Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e923b07 by security tracker role at 2025-07-21T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,393 @@
+CVE-2025-7962 (In Jakarta Mail 2.2 it is possible to preform a SMTP Injection
by util ...)
+ TODO: check
+CVE-2025-7938 (A vulnerability was found in jerryshensjf JPACookieShop
\u86cb\u7cd5\u ...)
+ TODO: check
+CVE-2025-7936 (A vulnerability has been found in fuyang_lipengjun platform up
to ca9a ...)
+ TODO: check
+CVE-2025-7935 (A vulnerability, which was classified as critical, was found in
fuyang ...)
+ TODO: check
+CVE-2025-7934 (A vulnerability, which was classified as critical, has been
found in f ...)
+ TODO: check
+CVE-2025-7933 (A vulnerability classified as critical was found in Campcodes
Sales an ...)
+ TODO: check
+CVE-2025-7932 (A vulnerability classified as critical has been found in D-Link
DIR\u2 ...)
+ TODO: check
+CVE-2025-7931 (A vulnerability was found in code-projects Church Donation
System 1.0. ...)
+ TODO: check
+CVE-2025-7930 (A vulnerability was found in code-projects Church Donation
System 1.0. ...)
+ TODO: check
+CVE-2025-7929 (A vulnerability was found in code-projects Church Donation
System 1.0. ...)
+ TODO: check
+CVE-2025-7928 (A vulnerability was found in code-projects Church Donation
System 1.0 ...)
+ TODO: check
+CVE-2025-7927 (A vulnerability has been found in PHPGurukul Online Banquet
Booking Sy ...)
+ TODO: check
+CVE-2025-7926 (A vulnerability, which was classified as problematic, was found
in PHP ...)
+ TODO: check
+CVE-2025-7925 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7924 (A vulnerability classified as problematic was found in
PHPGurukul Onli ...)
+ TODO: check
+CVE-2025-7717 (Missing Authorization vulnerability in Drupal File Download
allows For ...)
+ TODO: check
+CVE-2025-7716 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-7715 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-7624 (An SQL injection vulnerability in the legacy (transparent) SMTP
proxy ...)
+ TODO: check
+CVE-2025-7393 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-7392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-7382 (A command injection vulnerability in WebAdmin of Sophos
Firewall versi ...)
+ TODO: check
+CVE-2025-7325 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7324 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7323 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7322 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7321 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7320 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7319 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7318 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7317 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7316 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7315 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7314 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7313 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7312 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7311 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7310 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7309 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7308 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7307 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7306 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7305 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7304 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7303 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7302 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7301 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7300 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7299 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7298 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7297 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7296 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7295 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7294 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7293 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7292 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7291 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7290 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7289 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7288 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7287 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7286 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7285 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7284 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7283 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7282 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7281 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7280 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7279 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7278 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7277 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7276 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7275 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7274 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7273 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7272 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7271 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7270 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7269 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7268 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7267 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7266 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7265 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7264 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7263 (IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7262 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7261 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7260 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write
Remote ...)
+ TODO: check
+CVE-2025-7258 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write
Remote ...)
+ TODO: check
+CVE-2025-7257 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7256 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7255 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7254 (IrfanView CADImage Plugin DXF File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7253 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7252 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7251 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7250 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7249 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7248 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7247 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7246 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7244 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7243 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7242 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Remote C ...)
+ TODO: check
+CVE-2025-7241 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7240 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7239 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7238 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write
Remote ...)
+ TODO: check
+CVE-2025-7237 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7236 (IrfanView CADImage Plugin DWG File Parsing Memory Corruption
Remote Co ...)
+ TODO: check
+CVE-2025-7235 (IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write
Remote ...)
+ TODO: check
+CVE-2025-7234 (IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write
Remote ...)
+ TODO: check
+CVE-2025-7233 (IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read
Informat ...)
+ TODO: check
+CVE-2025-7231 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2025-7230 (INVT VT-Designer PM3 File Parsing Type Confusion Remote Code
Execution ...)
+ TODO: check
+CVE-2025-7229 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2025-7228 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2025-7227 (INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2025-7226 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code
Executio ...)
+ TODO: check
+CVE-2025-7225 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code
Executio ...)
+ TODO: check
+CVE-2025-7224 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code
Executio ...)
+ TODO: check
+CVE-2025-7223 (INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code
Executio ...)
+ TODO: check
+CVE-2025-7222 (Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code
Execut ...)
