[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 8 21:12:57 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
77fbe6c1 by security tracker role at 2025-07-08T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,572 @@
-CVE-2025-48386
+CVE-2025-7363 (The TitleIcon extension for MediaWiki is vulnerable to stored XSS thro ...)
+ TODO: check
+CVE-2025-7362 (The MsUpload extension for MediaWiki is vulnerable to stored XSS via t ...)
+ TODO: check
+CVE-2025-7345 (A flaw exists in gdk\u2011pixbuf within the gdk_pixbuf__jpeg_image_loa ...)
+ TODO: check
+CVE-2025-7326 (Weak authentication in EOLASP.NET Core allows an unauthorized attacker ...)
+ TODO: check
+CVE-2025-7193 (A vulnerability was found in itsourcecode Agri-Trading Online Shopping ...)
+ TODO: check
+CVE-2025-7192 (A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classifi ...)
+ TODO: check
+CVE-2025-7191 (A vulnerability has been found in code-projects Student Enrollment Sys ...)
+ TODO: check
+CVE-2025-7190 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-7189 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7188 (A vulnerability classified as critical was found in code-projects Chat ...)
+ TODO: check
+CVE-2025-7187 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-7186 (A vulnerability was found in code-projects Chat System 1.0. It has bee ...)
+ TODO: check
+CVE-2025-7185 (A vulnerability was found in code-projects Library System 1.0. It has ...)
+ TODO: check
+CVE-2025-7184 (A vulnerability was found in code-projects Library System 1.0. It has ...)
+ TODO: check
+CVE-2025-7183 (A vulnerability was found in Campcodes Sales and Inventory System 1.0 ...)
+ TODO: check
+CVE-2025-7182 (A vulnerability has been found in itsourcecode Student Transcript Proc ...)
+ TODO: check
+CVE-2025-7181 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-7180 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7179 (A vulnerability classified as critical was found in code-projects Libr ...)
+ TODO: check
+CVE-2025-7178 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-7177 (A vulnerability was found in PHPGurukul Car Washing Management System ...)
+ TODO: check
+CVE-2025-7176 (A vulnerability was found in PHPGurukul Hospital Management System 1.0 ...)
+ TODO: check
+CVE-2025-7175 (A vulnerability was found in code-projects E-Commerce Site 1.0. It has ...)
+ TODO: check
+CVE-2025-7174 (A vulnerability was found in code-projects Library System 1.0 and clas ...)
+ TODO: check
+CVE-2025-7173 (A vulnerability has been found in code-projects Library System 1.0 and ...)
+ TODO: check
+CVE-2025-7172 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-7171 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7170 (A vulnerability classified as critical was found in code-projects Crim ...)
+ TODO: check
+CVE-2025-7169 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-7037 (SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2 ...)
+ TODO: check
+CVE-2025-6996 (Improper use of encryption in the agent of Ivanti Endpoint Manager bef ...)
+ TODO: check
+CVE-2025-6995 (Improper use of encryption in the agent of Ivanti Endpoint Manager bef ...)
+ TODO: check
+CVE-2025-6771 (OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before v ...)
+ TODO: check
+CVE-2025-6770 (OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before v ...)
+ TODO: check
+CVE-2025-6744 (The The Woodmart theme for WordPress is vulnerable to arbitrary shortc ...)
+ TODO: check
+CVE-2025-5464 (Insertion of sensitive information into a log file in Ivanti Connect S ...)
+ TODO: check
+CVE-2025-5463 (Insertion of sensitive information into a log file in Ivanti Connect S ...)
+ TODO: check
+CVE-2025-5451 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
+ TODO: check
+CVE-2025-5450 (Improper access control in the certificate management component of Iva ...)
+ TODO: check
+CVE-2025-53545 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
+ TODO: check
+CVE-2025-53513 (The /charms endpoint on a Juju controller lacked sufficient authorizat ...)
+ TODO: check
+CVE-2025-53512 (The /log endpoint on a Juju controller lacked sufficient authorization ...)
+ TODO: check
+CVE-2025-53480 (The CheckUser extension\u2019s Special:Investigate page has a vulnerab ...)
+ TODO: check
+CVE-2025-53479 (The CheckUser extension\u2019s Special:CheckUser interface is vulnerab ...)
