[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 31 21:12:15 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2610bcfa by security tracker role at 2025-07-31T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,157 @@
+CVE-2025-8426 (Marvell QConvergeConsole compressConfigFiles Directory Traversal Infor ...)
+ TODO: check
+CVE-2025-8409 (A vulnerability has been found in code-projects Vehicle Management 1.0 ...)
+ TODO: check
+CVE-2025-8408 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-8407 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-8401 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2025-8382 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2025-8381 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2025-8380 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
+ TODO: check
+CVE-2025-8379 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+ TODO: check
+CVE-2025-8378 (A vulnerability was found in Campcodes Online Hotel Reservation System ...)
+ TODO: check
+CVE-2025-8376 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-8375 (A vulnerability was found in code-projects Vehicle Management 1.0. It ...)
+ TODO: check
+CVE-2025-8374 (A vulnerability was found in code-projects Vehicle Management 1.0. It ...)
+ TODO: check
+CVE-2025-8286 (G\xfcralp FMUS series seismic monitoring devicesexpose an unauthentica ...)
+ TODO: check
+CVE-2025-8213 (The NinjaScanner \u2013 Virus & Malware scan plugin for WordPress is v ...)
+ TODO: check
+CVE-2025-8192 (There exists a TOCTOU race condition in TvSettings AppRestrictionsFrag ...)
+ TODO: check
+CVE-2025-8151 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2025-8068 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2025-54834 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an u ...)
+ TODO: check
+CVE-2025-54833 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows atta ...)
+ TODO: check
+CVE-2025-54832 (OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an ...)
+ TODO: check
+CVE-2025-54589 (Copyparty is a portable file server. In versions 1.18.6 and below, whe ...)
+ TODO: check
+CVE-2025-52289 (A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows ...)
+ TODO: check
+CVE-2025-52203 (A stored cross-site scripting (XSS) vulnerability exists in DevaslanPH ...)
+ TODO: check
+CVE-2025-51569 (A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CP ...)
+ TODO: check
+CVE-2025-51503 (A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2. ...)
+ TODO: check
+CVE-2025-51385 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz ...)
+ TODO: check
+CVE-2025-51384 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipse ...)
+ TODO: check
+CVE-2025-51383 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipse ...)
+ TODO: check
+CVE-2025-50867 (A SQL Injection vulnerability exists in the takeassessment2.php endpoi ...)
+ TODO: check
+CVE-2025-50866 (CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripti ...)
+ TODO: check
+CVE-2025-50850 (An issue was discovered in CS Cart 4.18.3 allows the vendor login func ...)
+ TODO: check
+CVE-2025-50849 (CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR ...)
+ TODO: check
+CVE-2025-50848 (A file upload vulnerability was discovered in CS Cart 4.18.3, allows a ...)
+ TODO: check
+CVE-2025-50847 (Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, all ...)
+ TODO: check
+CVE-2025-50572 (An issue was discovered in Archer Technology RSA Archer 6.11.00204.100 ...)
+ TODO: check
+CVE-2025-50475 (An OS command injection vulnerability exists in Russound MBX-PRE-D67F ...)
+ TODO: check
+CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the "content mana ...)
+ TODO: check
+CVE-2025-46809 (A Insertion of Sensitive Information into Log File vulnerability in SU ...)
+ TODO: check
+CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS commands us ...)
+ TODO: check
+CVE-2025-40980 (A Stored Cross Site Scripting vulnerability has been found in Ultimate ...)
+ TODO: check
+CVE-2025-37112 (A vulnerability was discovered in the storage policy for certain sets ...)
+ TODO: check
+CVE-2025-37111 (A vulnerability was discovered in the storage policy for certain sets ...)
+ TODO: check
+CVE-2025-37110 (A vulnerability was discovered in the storage policy for certain sets ...)
+ TODO: check
+CVE-2025-37109 (Cross-site scripting vulnerability has been identified in HPE Telco Se ...)
+ TODO: check
+CVE-2025-37108 (Cross-site scripting vulnerability has been identified in HPE Telco Se ...)
+ TODO: check
+CVE-2025-34146 (A prototype pollution vulnerability exists in @nyariv/sandboxjs versio ...)
+ TODO: check
+CVE-2025-2813 (An unauthenticated remote attacker can cause a Denial of Service by se ...)
+ TODO: check
+CVE-2025-29557 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control ...)
+ TODO: check
+CVE-2025-29556 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control ...)
+ TODO: check
+CVE-2025-26064 (A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 ...)
+ TODO: check
+CVE-2025-26063 (An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthen ...)
+ TODO: check
+CVE-2025-26062 (An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 ...)
+ TODO: check
+CVE-2025-24854 (A carefully crafted request using the Image plugin could trigger an XS ...)
+ TODO: check
+CVE-2025-24853 (A carefully crafted request when creating a header link using the wik ...)
+ TODO: check
+CVE-2024-34328 (An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute ...)
+ TODO: check
+CVE-2024-34327 (Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2014-125126 (An unrestricted file upload vulnerability exists in Simple E-Document ...)
+ TODO: check
+CVE-2014-125125 (A path traversal vulnerability exists in A10 Networks AX Loadbalancer ...)
+ TODO: check
+CVE-2014-125124 (An unauthenticated remote command execution vulnerability exists in Pa ...)
+ TODO: check
+CVE-2014-125123 (An unauthenticated SQL injection vulnerability exists in the Kloxo web ...)
+ TODO: check
+CVE-2014-125122 (A stack-based buffer overflow vulnerability exists in the tmUnblock.cg ...)
