[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 1 21:12:57 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4fef6de4 by security tracker role at 2025-07-01T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,144 @@
+CVE-2025-6963 (A vulnerability has been found in Campcodes Employee Management System ...)
+	TODO: check
+CVE-2025-6962 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2025-6961 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2025-6960 (A vulnerability classified as critical was found in Campcodes Employee ...)
+	TODO: check
+CVE-2025-6959 (A vulnerability classified as critical has been found in Campcodes Emp ...)
+	TODO: check
+CVE-2025-6958 (A vulnerability was found in Campcodes Employee Management System 1.0. ...)
+	TODO: check
+CVE-2025-6957 (A vulnerability was found in Campcodes Employee Management System 1.0. ...)
+	TODO: check
+CVE-2025-6956 (A vulnerability was found in Campcodes Employee Management System 1.0. ...)
+	TODO: check
+CVE-2025-6955 (A vulnerability was found in Campcodes Employee Management System 1.0  ...)
+	TODO: check
+CVE-2025-6954 (A vulnerability has been found in Campcodes Employee Management System ...)
+	TODO: check
+CVE-2025-6953 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2025-6952 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-6951 (A vulnerability classified as problematic was found in SAFECAM X300 up ...)
+	TODO: check
+CVE-2025-6756 (The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-6600 (An exposure of sensitive information vulnerability was identified in G ...)
+	TODO: check
+CVE-2025-6224 (Certificate generation in juju/utils using the cert.NewLeaf function c ...)
+	TODO: check
+CVE-2025-5314 (The Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF vie ...)
+	TODO: check
+CVE-2025-5072 (Resource leak vulnerability in ASR180x\u3001ASR190x in con_mgrallows R ...)
+	TODO: check
+CVE-2025-53107 (@cyanheads/git-mcp-server is an MCP server designed to interact with G ...)
+	TODO: check
+CVE-2025-53104 (gluestack-ui is a library of copy-pasteable components & patterns craf ...)
+	TODO: check
+CVE-2025-53103 (JUnit is a testing framework for Java and the JVM. From version 5.12.0 ...)
+	TODO: check
+CVE-2025-53100 (RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io  ...)
+	TODO: check
+CVE-2025-53099 (Sentry is a developer-first error tracking and performance monitoring  ...)
+	TODO: check
+CVE-2025-52294 (Insufficient validation of the screen lock mechanism in Trust Wallet v ...)
+	TODO: check
+CVE-2025-50641 (Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the ad ...)
+	TODO: check
+CVE-2025-50405 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect  ...)
+	TODO: check
+CVE-2025-50404 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Ov ...)
+	TODO: check
+CVE-2025-49492 (Out-of-bounds write in ASR180x  in lte-telephony, May cause a buffer u ...)
+	TODO: check
+CVE-2025-49491 (Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linu ...)
+	TODO: check
+CVE-2025-49490 (Resource leak vulnerability in ASR180x in router allows Resource Leak  ...)
+	TODO: check
+CVE-2025-49489 (Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linu ...)
+	TODO: check
+CVE-2025-49488 (Improper Resource Shutdown or Release vulnerability in ASR180x \u3001A ...)
+	TODO: check
+CVE-2025-49483 (Improper Resource Shutdown or Release vulnerability in ASR180x \u3001A ...)
+	TODO: check
+CVE-2025-49482 (Improper Resource Shutdown or Release vulnerability in ASR180x \u3001A ...)
+	TODO: check
+CVE-2025-49481 (Improper Resource Shutdown or Release vulnerability in ASR180x \u3001A ...)
+	TODO: check
+CVE-2025-49480 (Out-of-bounds access in ASR180x \u3001ASR190x  in lte-telephony,  This ...)
+	TODO: check
+CVE-2025-49029 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2025-48379 (Pillow is a Python imaging library. In versions 11.2.0 to before 11.3. ...)
+	TODO: check
+CVE-2025-46259 (Missing Authorization vulnerability in POSIMYTH Innovation The Plus Ad ...)
+	TODO: check
+CVE-2025-45872 (zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery ( ...)
+	TODO: check
+CVE-2025-45083 (Incorrect access control in Ullu (Android version v2.9.929 and IOS ver ...)
+	TODO: check
+CVE-2025-45081 (Misconfigured settings in IITB SSO v1.1.0 allow attackers to access se ...)
+	TODO: check
+CVE-2025-45080 (YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypt ...)
+	TODO: check
+CVE-2025-45006 (Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Pr ...)
+	TODO: check
+CVE-2025-41656 (An unauthenticated remote attacker can run arbitrary commands on the a ...)
+	TODO: check
+CVE-2025-41648 (An unauthenticated remote attacker can bypass the login to the web app ...)
+	TODO: check
+CVE-2025-37099 (A remote code execution vulnerability exists in HPE Insight Remote Sup ...)