+ TODO: check
+CVE-2025-53372 (node-code-sandbox-mcp is a Node.js\u2013based Model Context Protocol s ...)
+ TODO: check
+CVE-2025-53355 (MCP Server Kubernetes is an MCP Server that can connect to a Kubernete ...)
+ TODO: check
+CVE-2025-50130 (A heap-based buffer overflow vulnerability exists in VS6Sim.exe contai ...)
+ TODO: check
+CVE-2025-4663 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2025-49760 (External control of file name or path in Windows Storage allows an aut ...)
+ TODO: check
+CVE-2025-49756 (Use of a broken or risky cryptographic algorithm in Office Developer P ...)
+ TODO: check
+CVE-2025-49753 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49744 (Heap-based buffer overflow in Microsoft Graphics Component allows an a ...)
+ TODO: check
+CVE-2025-49742 (Integer overflow or wraparound in Microsoft Graphics Component allows ...)
+ TODO: check
+CVE-2025-49740 (Protection mechanism failure in Windows SmartScreen allows an unauthor ...)
+ TODO: check
+CVE-2025-49739 (Improper link resolution before file access ('link following') in Visu ...)
+ TODO: check
+CVE-2025-49738 (Improper link resolution before file access ('link following') in Micr ...)
+ TODO: check
+CVE-2025-49737 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-49735 (Use after free in Windows KDC Proxy Service (KPSSVC) allows an unautho ...)
+ TODO: check
+CVE-2025-49733 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...)
+ TODO: check
+CVE-2025-49732 (Heap-based buffer overflow in Microsoft Graphics Component allows an a ...)
+ TODO: check
+CVE-2025-49731 (Improper handling of insufficient permissions or privileges in Microso ...)
+ TODO: check
+CVE-2025-49730 (Time-of-check time-of-use (toctou) race condition in Microsoft Windows ...)
+ TODO: check
+CVE-2025-49729 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49727 (Heap-based buffer overflow in Windows Win32K - GRFX allows an authoriz ...)
+ TODO: check
+CVE-2025-49726 (Use after free in Windows Notification allows an authorized attacker t ...)
+ TODO: check
+CVE-2025-49725 (Use after free in Windows Notification allows an authorized attacker t ...)
+ TODO: check
+CVE-2025-49724 (Use after free in Windows Connected Devices Platform Service allows an ...)
+ TODO: check
+CVE-2025-49723 (Missing authorization in Windows StateRepository API allows an authori ...)
+ TODO: check
+CVE-2025-49722 (Uncontrolled resource consumption in Windows Print Spooler Components ...)
+ TODO: check
+CVE-2025-49721 (Heap-based buffer overflow in Windows Fast FAT Driver allows an unauth ...)
+ TODO: check
+CVE-2025-49719 (Improper input validation in SQL Server allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-49718 (Use of uninitialized resource in SQL Server allows an unauthorized att ...)
+ TODO: check
+CVE-2025-49717 (Heap-based buffer overflow in SQL Server allows an authorized attacker ...)
+ TODO: check
+CVE-2025-49716 (Uncontrolled resource consumption in Windows Netlogon allows an unauth ...)
+ TODO: check
+CVE-2025-49714 (Trust boundary violation in Visual Studio Code - Python extension allo ...)
+ TODO: check
+CVE-2025-49711 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-49706 (Improper authentication in Microsoft Office SharePoint allows an autho ...)
+ TODO: check
+CVE-2025-49705 (Heap-based buffer overflow in Microsoft Office PowerPoint allows an un ...)
+ TODO: check
+CVE-2025-49704 (Improper control of generation of code ('code injection') in Microsoft ...)
+ TODO: check
+CVE-2025-49703 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-49702 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2025-49701 (Improper authorization in Microsoft Office SharePoint allows an author ...)
+ TODO: check
+CVE-2025-49700 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-49699 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-49698 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-49697 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
+ TODO: check
+CVE-2025-49696 (Out-of-bounds read in Microsoft Office allows an unauthorized attacker ...)
+ TODO: check
+CVE-2025-49695 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-49694 (Null pointer dereference in Microsoft Brokering File System allows an ...)
+ TODO: check
+CVE-2025-49693 (Double free in Microsoft Brokering File System allows an authorized at ...)
