[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 19 09:12:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
764f8816 by security tracker role at 2025-07-19T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,178 @@
-CVE-2025-38350 [net/sched: Always pass notifications when child class becomes empty]
+CVE-2025-7814 (A vulnerability classified as critical was found in code-projects Food ...)
+	TODO: check
+CVE-2025-7807 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-7806 (A vulnerability classified as critical was found in Tenda FH451 1.0.0. ...)
+	TODO: check
+CVE-2025-7805 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
+	TODO: check
+CVE-2025-7803 (A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec ...)
+	TODO: check
+CVE-2025-7802 (A vulnerability was found in PHPGurukul Complaint Management System 2. ...)
+	TODO: check
+CVE-2025-7801 (A vulnerability has been found in BossSoft CRM 6.0 and classified as c ...)
+	TODO: check
+CVE-2025-7800 (A vulnerability classified as problematic was found in cgpandey hotelm ...)
+	TODO: check
+CVE-2025-7798 (A vulnerability classified as critical has been found in Beijing Shenz ...)
+	TODO: check
+CVE-2025-7797 (A vulnerability was found in GPAC up to 2.4. It has been rated as prob ...)
+	TODO: check
+CVE-2025-7796 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2025-7795 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-7794 (A vulnerability classified as critical was found in Tenda FH451 1.0.0. ...)
+	TODO: check
+CVE-2025-7793 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
+	TODO: check
+CVE-2025-7792 (A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as ...)
+	TODO: check
+CVE-2025-7791 (A vulnerability was found in PHPGurukul Online Security Guards Hiring  ...)
+	TODO: check
+CVE-2025-7790 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been cl ...)
+	TODO: check
+CVE-2025-7789 (A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classifie ...)
+	TODO: check
+CVE-2025-7788 (A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and clas ...)
+	TODO: check
+CVE-2025-7787 (A vulnerability, which was classified as critical, was found in Xuxuel ...)
+	TODO: check
+CVE-2025-7786 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-7785 (A vulnerability classified as problematic was found in thinkgem JeeSit ...)
+	TODO: check
+CVE-2025-7784 (A flaw was found in the Keycloak identity and access management system ...)
+	TODO: check
+CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data allows  ...)
+	TODO: check
+CVE-2025-7697 (The Integration for Google Sheets and Contact Form 7, WPForms, Element ...)
+	TODO: check
+CVE-2025-7696 (The Integration for Pipedrive and Contact Form 7, WPForms, Elementor,  ...)
+	TODO: check
+CVE-2025-7669 (The Avishi WP PayPal Payment Button plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-7661 (The Partnersk\xfd syst\xe9m Martinus plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2025-7658 (The Temporarily Hidden Content plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-7655 (The Live Stream Badger plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2025-7653 (The EPay.bg Payments plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-7444 (The LoginPress Pro plugin for WordPress is vulnerable to authenticatio ...)
+	TODO: check
+CVE-2025-7396 (In wolfSSL release 5.8.2 blinding support is turned on by default for  ...)
+	TODO: check
+CVE-2025-7395 (A certificate verification error in wolfSSL when building with the WOL ...)
+	TODO: check
+CVE-2025-7394 (In the OpenSSL compatibility layer implementation, the function RAND_p ...)
+	TODO: check
+CVE-2025-6721 (The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized ac ...)
+	TODO: check
+CVE-2025-6720 (The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized lo ...)
+	TODO: check
+CVE-2025-6233 (Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5 ...)
+	TODO: check
+CVE-2025-6227 (Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negoti ...)
+	TODO: check
+CVE-2025-6226 (Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7 ...)
+	TODO: check
+CVE-2025-54309 (CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy  ...)
+	TODO: check
+CVE-2025-54079 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-54078 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-54077 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-54076 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-54075 (MDC is a tool to take regular Markdown and write documents interacting ...)
+	TODO: check
+CVE-2025-54073 (mcp-package-docs is an MCP (Model Context Protocol) server that provid ...)
+	TODO: check
+CVE-2025-54059 (melange allows users to build apk packages using declarative pipelines ...)
+	TODO: check
+CVE-2025-53945 (apko allows users to build and publish OCI container images built from ...)
+	TODO: check
+CVE-2025-53901 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0. ...)
+	TODO: check
+CVE-2025-53888 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
+CVE-2025-53762 (Permissive list of allowed inputs in Microsoft Purview allows an autho ...)
+	TODO: check
+CVE-2025-52924 (In One Identity OneLogin before 2025.2.0, the SQL connection "applicat ...)
+	TODO: check
+CVE-2025-52169 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovere ...)
+	TODO: check
+CVE-2025-52168 (Incorrect access control in the dynawebservice component of agorum Sof ...)
+	TODO: check
+CVE-2025-52166 (Incorrect access control in Software GmbH Agorum core open v11.9.2 & v ...)
+	TODO: check
+CVE-2025-52164 (Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to st ...)
+	TODO: check
+CVE-2025-52163 (A Server-Side Request Forgery (SSRF) in the component TunnelServlet of ...)
+	TODO: check
+CVE-2025-52162 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovere ...)
+	TODO: check
+CVE-2025-50708 (An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to o ...)
+	TODO: check
+CVE-2025-50586 (StudentManage v1.0 was discovered to contain Cross-Site Request Forger ...)
