[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 2 21:12:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c09228f8 by security tracker role at 2025-09-02T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2025-9830 (A security flaw has been discovered in PHPGurukul Beauty Parlour Manag ...)
+ TODO: check
+CVE-2025-9829 (A vulnerability was identified in PHPGurukul Beauty Parlour Management ...)
+ TODO: check
+CVE-2025-9828 (A vulnerability was determined in Tenda CP6 11.10.00.243. The affected ...)
+ TODO: check
+CVE-2025-9784 (A flaw was found in Undertow where malformed client requests can trigg ...)
+ TODO: check
+CVE-2025-9696 (The SunPower PVS6's BluetoothLE interface is vulnerable due to its use ...)
+ TODO: check
+CVE-2025-9573 (The ns_backup extension through 13.0.2 for TYPO3 allows command inject ...)
+ TODO: check
+CVE-2025-9276 (Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authenti ...)
+ TODO: check
+CVE-2025-9275 (Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write ...)
+ TODO: check
+CVE-2025-9274 (Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointe ...)
+ TODO: check
+CVE-2025-9273 (CData API Server MySQL Misconfiguration Information Disclosure Vulnera ...)
+ TODO: check
+CVE-2025-9189 (There is an out of bounds write vulnerability due to improper bounds c ...)
+ TODO: check
+CVE-2025-9188 (There is a deserialization of untrusted data vulnerability in Digilent ...)
+ TODO: check
+CVE-2025-8614 (NoMachine Uncontrolled Search Path Element Local Privilege Escalation ...)
+ TODO: check
+CVE-2025-8613 (Vacron Camera ping Command Injection Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2025-8302 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Lo ...)
+ TODO: check
+CVE-2025-8301 (Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-bas ...)
+ TODO: check
+CVE-2025-8300 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Lo ...)
+ TODO: check
+CVE-2025-8299 (Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap- ...)
+ TODO: check
+CVE-2025-8298 (Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOi ...)
+ TODO: check
+CVE-2025-7976 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data R ...)
+ TODO: check
+CVE-2025-7975 (Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Exe ...)
+ TODO: check
+CVE-2025-7974 (rocket.chat Incorrect Authorization Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2025-6685 (ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. ...)
+ TODO: check
+CVE-2025-6519 (E3 Site Supervisor (firmware version < 2.31F01) has a default admin us ...)
+ TODO: check
+CVE-2025-5662 (A deserialization vulnerability exists in the H2O-3 REST API (POST /99 ...)
+ TODO: check
+CVE-2025-57778 (There is an out of bounds write vulnerability due to improper bounds c ...)
+ TODO: check
+CVE-2025-57777 (There is an out of bounds write vulnerability due to improper bounds c ...)
+ TODO: check
+CVE-2025-57776 (There is an out of bounds write vulnerability due to improper bounds c ...)
+ TODO: check
+CVE-2025-57775 (There is a heap-based Buffer Overflow vulnerability due to improper bo ...)
+ TODO: check
+CVE-2025-57774 (There is an out of bounds write vulnerability due to improper bounds c ...)
+ TODO: check
+CVE-2025-57616 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A u ...)
+ TODO: check
+CVE-2025-57615 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An ...)
+ TODO: check
+CVE-2025-57614 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Int ...)
+ TODO: check
+CVE-2025-57613 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A n ...)
+ TODO: check
+CVE-2025-57612 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Nul ...)
+ TODO: check
+CVE-2025-57611 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Nul ...)
+ TODO: check
+CVE-2025-57140 (rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/D ...)
+ TODO: check
+CVE-2025-56254 (PHPGurukul Employee Leave Management System 2.1 contains an Insecure D ...)
+ TODO: check
+CVE-2025-55824 (ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which al ...)
+ TODO: check
+CVE-2025-55476 (FireShare FileShare 1.2.25 contains a time-based blind SQL injection v ...)
+ TODO: check
+CVE-2025-55474 (Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which a ...)
+ TODO: check
+CVE-2025-55473 (Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version ...)
+ TODO: check
+CVE-2025-55472 (SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in ...)
+ TODO: check
+CVE-2025-55373 (Incorrect access control in Beakon Application before v5.4.3 allows au ...)
+ TODO: check
+CVE-2025-55372 (An arbitrary file upload vulnerability in Beakon Application before v5 ...)
+ TODO: check
+CVE-2025-54599 (The Bevy Event service through 2025-07-22, as used for eBay Seller Eve ...)
+ TODO: check
+CVE-2025-52551 (E2 Facility Management Systems use a proprietary protocol that allows ...)
+ TODO: check
+CVE-2025-52550 (E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgra ...)
+ TODO: check
+CVE-2025-52549 (E3 Site Supervisor Control (firmware version < 2.31F01) generates the ...)
+ TODO: check
+CVE-2025-52548 (E3 Site Supervisor Control (firmware version < 2.31F01) contains a hid ...)
+ TODO: check
+CVE-2025-52547 (E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains a ...)
+ TODO: check
+CVE-2025-52546 (E3 Site Supervisor Control (firmware version < 2.31F01) has a floor pl ...)
