Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60849896 by security tracker role at 2025-08-01T08:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,82 @@
-CVE-2025-48073
+CVE-2025-8441 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-8439 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-8438 (A vulnerability classified as critical was found in
code-projects Wazi ...)
+ TODO: check
+CVE-2025-8437 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-8436 (A vulnerability was found in projectworlds Online Admission
System 1.0 ...)
+ TODO: check
+CVE-2025-8435 (A vulnerability was found in code-projects Online Movie
Streaming 1.0. ...)
+ TODO: check
+CVE-2025-8434 (A vulnerability was found in code-projects Online Movie
Streaming 1.0. ...)
+ TODO: check
+CVE-2025-8433 (A vulnerability was found in code-projects Document Management
System ...)
+ TODO: check
+CVE-2025-8431 (A vulnerability has been found in PHPGurukul Boat Booking
System 1.0 a ...)
+ TODO: check
+CVE-2025-7845 (The Stratum \u2013 Elementor Widgets plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-7725 (The Photos, Files, YouTube, Twitter, Instagram, TikTok,
Ecommerce Cont ...)
+ TODO: check
+CVE-2025-7646 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
+ TODO: check
+CVE-2025-7443 (The BerqWP \u2013 Automated All-In-One Page Speed Optimization
for Cor ...)
+ TODO: check
+CVE-2025-5954 (The Service Finder SMS System plugin for WordPress is
vulnerable to pr ...)
+ TODO: check
+CVE-2025-5947 (The Service Finder Bookings plugin for WordPress is vulnerable
to priv ...)
+ TODO: check
+CVE-2025-5921 (The SureForms WordPress plugin before 1.7.2 does not sanitise
and esc ...)
+ TODO: check
+CVE-2025-54939 (LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an
lsquic_engine_pack ...)
+ TODO: check
+CVE-2025-54847
+ REJECTED
+CVE-2025-54846
+ REJECTED
+CVE-2025-54845
+ REJECTED
+CVE-2025-54844
+ REJECTED
+CVE-2025-54843
+ REJECTED
+CVE-2025-54842
+ REJECTED
+CVE-2025-54841
+ REJECTED
+CVE-2025-54840
+ REJECTED
+CVE-2025-54839
+ REJECTED
+CVE-2025-54657
+ REJECTED
+CVE-2025-4523 (The IDonate \u2013 Blood Donation, Request And Donor Management
System ...)
+ TODO: check
+CVE-2025-45768 (pyjwt v2.10.1 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-31716 (In bootloader, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2025-23289 (NVIDIA Omniverse Launcher for Windows and Linux contains a
vulnerabili ...)
+ TODO: check
+CVE-2025-48073 (OpenEXR provides the specification and reference
implementation of the ...)
- openexr <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm
-CVE-2025-48072
+CVE-2025-48072 (OpenEXR provides the specification and reference
implementation of the ...)
- openexr <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361
(v3.3.3-rc)
-CVE-2025-48071
+CVE-2025-48071 (OpenEXR provides the specification and reference
implementation of the ...)
- openexr <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f
(v3.3.3-rc)
-CVE-2023-32251 [ksmbd: block asynchronous requests when making a delay on
session setup]
+CVE-2023-32251 (A vulnerability has been identified in the Linux kernel's
ksmbd compon ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/b096d97f47326b1e2dbdef1c91fab69ffda54d17 (6.4-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-699/
-CVE-2025-53399 [Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite
proper configuration]
+CVE-2025-53399 (In Sipwise rtpengine before 13.4.1.1, an origin-validation
error in th ...)
- rtpengine <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/07/31/1
NOTE:
https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject
@@ -3429,6 +3491,7 @@ CVE-2025-7785 (A vulnerability classified as problematic
was found in thinkgem J
CVE-2025-7784 (A flaw was found in the Keycloak identity and access management
system ...)
- keycloak <itp> (bug #1088287)
CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data
allows ...)
+ {DLA-4261-1}
- node-form-data 4.0.1-2 (bug #1109551)
NOTE:
https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
NOTE: Fixed by:
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0
(v4.0.4)
@@ -4830,7 +4893,7 @@ CVE-2024-26292 (An authenticated Arbitrary File Deletion
vulnerability enables a
NOT-FOR-US: Avid Nexis
CVE-2024-26291 (An Unauthenticated Arbitrary File Read vulnerability affects
the Agent ...)
NOT-FOR-US: Avid Nexis
-CVE-2025-8454 [uscan must not skip OpenPGP check after failed check in
previous run]
+CVE-2025-8454 (It was discovered that uscan, a tool to scan/watch upstream
sources fo ...)
- devscripts <unfixed> (bug #1109251)
[trixie] - devscripts <no-dsa> (Can be fixed via a point release)
[bookworm] - devscripts <no-dsa> (Can be fixed via a point release)
@@ -5287,6 +5350,7 @@ CVE-2023-38329 (An issue was discovered in eGroupWare
17.1.20190111. A cross-sit
CVE-2023-38327 (An issue was discovered in eGroupWare 17.1.20190111. A User
Enumeratio ...)
- egroupware <removed>
CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang.
This iss ...)
+ {DLA-4262-1}
- libcommons-lang3-java <unfixed> (bug #1109125)
[bookworm] - libcommons-lang3-java <no-dsa> (Minor issue)
- libcommons-lang-java <unfixed> (bug #1109126)
@@ -7852,6 +7916,7 @@ CVE-2025-53605 (The protobuf crate before 3.7.2 for Rust
allows uncontrolled rec
CVE-2025-53604 (The web-push crate before 0.10.3 for Rust allows a denial of
service ( ...)
NOT-FOR-US: web-push Rust crate
CVE-2025-53603 (In Alinto SOPE SOGo 2.0.2 through 5.12.2,
sope-core/NGExtensions/NGHas ...)
+ {DSA-5970-1 DLA-4260-1}
- sope 5.12.1-2 (bug #1108798)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/02/3
NOTE: https://github.com/Alinto/sope/pull/69
@@ -466471,8 +466536,8 @@ CVE-2019-19147
RESERVED
CVE-2019-19146
RESERVED
-CVE-2019-19145
- RESERVED
+CVE-2019-19145 (Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to
access ...)
+ TODO: check
CVE-2019-19144
RESERVED
CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require
authentication to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6084989694a982895dc3a238c2baf7dd7a836b59
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6084989694a982895dc3a238c2baf7dd7a836b59
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
