Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98d7c206 by security tracker role at 2025-08-14T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,547 @@
-CVE-2025-8715
+CVE-2025-9043 (The service executable path in Seagate Toolkit on Versions
prior to 2. ...)
+ TODO: check
+CVE-2025-9042 (A security issue exists due to improper handling of CIP Class
32\u2019 ...)
+ TODO: check
+CVE-2025-9041 (A security issue exists due to improper handling of CIP Class
32\u2019 ...)
+ TODO: check
+CVE-2025-9039 (We identified an issue in the Amazon ECS agent where, under
certain co ...)
+ TODO: check
+CVE-2025-9036 (A security issue in the runtime event system allows
unauthenticated co ...)
+ TODO: check
+CVE-2025-8981 (A vulnerability was found in itsourcecode Online Tour and
Travel Manag ...)
+ TODO: check
+CVE-2025-8980 (A vulnerability has been found in Tenda G1 16.01.7.8(3660).
Affected b ...)
+ TODO: check
+CVE-2025-8979 (A vulnerability was identified in Tenda AC15 15.13.07.13.
Affected by ...)
+ TODO: check
+CVE-2025-8978 (A vulnerability was determined in D-Link DIR-619L 6.02CN02.
Affected i ...)
+ TODO: check
+CVE-2025-8976 (A vulnerability has been found in givanz Vvveb up to 1.0.5.
This vulne ...)
+ TODO: check
+CVE-2025-8975 (A vulnerability was identified in givanz Vvveb up to 1.0.5.
This affec ...)
+ TODO: check
+CVE-2025-8974 (A vulnerability was determined in linlinjava litemall up to
1.8.0. Aff ...)
+ TODO: check
+CVE-2025-8973 (A vulnerability has been found in SourceCodester Cashier
Queuing Syste ...)
+ TODO: check
+CVE-2025-8972 (A vulnerability was identified in itsourcecode Online Tour and
Travel ...)
+ TODO: check
+CVE-2025-8971 (A vulnerability was determined in itsourcecode Online Tour and
Travel ...)
+ TODO: check
+CVE-2025-8970 (A vulnerability was found in itsourcecode Online Tour and
Travel Manag ...)
+ TODO: check
+CVE-2025-8969 (A vulnerability has been found in itsourcecode Online Tour and
Travel ...)
+ TODO: check
+CVE-2025-8968 (A vulnerability was identified in itsourcecode Online Tour and
Travel ...)
+ TODO: check
+CVE-2025-8967 (A vulnerability was determined in itsourcecode Online Tour and
Travel ...)
+ TODO: check
+CVE-2025-8966 (A vulnerability was found in itsourcecode Online Tour and
Travel Manag ...)
+ TODO: check
+CVE-2025-8965 (A vulnerability has been found in linlinjava litemall up to
1.8.0. Thi ...)
+ TODO: check
+CVE-2025-8964 (A vulnerability was identified in code-projects Hostel
Management Syst ...)
+ TODO: check
+CVE-2025-8963 (A vulnerability was determined in jeecgboot JimuReport up to
2.1.1. Af ...)
+ TODO: check
+CVE-2025-8962 (A vulnerability was found in code-projects Hostel Management
System 1. ...)
+ TODO: check
+CVE-2025-8961 (A vulnerability was identified in LibTIFF 4.7.0. This issue
affects th ...)
+ TODO: check
+CVE-2025-8960 (A vulnerability has been found in Campcodes Online Flight
Booking Mana ...)
+ TODO: check
+CVE-2025-8958 (A vulnerability was identified in Tenda TX3
16.03.13.11_multi_TDE01. A ...)
+ TODO: check
+CVE-2025-8957 (A vulnerability was determined in Campcodes Online Flight
Booking Mana ...)
+ TODO: check
+CVE-2025-8956 (A vulnerability was found in D-Link DIR\u2011818L up to
1.05B01. This ...)
+ TODO: check
+CVE-2025-8955 (A vulnerability has been found in PHPGurukul Hospital
Management Syste ...)
+ TODO: check
+CVE-2025-8954 (A vulnerability was identified in PHPGurukul Hospital
Management Syste ...)
+ TODO: check
+CVE-2025-8953 (A vulnerability was determined in SourceCodester COVID 19
Testing Mana ...)
