[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 3 09:12:35 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d790b806 by security tracker role at 2025-09-03T08:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,177 @@
+CVE-2025-9848 (A security vulnerability has been detected in ScriptAndTools Real Esta ...)
+ TODO: check
+CVE-2025-9847 (A weakness has been identified in ScriptAndTools Real Estate Managemen ...)
+ TODO: check
+CVE-2025-9845 (A vulnerability has been found in code-projects Fruit Shop Management ...)
+ TODO: check
+CVE-2025-9843 (A flaw has been found in Das Parking Management System \u505c\u8f66\u5 ...)
+ TODO: check
+CVE-2025-9842 (A vulnerability was detected in Das Parking Management System \u505c\u ...)
+ TODO: check
+CVE-2025-9841 (A security vulnerability has been detected in code-projects Mobile Sho ...)
+ TODO: check
+CVE-2025-9840 (A weakness has been identified in itsourcecode Sports Management Syste ...)
+ TODO: check
+CVE-2025-9839 (A security flaw has been discovered in itsourcecode Student Informatio ...)
+ TODO: check
+CVE-2025-9838 (A vulnerability was identified in itsourcecode Student Information Man ...)
+ TODO: check
+CVE-2025-9837 (A vulnerability was determined in itsourcecode Student Information Man ...)
+ TODO: check
+CVE-2025-9836 (A vulnerability was found in macrozheng mall up to 1.0.3. This vulnera ...)
+ TODO: check
+CVE-2025-9835 (A vulnerability has been found in macrozheng mall up to 1.0.3. This af ...)
+ TODO: check
+CVE-2025-9834 (A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this is ...)
+ TODO: check
+CVE-2025-9833 (A vulnerability was detected in SourceCodester Online Farm Management ...)
+ TODO: check
+CVE-2025-9832 (A security vulnerability has been detected in SourceCodester Food Orde ...)
+ TODO: check
+CVE-2025-9831 (A weakness has been identified in PHPGurukul Beauty Parlour Management ...)
+ TODO: check
+CVE-2025-9817 (SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of servi ...)
+ TODO: check
+CVE-2025-9785 (PaperCut Print Deploy is an optional component that integrates with Pa ...)
+ TODO: check
+CVE-2025-9378 (The Vayu Blocks \u2013 Website Builder for the Block Editor plugin for ...)
+ TODO: check
+CVE-2025-9330 (Foxit PDF Reader Update Service Uncontrolled Search Path Element Local ...)
+ TODO: check
+CVE-2025-9329 (Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execu ...)
+ TODO: check
+CVE-2025-9328 (Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execu ...)
+ TODO: check
+CVE-2025-9327 (Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2025-9326 (Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execu ...)
+ TODO: check
+CVE-2025-9325 (Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2025-9324 (Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2025-9323 (Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2025-9260 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
+ TODO: check
+CVE-2025-8663 (Insertion of Sensitive Information into Log File vulnerability in upKe ...)
+ TODO: check
+CVE-2025-58351 (Outline is a service that allows for collaborative documentation. In v ...)
+ TODO: check
+CVE-2025-58272 (Cross-site request forgery vulnerability exists in Web Caster V130 ver ...)
+ TODO: check
+CVE-2025-58210 (Missing Authorization vulnerability in ThemeMove Makeaholic allows Exp ...)
+ TODO: check
+CVE-2025-58176 (Dive is an open-source MCP Host Desktop Application that enables integ ...)
+ TODO: check
+CVE-2025-58170
+ REJECTED
+CVE-2025-58169
+ REJECTED
+CVE-2025-58168
+ REJECTED
+CVE-2025-58167
+ REJECTED
+CVE-2025-58166
+ REJECTED
+CVE-2025-58165
+ REJECTED
+CVE-2025-58164
+ REJECTED
+CVE-2025-58163 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2025-57806 (Local Deep Research is an AI-powered research assistant for deep, iter ...)
+ TODO: check
+CVE-2025-54588 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ TODO: check
+CVE-2025-26416 (In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible o ...)
+ TODO: check
+CVE-2025-22442 (In multiple functions of DevicePolicyManagerService.java, there is a p ...)
+ TODO: check
+CVE-2025-22439 (In onLastAccessedStackLoaded of ActionHandler.java , there is a possib ...)
+ TODO: check
+CVE-2025-22438 (In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a ...)
+ TODO: check
+CVE-2025-22437 (In setMediaButtonReceiver of multiple files, there is a possible way t ...)
+ TODO: check
+CVE-2025-22435 (In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption ...)
+ TODO: check
+CVE-2025-22434 (In handleKeyGestureEvent of PhoneWindowManager.java, there is a possib ...)
+ TODO: check
+CVE-2025-22433 (In canForward of IntentForwarderActivity.java, there is a possible byp ...)
+ TODO: check
+CVE-2025-22431 (In multiple locations, there is a possible method for a malicious app ...)
+ TODO: check
+CVE-2025-22430 (In isInSignificantPlace of multiple files, there is a possible way to ...)
+ TODO: check
+CVE-2025-22429 (In multiple locations, there is a possible way to execute arbitrary co ...)
