[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 4 08:17:22 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34fb12a2 by security tracker role at 2025-11-04T08:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,385 @@
+CVE-2025-63293 (FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to ...)
+ TODO: check
+CVE-2025-47370 (Transient DOS when a remote device sends an invalid connection request ...)
+ TODO: check
+CVE-2025-47368 (Memory corruption when dereferencing an invalid userspace address in a ...)
+ TODO: check
+CVE-2025-47367 (Memory corruption while accessing a buffer during IOCTL processing.)
+ TODO: check
+CVE-2025-47365 (Memory corruption while processing large input data from a remote sour ...)
+ TODO: check
+CVE-2025-47362 (Information disclosure while processing message from client with inval ...)
+ TODO: check
+CVE-2025-47361 (Memory corruption when triggering a subsystem crash with an out-of-ran ...)
+ TODO: check
+CVE-2025-47360 (Memory corruption while processing client message during device manage ...)
+ TODO: check
+CVE-2025-47357 (Information Disclosure when a user-level driver performs QFPROM read o ...)
+ TODO: check
+CVE-2025-47353 (Memory corruption while processing request sent from GVM.)
+ TODO: check
+CVE-2025-47352 (Memory corruption while processing audio streaming operations.)
+ TODO: check
+CVE-2025-46556 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2025-43507 (A privacy issue was addressed by moving sensitive data. This issue is ...)
+ TODO: check
+CVE-2025-43505 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2025-43504 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2025-43503 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2025-43502 (A privacy issue was addressed by removing sensitive data. This issue i ...)
+ TODO: check
+CVE-2025-43500 (A privacy issue was addressed with improved handling of user preferenc ...)
+ TODO: check
+CVE-2025-43499 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2025-43498 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2025-43496 (The issue was addressed by adding additional logic. This issue is fixe ...)
+ TODO: check
+CVE-2025-43495 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-43493 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-43481 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2025-43480 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ TODO: check
+CVE-2025-43479 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43478 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2025-43477 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2025-43476 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43474 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2025-43472 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
+CVE-2025-43469 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43468 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+ TODO: check
+CVE-2025-43462 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43460 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-43459 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2025-43458 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-43457 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2025-43455 (A privacy issue was addressed with improved checks. This issue is fixe ...)
+ TODO: check
+CVE-2025-43454 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-43452 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
+CVE-2025-43450 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-43449 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2025-43448 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2025-43447 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43446 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2025-43445 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2025-43444 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43443 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2025-43442 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43441 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43440 (This issue was addressed with improved checks This issue is fixed in S ...)
+ TODO: check
+CVE-2025-43439 (A privacy issue was addressed by removing sensitive data. This issue i ...)
+ TODO: check
+CVE-2025-43438 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2025-43436 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43435 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43434 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2025-43433 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43432 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2025-43431 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43430 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-43429 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2025-43427 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-43426 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2025-43425 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43424 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2025-43423 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2025-43422 (The issue was addressed by adding additional logic. This issue is fixe ...)
+ TODO: check
+CVE-2025-43421 (Multiple issues were addressed by disabling array allocation sinking. ...)
+ TODO: check
+CVE-2025-43420 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2025-43419 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43414 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
+CVE-2025-43413 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2025-43412 (A file quarantine bypass was addressed with additional checks. This is ...)
+ TODO: check
+CVE-2025-43411 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2025-43409 (A permissions issue was addressed with additional sandbox restrictions ...)
+ TODO: check
+CVE-2025-43408 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
+CVE-2025-43407 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
+CVE-2025-43405 (A permissions issue was addressed with additional sandbox restrictions ...)
+ TODO: check
+CVE-2025-43401 (A denial-of-service issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2025-43399 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2025-43398 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43397 (A permissions issue was addressed by removing the vulnerable code. Thi ...)
+ TODO: check
+CVE-2025-43396 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-43395 (This issue was addressed with improved handling of symlinks. This issu ...)
+ TODO: check
+CVE-2025-43394 (This issue was addressed with improved handling of symlinks. This issu ...)
+ TODO: check
+CVE-2025-43392 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2025-43391 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
+CVE-2025-43390 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+ TODO: check
+CVE-2025-43389 (A privacy issue was addressed by removing the vulnerable code. This is ...)
