[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 4 09:13:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99c8ed15 by security tracker role at 2025-09-04T08:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2025-9942 (A vulnerability has been found in CodeAstro Real Estate Management Sys ...)
+	TODO: check
+CVE-2025-9941 (A flaw has been found in CodeAstro Real Estate Management System 1.0.  ...)
+	TODO: check
+CVE-2025-9940 (A vulnerability was detected in CodeAstro Real Estate Management Syste ...)
+	TODO: check
+CVE-2025-9939 (A security vulnerability has been detected in CodeAstro Real Estate Ma ...)
+	TODO: check
+CVE-2025-9938 (A weakness has been identified in D-Link DI-8400 16.07.26A1. The affec ...)
+	TODO: check
+CVE-2025-9937 (A security flaw has been discovered in elunez eladmin 1.1. Impacted is ...)
+	TODO: check
+CVE-2025-9936 (A vulnerability was identified in fuyang_lipengjun platform 1.0.0. Thi ...)
+	TODO: check
+CVE-2025-9935 (A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B2022050 ...)
+	TODO: check
+CVE-2025-9934 (A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. T ...)
+	TODO: check
+CVE-2025-9933 (A vulnerability has been found in PHPGurukul Beauty Parlour Management ...)
+	TODO: check
+CVE-2025-9932 (A flaw has been found in PHPGurukul Beauty Parlour Management System 1 ...)
+	TODO: check
+CVE-2025-9931 (A vulnerability was detected in Jinher OA 1.0. Affected is an unknown  ...)
+	TODO: check
+CVE-2025-9930 (A security vulnerability has been detected in 1000projects Beauty Parl ...)
+	TODO: check
+CVE-2025-9929 (A weakness has been identified in code-projects Responsive Blog Site 1 ...)
+	TODO: check
+CVE-2025-9928 (A security flaw has been discovered in projectworlds Travel Management ...)
+	TODO: check
+CVE-2025-9927 (A vulnerability was identified in projectworlds Travel Management Syst ...)
+	TODO: check
+CVE-2025-9519 (The Easy Timer plugin for WordPress is vulnerable to Remote Code Execu ...)
+	TODO: check
+CVE-2025-9518 (The atec Debug plugin for WordPress is vulnerable to arbitrary file de ...)
+	TODO: check
+CVE-2025-9517 (The atec Debug plugin for WordPress is vulnerable to remote code execu ...)
+	TODO: check
+CVE-2025-9516 (The atec Debug plugin for WordPress is vulnerable to arbitrary file re ...)
+	TODO: check
+CVE-2025-9467 (When the Vaadin Upload's start listener is used to validate metadata a ...)
+	TODO: check
+CVE-2025-8268 (The AI Engine plugin for WordPress is vulnerable to unauthorized acces ...)
+	TODO: check
+CVE-2025-58701
+	REJECTED
+CVE-2025-58700
+	REJECTED
+CVE-2025-58699
+	REJECTED
+CVE-2025-58698
+	REJECTED
+CVE-2025-58697
+	REJECTED
+CVE-2025-58696
+	REJECTED
+CVE-2025-58695
+	REJECTED
+CVE-2025-58694
+	REJECTED
+CVE-2025-58358 (Markdownify is a Model Context Protocol server for converting almost a ...)
+	TODO: check
+CVE-2025-58357 (5ire is a cross-platform desktop artificial intelligence assistant and ...)
+	TODO: check
+CVE-2025-58355 (Soft Serve is a self-hostable Git server for the command line. In vers ...)
+	TODO: check
+CVE-2025-58171
+	REJECTED
+CVE-2025-58064 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...)
+	TODO: check
+CVE-2025-58057 (Netty is an asynchronous event-driven network application framework fo ...)
+	TODO: check
+CVE-2025-58056 (Netty is an asynchronous event-driven network application framework fo ...)
+	TODO: check
+CVE-2025-55748 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-55747 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-43772 (Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay ...)
+	TODO: check
+CVE-2025-36909 (Information disclosure)
+	TODO: check
+CVE-2025-36908 (In lwis_top_register_io of lwis_device_top.c, there is a possible out  ...)
+	TODO: check
+CVE-2025-36907 (In draw_surface_image() of abl/android/lib/draw/draw.c, there is a pos ...)
+	TODO: check
+CVE-2025-36906 (In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a po ...)