+ TODO: check
+CVE-2025-22428 (In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is ...)
+ TODO: check
+CVE-2025-22427 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
+ TODO: check
+CVE-2025-22423 (In ParseTag of dng_ifd.cpp, there is a possible way to crash the image ...)
+ TODO: check
+CVE-2025-22422 (In multiple locations, there is a possible way to mislead a user into ...)
+ TODO: check
+CVE-2025-22421 (In contentDescForNotification of NotificationContentDescription.kt, th ...)
+ TODO: check
+CVE-2025-22419 (In multiple locations, there is a possible way to mislead the user int ...)
+ TODO: check
+CVE-2025-22418 (In multiple locations, there is a possible confused deputy due to Inte ...)
+ TODO: check
+CVE-2025-22417 (In finishTransition of Transition.java, there is a possible way to byp ...)
+ TODO: check
+CVE-2025-22416 (In onCreate of ChooserActivity.java , there is a possible way to view ...)
+ TODO: check
+CVE-2025-21041 (Insecure Storage of Sensitive Information in Secure Folder prior to An ...)
+ TODO: check
+CVE-2025-21040 (Improper verification of intent by ExternalBroadcastReceiver in S Assi ...)
+ TODO: check
+CVE-2025-21039 (Improper verification of intent by SystemExceptionalBroadcastReceiver ...)
+ TODO: check
+CVE-2025-21038 (Improper verification of intent by SamsungExceptionalBroadcastReceiver ...)
+ TODO: check
+CVE-2025-21037 (Improper access control in Samsung Notes prior to version 4.4.30.63 al ...)
+ TODO: check
+CVE-2025-21036 (Improper access control in Samsung Notes prior to version 4.4.30.63 al ...)
+ TODO: check
+CVE-2025-21035 (Improper access control in Samsung Calendar prior to version 12.5.06.5 ...)
+ TODO: check
+CVE-2025-21034 (Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 al ...)
+ TODO: check
+CVE-2025-21033 (Improper access control in ContactProvider prior to SMR Sep-2025 Relea ...)
+ TODO: check
+CVE-2025-21032 (Improper access control in One UI Home prior to SMR Sep-2025 Release 1 ...)
+ TODO: check
+CVE-2025-21031 (Improper access control in ImsService prior to SMR Sep-2025 Release 1 ...)
+ TODO: check
+CVE-2025-21030 (Improper handling of insufficient permission in AppPrelaunchManagerSer ...)
+ TODO: check
+CVE-2025-21029 (Improper handling of insufficient permission in System UI prior to SMR ...)
+ TODO: check
+CVE-2025-21028 (Improper privilege management in ThemeManager prior to SMR Sep-2025 Re ...)
+ TODO: check
+CVE-2025-21027 (Improper verification of intent by broadcast receiver in ImsService pr ...)
+ TODO: check
+CVE-2025-21026 (Improper handling of insufficient permission in ImsService prior to SM ...)
+ TODO: check
+CVE-2025-21025 (Improper access control in MARsExemptionManager prior to SMR Sep-2025 ...)
+ TODO: check
+CVE-2024-49730 (In FuseDaemon.cpp, there is a possible out of bounds write due to memo ...)
+ TODO: check
+CVE-2024-49728 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possi ...)
+ TODO: check
+CVE-2024-49722 (In showAvatarPicker of EditUserPhotoController.java, there is a possib ...)
+ TODO: check
+CVE-2024-49720 (In multiple functions of Permissions.java, there is a possible way to ...)
+ TODO: check
+CVE-2024-40653 (In multiple functions of ConnectionServiceWrapper.java, there is a pos ...)
+ TODO: check
+CVE-2024-32444 (Incorrect Privilege Assignment vulnerability in InspiryThemes RealHome ...)
+ TODO: check
+CVE-2023-3666 (The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitis ...)
+ TODO: check
CVE-2025-9714
- libxml2 2.14.5+dfsg-0.1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2392605
@@ -1899,6 +2073,7 @@ CVE-2025-57809 (XGrammar is an open-source library for efficient, flexible, and
CVE-2025-57805 (The Scratch Channel is a news website. In versions 1 and 1.1, a POST r ...)
NOT-FOR-US: The Scratch Channel
CVE-2025-57804 (h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...)
+ {DLA-4290-1}
- python-h2 <unfixed> (bug #1112348)
NOTE: https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h
NOTE: https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3 (v4.3.0)
@@ -7348,7 +7523,7 @@ CVE-2024-58238 (In the Linux kernel, the following vulnerability has been resolv
CVE-2022-50233 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 (6.0-rc1)
-CVE-2025-7039 [buffer underrun in get_tmp_file()]
+CVE-2025-7039 (A flaw was found in glib. An integer overflow during temporary file cr ...)
- glib2.0 2.84.4-1 (bug #1110640)
[trixie] - glib2.0 <no-dsa> (Minor issue)
[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -9278,7 +9453,7 @@ CVE-2025-50475 (An OS command injection vulnerability exists in Russound MBX-PRE
NOT-FOR-US: Russound MBX-PRE-D67F firmware
CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the "content mana ...)
