[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 26 21:12:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ade2392 by security tracker role at 2025-06-26T20:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2025-6710 (MongoDB Server may be susceptible to stack overflow due to JSON parsin ...)
+	TODO: check
+CVE-2025-6709 (The MongoDB Server is susceptible to a denial of service vulnerability ...)
+	TODO: check
+CVE-2025-6707 (Under certain conditions, an authenticated user request may execute wi ...)
+	TODO: check
+CVE-2025-6706 (An authenticated user may trigger a use after free that may result in  ...)
+	TODO: check
+CVE-2025-6703 (Improper Input Validation vulnerability in Mozilla neqo leads to an un ...)
+	TODO: check
+CVE-2025-6702 (A vulnerability, which was classified as problematic, was found in lin ...)
+	TODO: check
+CVE-2025-6701 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-6700 (A vulnerability classified as problematic was found in Xuxueli xxl-sso ...)
+	TODO: check
+CVE-2025-6699 (A vulnerability classified as problematic has been found in LabRedesCe ...)
+	TODO: check
+CVE-2025-6698 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been  ...)
+	TODO: check
+CVE-2025-6697 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been  ...)
+	TODO: check
+CVE-2025-6696 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been  ...)
+	TODO: check
+CVE-2025-6695 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classifie ...)
+	TODO: check
+CVE-2025-6694 (A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and clas ...)
+	TODO: check
+CVE-2025-6693 (A vulnerability, which was classified as critical, was found in RT-Thr ...)
+	TODO: check
+CVE-2025-6677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-6676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-6675 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2025-6674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-6562 (Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic ...)
+	TODO: check
+CVE-2025-6561 (Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electron ...)
+	TODO: check
+CVE-2025-6212 (The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-5995 (Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earl ...)
+	TODO: check
+CVE-2025-5966 (Zohocorp ManageEngine Exchange reporter Plus version5722 and below are ...)
+	TODO: check
+CVE-2025-5842 (The Modern Design Library plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2025-5682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-5366 (Zohocorp ManageEngine Exchange reporter Plus version5722 and below are ...)
+	TODO: check
+CVE-2025-5338 (The Royal Elementor Addons plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2025-53122 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-53121 (Multiple stored XSS were found on different nodes with unsanitized par ...)
+	TODO: check
+CVE-2025-53013 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
+	TODO: check
+CVE-2025-53007 (arduino-esp32 provides an Arduino core for the ESP32. Versions prior t ...)
+	TODO: check
+CVE-2025-53002 (LLaMA-Factory is a tuning library for large language models. A remote  ...)
+	TODO: check
+CVE-2025-52904 (File Browser provides a file managing interface within a specified dir ...)
+	TODO: check
+CVE-2025-52903 (File Browser provides a file managing interface within a specified dir ...)
+	TODO: check
+CVE-2025-52902 (File Browser provides a file managing interface within a specified dir ...)
+	TODO: check
+CVE-2025-52900 (File Browser provides a file managing interface within a specified dir ...)
+	TODO: check
+CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+	TODO: check
+CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protoc ...)
+	TODO: check
+CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token Service (STS) ...)
+	TODO: check
+CVE-2025-51672 (A time-based blind SQL injection vulnerability was identified in the P ...)
+	TODO: check
+CVE-2025-51671 (A SQL injection vulnerability was discovered in the PHPGurukul Dairy F ...)
+	TODO: check
+CVE-2025-50350 (PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to  ...)
+	TODO: check
+CVE-2025-49603 (Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Inc ...)
+	TODO: check
+CVE-2025-49592 (n8n is a workflow automation platform. Versions prior to 1.98.0 have a ...)
+	TODO: check
+CVE-2025-49003 (DataEase is an open source business intelligence and data visualizatio ...)
+	TODO: check
+CVE-2025-48923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48921 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social  ...)
+	TODO: check
+CVE-2025-44141 (A Cross-Site Scripting (XSS) vulnerability exists in the node creation ...)