+ TODO: check
+CVE-2025-8952 (A vulnerability was found in Campcodes Online Flight Booking
Managemen ...)
+ TODO: check
+CVE-2025-8951 (A vulnerability has been found in PHPGurukul Teachers Record
Managemen ...)
+ TODO: check
+CVE-2025-8943 (The Custom MCPs feature is designed to execute OS commands, for
instan ...)
+ TODO: check
+CVE-2025-8876 (Improper Input Validation vulnerability in N-able N-central
allows OS ...)
+ TODO: check
+CVE-2025-8875 (Deserialization of Untrusted Data vulnerability in N-able
N-central al ...)
+ TODO: check
+CVE-2025-8047 (The disable-right-click-powered-by-pixterme through v1.2 and
pixter-im ...)
+ TODO: check
+CVE-2025-7973 (A security issue exists in FactoryTalk ViewPoint version 14.0
or below ...)
+ TODO: check
+CVE-2025-7972 (A security issue exists within the FactoryTalk Linx Network
Browser. B ...)
+ TODO: check
+CVE-2025-7971 (A security issues exists within Studio 5000 Logix Designer due
to unsa ...)
+ TODO: check
+CVE-2025-7774 (A security issue exists within the 5032 16pt Digital
Configurable modu ...)
+ TODO: check
+CVE-2025-7773 (A security issue exists within the 5032 16pt Digital
Configurable modu ...)
+ TODO: check
+CVE-2025-7761 (Lepszy BIP is vulnerable to Reflected Cross-Site Scripting
(XSS). Impr ...)
+ TODO: check
+CVE-2025-7353 (A security issue exists due to the web-based debugger agent
enabled on ...)
+ TODO: check
+CVE-2025-5998 (The PPWP \u2013 Password Protect Pages WordPress plugin before
version ...)
+ TODO: check
+CVE-2025-55716 (Missing Authorization vulnerability in VeronaLabs WP
Statistics allows ...)
+ TODO: check
+CVE-2025-55714 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-55713 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-55712 (Missing Authorization vulnerability in POSIMYTH The Plus
Addons for El ...)
+ TODO: check
+CVE-2025-55711 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-55710 (Insertion of Sensitive Information Into Sent Data
vulnerability in Ste ...)
+ TODO: check
+CVE-2025-55709 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-55708 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-55675 (Apache Superset contains an improper access control
vulnerability in i ...)
+ TODO: check
+CVE-2025-55674 (A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in
Apache Su ...)
+ TODO: check
+CVE-2025-55673 (When a guest user accesses a chart in Apache Superset, the API
respons ...)
+ TODO: check
+CVE-2025-55672 (A stored Cross-Site Scripting (XSS) vulnerability exists in
Apache Sup ...)
+ TODO: check
+CVE-2025-55346 (User-controlled input flows to an unsafe implementation of a
dynamic F ...)
+ TODO: check
+CVE-2025-55195 (@std/toml is the Deno Standard Library. Prior to version
1.0.9, an att ...)
+ TODO: check
+CVE-2025-55192 (HomeAssistant-Tapo-Control offers Control for Tapo cameras as
a Home A ...)
+ TODO: check
+CVE-2025-54867 (Youki is a container runtime written in Rust. Prior to version
0.5.5, ...)
+ TODO: check
+CVE-2025-54749 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54746 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54740 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54739 (Missing Authorization vulnerability in POSIMYTH Nexter Blocks
allows E ...)
+ TODO: check
+CVE-2025-54736 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-54732 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjada
WPDM \u201 ...)
+ TODO: check
+CVE-2025-54730 (Missing Authorization vulnerability in PARETO Digital Embedder
for Goo ...)
+ TODO: check
+CVE-2025-54729 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54728 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
+ TODO: check
+CVE-2025-54727 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54717 (Missing Authorization vulnerability in e-plugins WP Membership
allows ...)
+ TODO: check
+CVE-2025-54715 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54712 (Missing Authorization vulnerability in hashthemes Easy
Elementor Addon ...)
+ TODO: check
+CVE-2025-54708 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54707 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54706 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54705 (Missing Authorization vulnerability in magepeopleteam
WpEvently allows ...)
+ TODO: check
+CVE-2025-54704 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54703 (Cross-Site Request Forgery (CSRF) vulnerability in Prince
Integrate Go ...)
