[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 25 21:12:24 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
054397cc by security tracker role at 2025-06-25T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,157 @@
+CVE-2025-6678 (Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Inf ...)
+ TODO: check
+CVE-2025-6627 (A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 ...)
+ TODO: check
+CVE-2025-6621 (A vulnerability classified as critical has been found in TOTOLINK CA30 ...)
+ TODO: check
+CVE-2025-6620 (A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been ...)
+ TODO: check
+CVE-2025-6619 (A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been ...)
+ TODO: check
+CVE-2025-6618 (A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been ...)
+ TODO: check
+CVE-2025-6617 (A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as ...)
+ TODO: check
+CVE-2025-6616 (A vulnerability has been found in D-Link DIR-619L 2.06B01 and classifi ...)
+ TODO: check
+CVE-2025-6615 (A vulnerability, which was classified as critical, was found in D-Link ...)
+ TODO: check
+CVE-2025-6614 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2025-6613 (A vulnerability classified as problematic was found in PHPGurukul Hosp ...)
+ TODO: check
+CVE-2025-6612 (A vulnerability was found in code-projects Inventory Management System ...)
+ TODO: check
+CVE-2025-6611 (A vulnerability was found in code-projects Inventory Management System ...)
+ TODO: check
+CVE-2025-6610 (A vulnerability was found in itsourcecode Employee Management System u ...)
+ TODO: check
+CVE-2025-6609 (A vulnerability was found in SourceCodester Best Salon Management Syst ...)
+ TODO: check
+CVE-2025-6608 (A vulnerability has been found in SourceCodester Best Salon Management ...)
+ TODO: check
+CVE-2025-6607 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2025-6606 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2025-6605 (A vulnerability classified as critical was found in SourceCodester Bes ...)
+ TODO: check
+CVE-2025-6604 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2025-6603 (A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011 ...)
+ TODO: check
+CVE-2025-6543 (Memory overflow vulnerability leading to unintended control flow and D ...)
+ TODO: check
+CVE-2025-6445 (ServiceStack FindType Directory Traversal Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2025-6444 (ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vul ...)
+ TODO: check
+CVE-2025-6442 (Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vu ...)
+ TODO: check
+CVE-2025-5927 (The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrar ...)
+ TODO: check
+CVE-2025-5834 (Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Loca ...)
+ TODO: check
+CVE-2025-5833 (Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Dat ...)
+ TODO: check
+CVE-2025-5832 (Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verificatio ...)
+ TODO: check
+CVE-2025-5830 (Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based B ...)
+ TODO: check
+CVE-2025-5829 (Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer ...)
+ TODO: check
+CVE-2025-5828 (Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote ...)
+ TODO: check
+CVE-2025-5827 (Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-ba ...)
+ TODO: check
+CVE-2025-5826 (Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinter ...)
+ TODO: check
+CVE-2025-5825 (Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code ...)
+ TODO: check
+CVE-2025-5824 (Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authen ...)
+ TODO: check
+CVE-2025-5823 (Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerou ...)
+ TODO: check
+CVE-2025-5822 (Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Autho ...)
+ TODO: check
+CVE-2025-5015 (A cross-site scripting vulnerability exists in the AccuWeather and Cus ...)
+ TODO: check
+CVE-2025-52999 (jackson-core contains core low-level incremental ("streaming") parser ...)
+ TODO: check
+CVE-2025-52894 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-52893 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-52890 (Incus is a system container and virtual machine manager. When using an ...)
+ TODO: check
+CVE-2025-52889 (Incus is a system container and virtual machine manager. When using an ...)
+ TODO: check
+CVE-2025-52576 (Kanboard is project management software that focuses on the Kanban met ...)
+ TODO: check
+CVE-2025-52569 (GitForge.jl is a unified interface for interacting with Git "forges." ...)
+ TODO: check
+CVE-2025-52483 (Registrator is a GitHub app that automates creation of registration pu ...)
+ TODO: check
+CVE-2025-52480 (Registrator is a GitHub app that automates creation of registration pu ...)
