[Git][security-tracker-team/security-tracker][master] automatic update

Tue Aug 26 21:12:58 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c6b0ffb by security tracker role at 2025-08-26T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,126 @@
-CVE-2025-38676 [iommu/amd: Avoid stack buffer overflow from kernel cmdline]
+CVE-2025-9491 (Microsoft Windows LNK File UI Misrepresentation Remote Code Execution  ...)
+	TODO: check
+CVE-2025-9483 (A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE700 ...)
+	TODO: check
+CVE-2025-9482 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500 ...)
+	TODO: check
+CVE-2025-9481 (A security vulnerability has been detected in Linksys RE6250, RE6300,  ...)
+	TODO: check
+CVE-2025-9478 (Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allow ...)
+	TODO: check
+CVE-2025-9190 (The configuration of Cursor on macOS, specifically the "RunAsNode" fus ...)
+	TODO: check
+CVE-2025-8700 (Invoice Ninja's configuration on macOS, specifically the presence of e ...)
+	TODO: check
+CVE-2025-8597 (MacVim's configuration on macOS, specifically the presence of entitlem ...)
+	TODO: check
+CVE-2025-8424 (Improper access control on the NetScaler Management Interface in NetSc ...)
+	TODO: check
+CVE-2025-7776 (Memory overflow vulnerability leading to unpredictable or erroneous be ...)
+	TODO: check
+CVE-2025-7775 (Memory overflow vulnerability leading to Remote Code Execution and/or  ...)
+	TODO: check
+CVE-2025-6366 (The Event List plugin for WordPress is vulnerable to privilege escalat ...)
+	TODO: check
+CVE-2025-6247 (The WordPress Automatic Plugin plugin for WordPress is vulnerable to C ...)
+	TODO: check
+CVE-2025-57818 (Firecrawl turns entire websites into LLM-ready markdown or structured  ...)
+	TODO: check
+CVE-2025-57813 (traQ is a messenger application built for Digital Creators Club traP.  ...)
+	TODO: check
+CVE-2025-57810 (jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, use ...)
+	TODO: check
+CVE-2025-57803 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2025-57425 (A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FA ...)
+	TODO: check
+CVE-2025-56432 (A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. ...)
+	TODO: check
+CVE-2025-55526 (n8n-workflows Main Commit ee25413 allows attackers to execute a direct ...)
+	TODO: check
+CVE-2025-55443 (Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrato ...)
+	TODO: check
+CVE-2025-55298 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2025-55212 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2025-53813 (The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse ...)
+	TODO: check
+CVE-2025-53811 (The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" f ...)
+	TODO: check
+CVE-2025-52353 (An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Me ...)
+	TODO: check
+CVE-2025-52219 (SelectZero SelectZero Data Observability Platform before 2025.5.2 cont ...)
+	TODO: check
+CVE-2025-52218 (SelectZero Data Observability Platform before 2025.5.2 is vulnerable t ...)
+	TODO: check
+CVE-2025-52217 (SelectZero Data Observability Platform before 2025.5.2 is vulnerable t ...)
+	TODO: check
+CVE-2025-52184 (Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote ...)
+	TODO: check
+CVE-2025-52037 (A vulnerability has been found in NotesCMS and classified as medium. A ...)
+	TODO: check
+CVE-2025-52036 (A vulnerability has been found in NotesCMS and classified as medium. A ...)
+	TODO: check
+CVE-2025-52035 (A vulnerability in NotesCMS and specifically in the page /index.php?ro ...)
+	TODO: check
+CVE-2025-50976 (IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanit ...)
+	TODO: check
+CVE-2025-50975 (IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanit ...)
+	TODO: check
+CVE-2025-50974 (The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IP ...)
+	TODO: check
+CVE-2025-50971 (Directory traversal vulnerability in AbanteCart version 1.4.2 allows u ...)
+	TODO: check
+CVE-2025-50753 (Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh ...)
+	TODO: check
+CVE-2025-48108 (Missing Authorization vulnerability in Mojoomla School Management allo ...)
+	TODO: check
+CVE-2025-44002 (Race Condition in the Directory Validation Logic in the TeamViewer Ful ...)
