[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jun 24 09:12:49 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
679e92dd by security tracker role at 2025-06-24T08:12:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,134 @@
-CVE-2025-2828
+CVE-2025-6560 (Multiple wireless router models from Sapido have an Exposure of Sensit ...)
+	TODO: check
+CVE-2025-6559 (Multiple wireless router models from Sapido have an OS Command Injecti ...)
+	TODO: check
+CVE-2025-6552 (A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been  ...)
+	TODO: check
+CVE-2025-6551 (A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classifie ...)
+	TODO: check
+CVE-2025-6536 (A vulnerability has been found in Tarantool up to 3.3.1 and classified ...)
+	TODO: check
+CVE-2025-6535 (A vulnerability has been found in xxyopen/201206030 novel-plus up to 5 ...)
+	TODO: check
+CVE-2025-6534 (A vulnerability, which was classified as problematic, was found in xxy ...)
+	TODO: check
+CVE-2025-6533 (A vulnerability, which was classified as critical, has been found in x ...)
+	TODO: check
+CVE-2025-6532 (A vulnerability classified as problematic was found in NOYAFA/Xiami LF ...)
+	TODO: check
+CVE-2025-6531 (A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has ...)
+	TODO: check
+CVE-2025-6530 (A vulnerability was found in 70mai M300 up to 20250611. It has been cl ...)
+	TODO: check
+CVE-2025-6529 (A vulnerability was found in 70mai M300 up to 20250611 and classified  ...)
+	TODO: check
+CVE-2025-6528 (A vulnerability has been found in 70mai M300 up to 20250611 and classi ...)
+	TODO: check
+CVE-2025-6527 (A vulnerability, which was classified as problematic, was found in 70m ...)
+	TODO: check
+CVE-2025-6526 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-6525 (A vulnerability classified as problematic was found in 70mai 1S up to  ...)
+	TODO: check
+CVE-2025-6524 (A vulnerability classified as problematic has been found in 70mai 1S u ...)
+	TODO: check
+CVE-2025-5258 (The Conference Scheduler plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2025-52979
+	REJECTED
+CVE-2025-52978
+	REJECTED
+CVE-2025-52977
+	REJECTED
+CVE-2025-52976
+	REJECTED
+CVE-2025-52975
+	REJECTED
+CVE-2025-52974
+	REJECTED
+CVE-2025-52973
+	REJECTED
+CVE-2025-52972
+	REJECTED
+CVE-2025-52971
+	REJECTED
+CVE-2025-52574 (SysmonElixir is a system monitor HTTP service in Elixir. Prior to vers ...)
+	TODO: check
+CVE-2025-52570 (Letmein is an authenticating port knocker. Prior to version 10.2.1, Th ...)
+	TODO: check
+CVE-2025-52568 (NeKernal is a free and open-source operating system stack. Prior to ve ...)
+	TODO: check
+CVE-2025-52566 (llama.cpp is an inference of several LLM models in C/C++. Prior to ver ...)
+	TODO: check
+CVE-2025-52562 (Convoy is a KVM server management panel for hosting businesses. In ver ...)
+	TODO: check
+CVE-2025-52561 (HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version ...)
+	TODO: check
+CVE-2025-52560 (Kanboard is project management software that focuses on the Kanban met ...)
+	TODO: check
+CVE-2025-52558 (changedetection.io is a free open source web page change detection, we ...)
+	TODO: check
+CVE-2025-50213 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
+	TODO: check
+CVE-2025-48890 (WRH-733GBK and WRH-733GWH contain an improper neutralization of specia ...)
+	TODO: check
+CVE-2025-48470 (Successful exploitation of the stored cross-site scripting vulnerabili ...)
+	TODO: check
+CVE-2025-48469 (Successful exploitation of the vulnerability could allow an unauthenti ...)
+	TODO: check
+CVE-2025-48468 (Successful exploitation of the vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2025-48467 (Successful exploitation of the vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2025-48466 (Successful exploitation of the vulnerability could allow an unauthenti ...)
+	TODO: check
+CVE-2025-48463 (Successful exploitation of the vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2025-48462 (Successful exploitation of the vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2025-48461 (Successful exploitation of the vulnerability could allow an unauthenti ...)
+	TODO: check
+CVE-2025-47943 (Gogs is an open source self-hosted Git service. In application version ...)
+	TODO: check
+CVE-2025-43879 (WRH-733GBK and WRH-733GWH contain an improper neutralization of specia ...)
+	TODO: check
+CVE-2025-43877 (WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability i ...)
+	TODO: check
+CVE-2025-41427 (WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutra ...)
+	TODO: check
+CVE-2025-3090 (An unauthenticated remote attacker can obtain limited sensitive inform ...)
+	TODO: check
+CVE-2025-36519 (Unrestricted upload of file with dangerous type issue exists in WRC-25 ...)
+	TODO: check
+CVE-2025-34041 (An OS command injection vulnerability exists in the Chinese versions o ...)
+	TODO: check
+CVE-2025-34040 (An arbitrary file upload vulnerability exists in the Zhiyuan OA platfo ...)
+	TODO: check
+CVE-2025-34039 (A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prio ...)
+	TODO: check
+CVE-2025-34038 (A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the ge ...)
+	TODO: check
+CVE-2025-34037 (An OS command injection vulnerability exists in various models of E-Se ...)
+	TODO: check
+CVE-2025-34036 (An OS command injection vulnerability exists in white-labeled DVRs man ...)
+	TODO: check
+CVE-2025-34035 (An OS command injection vulnerability exists in EnGenius EnShare Cloud ...)
+	TODO: check
+CVE-2025-34034 (A hardcoded credential vulnerability exists in the Blue Angel Software ...)
+	TODO: check
+CVE-2025-34033 (An OS command injection vulnerability exists in the Blue Angel Softwar ...)
+	TODO: check
+CVE-2025-34032 (A reflected cross-site scripting (XSS) vulnerability exists in the Moo ...)
+	TODO: check
+CVE-2025-34031 (A path traversal vulnerability exists in the Moodle LMS Jmol plugin ve ...)
+	TODO: check
+CVE-2025-2962 (A denial-of-service issue in the dns implemenation could cause an infi ...)
+	TODO: check
+CVE-2025-23092 (Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an ...)
+	TODO: check
+CVE-2024-56731 (Gogs is an open source self-hosted Git service. Prior to version 0.13. ...)
+	TODO: check
+CVE-2025-2828 (A Server-Side Request Forgery (SSRF) vulnerability exists in the Reque ...)
 	NOT-FOR-US: langchain-community
 CVE-2025-6547 (Improper Input Validation vulnerability in pbkdf2 allows Signature Spo ...)
 	- node-pbkdf2 <unfixed>
@@ -2506,7 +2636,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complex
 	NOTE: https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 (3.13-branch)
 CVE-2025-6050 (Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Sit ...)
 	NOT-FOR-US: Mezzanine CMS
-CVE-2025-5777 (Insufficient input validation leading to memory overreadon the NetScal ...)
+CVE-2025-5777 (Insufficient input validation leading to memory overread when theNetSc ...)
 	NOT-FOR-US: Citrix
 CVE-2025-5700 (The Simple Logo Carousel plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679e92dd86609ca373b9dd2c94e429ec74587edf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679e92dd86609ca373b9dd2c94e429ec74587edf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/88e0b949/attachment.htm>
