Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
323133a9 by security tracker role at 2025-07-23T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,71 +1,291 @@
-CVE-2025-54090
+CVE-2025-8070 (The Windows service configuration of ABP and AES contains an
unquoted ...)
+ TODO: check
+CVE-2025-8069 (During the AWS Client VPN client installation on Windows
devices, the ...)
+ TODO: check
+CVE-2025-8060 (A vulnerability has been found in Tenda AC23 16.03.07.52 and
classifie ...)
+ TODO: check
+CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to
2.41 is ...)
+ TODO: check
+CVE-2025-8022 (All versions of the package bun are vulnerable to Improper
Neutralizat ...)
+ TODO: check
+CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable
to Dire ...)
+ TODO: check
+CVE-2025-8020 (All versions of the package private-ip are vulnerable to
Server-Side R ...)
+ TODO: check
+CVE-2025-7766 (LantronixProvisioning Manager is vulnerable to XML external
entity att ...)
+ TODO: check
+CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin
VIGI NV ...)
+ TODO: check
+CVE-2025-7723 (A command injection vulnerability exists that can be exploited
after a ...)
+ TODO: check
+CVE-2025-7722 (The Social Streams plugin for WordPress is vulnerable to
privilege esc ...)
+ TODO: check
+CVE-2025-6261 (The Fleetwire Fleet Management plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-6215 (The Omnishop plugin for WordPress is vulnerable to
Unauthenticated Reg ...)
+ TODO: check
+CVE-2025-6214 (The Omnishop plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-6190 (The Realty Portal \u2013 Agent plugin for WordPress is
vulnerable to P ...)
+ TODO: check
+CVE-2025-6174 (The Qwizcards | online quizzes and flashcards WordPress plugin
through ...)
+ TODO: check
+CVE-2025-6054 (The YANewsflash plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2025-5818 (The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash
plugin ...)
+ TODO: check
+CVE-2025-5753 (The Valuation Calculator plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-54455 (Use of Hard-coded Credentials vulnerability in Samsung
Electronics Mag ...)
+ TODO: check
+CVE-2025-54454 (Use of Hard-coded Credentials vulnerability in Samsung
Electronics Mag ...)
+ TODO: check
+CVE-2025-54453 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54452 (Improper Authentication vulnerability in Samsung Electronics
MagicINFO ...)
+ TODO: check
+CVE-2025-54451 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-54450 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54449 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54448 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54447 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54446 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54445 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2025-54444 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54443 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54442 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54441 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54440 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54439 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
+ TODO: check
+CVE-2025-54438 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54297 (A stored XSS vulnerability in CComment component 5.0.0-6.1.14
for Joom ...)
+ TODO: check
+CVE-2025-54296 (A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for
Joomla ...)
+ TODO: check
+CVE-2025-54295 (A Reflected XSS vulnerability in DJ-Reviews component
1.0-1.3.6 for Jo ...)
+ TODO: check
+CVE-2025-54294 (A SQLi vulnerability in Komento component 4.0.0-4.0.7for
Joomla was di ...)
+ TODO: check
+CVE-2025-54141 (ViewVC is a browser interface for CVS and Subversion version
control r ...)
+ TODO: check
+CVE-2025-54140 (pyLoad is a free and open-source Download Manager written in
pure Pyth ...)
+ TODO: check
+CVE-2025-54139 (HAX CMS allows users to manage their microsite universe with a
NodeJS ...)
+ TODO: check
+CVE-2025-54138 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2025-54137 (HAX CMS NodeJS allows users to manage their microsite universe
with a ...)
+ TODO: check
+CVE-2025-54120 (PCL (Plain Craft Launcher) Community Edition is a Minecraft
launcher. ...)
+ TODO: check
+CVE-2025-54072 (yt-dlp is a feature-rich command-line audio/video downloader.
In versi ...)
+ TODO: check
+CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision
vulnerability in ...)
+ TODO: check
+CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data
without enc ...)
+ TODO: check
+CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the
OISF (O ...)
+ TODO: check
+CVE-2025-51462 (Stored Cross-site Scripting (XSS) vulnerability in
api.apps.dialog_app ...)
+ TODO: check
+CVE-2025-50481 (A cross-site scripting (XSS) vulnerability in the component
/blog/blog ...)
+ TODO: check
+CVE-2025-50477 (A URL redirection in lbry-desktop v0.53.9 allows attackers to
redirect ...)
+ TODO: check
+CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
was disc ...)
+ TODO: check
+CVE-2025-4700 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-4411 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-4296 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in H ...)
+ TODO: check
+CVE-2025-48733 (DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a
function ...)