+ TODO: check
+CVE-2025-43387 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43386 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2025-43385 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2025-43384 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2025-43383 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2025-43382 (A parsing issue in the handling of directory paths was addressed with ...)
+ TODO: check
+CVE-2025-43380 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2025-43379 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2025-43378 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43377 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2025-43376 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2025-43373 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-43365 (A denial-of-service issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2025-43364 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2025-43361 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2025-43360 (The issue was addressed with improved UI. This issue is fixed in iOS 2 ...)
+ TODO: check
+CVE-2025-43350 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43348 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2025-43345 (A correctness issue was addressed with improved checks. This issue is ...)
+ TODO: check
+CVE-2025-43338 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2025-43336 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43335 (The issue was addressed by adding additional logic. This issue is fixe ...)
+ TODO: check
+CVE-2025-43334 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2025-43323 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2025-43322 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-43309 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-43288 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2025-36172 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fi ...)
+ TODO: check
+CVE-2025-35021 (By failing to authenticate three times to an unconfigured Abilis CPX d ...)
+ TODO: check
+CVE-2025-34501 (Deck Mate 2 is distributed with static, hard-coded credentials for the ...)
+ TODO: check
+CVE-2025-27074 (Memory corruption while processing a GP command response.)
+ TODO: check
+CVE-2025-27070 (Memory corruption while performing encryption and decryption commands.)
+ TODO: check
+CVE-2025-27064 (Information disclosure while registering commands from clients with di ...)
+ TODO: check
+CVE-2025-20749 (In charger, there is a possible out of bounds write due to a missing b ...)
+ TODO: check
+CVE-2025-20748 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20747 (In gnss service, there is a possible out of bounds write due to an inc ...)
+ TODO: check
+CVE-2025-20746 (In gnss service, there is a possible out of bounds write due to an inc ...)
+ TODO: check
+CVE-2025-20745 (In apusys, there is a possible memory corruption due to use after free ...)
+ TODO: check
+CVE-2025-20744 (In pda, there is a possible escalation of privilege due to use after f ...)
+ TODO: check
+CVE-2025-20743 (In clkdbg, there is a possible escalation of privilege due to use afte ...)
+ TODO: check
+CVE-2025-20742 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20741 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20740 (In wlan STA driver, there is a possible out of bounds read due to a ra ...)
+ TODO: check
+CVE-2025-20739 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20738 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20737 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20736 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20735 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20734 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20733 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20732 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20731 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20730 (In preloader, there is a possible escalation of privilege due to an in ...)
+ TODO: check
+CVE-2025-20729 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20728 (In wlan STA driver, there is a possible out of bounds write due to an ...)
+ TODO: check
+CVE-2025-20727 (In Modem, there is a possible out of bounds write due to a heap buffer ...)
+ TODO: check
+CVE-2025-20726 (In Modem, there is a possible out of bounds write due to an incorrect ...)
+ TODO: check
+CVE-2025-20725 (In ims service, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2025-12683 (The service employed by Everything, running as SYSTEM, communicates wi ...)
+ TODO: check
+CVE-2025-12657 (The KMIP response parser built into mongo binaries is overly tolerant ...)
+ TODO: check
+CVE-2025-12456 (The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2025-12452 (The Visit Counter plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-12416 (The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-12415 (The MapMap plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2025-12413 (The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-12412 (The Top Bar Notification plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2025-12410 (The SH Contextual Help plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2025-12403 (The Associados Amazon Plugin plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2025-12402 (The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2025-12401 (The Label Plugins plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-12400 (The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2025-12396 (The clubmember plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-12393 (The Free Quotation plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-12389 (The Import Export For WooCommerce plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-12371 (The Nari Accountant plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-12369 (The Extensions for Leaflet Map plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-12350 (The DominoKit plugin for WordPress is vulnerable to unauthorized acces ...)
+ TODO: check
+CVE-2025-12324 (The TablePress \u2013 Tables in WordPress made easy plugin for WordPre ...)
+ TODO: check
+CVE-2025-12188 (The Posts Navigation Links for Sections and Headings \u2013 Free by WP ...)