+ TODO: check
+CVE-2025-49691 (Heap-based buffer overflow in Windows Media allows an unauthorized att ...)
+ TODO: check
+CVE-2025-49690 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-49689 (Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an u ...)
+ TODO: check
+CVE-2025-49688 (Double free in Windows Routing and Remote Access Service (RRAS) allows ...)
+ TODO: check
+CVE-2025-49687 (Out-of-bounds read in Microsoft Input Method Editor (IME) allows an au ...)
+ TODO: check
+CVE-2025-49686 (Null pointer dereference in Windows TCP/IP allows an authorized attack ...)
+ TODO: check
+CVE-2025-49685 (Use after free in Microsoft Windows Search Component allows an authori ...)
+ TODO: check
+CVE-2025-49684 (Buffer over-read in Storage Port Driver allows an authorized attacker ...)
+ TODO: check
+CVE-2025-49683 (Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an u ...)
+ TODO: check
+CVE-2025-49682 (Use after free in Windows Media allows an authorized attacker to eleva ...)
+ TODO: check
+CVE-2025-49681 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
+ TODO: check
+CVE-2025-49680 (Improper link resolution before file access ('link following') in Wind ...)
+ TODO: check
+CVE-2025-49679 (Numeric truncation error in Windows Shell allows an authorized attacke ...)
+ TODO: check
+CVE-2025-49678 (Null pointer dereference in Windows NTFS allows an authorized attacker ...)
+ TODO: check
+CVE-2025-49677 (Use after free in Microsoft Brokering File System allows an authorized ...)
+ TODO: check
+CVE-2025-49676 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49675 (Use after free in Kernel Streaming WOW Thunk Service Driver allows an ...)
+ TODO: check
+CVE-2025-49674 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49673 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49672 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49671 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-49670 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49669 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49668 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49667 (Double free in Windows Win32K - ICOMP allows an authorized attacker to ...)
+ TODO: check
+CVE-2025-49666 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
+ TODO: check
+CVE-2025-49665 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-49664 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-49663 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-49661 (Untrusted pointer dereference in Windows Ancillary Function Driver for ...)
+ TODO: check
+CVE-2025-49660 (Use after free in Windows Event Tracing allows an authorized attacker ...)
+ TODO: check
+CVE-2025-49659 (Buffer over-read in Windows TDX.sys allows an authorized attacker to e ...)
+ TODO: check
+CVE-2025-49658 (Out-of-bounds read in Windows TDX.sys allows an authorized attacker to ...)
+ TODO: check
+CVE-2025-49657 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-48824 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-48823 (Cryptographic issues in Windows Cryptographic Services allows an unaut ...)
+ TODO: check
+CVE-2025-48822 (Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker ...)
+ TODO: check
+CVE-2025-48821 (Use after free in Windows Universal Plug and Play (UPnP) Device Host a ...)
+ TODO: check
+CVE-2025-48820 (Improper link resolution before file access ('link following') in Wind ...)
+ TODO: check
+CVE-2025-48819 (Sensitive data storage in improperly locked memory in Windows Universa ...)
+ TODO: check
+CVE-2025-48818 (Time-of-check time-of-use (toctou) race condition in Windows BitLocker ...)
+ TODO: check
+CVE-2025-48817 (Relative path traversal in Remote Desktop Client allows an unauthorize ...)
+ TODO: check
+CVE-2025-48816 (Integer overflow or wraparound in HID class driver allows an authorize ...)
+ TODO: check
+CVE-2025-48815 (Access of resource using incompatible type ('type confusion') in Windo ...)
+ TODO: check
+CVE-2025-48814 (Missing authentication for critical function in Windows Remote Desktop ...)
+ TODO: check
+CVE-2025-48812 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
+ TODO: check
+CVE-2025-48811 (Missing support for integrity check in Windows Virtualization-Based Se ...)
+ TODO: check
+CVE-2025-48810 (Processor optimization removal or modification of security-critical co ...)
+ TODO: check
+CVE-2025-48809 (Processor optimization removal or modification of security-critical co ...)
+ TODO: check
+CVE-2025-48808 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-48806 (Use after free in Microsoft MPEG-2 Video Extension allows an authorize ...)
