[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 21 21:13:04 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e923b07 by security tracker role at 2025-07-21T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,393 @@
+CVE-2025-7962 (In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by util ...)
+ TODO: check
+CVE-2025-7938 (A vulnerability was found in jerryshensjf JPACookieShop \u86cb\u7cd5\u ...)
+ TODO: check
+CVE-2025-7936 (A vulnerability has been found in fuyang_lipengjun platform up to ca9a ...)
+ TODO: check
+CVE-2025-7935 (A vulnerability, which was classified as critical, was found in fuyang ...)
+ TODO: check
+CVE-2025-7934 (A vulnerability, which was classified as critical, has been found in f ...)
+ TODO: check
+CVE-2025-7933 (A vulnerability classified as critical was found in Campcodes Sales an ...)
+ TODO: check
+CVE-2025-7932 (A vulnerability classified as critical has been found in D-Link DIR\u2 ...)
+ TODO: check
+CVE-2025-7931 (A vulnerability was found in code-projects Church Donation System 1.0. ...)
+ TODO: check
+CVE-2025-7930 (A vulnerability was found in code-projects Church Donation System 1.0. ...)
+ TODO: check
+CVE-2025-7929 (A vulnerability was found in code-projects Church Donation System 1.0. ...)
+ TODO: check
+CVE-2025-7928 (A vulnerability was found in code-projects Church Donation System 1.0 ...)
+ TODO: check
+CVE-2025-7927 (A vulnerability has been found in PHPGurukul Online Banquet Booking Sy ...)
+ TODO: check
+CVE-2025-7926 (A vulnerability, which was classified as problematic, was found in PHP ...)
+ TODO: check
+CVE-2025-7925 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-7924 (A vulnerability classified as problematic was found in PHPGurukul Onli ...)
+ TODO: check
+CVE-2025-7717 (Missing Authorization vulnerability in Drupal File Download allows For ...)
+ TODO: check
+CVE-2025-7716 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-7715 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-7624 (An SQL injection vulnerability in the legacy (transparent) SMTP proxy ...)
+ TODO: check
+CVE-2025-7393 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2025-7392 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-7382 (A command injection vulnerability in WebAdmin of Sophos Firewall versi ...)
+ TODO: check
+CVE-2025-7325 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7324 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7323 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7322 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7321 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7320 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7319 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7318 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7317 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7316 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7315 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7314 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7313 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7312 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7311 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7310 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7309 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7308 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7307 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7306 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7305 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7304 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7303 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7302 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7301 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7300 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7299 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7298 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7297 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7296 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7295 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7294 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7293 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7292 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7291 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7290 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7289 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7288 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7287 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7286 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7285 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7284 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7283 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7282 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7281 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7280 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7279 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7278 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7277 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7276 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7275 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7274 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7273 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7272 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7271 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7270 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7269 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7268 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7267 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7266 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7265 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7264 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7263 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7262 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7261 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7260 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote ...)
+ TODO: check
+CVE-2025-7258 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote ...)
+ TODO: check
+CVE-2025-7257 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7256 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7255 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7254 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7253 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7252 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7251 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7250 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7249 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7248 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7247 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7246 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7244 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7243 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7242 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote C ...)
+ TODO: check
+CVE-2025-7241 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7240 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7239 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7238 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote ...)
+ TODO: check
+CVE-2025-7237 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7236 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Co ...)
+ TODO: check
+CVE-2025-7235 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote ...)
+ TODO: check
+CVE-2025-7234 (IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote ...)
+ TODO: check
+CVE-2025-7233 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Informat ...)
+ TODO: check
+CVE-2025-7231 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+ TODO: check
+CVE-2025-7230 (INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution ...)
+ TODO: check
+CVE-2025-7229 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+ TODO: check
+CVE-2025-7228 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+ TODO: check
+CVE-2025-7227 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+ TODO: check
+CVE-2025-7226 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Executio ...)
+ TODO: check
+CVE-2025-7225 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Executio ...)
+ TODO: check
+CVE-2025-7224 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Executio ...)
+ TODO: check
+CVE-2025-7223 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Executio ...)
+ TODO: check
+CVE-2025-7222 (Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execut ...)
+ TODO: check
+CVE-2025-6704 (An arbitrary file writing vulnerability in the Secure PDF eXchange (SP ...)
+ TODO: check
+CVE-2025-6235 (In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnera ...)
+ TODO: check
+CVE-2025-5681 (Authorization Bypass Through User-Controlled Key vulnerability in Turt ...)
+ TODO: check
+CVE-2025-54121 (Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface ...)
+ TODO: check
+CVE-2025-54082 (marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nov ...)
+ TODO: check
+CVE-2025-54071 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
+ TODO: check
+CVE-2025-52575 (EspoCRM is an Open Source CRM (Customer Relationship Management) softw ...)
