[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 7 21:12:47 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dffa598a by security tracker role at 2025-07-07T20:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,253 @@
+CVE-2025-7259 (An authorized user can issue queries with duplicate _id fields, that l ...)
+	TODO: check
+CVE-2025-7143 (A vulnerability, which was classified as problematic, was found in Sou ...)
+	TODO: check
+CVE-2025-7142 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-7141 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2025-7140 (A vulnerability classified as problematic has been found in SourceCode ...)
+	TODO: check
+CVE-2025-7139 (A vulnerability was found in SourceCodester Best Salon Management Syst ...)
+	TODO: check
+CVE-2025-7138 (A vulnerability was found in SourceCodester Best Salon Management Syst ...)
+	TODO: check
+CVE-2025-7137 (A vulnerability was found in SourceCodester Best Salon Management Syst ...)
+	TODO: check
+CVE-2025-7136 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2025-7135 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2025-7134 (A vulnerability classified as critical was found in Campcodes Online R ...)
+	TODO: check
+CVE-2025-7133 (A vulnerability classified as problematic has been found in CodeAstro  ...)
+	TODO: check
+CVE-2025-7132 (A vulnerability was found in Campcodes Payroll Management System 1.0.  ...)
+	TODO: check
+CVE-2025-7131 (A vulnerability was found in Campcodes Payroll Management System 1.0.  ...)
+	TODO: check
+CVE-2025-7130 (A vulnerability was found in Campcodes Payroll Management System 1.0.  ...)
+	TODO: check
+CVE-2025-7129 (A vulnerability was found in Campcodes Payroll Management System 1.0 a ...)
+	TODO: check
+CVE-2025-7128 (A vulnerability has been found in Campcodes Payroll Management System  ...)
+	TODO: check
+CVE-2025-7127 (A vulnerability, which was classified as critical, was found in itsour ...)
+	TODO: check
+CVE-2025-7126 (A vulnerability, which was classified as critical, has been found in i ...)
+	TODO: check
+CVE-2025-7125 (A vulnerability classified as critical was found in itsourcecode Emplo ...)
+	TODO: check
+CVE-2025-7124 (A vulnerability classified as critical has been found in code-projects ...)
+	TODO: check
+CVE-2025-7123 (A vulnerability was found in Campcodes Complaint Management System 1.0 ...)
+	TODO: check
+CVE-2025-7122 (A vulnerability was found in Campcodes Complaint Management System 1.0 ...)
+	TODO: check
+CVE-2025-7121 (A vulnerability was found in Campcodes Complaint Management System 1.0 ...)
+	TODO: check
+CVE-2025-7120 (A vulnerability was found in Campcodes Complaint Management System 1.0 ...)
+	TODO: check
+CVE-2025-7119 (A vulnerability has been found in Campcodes Complaint Management Syste ...)
+	TODO: check
+CVE-2025-7057 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-7056 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-6811 (Mescius ActiveReports.NET TypeResolutionService Deserialization of Unt ...)
+	TODO: check
+CVE-2025-6810 (Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data  ...)
+	TODO: check
+CVE-2025-6807 (Marvell QConvergeConsole getDriverTmpPath Directory Traversal Informat ...)
+	TODO: check
+CVE-2025-6806 (Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary Fil ...)
+	TODO: check
+CVE-2025-6805 (Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitr ...)
+	TODO: check
+CVE-2025-6804 (Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal ...)
+	TODO: check
+CVE-2025-6803 (Marvell QConvergeConsole compressDriverFiles Directory Traversal Infor ...)
+	TODO: check
+CVE-2025-6802 (Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remot ...)
+	TODO: check
+CVE-2025-6801 (Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbit ...)
+	TODO: check
+CVE-2025-6800 (Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Info ...)
+	TODO: check
+CVE-2025-6799 (Marvell QConvergeConsole getFileUploadBytes Directory Traversal Inform ...)
+	TODO: check
+CVE-2025-6798 (Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary F ...)
+	TODO: check
+CVE-2025-6797 (Marvell QConvergeConsole getFileUploadBytes Directory Traversal Inform ...)
+	TODO: check
+CVE-2025-6796 (Marvell QConvergeConsole getAppFileBytes Directory Traversal Informati ...)
+	TODO: check
+CVE-2025-6795 (Marvell QConvergeConsole getFileUploadSize Directory Traversal Informa ...)
+	TODO: check
+CVE-2025-6794 (Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Ex ...)
+	TODO: check
+CVE-2025-6793 (Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitr ...)
