Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bb88b19 by security tracker role at 2025-08-11T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2025-8866 (YugabyteDB Anywhere web server does not properly enforce
authenticatio ...)
+ TODO: check
+CVE-2025-8865 (The YugabyteDB tablet server contains a flaw in its YCQL query
handlin ...)
+ TODO: check
+CVE-2025-8864 (Shared Access Signature token is not masked in the backup
configuratio ...)
+ TODO: check
+CVE-2025-8863 (YugabyteDB diagnostic information was transmitted over HTTP,
which cou ...)
+ TODO: check
+CVE-2025-8862 (YugabyteDB has been collecting diagnostics information from
YugabyteDB ...)
+ TODO: check
+CVE-2025-8859 (A vulnerability was identified in code-projects eBlog Site 1.0.
Affect ...)
+ TODO: check
+CVE-2025-8853 (Official Document Management System developed by 2100
Technology has a ...)
+ TODO: check
+CVE-2025-8852 (A vulnerability was identified in WuKongOpenSource WukongCRM
11.0. Thi ...)
+ TODO: check
+CVE-2025-8851 (A vulnerability was determined in LibTIFF up to 4.5.1. Affected
by thi ...)
+ TODO: check
+CVE-2025-8847 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1.
Affected ...)
+ TODO: check
+CVE-2025-8846 (A vulnerability has been found in NASM Netwide Assember
2.17rc0. Affec ...)
+ TODO: check
+CVE-2025-8845 (A vulnerability was identified in NASM Netwide Assember
2.17rc0. This ...)
+ TODO: check
+CVE-2025-8844 (A vulnerability was determined in NASM Netwide Assember
2.17rc0. This ...)
+ TODO: check
+CVE-2025-8843 (A vulnerability was found in NASM Netwide Assember 2.17rc0.
This affec ...)
+ TODO: check
+CVE-2025-8842 (A vulnerability has been found in NASM Netwide Assember
2.17rc0. Affec ...)
+ TODO: check
+CVE-2025-8841 (A vulnerability was identified in zlt2000
microservices-platform up to ...)
+ TODO: check
+CVE-2025-8840 (A vulnerability was determined in jshERP up to 3.5. Affected is
an unk ...)
+ TODO: check
+CVE-2025-8839 (A vulnerability was found in jshERP up to 3.5. This issue
affects some ...)
+ TODO: check
+CVE-2025-8838 (A vulnerability has been found in WinterChenS my-site up to
1f7525f159 ...)
+ TODO: check
+CVE-2025-8837 (A vulnerability was identified in JasPer up to 4.2.5. This
affects the ...)
+ TODO: check
+CVE-2025-8672 (MacOS version of GIMP bundles a Python interpreter that
inherits the T ...)
+ TODO: check
+CVE-2025-8285 (Mattermost Confluence Plugin version <1.5.0 fails to check the
access ...)
+ TODO: check
+CVE-2025-7679 (Missing Authentication for Critical Function vulnerability in
ABB Aspe ...)
+ TODO: check
+CVE-2025-7677 (Missing Authentication for Critical Function vulnerability in
ABB Aspe ...)
+ TODO: check
+CVE-2025-54525 (Mattermost Confluence Plugin version <1.5.0 fails to handle
unexpected ...)
+ TODO: check
+CVE-2025-54478 (Mattermost Confluence Plugin version <1.5.0 fails to enforce
authentic ...)
+ TODO: check
+CVE-2025-54463 (Mattermost Confluence Plugin version <1.5.0 fails to handle
unexpected ...)
+ TODO: check
+CVE-2025-54458 (Mattermost Confluence Plugin version <1.5.0 fails to check the
access ...)
+ TODO: check
+CVE-2025-54063 (Cherry Studio is a desktop client that supports for multiple
LLM provi ...)
+ TODO: check
+CVE-2025-53910 (Mattermost Confluence Plugin version <1.5.0 fails to check the
access ...)
+ TODO: check
+CVE-2025-53857 (Mattermost Confluence Plugin version <1.5.0 fails to check the
access ...)
+ TODO: check
+CVE-2025-53514 (Mattermost Confluence Plugin version <1.5.0 fails to handle
unexpected ...)
+ TODO: check
+CVE-2025-53191 (Missing Authentication for Critical Function vulnerability in
ABB Aspe ...)
+ TODO: check
+CVE-2025-53190 (A vulnerability in ABB Aspect.This issue affects Aspect:
before <3.08. ...)
+ TODO: check
+CVE-2025-53189 (Authorization Bypass Through User-Controlled Key vulnerability
in ABB ...)
+ TODO: check
+CVE-2025-53188 (Insufficiently Protected Credentials vulnerability in ABB
Aspect.This ...)
