[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 27 09:12:39 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7776ecca by security tracker role at 2025-06-27T08:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,98 @@
-CVE-2025-5731
+CVE-2025-6753 (A vulnerability was found in huija bicycleSharingServer 1.0 and classi ...)
+	TODO: check
+CVE-2025-6752 (A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 a ...)
+	TODO: check
+CVE-2025-6751 (A vulnerability, which was classified as critical, was found in Linksy ...)
+	TODO: check
+CVE-2025-6750 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-6749 (A vulnerability classified as critical was found in huija bicycleShari ...)
+	TODO: check
+CVE-2025-6748 (A vulnerability classified as problematic has been found in Bharti Air ...)
+	TODO: check
+CVE-2025-6738 (A vulnerability, which was classified as critical, has been found in h ...)
+	TODO: check
+CVE-2025-6736 (A vulnerability classified as critical was found in juzaweb CMS 3.4.2. ...)
+	TODO: check
+CVE-2025-6735 (A vulnerability classified as critical has been found in juzaweb CMS 3 ...)
+	TODO: check
+CVE-2025-6734 (A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has ...)
+	TODO: check
+CVE-2025-6733 (A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has ...)
+	TODO: check
+CVE-2025-6732 (A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has ...)
+	TODO: check
+CVE-2025-6731 (A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and clas ...)
+	TODO: check
+CVE-2025-6689 (The FL3R Accessibility Suite plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2025-6688 (The Simple Payment plugin for WordPress is vulnerable to Authenticatio ...)
+	TODO: check
+CVE-2025-6550 (The The Pack Elementor addon plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2025-6488 (The isMobile plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2025-5940 (The Osom Blocks \u2013 Custom Post Type listing block plugin for WordP ...)
+	TODO: check
+CVE-2025-5936 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site Reque ...)
+	TODO: check
+CVE-2025-5526 (The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access  ...)
+	TODO: check
+CVE-2025-5306 (Improper Neutralization of Special Elements in the Netflow directory f ...)
+	TODO: check
+CVE-2025-5194 (The WP Map Block  WordPress plugin before 2.0.3 does not validate and  ...)
+	TODO: check
+CVE-2025-5093 (The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use th ...)
+	TODO: check
+CVE-2025-5035 (The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitis ...)
+	TODO: check
+CVE-2025-53166
+	REJECTED
+CVE-2025-53165
+	REJECTED
+CVE-2025-53164
+	REJECTED
+CVE-2025-53163
+	REJECTED
+CVE-2025-53162
+	REJECTED
+CVE-2025-53161
+	REJECTED
+CVE-2025-53160
+	REJECTED
+CVE-2025-53159
+	REJECTED
+CVE-2025-53158
+	REJECTED
+CVE-2025-53157
+	REJECTED
+CVE-2025-4587 (The A/B Testing for WordPress plugin for WordPress is vulnerable to St ...)
+	TODO: check
+CVE-2025-47824 (Flock Safety LPR (License Plate Reader) devices with firmware through  ...)
+	TODO: check
+CVE-2025-47823 (Flock Safety LPR (License Plate Reader) devices with firmware through  ...)
+	TODO: check
+CVE-2025-47822 (Flock Safety LPR (License Plate Reader) devices with firmware through  ...)
+	TODO: check
+CVE-2025-47821 (Flock Safety Gunshot Detection devices before 1.3 have a hardcoded pas ...)
+	TODO: check
+CVE-2025-47820 (Flock Safety Gunshot Detection devices before 1.3 have cleartext stora ...)
+	TODO: check
+CVE-2025-47819 (Flock Safety Gunshot Detection devices before 1.3 have an on-chip debu ...)
+	TODO: check
+CVE-2025-47818 (Flock Safety Gunshot Detection devices before 1.3 have a hard-coded pa ...)
+	TODO: check
+CVE-2025-45737 (An issue in NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver befo ...)
+	TODO: check
+CVE-2025-41418 (Buffer Overflow vulnerability exists in multiple versions of TB-eye ne ...)
+	TODO: check
+CVE-2025-3699 (Missing Authentication for Critical Function vulnerability in Mitsubis ...)
+	TODO: check
+CVE-2025-36529 (An OS command injection issue exists in multiple versions of TB-eye ne ...)
+	TODO: check
+CVE-2025-5731 (A flaw was found in Infinispan CLI. A sensitive password, decoded from ...)
 	NOT-FOR-US: Infinispan
-CVE-2025-52555
+CVE-2025-52555 (Ceph is a distributed object, block, and file storage platform. In ver ...)
