Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da0010b1 by security tracker role at 2025-08-20T20:13:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,241 @@
+CVE-2025-9246 (A flaw has been found in Linksys RE6250, RE6300, RE6350,
RE6500, RE700 ...)
+ TODO: check
+CVE-2025-9245 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350,
RE6500 ...)
+ TODO: check
+CVE-2025-9244 (A security vulnerability has been detected in Linksys RE6250,
RE6300, ...)
+ TODO: check
+CVE-2025-9241 (A weakness has been identified in elunez eladmin up to 2.7.
This affec ...)
+ TODO: check
+CVE-2025-9240 (A security flaw has been discovered in elunez eladmin up to
2.7. Affec ...)
+ TODO: check
+CVE-2025-9239 (A vulnerability was identified in elunez eladmin up to 2.7.
Affected b ...)
+ TODO: check
+CVE-2025-9238 (A vulnerability was determined in Swatadru
Exam-Seating-Arrangement up ...)
+ TODO: check
+CVE-2025-9237 (A vulnerability was found in CodeAstro Ecommerce Website 1.0.
This imp ...)
+ TODO: check
+CVE-2025-9236 (A vulnerability has been found in Portabilis i-Diario up to
2.10. This ...)
+ TODO: check
+CVE-2025-9235 (A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted
element ...)
+ TODO: check
+CVE-2025-9234 (A vulnerability was detected in Scada-LTS up to 2.7.8.1. The
affected ...)
+ TODO: check
+CVE-2025-9233 (A security vulnerability has been detected in Scada-LTS up to
2.7.8.1. ...)
+ TODO: check
+CVE-2025-9229 (Information disclosure vulnerability in error handling in MiR
software ...)
+ TODO: check
+CVE-2025-9228 (MiR software versions prior to version 3.0.0 have insufficient
authori ...)
+ TODO: check
+CVE-2025-9173 (A weakness has been identified in Emlog Pro up to 2.5.18. This
issue a ...)
+ TODO: check
+CVE-2025-9074 (A vulnerability was identified in Docker Desktop that allows
local run ...)
+ TODO: check
+CVE-2025-8612 (AOMEI Backupper Workstation Link Following Local Privilege
Escalation ...)
+ TODO: check
+CVE-2025-8611 (AOMEI Cyber Backup Missing Authentication for Critical Function
Remote ...)
+ TODO: check
+CVE-2025-8610 (AOMEI Cyber Backup Missing Authentication for Critical Function
Remote ...)
+ TODO: check
+CVE-2025-8453 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
+ TODO: check
+CVE-2025-8449 (CWE-400: Uncontrolled Resource Consumption vulnerability exists
that c ...)
+ TODO: check
+CVE-2025-8448 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
+ TODO: check
+CVE-2025-8415 (A vulnerability was found in the Cryostat HTTP API. Cryostat's
HTTP AP ...)
+ TODO: check
+CVE-2025-8309 (There is an improper privilege management vulnerability
identified in ...)
+ TODO: check
+CVE-2025-8102 (The Easy Digital Downloads plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-6183 (The StrongDM macOS client incorrectly processed JSON-formatted
message ...)
+ TODO: check
+CVE-2025-6182 (The StrongDM Windows service incorrectly handled communication
related ...)
+ TODO: check
+CVE-2025-6181 (The StrongDM Windows service incorrectly handled input
validation. Aut ...)
+ TODO: check
+CVE-2025-6180 (The StrongDM Client insufficiently protected a
pre-authentication toke ...)
+ TODO: check
+CVE-2025-5261 (Authorization Bypass Through User-Controlled Key vulnerability
in Pik ...)
+ TODO: check
+CVE-2025-5260 (Server-Side Request Forgery (SSRF) vulnerability in Pik Online
Yaz\u01 ...)
+ TODO: check
+CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25,
<=12.0.21, ...)
+ TODO: check
+CVE-2025-57734 (In JetBrains TeamCity before 2025.07.1 aWS credentials were
exposed in ...)
+ TODO: check
+CVE-2025-57733 (In JetBrains TeamCity before 2025.07.1 sMTP injection was
possible all ...)
+ TODO: check
+CVE-2025-57732 (In JetBrains TeamCity before 2025.07.1 privilege escalation
was possib ...)
+ TODO: check
+CVE-2025-57731 (In JetBrains YouTrack before 2025.2.92387 stored XSS was
possible via ...)