+ TODO: check
+CVE-2025-12158 (The Simple User Capabilities plugin for WordPress is vulnerable to Pri ...)
+ TODO: check
+CVE-2025-12157 (The Simple User Capabilities plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2025-12156 (The Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) A ...)
+ TODO: check
+CVE-2025-12070 (The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2025-12069 (The WP Global Screen Options plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2025-12065 (The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-11890 (The Crypto Payment Gateway with Payeer for WooCommerce plugin for Word ...)
+ TODO: check
+CVE-2025-11841 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
+ TODO: check
+CVE-2025-11812 (The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-11758 (The All in One Time Clock Lite plugin for WordPress is vulnerable to u ...)
+ TODO: check
+CVE-2025-11753 (The Bootstrap Multi-language Responsive Portfolio plugin for WordPress ...)
+ TODO: check
+CVE-2025-11733 (The Footnotes Made Easy plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-11724 (The EM Beer Manager plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2025-11704 (The Elegance Menu plugin for WordPress is vulnerable to Local File Inc ...)
+ TODO: check
+CVE-2025-11193 (A potential vulnerability was reported in some Lenovo Tablets that cou ...)
+ TODO: check
+CVE-2025-11008 (The CE21 Suite plugin for WordPress is vulnerable to Sensitive Informa ...)
+ TODO: check
+CVE-2025-11007 (The CE21 Suite plugin for WordPress is vulnerable to unauthorized plug ...)
+ TODO: check
+CVE-2025-10896 (Multiple plugins for WordPress with the Jewel Theme Recommended Plugin ...)
+ TODO: check
+CVE-2024-13998 (Nagios XI versions prior to2024R1.1.3, under certain circumstances, di ...)
+ TODO: check
+CVE-2024-13997 (Nagios XI versions prior to2024R1.1.3contain a privilege escalation vu ...)
+ TODO: check
+CVE-2021-47698 (Nagios XI versions prior to5.8.7using embedded Nagios Core are vulnera ...)
+ TODO: check
+CVE-2016-15054 (Nagios XI versions prior to5.4.0 are vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2025-8900 (The Doccure Core plugin for WordPress is vulnerable to privilege escal ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8558 (Insider Threat Management (ITM) Serverversions prior to 7.17.2contain ...)
@@ -1222,6 +1604,7 @@ CVE-2025-11201 (MLflow Tracking Server Model Creation Directory Traversal Remote
CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass Vulnerability. ...)
NOT-FOR-US: mlflow
CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
+ {DLA-4362-1}
- gimp 3.0.4-6.2 (bug #1119661)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-978/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
@@ -2431,13 +2814,16 @@ CVE-2025-12202 (A security flaw has been discovered in ajayrandhawa User-Managem
NOT-FOR-US: ajayrandhawa User-Management-PHP-MYSQL
CVE-2025-12201 (A vulnerability was identified in ajayrandhawa User-Management-PHP-MYS ...)
NOT-FOR-US: ajayrandhawa User-Management-PHP-MYSQL
-CVE-2025-12200 (A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by t ...)
+CVE-2025-12200
+ REJECTED
- dnsmasq <unfixed> (unimportant)
NOTE: Doesn't cross any security boundary, config files are trusted
-CVE-2025-12199 (A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this v ...)
+CVE-2025-12199
+ REJECTED
- dnsmasq <unfixed> (unimportant)
NOTE: Doesn't cross any security boundary, config files are trusted
-CVE-2025-12198 (A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is t ...)
+CVE-2025-12198
+ REJECTED
- dnsmasq <unfixed> (unimportant)
NOTE: Doesn't cross any security boundary, config files are trusted
CVE-2025-12055 (HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauth ...)
@@ -4157,6 +4543,7 @@ CVE-2025-60790 (ProcessWire CMS 3.0.246 allows a low-privileged user with lang-e
CVE-2025-60772 (Improper authentication in the web-based management interface of NETLI ...)
NOT-FOR-US: NETLINK
CVE-2025-60751 (GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS:: ...)
