[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 4 21:12:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62ca93a1 by security tracker role at 2025-06-04T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2025-5688 (We have identified a buffer overflow issue allowing out-of-bounds writ ...)
+ TODO: check
+CVE-2025-5609 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...)
+ TODO: check
+CVE-2025-5608 (A vulnerability classified as critical has been found in Tenda AC18 15 ...)
+ TODO: check
+CVE-2025-5607 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...)
+ TODO: check
+CVE-2025-5606 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...)
+ TODO: check
+CVE-2025-5604 (A vulnerability was found in Campcodes Hospital Management System 1.0 ...)
+ TODO: check
+CVE-2025-5603 (A vulnerability has been found in Campcodes Hospital Management System ...)
+ TODO: check
+CVE-2025-5602 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.1 ...)
+ TODO: check
+CVE-2025-5600 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-5599 (A vulnerability classified as critical was found in PHPGurukul Student ...)
+ TODO: check
+CVE-2025-5598 (Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MA ...)
+ TODO: check
+CVE-2025-5597 (Improper Authentication vulnerability in WF Steuerungstechnik GmbH air ...)
+ TODO: check
+CVE-2025-5596 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been cla ...)
+ TODO: check
+CVE-2025-5595 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
+ TODO: check
+CVE-2025-5594 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
+ TODO: check
+CVE-2025-5593 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+ TODO: check
+CVE-2025-5592 (A vulnerability, which was classified as critical, has been found in F ...)
+ TODO: check
+CVE-2025-5584 (A vulnerability was found in PHPGurukul Hospital Management System 4.0 ...)
+ TODO: check
+CVE-2025-5583 (A vulnerability classified as critical has been found in CodeAstro Rea ...)
+ TODO: check
+CVE-2025-5582 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
+ TODO: check
+CVE-2025-5581 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
+ TODO: check
+CVE-2025-5580 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
+ TODO: check
+CVE-2025-48962 (Sensitive information disclosure due to SSRF. The following products a ...)
+ TODO: check
+CVE-2025-48961 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
+CVE-2025-48960 (Weak server key used for TLS encryption. The following products are af ...)
+ TODO: check
+CVE-2025-48959 (Local privilege escalation due to insecure file permissions. The follo ...)
+ TODO: check
+CVE-2025-48935 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
+ TODO: check
+CVE-2025-48934 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to ve ...)
+ TODO: check
+CVE-2025-48888 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
+ TODO: check
+CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
+ TODO: check
+CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
+ TODO: check
+CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
+ TODO: check
+CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
+ TODO: check
+CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the Q ...)
+ TODO: check
+CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
+ TODO: check
+CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in vers ...)
+ TODO: check
+CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
+ TODO: check
+CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
+ TODO: check
+CVE-2025-30415 (Denial of service due to improper handling of malformed input. The fol ...)
+ TODO: check
+CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
+ TODO: check
+CVE-2025-29094 (Cross Site Scripting vulnerability in Motivian Content Mangment System ...)
+ TODO: check
+CVE-2025-29093 (File Upload vulnerability in Motivian Content Mangment System v.41.0.0 ...)
+ TODO: check
+CVE-2025-27811 (A local privilege escalation in the razer_elevation_service.exe in Raz ...)
+ TODO: check
+CVE-2025-23106 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
+ TODO: check
+CVE-2025-23101 (An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use ...)
+ TODO: check
+CVE-2025-23096 (An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, ...)
+ TODO: check
+CVE-2025-23095 (An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, ...)
+ TODO: check
+CVE-2025-22245 (VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2025-22244 (VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2025-22243 (VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting ( ...)
+ TODO: check
+CVE-2025-20286 (A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Ora ...)
+ TODO: check
+CVE-2025-20279 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2025-20278 (A vulnerability in the CLI of multiple Cisco Unified Communications pr ...)
+ TODO: check
+CVE-2025-20277 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2025-20275 (A vulnerability in the file opening process of Cisco Unified Contact C ...)
+ TODO: check
+CVE-2025-20273 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2025-20261 (A vulnerability in the SSH connection handling of Cisco Integrated Man ...)
+ TODO: check
+CVE-2025-20259 (Multiple vulnerabilities in the update process of Cisco ThousandEyes E ...)
+ TODO: check
+CVE-2025-20163 (A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fab ...)
+ TODO: check
+CVE-2025-20130 (A vulnerability in the API of Cisco Identity Services Engine (ISE) and ...)
+ TODO: check
+CVE-2025-20129 (A vulnerability in the web-based chat interface of Cisco Customer Coll ...)
+ TODO: check
+CVE-2025-1701 (CVE-2025-1701 is a high-severity vulnerability in the MIM Admin servic ...)
+ TODO: check
+CVE-2024-13967 (This vulnerability allows the successful attacker to gain unauthorized ...)
+ TODO: check
+CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled resource co ...)
+ TODO: check
CVE-2025-48432 [Potential log injection via unescaped request path]
- python-django <unfixed> (bug #1107282)
NOTE: https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
@@ -118,7 +250,7 @@ CVE-2025-47724 (Delta Electronics CNCSoftlacks proper validation of the user-sup
NOT-FOR-US: Delta Electronics
CVE-2025-27444 (A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 f ...)
NOT-FOR-US: Joomla
-CVE-2025-24015 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...)
+CVE-2025-24015 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1. ...)
NOT-FOR-US: Deno
CVE-2025-20996 (Improper authorization in Smart Switch installed on non-Samsung Device ...)
NOT-FOR-US: Samsung Mobile
@@ -291,7 +423,7 @@ CVE-2025-46154 (Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] pa
NOT-FOR-US: Foxcms
CVE-2025-45855 (An arbitrary file upload vulnerability in the component /upload/GoodsC ...)
NOT-FOR-US: erupt
-CVE-2025-45854 (An arbitrary file upload vulnerability in the component /server/execut ...)
+CVE-2025-45854 (/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbi ...)
NOT-FOR-US: JEHC-BPM
CVE-2025-44148 (Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allo ...)
NOT-FOR-US: MailEnable
@@ -450,9 +582,11 @@ CVE-2024-53013 (Memory corruption may occur while processing voice call registra
CVE-2024-53010 (Memory corruption may occur while attaching VM when the HLOS retains a ...)
NOT-FOR-US: Qualcomm
CVE-2025-5068 (Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowe ...)
+ {DSA-5935-1}
- chromium 137.0.7151.68-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5419 (Out of bounds read and write in V8 in Google Chrome prior to 137.0.715 ...)
+ {DSA-5935-1}
- chromium 137.0.7151.68-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5455 (An issue was found in the private API function qDecodeDataUrl() in QtC ...)
@@ -15228,6 +15362,7 @@ CVE-2025-30724 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2025-30723 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2025-30722 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ {DLA-4208-1}
- mysql-8.0 8.0.42-1 (bug #1103385)
- mariadb <unfixed> (bug #1105976)
[bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point release)
@@ -15304,6 +15439,7 @@ CVE-2025-30695 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-30694 (Vulnerability in the XML Database component of Oracle Database Server. ...)
NOT-FOR-US: Oracle
CVE-2025-30693 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ {DLA-4208-1}
- mysql-8.0 8.0.42-1 (bug #1103385)
- mariadb <unfixed> (bug #1105976)
[bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ca93a1eb4244fd113e81fcd19965dd096c76fc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ca93a1eb4244fd113e81fcd19965dd096c76fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250604/705a990e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list