+ TODO: check
+CVE-2025-57730 (In JetBrains IntelliJ IDEA before 2025.2 hTML injection was
possible v ...)
+ TODO: check
+CVE-2025-57729 (In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin
startup was ...)
+ TODO: check
+CVE-2025-57728 (In JetBrains IntelliJ IDEA before 2025.2 improper access
control allow ...)
+ TODO: check
+CVE-2025-57727 (In JetBrains IntelliJ IDEA before 2025.2 credentials
disclosure was po ...)
+ TODO: check
+CVE-2025-55751 (OnboardLite is the result of the Influx Initiative, our vision
for an ...)
+ TODO: check
+CVE-2025-55746 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2025-55732 (Frappe is a full-stack web application framework. Prior to
15.74.2 and ...)
+ TODO: check
+CVE-2025-55731 (Frappe is a full-stack web application framework. A carefully
crafted ...)
+ TODO: check
+CVE-2025-55503 (Tenda AC6 V15.03.06.23_multi has a stack overflow
vulnerability via th ...)
+ TODO: check
+CVE-2025-55499 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2025-55498 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2025-55483 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow
in the f ...)
+ TODO: check
+CVE-2025-55482 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow
in the f ...)
+ TODO: check
+CVE-2025-55444 (A SQL injection vulnerability exists in the id2 parameter of
the cance ...)
+ TODO: check
+CVE-2025-54927 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
+ TODO: check
+CVE-2025-54926 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
+ TODO: check
+CVE-2025-54925 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
+ TODO: check
+CVE-2025-54924 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
+ TODO: check
+CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability
exists that c ...)
+ TODO: check
+CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in
sFileNameparameter in t ...)
+ TODO: check
+CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in
article creati ...)
+ TODO: check
+CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in
page editor ...)
+ TODO: check
+CVE-2025-51991 (XWiki through version 17.3.0 is vulnerable to Server-Side
Template Inj ...)
+ TODO: check
+CVE-2025-51990 (XWiki through version 17.3.0 is affected by multiple stored
Cross-Site ...)
+ TODO: check
+CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS
my-site ...)
+ TODO: check
+CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut
Open-Sho ...)
+ TODO: check
+CVE-2025-50901 (JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19)
contains ...)
+ TODO: check
+CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru
1.3.0 allow ...)
+ TODO: check
+CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch
Lebanon Mo ...)
+ TODO: check
+CVE-2025-47054 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46998 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46962 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46936 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46932 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46856 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46852 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46849 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-43757 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-43750 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-43749 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-43748 (Insufficient CSRF protection for omni-administrator users in
Liferay P ...)
+ TODO: check
+CVE-2025-43746 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-43742 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-43741 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-36114 (IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a
remote at ...)
+ TODO: check
+CVE-2025-32010 (A stack-based buffer overflow vulnerability exists in the
Cloud API fu ...)
+ TODO: check
+CVE-2025-31355 (A firmware update vulnerability exists in the Firmware
Signature Valid ...)
+ TODO: check
+CVE-2025-30256 (A denial of service vulnerability exists in the HTTP Header
Parsing fu ...)
+ TODO: check
+CVE-2025-28041 (Incorrect access control in the doFilter function of
itranswarp up to ...)
+ TODO: check
+CVE-2025-27129 (An authentication bypass vulnerability exists in the HTTP
authenticati ...)
+ TODO: check
+CVE-2025-24496 (An information disclosure vulnerability exists in the
/goform/getprodu ...)
+ TODO: check
+CVE-2025-24322 (An unsafe default authentication vulnerability exists in the
Initial S ...)
+ TODO: check
+CVE-2025-20345 (A vulnerability in the debug logging function of Cisco Duo
Authenticat ...)
+ TODO: check
+CVE-2025-20269 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
+ TODO: check
+CVE-2025-20131 (A vulnerability in the GUI of Cisco Identity Services Engine
(ISE) cou ...)
+ TODO: check
+CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side
request ...)
+ TODO: check
+CVE-2025-1139 (IBM Edge Application Manager 4.5 could allow a local user to
read or m ...)
+ TODO: check
+CVE-2024-57491 (Authentication Bypass vulnerability in jobx up to
v1.0.1-RELEASE allow ...)
+ TODO: check
+CVE-2024-57157 (Incorrect access control in Jantent v1.1 allows attackers to
bypass au ...)
