Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2610bcfa by security tracker role at 2025-07-31T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,157 @@
+CVE-2025-8426 (Marvell QConvergeConsole compressConfigFiles Directory
Traversal Infor ...)
+ TODO: check
+CVE-2025-8409 (A vulnerability has been found in code-projects Vehicle
Management 1.0 ...)
+ TODO: check
+CVE-2025-8408 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-8407 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-8401 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2025-8382 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-8381 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-8380 (A vulnerability classified as problematic was found in
Campcodes Onlin ...)
+ TODO: check
+CVE-2025-8379 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
+ TODO: check
+CVE-2025-8378 (A vulnerability was found in Campcodes Online Hotel Reservation
System ...)
+ TODO: check
+CVE-2025-8376 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-8375 (A vulnerability was found in code-projects Vehicle Management
1.0. It ...)
+ TODO: check
+CVE-2025-8374 (A vulnerability was found in code-projects Vehicle Management
1.0. It ...)
+ TODO: check
+CVE-2025-8286 (G\xfcralp FMUS series seismic monitoring devicesexpose an
unauthentica ...)
+ TODO: check
+CVE-2025-8213 (The NinjaScanner \u2013 Virus & Malware scan plugin for
WordPress is v ...)
+ TODO: check
+CVE-2025-8192 (There exists a TOCTOU race condition in TvSettings
AppRestrictionsFrag ...)
+ TODO: check
+CVE-2025-8151 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2025-8068 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2025-54834 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0
allows an u ...)
+ TODO: check
+CVE-2025-54833 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0
allows atta ...)
+ TODO: check
+CVE-2025-54832 (OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0,
allows an ...)
+ TODO: check
+CVE-2025-54589 (Copyparty is a portable file server. In versions 1.18.6 and
below, whe ...)
+ TODO: check
+CVE-2025-52289 (A Broken Access Control vulnerability in MagnusBilling
v7.8.5.3 allows ...)
+ TODO: check
+CVE-2025-52203 (A stored cross-site scripting (XSS) vulnerability exists in
DevaslanPH ...)
+ TODO: check
+CVE-2025-51569 (A cross-site scripting (XSS) vulnerability exists in the
LB-Link BL-CP ...)
+ TODO: check
+CVE-2025-51503 (A Stored Cross-Site Scripting (XSS) vulnerability in
Microweber CMS 2. ...)
+ TODO: check
+CVE-2025-51385 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in
the yyxz ...)
+ TODO: check
+CVE-2025-51384 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in
the ipse ...)
+ TODO: check
+CVE-2025-51383 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in
the ipse ...)
+ TODO: check
+CVE-2025-50867 (A SQL Injection vulnerability exists in the
takeassessment2.php endpoi ...)
+ TODO: check
+CVE-2025-50866 (CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site
Scripti ...)
+ TODO: check
+CVE-2025-50850 (An issue was discovered in CS Cart 4.18.3 allows the vendor
login func ...)
+ TODO: check
+CVE-2025-50849 (CS Cart 4.18.3 is vulnerable to Insecure Direct Object
Reference (IDOR ...)
+ TODO: check
+CVE-2025-50848 (A file upload vulnerability was discovered in CS Cart 4.18.3,
allows a ...)
+ TODO: check
+CVE-2025-50847 (Cross Site Request Forgery (CSRF) vulnerability in CS Cart
4.18.3, all ...)
+ TODO: check
+CVE-2025-50572 (An issue was discovered in Archer Technology RSA Archer
6.11.00204.100 ...)
+ TODO: check
+CVE-2025-50475 (An OS command injection vulnerability exists in Russound
MBX-PRE-D67F ...)
+ TODO: check
+CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the
"content mana ...)
+ TODO: check
+CVE-2025-46809 (A Insertion of Sensitive Information into Log File
vulnerability in SU ...)
+ TODO: check
+CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS
commands us ...)
+ TODO: check
+CVE-2025-40980 (A Stored Cross Site Scripting vulnerability has been found in
Ultimate ...)
+ TODO: check
+CVE-2025-37112 (A vulnerability was discovered in the storage policy for
certain sets ...)
+ TODO: check
+CVE-2025-37111 (A vulnerability was discovered in the storage policy for
certain sets ...)
+ TODO: check
+CVE-2025-37110 (A vulnerability was discovered in the storage policy for
certain sets ...)
