[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 12 21:12:48 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8de0725 by security tracker role at 2025-06-12T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2025-6031 (Amazon Cloud Cam is a home security camera that was deprecated on Dece ...)
+	TODO: check
+CVE-2025-6021 (A flaw was found in libxml2's xmlBuildQName function, where integer ov ...)
+	TODO: check
+CVE-2025-6003 (The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-5996 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all versions from  ...)
+	TODO: check
+CVE-2025-5485 (User names used to access the web management interface are limited to  ...)
+	TODO: check
+CVE-2025-5484 (A username and password are required to authenticate to the central  S ...)
+	TODO: check
+CVE-2025-5195 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2025-4613 (Path traversal in Google Web Designer's template handling versions pri ...)
+	TODO: check
+CVE-2025-4418 (An improper validation of integrity check value vulnerability exists i ...)
+	TODO: check
+CVE-2025-4417 (A cross-site scripting vulnerability exists in  AVEVAPI Connector for  ...)
+	TODO: check
+CVE-2025-4278 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+	TODO: check
+CVE-2025-49579 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+	TODO: check
+CVE-2025-49578 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+	TODO: check
+CVE-2025-49577 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+	TODO: check
+CVE-2025-49576 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+	TODO: check
+CVE-2025-49575 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+	TODO: check
+CVE-2025-49467 (A SQL injection vulnerability in JEvents component before 3.6.88 and 3 ...)
+	TODO: check
+CVE-2025-49200 (The created backup files are unencrypted, making the application vulne ...)
+	TODO: check
+CVE-2025-49199 (The backup ZIPs are not signed by the application, leading to the poss ...)
+	TODO: check
+CVE-2025-49198 (The Media Server\u2019s authorization tokens have a poor quality of ra ...)
+	TODO: check
+CVE-2025-49197 (The application uses a weak password hash function, allowing an attack ...)
+	TODO: check
+CVE-2025-49196 (A service supports the use of a deprecated and unsafe TLS version. Thi ...)
+	TODO: check
+CVE-2025-49195 (The FTP server\u2019s login mechanism does not restrict authentication ...)
+	TODO: check
+CVE-2025-49194 (The server supports authentication methods in which credentials are se ...)
+	TODO: check
+CVE-2025-49193 (The application fails to implement several security headers. These hea ...)
+	TODO: check
+CVE-2025-49192 (The web application is vulnerable to clickjacking attacks. The site ca ...)
+	TODO: check
+CVE-2025-49191 (Linked URLs during the creation of iFrame widgets and dashboards are v ...)
+	TODO: check
+CVE-2025-49190 (The application is vulnerable to Server-Side Request Forgery (SSRF). A ...)
+	TODO: check
+CVE-2025-49189 (The HttpOnlyflag of the session cookie \"@@\" is set to false. Since t ...)
+	TODO: check
+CVE-2025-49188 (The application sends user credentials as URL parameters instead of PO ...)
+	TODO: check
+CVE-2025-49187 (For failed login attempts, the application returns different error mes ...)
+	TODO: check
+CVE-2025-49186 (The product does not implement sufficient measures to prevent multiple ...)
+	TODO: check
+CVE-2025-49185 (The web application is susceptible to cross-site-scripting attacks. An ...)
+	TODO: check
+CVE-2025-49184 (A remote unauthorized attacker may gather sensitive information of the ...)
+	TODO: check
+CVE-2025-49183 (All communication with the REST API is unencrypted (HTTP), allowing an ...)
+	TODO: check
+CVE-2025-49182 (Files in the source code contain login credentials for the admin user  ...)
+	TODO: check
+CVE-2025-49181 (Due to missing authorization of an API endpoint, unauthorized users ca ...)
+	TODO: check
+CVE-2025-49081 (There is an insufficient input validation vulnerability in the warehou ...)
+	TODO: check
+CVE-2025-49080 (There is a memory management vulnerability in Absolute Secure Access s ...)
+	TODO: check
+CVE-2025-48699
+	REJECTED
+CVE-2025-46035 (Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remo ...)
+	TODO: check
+CVE-2025-44019 (AVEVA PI Data Archive products are vulnerable to an uncaught exception ...)
+	TODO: check
+CVE-2025-43866 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
+	TODO: check
+CVE-2025-43863 (vantage6 is an open source framework built to enable, manage and deplo ...)
+	TODO: check
+CVE-2025-40592 (A vulnerability has been identified in Mendix Studio Pro 10 (All versi ...)
+	TODO: check
+CVE-2025-36573 (Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an In ...)
+	TODO: check
+CVE-2025-36539 (AVEVA PI Data Archive products  are vulnerable to an uncaught exceptio ...)
+	TODO: check
+CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API version ...)
+	TODO: check
+CVE-2025-2254 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2025-29744 (pg-promise before 11.5.5 is vulnerable to SQL Injection due to imprope ...)
+	TODO: check
+CVE-2025-1516 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2025-1478 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2025-0673 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2024-9512 (An issue has been discovered in GitLab EE affecting all versions prior ...)
+	TODO: check
+CVE-2024-7562 (A potential elevated privilege issue has been reported with InstallShi ...)
+	TODO: check
+CVE-2024-56158 (XWiki is a generic wiki platform. It's possible to execute any SQL que ...)
+	TODO: check
+CVE-2024-55567 (Improper input validation was discovered in UsbCoreDxe in Insyde Insyd ...)
+	TODO: check
+CVE-2024-44906 (uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vuln ...)
+	TODO: check
+CVE-2024-44905 (go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2023-45256 (Multiple SQL injection vulnerabilities in the EuroInformation Monetico ...)
+	TODO: check
 CVE-2025-30399
 	NOT-FOR-US: Microsoft .NET
 CVE-2025-6009 (A vulnerability was found in kiCode111 like-girl 5.2.0 and classified  ...)
@@ -1295,7 +1417,7 @@ CVE-2025-5877 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: Fengoffice Feng Office
 CVE-2025-5876 (A vulnerability classified as problematic was found in Lucky LM-520-SC ...)
 	NOT-FOR-US: Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM
-CVE-2025-5875 (A vulnerability classified as critical has been found in TP-Link TL-IP ...)
+CVE-2025-5875 (A vulnerability classified as critical has been found in TP-LINK Techn ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been r ...)
 	NOT-FOR-US: Redash
@@ -84005,7 +84127,7 @@ CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...)
 	NOT-FOR-US: Pluto
-CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace Control ve ...)
+CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace Control be ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-44106 (Insufficient server-side controls in the management console of Ivanti  ...)
 	NOT-FOR-US: Ivanti
@@ -84013,7 +84135,7 @@ CVE-2024-44105 (Cleartext transmission of sensitive information in the managemen
 	NOT-FOR-US: Ivanti
 CVE-2024-44104 (An incorrectly implemented authentication scheme that is subjected to  ...)
 	NOT-FOR-US: Ivanti
-CVE-2024-44103 (DLL hijacking in the management console of Ivanti Workspace Control ve ...)
+CVE-2024-44103 (DLL hijacking in the management console of Ivanti Workspace Control be ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-43690 (Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in t ...)
 	NOT-FOR-US: Gallagher



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8de0725b113279a01c88a01620f1c512c11e2a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8de0725b113279a01c88a01620f1c512c11e2a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/671e2a95/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list