+ TODO: check
+CVE-2025-54702 (Cross-Site Request Forgery (CSRF) vulnerability in motov.net
Ebook Sto ...)
+ TODO: check
+CVE-2025-54701 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54700 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54699 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54698 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-54697 (Incorrect Privilege Assignment vulnerability in Ben Ritner -
Kadence W ...)
+ TODO: check
+CVE-2025-54696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54695 (Missing Authorization vulnerability in HasTech HT Mega allows
Exploiti ...)
+ TODO: check
+CVE-2025-54694 (Cross-Site Request Forgery (CSRF) vulnerability in bPlugins
Button Blo ...)
+ TODO: check
+CVE-2025-54693 (Unrestricted Upload of File with Dangerous Type vulnerability
in epiph ...)
+ TODO: check
+CVE-2025-54692 (Missing Authorization vulnerability in WP Swings Membership
For WooCom ...)
+ TODO: check
+CVE-2025-54691 (Authorization Bypass Through User-Controlled Key vulnerability
in Styl ...)
+ TODO: check
+CVE-2025-54690 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54689 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54688 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54687 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54686 (Deserialization of Untrusted Data vulnerability in
scriptsbundle Exert ...)
+ TODO: check
+CVE-2025-54685 (Insertion of Sensitive Information Into Sent Data
vulnerability in Bra ...)
+ TODO: check
+CVE-2025-54684 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54683 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54682 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks
Connector ...)
+ TODO: check
+CVE-2025-54681 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
+ TODO: check
+CVE-2025-54680 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54679 (Missing Authorization vulnerability in vertim Neon Channel
Product Cus ...)
+ TODO: check
+CVE-2025-54678 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54676 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54675 (Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES
YITH WooCo ...)
+ TODO: check
+CVE-2025-54674 (Cross-Site Request Forgery (CSRF) vulnerability in mklacroix
Product C ...)
+ TODO: check
+CVE-2025-54673 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro
Chartify al ...)
+ TODO: check
+CVE-2025-54672 (Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow
Photo En ...)
+ TODO: check
+CVE-2025-54671 (Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide
oik all ...)
+ TODO: check
+CVE-2025-54669 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54668 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54667 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Saa ...)
+ TODO: check
+CVE-2025-54054 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53631 (flaskBlog is a blog app built with Flask. In versions 2.8.1
and prior, ...)
+ TODO: check
+CVE-2025-53587 (Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme
Findgo al ...)
+ TODO: check
+CVE-2025-53582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53581 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53575 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53347 (Cross-Site Request Forgery (CSRF) vulnerability in Laborator
Kalium al ...)
+ TODO: check
+CVE-2025-53343 (Missing Authorization vulnerability in GoodLayers Modernize
allows Exp ...)
+ TODO: check
+CVE-2025-53342 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53341 (Missing Authorization vulnerability in Themovation Stratus
allows Expl ...)
+ TODO: check
+CVE-2025-53330 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53249 (Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala
Build Ap ...)
+ TODO: check
+CVE-2025-53241 (Server-Side Request Forgery (SSRF) vulnerability in kodeshpa
Simplifie ...)
+ TODO: check
+CVE-2025-53221 (Missing Authorization vulnerability in codeablepress
CodeablePress all ...)
+ TODO: check
+CVE-2025-53219 (Cross-Site Request Forgery (CSRF) vulnerability in pl4g4
WP-Database-O ...)
+ TODO: check
+CVE-2025-52823 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-52820 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-52806 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52801 (Missing Authorization vulnerability in VonStroheim TheBooking
allows A ...)
+ TODO: check
+CVE-2025-52800 (Missing Authorization vulnerability in Unity Business
Technology Pty L ...)
+ TODO: check
+CVE-2025-52797 (Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar
StoryMa ...)
+ TODO: check
+CVE-2025-52788 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52785 (Missing Authorization vulnerability in softnwords SMM API
allows Explo ...)
+ TODO: check
+CVE-2025-52775 (Missing Authorization vulnerability in Ronik@UnlimitedWP
Project Cost ...)
+ TODO: check
+CVE-2025-52771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52769 (Cross-Site Request Forgery (CSRF) vulnerability in flexostudio
flexo-s ...)
+ TODO: check
+CVE-2025-52767 (Cross-Site Request Forgery (CSRF) vulnerability in lisensee
NetInsight ...)