+ TODO: check
+CVE-2025-48805 (Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows ...)
+ TODO: check
+CVE-2025-48804 (Acceptance of extraneous untrusted data with trusted data in Windows B ...)
+ TODO: check
+CVE-2025-48803 (Missing support for integrity check in Windows Virtualization-Based Se ...)
+ TODO: check
+CVE-2025-48802 (Improper certificate validation in Windows SMB allows an authorized at ...)
+ TODO: check
+CVE-2025-48800 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
+ TODO: check
+CVE-2025-48799 (Improper link resolution before file access ('link following') in Wind ...)
+ TODO: check
+CVE-2025-48003 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
+ TODO: check
+CVE-2025-48002 (Integer overflow or wraparound in Windows Hyper-V allows an authorized ...)
+ TODO: check
+CVE-2025-48001 (Time-of-check time-of-use (toctou) race condition in Windows BitLocker ...)
+ TODO: check
+CVE-2025-48000 (Use after free in Windows Connected Devices Platform Service allows an ...)
+ TODO: check
+CVE-2025-47999 (Missing synchronization in Windows Hyper-V allows an authorized attack ...)
+ TODO: check
+CVE-2025-47998 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-47996 (Integer underflow (wrap or wraparound) in Windows MBT Transport driver ...)
+ TODO: check
+CVE-2025-47994 (Deserialization of untrusted data in Microsoft Office allows an unauth ...)
+ TODO: check
+CVE-2025-47993 (Improper access control in Microsoft PC Manager allows an authorized a ...)
+ TODO: check
+CVE-2025-47991 (Use after free in Microsoft Input Method Editor (IME) allows an author ...)
+ TODO: check
+CVE-2025-47988 (Improper control of generation of code ('code injection') in Azure Mon ...)
+ TODO: check
+CVE-2025-47987 (Heap-based buffer overflow in Windows Cred SSProvider Protocol allows ...)
+ TODO: check
+CVE-2025-47986 (Use after free in Universal Print Management Service allows an authori ...)
+ TODO: check
+CVE-2025-47985 (Untrusted pointer dereference in Windows Event Tracing allows an autho ...)
+ TODO: check
+CVE-2025-47984 (Protection mechanism failure in Windows GDI allows an unauthorized att ...)
+ TODO: check
+CVE-2025-47982 (Improper input validation in Windows Storage VSP Driver allows an auth ...)
+ TODO: check
+CVE-2025-47981 (Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allo ...)
+ TODO: check
+CVE-2025-47980 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-47978 (Out-of-bounds read in Windows Kerberos allows an authorized attacker t ...)
+ TODO: check
+CVE-2025-47976 (Use after free in Windows SSDP Service allows an authorized attacker t ...)
+ TODO: check
+CVE-2025-47975 (Double free in Windows SSDP Service allows an authorized attacker to e ...)
+ TODO: check
+CVE-2025-47973 (Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized at ...)
+ TODO: check
+CVE-2025-47972 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-47971 (Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized at ...)
+ TODO: check
+CVE-2025-47422 (Advanced Installer before 22.6 has an uncontrolled search path element ...)
+ TODO: check
+CVE-2025-47178 (Improper neutralization of special elements used in an sql command ('s ...)
+ TODO: check
+CVE-2025-47159 (Protection mechanism failure in Windows Virtualization-Based Security ...)
+ TODO: check
+CVE-2025-47135 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds ...)
+ TODO: check
+CVE-2025-47109 (After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL ...)
+ TODO: check
+CVE-2025-43587 (After Effects versions 25.2, 24.6.6 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-43580 (Audition versions 25.2, 24.6.3 and earlier are affected by an Access o ...)
+ TODO: check
+CVE-2025-43019 (A potential security vulnerability has been identified in the HP Suppo ...)
+ TODO: check
+CVE-2025-41224 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All ver ...)
+ TODO: check
+CVE-2025-41223 (A vulnerability has been identified in RUGGEDCOM i800 (All versions), ...)
+ TODO: check
+CVE-2025-41222 (A vulnerability has been identified in RUGGEDCOM i800 (All versions), ...)
