Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af1ceb1a by security tracker role at 2025-08-06T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2025-8667 (A vulnerability, which was classified as critical, was found in
Skywor ...)
+ TODO: check
+CVE-2025-8665 (A vulnerability, which was classified as critical, has been
found in a ...)
+ TODO: check
+CVE-2025-8620 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
+ TODO: check
+CVE-2025-8616 (A weakness identified in OpenText Advanced Authentication where
aMalic ...)
+ TODO: check
+CVE-2025-8419 (A vulnerability was found in Keycloak-services. Special
characters use ...)
+ TODO: check
+CVE-2025-8130
+ REJECTED
+CVE-2025-7771 (ThrottleStop.sys, a legitimate driver, exposes two IOCTL
interfaces th ...)
+ TODO: check
+CVE-2025-7202 (A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and
related ...)
+ TODO: check
+CVE-2025-6013 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) ldap auth
method ...)
+ TODO: check
+CVE-2025-5197 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
+ TODO: check
+CVE-2025-53786 (On April 18th 2025, Microsoft announced Exchange Server
Security Chang ...)
+ TODO: check
+CVE-2025-51624 (Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru
3.4.0.)
+ TODO: check
+CVE-2025-51532 (Incorrect access control in Sage DPW v2024.12.003 allows
unauthorized ...)
+ TODO: check
+CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage
DPW v2024 ...)
+ TODO: check
+CVE-2025-51308 (In Gatling Enterprise versions below 1.25.0, a low-privileged
user tha ...)
+ TODO: check
+CVE-2025-51306 (In Gatling Enterprise versions below 1.25.0, a user
logging-out can st ...)
+ TODO: check
+CVE-2025-51040 (Electrolink FM/DAB/TV Transmitter Web Management System
Unauthorized a ...)
+ TODO: check
+CVE-2025-50286 (A Remote Code Execution (RCE) vulnerability in Grav CMS
v1.7.48 allows ...)
+ TODO: check
+CVE-2025-50234 (MCCMS v2.7.0 has an SSRF vulnerability located in the index()
method o ...)
+ TODO: check
+CVE-2025-50233 (A vulnerability in QCMS version 6.0.5 allows authenticated
users to re ...)
+ TODO: check
+CVE-2025-48394 (An attacker with authenticated and privileged access could
modify the ...)
+ TODO: check
+CVE-2025-48393 (The server identity check mechanism for firmware upgrade
performed via ...)
+ TODO: check
+CVE-2025-46391 (CWE-284: Improper Access Control)
+ TODO: check
+CVE-2025-46390 (CWE-204: Observable Response Discrepancy)
+ TODO: check
+CVE-2025-46389 (CWE-620: Unverified Password Change)
+ TODO: check
+CVE-2025-46388 (CWE-200 Exposure of Sensitive Information to an Unauthorized
Actor)
+ TODO: check
+CVE-2025-46387 (CWE-639 Authorization Bypass Through User-Controlled Key)
+ TODO: check
+CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key)
+ TODO: check
+CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak
encryption.)
+ TODO: check
+CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption.)
+ TODO: check
+CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20
is vulne ...)
+ TODO: check
+CVE-2025-3320 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20
is vulne ...)
+ TODO: check
+CVE-2025-38747 (Dell SupportAssist OS Recovery, versions prior to 5.5.14.0,
contain a ...)
+ TODO: check
+CVE-2025-38746 (Dell SupportAssist OS Recovery, versions prior to 5.5.14.0,
contains a ...)
+ TODO: check
+CVE-2025-36020 (IBM Guardium Data Protection could allow a remote attacker to
obtain s ...)
+ TODO: check
+CVE-2025-30127 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8
devices. Onc ...)
+ TODO: check
+CVE-2025-2028 (Lack of TLS validation when downloading a CSV file including
mapping f ...)
+ TODO: check
+CVE-2025-23335 (NVIDIA Triton Inference Server for Windows and Linux and the
Tensor RT ...)
+ TODO: check
+CVE-2025-23334 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23333 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23331 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23327 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23326 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23325 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23324 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23323 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23322 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23321 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23320 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23319 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23318 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23317 (NVIDIA Triton Inference Server contains a vulnerability in the
HTTP se ...)
+ TODO: check
+CVE-2025-23311 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2025-23310 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-22470 (CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the
firmware versio ...)
+ TODO: check
+CVE-2025-22469 (OS command injection vulnerability exists in CL4/6NX Plus and
CL4/6NX- ...)
+ TODO: check
+CVE-2025-20332 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2025-20331 (A vulnerability in the web-based management interface of Cisco
ISE and ...)
+ TODO: check
+CVE-2025-20215 (A vulnerability in the meeting-join functionality of Cisco
Webex Meeti ...)
+ TODO: check
+CVE-2024-8244 (The filepath.Walk and filepath.WalkDir functions are documented
as not ...)
+ TODO: check
+CVE-2024-52885 (The Mobile Access Portal's File Share application is
vulnerable to a d ...)
+ TODO: check
CVE-2025-8656 (Kenwood DMX958XR Protection Mechanism Failure Software
Downgrade Vulne ...)
NOT-FOR-US: Kenwood
CVE-2025-8655 (Kenwood DMX958XR libSystemLib Command injection Remote Code
Execution ...)
@@ -352,7 +474,7 @@ CVE-2012-10024 (XBMC version 11, including builds up to the
2012-11-04 nightly r
- xbmc <removed>
CVE-2012-10023 (A stack-based buffer overflow vulnerability exists in
FreeFloat FTP Se ...)
NOT-FOR-US: FreeFloat FTP Server
-CVE-2025-8556
+CVE-2025-8556 (A flaw was found in CIRCL's implementation of the FourQ
elliptic curve ...)
- golang-github-cloudflare-circl 1.6.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2371624
NOTE:
https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm
@@ -455,27 +577,35 @@ CVE-2012-10034 (ClanSphere 2011.3 is vulnerable to a
local file inclusion (LFI)
CVE-2012-10031 (BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a
stack-based buf ...)
NOT-FOR-US: BlazeVideo HDTV Player Pro
CVE-2025-8583
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8582
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8581
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8580
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8579
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8578
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8577
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8576
+ {DSA-5971-1}
- chromium 139.0.7258.66-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8551 (A vulnerability was found in atjiu pybbs up to 6.0.0. It has
been rate ...)
@@ -65218,7 +65348,7 @@ CVE-2024-55591 (AnAuthentication Bypass Using an
Alternate Path or Channel vulne
NOT-FOR-US: FortiGuard
CVE-2024-55000 (Sourcecodester House Rental Management system v1.0 is
vulnerable to Cr ...)
NOT-FOR-US: Sourcecodester House Rental Management system
-CVE-2024-54021 (An improper neutralization of crlf sequences in http headers
('http re ...)
+CVE-2024-54021 (An Improper Neutralization of CRLF Sequences in HTTP Headers
('http re ...)
NOT-FOR-US: FortiGuard
CVE-2024-53996
REJECTED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af1ceb1a7333316fb2b86cd6d0a5362cae1278d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af1ceb1a7333316fb2b86cd6d0a5362cae1278d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
