[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 8 09:12:24 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d09ac1ec by security tracker role at 2025-07-08T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,201 @@
+CVE-2025-7346 (Any unauthenticated attacker can bypass the localhost restrictions po ...)
+ TODO: check
+CVE-2025-7327 (The Widget for Google Reviews plugin for WordPress is vulnerable to Di ...)
+ TODO: check
+CVE-2025-7168 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...)
+ TODO: check
+CVE-2025-7167 (A vulnerability was found in code-projects Responsive Blog Site 1.0. I ...)
+ TODO: check
+CVE-2025-7166 (A vulnerability was found in code-projects Responsive Blog Site 1.0. I ...)
+ TODO: check
+CVE-2025-7165 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Managemen ...)
+ TODO: check
+CVE-2025-7164 (A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Mana ...)
+ TODO: check
+CVE-2025-7163 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-7162 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-7161 (A vulnerability classified as critical was found in PHPGurukul Zoo Man ...)
+ TODO: check
+CVE-2025-7160 (A vulnerability classified as critical has been found in PHPGurukul Zo ...)
+ TODO: check
+CVE-2025-7159 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...)
+ TODO: check
+CVE-2025-7158 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...)
+ TODO: check
+CVE-2025-7157 (A vulnerability was found in code-projects Online Note Sharing 1.0. It ...)
+ TODO: check
+CVE-2025-7156 (A vulnerability has been found in hitsz-ids airda 0.0.3 and classified ...)
+ TODO: check
+CVE-2025-7155 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-7154 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-7153 (A vulnerability classified as problematic was found in CodeAstro Simpl ...)
+ TODO: check
+CVE-2025-7152 (A vulnerability classified as critical has been found in Campcodes Adv ...)
+ TODO: check
+CVE-2025-7151 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2025-7150 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2025-7149 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2025-7148 (A vulnerability was found in CodeAstro Simple Hospital Management Syst ...)
+ TODO: check
+CVE-2025-7147 (A vulnerability has been found in CodeAstro Patient Record Management ...)
+ TODO: check
+CVE-2025-7146 (The iPublish System developed by Jhenggao has an Arbitrary File Readin ...)
+ TODO: check
+CVE-2025-7144 (A vulnerability has been found in SourceCodester Best Salon Management ...)
+ TODO: check
+CVE-2025-6746 (The WoodMart plugin for WordPress is vulnerable to Local File Inclusio ...)
+ TODO: check
+CVE-2025-6743 (The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-6244 (The Essential Addons for Elementor \u2013 Popular Elementor Templates ...)
+ TODO: check
+CVE-2025-5957 (The Guest Support \u2013 Complete customer support ticket system for W ...)
+ TODO: check
+CVE-2025-5570 (The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-5537 (The Lightbox & Modal Popup WordPress Plugin \u2013 FooBox plugin for W ...)
+ TODO: check
+CVE-2025-53617
+ REJECTED
+CVE-2025-53616
+ REJECTED
+CVE-2025-53615
+ REJECTED
+CVE-2025-53614
+ REJECTED
+CVE-2025-53613
+ REJECTED
+CVE-2025-53612
+ REJECTED
+CVE-2025-53611
+ REJECTED
+CVE-2025-53610
+ REJECTED
+CVE-2025-43001 (SAPCAR allows an attacker logged in with high privileges to override t ...)
+ TODO: check
+CVE-2025-42992 (SAPCAR allows an attacker logged in with high privileges to create a m ...)
+ TODO: check
+CVE-2025-42986 (Due to a missing authorization check in an obsolete RFC enabled functi ...)
+ TODO: check
+CVE-2025-42985 (Due to insufficient sanitization in the SAP BusinessObjects Content Ad ...)
+ TODO: check
+CVE-2025-42981 (Due to an open redirect vulnerability in SAP NetWeaver Application Ser ...)
+ TODO: check
+CVE-2025-42980 (SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable ...)
+ TODO: check
+CVE-2025-42979 (The GuiXT application, which is integrated with SAP GUI for Windows, u ...)
+ TODO: check
+CVE-2025-42978 (The widely used component that establishes outbound TLS connections in ...)
+ TODO: check
+CVE-2025-42974 (Due to missing authorization check, an attacker authenticated as a non ...)
+ TODO: check
+CVE-2025-42973 (Due to a Cross-Site Scripting vulnerability in SAP Data Services Manag ...)
+ TODO: check
+CVE-2025-42971 (A memory corruption vulnerability exists in SAPCAR allowing an attacke ...)
+ TODO: check
+CVE-2025-42970 (SAPCAR improperly sanitizes the file paths while extracting SAPCAR arc ...)
+ TODO: check
+CVE-2025-42969 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an unau ...)
+ TODO: check
+CVE-2025-42968 (SAP NetWeaver allows an authenticated non-administrative user to call ...)
+ TODO: check
+CVE-2025-42967 (SAP S/4HANA and SAP SCM Characteristic Propagation has remote code exe ...)
+ TODO: check
+CVE-2025-42966 (SAP NetWeaver XML Data Archiving Service allows an authenticated attac ...)
