[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 11 21:12:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97372d4c by security tracker role at 2025-07-11T20:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,126 @@
-CVE-2025-48924
+CVE-2025-7503 (An OEM IP camera manufactured by Shenzhen Liandian Communication Techn ...)
+	TODO: check
+CVE-2025-7456 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2025-7455 (A vulnerability classified as critical was found in Campcodes Online M ...)
+	TODO: check
+CVE-2025-7454 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+	TODO: check
+CVE-2025-7453 (A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It h ...)
+	TODO: check
+CVE-2025-7452 (A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31f ...)
+	TODO: check
+CVE-2025-7450 (A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has be ...)
+	TODO: check
+CVE-2025-7029 (A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) all ...)
+	TODO: check
+CVE-2025-7028 (A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) all ...)
+	TODO: check
+CVE-2025-7027 (A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) all ...)
+	TODO: check
+CVE-2025-7026 (A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) all ...)
+	TODO: check
+CVE-2025-6851 (The Broken Link Notifier plugin for WordPress is vulnerable to Server- ...)
+	TODO: check
+CVE-2025-6838 (The Broken Link Notifier plugin for WordPress is vulnerable to CSV Inj ...)
+	TODO: check
+CVE-2025-6788 (CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists tha ...)
+	TODO: check
+CVE-2025-6549 (An Incorrect Authorization vulnerability in the web server of Juniper  ...)
+	TODO: check
+CVE-2025-6438 (CWE-611: Improper Restriction of XML External Entity Reference vulnera ...)
+	TODO: check
+CVE-2025-53642 (haxcms-nodejs and haxcms-php are backends for HAXcms. The logout funct ...)
+	TODO: check
+CVE-2025-53641 (Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, t ...)
+	TODO: check
+CVE-2025-52994 (gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS ...)
+	TODO: check
+CVE-2025-52989 (An Improper Neutralization of Delimiters vulnerability in the UI of Ju ...)
+	TODO: check
+CVE-2025-52988 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
+	TODO: check
+CVE-2025-52986 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
+	TODO: check
+CVE-2025-52985 (A Use of Incorrect Operator  vulnerability in the Routing Engine firew ...)
+	TODO: check
+CVE-2025-52984 (A NULL Pointer Dereference vulnerability in the routing protocol daemo ...)
+	TODO: check
+CVE-2025-52983 (A UI Discrepancy for Security Feature  vulnerability in the UI of Juni ...)
+	TODO: check
+CVE-2025-52982 (An Improper Resource Shutdown or Release vulnerability in the SIP ALG  ...)
+	TODO: check
+CVE-2025-52981 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2025-52980 (A Use of Incorrect Byte Ordering   vulnerability   in the Routing Prot ...)
+	TODO: check
+CVE-2025-52964 (A Reachable Assertion vulnerability in the Routing Protocol Daemon (rp ...)
+	TODO: check
+CVE-2025-52963 (An Improper Access Control vulnerability in the User Interface (UI) of ...)
+	TODO: check
+CVE-2025-52958 (A Reachable Assertion vulnerability in the routing protocol daemon (rp ...)
+	TODO: check
+CVE-2025-52955 (An Incorrect Calculation of Buffer Size vulnerability in the routing p ...)
+	TODO: check
+CVE-2025-52954 (A Missing Authorization vulnerability in the internal virtual routing  ...)
+	TODO: check
+CVE-2025-52953 (An Expected Behavior Violationvulnerability in the routing protocol da ...)
+	TODO: check
+CVE-2025-52952 (An Out-of-bounds Write vulnerability in the connectivity fault managem ...)
+	TODO: check
+CVE-2025-52951 (A Protection Mechanism Failure vulnerability in kernel filter processi ...)
+	TODO: check
+CVE-2025-52950 (AMissing Authorization vulnerability in Juniper Networks Security Dire ...)