+ TODO: check
+CVE-2025-6704 (An arbitrary file writing vulnerability in the Secure PDF
eXchange (SP ...)
+ TODO: check
+CVE-2025-6235 (In ExtremeControl before 25.5.12, a cross-site scripting (XSS)
vulnera ...)
+ TODO: check
+CVE-2025-5681 (Authorization Bypass Through User-Controlled Key vulnerability
in Turt ...)
+ TODO: check
+CVE-2025-54121 (Starlette is a lightweight ASGI (Asynchronous Server Gateway
Interface ...)
+ TODO: check
+CVE-2025-54082 (marshmallow-packages/nova-tiptap is a rich text editor for
Laravel Nov ...)
+ TODO: check
+CVE-2025-54071 (RomM (ROM Manager) allows users to scan, enrich, browse and
play their ...)
+ TODO: check
+CVE-2025-52575 (EspoCRM is an Open Source CRM (Customer Relationship
Management) softw ...)
+ TODO: check
+CVE-2025-52374 (Use of hardcoded cryptographic key in Encryption.cs in
hMailServer 5.8 ...)
+ TODO: check
+CVE-2025-52373 (Use of hardcoded cryptographic key in BlowFish.cpp in
hMailServer 5.8. ...)
+ TODO: check
+CVE-2025-52372 (An issue in hMailServer v.5.8.6 allows a local attacker to
obtain sens ...)
+ TODO: check
+CVE-2025-52362 (Server-Side Request Forgery (SSRF) vulnerability exists in the
URL pro ...)
+ TODO: check
+CVE-2025-51869 (Insecure Direct Object Reference (IDOR) vulnerability in Liner
thru 20 ...)
+ TODO: check
+CVE-2025-51868 (Insecure Direct Object Reference (IDOR) vulnerability in Dippy
(chat.d ...)
+ TODO: check
+CVE-2025-51403 (A stored cross-site scripting (XSS) vulnerability in the
department as ...)
+ TODO: check
+CVE-2025-51401 (A stored cross-site scripting (XSS) vulnerability in the chat
transfer ...)
+ TODO: check
+CVE-2025-51400 (A stored cross-site scripting (XSS) vulnerability in the
Personal Cann ...)
+ TODO: check
+CVE-2025-51398 (A stored cross-site scripting (XSS) vulnerability in the
Facebook regi ...)
+ TODO: check
+CVE-2025-51397 (A stored cross-site scripting (XSS) vulnerability in the
Facebook Chat ...)
+ TODO: check
+CVE-2025-51396 (A stored cross-site scripting (XSS) vulnerability in Live
Helper Chat ...)
+ TODO: check
+CVE-2025-50151 (File access paths in configuration files uploaded by users
with admini ...)
+ TODO: check
+CVE-2025-4130 (Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO
Pay allo ...)
+ TODO: check
+CVE-2025-4129 (Authorization Bypass Through User-Controlled Key vulnerability
in PAVO ...)
+ TODO: check
+CVE-2025-4040 (Authorization Bypass Through User-Controlled Key vulnerability
in Turp ...)
+ TODO: check
+CVE-2025-49656 (Users with administrator access can create databases files
outside the ...)
+ TODO: check
+CVE-2025-46123 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-46122 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-46121 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.14. ...)
+ TODO: check
+CVE-2025-46119 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-46118 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-46117 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-46116 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
+ TODO: check
+CVE-2025-44658 (In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration
vulnerability ...)
+ TODO: check
+CVE-2025-44657 (In Linksys EA6350 V2.1.2, the chroot_local_user option is
enabled in t ...)
+ TODO: check
+CVE-2025-44655 (In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the
chroot_local_ ...)
+ TODO: check
+CVE-2025-44654 (In Linksys E2500 3.0.04.002, the chroot_local_user option is
enabled i ...)
+ TODO: check
+CVE-2025-44653 (In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option
is set to ...)
+ TODO: check
+CVE-2025-44652 (In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is
set to 0 ...)
+ TODO: check
+CVE-2025-44651 (In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is
set to 0 i ...)
+ TODO: check
+CVE-2025-44650 (In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2,
the USER ...)
+ TODO: check
+CVE-2025-44649 (In the configuration file of racoon in the TRENDnet
TEW-WLC100P 2.03b0 ...)
+ TODO: check
+CVE-2025-44647 (In TRENDnet TEW-WLC100P 2.03b03, the
i_dont_care_about_security_and_us ...)
+ TODO: check
+CVE-2025-43977 (The com.skt.prod.dialer application through 12.5.0 for Android
enables ...)
