[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 15 21:12:49 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
24a43bb6 by security tracker role at 2025-07-15T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2025-7667 (The Restrict File Access plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2025-7657 (Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allo ...)
+ TODO: check
+CVE-2025-7656 (Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowe ...)
+ TODO: check
+CVE-2025-7042 (Use After Free vulnerability exists in the IPT file reading procedure ...)
+ TODO: check
+CVE-2025-6974 (Use of Uninitialized Variable vulnerability exists in the JT file read ...)
+ TODO: check
+CVE-2025-6973 (Use After Free vulnerability exists in the JT file reading procedure i ...)
+ TODO: check
+CVE-2025-6972 (Use After Free vulnerability exists in the CATPRODUCT file reading pro ...)
+ TODO: check
+CVE-2025-6971 (Use After Free vulnerability exists in the CATPRODUCT file reading pro ...)
+ TODO: check
+CVE-2025-6965 (There exists a vulnerability in SQLite versions before 3.50.2 where th ...)
+ TODO: check
+CVE-2025-6558 (Insufficient validation of untrusted input in ANGLE and GPU in Google ...)
+ TODO: check
+CVE-2025-53959 (In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.8619 ...)
+ TODO: check
+CVE-2025-53903 (The Scratch Channel is a news website that is under development as of ...)
+ TODO: check
+CVE-2025-53895 (ZITADEL is an open source identity management system. Starting in vers ...)
+ TODO: check
+CVE-2025-53893 (File Browser provides a file managing interface within a specified dir ...)
+ TODO: check
+CVE-2025-53826 (File Browser provides a file managing interface within a specified dir ...)
+ TODO: check
+CVE-2025-53622 (DSpace open source software is a repository application which provides ...)
+ TODO: check
+CVE-2025-53621 (DSpace open source software is a repository application which provides ...)
+ TODO: check
+CVE-2025-53032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-53031 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2025-53030 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53029 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53027 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53025 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53024 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-53023 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-52379 (Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below conta ...)
+ TODO: check
+CVE-2025-52378 (Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 ...)
+ TODO: check
+CVE-2025-52377 (Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Rout ...)
+ TODO: check
+CVE-2025-52376 (An authentication bypass vulnerability in the /web/um_open_telnet.cgi ...)
+ TODO: check
+CVE-2025-52082 (In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exis ...)
+ TODO: check
+CVE-2025-52081 (In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vuln ...)
+ TODO: check
+CVE-2025-52080 (In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vuln ...)
+ TODO: check
+CVE-2025-50819 (Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05 ...)
+ TODO: check
+CVE-2025-50108 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...)
+ TODO: check
+CVE-2025-50107 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ TODO: check
+CVE-2025-50106 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2025-50105 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ TODO: check
+CVE-2025-50104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50101 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50100 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50099 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50098 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50097 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50095 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50094 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50093 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50091 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50090 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2025-50089 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50088 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50086 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50085 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50083 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50082 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50081 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50080 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50077 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50076 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50073 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-50072 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-50071 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2025-50070 (Vulnerability in the JDBC component of Oracle Database Server. Suppor ...)
+ TODO: check
+CVE-2025-50069 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2025-50068 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-50067 (Vulnerability in Oracle Application Express (component: Strategic Plan ...)
+ TODO: check
+CVE-2025-50066 (Vulnerability in the Oracle Database Materialized View component of Or ...)
+ TODO: check
+CVE-2025-50065 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE ...)
+ TODO: check
+CVE-2025-50064 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-50063 (Vulnerability in Oracle Java SE (component: Install). Supported versi ...)
+ TODO: check
+CVE-2025-50062 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...)
+ TODO: check
+CVE-2025-50061 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2025-50060 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
+ TODO: check
+CVE-2025-50059 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2025-4369 (The Companion Auto Update plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-49830 (Conjur provides secrets management and application identity for infras ...)
+ TODO: check
+CVE-2025-49829 (Conjur provides secrets management and application identity for infras ...)
+ TODO: check
+CVE-2025-49828 (Conjur provides secrets management and application identity for infras ...)
+ TODO: check
+CVE-2025-49827 (Conjur provides secrets management and application identity for infras ...)
+ TODO: check
+CVE-2025-48795 (Apache CXF stores large stream based messages as temporary files on th ...)
+ TODO: check
+CVE-2025-41239 (VMware ESXi, Workstation, Fusion, and VMware Tools contains an informa ...)
+ TODO: check
+CVE-2025-41238 (VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerabi ...)
+ TODO: check
+CVE-2025-41237 (VMware ESXi,Workstation, and Fusioncontain an integer-underflow in VMC ...)
+ TODO: check
+CVE-2025-41236 (VMware ESXi, Workstation, and Fusion contain an integer-overflow vulne ...)
+ TODO: check
+CVE-2025-34116 (A remote command execution vulnerability exists in IPFire before versi ...)