+ {DLA-4361-1}
- geographiclib 2.5.2-1
NOTE: https://github.com/geographiclib/geographiclib/issues/43
NOTE: https://github.com/zer0matt/CVE-2025-60751
@@ -4320,11 +4707,13 @@ CVE-2025-10612 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-10020 (Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerabl ...)
NOT-FOR-US: Zoho
CVE-2022-4981 (A vulnerability was detected in DCMTK up to 3.6.7. The impacted elemen ...)
+ {DLA-4363-1}
- dcmtk 3.6.8-5
[bookworm] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1026
NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/957fb31e5d96f51ecf5cb3422c7dc2227f8e0423 (DCMTK-3.6.8)
CVE-2020-36855 (A security vulnerability has been detected in DCMTK up to 3.6.5. The a ...)
+ {DLA-4363-1}
- dcmtk 3.6.6-1
NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/0fef9f02e7c3976c36826b272ed4929f3977c3db (DCMTK-3.6.6)
CVE-2025-XXXX [Stored XSS Vulnerability]
@@ -7026,7 +7415,7 @@ CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID Connec
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
NOTE: https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e (v1.6.5)
CVE-2025-61919 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117856)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
NOTE: https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f (v3.2.3)
@@ -7051,7 +7440,7 @@ CVE-2025-61857 (An out-of-bounds write vulnerability exists in VS6ComFile!CItemE
CVE-2025-61856 (A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7Ba ...)
NOT-FOR-US: FUJI
CVE-2025-61780 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117855)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
NOTE: https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784 (v3.2.3)
@@ -8370,21 +8759,21 @@ CVE-2025-11458
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-61772 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117627)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
NOTE: Fixed by: https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e (v3.2.2)
NOTE: Fixed by: https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd (v3.1.17)
NOTE: Fixed by: https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e (v2.2.19)
CVE-2025-61771 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117628)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
NOTE: Fixed by: https://github.com/rack/rack/commit/3beacfcd494ec5600c9022d561cfa2f556a524d1 (v3.2.2)
NOTE: Fixed by: https://github.com/rack/rack/commit/f224f93bb3f16e9b968493fbd7bac751e66d2fdc (v3.1.17)
NOTE: Fixed by: https://github.com/rack/rack/commit/c370dcd9405a6799763b70a83f06ae2d1aaa0e87 (v2.2.19)
CVE-2025-61770 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117627)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
NOTE: Fixed by: https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e (v3.2.2)
@@ -23437,6 +23826,7 @@ CVE-2025-9734 (A security flaw has been discovered in O2OA up to 10.0-410. The i
CVE-2025-9733 (A security flaw has been discovered in code-projects Human Resource In ...)
NOT-FOR-US: code-projects
CVE-2025-9732 (A vulnerability was identified in DCMTK up to 3.6.9. This affects an u ...)
+ {DLA-4363-1}
- dcmtk <unfixed> (bug #1113993)
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
@@ -30555,13 +30945,15 @@ CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow
- cflow <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
NOTE: Crash in CLI tool, no security impact
-CVE-2025-8734 (A vulnerability has been found in GNU Bison up to 3.8.2. This impacts ...)
+CVE-2025-8734
+ REJECTED
- bison <unfixed> (bug #1110611)
[trixie] - bison <no-dsa> (Minor issue)
[bookworm] - bison <no-dsa> (Minor issue)
[bullseye] - bison <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/akimd/bison/issues/115
-CVE-2025-8733 (A flaw has been found in GNU Bison up to 3.8.2. This affects the funct ...)
+CVE-2025-8733
+ REJECTED
- bison <unfixed> (unimportant; bug #1110610)
NOTE: https://github.com/akimd/bison/issues/113
NOTE: https://github.com/akimd/bison/issues/114
@@ -367491,6 +367883,7 @@ CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may be
CVE-2021-3771
REJECTED
CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...)
+ {DLA-4360-1}
- pure-ftpd 1.0.50-1 (bug #993810)
[buster] - pure-ftpd <no-dsa> (Minor issue)
[stretch] - pure-ftpd <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34fb12a2975ddaa9b0ddf692d149595d5c64b014
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34fb12a2975ddaa9b0ddf692d149595d5c64b014
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251104/9df7c8bd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list