+	TODO: check
+CVE-2025-37098 (A path traversal vulnerability exists in HPE Insight Remote Support (I ...)
+	TODO: check
+CVE-2025-37097 (A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.6 ...)
+	TODO: check
+CVE-2025-36582 (Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of  ...)
+	TODO: check
+CVE-2025-34081 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() ...)
+	TODO: check
+CVE-2025-34080 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross- ...)
+	TODO: check
+CVE-2025-34066 (An improper certificate validation vulnerability exists in AVTECH IP c ...)
+	TODO: check
+CVE-2025-34065 (An authentication bypass vulnerability exists in AVTECH IP camera, DVR ...)
+	TODO: check
+CVE-2025-34064 (A cloud infrastructure misconfiguration in OneLogin AD Connector resul ...)
+	TODO: check
+CVE-2025-34063 (A cryptographic authentication bypass vulnerability exists in OneLogin ...)
+	TODO: check
+CVE-2025-34062 (An information disclosure vulnerability exists in OneLogin AD Connecto ...)
+	TODO: check
+CVE-2025-34060 (A PHP objection injection vulnerability exists in the Monero Project\u ...)
+	TODO: check
+CVE-2025-34059 (An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway ...)
+	TODO: check
+CVE-2025-34058 (Hikvision Streaming Media Management Server v2.3.5 uses default creden ...)
+	TODO: check
+CVE-2025-34056 (An OS command injection vulnerability exists in AVTECH IP camera, DVR, ...)
+	TODO: check
+CVE-2025-34055 (An OS command injection vulnerability exists in AVTECH DVR, NVR, and I ...)
+	TODO: check
+CVE-2025-34054 (An unauthenticated command injection vulnerability exists in AVTECH DV ...)
+	TODO: check
+CVE-2025-34053 (An authentication bypass vulnerability exists in AVTECH IP camera, DVR ...)
+	TODO: check
+CVE-2025-34052 (An unauthenticated information disclosure vulnerability exists in AVTE ...)
+	TODO: check
+CVE-2025-34051 (A server-side request forgery vulnerability exists in multiple firmwar ...)
+	TODO: check
+CVE-2025-34050 (Across-site request forgery (CSRF) vulnerability exists in the web int ...)
+	TODO: check
+CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for GLPI. P ...)
+	TODO: check
 CVE-2024-35164
 	- guacamole-client <removed>
 CVE-2024-39954
 	NOT-FOR-US: Apache EventMesh
-CVE-2025-6920
+CVE-2025-6920 (A flaw was found in the authentication enforcement mechanism of a mode ...)
 	NOT-FOR-US: Red Hat AI Inference Server
 CVE-2025-6940 (A vulnerability classified as critical was found in TOTOLINK A702R 4.0 ...)
 	NOT-FOR-US: TOTOLINK
@@ -170,7 +306,7 @@ CVE-2025-32462 (Sudo before 1.9.17p1, when used with a sudoers file that specifi
 	{DSA-5954-1 DLA-4235-1}
 	- sudo 1.9.16p2-3
 	NOTE: https://www.sudo.ws/security/advisories/host_any/
-CVE-2025-6297 [dpkg-deb: Fix cleanup for control member with restricted directories]
+CVE-2025-6297 (It was discovered that dpkg-deb does not properly sanitize directory p ...)
 	- dpkg <unfixed>
 	[bookworm] - dpkg <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82
@@ -13712,7 +13848,7 @@ CVE-2024-55569 (An issue was discovered in Samsung Mobile Processor, Wearable Pr
 	NOT-FOR-US: Samsung
 CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R) software insta ...)
 	NOT-FOR-US: Intel
-CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for WordPress is  ...)
+CVE-2024-13914 (The File Manager Advanced Shortcode plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4478 (A flaw was found in the FreeRDP used by Anaconda's remote install feat ...)
 	- freerdp3 3.15.0+dfsg-2.1 (bug #1105917)
@@ -722012,9 +722148,9 @@ CVE-2013-0602 (Use-after-free vulnerability in Adobe Reader and Acrobat 9.x befo
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2013-0601 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establish ...)
+CVE-2012-6428 (The Carlo Gavazzi  EOS-Box  stores hard-coded passwords in the PHP fil ...)
 	NOT-FOR-US: Carlo Gavazzi EOS-Box
-CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with f ...)
+CVE-2012-6427 (The Carlo Gavazzi  EOS-Box  does not check the validity of the data be ...)
 	NOT-FOR-US: Carlo Gavazzi EOS-Box
 CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the signature-verification cap ...)
 	- lemonldap-ng 1.2.2-3 (bug #696329)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fef6de44a8ec75d6385108463e3794ccbcc0e77

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fef6de44a8ec75d6385108463e3794ccbcc0e77
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250701/e6866936/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list