+ TODO: check
+CVE-2025-53187 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-52931 (Mattermost Confluence Plugin version <1.5.0 fails to handle
unexpected ...)
+ TODO: check
+CVE-2025-51824 (libcsp 2.0 is vulnerable to Buffer Overflow in the
csp_usart_open() fu ...)
+ TODO: check
+CVE-2025-51823 (libcsp 2.0 is vulnerable to Buffer Overflow in the
csp_eth_init() func ...)
+ TODO: check
+CVE-2025-49221 (Mattermost Confluence Plugin version <1.5.0 fails to enforce
authentic ...)
+ TODO: check
+CVE-2025-48731 (Mattermost Confluence Plugin version <1.5.0 fails to check the
access ...)
+ TODO: check
+CVE-2025-45146 (ModelCache for LLM through v0.2.0 was discovered to contain an
deseria ...)
+ TODO: check
+CVE-2025-44004 (Mattermost Confluence Plugin version <1.5.0 fails to check the
authori ...)
+ TODO: check
+CVE-2025-44001 (Mattermost Confluence Plugin version <1.5.0 fails to check the
access ...)
+ TODO: check
+CVE-2025-38499 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ TODO: check
+CVE-2025-25231 (Omnissa Workspace ONE UEM contains a Secondary Context Path
Traversal ...)
+ TODO: check
+CVE-2025-25229 (Omnissa Workspace ONE UEM contains a Server-Side Request
Forgery (SSRF ...)
+ TODO: check
+CVE-2012-10040 (Openfiler v2.x contains a command injection vulnerability in
the syste ...)
+ TODO: check
+CVE-2012-10039 (ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command
injection ...)
+ TODO: check
+CVE-2012-10038 (Auxilium RateMyPet contains an unauthenticated arbitrary file
upload v ...)
+ TODO: check
+CVE-2012-10037 (PhpTax version 0.8 contains a remote code execution
vulnerability in d ...)
+ TODO: check
CVE-2025-8854 (Stack-based buffer overflow in LoadOFF in bulletphysics bullet3
before ...)
NOT-FOR-US: bulletphysics bullet3
CVE-2025-8836 (A vulnerability was determined in JasPer up to 4.2.5. Affected
by this ...)
@@ -632,6 +736,7 @@ CVE-2025-54799 (Let's Encrypt client and ACME library
written in Go (Lego). In v
NOTE: Fixed by:
https://github.com/go-acme/lego/commit/238454b5f74f3cfcbb244ff0d0dc914a4ad44b96
(v4.25.2)
NOTE: Workaround: CA endpoint should enforce HTTPS instead of HTTP.
CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In
versions ...)
+ {DLA-4268-1}
- node-tmp <unfixed> (bug #1110532)
[trixie] - node-tmp <no-dsa> (Minor issue)
[bookworm] - node-tmp <no-dsa> (Minor issue)
@@ -721,9 +826,9 @@ CVE-2025-53786 (On April 18th 2025, Microsoft announced
Exchange Server Security
NOT-FOR-US: Microsoft
CVE-2025-51624 (Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru
3.4.0.)
NOT-FOR-US: Zone Bitaqati
-CVE-2025-51532 (Incorrect access control in Sage DPW v2024.12.003 allows
unauthorized ...)
+CVE-2025-51532 (Incorrect access control in Sage DPW 2024_12_004 and earlier
allows un ...)
NOT-FOR-US: Sage DPW
-CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage
DPW v2024 ...)
+CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage
DPW 2024_ ...)
NOT-FOR-US: Sage DPW
CVE-2025-51308 (In Gatling Enterprise versions below 1.25.0, a low-privileged
user tha ...)
NOT-FOR-US: Gatling Enterprise
@@ -3702,7 +3807,7 @@ CVE-2025-29628 (An issue in Gardyn 4 allows a remote
attacker to obtain sensitiv
NOT-FOR-US: Gardyn
CVE-2024-48730 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows
a remote ...)
NOT-FOR-US: ETSI Open-Source MANO (OSM)
-CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows
a remote ...)
+CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3,
15.0.x b ...)
NOT-FOR-US: ETSI Open-Source MANO (OSM)
CVE-2024-13976 (A DLL injection vulnerability exists in Commvault for Windows
11.20.0, ...)
NOT-FOR-US: Commvault
@@ -4282,7 +4387,8 @@ CVE-2025-8058 (The regcomp function in the GNU C library
version from 2.4 to 2.4
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005
NOTE: Inroduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
-CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to
Improper Ne ...)
+CVE-2025-8022
+ REJECTED
NOT-FOR-US: bun
CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable
to Dire ...)
NOT-FOR-US: files-bucket-server Node.js module
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb88b19b5c424fe83dd329c968fba6ae4ccc626
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb88b19b5c424fe83dd329c968fba6ae4ccc626
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
