[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 23 21:12:25 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
323133a9 by security tracker role at 2025-07-23T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,71 +1,291 @@
-CVE-2025-54090
+CVE-2025-8070 (The Windows service configuration of ABP and AES contains an unquoted ...)
+ TODO: check
+CVE-2025-8069 (During the AWS Client VPN client installation on Windows devices, the ...)
+ TODO: check
+CVE-2025-8060 (A vulnerability has been found in Tenda AC23 16.03.07.52 and classifie ...)
+ TODO: check
+CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.41 is ...)
+ TODO: check
+CVE-2025-8022 (All versions of the package bun are vulnerable to Improper Neutralizat ...)
+ TODO: check
+CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable to Dire ...)
+ TODO: check
+CVE-2025-8020 (All versions of the package private-ip are vulnerable to Server-Side R ...)
+ TODO: check
+CVE-2025-7766 (LantronixProvisioning Manager is vulnerable to XML external entity att ...)
+ TODO: check
+CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin VIGI NV ...)
+ TODO: check
+CVE-2025-7723 (A command injection vulnerability exists that can be exploited after a ...)
+ TODO: check
+CVE-2025-7722 (The Social Streams plugin for WordPress is vulnerable to privilege esc ...)
+ TODO: check
+CVE-2025-6261 (The Fleetwire Fleet Management plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-6215 (The Omnishop plugin for WordPress is vulnerable to Unauthenticated Reg ...)
+ TODO: check
+CVE-2025-6214 (The Omnishop plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-6190 (The Realty Portal \u2013 Agent plugin for WordPress is vulnerable to P ...)
+ TODO: check
+CVE-2025-6174 (The Qwizcards | online quizzes and flashcards WordPress plugin through ...)
+ TODO: check
+CVE-2025-6054 (The YANewsflash plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2025-5818 (The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin ...)
+ TODO: check
+CVE-2025-5753 (The Valuation Calculator plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-54455 (Use of Hard-coded Credentials vulnerability in Samsung Electronics Mag ...)
+ TODO: check
+CVE-2025-54454 (Use of Hard-coded Credentials vulnerability in Samsung Electronics Mag ...)
+ TODO: check
+CVE-2025-54453 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54452 (Improper Authentication vulnerability in Samsung Electronics MagicINFO ...)
+ TODO: check
+CVE-2025-54451 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-54450 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54449 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54448 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54447 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54446 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54445 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2025-54444 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54443 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54442 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54441 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54440 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54439 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
+ TODO: check
+CVE-2025-54438 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54297 (A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joom ...)
+ TODO: check
+CVE-2025-54296 (A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla ...)
+ TODO: check
+CVE-2025-54295 (A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Jo ...)
+ TODO: check
+CVE-2025-54294 (A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was di ...)
+ TODO: check
+CVE-2025-54141 (ViewVC is a browser interface for CVS and Subversion version control r ...)
+ TODO: check
+CVE-2025-54140 (pyLoad is a free and open-source Download Manager written in pure Pyth ...)
+ TODO: check
+CVE-2025-54139 (HAX CMS allows users to manage their microsite universe with a NodeJS ...)
+ TODO: check
+CVE-2025-54138 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2025-54137 (HAX CMS NodeJS allows users to manage their microsite universe with a ...)
+ TODO: check
+CVE-2025-54120 (PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. ...)
+ TODO: check
+CVE-2025-54072 (yt-dlp is a feature-rich command-line audio/video downloader. In versi ...)
+ TODO: check
+CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+ TODO: check
+CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without enc ...)
+ TODO: check
+CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+ TODO: check
+CVE-2025-51462 (Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app ...)
+ TODO: check
+CVE-2025-50481 (A cross-site scripting (XSS) vulnerability in the component /blog/blog ...)
+ TODO: check
+CVE-2025-50477 (A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect ...)
+ TODO: check
+CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was disc ...)
+ TODO: check
+CVE-2025-4700 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-4411 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-4296 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
+ TODO: check
+CVE-2025-48733 (DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function ...)
+ TODO: check
+CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
+ TODO: check
+CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk command ...)
+ TODO: check
+CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the ...)
+ TODO: check
+CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or creat ...)
+ TODO: check
+CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to redirect vict ...)