+ TODO: check
+CVE-2025-37109 (Cross-site scripting vulnerability has been identified in HPE
Telco Se ...)
+ TODO: check
+CVE-2025-37108 (Cross-site scripting vulnerability has been identified in HPE
Telco Se ...)
+ TODO: check
+CVE-2025-34146 (A prototype pollution vulnerability exists in
@nyariv/sandboxjs versio ...)
+ TODO: check
+CVE-2025-2813 (An unauthenticated remote attacker can cause a Denial of
Service by se ...)
+ TODO: check
+CVE-2025-29557 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access
Control ...)
+ TODO: check
+CVE-2025-29556 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access
Control ...)
+ TODO: check
+CVE-2025-26064 (A cross-site scripting (XSS) vulnerability in Intelbras RX1500
v2.2.9 ...)
+ TODO: check
+CVE-2025-26063 (An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows
unauthen ...)
+ TODO: check
+CVE-2025-26062 (An access control issue in Intelbras RX1500 v2.2.9 and RX3000
v1.0.11 ...)
+ TODO: check
+CVE-2025-24854 (A carefully crafted request using the Image plugin could
trigger an XS ...)
+ TODO: check
+CVE-2025-24853 (A carefully crafted request when creating a header link using
the wik ...)
+ TODO: check
+CVE-2024-34328 (An open redirect in Sielox AnyWare v2.1.2 allows attackers to
execute ...)
+ TODO: check
+CVE-2024-34327 (Sielox AnyWare v2.1.2 was discovered to contain a SQL
injection vulner ...)
+ TODO: check
+CVE-2014-125126 (An unrestricted file upload vulnerability exists in Simple
E-Document ...)
+ TODO: check
+CVE-2014-125125 (A path traversal vulnerability exists in A10 Networks AX
Loadbalancer ...)
+ TODO: check
+CVE-2014-125124 (An unauthenticated remote command execution vulnerability
exists in Pa ...)
+ TODO: check
+CVE-2014-125123 (An unauthenticated SQL injection vulnerability exists in the
Kloxo web ...)
+ TODO: check
+CVE-2014-125122 (A stack-based buffer overflow vulnerability exists in the
tmUnblock.cg ...)
+ TODO: check
+CVE-2014-125121 (Array Networks vAPV (version 8.3.2.17) and vxAG (version
9.2.0.34) app ...)
+ TODO: check
+CVE-2013-10043 (A vulnerability exists in OAstium VoIP PBX
astium-confweb-2.1-25399 an ...)
+ TODO: check
+CVE-2013-10042 (A stack-based buffer overflow vulnerability exists in freeFTPd
version ...)
+ TODO: check
+CVE-2013-10040 (ClipBucket version 2.6 and earlier contains a critical
vulnerability i ...)
+ TODO: check
+CVE-2013-10039 (A command injection vulnerability exists in GestioIP 3.0
commit ac67be ...)
+ TODO: check
+CVE-2013-10038 (An unauthenticated arbitrary file upload vulnerability exists
in Flash ...)
+ TODO: check
+CVE-2013-10037 (An OS command injection vulnerability exists in WebTester
version 5.x ...)
+ TODO: check
+CVE-2013-10036 (A stack-based buffer overflow vulnerability exists in Beetel
Connectio ...)
+ TODO: check
+CVE-2013-10035 (A code injection vulnerability exists in ProcessMaker Open
Source vers ...)
+ TODO: check
+CVE-2013-10034 (An unrestricted file upload vulnerability exists in Kaseya
KServer ver ...)
+ TODO: check
+CVE-2013-10033 (An unauthenticated SQL injection vulnerability exists in Kimai
version ...)
+ TODO: check
+CVE-2012-10021 (A stack-based buffer overflow vulnerability exists in D-Link
DIR-605L ...)
+ TODO: check
+CVE-2011-10008 (A stack-based buffer overflow vulnerability exists in MPlayer
Lite r33 ...)
+ TODO: check
CVE-2025-8373 (A vulnerability was found in code-projects Vehicle Management
1.0. It ...)
NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8372 (A vulnerability was found in code-projects Exam Form Submission
1.0 an ...)
@@ -2100,7 +2254,7 @@ CVE-2025-54072 (yt-dlp is a feature-rich command-line
audio/video downloader. In
- yt-dlp <not-affected> (Windows-specific)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-45hg-7f49-5h56
NOTE:
https://github.com/yt-dlp/yt-dlp/commit/959ac99e98c3215437e573c22d64be42d361e863
(2025.07.21)
-CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision
vulnerability in ...)