+ TODO: check
+CVE-2025-43976 (The com.enflick.android.tn2ndLine application through
24.17.1.0 for An ...)
+ TODO: check
+CVE-2025-43720 (Headwind MDM before 5.33.1 makes configuration details
accessible to u ...)
+ TODO: check
+CVE-2025-41681 (A high privileged remote attacker can gain persistent XSS via
POST req ...)
+ TODO: check
+CVE-2025-41679 (An unauthenticated remote attacker could exploit a buffer
overflow vul ...)
+ TODO: check
+CVE-2025-41678 (A high privileged remote attacker can alter the configuration
database ...)
+ TODO: check
+CVE-2025-41677 (A high privileged remote attacker can exhaust critical system
resource ...)
+ TODO: check
+CVE-2025-41676 (A high privileged remote attacker can exhaust critical system
resource ...)
+ TODO: check
+CVE-2025-41675 (A high privileged remote attacker can execute arbitrary system
command ...)
+ TODO: check
+CVE-2025-41674 (A high privileged remote attacker can execute arbitrary system
command ...)
+ TODO: check
+CVE-2025-41673 (A high privileged remote attacker can execute arbitrary system
command ...)
+ TODO: check
+CVE-2025-41459 (Insufficient protection against brute-force and runtime
manipulation i ...)
+ TODO: check
+CVE-2025-41458 (Unencrypted storage in the database in Two App Studio Journey
v5.5.9 f ...)
+ TODO: check
+CVE-2025-41100 (Incorrect authentication vulnerability in ParkingDoor. Through
this vu ...)
+ TODO: check
+CVE-2025-36846 (An issue was discovered in Eveo URVE Web Manager 27.02.2025.
The appli ...)
+ TODO: check
+CVE-2025-36845 (An issue was discovered in Eveo URVE Web Manager 27.02.2025.
The endpo ...)
+ TODO: check
+CVE-2025-36603 (Dell AppSync, version(s) 4.6.0.0, contains an Improper
Restriction of ...)
+ TODO: check
+CVE-2025-36107 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could
allow mal ...)
+ TODO: check
+CVE-2025-36106 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could
allow mal ...)
+ TODO: check
+CVE-2025-36062 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could
be vuln ...)
+ TODO: check
+CVE-2025-36057 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is
vulnerable ...)
+ TODO: check
+CVE-2025-32744 (Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted
Upload of F ...)
+ TODO: check
+CVE-2025-30477 (Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a
use of a ...)
+ TODO: check
+CVE-2025-30192 (An attacker spoofing answers to ECS enabled requests sent out
by the R ...)
+ TODO: check
+CVE-2025-2301 (Authorization Bypass Through User-Controlled Key vulnerability
in Akbi ...)
+ TODO: check
+CVE-2025-1469 (Authorization Bypass Through User-Controlled Key vulnerability
in Turt ...)
+ TODO: check
+CVE-2024-6107 (Due to insufficient verification, an attacker could use a
malicious cl ...)
+ TODO: check
+CVE-2024-55040 (Cross Site Scripting vulnerability in Sensaphone WEB600
Monitoring Sys ...)
+ TODO: check
+CVE-2024-13974 (A business logic vulnerability in the Up2Date component of
Sophos Fire ...)
+ TODO: check
+CVE-2024-13973 (A post-auth SQL injection vulnerability in WebAdmin of Sophos
Firewall ...)
+ TODO: check
CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based
Buffer Overf ...)
NOT-FOR-US: Askey
CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a
Reflected ...)
@@ -619,7 +1009,7 @@ CVE-2025-50240 (nbcio-boot v1.0.3 was discovered to
contain a SQL injection vuln
NOT-FOR-US: nbcio-boot
CVE-2025-4657 (A buffer overflow vulnerability was reported in the Lenovo
Protection ...)
NOT-FOR-US: Lenovo
-CVE-2025-47189 (Netwrix Directory Manager through 2025-05-01 allows XSS.)
+CVE-2025-47189 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0
before 1 ...)
NOT-FOR-US: Netwrix Directory Manager
CVE-2025-46102 (Cross Site Scripting vulnerability in Beakon Software Beakon
Learning ...)
NOT-FOR-US: Beakon Software Beakon Learning Management System
@@ -2348,6 +2738,7 @@ CVE-2025-53549 (The Matrix Rust SDK is a collection of
libraries that make it ea
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command
injection vulne ...)