+ TODO: check
+CVE-2025-43881 (Improper validation of specified quantity in input issue exists in Rea ...)
+ TODO: check
+CVE-2025-43489 (A potential security vulnerability has been identified in the Poly Cla ...)
+ TODO: check
+CVE-2025-43488 (A potential security vulnerability has been identified in the Poly Cla ...)
+ TODO: check
+CVE-2025-43487 (A potential privilege escalation through Sudo vulnerability has been i ...)
+ TODO: check
+CVE-2025-43486 (A potential stored cross-site scripting vulnerability has been identif ...)
+ TODO: check
+CVE-2025-43485 (A potential security vulnerability has been identified in the Poly Cla ...)
+ TODO: check
+CVE-2025-43484 (A potential reflected cross-site scripting vulnerability has been iden ...)
+ TODO: check
+CVE-2025-43483 (A potential security vulnerability has been identified in the Poly Cla ...)
+ TODO: check
+CVE-2025-43022 (A potential SQL injection vulnerability has been identified in the Pol ...)
+ TODO: check
+CVE-2025-43021 (A potential security vulnerability has been identified in the Poly Cla ...)
+ TODO: check
+CVE-2025-43020 (A potential command injection vulnerability has been identified in the ...)
+ TODO: check
+CVE-2025-42947 (SAP FICA ODN framework allows a high privileged user to inject value i ...)
+ TODO: check
+CVE-2025-41687 (An unauthenticated remote attacker may use a stack based buffer overfl ...)
+ TODO: check
+CVE-2025-41684 (An authenticated remote attacker can execute arbitrary commands with r ...)
+ TODO: check
+CVE-2025-41683 (An authenticated remote attacker can execute arbitrary commands with r ...)
+ TODO: check
+CVE-2025-41425 (DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site script ...)
+ TODO: check
+CVE-2025-40599 (An authenticated arbitrary file upload vulnerability exists in the SMA ...)
+ TODO: check
+CVE-2025-40598 (A Reflected cross-site scripting (XSS) vulnerability exists in the SMA ...)
+ TODO: check
+CVE-2025-40597 (A Heap-based buffer overflow vulnerability in the SMA100 series web in ...)
+ TODO: check
+CVE-2025-40596 (A Stack-based buffer overflow vulnerability in the SMA100 series web i ...)
+ TODO: check
+CVE-2025-36117 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session i ...)
+ TODO: check
+CVE-2025-36116 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site W ...)
+ TODO: check
+CVE-2025-33077 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vul ...)
+ TODO: check
+CVE-2025-33076 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vul ...)
+ TODO: check
+CVE-2025-33020 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transm ...)
+ TODO: check
+CVE-2025-31701 (A vulnerability has been found in Dahua products. Attackers could exp ...)
+ TODO: check
+CVE-2025-31700 (A vulnerability has been found in Dahua products. Attackers could exp ...)
+ TODO: check
+CVE-2025-2634 (Out of bounds read vulnerability due to improper bounds checking in NI ...)
+ TODO: check
+CVE-2025-2633 (Out of bounds read vulnerability due to improper bounds checking in NI ...)
+ TODO: check
+CVE-2025-27930 (Zohocorp ManageEngine Applications Manager versions176600 and prior ar ...)
+ TODO: check
+CVE-2024-53288 (Improper neutralization of input during web page generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53287 (Improper neutralization of input during web page generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53286 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2024-41751 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-41750 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-40686 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access Management(formerly Imp ...)
+ TODO: check
+CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows unauth ...)
+ TODO: check
+CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce Online ...)
+ TODO: check
+CVE-2018-25113 (An unauthenticated path traversal vulnerability exists in Dicoogle PAC ...)
+ TODO: check
+CVE-2017-20198 (The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deplo ...)
+ TODO: check
+CVE-2016-15045 (A local privilege escalation vulnerability exists in lastore-daemon, t ...)
+ TODO: check
+CVE-2015-10141 (An unauthenticated OS command injection vulnerability exists within Xd ...)
+ TODO: check
+CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 0.92, a ligh ...)
+ TODO: check
+CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...)
