[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 22 21:12:43 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7284c182 by security tracker role at 2025-07-22T20:12:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,202 @@
-CVE-2025-38352 [posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()]
+CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 ...)
+	TODO: check
+CVE-2025-8018 (A vulnerability was found in code-projects Food Ordering Review System ...)
+	TODO: check
+CVE-2025-8017 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
+	TODO: check
+CVE-2025-8015 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+	TODO: check
+CVE-2025-7953 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-7952 (A vulnerability classified as critical was found in TOTOLINK T6 4.1.5c ...)
+	TODO: check
+CVE-2025-7951 (A vulnerability classified as problematic has been found in code-proje ...)
+	TODO: check
+CVE-2025-7950 (A vulnerability was found in code-projects Public Chat Room 1.0. It ha ...)
+	TODO: check
+CVE-2025-7949 (A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It ha ...)
+	TODO: check
+CVE-2025-7948 (A vulnerability classified as problematic was found in jshERP up to 3. ...)
+	TODO: check
+CVE-2025-7947 (A vulnerability classified as critical has been found in jshERP up to  ...)
+	TODO: check
+CVE-2025-7946 (A vulnerability was found in PHPGurukul Apartment Visitors Management  ...)
+	TODO: check
+CVE-2025-7945 (A vulnerability was found in D-Link DIR-513 up to 20190831. It has bee ...)
+	TODO: check
+CVE-2025-7944 (A vulnerability was found in PHPGurukul Taxi Stand Management System 1 ...)
+	TODO: check
+CVE-2025-7943 (A vulnerability was found in PHPGurukul Taxi Stand Management System 1 ...)
+	TODO: check
+CVE-2025-7942 (A vulnerability has been found in PHPGurukul Taxi Stand Management Sys ...)
+	TODO: check
+CVE-2025-7941 (A vulnerability, which was classified as problematic, was found in PHP ...)
+	TODO: check
+CVE-2025-7940 (A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on And ...)
+	TODO: check
+CVE-2025-7939 (A vulnerability was found in jerryshensjf JPACookieShop \u86cb\u7cd5\u ...)
+	TODO: check
+CVE-2025-7900 (The femanager extension for TYPO3 allows Insecure Direct Object Refere ...)
+	TODO: check
+CVE-2025-7899 (The powermail extension for TYPO3 allows Insecure Direct Object Refere ...)
+	TODO: check
+CVE-2025-7705 (: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, A ...)
+	TODO: check
+CVE-2025-7692 (The Orion Login with SMS plugin for WordPress is vulnerable to Authent ...)
+	TODO: check
+CVE-2025-7687 (The Latest Post Accordian Slider plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-7685 (The Like & Share My Site plugin for WordPress is vulnerable to Cross-S ...)
+	TODO: check
+CVE-2025-7645 (The Extensions For CF7 (Contact form 7 Database, Conditional Fields an ...)
+	TODO: check
+CVE-2025-7644 (The Pixel Gallery Addons for Elementor \u2013 Easy Grid, Creative Gall ...)
+	TODO: check
+CVE-2025-7495 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-7486 (The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-7427 (Uncontrolled Search Path Element in Arm Development Studio before 2025 ...)
+	TODO: check
+CVE-2025-7371 (Okta On-Premises Provisioning (OPP) agents log certain user data durin ...)
+	TODO: check
+CVE-2025-6831 (The User Registration plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-6741 (Improper access control in secure message component in Devolutions Ser ...)
+	TODO: check
+CVE-2025-6585 (The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct O ...)
+	TODO: check
+CVE-2025-6523 (Use of weak credentials in emergency authentication component in Devol ...)
+	TODO: check
+CVE-2025-6213 (The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Re ...)
+	TODO: check
+CVE-2025-6187 (The bSecure plugin for WordPress is vulnerable to Privilege Escalation ...)
+	TODO: check
+CVE-2025-6082 (The Birth Chart Compatibility plugin for WordPress is vulnerable to Fu ...)
