Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4ea4ff3 by security tracker role at 2025-09-08T20:12:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,14 +1,98 @@ -CVE-2025-40930 +CVE-2025-9114 (The Doccure theme for WordPress is vulnerable to Arbitrary User Passwo ...) + TODO: check +CVE-2025-9113 (The Doccure theme for WordPress is vulnerable to arbitrary file upload ...) + TODO: check +CVE-2025-9112 (The Doccure theme for WordPress is vulnerable to arbitrary file upload ...) + TODO: check +CVE-2025-5993 (ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to pat ...) + TODO: check +CVE-2025-59033 (The Microsoft vulnerable driver block list is implemented as Windows D ...) + TODO: check +CVE-2025-57285 (codeceptjs 3.7.3 contains a command injection vulnerability in the emp ...) + TODO: check +CVE-2025-57141 (rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdb ...) + TODO: check +CVE-2025-56630 (FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column ...) + TODO: check +CVE-2025-56267 (A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ...) + TODO: check +CVE-2025-56266 (A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allow ...) + TODO: check +CVE-2025-56265 (An arbitrary file upload vulnerability in the Chat Trigger component o ...) + TODO: check +CVE-2025-55998 (A cross-site scripting (XSS) vulnerability in Smart Search & Filter Sh ...) + TODO: check +CVE-2025-55849 (WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiCon ...) + TODO: check +CVE-2025-54994 (@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses ...) + TODO: check +CVE-2025-53838 (LinkAce is a self-hosted archive to collect website links. A stored cr ...) + TODO: check +CVE-2025-52389 (An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - ...) + TODO: check +CVE-2025-52161 (Scholl Communications AG Weblication CMS Core v019.004.000.000 was dis ...) + TODO: check +CVE-2025-51586 (An issue was discoverd in file controllers/admin/AdminLoginController. ...) + TODO: check +CVE-2025-43722 (Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an imprope ...) + TODO: check +CVE-2025-40642 (Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which a ...) + TODO: check +CVE-2025-40641 (Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inven ...) + TODO: check +CVE-2025-3212 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) + TODO: check +CVE-2025-36855 (A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exist ...) + TODO: check +CVE-2025-36854 (A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exist ...) + TODO: check +CVE-2025-36853 (A vulnerability (CVE-2025-21172) exists in msdia140.dlldue to integer ...) + TODO: check +CVE-2025-22956 (OPSI before 4.3 allows any client to retrieve any ProductPropertyState ...) + TODO: check +CVE-2025-10104 (A security vulnerability has been detected in code-projects Online Eve ...) + TODO: check +CVE-2025-10103 (A weakness has been identified in code-projects Online Event Judging S ...) + TODO: check +CVE-2025-10102 (A security flaw has been discovered in code-projects Online Event Judg ...) + TODO: check +CVE-2025-10100 (A vulnerability was detected in SourceCodester Simple Forum Discussion ...) + TODO: check +CVE-2025-10099 (A weakness has been identified in Portabilis i-Educar up to 2.10. Affe ...) + TODO: check +CVE-2025-10098 (A security flaw has been discovered in PHPGurukul User Management Syst ...) + TODO: check +CVE-2025-10097 (A vulnerability was identified in SimStudioAI sim up to 1.0.0. This im ...) + TODO: check +CVE-2025-10096 (A vulnerability was determined in SimStudioAI sim up to 1.0.0. This af ...) + TODO: check +CVE-2025-10093 (A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Aff ...) + TODO: check +CVE-2025-10092 (A vulnerability was found in Jinher OA up to 1.2. This impacts an unkn ...) + TODO: check +CVE-2025-10091 (A vulnerability has been found in Jinher OA up to 1.2. This affects an ...) + TODO: check +CVE-2025-10090 (A flaw has been found in Jinher OA up to 1.2. The impacted element is ...) + TODO: check +CVE-2024-48341 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2022-50238 (The on-endpoint Microsoft vulnerable driver blocklist is not fully syn ...) + TODO: check +CVE-2019-25225 (`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-sit ...) + TODO: check +CVE-2014-125128 ('sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scr ...) + TODO: check +CVE-2025-40930 (JSON::SIMD before version 1.07 and earlier for Perl has an integer buf ...) NOT-FOR-US: JSON::SIMD Perl module -CVE-2025-40929 +CVE-2025-40929 (Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer ov ...) - libcpanel-json-xs-perl <unfixed> NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608920/ NOTE: Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2 (4.40) -CVE-2025-40928 +CVE-2025-40928 (JSON::XS before version 4.04 for Perl has an integer buffer overflow c ...) - libjson-xs-perl 4.030-3 NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608909/ NOTE: https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch -CVE-2025-58782 +CVE-2025-58782 (Deserialization of Untrusted Data vulnerability in Apache Jackrabbit C ...) - jackrabbit <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2025/09/06/3 NOTE: https://issues.apache.org/jira/browse/JCR-5135 @@ -278,7 +362,7 @@ CVE-2025-57807 (ImageMagick is free and open-source software used for editing an NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg NOTE: https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e (7.1.2-3) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf (6.9.13-29) -CVE-2025-7709 [Integer Overflow in FTS5 Extension] +CVE-2025-7709 (An integer overflow exists in the FTS5 https://sqlite.org/fts5.html e ...) - sqlite3 <unfixed> (bug #1114609) [trixie] - sqlite3 <no-dsa> (Minor issue) [bookworm] - sqlite3 <no-dsa> (Minor issue) @@ -1717,7 +1801,7 @@ CVE-2025-56760 (When Memos 0.22 is configured to store objects locally, an attac NOT-FOR-US: Memos CVE-2025-56752 (A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B ...) NOT-FOR-US: Ruijie -CVE-2025-56689 (An issue was discovered in Quest One Identity 7.5.1.20903. A crafted r ...) +CVE-2025-56689 (One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5 ...) NOT-FOR-US: Quest One Identity CVE-2025-56608 (The SourceCodester Android application "Corona Virus Tracker App India ...) NOT-FOR-US: SourceCodester @@ -17647,8 +17731,8 @@ CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22 NOT-FOR-US: Tenda CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...) NOT-FOR-US: FiberHome FD602GW-DX-R410 router -CVE-2025-49604 - REJECTED +CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...) + TODO: check CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize i ...) NOT-FOR-US: Realtek CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41 ...) @@ -102950,6 +103034,7 @@ CVE-2024-46605 (A cross-site scripting (XSS) vulnerability in the component /adm CVE-2024-45844 (BIG-IP monitor functionality may allow an attacker to bypass access co ...) NOT-FOR-US: BIG-IP CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...) + {DLA-4295-1} - libhtp 1:0.5.49-1 [bookworm] - libhtp <no-dsa> (Minor issue) NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f @@ -169806,6 +169891,7 @@ CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prev NOTE: https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f (suricata-7.0.3) NOTE: https://redmine.openinfosecfoundation.org/issues/6657 CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...) + {DLA-4295-1} - libhtp 1:0.5.46-1 [bookworm] - libhtp <no-dsa> (Minor issue) [buster] - libhtp <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ea4ff3261c0740061f94a0ce7c38da4ab1f697 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ea4ff3261c0740061f94a0ce7c38da4ab1f697 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