+ TODO: check
+CVE-2025-40742 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
+ TODO: check
+CVE-2025-40741 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
+ TODO: check
+CVE-2025-40740 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
+ TODO: check
+CVE-2025-40739 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
+ TODO: check
+CVE-2025-40738 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
+ TODO: check
+CVE-2025-40737 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
+ TODO: check
+CVE-2025-40736 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
+ TODO: check
+CVE-2025-40735 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
+ TODO: check
+CVE-2025-40721 (Reflected Cross-site Scripting (XSS) vulnerability in versions prior t ...)
+ TODO: check
+CVE-2025-40720 (Reflected Cross-site Scripting (XSS) vulnerability in versions prior t ...)
+ TODO: check
+CVE-2025-40719 (Reflected Cross-site Scripting (XSS) vulnerability in versions prior t ...)
+ TODO: check
+CVE-2025-40718 (Improper error handling vulnerability in versions prior to 4.7.0 of Qu ...)
+ TODO: check
+CVE-2025-40717 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40716 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40715 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40714 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40713 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40712 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40711 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
+ TODO: check
+CVE-2025-40593 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2025-3648 (A vulnerability has been identified in the Now Platform that could res ...)
+ TODO: check
+CVE-2025-3630 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6 ...)
+ TODO: check
+CVE-2025-37103 (Hard-coded login credentials were found in HPE Networking Instant On ...)
+ TODO: check
+CVE-2025-37102 (An authenticated command injection vulnerability exists in the Command ...)
+ TODO: check
+CVE-2025-36600 (Dell Client Platform BIOS contains an Improper Access Control Applied ...)
+ TODO: check
+CVE-2025-33054 (Insufficient UI warning of dangerous operations in Remote Desktop Clie ...)
+ TODO: check
+CVE-2025-30312 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds ...)
+ TODO: check
+CVE-2025-2827 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 throu ...)
+ TODO: check
+CVE-2025-2793 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6 ...)
+ TODO: check
+CVE-2025-29267 (SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP ...)
+ TODO: check
+CVE-2025-27369 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to informa ...)
+ TODO: check
+CVE-2025-27367 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper ...)
+ TODO: check
+CVE-2025-27127 (A vulnerability has been identified in TIA Project-Server (All version ...)
+ TODO: check
+CVE-2025-27061 (Memory corruption whhile handling the subsystem failure memory during ...)
+ TODO: check
+CVE-2025-27058 (Memory corruption while processing packet data with exceedingly large ...)
+ TODO: check
+CVE-2025-27057 (Transient DOS while handling beacon frames with invalid IE header leng ...)
+ TODO: check
+CVE-2025-27056 (Memory corruption during sub-system restart while processing clean-up ...)
+ TODO: check
+CVE-2025-27055 (Memory corruption during the image encoding process.)
+ TODO: check
+CVE-2025-27052 (Memory corruption while processing data packets in diag received from ...)
+ TODO: check
+CVE-2025-27051 (Memory corruption while processing command message in WLAN Host.)
+ TODO: check
+CVE-2025-27050 (Memory corruption while processing event close when client process ter ...)
+ TODO: check
+CVE-2025-27047 (Memory corruption while processing the TESTPATTERNCONFIG escape path.)
+ TODO: check
+CVE-2025-27046 (Memory corruption while processing multiple simultaneous escape calls.)
+ TODO: check
+CVE-2025-27044 (Memory corruption while executing timestamp video decode command with ...)
+ TODO: check
+CVE-2025-27043 (Memory corruption while processing manipulated payload in video firmwa ...)
+ TODO: check
+CVE-2025-27042 (Memory corruption while processing video packets received from video f ...)
+ TODO: check
+CVE-2025-26636 (Processor optimization removal or modification of security-critical co ...)
+ TODO: check
+CVE-2025-24474 (An Improper Neutralization of Special Elements used in an SQL Command ...)
+ TODO: check
+CVE-2025-23365 (A vulnerability has been identified in TIA Administrator (All versions ...)
+ TODO: check
+CVE-2025-23364 (A vulnerability has been identified in TIA Administrator (All versions ...)
+ TODO: check
+CVE-2025-21466 (Memory corruption while processing a private escape command in an even ...)
+ TODO: check
+CVE-2025-21454 (Transient DOS while processing received beacon frame.)
+ TODO: check
+CVE-2025-21450 (Cryptographic issue occurs due to use of insecure connection method wh ...)
