[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 22 09:12:23 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8bea8aee by security tracker role at 2025-09-22T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-9541 (The Markup Markdown WordPress plugin before 3.20.10 allows links to co ...)
+ TODO: check
+CVE-2025-9540 (The Markup Markdown WordPress plugin before 3.20.10 allows links to co ...)
+ TODO: check
+CVE-2025-9487 (The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 do ...)
+ TODO: check
+CVE-2025-9115 (The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERV ...)
+ TODO: check
+CVE-2025-5962 (A flaw was found in the Lightspeed history service. Insufficient acces ...)
+ TODO: check
+CVE-2025-59801 (In Artifex GhostXPS before 10.06.0, there is a stack-based buffer over ...)
+ TODO: check
+CVE-2025-59800 (In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdev ...)
+ TODO: check
+CVE-2025-59799 (Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow ...)
+ TODO: check
+CVE-2025-59798 (Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow ...)
+ TODO: check
+CVE-2025-10789 (A vulnerability was identified in SourceCodester Online Hotel Reservat ...)
+ TODO: check
+CVE-2025-10788 (A vulnerability was determined in SourceCodester Online Hotel Reservat ...)
+ TODO: check
+CVE-2025-10787 (A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown ...)
+ TODO: check
+CVE-2025-10786 (A flaw has been found in Campcodes Grocery Sales and Inventory System ...)
+ TODO: check
+CVE-2025-10785 (A vulnerability was detected in Campcodes Grocery Sales and Inventory ...)
+ TODO: check
+CVE-2025-10784 (A security vulnerability has been detected in Campcodes Online Learnin ...)
+ TODO: check
+CVE-2025-10783 (A weakness has been identified in Campcodes Online Learning Management ...)
+ TODO: check
+CVE-2025-10782 (A security flaw has been discovered in Campcodes Online Learning Manag ...)
+ TODO: check
+CVE-2025-10781 (A vulnerability was identified in Campcodes Online Learning Management ...)
+ TODO: check
+CVE-2025-10780 (A vulnerability was determined in CodeAstro Simple Pharmacy Management ...)
+ TODO: check
+CVE-2025-10779 (A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impact ...)
+ TODO: check
+CVE-2025-10778 (A vulnerability has been found in Smartstore up to 6.2.0. The affected ...)
+ TODO: check
+CVE-2025-10777 (A flaw has been found in JSC R7 R7-Office Document Server up to 202508 ...)
+ TODO: check
+CVE-2025-10776 (A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. Th ...)
+ TODO: check
+CVE-2025-10775 (A security vulnerability has been detected in Wavlink WL-NU516U1 24042 ...)
+ TODO: check
+CVE-2025-10774 (A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-201711 ...)
+ TODO: check
+CVE-2025-10773 (A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. A ...)
+ TODO: check
+CVE-2025-10772 (A vulnerability was identified in huggingface LeRobot up to 0.3.3. Aff ...)
+ TODO: check
+CVE-2025-10771 (A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Af ...)
+ TODO: check
+CVE-2025-10770 (A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This im ...)
+ TODO: check
+CVE-2025-10767 (A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The aff ...)
+ TODO: check
+CVE-2025-0875 (Authorization Bypass Through User-Controlled Key vulnerability in PROL ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0071]
- rust-ammonia <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0071.html
@@ -215948,7 +216010,7 @@ CVE-2023-37287 (SmartBPM.NET has a vulnerability of using hard-coded authenticat
NOT-FOR-US: SmartBPM.NET
CVE-2023-37286 (SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine ...)
NOT-FOR-US: SmartBPM.NET
-CVE-2021-4406 (An administrator is able to execute commands as root via the alerts ma ...)
+CVE-2021-4406 (An authenticated attacker is able to create alerts that trigger a stor ...)
NOT-FOR-US: QuantaStor
CVE-2023-3045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Tise Technology Parking Web Report
@@ -348003,7 +348065,7 @@ CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Ent
NOT-FOR-US: CoreNLP
CVE-2021-42083 (An authenticated attacker is able to create alerts that trigger a stor ...)
NOT-FOR-US: QuantaStor
-CVE-2021-42082 (Local users are able to execute scripts under root privileges.)
+CVE-2021-42082 (Local users are able to execute scripts under root privileges. POC O ...)
NOT-FOR-US: QuantaStor
CVE-2021-42081 (An authenticated administrator is allowed to remotely execute arbitrar ...)
NOT-FOR-US: QuantaStor
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bea8aee6b8ebdd37e534880853ad56734cc1ddf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bea8aee6b8ebdd37e534880853ad56734cc1ddf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250922/4366c04b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list