+ TODO: check
+CVE-2025-52765 (Cross-Site Request Forgery (CSRF) vulnerability in lisensee
NetInsight ...)
+ TODO: check
+CVE-2025-52732 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52731 (Missing Authorization vulnerability in themefunction WordPress
Event M ...)
+ TODO: check
+CVE-2025-52730 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52728 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52721 (Missing Authorization vulnerability in LCweb Global Gallery
allows Exp ...)
+ TODO: check
+CVE-2025-52720 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-52716 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52712 (Path Traversal vulnerability in BoldGrid Post and Page Builder
by Bold ...)
+ TODO: check
+CVE-2025-52335 (EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in
index.php, ...)
+ TODO: check
+CVE-2025-51986 (An issue was discovered in the demo/LINUXTCP implementation of
cwalter ...)
+ TODO: check
+CVE-2025-51965 (OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS)
via the ...)
+ TODO: check
+CVE-2025-50862 (The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8
has all ...)
+ TODO: check
+CVE-2025-50861 (The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8
contain ...)
+ TODO: check
+CVE-2025-50817 (A vulnerability in the Python-Future 1.0.0 module allows for
arbitrary ...)
+ TODO: check
+CVE-2025-50518 (A use-after-free vulnerability exists in the
coap_delete_pdu_lkd funct ...)
+ TODO: check
+CVE-2025-50515 (An issue was discovered in phome Empirebak 2010 in
ebak2008/upload/cla ...)
+ TODO: check
+CVE-2025-50040 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50031 (Missing Authorization vulnerability in syedamirhussain91 DB
Backup all ...)
+ TODO: check
+CVE-2025-50029 (Missing Authorization vulnerability in Ashish AI Tools allows
Exploiti ...)
+ TODO: check
+CVE-2025-49887 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-49869 (Deserialization of Untrusted Data vulnerability in Arraytics
Eventin a ...)
+ TODO: check
+CVE-2025-49437 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49433 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49271 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49267 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49264 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49065 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49064 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49063 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49062 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49061 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49059 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49058 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49057 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49056 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49054 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49053 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49052 (Missing Authorization vulnerability in Dariolee Netease Music
allows E ...)
+ TODO: check
+CVE-2025-49051 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49048 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49047 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49044 (Cross-Site Request Forgery (CSRF) vulnerability in tosend.it
Simple Po ...)
+ TODO: check
+CVE-2025-49038 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49037 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49036 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49033 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48862 (Ambiguous wording in the web interface of the ctrlX OS setup
mechanism ...)
+ TODO: check
+CVE-2025-48861 (A vulnerability in the Task API endpoint of the ctrlX OS setup
mechani ...)
+ TODO: check
+CVE-2025-48860 (A vulnerability in the web application of the ctrlX OS setup
mechanism ...)
+ TODO: check
+CVE-2025-48332 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48293 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47689 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47536 (Deserialization of Untrusted Data vulnerability in keywordrush
Content ...)
+ TODO: check
+CVE-2025-43984 (An issue was discovered on KuWFi GC111 devices (Hardware
Version: CPE- ...)
+ TODO: check
+CVE-2025-43983 (KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple
unauthentic ...)
+ TODO: check
+CVE-2025-40758 (A vulnerability has been identified in Mendix SAML (Mendix
10.12 compa ...)
+ TODO: check
+CVE-2025-3703 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39510 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-39483 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-38745 (Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2,
contains ...)
+ TODO: check
+CVE-2025-38738 (SupportAssist for Home PCs Installer exe version(s)
4.8.2.29006 and pr ...)
+ TODO: check
+CVE-2025-36613 (SupportAssist for Home PCs versions 4.6.3 and prior and
SupportAssist ...)
+ TODO: check
+CVE-2025-36612 (SupportAssist for Business PCs, version(s) 4.5.3 and prior,
contain(s) ...)
+ TODO: check
+CVE-2025-36581 (Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and
prior, con ...)
+ TODO: check
+CVE-2025-36047 (IBM WebSphere Application Server Liberty 18.0.0.2 through
25.0.0.8 is ...)
+ TODO: check
+CVE-2025-33142 (IBM WebSphere Application Server 8.5 and 9.0 could provide
weaker than ...)
+ TODO: check
+CVE-2025-32288 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31425 (Missing Authorization vulnerability in kamleshyadav WP Lead
Capturing ...)
