Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7284c182 by security tracker role at 2025-07-22T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,202 @@
-CVE-2025-38352 [posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del()]
+CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology
LBT-T300-T310 ...)
+ TODO: check
+CVE-2025-8018 (A vulnerability was found in code-projects Food Ordering Review
System ...)
+ TODO: check
+CVE-2025-8017 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
+ TODO: check
+CVE-2025-8015 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2025-7953 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7952 (A vulnerability classified as critical was found in TOTOLINK T6
4.1.5c ...)
+ TODO: check
+CVE-2025-7951 (A vulnerability classified as problematic has been found in
code-proje ...)
+ TODO: check
+CVE-2025-7950 (A vulnerability was found in code-projects Public Chat Room
1.0. It ha ...)
+ TODO: check
+CVE-2025-7949 (A vulnerability was found in Sanluan PublicCMS up to
5.202506.a. It ha ...)
+ TODO: check
+CVE-2025-7948 (A vulnerability classified as problematic was found in jshERP
up to 3. ...)
+ TODO: check
+CVE-2025-7947 (A vulnerability classified as critical has been found in jshERP
up to ...)
+ TODO: check
+CVE-2025-7946 (A vulnerability was found in PHPGurukul Apartment Visitors
Management ...)
+ TODO: check
+CVE-2025-7945 (A vulnerability was found in D-Link DIR-513 up to 20190831. It
has bee ...)
+ TODO: check
+CVE-2025-7944 (A vulnerability was found in PHPGurukul Taxi Stand Management
System 1 ...)
+ TODO: check
+CVE-2025-7943 (A vulnerability was found in PHPGurukul Taxi Stand Management
System 1 ...)
+ TODO: check
+CVE-2025-7942 (A vulnerability has been found in PHPGurukul Taxi Stand
Management Sys ...)
+ TODO: check
+CVE-2025-7941 (A vulnerability, which was classified as problematic, was found
in PHP ...)
+ TODO: check
+CVE-2025-7940 (A vulnerability was found in Genshin Albedo Cat House App 1.0.2
on And ...)
+ TODO: check
+CVE-2025-7939 (A vulnerability was found in jerryshensjf JPACookieShop
\u86cb\u7cd5\u ...)
+ TODO: check
+CVE-2025-7900 (The femanager extension for TYPO3 allows Insecure Direct Object
Refere ...)
+ TODO: check
+CVE-2025-7899 (The powermail extension for TYPO3 allows Insecure Direct Object
Refere ...)
+ TODO: check
+CVE-2025-7705 (: Active Debug Code vulnerability in ABB Switch Actuator 4
DU-83330, A ...)
+ TODO: check
+CVE-2025-7692 (The Orion Login with SMS plugin for WordPress is vulnerable to
Authent ...)
+ TODO: check
+CVE-2025-7687 (The Latest Post Accordian Slider plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-7685 (The Like & Share My Site plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2025-7645 (The Extensions For CF7 (Contact form 7 Database, Conditional
Fields an ...)
+ TODO: check
+CVE-2025-7644 (The Pixel Gallery Addons for Elementor \u2013 Easy Grid,
Creative Gall ...)
+ TODO: check
+CVE-2025-7495 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-7486 (The Ebook Store plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-7427 (Uncontrolled Search Path Element in Arm Development Studio
before 2025 ...)
+ TODO: check
+CVE-2025-7371 (Okta On-Premises Provisioning (OPP) agents log certain user
data durin ...)
+ TODO: check
+CVE-2025-6831 (The User Registration plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-6741 (Improper access control in secure message component in
Devolutions Ser ...)
+ TODO: check
+CVE-2025-6585 (The WP JobHunt plugin for WordPress is vulnerable to Insecure
Direct O ...)
+ TODO: check
+CVE-2025-6523 (Use of weak credentials in emergency authentication component
in Devol ...)
+ TODO: check
+CVE-2025-6213 (The Nginx Cache Purge Preload plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2025-6187 (The bSecure plugin for WordPress is vulnerable to Privilege
Escalation ...)
+ TODO: check
+CVE-2025-6082 (The Birth Chart Compatibility plugin for WordPress is
vulnerable to Fu ...)
+ TODO: check
+CVE-2025-5240 (The CRM and Lead Management by vcita plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-5042 (A maliciously crafted RFA file, when parsed through Autodesk
Revit, ca ...)
+ TODO: check
+CVE-2025-54362
+ REJECTED
+CVE-2025-54361
+ REJECTED
+CVE-2025-54360
+ REJECTED
+CVE-2025-54359
+ REJECTED
+CVE-2025-54358
+ REJECTED
+CVE-2025-54357
+ REJECTED
+CVE-2025-54356
+ REJECTED
+CVE-2025-54355
+ REJECTED
+CVE-2025-54354
+ REJECTED
+CVE-2025-54134 (HAX CMS NodeJs allows users to manage their microsite universe
with a ...)