+ TODO: check
+CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and
6900w Serie ...)
+ TODO: check
+CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk
command ...)
+ TODO: check
+CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition
via the ...)
+ TODO: check
+CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload
or creat ...)
+ TODO: check
+CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to
redirect vict ...)
+ TODO: check
+CVE-2025-43881 (Improper validation of specified quantity in input issue
exists in Rea ...)
+ TODO: check
+CVE-2025-43489 (A potential security vulnerability has been identified in the
Poly Cla ...)
+ TODO: check
+CVE-2025-43488 (A potential security vulnerability has been identified in the
Poly Cla ...)
+ TODO: check
+CVE-2025-43487 (A potential privilege escalation through Sudo vulnerability
has been i ...)
+ TODO: check
+CVE-2025-43486 (A potential stored cross-site scripting vulnerability has been
identif ...)
+ TODO: check
+CVE-2025-43485 (A potential security vulnerability has been identified in the
Poly Cla ...)
+ TODO: check
+CVE-2025-43484 (A potential reflected cross-site scripting vulnerability has
been iden ...)
+ TODO: check
+CVE-2025-43483 (A potential security vulnerability has been identified in the
Poly Cla ...)
+ TODO: check
+CVE-2025-43022 (A potential SQL injection vulnerability has been identified in
the Pol ...)
+ TODO: check
+CVE-2025-43021 (A potential security vulnerability has been identified in the
Poly Cla ...)
+ TODO: check
+CVE-2025-43020 (A potential command injection vulnerability has been
identified in the ...)
+ TODO: check
+CVE-2025-42947 (SAP FICA ODN framework allows a high privileged user to inject
value i ...)
+ TODO: check
+CVE-2025-41687 (An unauthenticated remote attacker may use a stack based
buffer overfl ...)
+ TODO: check
+CVE-2025-41684 (An authenticated remote attacker can execute arbitrary
commands with r ...)
+ TODO: check
+CVE-2025-41683 (An authenticated remote attacker can execute arbitrary
commands with r ...)
+ TODO: check
+CVE-2025-41425 (DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a
cross-site script ...)
+ TODO: check
+CVE-2025-40599 (An authenticated arbitrary file upload vulnerability exists in
the SMA ...)
+ TODO: check
+CVE-2025-40598 (A Reflected cross-site scripting (XSS) vulnerability exists in
the SMA ...)
+ TODO: check
+CVE-2025-40597 (A Heap-based buffer overflow vulnerability in the SMA100
series web in ...)
+ TODO: check
+CVE-2025-40596 (A Stack-based buffer overflow vulnerability in the SMA100
series web i ...)
+ TODO: check
+CVE-2025-36117 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the
session i ...)
+ TODO: check
+CVE-2025-36116 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by
cross-site W ...)
+ TODO: check
+CVE-2025-33077 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 is vul ...)
+ TODO: check
+CVE-2025-33076 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 is vul ...)
+ TODO: check
+CVE-2025-33020 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 transm ...)
+ TODO: check
+CVE-2025-31701 (A vulnerability has been found in Dahua products. Attackers
could exp ...)
+ TODO: check
+CVE-2025-31700 (A vulnerability has been found in Dahua products. Attackers
could exp ...)
+ TODO: check
+CVE-2025-2634 (Out of bounds read vulnerability due to improper bounds
checking in NI ...)
+ TODO: check
+CVE-2025-2633 (Out of bounds read vulnerability due to improper bounds
checking in NI ...)
+ TODO: check
+CVE-2025-27930 (Zohocorp ManageEngine Applications Manager versions176600 and
prior ar ...)
+ TODO: check
+CVE-2024-53288 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53287 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53286 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2024-41751 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-41750 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-40686 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
+ TODO: check
+CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access
Management(formerly Imp ...)
+ TODO: check
+CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows
unauth ...)
+ TODO: check
+CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce
Online ...)
+ TODO: check
+CVE-2018-25113 (An unauthenticated path traversal vulnerability exists in
Dicoogle PAC ...)
+ TODO: check
+CVE-2017-20198 (The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users
to deplo ...)
+ TODO: check
+CVE-2016-15045 (A local privilege escalation vulnerability exists in
lastore-daemon, t ...)
+ TODO: check
+CVE-2015-10141 (An unauthenticated OS command injection vulnerability exists
within Xd ...)
+ TODO: check
+CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version
0.92, a ligh ...)
+ TODO: check
+CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
expr .. ...)