+	TODO: check
+CVE-2025-52949 (An Improper Handling of Length Parameter Inconsistency vulnerability i ...)
+	TODO: check
+CVE-2025-52948 (An Improper Handling of Exceptional Conditions vulnerability in Berkel ...)
+	TODO: check
+CVE-2025-52947 (An Improper Handling of Exceptional Conditions vulnerability in route  ...)
+	TODO: check
+CVE-2025-52946 (A Use After Free vulnerability in the routing protocol daemon (rpd) of ...)
+	TODO: check
+CVE-2025-52089 (A hidden remote support feature protected by a static secret in TOTOLI ...)
+	TODO: check
+CVE-2025-51591 (A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attac ...)
+	TODO: check
+CVE-2025-50125 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that  ...)
+	TODO: check
+CVE-2025-50124 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
+	TODO: check
+CVE-2025-50123 (CWE-94: Improper Control of Generation of Code ('Code Injection') vuln ...)
+	TODO: check
+CVE-2025-50122 (CWE-331: Insufficient Entropy vulnerability exists that could cause ro ...)
+	TODO: check
+CVE-2025-50121 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
+	TODO: check
+CVE-2025-47964 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2025-47963 (No cwe for this issue in Microsoft Edge (Chromium-based) allows an una ...)
+	TODO: check
+CVE-2025-47182 (Improper input validation in Microsoft Edge (Chromium-based) allows an ...)
+	TODO: check
+CVE-2025-45582 (GNU Tar through 1.35 allows file overwrite via directory traversal in  ...)
+	TODO: check
+CVE-2025-43856 (immich is a high performance self-hosted photo and video management so ...)
+	TODO: check
+CVE-2025-3933 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
+	TODO: check
+CVE-2025-3631 (An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cau ...)
+	TODO: check
+CVE-2025-30661 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+	TODO: check
+CVE-2025-30403 (A heap-buffer-overflow vulnerability is possible in mvfst via a specia ...)
+	TODO: check
+CVE-2025-30402 (A heap-buffer-overflow vulnerability in the loading of ExecuTorch meth ...)
+	TODO: check
+CVE-2024-47065 (Meshtastic is an open source mesh networking solution. Prior to 2.5.1, ...)
+	TODO: check
+CVE-2023-38329 (An issue was discovered in eGroupWare 17.1.20190111. A cross-site scri ...)
+	TODO: check
+CVE-2023-38327 (An issue was discovered in eGroupWare 17.1.20190111. A User Enumeratio ...)
+	TODO: check
+CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang.  This iss ...)
 	- libcommons-lang3-java <unfixed> (bug #1109125)
 	- libcommons-lang-java <unfixed> (bug #1109126)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/07/11/1
@@ -128,9 +250,9 @@ CVE-2025-24798 (Meshtastic is an open source mesh networking solution. From 1.2.
 	NOT-FOR-US: Meshtastic
 CVE-2025-1727 (The protocol used for remote linking over RF for End-of-Train and  Hea ...)
 	NOT-FOR-US: End-of-Train and Head-of-Train remote linking protocol
-CVE-2025-53862
+CVE-2025-53862 (A flaw was found in Ansible. Three API endpoints are accessible and re ...)
 	NOT-FOR-US: Ansible Automation Platform
-CVE-2025-53861
+CVE-2025-53861 (A flaw was found in Ansible. Sensitive cookies without security flags  ...)
 	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flags are ...)
 	- libxslt <unfixed> (bug #1109122)
@@ -717962,8 +718084,8 @@ CVE-2013-3309
 	RESERVED
 CVE-2013-3308
 	RESERVED
-CVE-2013-3307
-	RESERVED
+CVE-2013-3307 (Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and ...)
+	TODO: check
 CVE-2013-3306
 	RESERVED
 CVE-2013-3305



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97372d4ccd22af69405d55769bc1eb09785a3cae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97372d4ccd22af69405d55769bc1eb09785a3cae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/d103daea/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list