+ TODO: check
+CVE-2014-125121 (Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) app ...)
+ TODO: check
+CVE-2013-10043 (A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 an ...)
+ TODO: check
+CVE-2013-10042 (A stack-based buffer overflow vulnerability exists in freeFTPd version ...)
+ TODO: check
+CVE-2013-10040 (ClipBucket version 2.6 and earlier contains a critical vulnerability i ...)
+ TODO: check
+CVE-2013-10039 (A command injection vulnerability exists in GestioIP 3.0 commit ac67be ...)
+ TODO: check
+CVE-2013-10038 (An unauthenticated arbitrary file upload vulnerability exists in Flash ...)
+ TODO: check
+CVE-2013-10037 (An OS command injection vulnerability exists in WebTester version 5.x ...)
+ TODO: check
+CVE-2013-10036 (A stack-based buffer overflow vulnerability exists in Beetel Connectio ...)
+ TODO: check
+CVE-2013-10035 (A code injection vulnerability exists in ProcessMaker Open Source vers ...)
+ TODO: check
+CVE-2013-10034 (An unrestricted file upload vulnerability exists in Kaseya KServer ver ...)
+ TODO: check
+CVE-2013-10033 (An unauthenticated SQL injection vulnerability exists in Kimai version ...)
+ TODO: check
+CVE-2012-10021 (A stack-based buffer overflow vulnerability exists in D-Link DIR-605L ...)
+ TODO: check
+CVE-2011-10008 (A stack-based buffer overflow vulnerability exists in MPlayer Lite r33 ...)
+ TODO: check
CVE-2025-8373 (A vulnerability was found in code-projects Vehicle Management 1.0. It ...)
NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8372 (A vulnerability was found in code-projects Exam Form Submission 1.0 an ...)
@@ -2100,7 +2254,7 @@ CVE-2025-54072 (yt-dlp is a feature-rich command-line audio/video downloader. In
- yt-dlp <not-affected> (Windows-specific)
NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-45hg-7f49-5h56
NOTE: https://github.com/yt-dlp/yt-dlp/commit/959ac99e98c3215437e573c22d64be42d361e863 (2025.07.21)
-CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+CVE-2025-53882 (A Improper Check for Dropped Privileges vulnerability in the logrotate ...)
- mailman3 <not-affected> (SUSE-specific logrotate configuration issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1246467
CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without enc ...)
@@ -2998,7 +3152,7 @@ CVE-2025-54352 (WordPress 3.5 through 6.8.2 allows remote attackers to guess tit
NOTE: https://www.imperva.com/blog/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts/
CVE-2025-54319 (An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A th ...)
NOT-FOR-US: Westermo WeOS
-CVE-2025-53771 (Improper limitation of a pathname to a restricted directory ('path tra ...)
+CVE-2025-53771 (Improper authentication in Microsoft Office SharePoint allows an unaut ...)
NOT-FOR-US: Microsoft
CVE-2025-4685 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg ...)
NOT-FOR-US: WordPress plugin
@@ -3082,7 +3236,7 @@ CVE-2025-46383 (CWE-79 Improper Neutralization of Input During Web Page Generati
NOT-FOR-US: Emby Windows
CVE-2025-46382 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
NOT-FOR-US: CyberArk IDP
-CVE-2025-7738
+CVE-2025-7738 (A flaw was found in Ansible Automation Platform (AAP) where the Gatewa ...)
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7877 (A vulnerability, which was classified as critical, has been found in M ...)
NOT-FOR-US: Metasoft
@@ -7284,7 +7438,7 @@ CVE-2025-52492 (A vulnerability has been discovered in the firmware of Paxton Pa
CVE-2025-4779 (lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cro ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2025-48367 (Redis is an open source, in-memory database that persists on disk. An ...)
- {DLA-4240-1}
+ {DSA-5969-1 DLA-4240-1}
- redict <unfixed> (bug #1108980)
- redis 5:8.0.2-2 (bug #1108981)
- valkey 8.1.1+dfsg1-3 (bug #1108982)
@@ -7334,7 +7488,7 @@ CVE-2025-3044 (A vulnerability in the ArxivReader class of the run-llama/llama_i
CVE-2025-36014 (IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable t ...)
NOT-FOR-US: IBM
CVE-2025-32023 (Redis is an open source, in-memory database that persists on disk. Fro ...)
- {DLA-4240-1}
+ {DSA-5969-1 DLA-4240-1}
- redict <unfixed> (bug #1108977)
- redis 5:8.0.2-2 (bug #1108975)
- valkey 8.1.1+dfsg1-3 (bug #1108978)
@@ -18575,6 +18729,7 @@ CVE-2025-2518 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)
CVE-2025-29632 (Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attac ...)
NOT-FOR-US: Free5gc
CVE-2025-27151 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5969-1}
- redis 5:8.0.2-2 (bug #1106822)
[bullseye] - redis <not-affected> (Vulnerable code not present)
- redict <unfixed> (bug #1106823)
@@ -612660,21 +612815,21 @@ CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape Distr
NOT-FOR-US: Cisco
CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6742 (A vulnerability in the SNMP implementation of could allow an authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6741 (A vulnerability in the SNMP implementation of could allow an authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6739 (A vulnerability in the SNMP implementation of could allow an authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6737 (A vulnerability in the SNMP implementation of could allow an authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
+CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...)
NOT-FOR-US: Cisco
CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco FireS ...)
NOT-FOR-US: Cisco
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2610bcfa9e053496bf4ade47b25d267e7c215209
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2610bcfa9e053496bf4ade47b25d267e7c215209
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250731/1822024e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list