+	TODO: check
+CVE-2025-36729 (A non-primary administrator user with admin rights to the web interfac ...)
+	TODO: check
+CVE-2025-2697 (IBM Cognos Command Center 10.2.4.1 and 10.2.5   could allow a remote a ...)
+	TODO: check
+CVE-2025-29992 (Mahara before 24.04.9 exposes database connection information if the d ...)
+	TODO: check
+CVE-2025-29901 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+	TODO: check
+CVE-2025-25737 (Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829 ...)
+	TODO: check
+CVE-2025-25736 (Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and  ...)
+	TODO: check
+CVE-2025-25735 (Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829 ...)
+	TODO: check
+CVE-2025-25734 (Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829 ...)
+	TODO: check
+CVE-2025-25733 (Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RI ...)
+	TODO: check
+CVE-2025-25732 (Incorrect access control in the EEPROM component of Kapsch TrafficCom  ...)
+	TODO: check
+CVE-2025-23315 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
+	TODO: check
+CVE-2025-23314 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
+	TODO: check
+CVE-2025-23313 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
+	TODO: check
+CVE-2025-23312 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
+	TODO: check
+CVE-2025-23307 (NVIDIA NeMo Curator for all platforms contains a vulnerability where a ...)
+	TODO: check
+CVE-2025-1994 (IBM Cognos Command Center 10.2.4.1 and 10.2.5     could allow a local  ...)
+	TODO: check
+CVE-2025-1501 (An access control vulnerability was discovered in the Request Trace an ...)
+	TODO: check
+CVE-2025-1494 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote att ...)
+	TODO: check
+CVE-2024-47853 (An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may u ...)
+	TODO: check
+CVE-2024-45753 (In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause X ...)
+	TODO: check
+CVE-2024-39335 (Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23. ...)
+	TODO: check
+CVE-2025-38676 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec (6.17-rc3)
 CVE-2025-9476 (A vulnerability has been found in SourceCodester Human Resource Inform ...)
@@ -1212,6 +1334,7 @@ CVE-2025-9288 (Improper Input Validation vulnerability in sha.js allows Input Da
 	NOTE: https://github.com/browserify/sha.js/pull/78
 	NOTE: Fixed by: https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5 (v2.4.12)
 CVE-2025-9287 (Improper Input Validation vulnerability in cipher-base allows Input Da ...)
+	{DSA-5986-1}
 	- node-cipher-base 1.0.6-1 (bug #1111772)
 	NOTE: https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
 	NOTE: https://github.com/browserify/cipher-base/pull/23
@@ -79308,7 +79431,7 @@ CVE-2024-36831 (A NULL pointer dereference in the plugins_call_handle_uri_clean
 	NOT-FOR-US: D-Link
 CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk Naviswork ...)
+CVE-2024-12670 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
 	NOT-FOR-US: Autodesk
@@ -102578,7 +102701,7 @@ CVE-2024-7869 (The 123.chat - Video Chat plugin for WordPress is vulnerable to S
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7675 (A maliciously crafted DWF file, when parsed in w3dtk.dll through Autod ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-7674 (A maliciously crafted DWF file, when parsed in dwfcore.dll through Aut ...)
+CVE-2024-7674 (A maliciously crafted DWFX file, when parsed in dwfcore.dll through Au ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-7673 (A maliciously crafted DWFX file, when parsed in w3dtk.dll through Auto ...)
 	NOT-FOR-US: Autodesk
@@ -674379,7 +674502,7 @@ CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows re
 CVE-2015-XXXX [Privilege escalation via core-gui]
 	- core-network <removed> (bug #799756)
 	NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
-CVE-2015-7313 (LibTIFF allows remote attackers to cause a denial of service (memory c ...)
+CVE-2015-7313 (LibTIFF before 4.0.7 allows remote attackers to cause a denial of serv ...)
 	- tiff 4.0.7-1 (bug #800124)
 	[jessie] - tiff <ignored> (Minor issue)
 	[wheezy] - tiff <not-affected> (Can't reproduce)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6b0ffbf8daccc2f9624a3b30ac4dd27ff94ab4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6b0ffbf8daccc2f9624a3b30ac4dd27ff94ab4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250826/b7c97759/attachment.htm>