+ TODO: check
+CVE-2025-54129 (HAXiam is a packaging wrapper for HAXcms which allows anyone
to spawn ...)
+ TODO: check
+CVE-2025-54128 (HAX CMS NodeJs allows users to manage their microsite universe
with a ...)
+ TODO: check
+CVE-2025-54127 (HAXcms with nodejs backend allows users to start the server in
any HAX ...)
+ TODO: check
+CVE-2025-54122 (Manager-io/Manager is accounting software. A critical
unauthenticated ...)
+ TODO: check
+CVE-2025-53832 (Lara Translate MCP Server is a Model Context Protocol (MCP)
Server for ...)
+ TODO: check
+CVE-2025-53528 (Cadwyn creates production-ready community-driven modern
Stripe-like AP ...)
+ TODO: check
+CVE-2025-53472 (WRC-BE36QS-B and WRC-W701-B contain an improper neutralization
of spec ...)
+ TODO: check
+CVE-2025-52580 (Insertion of sensitive information into log file issue exists
in "regi ...)
+ TODO: check
+CVE-2025-51867 (Insecure Direct Object Reference (IDOR) vulnerability in
Deepfiction A ...)
+ TODO: check
+CVE-2025-51865 (Ai2 playground web service (playground.allenai.org) LLM chat
through 2 ...)
+ TODO: check
+CVE-2025-51864 (A reflected cross-site scripting (XSS) vulnerability exists in
AIBOX L ...)
+ TODO: check
+CVE-2025-51863 (Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli
(ChatGPT ...)
+ TODO: check
+CVE-2025-51862 (Insecure Direct Object Reference (IDOR) vulnerability in
TelegAI (tele ...)
+ TODO: check
+CVE-2025-51860 (Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com)
2025-05-26 ...)
+ TODO: check
+CVE-2025-51859 (Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk
thru 2025 ...)
+ TODO: check
+CVE-2025-51858 (Self Cross-Site Scripting (XSS) vulnerability in
ChatPlayground.ai thr ...)
+ TODO: check
+CVE-2025-51482 (Remote Code Execution in
letta.server.rest_api.routers.v1.tools.run_to ...)
+ TODO: check
+CVE-2025-51481 (Local File Inclusion in dagster._grpc.impl.get_notebook_data
in Dagste ...)
+ TODO: check
+CVE-2025-51480 (Path Traversal vulnerability in
onnx.external_data_helper.save_externa ...)
+ TODO: check
+CVE-2025-51479 (Authorization bypass in update_user_group in onyx-dot-app Onyx
Enterpr ...)
+ TODO: check
+CVE-2025-51475 (Arbitrary File Overwrite (AFO) in
superagi.controllers.resources.uploa ...)
+ TODO: check
+CVE-2025-51472 (Code Injection in AgentTemplate.eval_agent_config in
TransformerOptimu ...)
+ TODO: check
+CVE-2025-51471 (Cross-Domain Token Exposure in
server.auth.getAuthorizationToken in Ol ...)
+ TODO: check
+CVE-2025-51464 (Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows
remote attack ...)
+ TODO: check
+CVE-2025-51463 (Path Traversal in restore_run_backup() in AIM 3.28.0 allows
remote att ...)
+ TODO: check
+CVE-2025-51459 (File Upload vulnerability in
agent.hub.controller.refresh_plugins in e ...)
+ TODO: check
+CVE-2025-51458 (SQL Injection in editor_sql_run and query_ex in eosphoros-ai
DB-GPT 0. ...)
+ TODO: check
+CVE-2025-4295 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
+ TODO: check
+CVE-2025-4294 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-4285 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service
(applicati ...)
+ TODO: check
+CVE-2025-48498 (A null pointer dereference vulnerability exists in the
Distributed Tra ...)
+ TODO: check
+CVE-2025-46354 (A denial of service vulnerability exists in the Distributed
Transactio ...)
+ TODO: check
+CVE-2025-46267 (Hidden functionality issue exists in WRC-BE36QS-B and
WRC-W701-B. If e ...)
+ TODO: check
+CVE-2025-36520 (A null pointer dereference vulnerability exists in the
net_connectmsg ...)
+ TODO: check
+CVE-2025-36512 (A denial of service vulnerability exists in the Bloomberg
Comdb2 8.1 d ...)
+ TODO: check
+CVE-2025-35966 (A null pointer dereference vulnerability exists in the
CDB2SQLQUERY pr ...)
+ TODO: check
+CVE-2025-34143 (An authentication bypass vulnerability exists in ETQ Reliance
on the C ...)
