[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 10 09:12:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02a1def8 by security tracker role at 2025-06-10T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2025-5952 (A vulnerability, which was classified as critical, has been found in Z ...)
+	TODO: check
+CVE-2025-5945 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+	TODO: check
+CVE-2025-5935 (A vulnerability was found in Open5GS up to 2.7.3. It has been declared ...)
+	TODO: check
+CVE-2025-5934 (A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has bee ...)
+	TODO: check
+CVE-2025-5925 (The Bunny\u2019s Print CSS plugin for WordPress is vulnerable to Cross ...)
+	TODO: check
+CVE-2025-5913 (A vulnerability was found in PHPGurukul Vehicle Record Management Syst ...)
+	TODO: check
+CVE-2025-5912 (A vulnerability was found in D-Link DIR-632 FW103B08. It has been decl ...)
+	TODO: check
+CVE-2025-5911 (A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B2021 ...)
+	TODO: check
+CVE-2025-5910 (A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_ ...)
+	TODO: check
+CVE-2025-5909 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2025-5908 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-5907 (A vulnerability classified as critical was found in TOTOLINK EX1200T u ...)
+	TODO: check
+CVE-2025-5906 (A vulnerability classified as critical has been found in code-projects ...)
+	TODO: check
+CVE-2025-5905 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been ra ...)
+	TODO: check
+CVE-2025-5904 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been de ...)
+	TODO: check
+CVE-2025-5903 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been cl ...)
+	TODO: check
+CVE-2025-5902 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified  ...)
+	TODO: check
+CVE-2025-5901 (A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classi ...)
+	TODO: check
+CVE-2025-5900 (A vulnerability, which was classified as problematic, was found in Ten ...)
+	TODO: check
+CVE-2025-5899 (A vulnerability classified as critical was found in GNU PSPP 82fb509fb ...)
+	TODO: check
+CVE-2025-5898 (A vulnerability classified as critical has been found in GNU PSPP 82fb ...)
+	TODO: check
+CVE-2025-5897 (A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been ra ...)
+	TODO: check
+CVE-2025-5896 (A vulnerability was found in tarojs taro up to 4.1.1. It has been decl ...)
+	TODO: check
+CVE-2025-4954 (The Axle Demo Importer WordPress plugin through 1.0.3 does not validat ...)
+	TODO: check
+CVE-2025-4840 (The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 d ...)
+	TODO: check
+CVE-2025-4601 (The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-4387 (The Abandoned Cart Pro for WooCommerce plugin contains an authenticate ...)
+	TODO: check
+CVE-2025-49141 (HAX CMS PHP allows users to manage their microsite universe with a PHP ...)
+	TODO: check
+CVE-2025-49140 (Pion Interceptor is a framework for building RTP/RTCP communication so ...)
+	TODO: check
+CVE-2025-49139 (HAX CMS PHP allows users to manage their microsite universe with a PHP ...)
+	TODO: check
+CVE-2025-49138 (HAX CMS PHP allows users to manage their microsite universe with a PHP ...)
+	TODO: check
+CVE-2025-49137 (HAX CMS PHP allows users to manage their microsite universe with a PHP ...)
+	TODO: check
+CVE-2025-49004 (Caido is a web security auditing toolkit. Prior to version 0.48.0, due ...)
+	TODO: check
+CVE-2025-42998 (The security settings in the SAP Business One Integration Framework ar ...)
+	TODO: check
+CVE-2025-42996 (SAP MDM Server allows an attacker to gain control of existing client s ...)
+	TODO: check
+CVE-2025-42995 (SAP MDM Server Read function allows an attacker to send specially craf ...)
+	TODO: check
+CVE-2025-42994 (SAP MDM Server ReadString function allows an attacker to send speciall ...)
+	TODO: check
+CVE-2025-42993 (Due to a missing authorization check vulnerability in SAP S/4HANA (Ent ...)
+	TODO: check
+CVE-2025-42991 (SAP S/4HANA (Bank Account Application) does not perform necessary auth ...)
+	TODO: check
+CVE-2025-42990 (Unprotected SAPUI5 applications allow an attacker with basic privilege ...)