+ TODO: check
+CVE-2025-34115 (An authenticated command injection vulnerability exists in OP5 Monitor ...)
+ TODO: check
+CVE-2025-34113 (An authenticated command injection vulnerability exists in Tiki Wiki C ...)
+ TODO: check
+CVE-2025-34112 (An authenticated multi-stage remote code execution vulnerability exist ...)
+ TODO: check
+CVE-2025-34111 (An unauthenticated arbitrary file upload vulnerability exists in Tiki ...)
+ TODO: check
+CVE-2025-34110 (A directory traversal vulnerability exists in ColoradoFTP Server \u226 ...)
+ TODO: check
+CVE-2025-34109 (PSEvents.exe in multiple Panda Security products runs hourly with SYST ...)
+ TODO: check
+CVE-2025-34108 (A stack-based buffer overflow vulnerability exists in the login functi ...)
+ TODO: check
+CVE-2025-34107 (A buffer overflow vulnerability exists in the WinaXe FTP Client versio ...)
+ TODO: check
+CVE-2025-34106 (A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and ...)
+ TODO: check
+CVE-2025-34105 (A stack-based buffer overflow vulnerability exists in the built-in web ...)
+ TODO: check
+CVE-2025-34104 (An authenticated remote code execution vulnerability exists in Piwik ( ...)
+ TODO: check
+CVE-2025-34103 (An unauthenticated command injection vulnerability exists in WePresent ...)
+ TODO: check
+CVE-2025-34068 (An unauthenticated remote command execution vulnerability exists in Sa ...)
+ TODO: check
+CVE-2025-33097 (IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-si ...)
+ TODO: check
+CVE-2025-30762 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-30760 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-30759 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2025-30758 (Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM ...)
+ TODO: check
+CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component: General). The ...)
+ TODO: check
+CVE-2025-30754 (Vulnerability in Oracle Java SE (component: JSSE). Supported versions ...)
+ TODO: check
+CVE-2025-30753 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-30752 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...)
+ TODO: check
+CVE-2025-30751 (Vulnerability in the Oracle Database component of Oracle Database Serv ...)
+ TODO: check
+CVE-2025-30750 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
+ TODO: check
+CVE-2025-30749 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2025-30748 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2025-30747 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2025-30746 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ TODO: check
+CVE-2025-30745 (Vulnerability in the Oracle MES for Process Manufacturing product of O ...)
+ TODO: check
+CVE-2025-30744 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...)
+ TODO: check
+CVE-2025-30743 (Vulnerability in the Oracle Lease and Finance Management product of Or ...)
+ TODO: check
+CVE-2025-30739 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2025-30483 (Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contai ...)
+ TODO: check
+CVE-2025-26186 (SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker ...)
+ TODO: check
+CVE-2025-24477 (A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 throug ...)
+ TODO: check
+CVE-2025-0831 (Out-Of-Bounds Read vulnerability exists in the JT file reading procedu ...)
+ TODO: check
+CVE-2024-42650 (NanoMQ 0.17.5 was discovered to contain a segmentation fault via the c ...)
+ TODO: check
CVE-2025-7672 (The improper default setting in JiranSoft CrossEditor4 on Windows, Lin ...)
NOT-FOR-US: JiranSoft CrossEditor4
CVE-2025-7367 (The Strong Testimonials plugin for WordPress is vulnerable to Stored C ...)
@@ -9287,7 +9549,7 @@ CVE-2025-6153 (A vulnerability has been found in PHPGurukul Hostel Management Sy
NOT-FOR-US: PHPGurukul
CVE-2025-6152 (A vulnerability, which was classified as critical, was found in Steel ...)
NOT-FOR-US: Steel Browser
-CVE-2025-6151 (A vulnerability, which was classified as critical, has been found in T ...)
+CVE-2025-6151 (A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N ...)
NOT-FOR-US: TP-Link
CVE-2025-6150 (A vulnerability classified as critical was found in TOTOLINK X15 1.0.0 ...)
NOT-FOR-US: TOTOLINK
@@ -35574,7 +35836,8 @@ CVE-2023-53003 (In the Linux kernel, the following vulnerability has been resolv
CVE-2023-53002 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/0220e4fe178c3390eb0291cdb34912d66972db8a (6.2-rc6)
-CVE-2023-53001 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+CVE-2023-53001
+ REJECTED
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/899d3a3c19ac0e5da013ce34833dccb97d19b5e4 (6.2-rc6)
CVE-2023-53000 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -196228,7 +196491,7 @@ CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's Repl
CVE-2023-34474 (A heap-based buffer overflow issue was discovered in ImageMagick's Rea ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10)
-CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...)
+CVE-2023-34488 (NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_h ...)
NOT-FOR-US: NanoMQ
CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services ...)
NOT-FOR-US: Apache NiFi
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24a43bb6d41804df0536ad4d49dca7a9d9e7bcac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24a43bb6d41804df0536ad4d49dca7a9d9e7bcac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250715/181e18d6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list