+	TODO: check
+CVE-2025-50585 (StudentManage v1.0 was discovered to contain a SQL injection vulnerabi ...)
+	TODO: check
+CVE-2025-50584 (StudentManage v1.0 was discovered to contain a cross-site scripting (X ...)
+	TODO: check
+CVE-2025-50583 (StudentManage v1.0 was discovered to contain a cross-site scripting (X ...)
+	TODO: check
+CVE-2025-50582 (StudentManage v1.0 was discovered to contain a cross-site scripting (X ...)
+	TODO: check
+CVE-2025-50581 (MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vu ...)
+	TODO: check
+CVE-2025-50126 (A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joom ...)
+	TODO: check
+CVE-2025-50058 (A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 J ...)
+	TODO: check
+CVE-2025-50057 (A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was dis ...)
+	TODO: check
+CVE-2025-50056 (A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 2 ...)
+	TODO: check
+CVE-2025-49747 (Missing authorization in Azure Machine Learning allows an authorized a ...)
+	TODO: check
+CVE-2025-49746 (Improper authorization in Azure Machine Learning allows an authorized  ...)
+	TODO: check
+CVE-2025-49486 (A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 f ...)
+	TODO: check
+CVE-2025-49485 (A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1. ...)
+	TODO: check
+CVE-2025-49484 (A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4 ...)
+	TODO: check
+CVE-2025-47995 (Weak authentication in Azure Machine Learning allows an authorized att ...)
+	TODO: check
+CVE-2025-47158 (Authentication bypass by assumed-immutable data in Azure DevOps allows ...)
+	TODO: check
+CVE-2025-46732 (OpenCTI is an open source platform for managing cyber threat intellige ...)
+	TODO: check
+CVE-2025-46002 (An issue in Filemanager v2.5.0 and below allows attackers to execute a ...)
+	TODO: check
+CVE-2025-46001 (An arbitrary file upload vulnerability in the is_allowed_file_type() f ...)
+	TODO: check
+CVE-2025-46000 (An arbitrary file upload vulnerability in the component /rsc/filemanag ...)
+	TODO: check
+CVE-2025-45157 (Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers ...)
+	TODO: check
+CVE-2025-45156 (Splashin iOS v2.0 fails to enforce server-side interval restrictions f ...)
+	TODO: check
+CVE-2025-33014 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
+	TODO: check
+CVE-2025-2425 (Time-of-check to time-of-use race condition vulnerability potentially  ...)
+	TODO: check
+CVE-2025-29757 (An incorrect authorisation check in the the'plant transfer' function o ...)
+	TODO: check
+CVE-2024-13175 (Authorization Bypass Through User-Controlled Key vulnerability in Vidc ...)
+	TODO: check
+CVE-2025-38350 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.12.37-1
 	NOTE: https://git.kernel.org/linus/103406b38c600fec1fe375a77b27d87e314aea09 (6.16-rc5)
 CVE-2025-7772 (The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Re ...)
@@ -637,10 +811,10 @@ CVE-2025-40923 (Plack-Middleware-Session before version 0.35 for Perl generates
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/31223483/
 	NOTE: https://github.com/plack/Plack-Middleware-Session/pull/52
 	NOTE: https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be (0.35)
-CVE-2025-27210
+CVE-2025-27210 (An incomplete fix has been identified for CVE-2025-23084 in Node.js, s ...)
 	- nodejs <not-affected> (Only affects Windows)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2025-security-releases#windows-device-names-con-prn-aux-bypass-path-traversal-protection-in-pathnormalize-cve-2025-27210---high
-CVE-2025-27209
+CVE-2025-27209 (The V8 release used in Node.js v24.0.0 has changed how string hashes a ...)
 	- nodejs <not-affected> (Only affects Node 24)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2025-security-releases#hashdos-in-v8-cve-2025-27209---high
 CVE-2025-7673 (A buffer overflow vulnerability in the URL parser of the zhttpd web se ...)
@@ -3952,7 +4126,7 @@ CVE-2024-25176 (LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnu
 	NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc (v2.1)
 CVE-2023-51232 (Directory Traversal vulnerability in dagster-webserver Dagster thru 1. ...)
 	NOT-FOR-US: dagster-webserver Dagster
-CVE-2025-54310 [RSS/SEARCH: Prevent opening local files if web page is expected]
+CVE-2025-54310 (qBittorrent before 5.1.2 does not prevent access to a local file that  ...)
 	- qbittorrent 5.1.0-2 (bug #1108843)
 	[bookworm] - qbittorrent <no-dsa> (Minor issue)
 	[bullseye] - qbittorrent <postponed> (Minor issue)
@@ -57313,7 +57487,8 @@ CVE-2025-0509 (A security issue was found in Sparkle before version 2.6.4. An at
 	- openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
 CVE-2025-23237 (Improper neutralization of special elements used in an OS command ('OS ...)
 	NOT-FOR-US: UD-LT2 firmware
-CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
+CVE-2025-23090
+	REJECTED
 	TODO: Duplicate of CVE-2025-23083, verify it with CNA, CNA contacted for rejection
 CVE-2025-23089
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764f8816b00e7285c4f63925857dfd5e1d97e8e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764f8816b00e7285c4f63925857dfd5e1d97e8e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250719/08a1f95a/attachment.htm>

More information about the debian-security-tracker-commits mailing list