+	TODO: check
+CVE-2025-6714 (MongoDB Server's mongos component can become unresponsive to new conne ...)
+	TODO: check
+CVE-2025-6713 (An unauthorized user may leverage a specially crafted aggregation pipe ...)
+	TODO: check
+CVE-2025-6712 (MongoDB Server may be susceptible to disruption caused by high memory  ...)
+	TODO: check
+CVE-2025-6711 (An issue has been identified in MongoDB Server where unredacted querie ...)
+	TODO: check
+CVE-2025-6663 (GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code E ...)
+	TODO: check
+CVE-2025-6386 (The parisneo/lollms repository is affected by a timing attack vulnerab ...)
+	TODO: check
+CVE-2025-6210 (A vulnerability in the ObsidianReader class of the run-llama/llama_ind ...)
+	TODO: check
+CVE-2025-6209 (A path traversal vulnerability exists in run-llama/llama_index version ...)
+	TODO: check
+CVE-2025-6044 (An Improper Access Control vulnerability in the Stylus Tools component ...)
+	TODO: check
+CVE-2025-5472 (The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable ...)
+	TODO: check
+CVE-2025-53543 (Kestra is an event-driven orchestration platform. The error message in ...)
+	TODO: check
+CVE-2025-53540 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
+	TODO: check
+CVE-2025-53539 (FastAPI Guard is a security library for FastAPI that provides middlewa ...)
+	TODO: check
+CVE-2025-53536 (Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if ...)
+	TODO: check
+CVE-2025-53535 (Better Auth is an authentication and authorization library for TypeScr ...)
+	TODO: check
+CVE-2025-53532 (giscus is a commenting system powered by GitHub Discussions. A bug in  ...)
+	TODO: check
+CVE-2025-53531 (WeGIA is a web manager for charitable institutions. The Wegia server h ...)
+	TODO: check
+CVE-2025-53530 (WeGIA is a web manager for charitable institutions. The Wegia server h ...)
+	TODO: check
+CVE-2025-53529 (WeGIA is a web manager for charitable institutions. An SQL Injection v ...)
+	TODO: check
+CVE-2025-53527 (WeGIA is a web manager for charitable institutions. A Time-Based Blind ...)
+	TODO: check
+CVE-2025-53526 (WeGIA is a web manager for charitable institutions. An XSS Injection v ...)
+	TODO: check
+CVE-2025-53525 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+	TODO: check
+CVE-2025-53499 (: Missing Authorization vulnerability in Wikimedia Foundation Mediawik ...)
+	TODO: check
+CVE-2025-53498 (: Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki ...)
+	TODO: check
+CVE-2025-53497 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53496 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53495 (Missing Authorization vulnerability in Wikimedia Foundation Mediawiki  ...)
+	TODO: check
+CVE-2025-53491 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53488 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-53487 (The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS i ...)
+	TODO: check
+CVE-2025-53486 (The WikiCategoryTagCloud extension is vulnerable to reflected XSS via  ...)
+	TODO: check
+CVE-2025-53478 (The CheckUser extension\u2019s Special:Investigate interface is vulner ...)
+	TODO: check
+CVE-2025-53377 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+	TODO: check
+CVE-2025-53376 (Dokploy is a self-hostable Platform as a Service (PaaS) that simplifie ...)
+	TODO: check
+CVE-2025-53375 (Dokploy is a self-hostable Platform as a Service (PaaS) that simplifie ...)
+	TODO: check
+CVE-2025-53374 (Dokploy is a self-hostable Platform as a Service (PaaS) that simplifie ...)
+	TODO: check
+CVE-2025-53373 (Natours is a Tour Booking API. The attacker can easily take over any v ...)
+	TODO: check
+CVE-2025-52492 (A vulnerability has been discovered in the firmware of Paxton Paxton10 ...)
+	TODO: check
+CVE-2025-4779 (lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cro ...)
+	TODO: check
+CVE-2025-48367 (Redis is an open source, in-memory database that persists on disk. An  ...)
+	TODO: check
+CVE-2025-47202 (In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exyn ...)
+	TODO: check
+CVE-2025-45479 (Insufficient security mechanisms for created containers in educoder ch ...)
+	TODO: check
+CVE-2025-45065 (employee record management system in php and mysql v1 was discovered t ...)
+	TODO: check
+CVE-2025-43933 (fblog through 983bede allows account takeover via the password reset f ...)
+	TODO: check
+CVE-2025-43932 (JobCenter through 7e7b0b2 allows account takeover via the password res ...)