+ TODO: check
+CVE-2025-52479 (HTTP.jl provides HTTP client and server functionality for Julia, and U ...)
+ TODO: check
+CVE-2025-50179 (Tuleap is an Open Source Suite to improve management of software devel ...)
+ TODO: check
+CVE-2025-50178 (GitForge.jl is a unified interface for interacting with Git "forges." ...)
+ TODO: check
+CVE-2025-4656 (Vault Community and Vault Enterprise rekey and recovery key operations ...)
+ TODO: check
+CVE-2025-49845 (Discourse is an open-source discussion platform. The visibility of pos ...)
+ TODO: check
+CVE-2025-49797 (Multiple Brother driver installers for Windows contain a privilege esc ...)
+ TODO: check
+CVE-2025-49550 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
+ TODO: check
+CVE-2025-49549 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
+ TODO: check
+CVE-2025-49153 (MICROSENS NMP Web+ could allow an unauthenticated attacker to overwri ...)
+ TODO: check
+CVE-2025-49152 (MICROSENS NMP Web+contain JSON Web Tokens (JWT) that do not expire, wh ...)
+ TODO: check
+CVE-2025-49151 (MICROSENS NMP Web+could allow an unauthenticated attacker to generate ...)
+ TODO: check
+CVE-2025-49135 (CVAT is an open source interactive video and image annotation tool for ...)
+ TODO: check
+CVE-2025-48991 (Tuleap is an Open Source Suite to improve management of software devel ...)
+ TODO: check
+CVE-2025-48954 (Discourse is an open-source discussion platform. Versions prior to 3.5 ...)
+ TODO: check
+CVE-2025-45333 (berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnera ...)
+ TODO: check
+CVE-2025-45332 (vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerabil ...)
+ TODO: check
+CVE-2025-44206 (Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hex ...)
+ TODO: check
+CVE-2025-41647 (A local, low-privileged attacker can learn the password of the connect ...)
+ TODO: check
+CVE-2025-41256 (Cyberduck and Mountain Duck improper handle TLS certificate pinning fo ...)
+ TODO: check
+CVE-2025-41255 (Cyberduck and Mountain Duck improperly handle TLS certificate pinning ...)
+ TODO: check
+CVE-2025-25905 (Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and befor ...)
+ TODO: check
+CVE-2025-25012 (URL redirection to an untrusted site ('Open Redirect') in Kibana can l ...)
+ TODO: check
+CVE-2025-20282 (A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC coul ...)
+ TODO: check
+CVE-2025-20281 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
+ TODO: check
+CVE-2025-20264 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2024-57708 (An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a d ...)
+ TODO: check
+CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP and MyS ...)
+ TODO: check
+CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component /Login.php ...)
+ TODO: check
+CVE-2021-4457 (The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthe ...)
+ TODO: check
CVE-2025-5846
- gitlab <not-affected> (Specific to EE)
CVE-2025-2938
@@ -3201,20 +3355,20 @@ CVE-2025-6191 (Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 a
- chromium 137.0.7151.119-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-49180 (A flaw was found in the RandR extension, where the RRChangeProviderPro ...)
- {DSA-5947-1}
+ {DSA-5947-1 DLA-4230-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d
CVE-2025-49179 (A flaw was found in the X Record extension. The RecordSanityCheckRegis ...)
- {DSA-5947-1}
+ {DSA-5947-1 DLA-4230-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4
CVE-2025-49178 (A flaw was found in the X server's request handling. Non-zero 'bytes t ...)
- {DSA-5947-1}
+ {DSA-5947-1 DLA-4230-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -3227,14 +3381,14 @@ CVE-2025-49177 (A flaw was found in the XFIXES extension. The XFixesSetClientDis
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af
CVE-2025-49176 (A flaw was found in the Big Requests extension. The request length is ...)