NOT-FOR-US: Headlamp
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1109113)
- tomcat10 <unfixed> (bug #1109114)
- tomcat9 9.0.70-2
@@ -2372,6 +2763,7 @@ CVE-2025-52837 (Trend Micro Password Manager (Consumer)
version 5.8.0.1327 and b
CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link
following ...)
NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an
Integer Overf ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1109111)
- tomcat10 <unfixed> (bug #1109112)
- tomcat9 9.0.70-2
@@ -2384,6 +2776,7 @@ CVE-2025-52473 (liboqs is a C-language cryptographic
library that provides imple
NOTE:
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm
NOTE:
https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897
(0.14.0-rc1)
CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper
Synchronizati ...)
+ {DLA-4244-1}
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
(9.0.107)
@@ -5216,7 +5609,7 @@ CVE-2025-49005 (Next.js is a React framework for building
full-stack web applica
CVE-2024-11937 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-53367 (DjVuLibre is a GPL implementation of DjVu, a web-centric
format for di ...)
- {DSA-5960-1}
+ {DSA-5960-1 DLA-4247-1}
- djvulibre 3.5.28-2.1 (bug #1108729)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/03/1
NOTE: Fixed by:
https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
@@ -6374,6 +6767,7 @@ CVE-2025-6855 (A vulnerability, which was classified as
critical, has been found
CVE-2025-6854 (A vulnerability classified as problematic was found in
chatchat-space ...)
NOT-FOR-US: Langchain-Chatchat
CVE-2025-5878 (A vulnerability was found in ESAPI esapi-java-legacy and
classified as ...)
+ {DLA-4246-1}
- libowasp-esapi-java <unfixed> (bug #1109378)
[bookworm] - libowasp-esapi-java <no-dsa> (Minor issue)
NOTE:
https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512
(esapi-2.7.0.0)
@@ -10979,6 +11373,7 @@ CVE-2025-4565 (Any project that uses Protobuf
Pure-Python backendto parse untrus
[bullseye] - protobuf <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1108114)
- tomcat10 <unfixed> (bug #1108115)
- tomcat9 9.0.70-2
@@ -10993,6 +11388,7 @@ CVE-2025-49124 (Untrusted Search Path vulnerability in
Apache Tomcat installer f
- tomcat9 <not-affected> (Windows-specific)
NOTE: https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv
CVE-2025-48988 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1108116)
- tomcat10 <unfixed> (bug #1108117)
- tomcat9 9.0.70-2
@@ -11002,6 +11398,7 @@ CVE-2025-48988 (Allocation of Resources Without Limits
or Throttling vulnerabili
NOTE:
https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
(10.1.42)
NOTE:
https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
(9.0.106)
CVE-2025-48976 (Allocation of resources for multipart headers with
insufficient limits ...)
+ {DLA-4245-1 DLA-4244-1}
- libcommons-fileupload-java <unfixed> (bug #1108120)
[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
- tomcat11 <unfixed> (bug #1108118)
@@ -15535,6 +15932,7 @@ CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR
REST API and related serv
CVE-2025-46722 (vLLM is an inference and serving engine for large language
models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache
Tomcat's ...)
+ {DLA-4244-1}
- tomcat11 <unfixed> (bug #1106821)
- tomcat10 <unfixed> (bug #1106820)
- tomcat9 9.0.70-2
@@ -26061,6 +26459,7 @@ CVE-2025-32471 (The device\u2019s passwords have not
been adequately salted, mak
CVE-2025-32470 (A remote unauthenticated attacker may be able to change the IP
adress ...)
NOT-FOR-US: SICK AG
CVE-2025-31651 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
+ {DLA-4244-1}
- tomcat11 11.0.6-1
- tomcat10 10.1.40-1
- tomcat9 9.0.70-2
@@ -26070,6 +26469,7 @@ CVE-2025-31651 (Improper Neutralization of Escape,
Meta, or Control Sequences vu
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454
(9.0.104)
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64
(9.0.104)
CVE-2025-31650 (Improper Input Validation vulnerability in Apache Tomcat.
Incorrect er ...)
+ {DLA-4244-1}
- tomcat11 11.0.6-1
- tomcat10 10.1.40-1
- tomcat9 9.0.70-2
@@ -51561,7 +51961,7 @@ CVE-2025-25354 (A SQL Injection was found in
/admin/admin-profile.php in PHPGuru
NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25352 (A SQL Injection vulnerability was found in /admin/aboutus.php
in PHPGu ...)
NOT-FOR-US: Phpgurukul Land Record System
-CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in
version 1.8.0 ...)
+CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in
version 1.0.8 ...)
NOT-FOR-US: Lakeus MediaWiki skin
CVE-2025-24904 (libsignal-service-rs is a Rust version of the
libsignal-service-java l ...)
NOT-FOR-US: libsignal-service-rs
@@ -68290,7 +68690,7 @@ CVE-2024-55513 (A vulnerability was found in Raisecom
MSG1200, MSG2100E, MSG2200
CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore
Managemen ...)
NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the
examples web ap ...)
- {DSA-5845-1}
+ {DSA-5845-1 DLA-4244-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -99103,7 +99503,7 @@ CVE-2024-8136 (A vulnerability, which was classified as
problematic, was found i
NOT-FOR-US: SourceCodester Record Management System
CVE-2024-8135 (A vulnerability classified as critical has been found in
Go-Tribe gotr ...)
NOT-FOR-US: Go-Tribe gotribe
-CVE-2024-45244 (Hyperledger Fabric through 2.5.9 does not verify that a
request has a ...)
+CVE-2024-45244 (Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do
not verify ...)
NOT-FOR-US: Hyperledger Fabric
CVE-2024-45240 (The TikTok (aka com.zhiliaoapp.musically) application before
34.5.5 fo ...)
NOT-FOR-US: TikTok (aka com.zhiliaoapp.musically) application
@@ -112520,7 +112920,7 @@ CVE-2024-38286 (Allocation of Resources Without
Limits or Throttling vulnerabili
NOTE:
https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
(9.0.90)
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled
Resource Con ...)
- {DSA-5845-1}
+ {DSA-5845-1 DLA-4244-1}
- tomcat10 10.1.25-1
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
@@ -221158,7 +221558,7 @@ CVE-2023-25000 (HashiCorp Vault's implementation of
Shamir's secret sharing used
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth
method allowe ...)
NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number
of requ ...)
- {DSA-5522-1 DLA-3617-1}
+ {DSA-5522-1 DLA-4245-1 DLA-3617-1}
- tomcat10 10.1.5-1
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <postponed> (Minor issue, fix along with future
update)
@@ -300996,6 +301396,7 @@ CVE-2022-24893 (ESP-IDF is the official development
framework for Espressif SoCs
CVE-2022-24892 (Shopware is an open source e-commerce software platform.
Starting with ...)
NOT-FOR-US: Shopware
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open
source, web ...)
+ {DLA-4246-1}
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
[buster] - libowasp-esapi-java <no-dsa> (Minor issue)
[stretch] - libowasp-esapi-java <no-dsa> (Minor issue)
@@ -306210,6 +306611,7 @@ CVE-2022-23459 (Jsonxx or Json++ is a JSON parser,
writer and reader written in
CVE-2022-23458 (Toast UI Grid is a component to display and edit data.
Versions prior ...)
NOT-FOR-US: Toast UI Grid
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open
source, web ...)
+ {DLA-4246-1}
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
[buster] - libowasp-esapi-java <no-dsa> (Minor issue)
[stretch] - libowasp-esapi-java <no-dsa> (Minor issue)
@@ -306928,6 +307330,7 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was
discovered to contain a seg
NOTE: https://github.com/gpac/gpac/issues/2039
NOTE:
https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
(v2.0.0)
CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre
3.5.28 in all ...)
+ {DLA-4247-1}
- djvulibre 3.5.28-2.2 (bug #1052669)
[bookworm] - djvulibre <ignored> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
@@ -306941,6 +307344,7 @@ CVE-2021-46311 (A NULL pointer dereference
vulnerability exists in GPAC v1.1.0 v
NOTE: https://github.com/gpac/gpac/issues/2038
NOTE:
https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
(v2.0.0)
CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in
allows at ...)
+ {DLA-4247-1}
- djvulibre 3.5.28-2.2 (bug #1052668)
[bookworm] - djvulibre <ignored> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
@@ -398085,8 +398489,8 @@ CVE-2020-26801 (A stored cross-site scripting (XSS)
vulnerability was discovered
NOT-FOR-US: TrippLite
CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client
version <= ...)
NOT-FOR-US: Aleth Ethereum
-CVE-2020-26799
- RESERVED
+CVE-2020-26799 (A reflected cross-site scripting (XSS) vulnerability was
discovered in ...)
+ TODO: check
CVE-2020-26798
RESERVED
CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e923b076de03f614b4707c275fe9e0b65cf8f8a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e923b076de03f614b4707c275fe9e0b65cf8f8a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