+ TODO: check
+CVE-2025-52545 (E3 Site Supervisor Control (firmware version < 2.31F01) RCI service co ...)
+ TODO: check
+CVE-2025-52544 (E3 Site Supervisor Control (firmware version < 2.31F01) has a floor pl ...)
+ TODO: check
+CVE-2025-52543 (E3 Site Supervisor Control (firmware version < 2.31F01) application se ...)
+ TODO: check
+CVE-2025-51966 (A cross-site scripting (XSS) vulnerability exists in the PDF preview f ...)
+ TODO: check
+CVE-2025-50757 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
+ TODO: check
+CVE-2025-50755 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
+ TODO: check
+CVE-2025-50565 (Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filt ...)
+ TODO: check
+CVE-2025-46810 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
+ TODO: check
+CVE-2025-46047 (A User enumeration vulnerability in the /CredentialsServlet/ForgotPass ...)
+ TODO: check
+CVE-2025-43726 (Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, ...)
+ TODO: check
+CVE-2025-41690 (A low-privileged attacker in bluetooth range may be able to access the ...)
+ TODO: check
+CVE-2025-41031 (Lack of authorisation in Deporsite by T-INNOVA. This vulnerability all ...)
+ TODO: check
+CVE-2025-41030 (Lack of authorisation in Deporsite by T-INNOVA. This vulnerability all ...)
+ TODO: check
+CVE-2025-36162 (IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 coul ...)
+ TODO: check
+CVE-2025-32100 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2025-32098 (An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows ...)
+ TODO: check
+CVE-2025-2414 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2025-2413 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2025-0670 (Authorization Bypass Through User-Controlled Key vulnerability in Akin ...)
+ TODO: check
+CVE-2025-0640 (Authorization Bypass Through User-Controlled Key vulnerability in Akin ...)
+ TODO: check
+CVE-2024-58259 (A vulnerability has been identified within Rancher Manager in which it ...)
+ TODO: check
+CVE-2024-52284 (Unauthorized disclosure of sensitive data: Any user with `GET` or `LIS ...)
+ TODO: check
+CVE-2024-51423 (Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.0 ...)
+ TODO: check
+CVE-2024-48705 (Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V14 ...)
+ TODO: check
+CVE-2024-12974 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-12973 (Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTT ...)
+ TODO: check
+CVE-2024-12972 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
CVE-2025-9815 (A weakness has been identified in alaneuler batteryKid up to 2.1 on ma ...)
TODO: check
CVE-2025-9814 (A security flaw has been discovered in PHPGurukul Beauty Parlour Manag ...)
@@ -396,6 +554,7 @@ CVE-2025-58157 (gnark is a zero-knowledge proof system framework. In version 0.1
CVE-2025-58156 (Centurion ERP is an ERP with a focus on ITSM and automation. In versio ...)
NOT-FOR-US: Centurion ERP
CVE-2025-58068 (Eventlet is a concurrent networking library for Python. Prior to versi ...)
+ {DLA-4289-1}
- python-eventlet 0.40.1-3 (bug #1112515)
[trixie] - python-eventlet <no-dsa> (Minor issue)
[bookworm] - python-eventlet <no-dsa> (Minor issue)
@@ -517,9 +676,9 @@ CVE-2025-55763 (Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16
NOTE: https://github.com/civetweb/civetweb/pull/1347
CVE-2025-55750 (Gitpod is a developer platform for cloud development environments. In ...)
NOT-FOR-US: Gitpod
-CVE-2025-55580 (SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting ( ...)
+CVE-2025-55580 (SolidInvoice version 2.3.7 is vulnerable to a stored cross-site script ...)
NOT-FOR-US: SolidInvoice
-CVE-2025-55579 (SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Sc ...)
+CVE-2025-55579 (SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Script ...)
NOT-FOR-US: SolidInvoice
CVE-2025-55304 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
[experimental] - exiv2 0.28.7+dfsg-1
@@ -29591,9 +29750,9 @@ CVE-2025-5081 (A vulnerability classified as critical was found in Campcodes Cyb
NOT-FOR-US: Campcodes
CVE-2025-5080 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
NOT-FOR-US: Tenda
-CVE-2025-5079 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
+CVE-2025-5079 (A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1 ...)
NOT-FOR-US: Campcodes
-CVE-2025-5078 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
+CVE-2025-5078 (A vulnerability was detected in PHPGurukul/Campcodes Online Shopping P ...)
NOT-FOR-US: Campcodes
CVE-2025-5077 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
NOT-FOR-US: Campcodes
@@ -114645,7 +114804,7 @@ CVE-2024-43373 (webcrack is a tool for reverse engineering javascript. An arbitr
NOT-FOR-US: webcrack
CVE-2024-43357 (ECMA-262 is the language specification for the scripting language ECMA ...)
NOT-FOR-US: ecma262 specification
-CVE-2024-42987 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+CVE-2024-42987 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buff ...)
NOT-FOR-US: Tenda
CVE-2024-42986 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
NOT-FOR-US: Tenda
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c09228f8ff8e8b498265460d0f404f47a9a66d74
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c09228f8ff8e8b498265460d0f404f47a9a66d74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250902/36e89d00/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list