- {DSA-5947-1}
+ {DSA-5947-1 DLA-4230-1}
- xorg-server 2:21.1.16-1.3 (bug #1108073)
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
NOTE: Followup: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
CVE-2025-49175 (A flaw was found in the X Rendering extension's handling of animated c ...)
- {DSA-5947-1}
+ {DSA-5947-1 DLA-4230-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -8232,6 +8386,7 @@ CVE-2024-47055 (SummaryThis advisory addresses a security vulnerability in Mauti
CVE-2024-38341 (IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1 ...)
NOT-FOR-US: IBM
CVE-2025-48734 (Improper Access Control vulnerability in Apache Commons. A special ...)
+ {DLA-4229-1}
- commons-beanutils <unfixed> (bug #1106746)
NOTE: https://www.openwall.com/lists/oss-security/2025/05/28/6
NOTE: https://dlcdn.apache.org/commons/beanutils/RELEASE-NOTES.txt
@@ -20682,7 +20837,7 @@ CVE-2025-32504 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-32490 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-32415 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNod ...)
- {DLA-4146-1}
+ {DSA-5949-1 DLA-4146-1}
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1103511)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/487ee1d8711c6415218b373ef455fcd969d12399 (master)
@@ -24630,7 +24785,7 @@ CVE-2025-3362 (The web service of iSherlock from HGiga has an OS Command Injecti
CVE-2025-3361 (The web service of iSherlock from HGiga has an OS Command Injection vu ...)
NOT-FOR-US: HGiga
CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memor ...)
- {DLA-4146-1}
+ {DSA-5949-1 DLA-4146-1}
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1102521)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in ...)
@@ -43071,21 +43226,21 @@ CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can cau
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-27113 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer der ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
- libxml2 2.12.7+dfsg+really2.9.14-0.4 (bug #1098322)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c716d491dd2e67f08066f4dc0619efeb49e43e6
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/503f788e84f1c1f1d769c2c7258d77faee94b5a3 (v2.12.10)
CVE-2025-24928 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buff ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
- libxml2 2.12.7+dfsg+really2.9.14-0.4 (bug #1098321)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8c8753ad5280ee13aee5eec9b0f6eee2ed920f57
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/858ca26c0689161a6b903a6682cc8a1cc10a0ea8 (v2.12.10)
CVE-2024-56171 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free i ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
- libxml2 2.12.7+dfsg+really2.9.14-0.4 (bug #1098320)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
@@ -48968,7 +49123,7 @@ CVE-2024-10628 (The Quiz Maker Business, Developer, and Agency plugins for WordP
CVE-2024-10574 (The Quiz Maker Business, Developer, and Agency plugins for WordPress i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-49043 (xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-af ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-0.4 (bug #1094238)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b (v2.11.0)
@@ -61594,7 +61749,7 @@ CVE-2024-54258 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2024-54256 (Missing Authorization vulnerability in Seerox Easy Blocks pro allows A ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-54252 (Missing Authorization vulnerability in PINPOINT.WORLD Pinpoint Booking ...)
+CVE-2024-54252 (Missing Authorization vulnerability in Pinpoint Booking System allows ...)
NOT-FOR-US: WordPress plugin
CVE-2024-54250 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -122088,6 +122243,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A
CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...)
+ {DSA-5949-1}
- libxml2 2.12.7+dfsg+really2.9.14-0.4 (unimportant; bug #1071162)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8)
@@ -151874,7 +152030,7 @@ CVE-2021-46903 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIM
CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firm ...)
NOT-FOR-US: Meinberg
CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
[experimental] - libxml2 2.12.5+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1063234)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -174073,7 +174229,7 @@ CVE-2023-40631 (In Dialer, there is a possible missing permission check. This co
CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...)
NOT-FOR-US: Subiquity
CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1053629)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger)
@@ -180014,7 +180170,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
- {DLA-4064-1}
+ {DSA-5949-1 DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1051230)
[buster] - libxml2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/054397cc495da189817a0d351b8008f98a0fa393
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/054397cc495da189817a0d351b8008f98a0fa393
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/fd36211c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list