+ TODO: check
+CVE-2025-31007 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30998 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30993 (Missing Authorization vulnerability in VillaTheme Thank You
Page Custo ...)
+ TODO: check
+CVE-2025-30639 (Missing Authorization vulnerability in ThemeAtelier IDonatePro
allows ...)
+ TODO: check
+CVE-2025-30635 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-30626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-29014 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-28999 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-28987 (Server-Side Request Forgery (SSRF) vulnerability in
PressForward Press ...)
+ TODO: check
+CVE-2025-28979 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-28975 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-28962 (Missing Authorization vulnerability in stefanoai Advanced
Google Unive ...)
+ TODO: check
+CVE-2025-27847 (In ESPEC North America Web Controller 3 before 3.3.8,
/api/v4/auth/ us ...)
+ TODO: check
+CVE-2025-27846 (In ESPEC North America Web Controller 3 before 3.3.8, an
attacker with ...)
+ TODO: check
+CVE-2025-27845 (In ESPEC North America Web Controller 3 before 3.3.4,
/api/v4/auth/ wi ...)
+ TODO: check
+CVE-2025-26484 (Dell CloudLink, versions 8.0 through 8.1.1, contains an
Improper Restr ...)
+ TODO: check
+CVE-2025-25174 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-25172 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-24775 (Unrestricted Upload of File with Dangerous Type vulnerability
in Made ...)
+ TODO: check
+CVE-2025-24766 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-21110 (Dell Data Lakehouse, versions prior to 1.5.0.0, contains an
Execution ...)
+ TODO: check
+CVE-2025-20306 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20302 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20301 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20268 (A vulnerability in the Geolocation-Based Remote Access (RA)
VPN featur ...)
+ TODO: check
+CVE-2025-20265 (A vulnerability in the RADIUS subsystem implementation of
Cisco Secure ...)
+ TODO: check
+CVE-2025-20263 (A vulnerability in the web services interface of Cisco Secure
Firewall ...)
+ TODO: check
+CVE-2025-20254 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
module ...)
+ TODO: check
+CVE-2025-20253 (A vulnerability in the IKEv2 feature of Cisco IOS Software,
IOS XE Sof ...)
+ TODO: check
+CVE-2025-20252 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
module ...)
+ TODO: check
+CVE-2025-20251 (A vulnerability in the Remote Access SSL VPN service for Cisco
Secure ...)
+ TODO: check
+CVE-2025-20244 (A vulnerability in the Remote Access SSL VPN service for Cisco
Secure ...)
+ TODO: check
+CVE-2025-20243 (A vulnerability in the management and VPN web servers of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20239 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
feature ...)
+ TODO: check
+CVE-2025-20238 (A vulnerability in Cisco Secure Firewall Adaptive Security
Appliance ( ...)
+ TODO: check
+CVE-2025-20237 (A vulnerability in Cisco Secure Firewall Adaptive Security
Appliance ( ...)
+ TODO: check
+CVE-2025-20235 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20225 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
feature ...)
+ TODO: check
+CVE-2025-20224 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
module ...)
+ TODO: check
+CVE-2025-20222 (A vulnerability in the RADIUS proxy feature for the IPsec VPN
feature ...)
+ TODO: check
+CVE-2025-20220 (A vulnerability in the CLI of Cisco Secure Firewall Management
Center ...)
+ TODO: check
+CVE-2025-20219 (A vulnerability in the implementation of access control rules
for loop ...)
+ TODO: check
+CVE-2025-20218 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20217 (A vulnerability in the packet inspection functionality of the
Snort 3 ...)
+ TODO: check
+CVE-2025-20148 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2025-20136 (A vulnerability in the function that performs IPv4 and IPv6
Network Ad ...)
+ TODO: check
+CVE-2025-20135 (A vulnerability in the DHCP client functionality of Cisco
Secure Firew ...)
+ TODO: check
+CVE-2025-20134 (A vulnerability in the certificate processing of Cisco Secure
Firewall ...)
+ TODO: check
+CVE-2025-20133 (A vulnerability in the management and VPN web servers of the
Remote Ac ...)
+ TODO: check
+CVE-2025-20127 (A vulnerability in the TLS 1.3 implementation for a specific
cipher fo ...)
