[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 14 09:12:52 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d386d4e9 by security tracker role at 2025-07-14T08:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2025-7620 (The cross-browser document creation component produced by Digitware Sy ...)
+ TODO: check
+CVE-2025-7619 (BatchSignCS, a background Windows application developed by WellChoose, ...)
+ TODO: check
+CVE-2025-7586 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been de ...)
+ TODO: check
+CVE-2025-7585 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+ TODO: check
+CVE-2025-7584 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+ TODO: check
+CVE-2025-7583 (A vulnerability has been found in PHPGurukul Online Fire Reporting Sys ...)
+ TODO: check
+CVE-2025-7582 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-7581 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7580 (A vulnerability classified as critical was found in code-projects Voti ...)
+ TODO: check
+CVE-2025-7579 (A vulnerability was found in chinese-poetry 0.1. It has been rated as ...)
+ TODO: check
+CVE-2025-7578 (A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Ser ...)
+ TODO: check
+CVE-2025-7577 (A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Ser ...)
+ TODO: check
+CVE-2025-7576 (A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Ser ...)
+ TODO: check
+CVE-2025-7575 (A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and cla ...)
+ TODO: check
+CVE-2025-7574 (A vulnerability, which was classified as critical, was found in LB-LIN ...)
+ TODO: check
+CVE-2025-7573 (A vulnerability, which was classified as critical, has been found in L ...)
+ TODO: check
+CVE-2025-7572 (A vulnerability classified as critical was found in LB-LINK BL-AC1900, ...)
+ TODO: check
+CVE-2025-7571 (A vulnerability classified as critical has been found in UTT HiPER 840 ...)
+ TODO: check
+CVE-2025-7570 (A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has ...)
+ TODO: check
+CVE-2025-7569 (A vulnerability was found in Bigotry OneBase up to 1.3.6. It has been ...)
+ TODO: check
+CVE-2025-7568 (A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been c ...)
+ TODO: check
+CVE-2025-7567 (A vulnerability was found in ShopXO up to 6.5.0 and classified as prob ...)
+ TODO: check
+CVE-2025-7566 (A vulnerability has been found in jshERP up to 3.5 and classified as c ...)
+ TODO: check
+CVE-2025-7565 (A vulnerability, which was classified as critical, was found in LB-LIN ...)
+ TODO: check
+CVE-2025-7564 (A vulnerability, which was classified as critical, has been found in L ...)
+ TODO: check
+CVE-2025-7563 (A vulnerability classified as critical was found in PHPGurukul Online ...)
+ TODO: check
+CVE-2025-7562 (A vulnerability classified as critical has been found in PHPGurukul On ...)
+ TODO: check
+CVE-2025-7561 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+ TODO: check
+CVE-2025-7560 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+ TODO: check
+CVE-2025-7559 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+ TODO: check
+CVE-2025-7558 (A vulnerability was found in code-projects Voting System 1.0 and class ...)
+ TODO: check
+CVE-2025-7557 (A vulnerability has been found in code-projects Voting System 1.0 and ...)
+ TODO: check
+CVE-2025-7556 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-7555 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7554 (A vulnerability classified as problematic was found in Sapido RB-1802 ...)
+ TODO: check
+CVE-2025-7553 (A vulnerability classified as critical has been found in D-Link DIR-81 ...)
+ TODO: check
+CVE-2025-7552 (A vulnerability was found in Dromara Northstar up to 7.3.5. It has bee ...)
+ TODO: check
+CVE-2025-7551 (A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been d ...)
+ TODO: check
+CVE-2025-7550 (A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been c ...)
+ TODO: check
+CVE-2025-7549 (A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified ...)
+ TODO: check
+CVE-2025-7548 (A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and class ...)
+ TODO: check
+CVE-2025-7547 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2025-7546 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-7545 (A vulnerability classified as problematic was found in GNU Binutils 2. ...)