+ TODO: check
+CVE-2025-52374 (Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8 ...)
+ TODO: check
+CVE-2025-52373 (Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8. ...)
+ TODO: check
+CVE-2025-52372 (An issue in hMailServer v.5.8.6 allows a local attacker to obtain sens ...)
+ TODO: check
+CVE-2025-52362 (Server-Side Request Forgery (SSRF) vulnerability exists in the URL pro ...)
+ TODO: check
+CVE-2025-51869 (Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 20 ...)
+ TODO: check
+CVE-2025-51868 (Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.d ...)
+ TODO: check
+CVE-2025-51403 (A stored cross-site scripting (XSS) vulnerability in the department as ...)
+ TODO: check
+CVE-2025-51401 (A stored cross-site scripting (XSS) vulnerability in the chat transfer ...)
+ TODO: check
+CVE-2025-51400 (A stored cross-site scripting (XSS) vulnerability in the Personal Cann ...)
+ TODO: check
+CVE-2025-51398 (A stored cross-site scripting (XSS) vulnerability in the Facebook regi ...)
+ TODO: check
+CVE-2025-51397 (A stored cross-site scripting (XSS) vulnerability in the Facebook Chat ...)
+ TODO: check
+CVE-2025-51396 (A stored cross-site scripting (XSS) vulnerability in Live Helper Chat ...)
+ TODO: check
+CVE-2025-50151 (File access paths in configuration files uploaded by users with admini ...)
+ TODO: check
+CVE-2025-4130 (Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allo ...)
+ TODO: check
+CVE-2025-4129 (Authorization Bypass Through User-Controlled Key vulnerability in PAVO ...)
+ TODO: check
+CVE-2025-4040 (Authorization Bypass Through User-Controlled Key vulnerability in Turp ...)
+ TODO: check
+CVE-2025-49656 (Users with administrator access can create databases files outside the ...)
+ TODO: check
+CVE-2025-46123 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-46122 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-46121 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.14. ...)
+ TODO: check
+CVE-2025-46119 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-46118 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-46117 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-46116 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
+ TODO: check
+CVE-2025-44658 (In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability ...)
+ TODO: check
+CVE-2025-44657 (In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in t ...)
+ TODO: check
+CVE-2025-44655 (In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_ ...)
+ TODO: check
+CVE-2025-44654 (In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled i ...)
+ TODO: check
+CVE-2025-44653 (In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option is set to ...)
+ TODO: check
+CVE-2025-44652 (In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 ...)
+ TODO: check
+CVE-2025-44651 (In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 i ...)
+ TODO: check
+CVE-2025-44650 (In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USER ...)
+ TODO: check
+CVE-2025-44649 (In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b0 ...)
+ TODO: check
+CVE-2025-44647 (In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_us ...)
+ TODO: check
+CVE-2025-43977 (The com.skt.prod.dialer application through 12.5.0 for Android enables ...)
+ TODO: check
+CVE-2025-43976 (The com.enflick.android.tn2ndLine application through 24.17.1.0 for An ...)
+ TODO: check
+CVE-2025-43720 (Headwind MDM before 5.33.1 makes configuration details accessible to u ...)
+ TODO: check
+CVE-2025-41681 (A high privileged remote attacker can gain persistent XSS via POST req ...)
+ TODO: check
+CVE-2025-41679 (An unauthenticated remote attacker could exploit a buffer overflow vul ...)
+ TODO: check
+CVE-2025-41678 (A high privileged remote attacker can alter the configuration database ...)
+ TODO: check
+CVE-2025-41677 (A high privileged remote attacker can exhaust critical system resource ...)
+ TODO: check
+CVE-2025-41676 (A high privileged remote attacker can exhaust critical system resource ...)
+ TODO: check
+CVE-2025-41675 (A high privileged remote attacker can execute arbitrary system command ...)
+ TODO: check
+CVE-2025-41674 (A high privileged remote attacker can execute arbitrary system command ...)
+ TODO: check
+CVE-2025-41673 (A high privileged remote attacker can execute arbitrary system command ...)
+ TODO: check
+CVE-2025-41459 (Insufficient protection against brute-force and runtime manipulation i ...)
+ TODO: check
+CVE-2025-41458 (Unencrypted storage in the database in Two App Studio Journey v5.5.9 f ...)
+ TODO: check
+CVE-2025-41100 (Incorrect authentication vulnerability in ParkingDoor. Through this vu ...)
+ TODO: check
+CVE-2025-36846 (An issue was discovered in Eveo URVE Web Manager 27.02.2025. The appli ...)
+ TODO: check
+CVE-2025-36845 (An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpo ...)
+ TODO: check
+CVE-2025-36603 (Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of ...)
+ TODO: check
+CVE-2025-36107 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow mal ...)
+ TODO: check
+CVE-2025-36106 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow mal ...)
