[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 17 09:12:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfacf45b by security tracker role at 2025-06-17T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,122 @@
-CVE-2025-6140
+CVE-2025-6173 (A vulnerability classified as critical was found in Webkul QloApps 1.6 ...)
+	TODO: check
+CVE-2025-6167 (A vulnerability classified as critical has been found in themanojdesai ...)
+	TODO: check
+CVE-2025-6166 (A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been ...)
+	TODO: check
+CVE-2025-6165 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
+	TODO: check
+CVE-2025-6164 (A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It  ...)
+	TODO: check
+CVE-2025-6163 (A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and ...)
+	TODO: check
+CVE-2025-6162 (A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210 ...)
+	TODO: check
+CVE-2025-6161 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2025-6160 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2025-6159 (A vulnerability classified as critical was found in code-projects Host ...)
+	TODO: check
+CVE-2025-6158 (A vulnerability classified as critical has been found in D-Link DIR-66 ...)
+	TODO: check
+CVE-2025-6157 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
+	TODO: check
+CVE-2025-6156 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
+	TODO: check
+CVE-2025-6155 (A vulnerability was found in PHPGurukul Hostel Management System 1.0.  ...)
+	TODO: check
+CVE-2025-6154 (A vulnerability was found in PHPGurukul Hostel Management System 1.0 a ...)
+	TODO: check
+CVE-2025-6153 (A vulnerability has been found in PHPGurukul Hostel Management System  ...)
+	TODO: check
+CVE-2025-6152 (A vulnerability, which was classified as critical, was found in Steel  ...)
+	TODO: check
+CVE-2025-6151 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-6150 (A vulnerability classified as critical was found in TOTOLINK X15 1.0.0 ...)
+	TODO: check
+CVE-2025-6149 (A vulnerability classified as critical has been found in TOTOLINK A300 ...)
+	TODO: check
+CVE-2025-6148 (A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It ...)
+	TODO: check
+CVE-2025-6147 (A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It h ...)
+	TODO: check
+CVE-2025-6146 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
+	TODO: check
+CVE-2025-6145 (A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 a ...)
+	TODO: check
+CVE-2025-6144 (A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210 ...)
+	TODO: check
+CVE-2025-6143 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2025-6142 (A vulnerability was found in Intera InHire up to 20250530. It has been ...)
+	TODO: check
+CVE-2025-6141 (A vulnerability has been found in GNU ncurses up to 6.5-20250322 and c ...)
+	TODO: check
+CVE-2025-6139 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-6138 (A vulnerability classified as critical was found in TOTOLINK T10 4.1.8 ...)
+	TODO: check
+CVE-2025-5673 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+	TODO: check
+CVE-2025-5209 (The Ivory Search  WordPress plugin before 5.5.10 does not sanitise and ...)
+	TODO: check
+CVE-2025-52445
+	REJECTED
+CVE-2025-52444
+	REJECTED
+CVE-2025-52443
+	REJECTED
+CVE-2025-52442
+	REJECTED
+CVE-2025-52441
+	REJECTED
+CVE-2025-52440
+	REJECTED
+CVE-2025-52439
+	REJECTED
+CVE-2025-52438
+	REJECTED
+CVE-2025-52437
+	REJECTED
+CVE-2025-4775 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...)
+	TODO: check
+CVE-2025-49823 ((conda) Constructor is a tool which allows constructing an installer f ...)
+	TODO: check
+CVE-2025-49134 (Weblate is a web based localization tool. Prior to version 5.12, the a ...)
+	TODO: check
+CVE-2025-48993 (Group-Office is an enterprise customer relationship management and gro ...)
+	TODO: check
+CVE-2025-48992 (Group-Office is an enterprise customer relationship management and gro ...)
+	TODO: check
+CVE-2025-47951 (Weblate is a web based localization tool. Prior to version 5.12, the v ...)
+	TODO: check
+CVE-2025-43200 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-3774 (The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-3494
+	REJECTED
+CVE-2025-3493
+	REJECTED
+CVE-2025-32800 (Conda-build contains commands and tools to build conda packages. Prior ...)
+	TODO: check
+CVE-2025-32799 (Conda-build contains commands and tools to build conda packages. Prior ...)
+	TODO: check
+CVE-2025-27587 (OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable  ...)
+	TODO: check
+CVE-2024-45380
+	REJECTED
+CVE-2024-45069
+	REJECTED
+CVE-2024-45065
+	REJECTED
+CVE-2024-43422
+	REJECTED
+CVE-2024-21856
+	REJECTED
+CVE-2025-6140 (A vulnerability, which was classified as problematic, was found in spd ...)
 	- spdlog 1:1.15.2+ds-1
 	NOTE: https://github.com/gabime/spdlog/issues/3360
 	NOTE: Fixed by: https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094 (v1.15.2)
@@ -17590,11 +17708,14 @@ CVE-2025-29709 (SourceCodester Company Website CMS 1.0 has a File upload vulnera
 	NOT-FOR-US: SourceCodester
 CVE-2025-29708 (SourceCodester Company Website CMS 1.0 contains a file upload vulnerab ...)
 	NOT-FOR-US: SourceCodester
-CVE-2025-29653 (SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile  ...)
+CVE-2025-29653
+	REJECTED
 	NOT-FOR-US: TP-Link
-CVE-2025-29652 (SQL Injection vulnerability exists in the TP-Link M7000 4G LTE Mobile  ...)
+CVE-2025-29652
+	REJECTED
 	NOT-FOR-US: TP-Link
-CVE-2025-29651 (SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile  ...)
+CVE-2025-29651
+	REJECTED
 	NOT-FOR-US: TP-Link
 CVE-2025-28072 (PHPGurukul Pre-School Enrollment System is vulnerable to Directory Tra ...)
 	NOT-FOR-US: PHPGurukul
@@ -17975,11 +18096,14 @@ CVE-2025-2291 (Password can be used past expiry in PgBouncer due to auth_query n
 	NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/9912ee7f1af2e1b81d4d624a0da1cb49075ee78a (pgbouncer_1_24_1)
 CVE-2025-29905 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
 	NOT-FOR-US: Siemens
-CVE-2025-29650 (SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile  ...)
+CVE-2025-29650
+	REJECTED
 	NOT-FOR-US: TP-Link
-CVE-2025-29649 (SQL Injection vulnerability exists in the TP-Link TL-WR840N router s l ...)
+CVE-2025-29649
+	REJECTED
 	NOT-FOR-US: TP-Link
-CVE-2025-29648 (SQL Injection vulnerability exists in the TP-Link EAP120 router s logi ...)
+CVE-2025-29648
+	REJECTED
 	NOT-FOR-US: TP-Link
 CVE-2025-27936 (Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Serverversion ...)
 	NOT-FOR-US: Mattermost Plugin MSTeams
@@ -39509,7 +39633,8 @@ CVE-2024-57056 (Incorrect cookie session handling in WombatDialer before 25.02 r
 	NOT-FOR-US: WombatDialer
 CVE-2024-57055 (Server-Side Access Control Bypass vulnerability in WombatDialer before ...)
 	NOT-FOR-US: WombatDialer
-CVE-2024-57050 (A vulnerability in the TP-Link WR840N v6 router with firmware version  ...)
+CVE-2024-57050
+	REJECTED
 	NOT-FOR-US: TP-Link
 CVE-2024-57049 (A vulnerability in the TP-Link Archer c20 router with firmware version ...)
 	NOT-FOR-US: TP-Link



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfacf45b6d14dc0504118cf3312e3c502301f91e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfacf45b6d14dc0504118cf3312e3c502301f91e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/11f9025a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list