[Git][security-tracker-team/security-tracker][master] automatic update

Mon Nov 3 20:13:19 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa4b10ef by security tracker role at 2025-11-03T20:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,70 @@
-CVE-2025-40107 [can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled]
+CVE-2025-8900 (The Doccure Core plugin for WordPress is vulnerable to privilege escal ...)
+	TODO: check
+CVE-2025-8558 (Insider Threat Management (ITM) Serverversions prior to 7.17.2contain  ...)
+	TODO: check
+CVE-2025-64294 (Missing Authorization vulnerability in d3wp WP Snow Effect allows Acce ...)
+	TODO: check
+CVE-2025-63593 (Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).)
+	TODO: check
+CVE-2025-63453 (Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux ...)
+	TODO: check
+CVE-2025-63452 (Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux ...)
+	TODO: check
+CVE-2025-63451 (Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux ...)
+	TODO: check
+CVE-2025-63450 (Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XS ...)
+	TODO: check
+CVE-2025-63449 (Water Management System v1.0 is vulnerable to Cross Site Scripting (XS ...)
+	TODO: check
+CVE-2025-63448 (Water Management System v1.0 is vulnerable to Cross Site Scripting (XS ...)
+	TODO: check
+CVE-2025-63447 (Water Management System v1.0 is vulnerable to Cross Site Scripting (XS ...)
+	TODO: check
+CVE-2025-63446 (Water Management System v1.0 is vulnerable to Cross Site Scripting (XS ...)
+	TODO: check
+CVE-2025-63443 (School Management System PHP v1.0 is vulnerable to Cross Site Scriptin ...)
+	TODO: check
+CVE-2025-63442 (Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cro ...)
+	TODO: check
+CVE-2025-63441 (Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scri ...)
+	TODO: check
+CVE-2025-60892 (An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting i ...)
+	TODO: check
+CVE-2025-60785 (A remote code execution (RCE) vulnerability in the Postgres Drivers co ...)
+	TODO: check
+CVE-2025-60503 (A cross-site scripting (XSS) vulnerability exists in the administrativ ...)
+	TODO: check
+CVE-2025-50735 (Directory traversal vulnerability in NextChat thru 2.16.0 due to the W ...)
+	TODO: check
+CVE-2025-50363 (Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Si ...)
+	TODO: check
+CVE-2025-48397 (The privileged user could log in without sufficient credentials after  ...)
+	TODO: check
+CVE-2025-45959
+	REJECTED
+CVE-2025-36093 (IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could ...)
+	TODO: check
+CVE-2025-36092 (IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could ...)
+	TODO: check
+CVE-2025-36091 (IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could ...)
+	TODO: check
+CVE-2025-12642 (lighttpd1.4.80 incorrectly merged trailer fields into headersafter htt ...)
+	TODO: check
+CVE-2025-12626 (A security flaw has been discovered in jeecgboot jeewx-boot up to 641a ...)
+	TODO: check
+CVE-2025-12531 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
+	TODO: check
+CVE-2025-12463 (An unauthenticated SQL Injection was discovered within the Geutebruck  ...)
+	TODO: check
+CVE-2025-11953 (The Metro Development Server, which is opened by the React Native Comm ...)
+	TODO: check
+CVE-2025-11761 (A potential security vulnerability has been identified in the HP Clien ...)
+	TODO: check
+CVE-2025-10280 (IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4 ...)
+	TODO: check
+CVE-2025-0987 (Authorization Bypass Through User-Controlled Key vulnerability in CB P ...)
+	TODO: check
+CVE-2025-40107 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.16.12-1
 	NOTE: https://git.kernel.org/linus/6b696808472197b77b888f50bc789a3bae077743 (6.17)
 CVE-2025-48396 (Arbitrary code executionis possible due to improper validation of the  ...)
@@ -70,18 +136,18 @@ CVE-2025-12600 (Web UI Malfunction when setting unexpected locale via API.This i
 	NOT-FOR-US: Azure Access Technology
 CVE-2025-12599 (Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000) ...)
 	NOT-FOR-US: Azure Access Technology
-CVE-2025-45663 [Disclosure of uninitialized memory in _dom_event_initialise]
+CVE-2025-45663 (An issue in NetSurf v3.11 causes the application to read uninitialized ...)
 	- netsurf <unfixed> (bug #1119918)
 	[trixie] - netsurf <no-dsa> (Minor issue)
 	[bookworm] - netsurf <no-dsa> (Minor issue)
 	NOTE: https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-45663
 	NOTE: https://github.com/netsurf-browser/libdom/commit/9ea069f36e5de5f52d7155a71e2d536eb94de141
-CVE-2025-29699 [Use-after-free in _dom_node_set_text_content]
+CVE-2025-29699 (NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_cont ...)
 	- netsurf <unfixed> (bug #1119918)
 	[trixie] - netsurf <no-dsa> (Minor issue)
 	[bookworm] - netsurf <no-dsa> (Minor issue)
 	NOTE: https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-29699
-CVE-2024-51317 [Use-after-free in _dom_node_normalize]
+CVE-2024-51317 (An issue in NetSurf v.3.11 allows a remote attacker to execute arbitra ...)
 	- netsurf <unfixed> (bug #1119918)
 	[trixie] - netsurf <no-dsa> (Minor issue)
 	[bookworm] - netsurf <no-dsa> (Minor issue)
@@ -2061,7 +2127,7 @@ CVE-2023-49440 (AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "previe
 CVE-2023-37749 (Incorrect access control in the REST API endpoint of HubSpot v1.29441  ...)
 	NOT-FOR-US: HubSpot
 CVE-2025-62291
-	{DSA-6041-1}
+	{DSA-6041-1 DLA-4359-1}
 	- strongswan <unfixed> (bug #1120004)
 	NOTE: https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html
 	NOTE: Patch: https://download.strongswan.org/security/CVE-2025-62291/
@@ -23552,7 +23618,7 @@ CVE-2025-4956 (Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Wat
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34165 (A stack-based buffer overflow vulnerability in NetSupport Manager14.x  ...)
 	NOT-FOR-US: NetSupport Manager
-CVE-2025-34164 (A heap-based buffer overflow vulnerability in NetSupport Manager14.x v ...)
+CVE-2025-34164 (A heap-based buffer overflow vulnerability in NetSupport Manager 14.x  ...)
 	NOT-FOR-US: NetSupport Manager
 CVE-2025-9673 (A vulnerability was detected in Kakao \ud5e4\uc774\uce74\uce74\uc624 H ...)
 	NOT-FOR-US: Kakao App
@@ -37136,7 +37202,7 @@ CVE-2025-30483 (Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0
 	NOT-FOR-US: Dell / EMC
 CVE-2025-26186 (SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker  ...)
 	NOT-FOR-US: openSIS
-CVE-2025-24477 (A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 throug ...)
+CVE-2025-24477 (A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2,  ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-0831 (Out-Of-Bounds Read vulnerability exists in the JT file reading procedu ...)
 	NOT-FOR-US: Dassault Systemes



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa4b10efb0d30831ec58cccd291490d43bb92621

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa4b10efb0d30831ec58cccd291490d43bb92621
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251103/2b65670c/attachment.htm>
