Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1c4b47f by security tracker role at 2025-06-13T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2025-6052 (A flaw was found in how GLib\u2019s GString manages memory when
adding ...)
+ TODO: check
+CVE-2025-6035 (A flaw was found in GIMP. An integer overflow vulnerability
exists in ...)
+ TODO: check
+CVE-2025-6030 (Use of fixed learning codes, one code to lock the car and the
other co ...)
+ TODO: check
+CVE-2025-6029 (Use of fixed learning codes, one code to lock the car and the
other co ...)
+ TODO: check
+CVE-2025-49597 (handcraftedinthealps goodby-csv is a highly memory efficient,
flexible ...)
+ TODO: check
+CVE-2025-49587 (XWiki is an open-source wiki software platform. When a user
without sc ...)
+ TODO: check
+CVE-2025-49586 (XWiki is an open-source wiki software platform. Any XWiki user
with ed ...)
+ TODO: check
+CVE-2025-49585 (XWiki is a generic wiki platform. In versions before 15.10.16,
16.0.0- ...)
+ TODO: check
+CVE-2025-49584 (XWiki is a generic wiki platform. In XWiki Platform versions
10.9 thro ...)
+ TODO: check
+CVE-2025-49583 (XWiki is a generic wiki platform. When a user without script
right cre ...)
+ TODO: check
+CVE-2025-49582 (XWiki is a generic wiki platform. When editing content that
contains " ...)
+ TODO: check
+CVE-2025-49581 (XWiki is a generic wiki platform. Any user with edit right on
a page ( ...)
+ TODO: check
+CVE-2025-49580 (XWiki is a generic wiki platform. From 8.2 and 7.4.5 until
17.1.0-rc-1 ...)
+ TODO: check
+CVE-2025-49468 (A SQL injection vulnerability in No Boss Calendar component
before 5.0 ...)
+ TODO: check
+CVE-2025-48920 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48919 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48918 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48916 (Missing Authorization vulnerability in Drupal Bookable
Calendar allows ...)
+ TODO: check
+CVE-2025-48915 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48914 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48825 (RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0
contains an i ...)
+ TODO: check
+CVE-2025-46783 (Path traversal vulnerability exists in RICOH Streamline NX V3
PC Clien ...)
+ TODO: check
+CVE-2025-46096 (Directory Traversal vulnerability in solon v.3.1.2 allows a
remote att ...)
+ TODO: check
+CVE-2025-46060 (Buffer Overflow vulnerability in TOTOLINK N600R
v4.3.0cu.7866_B2022506 ...)
+ TODO: check
+CVE-2025-45988 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
+ TODO: check
+CVE-2025-45987 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
+ TODO: check
+CVE-2025-45986 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
+ TODO: check
+CVE-2025-45985 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
+ TODO: check
+CVE-2025-45984 (Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2,
BL-AC2100_AZ3 V1.0.4 ...)
+ TODO: check
+CVE-2025-36633 (In Tenable Agent versions prior to 10.8.5 on a Windows host,
it was fo ...)
+ TODO: check
+CVE-2025-36631 (In Tenable Agent versions prior to 10.8.5 on a Windows host,
it was fo ...)
+ TODO: check
+CVE-2025-36506 (External control of file name or path issue exists in RICOH
Streamline ...)
+ TODO: check
+CVE-2025-29902 (Remote code execution that allows unauthorized users to
execute arbitr ...)
+ TODO: check
+CVE-2025-28389 (Weak password requirements in OpenC3 COSMOS v6.0.0 allow
attackers to ...)
+ TODO: check
+CVE-2025-28388 (OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded
credentials f ...)
+ TODO: check
+CVE-2025-28386 (A remote code execution (RCE) vulnerability in the Plugin
Management c ...)
+ TODO: check
+CVE-2025-28384 (An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS
6.0.0 a ...)
+ TODO: check
+CVE-2025-28382 (An issue in the openc3-api/tables endpoint of OpenC3 COSMOS
6.0.0 allo ...)
+ TODO: check
+CVE-2025-28381 (A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to
access s ...)
+ TODO: check
+CVE-2025-28380 (A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS
v6.0.0 all ...)
+ TODO: check
CVE-2025-6012 (The Auto Attachments plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5950 (The IndieBlocks plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c4b47fb2954aa8d5a59e7ae2396b2d427596d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c4b47fb2954aa8d5a59e7ae2396b2d427596d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