- apache2 2.4.65-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by:
https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
-CVE-2025-8035
+CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird
ESR 128. ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8035
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8035
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8035
-CVE-2025-8040
+CVE-2025-8040 (Memory safety bugs present in Firefox ESR 140.0, Thunderbird
ESR 140.0 ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
-CVE-2025-8034
+CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR
128.12, ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8034
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8034
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8034
-CVE-2025-8044
+CVE-2025-8044 (Memory safety bugs present in Firefox 140 and Thunderbird 140.
Some of ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
-CVE-2025-8033
+CVE-2025-8033 (The JavaScript engine did not handle closed generators
correctly and i ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8033
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8033
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8033
-CVE-2025-8039
+CVE-2025-8039 (In some cases search terms persisted in the URL bar even after
navigat ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8039
-CVE-2025-8038
+CVE-2025-8038 (Thunderbird ignored paths when checking the validity of
navigations in ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
-CVE-2025-8032
+CVE-2025-8032 (XSLT document loading did not correctly propagate the source
document ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8032
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
-CVE-2025-8031
+CVE-2025-8031 (The `username:password` part was not correctly stripped from
URLs in C ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8031
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8031
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8031
-CVE-2025-8043
+CVE-2025-8043 (Focus incorrectly truncated URLs towards the beginning instead
of arou ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
-CVE-2025-8030
+CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature
could po ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8030
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8030
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8030
-CVE-2025-8037
+CVE-2025-8037 (Setting a nameless cookie with an equals sign in the value
shadowed ot ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8037
-CVE-2025-8036
+CVE-2025-8036 (Thunderbird cached CORS preflight responses across IP address
changes. ...)
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
-CVE-2025-8029
+CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object`
and `emb ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -78,24 +298,24 @@ CVE-2025-8042
CVE-2025-8041
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
-CVE-2025-8028
+CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries
could le ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8028
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
-CVE-2025-8027
+CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the
64-bit ret ...)
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8027
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8027
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8027
-CVE-2025-8011
+CVE-2025-8011 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-8010
+CVE-2025-8010 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology
LBT-T300-T310 ...)
@@ -260,7 +480,7 @@ CVE-2025-4285 (Improper Neutralization of Special Elements
used in an SQL Comman
NOT-FOR-US: Agentis
CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Agentis
-CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service
(applicati ...)
+CVE-2025-48964 (ping in iputils before 20250602 allows a denial of service
(applicatio ...)
- iputils <not-affected> (Incomplete fix for CVE-2025-47268 no applied;
unimportant)
NOTE:
https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
NOTE: Fixed by:
https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
@@ -1863,6 +2083,7 @@ CVE-2025-53905 (Vim is an open source, command line text
editor. Prior to versio
NOTE:
https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239
(v9.1.1552)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr
CVE-2025-30761 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
NOTE: https://www.openwall.com/lists/oss-security/2025/07/16/1
@@ -1957,6 +2178,7 @@ CVE-2025-50108 (Vulnerability in the Oracle Hyperion
Financial Reporting product
CVE-2025-50107 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2025-50106 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -2051,6 +2273,7 @@ CVE-2025-50061 (Vulnerability in the Primavera P6
Enterprise Project Portfolio M
CVE-2025-50060 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2025-50059 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -2117,6 +2340,7 @@ CVE-2025-30758 (Vulnerability in the Siebel CRM End User
product of Oracle Siebe
CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component:
General). The ...)
NOT-FOR-US: Oracle
CVE-2025-30754 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -2131,6 +2355,7 @@ CVE-2025-30751 (Vulnerability in the Oracle Database
component of Oracle Databas
CVE-2025-30750 (Vulnerability in the Unified Audit component of Oracle
Database Server ...)
NOT-FOR-US: Oracle
CVE-2025-30749 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ {DLA-4248-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -4148,7 +4373,7 @@ CVE-2025-49714 (Trust boundary violation in Visual Studio
Code - Python extensio
NOT-FOR-US: Microsoft
CVE-2025-49711 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2025-49706 (Improper authentication in Microsoft Office SharePoint allows
an autho ...)
+CVE-2025-49706 (Improper authentication in Microsoft Office SharePoint allows
an unaut ...)
NOT-FOR-US: Microsoft
CVE-2025-49705 (Heap-based buffer overflow in Microsoft Office PowerPoint
allows an un ...)
NOT-FOR-US: Microsoft
@@ -6495,7 +6720,7 @@ CVE-2025-6927
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165118 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165119 (master)
CVE-2025-6926 (Improper Authentication vulnerability in Wikimedia Foundation
Mediawik ...)
