Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25716366 by security tracker role at 2025-08-08T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-8749 (Path Traversal vulnerability in API Endpoint in Mobile
Industrial Robo ...)
+ TODO: check
+CVE-2025-8748 (MiR software versions prior to version 3.0.0 are affected by a
command ...)
+ TODO: check
+CVE-2025-8738 (A vulnerability has been found in zlt2000
microservices-platform up to ...)
+ TODO: check
+CVE-2025-8737 (A vulnerability, which was classified as problematic, was found
in zlt ...)
+ TODO: check
+CVE-2025-8736 (A vulnerability, which was classified as critical, has been
found in G ...)
+ TODO: check
+CVE-2025-8735 (A vulnerability classified as problematic was found in GNU
cflow up to ...)
+ TODO: check
+CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU
Bison ...)
+ TODO: check
+CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been
rated ...)
+ TODO: check
+CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been
declare ...)
+ TODO: check
+CVE-2025-8731 (A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and
TPL-430A ...)
+ TODO: check
+CVE-2025-8730 (A vulnerability was found in Belkin F9K1009 and F9K1010
2.00.04/2.00.0 ...)
+ TODO: check
+CVE-2025-8729 (A vulnerability has been found in MigoXLab LMeterX 1.2.0 and
classifie ...)
+ TODO: check
+CVE-2025-8393 (A TLS vulnerability exists in the phone application used to
manage a ...)
+ TODO: check
+CVE-2025-8356 (In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a
Path T ...)
+ TODO: check
+CVE-2025-8355 (In Xerox FreeFlow Core version 8.0.4, improper handling of XML
input a ...)
+ TODO: check
+CVE-2025-8284 (By default, the Packet Power Monitoring and Control Web
Interface do n ...)
+ TODO: check
+CVE-2025-8088 (A path traversal vulnerability affecting the Windows version of
WinRAR ...)
+ TODO: check
+CVE-2025-5095 (Burk Technology ARC Solo's password change mechanism can be
utilized w ...)
+ TODO: check
+CVE-2025-53606 (Deserialization of Untrusted Data vulnerability in Apache
Seata (incub ...)
+ TODO: check
+CVE-2025-53520 (The affected product allows firmware updates to be downloaded
from EG4 ...)
+ TODO: check
+CVE-2025-52914 (A vulnerability in the Suite Applications Services component
of Mitel ...)
+ TODO: check
+CVE-2025-52913 (A vulnerability in the NuPoint Unified Messaging (NPM)
component of Mi ...)
+ TODO: check
+CVE-2025-52586 (The MOD3 command traffic between the monitoring application
and the i ...)
+ TODO: check
+CVE-2025-50928 (Easy Hosting Control Panel EHCP v20.04.1.b was discovered to
contain a ...)
+ TODO: check
+CVE-2025-50927 (A reflected cross-site scripting (XSS) vulnerability in the
List All F ...)
+ TODO: check
+CVE-2025-50468 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
+ TODO: check
+CVE-2025-50467 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
+ TODO: check
+CVE-2025-50466 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
+ TODO: check
+CVE-2025-50465 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
+ TODO: check
+CVE-2025-4796 (The Eventin plugin for WordPress is vulnerable to privilege
escalation ...)
+ TODO: check
+CVE-2025-4576 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-48913 (If untrusted users are allowed to configure JMS for Apache
CXF, previo ...)
+ TODO: check
+CVE-2025-47872 (The public-facing product registration endpoint server
responds diffe ...)
+ TODO: check
+CVE-2025-46414 (The affected product does not limit the number of attempts for
inputti ...)
+ TODO: check
+CVE-2025-36119 (IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated
user obta ...)
+ TODO: check
+CVE-2025-36023 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0
IF005 and ...)
+ TODO: check
+CVE-2012-10053 (Simple Web Server 2.2 rc2 contains a stack-based buffer
overflow vulne ...)
+ TODO: check
+CVE-2012-10052 (EGallery version 1.2 contains an unauthenticated arbitrary
file upload ...)
+ TODO: check
+CVE-2012-10051 (Photodex ProShow Producer version 5.0.3256 contains a
stack-based buff ...)
+ TODO: check
+CVE-2012-10050 (CuteFlow version 2.11.2 and earlier contains an arbitrary file
upload ...)
+ TODO: check
+CVE-2012-10049 (WebPageTest version 2.6 and earlier contains an arbitrary file
upload ...)
+ TODO: check
+CVE-2012-10048 (Zenoss Core 3.x contains a command injection vulnerability in
the show ...)
+ TODO: check
+CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x is
vulnerable to a ...)
+ TODO: check
+CVE-2012-10046 (The E-Mail Security Virtual Appliance (ESVA) (tested on
version ESVA_2 ...)
+ TODO: check
+CVE-2012-10045 (XODA version 0.4.5 contains an unauthenticated file upload
vulnerabili ...)
+ TODO: check
+CVE-2012-10044 (MobileCartly version 1.0 contains an arbitrary file creation
vulnerabi ...)
+ TODO: check
+CVE-2012-10043 (A stack-based buffer overflow vulnerability exists in ActFax
Server ve ...)
+ TODO: check
+CVE-2012-10042 (Sflog! CMS 1.0 contains an authenticated arbitrary file upload
vulnera ...)
+ TODO: check
+CVE-2012-10041 (WAN Emulator v2.3 contains two unauthenticated command
execution vulne ...)
+ TODO: check
+CVE-2012-10036 (Project Pier 0.8.8 and earlier contains an unauthenticated
arbitrary f ...)
+ TODO: check
+CVE-2010-10013 (An unauthenticated remote command execution vulnerability
exists in Aj ...)
+ TODO: check
CVE-2025-8708 (A vulnerability was found in Antabot White-Jotter 0.22. It has
been de ...)
NOT-FOR-US: Antabot White-Jotter
CVE-2025-8707 (A vulnerability was found in Huuge Box App 1.0.3 on Android. It
has be ...)
@@ -133674,7 +133776,7 @@ CVE-2024-20392 (A vulnerability in the web-based
management API of Cisco AsyncOS
NOT-FOR-US: Cisco
CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of
Cisco Se ...)
NOT-FOR-US: Cisco
-CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD
CLI could ...)
+CVE-2024-20383 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco
Crosswo ...)
NOT-FOR-US: Cisco
@@ -446575,8 +446677,8 @@ CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows
Unauthenticated SMB Hash Captur
NOT-FOR-US: Aquaforest TIFF Server
CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and
Directory E ...)
NOT-FOR-US: Aquaforest TIFF Server
-CVE-2020-9322
- RESERVED
+CVE-2020-9322 (The /users endpoint in Statamic Core before 2.11.8 allows XSS
to add a ...)
+ TODO: check
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and
TraefikEE 2.0. ...)
- traefik <itp> (bug #983289)
CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass
via a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257163664b8160c8ffe12c54c6898e1c852c5446
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257163664b8160c8ffe12c54c6898e1c852c5446
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