+	TODO: check
+CVE-2025-36905 (In gxp_mapping_create of gxp_mapping.c, there is a possible privilege  ...)
+	TODO: check
+CVE-2025-36904 (N/A)
+	TODO: check
+CVE-2025-36903 (In lwis_io_buffer_write, there is a possible OOB read/write due to imp ...)
+	TODO: check
+CVE-2025-36902 (In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possib ...)
+	TODO: check
+CVE-2025-36901 (N/A)
+	TODO: check
+CVE-2025-36900 (In lwis_test_register_io of lwis_device_test.c, there is a possible OO ...)
+	TODO: check
+CVE-2025-36899 (There is a possible escalation of privilege due to test/debugging code ...)
+	TODO: check
+CVE-2025-36898 (There is a possible escalation of privilege due to a logic error in th ...)
+	TODO: check
+CVE-2025-36897 (In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bou ...)
+	TODO: check
+CVE-2025-36896 (N/A)
+	TODO: check
+CVE-2025-36895 (Information disclosure)
+	TODO: check
+CVE-2025-36894 (In TBD of TBD, there is a possible DoS due to a missing null check. Th ...)
+	TODO: check
+CVE-2025-36893 (In ReadTachyonCommands of gxp_main_actor.cc, there is a possible infor ...)
+	TODO: check
+CVE-2025-36892 (Denial of service)
+	TODO: check
+CVE-2025-36891 (Elevation of privilege)
+	TODO: check
+CVE-2025-36890 (Elevation of Privilege)
+	TODO: check
+CVE-2025-36887 (In wl_cfgscan_update_v3_schedscan_results() of  wl_cfgscan.c, there is ...)
+	TODO: check
+CVE-2025-2417 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+	TODO: check
+CVE-2024-56190 (In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out o ...)
+	TODO: check
+CVE-2024-56189 (In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possibl ...)
+	TODO: check
+CVE-2024-13071 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
 CVE-2025-9959 (Incomplete validation of dunder attributes allows an attacker to escap ...)
 	NOT-FOR-US: huggingface/smolagents
 CVE-2025-9926 (A vulnerability was determined in projectworlds Travel Management Syst ...)
@@ -235,7 +365,7 @@ CVE-2024-13063 (Authorization Bypass Through User-Controlled Key vulnerability i
 	NOT-FOR-US: Akinsoft
 CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is vulnerab ...)
 	TODO: check
-CVE-2025-57833
+CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12 ...)
 	- python-django 3:4.2.24-1 (bug #1113865)
 	NOTE: https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92 (4.2.24)
@@ -7479,9 +7609,9 @@ CVE-2025-8672 (MacOS version of GIMP bundles a Python interpreter that inherits
 	NOTE: https://gitlab.gnome.org/Infrastructure/gimp-macos-build/-/merge_requests/389
 CVE-2025-8285 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
 	NOT-FOR-US: Mattermost Confluence Plugin
-CVE-2025-7679 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
+CVE-2025-7679 (The ASPECT system allows users to bypass authentication.  This issue a ...)
 	NOT-FOR-US: ABB group
-CVE-2025-7677 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
+CVE-2025-7677 (A denial-of-service (DoS) attack is possible if access to the local ne ...)
 	NOT-FOR-US: ABB group
 CVE-2025-54525 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
 	NOT-FOR-US: Mattermost Confluence Plugin
@@ -7507,7 +7637,7 @@ CVE-2025-53189
 	REJECTED
 CVE-2025-53188
 	REJECTED
-CVE-2025-53187 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+CVE-2025-53187 (Due to an issue in configuration, code that was intended for debugging ...)
 	NOT-FOR-US: ABB group
 CVE-2025-52931 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
 	NOT-FOR-US: Mattermost Confluence Plugin
@@ -20001,7 +20131,8 @@ CVE-2025-52722 (Improper Neutralization of Special Elements used in an SQL Comma
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2025-52709 (Deserialization of Untrusted Data vulnerability in wpeverest Everest F ...)
+CVE-2025-52709
+	REJECTED
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52553 (authentik is an open-source identity provider. After authorizing acces ...)
 	NOT-FOR-US: authentik



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c8ed159ddf620864f8c2e8cae77d01efd8643d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c8ed159ddf620864f8c2e8cae77d01efd8643d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250904/b4a40b51/attachment.htm>

More information about the debian-security-tracker-commits mailing list