+ TODO: check
+CVE-2024-57154 (Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows
attackers ...)
+ TODO: check
+CVE-2024-57152 (Incorrect access control in the preHandle function of my-site
v1.0.2 a ...)
+ TODO: check
+CVE-2024-53495 (Incorrect access control in the preHandle function of my-site
v1.0.2.R ...)
+ TODO: check
+CVE-2024-50640 (jeewx-boot 1.3 has an authentication bypass vulnerability in
the preHa ...)
+ TODO: check
+CVE-2012-10061 (Sockso Music Host Server versions <= 1.5 are vulnerable to a
path trav ...)
+ TODO: check
+CVE-2011-10030 (Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API
function, creat ...)
+ TODO: check
+CVE-2011-10029 (Solar FTP Server fails to properly handle format strings
passed to the ...)
+ TODO: check
+CVE-2011-10028 (The RealNetworks RealArcade platform includes an ActiveX
control (Inst ...)
+ TODO: check
+CVE-2011-10027 (AOL Desktop 9.6 contains a buffer overflow vulnerability in
its Tool\r ...)
+ TODO: check
+CVE-2011-10026 (Spreecommerce versions prior to 0.50.x contain a remote
command execut ...)
+ TODO: check
+CVE-2011-10025 (Subtitle Processor 7.7.1 contains a buffer overflow
vulnerability in i ...)
+ TODO: check
+CVE-2011-10024 (MJM Core Player (likely now referred to as MJM Player) 2011 is
vulnera ...)
+ TODO: check
+CVE-2011-10023 (MJM QuickPlayer (likely now referred to as MJM Player) version
2010 co ...)
+ TODO: check
+CVE-2011-10022 (SPlayer version 3.7 and earlier is vulnerable to a stack-based
buffer ...)
+ TODO: check
+CVE-2011-10021 (Magix Musik Maker 16 is vulnerable to a stack-based buffer
overflow du ...)
+ TODO: check
+CVE-2011-10020 (Kaillera Server version 0.86 is vulnerable to a
denial-of-service cond ...)
+ TODO: check
+CVE-2010-20103 (A malicious backdoor was embedded in the official ProFTPD
1.3.3c sourc ...)
+ TODO: check
+CVE-2010-20059 (FreeNAS 0.7.2 prior to revision 5543 includes an
unauthenticated comma ...)
+ TODO: check
+CVE-2010-20049 (LeapFTP <3.1.x contains a stack-based buffer overflow
vulnerability in ...)
+ TODO: check
+CVE-2010-20045 (FileWrangler <= 5.30 suffers from a stack-based buffer
overflow vulner ...)
+ TODO: check
+CVE-2010-20042 (Xion Audio Player versions prior to 1.0.126 are vulnerable to
a Unicod ...)
+ TODO: check
+CVE-2010-20010 (Foxit PDF Reader before 4.2.0.0928 does not properly
bound-check the / ...)
+ TODO: check
+CVE-2010-10014 (Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2009-10005 (ContentKeeper Web Appliance (now maintained by Impero
Software) versio ...)
+ TODO: check
CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR
software ...)
NOT-FOR-US: MiR software
CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized
modific ...)
@@ -330,6 +568,7 @@ CVE-2025-9186 (Spoofing issue in the Address Bar component
of Firefox Focus for
- firefox <not-affected> (Specific to Firefox Focus on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR
128.13, ...)
+ {DSA-5980-1}
- firefox-esr 128.14.0esr-1
- firefox <unfixed>
- thunderbird <unfixed>
@@ -346,6 +585,7 @@ CVE-2025-9182 ('Denial-of-service due to out-of-memory in
the Graphics: WebRende
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This
vulnerab ...)
+ {DSA-5980-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -353,6 +593,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript
Engine component. This vul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D
component.' This ...)
+ {DSA-5980-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -360,6 +601,7 @@ CVE-2025-9180 ('Same-origin policy bypass in the Graphics:
Canvas2D component.'
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP
process w ...)
+ {DSA-5980-1}
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
@@ -474,15 +716,15 @@ CVE-2025-51539 (EzGED3 3.5.0 contains an unauthenticated
arbitrary file read vul
NOT-FOR-US: EzGED3
CVE-2025-51529 (Incorrect Access Control in the AJAX endpoint functionality in
jonkast ...)