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T389010
@@ -6503,7 +6728,7 @@ CVE-2025-6926 (Improper Authentication vulnerability in
Wikimedia Foundation Med
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165090
(REL1_39)
CVE-2025-6597
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T389009
@@ -6517,21 +6742,21 @@ CVE-2025-6596
NOTE: https://phabricator.wikimedia.org/T396685
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/skins/Vector/+/1165107
(master)
CVE-2025-6595
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T394863
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165106
(master)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165144
(REL1_39)
CVE-2025-6594
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T395063
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165115 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165087
(REL1_39)
CVE-2025-6593
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T396230
@@ -6545,14 +6770,14 @@ CVE-2025-6592
NOTE: https://phabricator.wikimedia.org/T391218
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1143146 (master)
CVE-2025-6591
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T392276
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165113 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165085
(REL1_39)
CVE-2025-6590
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T392746
@@ -11403,7 +11628,7 @@ CVE-2025-6019 (A Local Privilege Escalation (LPE)
vulnerability was found in lib
NOTE: As hardening measure udisks2 (in unstable since 2.10.1-12.1)
NOTE: will enforce that private mounts are mounted with 'nodev,nosuid'.
NOTE:
https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9
-CVE-2025-6018 [LPE from unprivileged to allow_active in SUSE 15's PAM]
+CVE-2025-6018 (A Local Privilege Escalation (LPE) vulnerability has been
discovered i ...)
- pam <not-affected> (SUSE specific issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
@@ -12316,9 +12541,10 @@ CVE-2025-48444 (Missing Authorization vulnerability in
Drupal Quick Node Block a
NOT-FOR-US: Drupal core and addons
CVE-2025-48013 (Missing Authorization vulnerability in Drupal Quick Node Block
allows ...)
NOT-FOR-US: Drupal core and addons
-CVE-2025-41663 (An unauthenticated remote attacker in a man-in-the-middle
position can ...)
+CVE-2025-41663 (For u-link Management API an unauthenticated remote attacker
in a man- ...)
NOT-FOR-US: Weidmueller
-CVE-2025-41662 (An unauthenticated remote attacker can execute arbitrary
commands with ...)
+CVE-2025-41662
+ REJECTED
NOT-FOR-US: Weidmueller
CVE-2025-41661 (An unauthenticated remote attacker can execute arbitrary
commands with ...)
NOT-FOR-US: Weidmueller
@@ -24033,7 +24259,7 @@ CVE-2024-42212 (HCL BigFix Compliance is affected by an
improper or missing Same
NOT-FOR-US: HCL
CVE-2024-11615 (The Envolve Plugin plugin for WordPress is vulnerable to
arbitrary fil ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-47268 (ping in iputils through 20240905 allows a denial of service
(applicati ...)
+CVE-2025-47268 (ping in iputils before 20250602 allows a denial of service
(applicatio ...)
- iputils <unfixed> (unimportant; bug #1104746; bug #1109728)
NOTE: https://github.com/iputils/iputils/issues/584
NOTE: https://github.com/Zephkek/ping-rtt-overflow/
@@ -31407,7 +31633,7 @@ CVE-2025-32074 (Improper Encoding or Escaping of Output
vulnerability in The Wik
CVE-2025-32073 (Improper Input Validation vulnerability in The Wikimedia
Foundation Me ...)
NOT-FOR-US: HTMLTags MediaWiki extension
CVE-2025-32072 (Improper Encoding or Escaping of Output vulnerability in The
Wikimedia ...)
- {DSA-5957-1}
+ {DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-2
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134
NOTE: https://phabricator.wikimedia.org/T386175
@@ -31742,13 +31968,13 @@ CVE-2025-32700 (Exposure of Sensitive Information to
an Unauthorized Actor vulne
NOTE: Introduced by
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1026560
(REL1_43)
NOTE: Fixed by
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1135788
CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia
Foundation ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T387130
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135794
NOTE: The fix needs changes in embedded parsoid too:
https://gerrit.wikimedia.org/r/c/mediawiki/services/parsoid/+/1124903 (v0.16.5)
CVE-2025-32698 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T385958
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135793
@@ -31761,12 +31987,12 @@ CVE-2025-32697 (Improper Preservation of Permissions
vulnerability in Wikimedia
NOTE: https://phabricator.wikimedia.org/T24521
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1112359
CVE-2025-32696 (Improper Preservation of Permissions vulnerability in
Wikimedia Founda ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T304474
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/737454
CVE-2025-3469 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- {DSA-5901-1}
+ {DSA-5901-1 DLA-4249-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T358689
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135795
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323133a96451f8219ca5d609cea4fa476ac85aaf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323133a96451f8219ca5d609cea4fa476ac85aaf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