+ TODO: check
+CVE-2025-36062 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vuln ...)
+ TODO: check
+CVE-2025-36057 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable ...)
+ TODO: check
+CVE-2025-32744 (Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of F ...)
+ TODO: check
+CVE-2025-30477 (Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a ...)
+ TODO: check
+CVE-2025-30192 (An attacker spoofing answers to ECS enabled requests sent out by the R ...)
+ TODO: check
+CVE-2025-2301 (Authorization Bypass Through User-Controlled Key vulnerability in Akbi ...)
+ TODO: check
+CVE-2025-1469 (Authorization Bypass Through User-Controlled Key vulnerability in Turt ...)
+ TODO: check
+CVE-2024-6107 (Due to insufficient verification, an attacker could use a malicious cl ...)
+ TODO: check
+CVE-2024-55040 (Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring Sys ...)
+ TODO: check
+CVE-2024-13974 (A business logic vulnerability in the Up2Date component of Sophos Fire ...)
+ TODO: check
+CVE-2024-13973 (A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall ...)
+ TODO: check
CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based Buffer Overf ...)
NOT-FOR-US: Askey
CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a Reflected ...)
@@ -619,7 +1009,7 @@ CVE-2025-50240 (nbcio-boot v1.0.3 was discovered to contain a SQL injection vuln
NOT-FOR-US: nbcio-boot
CVE-2025-4657 (A buffer overflow vulnerability was reported in the Lenovo Protection ...)
NOT-FOR-US: Lenovo
-CVE-2025-47189 (Netwrix Directory Manager through 2025-05-01 allows XSS.)
+CVE-2025-47189 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
NOT-FOR-US: Netwrix Directory Manager
CVE-2025-46102 (Cross Site Scripting vulnerability in Beakon Software Beakon Learning ...)
NOT-FOR-US: Beakon Software Beakon Learning Management System
@@ -2348,6 +2738,7 @@ CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it ea
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection vulne ...)
NOT-FOR-US: Headlamp
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1109113)
- tomcat10 <unfixed> (bug #1109114)
- tomcat9 9.0.70-2
@@ -2372,6 +2763,7 @@ CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and b
CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an Integer Overf ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1109111)
- tomcat10 <unfixed> (bug #1109112)
- tomcat9 9.0.70-2
@@ -2384,6 +2776,7 @@ CVE-2025-52473 (liboqs is a C-language cryptographic library that provides imple
NOTE: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm
NOTE: https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897 (0.14.0-rc1)
CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
+ {DLA-4244-1}
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018 (9.0.107)
@@ -5216,7 +5609,7 @@ CVE-2025-49005 (Next.js is a React framework for building full-stack web applica
CVE-2024-11937 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-53367 (DjVuLibre is a GPL implementation of DjVu, a web-centric format for di ...)
- {DSA-5960-1}
+ {DSA-5960-1 DLA-4247-1}
- djvulibre 3.5.28-2.1 (bug #1108729)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/03/1
NOTE: Fixed by: https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
@@ -6374,6 +6767,7 @@ CVE-2025-6855 (A vulnerability, which was classified as critical, has been found
CVE-2025-6854 (A vulnerability classified as problematic was found in chatchat-space ...)
NOT-FOR-US: Langchain-Chatchat
CVE-2025-5878 (A vulnerability was found in ESAPI esapi-java-legacy and classified as ...)
+ {DLA-4246-1}
- libowasp-esapi-java <unfixed> (bug #1109378)
[bookworm] - libowasp-esapi-java <no-dsa> (Minor issue)
NOTE: https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512 (esapi-2.7.0.0)
@@ -10979,6 +11373,7 @@ CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse untrus
[bullseye] - protobuf <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1108114)
- tomcat10 <unfixed> (bug #1108115)
- tomcat9 9.0.70-2
@@ -10993,6 +11388,7 @@ CVE-2025-49124 (Untrusted Search Path vulnerability in Apache Tomcat installer f
- tomcat9 <not-affected> (Windows-specific)
NOTE: https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv
CVE-2025-48988 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1108116)
- tomcat10 <unfixed> (bug #1108117)
- tomcat9 9.0.70-2
@@ -11002,6 +11398,7 @@ CVE-2025-48988 (Allocation of Resources Without Limits or Throttling vulnerabili
NOTE: https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42)
NOTE: https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106)
CVE-2025-48976 (Allocation of resources for multipart headers with insufficient limits ...)
+ {DLA-4245-1 DLA-4244-1}
- libcommons-fileupload-java <unfixed> (bug #1108120)
[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
- tomcat11 <unfixed> (bug #1108118)
@@ -15535,6 +15932,7 @@ CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR REST API and related serv
CVE-2025-46722 (vLLM is an inference and serving engine for large language models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1106821)
- tomcat10 <unfixed> (bug #1106820)
- tomcat9 9.0.70-2
@@ -26061,6 +26459,7 @@ CVE-2025-32471 (The device\u2019s passwords have not been adequately salted, mak
CVE-2025-32470 (A remote unauthenticated attacker may be able to change the IP adress ...)