+	TODO: check
+CVE-2025-43931 (flask-boilerplate through a170e7c allows account takeover via the pass ...)
+	TODO: check
+CVE-2025-43930 (Hashview 0.8.1 allows account takeover via the password reset feature  ...)
+	TODO: check
+CVE-2025-3920 (A vulnerability was identified in SUR-FBD CMMS where hard-coded creden ...)
+	TODO: check
+CVE-2025-3777 (Hugging Face Transformers versions up to 4.49.0 are affected by an imp ...)
+	TODO: check
+CVE-2025-3705 (A physical attacker with no privileges can gain full control of the af ...)
+	TODO: check
+CVE-2025-3626 (A remote attacker with administrator account can gain full control of  ...)
+	TODO: check
+CVE-2025-3467 (An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3 ...)
+	TODO: check
+CVE-2025-3466 (langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized  ...)
+	TODO: check
+CVE-2025-3264 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
+	TODO: check
+CVE-2025-3263 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
+	TODO: check
+CVE-2025-3262 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
+	TODO: check
+CVE-2025-3225 (An XML Entity Expansion vulnerability, also known as a 'billion laughs ...)
+	TODO: check
+CVE-2025-3046 (A vulnerability in the `ObsidianReader` class of the run-llama/llama_i ...)
+	TODO: check
+CVE-2025-3044 (A vulnerability in the ArxivReader class of the run-llama/llama_index  ...)
+	TODO: check
+CVE-2025-36014 (IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable t ...)
+	TODO: check
+CVE-2025-32023 (Redis is an open source, in-memory database that persists on disk. Fro ...)
+	TODO: check
+CVE-2025-26780 (An issue was discovered in L2 in Samsung Mobile Processor and Modem Ex ...)
+	TODO: check
+CVE-2025-20325 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a ...)
+	TODO: check
+CVE-2025-20324 (In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 an ...)
+	TODO: check
+CVE-2025-20323 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a ...)
+	TODO: check
+CVE-2025-20322 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a ...)
+	TODO: check
+CVE-2025-20321 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, an ...)
+	TODO: check
+CVE-2025-20320 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, an ...)
+	TODO: check
+CVE-2025-20319 (In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a ...)
+	TODO: check
+CVE-2025-20300 (In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and ...)
+	TODO: check
+CVE-2025-1351 (IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user t ...)
+	TODO: check
+CVE-2024-43334 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-43190 (IBM Engineering Requirements Management DOORS 9.7.2.9, under certain c ...)
+	TODO: check
+CVE-2024-37658 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote a ...)
+	TODO: check
+CVE-2024-37657 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote a ...)
+	TODO: check
+CVE-2024-37656 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote a ...)
+	TODO: check
+CVE-2024-25178 (LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow han ...)
+	TODO: check
+CVE-2024-25177 (LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL metatable, w ...)
+	TODO: check
+CVE-2024-25176 (LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in l ...)
+	TODO: check
+CVE-2023-51232 (Directory Traversal vulnerability in dagster-webserver Dagster thru 1. ...)
+	TODO: check
 CVE-2025-XXXX [RSS/SEARCH: Prevent opening local files if web page is expected]
 	- qbittorrent 5.1.0-2 (bug #1108843)
 	[bookworm] - qbittorrent <no-dsa> (Minor issue)
@@ -804,6 +1054,7 @@ CVE-2025-49005 (Next.js is a React framework for building full-stack web applica
 CVE-2024-11937 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-53367 (DjVuLibre is a GPL implementation of DjVu, a web-centric format for di ...)
+	{DSA-5960-1}
 	- djvulibre 3.5.28-2.1 (bug #1108729)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/07/03/1
 	NOTE: Fixed by: https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
@@ -3142,7 +3393,7 @@ CVE-2025-6032 (A flaw was found in Podman. The podman machine init command fails
 	NOTE: https://github.com/advisories/GHSA-65gg-3w2w-hr4h
 	NOTE: Fixed by: https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 (main)
 	NOTE: Fixed by: https://github.com/containers/podman/commit/1569c209829530b1f42e8c2fce851de8003ab3fe (v5.5.2)
-CVE-2025-5987
+CVE-2025-5987 (A flaw was found in libssh when using the ChaCha20 cipher with the Ope ...)
 	- libssh 0.11.2-1 (bug #1108407)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5987.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffa598ae56e59c697babf041891620f74679457

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffa598ae56e59c697babf041891620f74679457
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250707/b4f05152/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list