- apache2 2.4.65-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
-CVE-2025-8035
+CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8035
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8035
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8035
-CVE-2025-8040
+CVE-2025-8040 (Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0 ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
-CVE-2025-8034
+CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8034
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8034
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8034
-CVE-2025-8044
+CVE-2025-8044 (Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
-CVE-2025-8033
+CVE-2025-8033 (The JavaScript engine did not handle closed generators correctly and i ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8033
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8033
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8033
-CVE-2025-8039
+CVE-2025-8039 (In some cases search terms persisted in the URL bar even after navigat ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8039
-CVE-2025-8038
+CVE-2025-8038 (Thunderbird ignored paths when checking the validity of navigations in ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
-CVE-2025-8032
+CVE-2025-8032 (XSLT document loading did not correctly propagate the source document ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8032
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
-CVE-2025-8031
+CVE-2025-8031 (The `username:password` part was not correctly stripped from URLs in C ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8031
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8031
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8031
-CVE-2025-8043
+CVE-2025-8043 (Focus incorrectly truncated URLs towards the beginning instead of arou ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
-CVE-2025-8030
+CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8030
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8030
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8030
-CVE-2025-8037
+CVE-2025-8037 (Setting a nameless cookie with an equals sign in the value shadowed ot ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8037
-CVE-2025-8036
+CVE-2025-8036 (Thunderbird cached CORS preflight responses across IP address changes. ...)
- firefox 141.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
-CVE-2025-8029
+CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object` and `emb ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -78,24 +298,24 @@ CVE-2025-8042
CVE-2025-8041
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
-CVE-2025-8028
+CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries could le ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8028
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
-CVE-2025-8027
+CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit ret ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8027
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8027
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8027
-CVE-2025-8011
+CVE-2025-8011 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8010
+CVE-2025-8010 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 ...)
@@ -260,7 +480,7 @@ CVE-2025-4285 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Agentis
CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Agentis
-CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service (applicati ...)
+CVE-2025-48964 (ping in iputils before 20250602 allows a denial of service (applicatio ...)
- iputils <not-affected> (Incomplete fix for CVE-2025-47268 no applied; unimportant)
NOTE: https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
NOTE: Fixed by: https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
@@ -1863,6 +2083,7 @@ CVE-2025-53905 (Vim is an open source, command line text editor. Prior to versio
NOTE: https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 (v9.1.1552)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr
CVE-2025-30761 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
NOTE: https://www.openwall.com/lists/oss-security/2025/07/16/1
@@ -1957,6 +2178,7 @@ CVE-2025-50108 (Vulnerability in the Oracle Hyperion Financial Reporting product
CVE-2025-50107 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2025-50106 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -2051,6 +2273,7 @@ CVE-2025-50061 (Vulnerability in the Primavera P6 Enterprise Project Portfolio M
CVE-2025-50060 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2025-50059 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -2117,6 +2340,7 @@ CVE-2025-30758 (Vulnerability in the Siebel CRM End User product of Oracle Siebe
CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component: General). The ...)
NOT-FOR-US: Oracle
CVE-2025-30754 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -2131,6 +2355,7 @@ CVE-2025-30751 (Vulnerability in the Oracle Database component of Oracle Databas
CVE-2025-30750 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
NOT-FOR-US: Oracle
CVE-2025-30749 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -4148,7 +4373,7 @@ CVE-2025-49714 (Trust boundary violation in Visual Studio Code - Python extensio
NOT-FOR-US: Microsoft
CVE-2025-49711 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2025-49706 (Improper authentication in Microsoft Office SharePoint allows an autho ...)
+CVE-2025-49706 (Improper authentication in Microsoft Office SharePoint allows an unaut ...)
NOT-FOR-US: Microsoft
CVE-2025-49705 (Heap-based buffer overflow in Microsoft Office PowerPoint allows an un ...)
NOT-FOR-US: Microsoft
@@ -6495,7 +6720,7 @@ CVE-2025-6927
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165118 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165119 (master)
CVE-2025-6926 (Improper Authentication vulnerability in Wikimedia Foundation Mediawik ...)