+ TODO: check
+CVE-2025-7544 (A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rat ...)
+ TODO: check
+CVE-2025-7543 (A vulnerability was found in PHPGurukul User Registration & Login and ...)
+ TODO: check
+CVE-2025-7542 (A vulnerability was found in PHPGurukul User Registration & Login and ...)
+ TODO: check
+CVE-2025-7541 (A vulnerability has been found in code-projects Online Appointment Boo ...)
+ TODO: check
+CVE-2025-7451 (The iSherlock developed by Hgiga has an OS Command Injection vulnerabi ...)
+ TODO: check
+CVE-2025-7380 (A stored Cross-Site Scripting (XSS) vulnerability exists in the Access ...)
+ TODO: check
+CVE-2025-29606 (py-libp2p before 0.2.3 allows a peer to cause a denial of service (res ...)
+ TODO: check
+CVE-2025-25180 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2025-1384 (Least Privilege Violation (CWE-272) Vulnerability exists in the commun ...)
+ TODO: check
+CVE-2024-58258 (SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API m ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0042]
- rust-static-alloc <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0042.html
@@ -221,11 +329,11 @@ CVE-2025-6851 (The Broken Link Notifier plugin for WordPress is vulnerable to Se
NOT-FOR-US: WordPress plugin
CVE-2025-6838 (The Broken Link Notifier plugin for WordPress is vulnerable to CSV Inj ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-6788 (CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists tha ...)
+CVE-2025-6788 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...)
NOT-FOR-US: Schneider Electric
CVE-2025-6549 (An Incorrect Authorization vulnerability in the web server of Juniper ...)
NOT-FOR-US: Juniper
-CVE-2025-6438 (CWE-611: Improper Restriction of XML External Entity Reference vulnera ...)
+CVE-2025-6438 (A CWE-611: Improper Restriction of XML External Entity Referenc ...)
NOT-FOR-US: Schneider Electric
CVE-2025-53642 (haxcms-nodejs and haxcms-php are backends for HAXcms. The logout funct ...)
NOT-FOR-US: HAXcms
@@ -281,15 +389,15 @@ CVE-2025-52089 (A hidden remote support feature protected by a static secret in
NOT-FOR-US: TOTOLINK
CVE-2025-51591 (A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attac ...)
TODO: check
-CVE-2025-50125 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+CVE-2025-50125 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50124 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
+CVE-2025-50124 (A CWE-269: Improper Privilege Management vulnerability exists tha ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50123 (CWE-94: Improper Control of Generation of Code ('Code Injection') vuln ...)
+CVE-2025-50123 (A CWE-94: Improper Control of Generation of Code ('Code Injection') v ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50122 (CWE-331: Insufficient Entropy vulnerability exists that could cause ro ...)
+CVE-2025-50122 (ACWE-331: Insufficient Entropy vulnerability exists that could cause r ...)
NOT-FOR-US: Schneider Electric
-CVE-2025-50121 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
+CVE-2025-50121 (ACWE-78: Improper Neutralization of Special Elements used in an OS Com ...)
NOT-FOR-US: Schneider Electric
CVE-2025-47964 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -2878,19 +2986,19 @@ CVE-2025-49087
[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md
-CVE-2025-6491 [NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix]
+CVE-2025-6491 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x
NOTE: Fixed by: https://github.com/php/php-src/commit/9cb3d8d200f0c822b17bda35a2a67a97b039d3e1 (php-8.1.33)
-CVE-2025-1220 [Null byte termination in hostnames]
+CVE-2025-1220 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r
NOTE: Fixed by: https://github.com/php/php-src/commit/cac8f7f1cf4939f55f06b68120040f057682d89c (php-8.1.33)
-CVE-2025-1735 [pgsql extension does not check for errors during escaping]
+CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d386d4e927014a6f7f6828fd45e4038f07f15bd1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d386d4e927014a6f7f6828fd45e4038f07f15bd1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250714/7eb910cd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list