Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02a1def8 by security tracker role at 2025-06-10T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2025-5952 (A vulnerability, which was classified as critical, has been
found in Z ...)
+ TODO: check
+CVE-2025-5945 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2025-5935 (A vulnerability was found in Open5GS up to 2.7.3. It has been
declared ...)
+ TODO: check
+CVE-2025-5934 (A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It
has bee ...)
+ TODO: check
+CVE-2025-5925 (The Bunny\u2019s Print CSS plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-5913 (A vulnerability was found in PHPGurukul Vehicle Record
Management Syst ...)
+ TODO: check
+CVE-2025-5912 (A vulnerability was found in D-Link DIR-632 FW103B08. It has
been decl ...)
+ TODO: check
+CVE-2025-5911 (A vulnerability was found in TOTOLINK EX1200T up to
4.1.2cu.5232_B2021 ...)
+ TODO: check
+CVE-2025-5910 (A vulnerability has been found in TOTOLINK EX1200T up to
4.1.2cu.5232_ ...)
+ TODO: check
+CVE-2025-5909 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2025-5908 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-5907 (A vulnerability classified as critical was found in TOTOLINK
EX1200T u ...)
+ TODO: check
+CVE-2025-5906 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-5905 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has
been ra ...)
+ TODO: check
+CVE-2025-5904 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has
been de ...)
+ TODO: check
+CVE-2025-5903 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has
been cl ...)
+ TODO: check
+CVE-2025-5902 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and
classified ...)
+ TODO: check
+CVE-2025-5901 (A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and
classi ...)
+ TODO: check
+CVE-2025-5900 (A vulnerability, which was classified as problematic, was found
in Ten ...)
+ TODO: check
+CVE-2025-5899 (A vulnerability classified as critical was found in GNU PSPP
82fb509fb ...)
+ TODO: check
+CVE-2025-5898 (A vulnerability classified as critical has been found in GNU
PSPP 82fb ...)
+ TODO: check
+CVE-2025-5897 (A vulnerability was found in vuejs vue-cli up to 5.0.8. It has
been ra ...)
+ TODO: check
+CVE-2025-5896 (A vulnerability was found in tarojs taro up to 4.1.1. It has
been decl ...)
+ TODO: check
+CVE-2025-4954 (The Axle Demo Importer WordPress plugin through 1.0.3 does not
validat ...)
+ TODO: check
+CVE-2025-4840 (The inprosysmedia-likes-dislikes-post WordPress plugin through
1.0.0 d ...)
+ TODO: check
+CVE-2025-4601 (The "RH - Real Estate WordPress Theme" theme for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-4387 (The Abandoned Cart Pro for WooCommerce plugin contains an
authenticate ...)
+ TODO: check
+CVE-2025-49141 (HAX CMS PHP allows users to manage their microsite universe
with a PHP ...)
+ TODO: check
+CVE-2025-49140 (Pion Interceptor is a framework for building RTP/RTCP
communication so ...)
+ TODO: check
+CVE-2025-49139 (HAX CMS PHP allows users to manage their microsite universe
with a PHP ...)
+ TODO: check
+CVE-2025-49138 (HAX CMS PHP allows users to manage their microsite universe
with a PHP ...)
+ TODO: check
+CVE-2025-49137 (HAX CMS PHP allows users to manage their microsite universe
with a PHP ...)
+ TODO: check
+CVE-2025-49004 (Caido is a web security auditing toolkit. Prior to version
0.48.0, due ...)
+ TODO: check
+CVE-2025-42998 (The security settings in the SAP Business One Integration
Framework ar ...)
+ TODO: check
+CVE-2025-42996 (SAP MDM Server allows an attacker to gain control of existing
client s ...)
+ TODO: check
+CVE-2025-42995 (SAP MDM Server Read function allows an attacker to send
specially craf ...)
+ TODO: check
+CVE-2025-42994 (SAP MDM Server ReadString function allows an attacker to send
speciall ...)
+ TODO: check
+CVE-2025-42993 (Due to a missing authorization check vulnerability in SAP
S/4HANA (Ent ...)
+ TODO: check
+CVE-2025-42991 (SAP S/4HANA (Bank Account Application) does not perform
necessary auth ...)
+ TODO: check
+CVE-2025-42990 (Unprotected SAPUI5 applications allow an attacker with basic
privilege ...)
+ TODO: check
+CVE-2025-42989 (RFC inbound processing\ufffddoes not perform necessary
authorization c ...)
