[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 13 21:12:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1c4b47f by security tracker role at 2025-06-13T20:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2025-6052 (A flaw was found in how GLib\u2019s GString manages memory when adding ...)
+	TODO: check
+CVE-2025-6035 (A flaw was found in GIMP. An integer overflow vulnerability exists in  ...)
+	TODO: check
+CVE-2025-6030 (Use of fixed learning codes, one code to lock the car and the other co ...)
+	TODO: check
+CVE-2025-6029 (Use of fixed learning codes, one code to lock the car and the other co ...)
+	TODO: check
+CVE-2025-49597 (handcraftedinthealps goodby-csv is a highly memory efficient, flexible ...)
+	TODO: check
+CVE-2025-49587 (XWiki is an open-source wiki software platform. When a user without sc ...)
+	TODO: check
+CVE-2025-49586 (XWiki is an open-source wiki software platform. Any XWiki user with ed ...)
+	TODO: check
+CVE-2025-49585 (XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0- ...)
+	TODO: check
+CVE-2025-49584 (XWiki is a generic wiki platform. In XWiki Platform versions 10.9 thro ...)
+	TODO: check
+CVE-2025-49583 (XWiki is a generic wiki platform. When a user without script right cre ...)
+	TODO: check
+CVE-2025-49582 (XWiki is a generic wiki platform. When editing content that contains " ...)
+	TODO: check
+CVE-2025-49581 (XWiki is a generic wiki platform. Any user with edit right on a page ( ...)
+	TODO: check
+CVE-2025-49580 (XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1 ...)
+	TODO: check
+CVE-2025-49468 (A SQL injection vulnerability in No Boss Calendar component before 5.0 ...)
+	TODO: check
+CVE-2025-48920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48918 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48916 (Missing Authorization vulnerability in Drupal Bookable Calendar allows ...)
+	TODO: check
+CVE-2025-48915 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48914 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48825 (RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an i ...)
+	TODO: check
+CVE-2025-46783 (Path traversal vulnerability exists in RICOH Streamline NX V3 PC Clien ...)
+	TODO: check
+CVE-2025-46096 (Directory Traversal vulnerability in solon v.3.1.2 allows a remote att ...)
+	TODO: check
+CVE-2025-46060 (Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 ...)
+	TODO: check
+CVE-2025-45988 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
+	TODO: check
+CVE-2025-45987 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
+	TODO: check
+CVE-2025-45986 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
+	TODO: check
+CVE-2025-45985 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
+	TODO: check
+CVE-2025-45984 (Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4 ...)
+	TODO: check
+CVE-2025-36633 (In Tenable Agent versions prior to 10.8.5 on a Windows host, it was fo ...)
+	TODO: check
+CVE-2025-36631 (In Tenable Agent versions prior to 10.8.5 on a Windows host, it was fo ...)
+	TODO: check
+CVE-2025-36506 (External control of file name or path issue exists in RICOH Streamline ...)
+	TODO: check
+CVE-2025-29902 (Remote code execution that allows unauthorized users to execute arbitr ...)
+	TODO: check
+CVE-2025-28389 (Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to  ...)
+	TODO: check
+CVE-2025-28388 (OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials f ...)
+	TODO: check
+CVE-2025-28386 (A remote code execution (RCE) vulnerability in the Plugin Management c ...)
+	TODO: check
+CVE-2025-28384 (An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 a ...)
+	TODO: check
+CVE-2025-28382 (An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allo ...)
+	TODO: check
+CVE-2025-28381 (A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access s ...)
+	TODO: check
+CVE-2025-28380 (A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 all ...)
+	TODO: check
 CVE-2025-6012 (The Auto Attachments plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5950 (The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c4b47fb2954aa8d5a59e7ae2396b2d427596d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c4b47fb2954aa8d5a59e7ae2396b2d427596d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250613/6bd0dddb/attachment.htm>

More information about the debian-security-tracker-commits mailing list