+	TODO: check
+CVE-2025-42989 (RFC inbound processing\ufffddoes not perform necessary authorization c ...)
+	TODO: check
+CVE-2025-42988 (Under certain conditions, SAP Business Objects Business Intelligence P ...)
+	TODO: check
+CVE-2025-42987 (SAP Manage Processing Rules (For Bank Statement) allows an attacker wi ...)
+	TODO: check
+CVE-2025-42984 (SAP S/4HANA Manage Central Purchase Contract does not perform necessar ...)
+	TODO: check
+CVE-2025-42983 (SAP Business Warehouse and SAP Plug-In Basis allows an authenticated a ...)
+	TODO: check
+CVE-2025-42982 (SAP GRC allows a non-administrative user to access and initiate transa ...)
+	TODO: check
+CVE-2025-42977 (SAP NetWeaver Visual Composer contains a Directory Traversal vulnerabi ...)
+	TODO: check
+CVE-2025-3076 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-31325 (Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Key ...)
+	TODO: check
+CVE-2025-30515 (CyberData011209 Intercom   could allow an authenticated attacker to up ...)
+	TODO: check
+CVE-2025-30507 (CyberData011209 Intercom could allow an unauthenticated user to gather ...)
+	TODO: check
+CVE-2025-30184 (CyberData011209 Intercom could allow an unauthenticated user access to ...)
+	TODO: check
+CVE-2025-30183 (CyberData011209 Intercom  does not properly store or protect web serve ...)
+	TODO: check
+CVE-2025-27819 (In CVE-2023-25194, we announced the RCE/Denial of service attack via S ...)
+	TODO: check
+CVE-2025-27818 (A possible security vulnerability has been identified in Apache Kafka. ...)
+	TODO: check
+CVE-2025-27817 (A possible arbitrary file read and SSRF vulnerability has been identif ...)
+	TODO: check
+CVE-2025-26468 (CyberData 011209    Intercom exposes features that could allow an unau ...)
+	TODO: check
+CVE-2025-23192 (SAP BusinessObjects Business Intelligence (BI Workspace) allows an una ...)
+	TODO: check
+CVE-2025-1041 (An improper input validation discovered in   Avaya Call Management Sys ...)
+	TODO: check
+CVE-2025-0037 (In AMD Versal Adaptive SoC devices, the lack of address validation whe ...)
+	TODO: check
+CVE-2025-0036 (In AMD Versal Adaptive SoC devices, the incorrect configuration of the ...)
+	TODO: check
+CVE-2024-55595
+	REJECTED
 CVE-2025-5918 (A vulnerability has been identified in the libarchive library. This fl ...)
 	- libarchive <unfixed>
 	NOTE: https://github.com/libarchive/libarchive/pull/2584
@@ -1447,7 +1571,7 @@ CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to es
 	NOT-FOR-US: Unifiedtransform
 CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
 	NOT-FOR-US: Unifiedtransform
-CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the Q ...)
+CVE-2025-46011 (Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in th ...)
 	NOT-FOR-US: Listmonk
 CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
 	NOT-FOR-US: FreshRSS
@@ -124774,7 +124898,7 @@ CVE-2024-3177 (A security issue was discovered in Kubernetes where users may be
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
 CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...)
 	NOT-FOR-US: Totara LMS
-CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...)
+CVE-2024-3931 (A vulnerability was found in Totara LMS up to 18.7. It has been rated  ...)
 	NOT-FOR-US: Totara LMS
 CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It  ...)
 	NOT-FOR-US: Dromara open-capacity-platform
@@ -433311,7 +433435,7 @@ CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Direc
 	NOT-FOR-US: Modicon
 CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on t ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
+CVE-2020-7533 (CWE-287: Improper Authentication vulnerability exists which could caus ...)
 	NOT-FOR-US: Modicon
 CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
 	NOT-FOR-US: SCADAPack x70 Security Administrator



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a1def819cc92701fd40e8c39ea7f9ecad34505

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a1def819cc92701fd40e8c39ea7f9ecad34505
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250610/2f3f25cb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list