+CVE-2025-53882 (A Improper Check for Dropped Privileges vulnerability in the
logrotate ...)
- mailman3 <not-affected> (SUSE-specific logrotate configuration issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1246467
CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data
without enc ...)
@@ -2998,7 +3152,7 @@ CVE-2025-54352 (WordPress 3.5 through 6.8.2 allows remote
attackers to guess tit
NOTE:
https://www.imperva.com/blog/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts/
CVE-2025-54319 (An issue was discovered in Westermo WeOS 5 (5.24 through
5.24.4). A th ...)
NOT-FOR-US: Westermo WeOS
-CVE-2025-53771 (Improper limitation of a pathname to a restricted directory
('path tra ...)
+CVE-2025-53771 (Improper authentication in Microsoft Office SharePoint allows
an unaut ...)
NOT-FOR-US: Microsoft
CVE-2025-4685 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for
Gutenberg ...)
NOT-FOR-US: WordPress plugin
@@ -3082,7 +3236,7 @@ CVE-2025-46383 (CWE-79 Improper Neutralization of Input
During Web Page Generati
NOT-FOR-US: Emby Windows
CVE-2025-46382 (CWE-200 Exposure of Sensitive Information to an Unauthorized
Actor)
NOT-FOR-US: CyberArk IDP
-CVE-2025-7738
+CVE-2025-7738 (A flaw was found in Ansible Automation Platform (AAP) where the
Gatewa ...)
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7877 (A vulnerability, which was classified as critical, has been
found in M ...)
NOT-FOR-US: Metasoft
@@ -7284,7 +7438,7 @@ CVE-2025-52492 (A vulnerability has been discovered in
the firmware of Paxton Pa
CVE-2025-4779 (lunary-ai/lunary versions prior to 1.9.24 are vulnerable to
stored cro ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2025-48367 (Redis is an open source, in-memory database that persists on
disk. An ...)
- {DLA-4240-1}
+ {DSA-5969-1 DLA-4240-1}
- redict <unfixed> (bug #1108980)
- redis 5:8.0.2-2 (bug #1108981)
- valkey 8.1.1+dfsg1-3 (bug #1108982)
@@ -7334,7 +7488,7 @@ CVE-2025-3044 (A vulnerability in the ArxivReader class
of the run-llama/llama_i
CVE-2025-36014 (IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is
vulnerable t ...)
NOT-FOR-US: IBM
CVE-2025-32023 (Redis is an open source, in-memory database that persists on
disk. Fro ...)
- {DLA-4240-1}
+ {DSA-5969-1 DLA-4240-1}
- redict <unfixed> (bug #1108977)
- redis 5:8.0.2-2 (bug #1108975)
- valkey 8.1.1+dfsg1-3 (bug #1108978)
@@ -18575,6 +18729,7 @@ CVE-2025-2518 (IBM Db2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
CVE-2025-29632 (Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a
remote attac ...)
NOT-FOR-US: Free5gc
CVE-2025-27151 (Redis is an open source, in-memory database that persists on
disk. In ...)
+ {DSA-5969-1}
- redis 5:8.0.2-2 (bug #1106822)
[bullseye] - redis <not-affected> (Vulnerable code not present)
- redict <unfixed> (bug #1106823)
@@ -612660,21 +612815,21 @@ CVE-2017-6745 (A vulnerability in the cache server
within Cisco Videoscape Distr
NOT-FOR-US: Cisco
CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6742 (A vulnerability in the SNMP implementation of could allow an
authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6741 (A vulnerability in the SNMP implementation of could allow an
authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6739 (A vulnerability in the SNMP implementation of could allow an
authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS a ...)
NOT-FOR-US: Cisco
-CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6737 (A vulnerability in the SNMP implementation of could allow an
authentic ...)
NOT-FOR-US: Cisco
-CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS a ...)
NOT-FOR-US: Cisco
CVE-2017-6735 (A vulnerability in the backup and restore functionality of
Cisco FireS ...)
NOT-FOR-US: Cisco
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2610bcfa9e053496bf4ade47b25d267e7c215209
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2610bcfa9e053496bf4ade47b25d267e7c215209
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