+ TODO: check
+CVE-2024-53946 (The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2024-53945 (The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command
injectio ...)
+ TODO: check
+CVE-2024-37945 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-5342
+ REJECTED
+CVE-2023-43694 (An issue was discovered in Malwarebytes 4.6.14.326 and before
and 5.1. ...)
+ TODO: check
+CVE-2023-43692 (An issue was discovered in Malwarebytes before 4.6.14.326 and
before 5 ...)
+ TODO: check
+CVE-2023-43687 (An issue was discovered in Malwarebytes before 4.6.14.326 and
before 5 ...)
+ TODO: check
+CVE-2023-43683 (An issue was discovered in Malwarebytes 4.6.14.326 and before
5.1.5.11 ...)
+ TODO: check
+CVE-2025-8715 (Improper neutralization of newlines in pg_dump in PostgreSQL
allows a ...)
+ {DLA-4273-1}
- postgresql-17 17.6-1
[trixie] - postgresql-17 <no-dsa> (Minor issue)
- postgresql-15 <removed>
@@ -6,7 +549,8 @@ CVE-2025-8715
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
NOTE: https://www.postgresql.org/support/security/CVE-2025-8715/
-CVE-2025-8714
+CVE-2025-8714 (Untrusted data inclusion in pg_dump in PostgreSQL allows a
malicious s ...)
+ {DLA-4273-1}
- postgresql-17 17.6-1
[trixie] - postgresql-17 <no-dsa> (Minor issue)
- postgresql-15 <removed>
@@ -14,7 +558,8 @@ CVE-2025-8714
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
NOTE: https://www.postgresql.org/support/security/CVE-2025-8714/
-CVE-2025-8713
+CVE-2025-8713 (PostgreSQL optimizer statistics allow a user to read sampled
data with ...)
+ {DLA-4273-1}
- postgresql-17 17.6-1
[trixie] - postgresql-17 <no-dsa> (Minor issue)
- postgresql-15 <removed>
@@ -22,10 +567,12 @@ CVE-2025-8713
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
NOTE: https://www.postgresql.org/support/security/CVE-2025-8713/
-CVE-2025-54389 [Escape control characters in report and log output]
+CVE-2025-54389 (AIDE is an advanced intrusion detection environment. Prior to
version ...)
+ {DSA-5977-1 DLA-4272-1}
- aide <unfixed>
NOTE: Fixed by:
https://github.com/aide/aide/commit/64c8f32b0349c33fb8382784af468338078851f9
(v0.19.2)
-CVE-2025-54409 [Fix null pointer dereference after reading incorrectly encoded
xattr attributes from database]
+CVE-2025-54409 (AIDE is an advanced intrusion detection environment. From
versions 0.1 ...)
+ {DSA-5977-1 DLA-4272-1}
- aide <unfixed>
NOTE: Fixed by:
https://github.com/aide/aide/commit/54a6d0d9d5f14b81961d66373c0291bf4af4135a
(v0.19.2)
NOTE: https://www.ipi.fi/pipermail/aide/2025-August/001811.html
@@ -373,7 +920,7 @@ CVE-2025-53859 (NGINX Open Source and NGINX Plus have a
vulnerability in the ngx
- nginx <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/08/13/5
NOTE: https://nginx.org/download/patch.2025.smtp.txt
-CVE-2025-54472
+CVE-2025-54472 (Unlimited memory allocation in redis protocol parser in Apache
bRPC (a ...)
- brpc <itp> (bug #1060006)
CVE-2024-36331 [x86/sev: Evict cache lines during SNP memory validation]
- linux <unfixed>
@@ -3383,7 +3930,7 @@ CVE-2025-54657
REJECTED
CVE-2025-4523 (The IDonate \u2013 Blood Donation, Request And Donor Management
System ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-45768 (pyjwt v2.10.1 was discovered to contain weak encryption.)
+CVE-2025-45768 (pyjwt v2.10.1 was discovered to contain weak encryption. NOTE:
this is ...)
- pyjwt <unfixed> (bug #1110318; unimportant)
NOTE: disputed upstream, negligible security impact, cf.
NOTE:
https://github.com/jpadilla/pyjwt/issues/1080#issuecomment-3164212492
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d7c206a893e35e027a930eeaefc47632c4c8db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d7c206a893e35e027a930eeaefc47632c4c8db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