+	TODO: check
+CVE-2025-5240 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2025-5042 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
+	TODO: check
+CVE-2025-54362
+	REJECTED
+CVE-2025-54361
+	REJECTED
+CVE-2025-54360
+	REJECTED
+CVE-2025-54359
+	REJECTED
+CVE-2025-54358
+	REJECTED
+CVE-2025-54357
+	REJECTED
+CVE-2025-54356
+	REJECTED
+CVE-2025-54355
+	REJECTED
+CVE-2025-54354
+	REJECTED
+CVE-2025-54134 (HAX CMS NodeJs allows users to manage their microsite universe with a  ...)
+	TODO: check
+CVE-2025-54129 (HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn  ...)
+	TODO: check
+CVE-2025-54128 (HAX CMS NodeJs allows users to manage their microsite universe with a  ...)
+	TODO: check
+CVE-2025-54127 (HAXcms with nodejs backend allows users to start the server in any HAX ...)
+	TODO: check
+CVE-2025-54122 (Manager-io/Manager is accounting software. A critical unauthenticated  ...)
+	TODO: check
+CVE-2025-53832 (Lara Translate MCP Server is a Model Context Protocol (MCP) Server for ...)
+	TODO: check
+CVE-2025-53528 (Cadwyn creates production-ready community-driven modern Stripe-like AP ...)
+	TODO: check
+CVE-2025-53472 (WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of spec ...)
+	TODO: check
+CVE-2025-52580 (Insertion of sensitive information into log file issue exists in "regi ...)
+	TODO: check
+CVE-2025-51867 (Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction A ...)
+	TODO: check
+CVE-2025-51865 (Ai2 playground web service (playground.allenai.org) LLM chat through 2 ...)
+	TODO: check
+CVE-2025-51864 (A reflected cross-site scripting (XSS) vulnerability exists in AIBOX L ...)
+	TODO: check
+CVE-2025-51863 (Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPT ...)
+	TODO: check
+CVE-2025-51862 (Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (tele ...)
+	TODO: check
+CVE-2025-51860 (Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26  ...)
+	TODO: check
+CVE-2025-51859 (Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025 ...)
+	TODO: check
+CVE-2025-51858 (Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai thr ...)
+	TODO: check
+CVE-2025-51482 (Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_to ...)
+	TODO: check
+CVE-2025-51481 (Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagste ...)
+	TODO: check
+CVE-2025-51480 (Path Traversal vulnerability in onnx.external_data_helper.save_externa ...)
+	TODO: check
+CVE-2025-51479 (Authorization bypass in update_user_group in onyx-dot-app Onyx Enterpr ...)
+	TODO: check
+CVE-2025-51475 (Arbitrary File Overwrite (AFO) in superagi.controllers.resources.uploa ...)
+	TODO: check
+CVE-2025-51472 (Code Injection in AgentTemplate.eval_agent_config in TransformerOptimu ...)
+	TODO: check
+CVE-2025-51471 (Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ol ...)
+	TODO: check
+CVE-2025-51464 (Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attack ...)
+	TODO: check
+CVE-2025-51463 (Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote att ...)
+	TODO: check
+CVE-2025-51459 (File Upload vulnerability in agent.hub.controller.refresh_plugins in e ...)
+	TODO: check
+CVE-2025-51458 (SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0. ...)
+	TODO: check
+CVE-2025-4295 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
+	TODO: check
+CVE-2025-4294 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-4285 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service (applicati ...)
+	TODO: check
+CVE-2025-48498 (A null pointer dereference vulnerability exists in the Distributed Tra ...)
+	TODO: check
+CVE-2025-46354 (A denial of service vulnerability exists in the Distributed Transactio ...)
+	TODO: check
+CVE-2025-46267 (Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If e ...)
+	TODO: check
+CVE-2025-36520 (A null pointer dereference vulnerability exists in the net_connectmsg  ...)
+	TODO: check
+CVE-2025-36512 (A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 d ...)
+	TODO: check
+CVE-2025-35966 (A null pointer dereference vulnerability exists in the CDB2SQLQUERY pr ...)
+	TODO: check
+CVE-2025-34143 (An authentication bypass vulnerability exists in ETQ Reliance on the C ...)
