[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 11 Jul 2025 13:13:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
97372d4c by security tracker role at 2025-07-11T20:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,126 @@
-CVE-2025-48924
+CVE-2025-7503 (An OEM IP camera manufactured by Shenzhen Liandian 
Communication Techn ...)
+       TODO: check
+CVE-2025-7456 (A vulnerability, which was classified as critical, has been 
found in C ...)
+       TODO: check
+CVE-2025-7455 (A vulnerability classified as critical was found in Campcodes 
Online M ...)
+       TODO: check
+CVE-2025-7454 (A vulnerability classified as critical has been found in 
Campcodes Onl ...)
+       TODO: check
+CVE-2025-7453 (A vulnerability was found in saltbo zpan up to 
1.6.5/1.7.0-beta2. It h ...)
+       TODO: check
+CVE-2025-7452 (A vulnerability was found in kone-net go-chat up to 
f9e58d0afa9bbdb31f ...)
+       TODO: check
+CVE-2025-7450 (A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It 
has be ...)
+       TODO: check
+CVE-2025-7029 (A vulnerability in the Software SMI handler (SwSmiInputValue 
0xB2) all ...)
+       TODO: check
+CVE-2025-7028 (A vulnerability in the Software SMI handler (SwSmiInputValue 
0x20) all ...)
+       TODO: check
+CVE-2025-7027 (A vulnerability in the Software SMI handler (SwSmiInputValue 
0xB2) all ...)
+       TODO: check
+CVE-2025-7026 (A vulnerability in the Software SMI handler (SwSmiInputValue 
0xB2) all ...)
+       TODO: check
+CVE-2025-6851 (The Broken Link Notifier plugin for WordPress is vulnerable to 
Server- ...)
+       TODO: check
+CVE-2025-6838 (The Broken Link Notifier plugin for WordPress is vulnerable to 
CSV Inj ...)
+       TODO: check
+CVE-2025-6788 (CWE-668: Exposure of Resource to Wrong Sphere vulnerability 
exists tha ...)
+       TODO: check
+CVE-2025-6549 (An Incorrect Authorization vulnerability in the web server of 
Juniper  ...)
+       TODO: check
+CVE-2025-6438 (CWE-611: Improper Restriction of XML External Entity Reference 
vulnera ...)
+       TODO: check
+CVE-2025-53642 (haxcms-nodejs and haxcms-php are backends for HAXcms. The 
logout funct ...)
+       TODO: check
+CVE-2025-53641 (Postiz is an AI social media scheduling tool. From 1.45.1 to 
1.62.3, t ...)
+       TODO: check
+CVE-2025-52994 (gif_outputAsJpeg in phpThumb through 1.7.23 allows 
phpthumb.gif.php OS ...)
+       TODO: check
+CVE-2025-52989 (An Improper Neutralization of Delimiters vulnerability in the 
UI of Ju ...)
+       TODO: check
+CVE-2025-52988 (An Improper Neutralization of Special Elements used in an OS 
Command ( ...)
+       TODO: check
+CVE-2025-52986 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2025-52985 (A Use of Incorrect Operator  vulnerability in the Routing 
Engine firew ...)
+       TODO: check
+CVE-2025-52984 (A NULL Pointer Dereference vulnerability in the routing 
protocol daemo ...)
+       TODO: check
+CVE-2025-52983 (A UI Discrepancy for Security Feature  vulnerability in the UI 
of Juni ...)
+       TODO: check
+CVE-2025-52982 (An Improper Resource Shutdown or Release vulnerability in the 
SIP ALG  ...)
+       TODO: check
+CVE-2025-52981 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2025-52980 (A Use of Incorrect Byte Ordering   vulnerability   in the 
Routing Prot ...)
+       TODO: check
+CVE-2025-52964 (A Reachable Assertion vulnerability in the Routing Protocol 
Daemon (rp ...)
+       TODO: check
+CVE-2025-52963 (An Improper Access Control vulnerability in the User Interface 
(UI) of ...)
+       TODO: check
+CVE-2025-52958 (A Reachable Assertion vulnerability in the routing protocol 
daemon (rp ...)
+       TODO: check
+CVE-2025-52955 (An Incorrect Calculation of Buffer Size vulnerability in the 
routing p ...)
+       TODO: check
+CVE-2025-52954 (A Missing Authorization vulnerability in the internal virtual 
routing  ...)
+       TODO: check
+CVE-2025-52953 (An Expected Behavior Violationvulnerability in the routing 
protocol da ...)
+       TODO: check
+CVE-2025-52952 (An Out-of-bounds Write vulnerability in the connectivity fault 
managem ...)
+       TODO: check
+CVE-2025-52951 (A Protection Mechanism Failure vulnerability in kernel filter 
processi ...)