NOT-FOR-US: onkastonka Cookies and Content Security Policy plugin
-CVE-2025-51510 (MoonShine v3.12.5 was discovered to contain a SQL injection
vulnerabil ...)
+CVE-2025-51510 (MoonShine was discovered to contain a SQL injection
vulnerability unde ...)
NOT-FOR-US: MoonShine
CVE-2025-51506 (In the smartLibrary component of the HRForecast Suite 0.4.3, a
SQL inj ...)
NOT-FOR-US: HRForecast Suite
-CVE-2025-51489 (An arbitrary file upload vulnerability in MoonShine v3.12.4
allows att ...)
+CVE-2025-51489 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
MoonShine ...)
NOT-FOR-US: MoonShine
-CVE-2025-51488 (A stored cross-site scripting (XSS) vulnerability in the
Create Admin ...)
+CVE-2025-51488 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
MoonShine ...)
NOT-FOR-US: MoonShine
-CVE-2025-51487 (A stored cross-site scripting (XSS) vulnerability in the
Create Articl ...)
+CVE-2025-51487 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
MoonShine ...)
NOT-FOR-US: MoonShine
CVE-2025-50938 (Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31
via the ...)
NOT-FOR-US: Hustoj
@@ -6205,7 +6447,7 @@ CVE-2025-24119 (This issue was addressed through improved
state management. This
NOT-FOR-US: Apple
CVE-2025-0712 (An uncontrolled search path element vulnerability can lead to
local pr ...)
NOT-FOR-US: Beats (Windows Installer)
-CVE-2025-7777
+CVE-2025-7777 (The mirror-registry doesn't properly sanitize the host header
HTTP hea ...)
NOT-FOR-US: mirror-registry for Quay
CVE-2025-8292 (Use after free in Media Stream in Google Chrome prior to
138.0.7204.18 ...)
{DSA-5968-1}
@@ -15151,7 +15393,7 @@ CVE-2025-27153 (Escalade GLPI plugin is a ticket
escalation process helper for G
NOT-FOR-US: Escalade GLPI plugin
CVE-2024-35164 (The terminal emulator of Apache Guacamole 1.5.5 and older does
not pro ...)
- guacamole-client <removed>
-CVE-2024-39954
+CVE-2024-39954 (CWE-918 Server-Side Request Forgery (SSRF) in
eventmesh-runtime module ...)
NOT-FOR-US: Apache EventMesh
CVE-2025-6920 (A flaw was found in the authentication enforcement mechanism of
a mode ...)
NOT-FOR-US: Red Hat AI Inference Server
@@ -16098,7 +16340,7 @@ CVE-2025-52555 (Ceph is a distributed object, block,
and file storage platform.
NOTE:
https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm
NOTE: Regression fix: https://github.com/ceph/ceph/pull/64356
NOTE: Regression tracked in Debian as: https://bugs.debian.org/1109470
-CVE-2025-4437
+CVE-2025-4437 (There's a vulnerability in the CRI-O application where when
container ...)
- cri-o <itp> (bug #979702)
CVE-2025-6710 (MongoDB Server may be susceptible to stack overflow due to JSON
parsin ...)
- mongodb <removed>
@@ -16713,7 +16955,7 @@ CVE-2025-4878 (A vulnerability was found in libssh,
where an uninitialized varia
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
(libssh-0.11.2)
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb
(libssh-0.11.2)
-CVE-2025-4877
+CVE-2025-4877 (There's a vulnerability in the libssh package where when a
libssh cons ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
[bullseye] - libssh <postponed> (Minor issue)
@@ -23674,7 +23916,7 @@ CVE-2025-5499 (A vulnerability classified as critical
has been found in slackero
NOT-FOR-US: slackero phpwcms
CVE-2025-5498 (A vulnerability was found in slackero phpwcms up to
1.9.45/1.10.8. It ...)
NOT-FOR-US: slackero phpwcms
-CVE-2025-5497 (A vulnerability was found in slackero phpwcms up to
1.9.45/1.10.8. It ...)
+CVE-2025-5497 (A vulnerability was detected in slackero phpwcms up to
1.9.45/1.10.8. ...)
NOT-FOR-US: slackero phpwcms
CVE-2025-5495 (A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW.
It has b ...)
NOT-FOR-US: Netgear
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da0010b13bcbacd686cb74b55d3fed063b320df2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da0010b13bcbacd686cb74b55d3fed063b320df2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