NOT-FOR-US: SICK AG
CVE-2025-31651 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
+ {DLA-4244-1}
- tomcat11 11.0.6-1
- tomcat10 10.1.40-1
- tomcat9 9.0.70-2
@@ -26070,6 +26469,7 @@ CVE-2025-31651 (Improper Neutralization of Escape, Meta, or Control Sequences vu
NOTE: Fixed by: https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454 (9.0.104)
NOTE: Fixed by: https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64 (9.0.104)
CVE-2025-31650 (Improper Input Validation vulnerability in Apache Tomcat. Incorrect er ...)
+ {DLA-4244-1}
- tomcat11 11.0.6-1
- tomcat10 10.1.40-1
- tomcat9 9.0.70-2
@@ -51561,7 +51961,7 @@ CVE-2025-25354 (A SQL Injection was found in /admin/admin-profile.php in PHPGuru
NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25352 (A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGu ...)
NOT-FOR-US: Phpgurukul Land Record System
-CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in version 1.8.0 ...)
+CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 ...)
NOT-FOR-US: Lakeus MediaWiki skin
CVE-2025-24904 (libsignal-service-rs is a Rust version of the libsignal-service-java l ...)
NOT-FOR-US: libsignal-service-rs
@@ -68290,7 +68690,7 @@ CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200
CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore Managemen ...)
NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples web ap ...)
- {DSA-5845-1}
+ {DSA-5845-1 DLA-4244-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -99103,7 +99503,7 @@ CVE-2024-8136 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: SourceCodester Record Management System
CVE-2024-8135 (A vulnerability classified as critical has been found in Go-Tribe gotr ...)
NOT-FOR-US: Go-Tribe gotribe
-CVE-2024-45244 (Hyperledger Fabric through 2.5.9 does not verify that a request has a ...)
+CVE-2024-45244 (Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify ...)
NOT-FOR-US: Hyperledger Fabric
CVE-2024-45240 (The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 fo ...)
NOT-FOR-US: TikTok (aka com.zhiliaoapp.musically) application
@@ -112520,7 +112920,7 @@ CVE-2024-38286 (Allocation of Resources Without Limits or Throttling vulnerabili
NOTE: https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13 (9.0.90)
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
- {DSA-5845-1}
+ {DSA-5845-1 DLA-4244-1}
- tomcat10 10.1.25-1
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
@@ -221158,7 +221558,7 @@ CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowe ...)
NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
- {DSA-5522-1 DLA-3617-1}
+ {DSA-5522-1 DLA-4245-1 DLA-3617-1}
- tomcat10 10.1.5-1
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <postponed> (Minor issue, fix along with future update)
@@ -300996,6 +301396,7 @@ CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs
CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
NOT-FOR-US: Shopware
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
+ {DLA-4246-1}
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
[buster] - libowasp-esapi-java <no-dsa> (Minor issue)
[stretch] - libowasp-esapi-java <no-dsa> (Minor issue)
@@ -306210,6 +306611,7 @@ CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in
CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions prior ...)
NOT-FOR-US: Toast UI Grid
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
+ {DLA-4246-1}
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
[buster] - libowasp-esapi-java <no-dsa> (Minor issue)
[stretch] - libowasp-esapi-java <no-dsa> (Minor issue)
@@ -306928,6 +307330,7 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a seg
NOTE: https://github.com/gpac/gpac/issues/2039
NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba (v2.0.0)
CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in all ...)
+ {DLA-4247-1}
- djvulibre 3.5.28-2.2 (bug #1052669)
[bookworm] - djvulibre <ignored> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
@@ -306941,6 +307344,7 @@ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v
NOTE: https://github.com/gpac/gpac/issues/2038
NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 (v2.0.0)
CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows at ...)
+ {DLA-4247-1}
- djvulibre 3.5.28-2.2 (bug #1052668)
[bookworm] - djvulibre <ignored> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
@@ -398085,8 +398489,8 @@ CVE-2020-26801 (A stored cross-site scripting (XSS) vulnerability was discovered
NOT-FOR-US: TrippLite
CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version <= ...)
NOT-FOR-US: Aleth Ethereum
-CVE-2020-26799
- RESERVED
+CVE-2020-26799 (A reflected cross-site scripting (XSS) vulnerability was discovered in ...)
+ TODO: check
CVE-2020-26798
RESERVED
CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e923b076de03f614b4707c275fe9e0b65cf8f8a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e923b076de03f614b4707c275fe9e0b65cf8f8a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250721/ea2efe7b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list