+       TODO: check
+CVE-2025-52950 (AMissing Authorization vulnerability in Juniper Networks 
Security Dire ...)
+       TODO: check
+CVE-2025-52949 (An Improper Handling of Length Parameter Inconsistency 
vulnerability i ...)
+       TODO: check
+CVE-2025-52948 (An Improper Handling of Exceptional Conditions vulnerability 
in Berkel ...)
+       TODO: check
+CVE-2025-52947 (An Improper Handling of Exceptional Conditions vulnerability 
in route  ...)
+       TODO: check
+CVE-2025-52946 (A Use After Free vulnerability in the routing protocol daemon 
(rpd) of ...)
+       TODO: check
+CVE-2025-52089 (A hidden remote support feature protected by a static secret 
in TOTOLI ...)
+       TODO: check
+CVE-2025-51591 (A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 
allows attac ...)
+       TODO: check
+CVE-2025-50125 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability 
exists that  ...)
+       TODO: check
+CVE-2025-50124 (CWE-269: Improper Privilege Management vulnerability exists 
that could ...)
+       TODO: check
+CVE-2025-50123 (CWE-94: Improper Control of Generation of Code ('Code 
Injection') vuln ...)
+       TODO: check
+CVE-2025-50122 (CWE-331: Insufficient Entropy vulnerability exists that could 
cause ro ...)
+       TODO: check
+CVE-2025-50121 (CWE-78: Improper Neutralization of Special Elements used in an 
OS Comm ...)
+       TODO: check
+CVE-2025-47964 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2025-47963 (No cwe for this issue in Microsoft Edge (Chromium-based) 
allows an una ...)
+       TODO: check
+CVE-2025-47182 (Improper input validation in Microsoft Edge (Chromium-based) 
allows an ...)
+       TODO: check
+CVE-2025-45582 (GNU Tar through 1.35 allows file overwrite via directory 
traversal in  ...)
+       TODO: check
+CVE-2025-43856 (immich is a high performance self-hosted photo and video 
management so ...)
+       TODO: check
+CVE-2025-3933 (A Regular Expression Denial of Service (ReDoS) vulnerability 
was disco ...)
+       TODO: check
+CVE-2025-3631 (An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager 
can cau ...)
+       TODO: check
+CVE-2025-30661 (An Incorrect Permission Assignment for Critical Resource 
vulnerability ...)
+       TODO: check
+CVE-2025-30403 (A heap-buffer-overflow vulnerability is possible in mvfst via 
a specia ...)
+       TODO: check
+CVE-2025-30402 (A heap-buffer-overflow vulnerability in the loading of 
ExecuTorch meth ...)
+       TODO: check
+CVE-2024-47065 (Meshtastic is an open source mesh networking solution. Prior 
to 2.5.1, ...)
+       TODO: check
+CVE-2023-38329 (An issue was discovered in eGroupWare 17.1.20190111. A 
cross-site scri ...)
+       TODO: check
+CVE-2023-38327 (An issue was discovered in eGroupWare 17.1.20190111. A User 
Enumeratio ...)
+       TODO: check
+CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang.  
This iss ...)
        - libcommons-lang3-java <unfixed> (bug #1109125)
        - libcommons-lang-java <unfixed> (bug #1109126)
        NOTE: https://www.openwall.com/lists/oss-security/2025/07/11/1
@@ -128,9 +250,9 @@ CVE-2025-24798 (Meshtastic is an open source mesh 
networking solution. From 1.2.
        NOT-FOR-US: Meshtastic
 CVE-2025-1727 (The protocol used for remote linking over RF for End-of-Train 
and  Hea ...)
        NOT-FOR-US: End-of-Train and Head-of-Train remote linking protocol
-CVE-2025-53862
+CVE-2025-53862 (A flaw was found in Ansible. Three API endpoints are 
accessible and re ...)
        NOT-FOR-US: Ansible Automation Platform
-CVE-2025-53861
+CVE-2025-53861 (A flaw was found in Ansible. Sensitive cookies without 
security flags  ...)
        NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, 
flags are ...)
        - libxslt <unfixed> (bug #1109122)
@@ -717962,8 +718084,8 @@ CVE-2013-3309
        RESERVED
 CVE-2013-3308
        RESERVED
-CVE-2013-3307
-       RESERVED
+CVE-2013-3307 (Linksys E1000 devices through 2.1.02, E1200 devices before 
2.0.05, and ...)
+       TODO: check
 CVE-2013-3306
        RESERVED
 CVE-2013-3305



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97372d4ccd22af69405d55769bc1eb09785a3cae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97372d4ccd22af69405d55769bc1eb09785a3cae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to