[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 2 21:12:14 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ef698e4 by security tracker role at 2025-07-02T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,135 @@
-CVE-2025-38093 [arm64: dts: qcom: x1e80100: Add GPU cooling]
+CVE-2025-6943 (Secret Server version 11.7 and earlier is vulnerable to a SQL report c ...)
+	TODO: check
+CVE-2025-6942 (The distributed engine versions 8.4.39.0 and earlier of Secret Server  ...)
+	TODO: check
+CVE-2025-6725 (In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability ...)
+	TODO: check
+CVE-2025-53494 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53493 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53492 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53359 (ethereum is a common ethereum structs for Rust. Prior to ethereum crat ...)
+	TODO: check
+CVE-2025-53358 (kotaemon is an open-source RAG-based tool for document comprehension.  ...)
+	TODO: check
+CVE-2025-53110 (Model Context Protocol Servers is a collection of reference implementa ...)
+	TODO: check
+CVE-2025-53109 (Model Context Protocol Servers is a collection of reference implementa ...)
+	TODO: check
+CVE-2025-53108 (HomeBox is a home inventory and organization system. Prior to 0.20.1,  ...)
+	TODO: check
+CVE-2025-53106 (Graylog is a free and open log management platform. In versions 6.2.0  ...)
+	TODO: check
+CVE-2025-53006 (DataEase is an open source business intelligence and data visualizatio ...)
+	TODO: check
+CVE-2025-52891 (ModSecurity is an open source, cross platform web application firewall ...)
+	TODO: check
+CVE-2025-52886 (Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std ...)
+	TODO: check
+CVE-2025-52842 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-52841 (Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, M ...)
+	TODO: check
+CVE-2025-52559 (Zulip is an open-source team chat application. From versions 2.0.0-rc1 ...)
+	TODO: check
+CVE-2025-4946 (The Vikinger theme for WordPress is vulnerable to arbitrary file delet ...)
+	TODO: check
+CVE-2025-49713 (Access of resource using incompatible type ('type confusion') in Micro ...)
+	TODO: check
+CVE-2025-49588 (Linkwarden is a self-hosted, open-source collaborative bookmark manage ...)
+	TODO: check
+CVE-2025-45814 (Missing authentication checks in the query.fcgi endpoint of NS3000 v8. ...)
+	TODO: check
+CVE-2025-45813 (ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credenti ...)
+	TODO: check
+CVE-2025-45424 (Incorrect access control in Xinference before v1.4.0 allows attackers  ...)
+	TODO: check
+CVE-2025-45029 (WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via ...)
+	TODO: check
+CVE-2025-43025 (HP Universal Print Driver is potentially vulnerable to denial of servi ...)
+	TODO: check
+CVE-2025-39362 (Missing Authorization vulnerability in Mollie Mollie Payments for WooC ...)
+	TODO: check
+CVE-2025-34092 (A cookie encryption bypass vulnerability exists in Google Chrome\u2019 ...)
+	TODO: check
+CVE-2025-34091 (A padding oracle vulnerability exists in Google Chrome\u2019s AppBound ...)
+	TODO: check
+CVE-2025-34090 (A security bypass vulnerability exists in Google Chrome AppBound cooki ...)
+	TODO: check
+CVE-2025-34079 (An authenticated remote code execution vulnerability exists in NSClien ...)
+	TODO: check
+CVE-2025-34078 (A local privilege escalation vulnerability exists in NSClient++ 0.5.2. ...)
+	TODO: check
+CVE-2025-34076 (An authenticated local file inclusion vulnerability exists in Microweb ...)
+	TODO: check
+CVE-2025-34075 (An authenticated virtual machine escape vulnerability exists in HashiC ...)
+	TODO: check
+CVE-2025-34074 (An authenticated remote code execution vulnerability exists in Lucee\u ...)
+	TODO: check
+CVE-2025-34073 (An unauthenticated command injection vulnerability exists in stamparm/ ...)
+	TODO: check
+CVE-2025-34072 (A data exfiltration vulnerability exists in Anthropic\u2019s deprecate ...)
+	TODO: check
+CVE-2025-34071 (A remote code execution vulnerability in GFI Kerio Control 9.4.5 allow ...)
+	TODO: check
+CVE-2025-34070 (A missing authentication vulnerability in the GFIAgent component of GF ...)
+	TODO: check
+CVE-2025-34069 (An authentication bypass vulnerability exists in GFI Kerio Control 9.4 ...)
+	TODO: check
+CVE-2025-34067 (An unauthenticated remote command execution vulnerability exists in th ...)
+	TODO: check
+CVE-2025-34057 (An information disclosure vulnerability exists in Ruijie NBR series ro ...)
+	TODO: check
+CVE-2025-2330 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...)