+ TODO: check
+CVE-2025-21449 (Transient DOS may occur while processing malformed length field in SSI ...)
+ TODO: check
+CVE-2025-21446 (Transient DOS may occur when processing vendor-specific information el ...)
+ TODO: check
+CVE-2025-21445 (Memory corruption while copying the result to the transmission queue w ...)
+ TODO: check
+CVE-2025-21444 (Memory corruption while copying the result to the transmission queue i ...)
+ TODO: check
+CVE-2025-21433 (Transient DOS when importing a PKCS#8-encoded RSA private key with a z ...)
+ TODO: check
+CVE-2025-21432 (Memory corruption while retrieving the CBOR data from TA.)
+ TODO: check
+CVE-2025-21427 (Information disclosure while decoding this RTP packet Payload when UE ...)
+ TODO: check
+CVE-2025-21426 (Memory corruption while processing camera TPG write request.)
+ TODO: check
+CVE-2025-21422 (Cryptographic issue while processing crypto API calls, missing checks ...)
+ TODO: check
+CVE-2025-21195 (Improper link resolution before file access ('link following') in Serv ...)
+ TODO: check
+CVE-2025-21168 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-21167 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-21166 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-21165 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-21164 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-21009 (Out-of-bounds read in decoding malformed frame header in libsavsvc.so ...)
+ TODO: check
+CVE-2025-21008 (Out-of-bounds read in decoding frame header in libsavsvc.so prior to A ...)
+ TODO: check
+CVE-2025-21007 (Out-of-bounds write in accessing uninitialized memory in libsavsvc.so ...)
+ TODO: check
+CVE-2025-21006 (Out-of-bounds write in handling of macro blocks for MPEG4 codec in lib ...)
+ TODO: check
+CVE-2025-21005 (Improper access control in isemtelephony prior to Android 15 allows lo ...)
+ TODO: check
+CVE-2025-21004 (Improper verification of intent by broadcast receiver in System UI for ...)
+ TODO: check
+CVE-2025-21003 (Insecure storage of sensitive information in Emergency SOS prior to SM ...)
+ TODO: check
+CVE-2025-21002 (Improper access control in LeAudioService prior to SMR Jul-2025 Releas ...)
+ TODO: check
+CVE-2025-21001 (Improper access control in LeAudioService prior to SMR Jul-2025 Releas ...)
+ TODO: check
+CVE-2025-21000 (Improper privilege management in Bluetooth prior to SMR Jul-2025 Relea ...)
+ TODO: check
+CVE-2025-20999 (Improper authorization in accessing saved Wi-Fi password for Galaxy Ta ...)
+ TODO: check
+CVE-2025-20998 (Improper access control in SamsungAccount for Galaxy Watch prior to SM ...)
+ TODO: check
+CVE-2025-20997 (Incorrect default permission in Framework for Galaxy Watch prior to SM ...)
+ TODO: check
+CVE-2025-20983 (Out-of-bounds write in checking auth secret in KnoxVault trustlet prio ...)
+ TODO: check
+CVE-2025-20982 (Out-of-bounds write in setting auth secret in KnoxVault trustlet prior ...)
+ TODO: check
+CVE-2025-0928 (In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controll ...)
+ TODO: check
+CVE-2025-0293 (CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Iv ...)
+ TODO: check
+CVE-2025-0292 (SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Polic ...)
+ TODO: check
+CVE-2024-55599 (An Improperly Implemented Security Check for Standard vulnerability [C ...)
+ TODO: check
+CVE-2024-53009 (Memory corruption while operating the mailbox in Automotive.)
+ TODO: check
+CVE-2024-52965 (A missing critical step in authentication vulnerability [CWE-304] in F ...)
+ TODO: check
+CVE-2024-49784 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expe ...)
+ TODO: check
+CVE-2024-49783 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than ex ...)
+ TODO: check
+CVE-2024-36349 (A transient execution vulnerability in some AMD processors may allow a ...)
+ TODO: check
+CVE-2024-36348 (A transient execution vulnerability in some AMD processors may allow a ...)
+ TODO: check
+CVE-2024-31854 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...)
+ TODO: check
+CVE-2024-31853 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...)