+ TODO: check
+CVE-2025-42965 (SAP CMC Promotion Management allows an authenticated attacker to enume ...)
+ TODO: check
+CVE-2025-42964 (SAP NetWeaver Enterprise Portal Administration is vulnerable when a pr ...)
+ TODO: check
+CVE-2025-42963 (A critical vulnerability in SAP NetWeaver Application server for Java ...)
+ TODO: check
+CVE-2025-42962 (SAP Business Warehouse (Business Explorer Web) allows an attacker to c ...)
+ TODO: check
+CVE-2025-42961 (Due to a missing authorization check in SAP NetWeaver Application serv ...)
+ TODO: check
+CVE-2025-42960 (SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticat ...)
+ TODO: check
+CVE-2025-42959 (An unauthenticated attacker may exploit a scenario where a Hashed Mess ...)
+ TODO: check
+CVE-2025-42956 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an unau ...)
+ TODO: check
+CVE-2025-42954 (SAP NetWeaver Business Warehouse CCAW application allows a privileged ...)
+ TODO: check
+CVE-2025-42953 (SAP Netweaver System Configuration does not perform necessary authoriz ...)
+ TODO: check
+CVE-2025-42952 (SAP Business Warehouse and SAP Plug-In Basis allows an authenticated a ...)
+ TODO: check
+CVE-2025-41668 (A low privileged remote attacker with file access can replace a critic ...)
+ TODO: check
+CVE-2025-41667 (A low privileged remote attacker with file access can replace a critic ...)
+ TODO: check
+CVE-2025-41666 (A low privileged remote attacker with file access can replace a critic ...)
+ TODO: check
+CVE-2025-41665 (An low privileged remote attacker can enforce the watchdog of the affe ...)
+ TODO: check
+CVE-2025-38237 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2025-38236 (In the Linux kernel, the following vulnerability has been resolved: a ...)
+ TODO: check
+CVE-2025-31326 (SAP\ufffdBusinessObjects Business\ufffdIntelligence Platform (Web Inte ...)
+ TODO: check
+CVE-2025-25271 (An unauthenticated adjacent attacker is able to configure a new OCPP b ...)
+ TODO: check
+CVE-2025-25270 (An unauthenticated remote attacker can alter the device configuration ...)
+ TODO: check
+CVE-2025-25269 (An unauthenticated local attacker can inject a command that is subsequ ...)
+ TODO: check
+CVE-2025-25268 (An unauthenticated adjacent attacker can modify configuration by sendi ...)
+ TODO: check
+CVE-2025-24006 (A low privileged local attacker can leverage insecure permissions via ...)
+ TODO: check
+CVE-2025-24005 (A local attacker with a local user account can leverage a vulnerable s ...)
+ TODO: check
+CVE-2025-24004 (A physical attacker with access to the device display via USB-C can se ...)
+ TODO: check
+CVE-2025-24003 (An unauthenticated remote attacker can use MQTT messages to trigger ou ...)
+ TODO: check
+CVE-2025-24002 (An unauthenticated remote attacker can use MQTT messages to crash a se ...)
+ TODO: check
+CVE-2025-20695 (In Bluetooth FW, there is a possible system crash due to an uncaught e ...)
+ TODO: check
+CVE-2025-20694 (In Bluetooth FW, there is a possible system crash due to an uncaught e ...)
+ TODO: check
+CVE-2025-20693 (In wlan STA driver, there is a possible out of bounds read due to an i ...)
+ TODO: check
+CVE-2025-20692 (In wlan AP driver, there is a possible out of bounds read due to an in ...)
+ TODO: check
+CVE-2025-20691 (In wlan AP driver, there is a possible out of bounds read due to an in ...)
+ TODO: check
+CVE-2025-20690 (In wlan AP driver, there is a possible out of bounds read due to an in ...)
+ TODO: check
+CVE-2025-20689 (In wlan AP driver, there is a possible out of bounds read due to an in ...)
+ TODO: check
+CVE-2025-20688 (In wlan AP driver, there is a possible out of bounds read due to an in ...)
+ TODO: check
+CVE-2025-20687 (In Bluetooth driver, there is a possible out of bounds read due to an ...)
+ TODO: check
+CVE-2025-20686 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20685 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20684 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20683 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20682 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20681 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20680 (In Bluetooth driver, there is a possible out of bounds write due to an ...)
+ TODO: check
CVE-2025-7259 (An authorized user can issue queries with duplicate _id fields, that l ...)
- mongodb <removed>
CVE-2025-7143 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -7203,9 +7401,9 @@ CVE-2025-49795 (A NULL pointer dereference vulnerability was found in libxml2 wh
- libxml2 <unfixed> (bug #1107753)
[bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
- NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)
- NOTE: Follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)
- NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)
+ NOTE: Follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)
CVE-2025-49796 (A vulnerability was found in libxml2. Processing certain sch:name elem ...)
- libxml2 <unfixed> (bug #1107752)
[bookworm] - libxml2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d09ac1ec9165cc72bd4cdaf107776d6eebd6f9dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d09ac1ec9165cc72bd4cdaf107776d6eebd6f9dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/580d64ed/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list