[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 8 21:12:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4ea4ff3 by security tracker role at 2025-09-08T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,98 @@
-CVE-2025-40930
+CVE-2025-9114 (The Doccure theme for WordPress is vulnerable to Arbitrary User Passwo ...)
+ TODO: check
+CVE-2025-9113 (The Doccure theme for WordPress is vulnerable to arbitrary file upload ...)
+ TODO: check
+CVE-2025-9112 (The Doccure theme for WordPress is vulnerable to arbitrary file upload ...)
+ TODO: check
+CVE-2025-5993 (ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to pat ...)
+ TODO: check
+CVE-2025-59033 (The Microsoft vulnerable driver block list is implemented as Windows D ...)
+ TODO: check
+CVE-2025-57285 (codeceptjs 3.7.3 contains a command injection vulnerability in the emp ...)
+ TODO: check
+CVE-2025-57141 (rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdb ...)
+ TODO: check
+CVE-2025-56630 (FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column ...)
+ TODO: check
+CVE-2025-56267 (A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ...)
+ TODO: check
+CVE-2025-56266 (A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allow ...)
+ TODO: check
+CVE-2025-56265 (An arbitrary file upload vulnerability in the Chat Trigger component o ...)
+ TODO: check
+CVE-2025-55998 (A cross-site scripting (XSS) vulnerability in Smart Search & Filter Sh ...)
+ TODO: check
+CVE-2025-55849 (WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiCon ...)
+ TODO: check
+CVE-2025-54994 (@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses ...)
+ TODO: check
+CVE-2025-53838 (LinkAce is a self-hosted archive to collect website links. A stored cr ...)
+ TODO: check
+CVE-2025-52389 (An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - ...)
+ TODO: check
+CVE-2025-52161 (Scholl Communications AG Weblication CMS Core v019.004.000.000 was dis ...)
+ TODO: check
+CVE-2025-51586 (An issue was discoverd in file controllers/admin/AdminLoginController. ...)
+ TODO: check
+CVE-2025-43722 (Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an imprope ...)
+ TODO: check
+CVE-2025-40642 (Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which a ...)
+ TODO: check
+CVE-2025-40641 (Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inven ...)
+ TODO: check
+CVE-2025-3212 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2025-36855 (A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exist ...)
+ TODO: check
+CVE-2025-36854 (A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exist ...)
+ TODO: check
+CVE-2025-36853 (A vulnerability (CVE-2025-21172) exists in msdia140.dlldue to integer ...)
+ TODO: check
+CVE-2025-22956 (OPSI before 4.3 allows any client to retrieve any ProductPropertyState ...)
+ TODO: check
+CVE-2025-10104 (A security vulnerability has been detected in code-projects Online Eve ...)
+ TODO: check
+CVE-2025-10103 (A weakness has been identified in code-projects Online Event Judging S ...)
+ TODO: check
+CVE-2025-10102 (A security flaw has been discovered in code-projects Online Event Judg ...)
+ TODO: check
+CVE-2025-10100 (A vulnerability was detected in SourceCodester Simple Forum Discussion ...)
+ TODO: check
+CVE-2025-10099 (A weakness has been identified in Portabilis i-Educar up to 2.10. Affe ...)
+ TODO: check
+CVE-2025-10098 (A security flaw has been discovered in PHPGurukul User Management Syst ...)
+ TODO: check
+CVE-2025-10097 (A vulnerability was identified in SimStudioAI sim up to 1.0.0. This im ...)
+ TODO: check
+CVE-2025-10096 (A vulnerability was determined in SimStudioAI sim up to 1.0.0. This af ...)
+ TODO: check
+CVE-2025-10093 (A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Aff ...)
+ TODO: check
+CVE-2025-10092 (A vulnerability was found in Jinher OA up to 1.2. This impacts an unkn ...)
+ TODO: check
+CVE-2025-10091 (A vulnerability has been found in Jinher OA up to 1.2. This affects an ...)
+ TODO: check
+CVE-2025-10090 (A flaw has been found in Jinher OA up to 1.2. The impacted element is ...)
+ TODO: check
+CVE-2024-48341 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2022-50238 (The on-endpoint Microsoft vulnerable driver blocklist is not fully syn ...)
+ TODO: check
+CVE-2019-25225 (`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-sit ...)
+ TODO: check
+CVE-2014-125128 ('sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scr ...)
+ TODO: check
+CVE-2025-40930 (JSON::SIMD before version 1.07 and earlier for Perl has an integer buf ...)
NOT-FOR-US: JSON::SIMD Perl module
-CVE-2025-40929
+CVE-2025-40929 (Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer ov ...)
- libcpanel-json-xs-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608920/
NOTE: Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2 (4.40)
-CVE-2025-40928
+CVE-2025-40928 (JSON::XS before version 4.04 for Perl has an integer buffer overflow c ...)
- libjson-xs-perl 4.030-3
NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608909/
NOTE: https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch
-CVE-2025-58782
+CVE-2025-58782 (Deserialization of Untrusted Data vulnerability in Apache Jackrabbit C ...)
- jackrabbit <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/09/06/3
NOTE: https://issues.apache.org/jira/browse/JCR-5135
@@ -278,7 +362,7 @@ CVE-2025-57807 (ImageMagick is free and open-source software used for editing an
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
NOTE: https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e (7.1.2-3)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf (6.9.13-29)
-CVE-2025-7709 [Integer Overflow in FTS5 Extension]
+CVE-2025-7709 (An integer overflow exists in the FTS5 https://sqlite.org/fts5.html e ...)
- sqlite3 <unfixed> (bug #1114609)
[trixie] - sqlite3 <no-dsa> (Minor issue)
[bookworm] - sqlite3 <no-dsa> (Minor issue)
@@ -1717,7 +1801,7 @@ CVE-2025-56760 (When Memos 0.22 is configured to store objects locally, an attac
NOT-FOR-US: Memos
CVE-2025-56752 (A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B ...)
NOT-FOR-US: Ruijie
-CVE-2025-56689 (An issue was discovered in Quest One Identity 7.5.1.20903. A crafted r ...)
+CVE-2025-56689 (One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5 ...)
NOT-FOR-US: Quest One Identity
CVE-2025-56608 (The SourceCodester Android application "Corona Virus Tracker App India ...)
NOT-FOR-US: SourceCodester
@@ -17647,8 +17731,8 @@ CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22
NOT-FOR-US: Tenda
CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...)
NOT-FOR-US: FiberHome FD602GW-DX-R410 router
-CVE-2025-49604
- REJECTED
+CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...)
+ TODO: check
CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize i ...)
NOT-FOR-US: Realtek
CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41 ...)
@@ -102950,6 +103034,7 @@ CVE-2024-46605 (A cross-site scripting (XSS) vulnerability in the component /adm
CVE-2024-45844 (BIG-IP monitor functionality may allow an attacker to bypass access co ...)
NOT-FOR-US: BIG-IP
CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...)
+ {DLA-4295-1}
- libhtp 1:0.5.49-1
[bookworm] - libhtp <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f
@@ -169806,6 +169891,7 @@ CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f (suricata-7.0.3)
NOTE: https://redmine.openinfosecfoundation.org/issues/6657
CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...)
+ {DLA-4295-1}
- libhtp 1:0.5.46-1
[bookworm] - libhtp <no-dsa> (Minor issue)
[buster] - libhtp <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ea4ff3261c0740061f94a0ce7c38da4ab1f697
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ea4ff3261c0740061f94a0ce7c38da4ab1f697
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250908/2d45b778/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list