 	- ceph <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2374412
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/26/1
@@ -9089,7 +9181,7 @@ CVE-2024-38866 (Improper neutralization of input in Nagvis before version 1.9.47
 	[bookworm] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f (nagvis-1.9.47)
 CVE-2025-5222 (A stack buffer overflow was found in Internationl components for unico ...)
-	{DLA-4217-1}
+	{DSA-5951-1 DLA-4217-1}
 	- icu 76.1-4 (bug #1106684)
 	NOTE: https://unicode-org.atlassian.net/browse/ICU-22957
 	NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2c667e31cfd0b6bb1923627a932fd3453a5bac77 (release-77-rc)
@@ -675503,8 +675595,7 @@ CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attack
 	[squeeze] - fusionforge <not-affected> (Affects 5.3 and later)
 	NOTE: https://scm.fusionforge.org/anonscm/gitweb?p=fusionforge/fusionforge.git;a=commitdiff;h=afcfe76f5195af4566ff3a8280714383fcdb5a67
 	NOTE: https://fusionforge.org/forum/forum.php?forum_id=41
-CVE-2015-0849 [predictable temporary file vulnerability]
-	RESERVED
+CVE-2015-0849 (pycode-browser before version 1.0 is prone to a predictable temporary  ...)
 	- pycode-browser 1:1.0-1 (unimportant; bug #790365)
 	NOTE: Not exploitable with kernel hardening since wheezy
 CVE-2015-0848 (Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers t ...)
@@ -675528,13 +675619,11 @@ CVE-2015-0844 (The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.
 	- wesnoth-1.12 1:1.12.2-1
 	- wesnoth-1.10 1:1.10.7-2
 	- wesnoth-1.8 <removed>
-CVE-2015-0843 [Buffer overflows due to misuse of sprintf]
-	RESERVED
+CVE-2015-0843 (yubiserver before 0.6 is to buffer overflows due to misuse of sprintf.)
 	- yubiserver 0.6-1 (bug #796495)
 	[jessie] - yubiserver <no-dsa> (Mitigated by toolchain hardening)
 	[wheezy] - yubiserver <no-dsa> (Can be fixed via a point release)
-CVE-2015-0842 [SQL injection issues (potential auth bypass)]
-	RESERVED
+CVE-2015-0842 (yubiserver before 0.6 is prone to SQL injection issues, potentially le ...)
 	- yubiserver 0.6-1 (bug #796495)
 	[jessie] - yubiserver <no-dsa> (Minor issue)
 	[wheezy] - yubiserver <no-dsa> (Minor issue)
@@ -684134,8 +684223,7 @@ CVE-2014-7212
 	REJECTED
 CVE-2014-7211
 	REJECTED
-CVE-2014-7210 [pdns in Debian creates too privileged MySQL user]
-	RESERVED
+CVE-2014-7210 (pdns specific as packaged in Debian in version before 3.3.1-1 creates  ...)
 	{DLA-492-1}
 	- pdns 3.3.1-1
 	[squeeze] - pdns <not-affected> (Vulnerabile code not present)
@@ -686422,8 +686510,7 @@ CVE-2014-6275 (FusionForge before 5.3.2 use scripts that run under the shared Ap
 	- fusionforge 5.3.2-1
 	[squeeze] - fusionforge <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
-CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not encrypted]
-	RESERVED
+CVE-2014-6274 (git-annex had a bug in the S3 and Glacier remotes where if embedcreds= ...)
 	- git-annex 5.20140919
 	[wheezy] - git-annex <not-affected> (Vulnerable code introduced in 3.20121126)
 	NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
@@ -701400,8 +701487,7 @@ CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the se
 CVE-2014-0469 (Stack-based buffer overflow in a certain Debian patch for xbuffy befor ...)
 	{DSA-2921-1}
 	- xbuffy 3.3.bl.3.dfsg-9
-CVE-2014-0468
-	RESERVED
+CVE-2014-0468 (Vulnerability in fusionforge in the shipped Apache configuration, wher ...)
 	- fusionforge 5.3+20140506-1
 	[squeeze] - fusionforge <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html
@@ -718662,7 +718748,7 @@ CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initia
 	- exactimage 0.8.9-2
 	NOTE: a different issue than CVE-2013-1438
 CVE-2013-1440
-	RESERVED
+	REJECTED
 CVE-2013-1439 (The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before ...)
 	- libraw 0.15.4-1 (bug #721338)
 	[wheezy] - libraw <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7776eccab6df5f0b19e27aea265c078328cc5082

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7776eccab6df5f0b19e27aea265c078328cc5082
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250627/2e1d7653/attachment.htm>

More information about the debian-security-tracker-commits mailing list