+	TODO: check
+CVE-2025-34142 (An XML External Entity (XXE) injection vulnerability exists in ETQ Rel ...)
+	TODO: check
+CVE-2025-34141 (A reflected cross-site scripting (XSS) vulnerability exists in ETQ Rel ...)
+	TODO: check
+CVE-2025-34140 (An authorization bypass vulnerability exists in ETQ Reliance (legacy C ...)
+	TODO: check
+CVE-2025-31513 (An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One  ...)
+	TODO: check
+CVE-2025-31512 (An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One  ...)
+	TODO: check
+CVE-2025-31511 (An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One  ...)
+	TODO: check
+CVE-2024-38335 (IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could ...)
+	TODO: check
+CVE-2015-10140 (The Ajax Load More plugin before 2.8.1.2 does not have authorisation i ...)
+	TODO: check
+CVE-2015-10137 (The Website Contact Form With File Upload plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2012-10020 (The FoxyPress plugin for WordPress is vulnerable to arbitrary file upl ...)
+	TODO: check
+CVE-2025-38352 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.12.35-1
 	NOTE: https://git.kernel.org/linus/f90fff1e152dedf52b932240ebbd670d83330eca (6.16-rc2)
 CVE-2025-7962 (In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by util ...)
@@ -304,7 +502,7 @@ CVE-2025-46122 (An issue was discovered in CommScope Ruckus Unleashed prior to 2
 	NOT-FOR-US: Ruckus
 CVE-2025-46121 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
 	NOT-FOR-US: Ruckus
-CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.14. ...)
+CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
 	NOT-FOR-US: Ruckus
 CVE-2025-46119 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
 	NOT-FOR-US: Ruckus
@@ -3343,7 +3541,7 @@ CVE-2025-53651 (Jenkins HTML Publisher Plugin 425 and earlier displays log messa
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-53650 (Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does ...)
 	NOT-FOR-US: Jenkins (core or plugin)
-CVE-2025-53645 (Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before  ...)
+CVE-2025-53645 (Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.1 ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-53620 (@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Serv ...)
 	NOT-FOR-US: @builder.io/qwik-city
@@ -3355,7 +3553,8 @@ CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22
 	NOT-FOR-US: Tenda
 CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...)
 	NOT-FOR-US: FiberHome FD602GW-DX-R410 router
-CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...)
+CVE-2025-49604
+	REJECTED
 	NOT-FOR-US: Realtek
 CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize i ...)
 	NOT-FOR-US: Realtek
@@ -8005,7 +8204,7 @@ CVE-2025-5318 (A flaw was found in the libssh library. An out-of-bounds read can
 	[bullseye] - libssh <postponed> (Minor issue)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 (libssh-0.11.2)
-CVE-2025-4878
+CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized variable e ...)
 	- libssh 0.11.2-1 (bug #1108407)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	[bullseye] - libssh <postponed> (Minor issue)
@@ -58100,7 +58299,7 @@ CVE-2024-13447 (The WP Hotel Booking plugin for WordPress is vulnerable to unaut
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11166 (For TCAS II systems using transponders compliant with MOPS earlier tha ...)
 	NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
-CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A72 (revisions before ...)
+CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A57,Cortex-A72 (revis ...)
 	NOT-FOR-US: Arm
 CVE-2023-37777 (A SQL injection vulnerability exists in Synnefo Internet Management So ...)
 	NOT-FOR-US: Synnefo
@@ -505384,7 +505583,7 @@ CVE-2015-9277 (MailEnable before 8.60 allows Directory Traversal for reading the
 	NOT-FOR-US: MailEnable
 CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS ...)
 	NOT-FOR-US: SmarterTools SmarterMail
-CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickl ...)
+CVE-2019-6446 (An issue was discovered in NumPy before 1.16.3. It uses the pickle Pyt ...)
 	- python-numpy 1:1.10.4-1
 	[jessie] - python-numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/12759



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7284c182ba27d48d4f0d91346c0b38cdb036db7d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7284c182ba27d48d4f0d91346c0b38cdb036db7d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250722/722f0646/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list