+ TODO: check
+CVE-2023-52236 (A vulnerability has been identified in RUGGEDCOM i800 (All versions), ...)
+ TODO: check
+CVE-2023-43039 (IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. T ...)
+ TODO: check
+CVE-2025-48386 (Git is a fast, scalable, distributed revision control system with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Fixed by: https://github.com/git/git/commit/9de345cb273cc7faaeda279c7e07149d8a15a319 (v2.43.7)
-CVE-2025-48385
+CVE-2025-48385 (Git is a fast, scalable, distributed revision control system with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Fixed by: https://github.com/git/git/commit/35cb1bb0b92c132249d932c05bbd860d410e12d4 (v2.43.7)
-CVE-2025-48384
+CVE-2025-48384 (Git is a fast, scalable, distributed revision control system with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
@@ -29,7 +587,7 @@ CVE-2025-27613
- git <unfixed>
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
-CVE-2024-36357 [TSA-L1 (TSA in the L1 data cache)]
+CVE-2024-36357 (A transient execution vulnerability in some AMD processors may allow a ...)
- amd64-microcode <unfixed>
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -39,7 +597,7 @@ CVE-2024-36357 [TSA-L1 (TSA in the L1 data cache)]
NOTE: https://aka.ms/enter-exit-leak
NOTE: https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
TODO: check amd64-microcode update covering the updates
-CVE-2024-36350 [TSA-SQ (TSA in the Store Queues)]
+CVE-2024-36350 (A transient execution vulnerability in some AMD processors may allow a ...)
- amd64-microcode <unfixed>
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -390,7 +948,7 @@ CVE-2025-53526 (WeGIA is a web manager for charitable institutions. An XSS Injec
NOT-FOR-US: WeGIA
CVE-2025-53525 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
NOT-FOR-US: WeGIA
-CVE-2025-53499 (: Missing Authorization vulnerability in Wikimedia Foundation Mediawik ...)
+CVE-2025-53499 (Missing Authorization vulnerability in Wikimedia Foundation Mediawiki ...)
NOT-FOR-US: MediaWiki extension AbuseFilter
CVE-2025-53498 (: Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki ...)
NOT-FOR-US: MediaWiki extension AbuseFilter
@@ -15774,7 +16332,7 @@ CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29
NOTE: https://github.com/nodejs/undici/issues/3895
NOTE: https://github.com/nodejs/undici/pull/4088
NOTE: Fixed by: https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25 (v7.5.0)
-CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege Vulnerability)
+CVE-2025-47161 (Improper access control in Microsoft Defender for Endpoint allows an a ...)
NOT-FOR-US: Lichess Lila
CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is compatib ...)
NOT-FOR-US: Microsoft
@@ -18199,6 +18757,7 @@ CVE-2024-8973 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2025-0549 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2025-43904
+ {DSA-5961-1}
- slurm-wlm 24.11.5-1 (bug #1104929)
[bullseye] - slurm-wlm <end-of-life> (see #1071127)
NOTE: https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/
@@ -85819,7 +86378,7 @@ CVE-2024-43616 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-43615 (Microsoft OpenSSH for Windows Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-43614 (Microsoft Defender for Endpoint for Linux Spoofing Vulnerability)
+CVE-2024-43614 (Relative path traversal in Microsoft Defender for Endpoint allows an a ...)
NOT-FOR-US: Microsoft
CVE-2024-43612 (Power BI Report Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -727165,13 +727724,13 @@ CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achiev
NOT-FOR-US: Achievo
CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...)
NOT-FOR-US: Achievo
-CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic Syst ...)
+CVE-2012-5864 (These Sinapsi devices do not check if users that visit pages within t ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
-CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
+CVE-2012-5863 (These Sinapsi devices do not check for special elements in commands se ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
-CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
+CVE-2012-5862 (These Sinapsi devices store hard-coded passwords in the PHP file of th ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
-CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Pho ...)
+CVE-2012-5861 (These Sinapsi devices do not check the validity of the data before ex ...)
NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 s ...)
NOT-FOR-US: ID-One COSMO
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77fbe6c1fdf81e5bcf3716645cb34e8d28bea3d9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77fbe6c1fdf81e5bcf3716645cb34e8d28bea3d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/f062e3af/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list