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T389010
@@ -6503,7 +6728,7 @@ CVE-2025-6926 (Improper Authentication vulnerability in Wikimedia Foundation Med
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165090 (REL1_39)
CVE-2025-6597
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T389009
@@ -6517,21 +6742,21 @@ CVE-2025-6596
NOTE: https://phabricator.wikimedia.org/T396685
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/skins/Vector/+/1165107 (master)
CVE-2025-6595
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T394863
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165106 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165144 (REL1_39)
CVE-2025-6594
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T395063
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165115 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165087 (REL1_39)
CVE-2025-6593
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T396230
@@ -6545,14 +6770,14 @@ CVE-2025-6592
NOTE: https://phabricator.wikimedia.org/T391218
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1143146 (master)
CVE-2025-6591
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T392276
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165113 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165085 (REL1_39)
CVE-2025-6590
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T392746
@@ -11403,7 +11628,7 @@ CVE-2025-6019 (A Local Privilege Escalation (LPE) vulnerability was found in lib
NOTE: As hardening measure udisks2 (in unstable since 2.10.1-12.1)
NOTE: will enforce that private mounts are mounted with 'nodev,nosuid'.
NOTE: https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9
-CVE-2025-6018 [LPE from unprivileged to allow_active in SUSE 15's PAM]
+CVE-2025-6018 (A Local Privilege Escalation (LPE) vulnerability has been discovered i ...)
- pam <not-affected> (SUSE specific issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
@@ -12316,9 +12541,10 @@ CVE-2025-48444 (Missing Authorization vulnerability in Drupal Quick Node Block a
NOT-FOR-US: Drupal core and addons
CVE-2025-48013 (Missing Authorization vulnerability in Drupal Quick Node Block allows ...)
NOT-FOR-US: Drupal core and addons
-CVE-2025-41663 (An unauthenticated remote attacker in a man-in-the-middle position can ...)
+CVE-2025-41663 (For u-link Management API an unauthenticated remote attacker in a man- ...)
NOT-FOR-US: Weidmueller
-CVE-2025-41662 (An unauthenticated remote attacker can execute arbitrary commands with ...)
+CVE-2025-41662
+ REJECTED
NOT-FOR-US: Weidmueller
CVE-2025-41661 (An unauthenticated remote attacker can execute arbitrary commands with ...)
NOT-FOR-US: Weidmueller
@@ -24033,7 +24259,7 @@ CVE-2024-42212 (HCL BigFix Compliance is affected by an improper or missing Same
NOT-FOR-US: HCL
CVE-2024-11615 (The Envolve Plugin plugin for WordPress is vulnerable to arbitrary fil ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-47268 (ping in iputils through 20240905 allows a denial of service (applicati ...)
+CVE-2025-47268 (ping in iputils before 20250602 allows a denial of service (applicatio ...)
- iputils <unfixed> (unimportant; bug #1104746; bug #1109728)
NOTE: https://github.com/iputils/iputils/issues/584
NOTE: https://github.com/Zephkek/ping-rtt-overflow/
@@ -31407,7 +31633,7 @@ CVE-2025-32074 (Improper Encoding or Escaping of Output vulnerability in The Wik
CVE-2025-32073 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
NOT-FOR-US: HTMLTags MediaWiki extension
CVE-2025-32072 (Improper Encoding or Escaping of Output vulnerability in The Wikimedia ...)
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-2
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134
NOTE: https://phabricator.wikimedia.org/T386175
@@ -31742,13 +31968,13 @@ CVE-2025-32700 (Exposure of Sensitive Information to an Unauthorized Actor vulne
NOTE: Introduced by https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1026560 (REL1_43)
NOTE: Fixed by https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1135788
CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T387130
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135794
NOTE: The fix needs changes in embedded parsoid too: https://gerrit.wikimedia.org/r/c/mediawiki/services/parsoid/+/1124903 (v0.16.5)
CVE-2025-32698 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T385958
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135793
@@ -31761,12 +31987,12 @@ CVE-2025-32697 (Improper Preservation of Permissions vulnerability in Wikimedia
NOTE: https://phabricator.wikimedia.org/T24521
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1112359
CVE-2025-32696 (Improper Preservation of Permissions vulnerability in Wikimedia Founda ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T304474
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/737454
CVE-2025-3469 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T358689
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135795
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323133a96451f8219ca5d609cea4fa476ac85aaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323133a96451f8219ca5d609cea4fa476ac85aaf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/8b0f4afe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list