[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1cf51c1b by security tracker role at 2025-07-20T08:12:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2025-7877 (A vulnerability, which was classified as critical, has been found in M ...)
+	TODO: check
+CVE-2025-7876 (A vulnerability classified as critical was found in Metasoft \u7f8e\u7 ...)
+	TODO: check
+CVE-2025-7875 (A vulnerability classified as critical has been found in Metasoft \u7f ...)
+	TODO: check
+CVE-2025-7874 (A vulnerability was found in Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM ...)
+	TODO: check
+CVE-2025-7873 (A vulnerability was found in Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM ...)
+	TODO: check
+CVE-2025-7872 (A vulnerability was found in Portabilis i-Diario 1.5.0 and classified  ...)
+	TODO: check
+CVE-2025-7871 (A vulnerability has been found in Portabilis i-Diario 1.5.0 and classi ...)
+	TODO: check
+CVE-2025-7870 (A vulnerability, which was classified as problematic, was found in Por ...)
+	TODO: check
+CVE-2025-7869 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-7868 (A vulnerability classified as problematic was found in Portabilis i-Ed ...)
+	TODO: check
+CVE-2025-7867 (A vulnerability classified as problematic has been found in Portabilis ...)
+	TODO: check
+CVE-2025-7866 (A vulnerability was found in Portabilis i-Educar 2.9.0. It has been ra ...)
+	TODO: check
+CVE-2025-7865 (A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has bee ...)
+	TODO: check
+CVE-2025-7864 (A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has bee ...)
+	TODO: check
+CVE-2025-7863 (A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classif ...)
+	TODO: check
+CVE-2025-7862 (A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 an ...)
+	TODO: check
+CVE-2025-7861 (A vulnerability, which was classified as critical, was found in code-p ...)
+	TODO: check
+CVE-2025-7860 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2025-7859 (A vulnerability classified as critical was found in code-projects Chur ...)
+	TODO: check
+CVE-2025-7858 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+	TODO: check
+CVE-2025-7857 (A vulnerability was found in PHPGurukul Apartment Visitors Management  ...)
+	TODO: check
+CVE-2025-7856 (A vulnerability was found in PHPGurukul Apartment Visitors Management  ...)
+	TODO: check
+CVE-2025-7855 (A vulnerability classified as critical was found in Tenda FH451 1.0.0. ...)
+	TODO: check
+CVE-2025-7854 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
+	TODO: check
+CVE-2025-54314 (Thor before 1.4.0 can construct an unsafe shell command from library i ...)
+	TODO: check
+CVE-2025-53770 (Deserialization of untrusted data in on-premises Microsoft SharePoint  ...)
+	TODO: check
 CVE-2025-XXXX [exposes .zip passwords while (un)archiving]
 	- krusader <unfixed> (bug #1108942)
 CVE-2025-7853 (A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as ...)
@@ -14060,6 +14112,7 @@ CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version
 CVE-2025-30415 (Denial of service due to improper handling of malformed input. The fol ...)
 	NOT-FOR-US: Acronis
 CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1107519)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-2336
@@ -25577,6 +25630,7 @@ CVE-2025-1551 (IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, an
 CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
 	NOT-FOR-US: huggingface/transformers
 CVE-2025-0716 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1104485)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-0716
@@ -96047,11 +96101,13 @@ CVE-2024-8604 (A vulnerability classified as problematic has been found in Sourc
 CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software versions p ...)
 	NOT-FOR-US: TechExcel Back Office Software
 CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in <sourc ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1088805)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8373
 	NOTE: PoC: https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
 CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in Angula ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1088804)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8372
@@ -157962,6 +158018,7 @@ CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy wil
 CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framework wri ...)
 	NOT-FOR-US: nonebot2
 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1088803)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <postponed> (Fix along with the next DLA)
@@ -217325,18 +217382,21 @@ CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HT
 CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
 	NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
 CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1036694)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
 	NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
 CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1036694)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
 	NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
 CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular  ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1036694)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <no-dsa> (Minor issue)
@@ -297766,6 +297826,7 @@ CVE-2022-25846
 CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...)
 	NOT-FOR-US: com.alibaba:fastjson
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
+	{DLA-4242-1}
 	- angular.js 1.8.3-2 (bug #1014779)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <not-affected> (vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf51c1b9970cb6f0868bb684a2032d06840bcf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf51c1b9970cb6f0868bb684a2032d06840bcf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250720/cabf21cb/attachment.htm>