+ TODO: check
+CVE-2025-34142 (An XML External Entity (XXE) injection vulnerability exists in
ETQ Rel ...)
+ TODO: check
+CVE-2025-34141 (A reflected cross-site scripting (XSS) vulnerability exists in
ETQ Rel ...)
+ TODO: check
+CVE-2025-34140 (An authorization bypass vulnerability exists in ETQ Reliance
(legacy C ...)
+ TODO: check
+CVE-2025-31513 (An issue was discovered in AlertEnterprise Guardian
4.1.14.2.2.1. One ...)
+ TODO: check
+CVE-2025-31512 (An issue was discovered in AlertEnterprise Guardian
4.1.14.2.2.1. One ...)
+ TODO: check
+CVE-2025-31511 (An issue was discovered in AlertEnterprise Guardian
4.1.14.2.2.1. One ...)
+ TODO: check
+CVE-2024-38335 (IBM Security QRadar Network Threat Analytics 1.0.0 through
1.3.1 could ...)
+ TODO: check
+CVE-2015-10140 (The Ajax Load More plugin before 2.8.1.2 does not have
authorisation i ...)
+ TODO: check
+CVE-2015-10137 (The Website Contact Form With File Upload plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2012-10020 (The FoxyPress plugin for WordPress is vulnerable to arbitrary
file upl ...)
+ TODO: check
+CVE-2025-38352 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.35-1
NOTE:
https://git.kernel.org/linus/f90fff1e152dedf52b932240ebbd670d83330eca (6.16-rc2)
CVE-2025-7962 (In Jakarta Mail 2.2 it is possible to preform a SMTP Injection
by util ...)
@@ -304,7 +502,7 @@ CVE-2025-46122 (An issue was discovered in CommScope Ruckus
Unleashed prior to 2
NOT-FOR-US: Ruckus
CVE-2025-46121 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
NOT-FOR-US: Ruckus
-CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.14. ...)
+CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
NOT-FOR-US: Ruckus
CVE-2025-46119 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
NOT-FOR-US: Ruckus
@@ -3343,7 +3541,7 @@ CVE-2025-53651 (Jenkins HTML Publisher Plugin 425 and
earlier displays log messa
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53650 (Jenkins Credentials Binding Plugin 687.v619cb_15e923f and
earlier does ...)
NOT-FOR-US: Jenkins (core or plugin)
-CVE-2025-53645 (Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x
before ...)
+CVE-2025-53645 (Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x
before 10.0.1 ...)
NOT-FOR-US: Zimbra
CVE-2025-53620 (@builder.io/qwik-city is the meta-framework for Qwik. When a
Qwik Serv ...)
NOT-FOR-US: @builder.io/qwik-city
@@ -3355,7 +3553,8 @@ CVE-2025-52364 (Insecure Permissions vulnerability in
Tenda CP3 Pro Firmware V22
NOT-FOR-US: Tenda
CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping
diagnostic ...)
NOT-FOR-US: FiberHome FD602GW-DX-R410 router
-CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was
discovere ...)
+CVE-2025-49604
+ REJECTED
NOT-FOR-US: Realtek
CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to
utilize i ...)
NOT-FOR-US: Realtek
@@ -8005,7 +8204,7 @@ CVE-2025-5318 (A flaw was found in the libssh library. An
out-of-bounds read can
[bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
(libssh-0.11.2)
-CVE-2025-4878
+CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized
variable e ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
[bullseye] - libssh <postponed> (Minor issue)
@@ -58100,7 +58299,7 @@ CVE-2024-13447 (The WP Hotel Booking plugin for
WordPress is vulnerable to unaut
NOT-FOR-US: WordPress plugin
CVE-2024-11166 (For TCAS II systems using transponders compliant with MOPS
earlier tha ...)
NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
-CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A72
(revisions before ...)
+CVE-2024-10929 (In certain circumstances, an issue in Arm
Cortex-A57,Cortex-A72 (revis ...)
NOT-FOR-US: Arm
CVE-2023-37777 (A SQL injection vulnerability exists in Synnefo Internet
Management So ...)
NOT-FOR-US: Synnefo
@@ -505384,7 +505583,7 @@ CVE-2015-9277 (MailEnable before 8.60 allows
Directory Traversal for reading the
NOT-FOR-US: MailEnable
CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to
stored XSS ...)
NOT-FOR-US: SmarterTools SmarterMail
-CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses
the pickl ...)
+CVE-2019-6446 (An issue was discovered in NumPy before 1.16.3. It uses the
pickle Pyt ...)
- python-numpy 1:1.10.4-1
[jessie] - python-numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/12759
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7284c182ba27d48d4f0d91346c0b38cdb036db7d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7284c182ba27d48d4f0d91346c0b38cdb036db7d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
