77604,7 @@ CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This vulnerabi
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3 (n5.0)
CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows po ...)
- {DLA-4241-1}
+ {DSA-5985-1 DLA-4241-1}
- ffmpeg 7:7.1.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 (master)
@@ -124090,6 +124300,7 @@ CVE-2024-36137 (A vulnerability has been identified in Node.js, affecting users
NOTE: Feature introduced in 20 see https://nodejs.org/en/blog/announcements/v20-release-announce
NOTE: Documentation of the flag: https://nodejs.org/api/cli.html#--experimental-permission (Added in v20.0.0)
CVE-2024-22020 (A security flaw in Node.js allows a bypass of network import restrict ...)
+ {DSA-5991-1}
- nodejs 20.15.1+dfsg-1
[bullseye] - nodejs <not-affected> (Feature was introduced in NodeJS 18)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium
@@ -156067,12 +156278,12 @@ CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.o
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
CVE-2024-27983 (An attacker can make the Node.js HTTP/2 server completely unavailable ...)
- {DLA-3886-1}
+ {DSA-5991-1 DLA-3886-1}
- nodejs 18.20.1+dfsg-1 (bug #1068347)
NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
NOTE: Fixed by: https://github.com/nodejs/node/commit/0fb816dbccde955cd24acc1b16497a91fab507c8 (v18.20.1)
CVE-2024-27982 (The team has identified a critical vulnerability in the http server of ...)
- {DLA-3886-1}
+ {DSA-5991-1 DLA-3886-1}
- nodejs 18.20.1+dfsg-1 (bug #1068347)
NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
NOTE: Fixed by: https://github.com/nodejs/node/commit/5d4d5848cf557fba6dc0bfdd020471ea607950ca (v18.20.1)
@@ -167323,7 +167534,7 @@ CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1)
CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a Denial ...)
- {DLA-3886-1 DLA-3776-1}
+ {DSA-5991-1 DLA-3886-1 DLA-3776-1}
- nodejs 18.19.1+dfsg-1
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x)
@@ -168995,7 +169206,7 @@ CVE-2024-21891 (Node.js depends on multiple built-in utility functions to normal
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
CVE-2023-46809 (Node.js versions which bundle an unpatched version of OpenSSL or run a ...)
- {DLA-3886-1 DLA-3776-1}
+ {DSA-5991-1 DLA-3886-1 DLA-3776-1}
- nodejs 18.19.1+dfsg-1 (bug #1064055)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x)
@@ -169009,13 +169220,14 @@ CVE-2024-21896 (The permission model protects itself against path traversal atta
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high
CVE-2024-22019 (A vulnerability in Node.js HTTP servers allows an attacker to send a s ...)
- {DLA-3886-1}
+ {DSA-5991-1 DLA-3886-1}
- nodejs 18.19.1+dfsg-1 (bug #1064055)
[buster] - nodejs <not-affected> (Vulnerable code not present)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
NOTE: https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171 (v18.x)
NOTE: https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171 (main)
CVE-2024-21892 (On Linux, Node.js ignores certain environment variables if those may h ...)
+ {DSA-5991-1}
- nodejs 18.19.1+dfsg-1 (bug #1064055)
[bullseye] - nodejs <not-affected> (Vulnerable code not present)
[buster] - nodejs <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3914e56a6eb85da97ea08d1cb93d0eb73b0dc0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3914e56a6eb85da97ea08d1cb93d0eb73b0dc0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/acdd224a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list