+ TODO: check
+CVE-2025-42988 (Under certain conditions, SAP Business Objects Business
Intelligence P ...)
+ TODO: check
+CVE-2025-42987 (SAP Manage Processing Rules (For Bank Statement) allows an
attacker wi ...)
+ TODO: check
+CVE-2025-42984 (SAP S/4HANA Manage Central Purchase Contract does not perform
necessar ...)
+ TODO: check
+CVE-2025-42983 (SAP Business Warehouse and SAP Plug-In Basis allows an
authenticated a ...)
+ TODO: check
+CVE-2025-42982 (SAP GRC allows a non-administrative user to access and
initiate transa ...)
+ TODO: check
+CVE-2025-42977 (SAP NetWeaver Visual Composer contains a Directory Traversal
vulnerabi ...)
+ TODO: check
+CVE-2025-3076 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-31325 (Due to a Cross-Site Scripting vulnerability in SAP NetWeaver
(ABAP Key ...)
+ TODO: check
+CVE-2025-30515 (CyberData011209 Intercom could allow an authenticated
attacker to up ...)
+ TODO: check
+CVE-2025-30507 (CyberData011209 Intercom could allow an unauthenticated user
to gather ...)
+ TODO: check
+CVE-2025-30184 (CyberData011209 Intercom could allow an unauthenticated user
access to ...)
+ TODO: check
+CVE-2025-30183 (CyberData011209 Intercom does not properly store or protect
web serve ...)
+ TODO: check
+CVE-2025-27819 (In CVE-2023-25194, we announced the RCE/Denial of service
attack via S ...)
+ TODO: check
+CVE-2025-27818 (A possible security vulnerability has been identified in
Apache Kafka. ...)
+ TODO: check
+CVE-2025-27817 (A possible arbitrary file read and SSRF vulnerability has been
identif ...)
+ TODO: check
+CVE-2025-26468 (CyberData 011209 Intercom exposes features that could allow
an unau ...)
+ TODO: check
+CVE-2025-23192 (SAP BusinessObjects Business Intelligence (BI Workspace)
allows an una ...)
+ TODO: check
+CVE-2025-1041 (An improper input validation discovered in Avaya Call
Management Sys ...)
+ TODO: check
+CVE-2025-0037 (In AMD Versal Adaptive SoC devices, the lack of address
validation whe ...)
+ TODO: check
+CVE-2025-0036 (In AMD Versal Adaptive SoC devices, the incorrect configuration
of the ...)
+ TODO: check
+CVE-2024-55595
+ REJECTED
CVE-2025-5918 (A vulnerability has been identified in the libarchive library.
This fl ...)
- libarchive <unfixed>
NOTE: https://github.com/libarchive/libarchive/pull/2584
@@ -1447,7 +1571,7 @@ CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows
a remote attacker to es
NOT-FOR-US: Unifiedtransform
CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to
escalate ...)
NOT-FOR-US: Unifiedtransform
-CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection
in the Q ...)
+CVE-2025-46011 (Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL
Injection in th ...)
NOT-FOR-US: Listmonk
CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
NOT-FOR-US: FreshRSS
@@ -124774,7 +124898,7 @@ CVE-2024-3177 (A security issue was discovered in
Kubernetes where users may be
NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
CVE-2024-3932 (A vulnerability classified as problematic has been found in
Totara LMS ...)
NOT-FOR-US: Totara LMS
-CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build
20231128.01. It h ...)
+CVE-2024-3931 (A vulnerability was found in Totara LMS up to 18.7. It has been
rated ...)
NOT-FOR-US: Totara LMS
CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform
2.0.1. It ...)
NOT-FOR-US: Dromara open-capacity-platform
@@ -433311,7 +433435,7 @@ CVE-2020-7535 (A CWE-22: Improper Limitation of a
Pathname to a Restricted Direc
NOT-FOR-US: Modicon
CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability
exists on t ...)
NOT-FOR-US: Schneider Electric
-CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web
Server o ...)
+CVE-2020-7533 (CWE-287: Improper Authentication vulnerability exists which
could caus ...)
NOT-FOR-US: Modicon
CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability
exists in SC ...)
NOT-FOR-US: SCADAPack x70 Security Administrator
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a1def819cc92701fd40e8c39ea7f9ecad34505
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a1def819cc92701fd40e8c39ea7f9ecad34505
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