NOT-FOR-US: AnQiCMS
-CVE-2025-46809 (A Insertion of Sensitive Information into Log File vulnerability in SU ...)
+CVE-2025-46809 (A Plaintext Storage of a Password vulnerability in SUSE exposes the cr ...)
NOT-FOR-US: SUSE Multi Linux Manager
CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue ...)
- php-lcobucci-jwt <unfixed> (unimportant)
@@ -9554,7 +9729,7 @@ CVE-2025-50464 (A buffer overflow vulnerability exists in the upload.cgi module
NOT-FOR-US: iptime NAS firmware
CVE-2025-47001 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
NOT-FOR-US: Adobe
-CVE-2025-46811 (A Missing Authentication for Critical Function vulnerability in SUSE M ...)
+CVE-2025-46811 (A Missing Authorization vulnerability in SUSE Linux Manager allows any ...)
NOT-FOR-US: SUSE Manager
CVE-2025-45620 (An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to o ...)
NOT-FOR-US: Aver
@@ -11634,7 +11809,7 @@ CVE-2025-54072 (yt-dlp is a feature-rich command-line audio/video downloader. In
- yt-dlp <not-affected> (Windows-specific)
NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-45hg-7f49-5h56
NOTE: https://github.com/yt-dlp/yt-dlp/commit/959ac99e98c3215437e573c22d64be42d361e863 (2025.07.21)
-CVE-2025-53882 (A Improper Check for Dropped Privileges vulnerability in the logrotate ...)
+CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
- mailman3 <not-affected> (SUSE-specific logrotate configuration issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1246467
CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without enc ...)
@@ -253018,42 +253193,42 @@ CVE-2023-21485 (Improper export of android application components vulnerability
NOT-FOR-US: Samsung
CVE-2023-21484 (Improper access control vulnerability in AppLock prior to SMR May-2023 ...)
NOT-FOR-US: Samsung
-CVE-2023-21483
- RESERVED
-CVE-2023-21482
- RESERVED
-CVE-2023-21481
- RESERVED
-CVE-2023-21480
- RESERVED
-CVE-2023-21479
- RESERVED
-CVE-2023-21478
- RESERVED
-CVE-2023-21477
- RESERVED
-CVE-2023-21476
- RESERVED
-CVE-2023-21475
- RESERVED
-CVE-2023-21474
- RESERVED
-CVE-2023-21473
- RESERVED
-CVE-2023-21472
- RESERVED
-CVE-2023-21471
- RESERVED
-CVE-2023-21470
- RESERVED
-CVE-2023-21469
- RESERVED
-CVE-2023-21468
- RESERVED
-CVE-2023-21467
- RESERVED
-CVE-2023-21466
- RESERVED
+CVE-2023-21483 (Improper Access Control vulnerability in Galaxy Store prior to version ...)
+ TODO: check
+CVE-2023-21482 (Missing authorization vulnerability in Camera prior to versions 11.1.0 ...)
+ TODO: check
+CVE-2023-21481 (Improper URL input validation vulnerability in Samsung Account applica ...)
+ TODO: check
+CVE-2023-21480 (Improper input validation vulnerability in CertByte prior to SMR Apr-2 ...)
+ TODO: check
+CVE-2023-21479 (Improper authorization in Smart suggestions prior to SMR Apr-2023 Rele ...)
+ TODO: check
+CVE-2023-21478 (Improper input validation vulnerability in TIGERF trustlet prior to SM ...)
+ TODO: check
+CVE-2023-21477 (Access of Memory Location After End of Buffer vulnerability in TIGERF ...)
+ TODO: check
+CVE-2023-21476 (Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library pri ...)
+ TODO: check
+CVE-2023-21475 (Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library pri ...)
+ TODO: check
+CVE-2023-21474 (Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 ...)
+ TODO: check
+CVE-2023-21473 (Improper input validation with Exynos Fastboot USB Interface prior to ...)
+ TODO: check
+CVE-2023-21472 (Improper input validation with Exynos Fastboot USB Interface prior to ...)
+ TODO: check
+CVE-2023-21471 (Improper access control vulnerability in SemClipboard prior to SMR Apr ...)
+ TODO: check
+CVE-2023-21470 (Improper access control vulnerability in SLocation prior to SMR Apr-20 ...)
+ TODO: check
+CVE-2023-21469 (Improper access control vulnerability in SLocation prior to SMR Apr-20 ...)
+ TODO: check
+CVE-2023-21468 (Improper access control vulnerability in Telephony prior to SMR Apr-20 ...)
+ TODO: check
+CVE-2023-21467 (Error in 3GPP specification implementation in Exynos baseband prior to ...)
+ TODO: check
+CVE-2023-21466 (PendingIntent hijacking vulnerability in CertificatePolicy in framewor ...)
+ TODO: check
CVE-2023-21465 (Improper access control vulnerability in BixbyTouch prior to version 3 ...)
NOT-FOR-US: Samsung
CVE-2023-21464 (Improper access control in Samsung Calendar prior to versions 12.4.02. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d790b80673575403198360f01de7c4adc82e419f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d790b80673575403198360f01de7c4adc82e419f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250903/3cc5801e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list