+	TODO: check
+CVE-2025-27026 (A missing double-check feature in the WebGUI for CLI deactivation in I ...)
+	TODO: check
+CVE-2025-27025 (The target device exposes a service on a specific TCP port with a conf ...)
+	TODO: check
+CVE-2025-27024 (Unrestricted access to OS file system in SFTP service in Infinera G42  ...)
+	TODO: check
+CVE-2025-27023 (Lack or insufficent input validation in WebGUI CLI web in Infinera G42 ...)
+	TODO: check
+CVE-2025-27022 (A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera ...)
+	TODO: check
+CVE-2025-27021 (The misconfiguration in the sudoers configuration of the operating sys ...)
+	TODO: check
+CVE-2025-24335 (Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 M ...)
+	TODO: check
+CVE-2025-24334 (The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can ...)
+	TODO: check
+CVE-2025-24333 (Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contain ...)
+	TODO: check
+CVE-2025-24332 (Nokia Single RAN AirScale baseband allows an authenticated administrat ...)
+	TODO: check
+CVE-2025-24331 (The Single RAN baseband OAM service is intended to run as an unprivile ...)
+	TODO: check
+CVE-2025-24330 (Sending a crafted SOAP "provision" operation message PlanId field with ...)
+	TODO: check
+CVE-2025-24329 (Sending a crafted SOAP "provision" operation message archive field wit ...)
+	TODO: check
+CVE-2025-20310 (A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) ...)
+	TODO: check
+CVE-2025-20309 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
+	TODO: check
+CVE-2025-20308 (A vulnerability in Cisco Spaces Connector could allow an authenticated ...)
+	TODO: check
+CVE-2025-20307 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+	TODO: check
+CVE-2025-38093 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5ba21fa11f473c9827f378ace8c9f983de9e0287 (6.16-rc1)
-CVE-2025-38092 [ksmbd: use list_first_entry_or_null for opinfo_get_list()]
+CVE-2025-38092 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.12.32-1
 	NOTE: https://git.kernel.org/linus/10379171f346e6f61d30d9949500a8de4336444a (6.15)
-CVE-2025-38091 [drm/amd/display: check stream id dml21 wrapper to get plane_id]
+CVE-2025-38091 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.12.32-1
 	NOTE: https://git.kernel.org/linus/2ddac70fed50485aa4ae49cdb7478ce41d8d4715 (6.15-rc7)
-CVE-2025-46647
+CVE-2025-46647 (A vulnerability of pluginopenid-connect in Apache APISIX.  This vulner ...)
 	NOT-FOR-US: Apache APISIX
 CVE-2025-6927
 	- mediawiki 1:1.43.3+dfsg-1
@@ -274,7 +394,7 @@ CVE-2025-34050 (Across-site request forgery (CSRF) vulnerability exists in the w
 	NOT-FOR-US: AVTECH
 CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for GLPI. P ...)
 	NOT-FOR-US: Escalade GLPI plugin
-CVE-2024-35164
+CVE-2024-35164 (The terminal emulator of Apache Guacamole 1.5.5 and older does not pro ...)
 	- guacamole-client <removed>
 CVE-2024-39954
 	NOT-FOR-US: Apache EventMesh
@@ -33935,9 +34055,9 @@ CVE-2025-27704 (There is a cross-site scripting vulnerability in the Secure Acce
 	NOT-FOR-US: Absolute Software
 CVE-2025-27415 (Nuxt is an open-source web development framework for Vue.js. Prior to  ...)
 	NOT-FOR-US: Nuxt
-CVE-2025-26486 (Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash ...)
+CVE-2025-26486 (Broken or Risky Cryptographic Algorithm, Use of Password Hash  With In ...)
 	NOT-FOR-US: Beta80 Life 1st Identity Manager
-CVE-2025-26485 (The Exposure of Sensitive Information to an Unauthorized Actor  vulner ...)
+CVE-2025-26485 (A vulnerability in Beta80 Life 1st enables the retrieval of different  ...)
 	NOT-FOR-US: Beta80 Life 1st Identity Manager
 CVE-2025-26475 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26 ...)
 	NOT-FOR-US: Dell / EMC
@@ -62426,7 +62546,7 @@ CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, a
 	NOT-FOR-US: IBM
 CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
 	NOT-FOR-US: IBM
-CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow remote co ...)
+CVE-2024-49194 (Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remot ...)
 	NOT-FOR-US: Databricks JDBC Driver
 CVE-2024-42194 (An improper handling of insufficient permissions or privileges affects ...)
 	NOT-FOR-US: HCL



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef698e41fe5ff2c967cec5f0195969a62a5f17e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef698e41fe5ff2c967cec5f0195969a62a5f17e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250702/df012055/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list