[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 14 21:13:12 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b90f3cff by security tracker role at 2025-07-14T20:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2025-7628 (A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fb ...)
+ TODO: check
+CVE-2025-7627 (A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fb ...)
+ TODO: check
+CVE-2025-7626 (A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up t ...)
+ TODO: check
+CVE-2025-7625 (A vulnerability, which was classified as critical, was found in YiJiuS ...)
+ TODO: check
+CVE-2025-7618 (A stored Cross-Site Scripting (XSS) vulnerability vulnerability was fo ...)
+ TODO: check
+CVE-2025-7616 (A vulnerability, which was classified as critical, has been found in g ...)
+ TODO: check
+CVE-2025-7615 (A vulnerability classified as critical was found in TOTOLINK T6 4.1.5c ...)
+ TODO: check
+CVE-2025-7614 (A vulnerability classified as critical has been found in TOTOLINK T6 4 ...)
+ TODO: check
+CVE-2025-7613 (A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rate ...)
+ TODO: check
+CVE-2025-7612 (A vulnerability was found in code-projects Mobile Shop 1.0. It has bee ...)
+ TODO: check
+CVE-2025-7611 (A vulnerability was found in code-projects Wedding Reservation 1.0. It ...)
+ TODO: check
+CVE-2025-7610 (A vulnerability was found in code-projects Electricity Billing System ...)
+ TODO: check
+CVE-2025-7609 (A vulnerability has been found in code-projects Simple Shopping Cart 1 ...)
+ TODO: check
+CVE-2025-7608 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-7607 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7606 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-7605 (A vulnerability was found in code-projects AVL Rooms 1.0. It has been ...)
+ TODO: check
+CVE-2025-7604 (A vulnerability was found in PHPGurukul Hospital Management System 4.0 ...)
+ TODO: check
+CVE-2025-7603 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been cl ...)
+ TODO: check
+CVE-2025-7602 (A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified ...)
+ TODO: check
+CVE-2025-7601 (A vulnerability has been found in PHPGurukul Online Library Management ...)
+ TODO: check
+CVE-2025-7600 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-7599 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-7598 (A vulnerability classified as critical was found in Tenda AX1803 1.0.0 ...)
+ TODO: check
+CVE-2025-7597 (A vulnerability classified as critical has been found in Tenda AX1803 ...)
+ TODO: check
+CVE-2025-7596 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been ra ...)
+ TODO: check
+CVE-2025-7595 (A vulnerability was found in code-projects Job Diary 1.0. It has been ...)
+ TODO: check
+CVE-2025-7594 (A vulnerability was found in code-projects Job Diary 1.0. It has been ...)
+ TODO: check
+CVE-2025-7593 (A vulnerability was found in code-projects Job Diary 1.0 and classifie ...)
+ TODO: check
+CVE-2025-7592 (A vulnerability has been found in PHPGurukul Dairy Farm Shop Managemen ...)
+ TODO: check
+CVE-2025-7591 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-7590 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-7589 (A vulnerability classified as critical was found in PHPGurukul Dairy F ...)
+ TODO: check
+CVE-2025-7588 (A vulnerability classified as critical has been found in PHPGurukul Da ...)
+ TODO: check
+CVE-2025-7587 (A vulnerability was found in code-projects Online Appointment Booking ...)
+ TODO: check
+CVE-2025-7519 (A flaw was found in polkit. When processing an XML policy with 32 or m ...)
+ TODO: check
+CVE-2025-53689 (Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-cor ...)
+ TODO: check
+CVE-2025-53639 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
+ TODO: check
+CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make jobs ...)
+ TODO: check
+CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2025-53019 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2025-53015 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2025-53014 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2025-52363 (Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password h ...)
+ TODO: check
+CVE-2025-51660 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51659 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51658 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51657 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51656 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51655 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51654 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51653 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51652 (SemCms v5.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2025-51651 (An authenticated arbitrary file download vulnerability in the componen ...)
+ TODO: check
+CVE-2025-51650 (An arbitrary file upload vulnerability in the component /controller/Pi ...)
+ TODO: check
+CVE-2025-50756 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
+ TODO: check
+CVE-2025-27582 (The Secure Password extension in One Identity Password Manager before ...)
+ TODO: check
+CVE-2025-24391 (A vulnerability in the External Interface of OTRS allows conclusions t ...)
+ TODO: check
+CVE-2024-51770 (An information disclosure vulnerability exists in HPE AutoPass License ...)
+ TODO: check
+CVE-2024-51769 (An information disclosure vulnerability exists in HPE AutoPass License ...)
+ TODO: check
+CVE-2024-51768 (An hsqldb-related remote code execution vulnerability exists in HPE Au ...)
+ TODO: check
+CVE-2024-51767 (An authentication bypass vulnerability exists in HPE AutoPass License ...)
+ TODO: check
+CVE-2024-42649 (NanoMQ v0.22.10 was discovered to contain a memory leak which allows a ...)
+ TODO: check
+CVE-2024-42648 (NanoMQ v0.22.10 was discovered to contain a heap overflow which allows ...)
+ TODO: check
+CVE-2024-42646 (A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a De ...)
+ TODO: check
+CVE-2024-26293 (The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented ...)
+ TODO: check
+CVE-2024-26292 (An authenticated Arbitrary File Deletion vulnerability enables an atta ...)
+ TODO: check
+CVE-2024-26291 (An Unauthenticated Arbitrary File Read vulnerability affects the Agent ...)
+ TODO: check
CVE-2025-XXXX [uscan must not skip OpenPGP check after failed check in previous run]
- devscripts <unfixed> (bug #1109251)
CVE-2025-7620 (The cross-browser document creation component produced by Digitware Sy ...)
@@ -606,7 +742,7 @@ CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all versions
- gitlab <not-affected> (Specific to EE)
CVE-2025-5040 (A maliciously crafted RTE file, when parsed through Autodesk Revit, ca ...)
NOT-FOR-US: Autodesk
-CVE-2025-5037 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
+CVE-2025-5037 (A maliciously crafted RFA, RTE, or RVT file, when parsed through Autod ...)
NOT-FOR-US: Autodesk
CVE-2025-5023 (Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Cor ...)
NOT-FOR-US: Mitsubishi
@@ -62254,18 +62390,21 @@ CVE-2024-12996
CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerability ...)
+ {DLA-4241-1}
- ffmpeg 7:7.1.1-1
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf (master)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/c3c7ecfe48d464a0b06564f2e92504b1d9c91d69 (n7.1.1)
CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows unexpected addit ...)
+ {DLA-4241-1}
- ffmpeg 7:7.1.1-1
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 (master)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897 (n7.1.1)
CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows by ...)
+ {DLA-4241-1}
- ffmpeg <unfixed>
[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
@@ -63479,6 +63618,7 @@ CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This vulnerabi
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows po ...)
+ {DLA-4241-1}
- ffmpeg 7:7.1.1-1
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b90f3cffbbcc13799db8d44c6caf19ab8f6b2f59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b90f3cffbbcc13799db8d44c6caf19ab8f6b2f59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250714/6914e0e9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list