+	TODO: check
+CVE-2025-3773 (A sensitive  information exposure vulnerability in System Information  ...)
+	TODO: check
+CVE-2025-3771 (A path or symbolic link manipulation vulnerability in SIR 1.0.3 and pr ...)
+	TODO: check
+CVE-2025-3722 (A path traversal vulnerability in System Information Reporter (SIR) 1. ...)
+	TODO: check
+CVE-2025-36034 (IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information S ...)
+	TODO: check
+CVE-2025-34049 (An OS command injection vulnerability exists in the OptiLink ONT1GEW G ...)
+	TODO: check
+CVE-2025-34048 (A path traversal vulnerability exists in the web management interface  ...)
+	TODO: check
+CVE-2025-34047 (A path traversal vulnerability exists in the Leadsec SSL VPN (formerly ...)
+	TODO: check
+CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the Fanwei E-Of ...)
+	TODO: check
+CVE-2025-34045 (A path traversal vulnerability exists in WeiPHP 5.0, an open source We ...)
+	TODO: check
+CVE-2025-34044 (A remote command injection vulnerability exists in the confirm.php int ...)
+	TODO: check
+CVE-2025-34043 (A remote command injection vulnerability exists in Vacron Network Vide ...)
+	TODO: check
+CVE-2025-34042 (An authenticated command injection vulnerability exists in the Beward  ...)
+	TODO: check
+CVE-2025-30131 (An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticat ...)
+	TODO: check
+CVE-2025-29331 (An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote a ...)
+	TODO: check
+CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root access to  ...)
+	TODO: check
+CVE-2024-56915 (Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Si ...)
+	TODO: check
+CVE-2024-52928 (Arc before 1.26.1 on Windows has a bypass issue in the site settings t ...)
+	TODO: check
+CVE-2024-11584 (cloud-initthrough 25.1.2 includes the systemd socket unitcloud-init-ho ...)
+	TODO: check
 CVE-2025-6669 (A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has be ...)
 	NOT-FOR-US: gooaclok819 sublinkX
 CVE-2025-6668 (A vulnerability was found in code-projects Inventory Management System ...)
@@ -245469,17 +245605,17 @@ CVE-2022-41862 (In PostgreSQL, a modified, unauthenticated server can send an un
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88 (REL_12_14)
 	NOTE: GSSAPI encryption support introduced in https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b0b39f72b9904bcb80f97b35837ccff1578aa4b8 (REL_12_BETA1)
 CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...)
-	{DLA-3342-1}
+	{DLA-4232-1 DLA-3342-1}
 	- freeradius 3.2.0+dfsg-1
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26)
 	NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
 CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...)
-	{DLA-3342-1}
+	{DLA-4232-1 DLA-3342-1}
 	- freeradius 3.2.0+dfsg-1
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26)
 	NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM")
 CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...)
-	{DLA-3342-1}
+	{DLA-4232-1 DLA-3342-1}
 	- freeradius 3.2.0+dfsg-1
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937 (release_3_0_26)
 CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer dereference may o ...)
@@ -718595,8 +718731,7 @@ CVE-2013-1426 (Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x befor
 	NOTE: https://bugs.launchpad.net/mahara/+bug/1153423
 CVE-2013-1425 (ldap-git-backup before 1.0.4 exposes password hashes due to incorrect  ...)
 	- ldap-git-backup 1.0.4-1 (bug #699227)
-CVE-2013-1424 [matplotlib buffer overrun]
-	RESERVED
+CVE-2013-1424 (Buffer overflow vulnerability in matplotlib.This issue affects matplot ...)
 	- matplotlib 1.4.2-3.1 (low; bug #775691)
 	[wheezy] - matplotlib <no-dsa> (Minor issue)
 	[squeeze] - matplotlib <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ade2392a9fff96ec3b42581dea667d3eb8dca3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ade2392a9fff96ec3b42581dea667d3eb8dca3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/faf058ad/attachment.htm>

More information about the debian-security-tracker-commits mailing list