[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 9 09:12:00 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42564534 by security tracker role at 2025-06-09T08:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-5894 (Smart Parking Management System from Honding Technology has a Missing ...)
+ TODO: check
+CVE-2025-5893 (Smart Parking Management System from Honding Technology has an Exposur ...)
+ TODO: check
+CVE-2025-5867 (A vulnerability classified as critical was found in RT-Thread 5.1.0. T ...)
+ TODO: check
+CVE-2025-5866 (A vulnerability classified as critical has been found in RT-Thread 5.1 ...)
+ TODO: check
+CVE-2025-5865 (A vulnerability was found in RT-Thread 5.1.0. It has been rated as cri ...)
+ TODO: check
+CVE-2025-5864 (A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been ...)
+ TODO: check
+CVE-2025-5863 (A vulnerability was found in Tenda AC5 15.03.06.47. It has been classi ...)
+ TODO: check
+CVE-2025-5862 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...)
+ TODO: check
+CVE-2025-5861 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...)
+ TODO: check
+CVE-2025-5860 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-5859 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
+ TODO: check
+CVE-2025-5858 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
+ TODO: check
+CVE-2025-5857 (A vulnerability was found in code-projects Patient Record Management S ...)
+ TODO: check
+CVE-2025-5856 (A vulnerability has been found in PHPGurukul BP Monitoring Management ...)
+ TODO: check
+CVE-2025-5855 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2025-5854 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-5853 (A vulnerability classified as critical was found in Tenda AC6 15.03.05 ...)
+ TODO: check
+CVE-2025-5852 (A vulnerability classified as critical has been found in Tenda AC6 15. ...)
+ TODO: check
+CVE-2025-5851 (A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been ...)
+ TODO: check
+CVE-2025-5850 (A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been ...)
+ TODO: check
+CVE-2025-5849 (A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been ...)
+ TODO: check
+CVE-2025-5848 (A vulnerability was found in Tenda AC15 15.03.05.19_multi and classifi ...)
+ TODO: check
+CVE-2025-4652 (The Broadstreet WordPress plugin before 1.51.8 does not sanitise and e ...)
+ TODO: check
+CVE-2025-3582 (The Newsletter WordPress plugin before 8.85 does not sanitise and esc ...)
+ TODO: check
+CVE-2025-3581 (The Newsletter WordPress plugin before 8.8.5 does not validate and es ...)
+ TODO: check
+CVE-2025-3461 (The Quantenna Wi-Fi chips ship with an unauthenticated telnet interfac ...)
+ TODO: check
+CVE-2025-3460 (The Quantenna Wi-Fi chipset ships with a local control script, set_tx_ ...)
+ TODO: check
+CVE-2025-3459 (The Quantenna Wi-Fi chipset ships with a local control script, transmi ...)
+ TODO: check
+CVE-2025-35010 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-35009 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-35008 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-35007 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-35006 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-35005 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-35004 (Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 ...)
+ TODO: check
+CVE-2025-32459 (The Quantenna Wi-Fi chipset ships with a local control script, router_ ...)
+ TODO: check
+CVE-2025-32458 (The Quantenna Wi-Fi chipset ships with a local control script, router_ ...)
+ TODO: check
+CVE-2025-32457 (The Quantenna Wi-Fi chipset ships with a local control script, router_ ...)
+ TODO: check
+CVE-2025-32456 (The Quantenna Wi-Fi chipset ships with a local control script, router_ ...)
+ TODO: check
+CVE-2025-32455 (The Quantenna Wi-Fi chipset ships with a local control script, router_ ...)
+ TODO: check
CVE-2025-5847 (A vulnerability has been found in Tenda AC9 15.03.02.13 and classified ...)
NOT-FOR-US: Tenda
CVE-2025-27563 (in OpenHarmony v5.0.3 and prior versions allow a local attacker cause ...)
@@ -1699,6 +1779,7 @@ CVE-2025-48941 (MyBB is free and open source forum software. Prior to version 1.
CVE-2025-48940 (MyBB is free and open source forum software. Prior to version 1.8.39, ...)
NOT-FOR-US: MyBB
CVE-2025-48866 (ModSecurity is an open source, cross platform web application firewall ...)
+ {DSA-5940-1}
- modsecurity-apache 2.9.10-1 (bug #1107196)
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w
NOTE: Fixed by: https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e (v2.9.10)
@@ -1870,7 +1951,7 @@ CVE-2025-5113 (The Diviotec professional series exposes a web interface. One end
CVE-2025-4010 (The Netcom NTC 6200 and NWL 222 series expose a web interface to be co ...)
NOT-FOR-US: Netcom NTC 6200 and NWL 222 series
CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote ...)
- {DSA-5934-1}
+ {DSA-5934-1 DLA-4211-1}
- roundcube 1.6.11+dfsg-1 (bug #1107073)
NOTE: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
NOTE: https://github.com/roundcube/roundcubemail/pull/9865
@@ -3948,7 +4029,7 @@ CVE-2025-4133 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plu
CVE-2025-48070 (Plane is open-source project management software. Versions prior to 0. ...)
NOT-FOR-US: Plane
CVE-2025-47947 (ModSecurity is an open source, cross platform web application firewall ...)
- {DLA-4192-1}
+ {DSA-5940-1 DLA-4192-1}
- modsecurity-apache 2.9.9-1 (bug #1106286)
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r
NOTE: Fixed by: https://github.com/owasp-modsecurity/ModSecurity/commit/fdfc2d5b21610651b0cefceb397be2cfc7aac8bb (v2.9.9)
@@ -7708,14 +7789,14 @@ CVE-2025-22246 (Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are
NOT-FOR-US: VMware
CVE-2023-49641 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
NOT-FOR-US: Kashipara Billing Software
-CVE-2025-47712
+CVE-2025-47712 (A flaw exists in the nbdkit "blocksize" filter that can be triggered b ...)
- nbdkit 1.42.3-1 (bug #1105228)
[bookworm] - nbdkit <no-dsa> (Minor issue)
[bullseye] - nbdkit <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365724
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/a486f88d1eea653ea88b0bf8804c4825dab25ec7 (v1.43.7)
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/c3ed72811aca5684490b198737b2f0b921741547 (v1.42.3)
-CVE-2025-47711
+CVE-2025-47711 (There's a flaw in the nbdkit server when handling responses from its p ...)
- nbdkit 1.42.3-1 (bug #1105227)
[bookworm] - nbdkit <no-dsa> (Minor issue)
[bullseye] - nbdkit <postponed> (Minor issue)
@@ -32978,11 +33059,11 @@ CVE-2024-10152 (The Simple Certain Time to Show Content WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2024-0148 (NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the U ...)
NOT-FOR-US: NVIDIA
-CVE-2025-25209
+CVE-2025-25209 (The AuthPolicy metadata on Red Hat Connectivity Link contains an objec ...)
NOT-FOR-US: RedHat RHCL
-CVE-2025-25208
+CVE-2025-25208 (A Developer persona can bring down the Authorino service, preventing t ...)
NOT-FOR-US: RedHat RHCL
-CVE-2025-25207
+CVE-2025-25207 (The Authorino service in the Red Hat Connectivity Link is the authoriz ...)
NOT-FOR-US: RedHat RHCL
CVE-2025-1634 (A flaw was found in the quarkus-resteasy extension, which causes memor ...)
NOT-FOR-US: Quarkus
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42564534d16af4d50fcbfbad733467274214c395
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42564534d16af4d50fcbfbad733467274214c395
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250609/613bcc6f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list