[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 4 20:13:19 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08bd990d by security tracker role at 2025-11-04T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-64322 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2025-64321 (Improper Neutralization of Input Used for LLM Prompting vulnerability ...)
+ TODO: check
+CVE-2025-64320 (Improper Neutralization of Input Used for LLM Prompting vulnerability ...)
+ TODO: check
+CVE-2025-64319 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2025-64318 (Improper Neutralization of Input Used for LLM Prompting vulnerability ...)
+ TODO: check
+CVE-2025-63294 (WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Inse ...)
+ TODO: check
+CVE-2025-61956 (Radiometrics VizAir is vulnerable to a lack of authentication mechanis ...)
+ TODO: check
+CVE-2025-61945 (Radiometrics VizAir is vulnerable to any remote attacker via access to ...)
+ TODO: check
+CVE-2025-61431 (A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_f ...)
+ TODO: check
+CVE-2025-60925 (codeshare v1.0.0 was discovered to contain an information leakage vuln ...)
+ TODO: check
+CVE-2025-54863 (Radiometrics VizAir is vulnerable to exposure of the system's REST API ...)
+ TODO: check
+CVE-2025-54334 (An issue was discovered in the NPU driver in Samsung Mobile Processor ...)
+ TODO: check
+CVE-2025-54333 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
+ TODO: check
+CVE-2025-54332 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
+ TODO: check
+CVE-2025-54331 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
+ TODO: check
+CVE-2025-54330 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
+ TODO: check
+CVE-2025-54329 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2025-54327 (An issue was discovered in VTS in Samsung Mobile Processor and Wearabl ...)
+ TODO: check
+CVE-2025-54325 (An issue was discovered in VTS in Samsung Mobile Processor and Wearabl ...)
+ TODO: check
+CVE-2025-54323 (An issue was discovered in the camera in Samsung Mobile Processor Exyn ...)
+ TODO: check
+CVE-2025-52513 (An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, ...)
+ TODO: check
+CVE-2025-52512 (An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, ...)
+ TODO: check
+CVE-2025-49494 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2025-41345 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41344 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41343 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41342 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41341 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41340 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41339 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41338 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41337 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41336 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41335 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41114 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41113 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41112 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-41111 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
+ TODO: check
+CVE-2025-33176 (NVIDIA RunAI for all platforms contains a vulnerability where a user c ...)
+ TODO: check
+CVE-2025-23358 (NVIDIA NVApp for Windows contains a vulnerability in the installer, wh ...)
+ TODO: check
+CVE-2025-12695 (The overly permissive sandbox configuration in DSPy allows attackers t ...)
+ TODO: check
+CVE-2025-12682 (The Easy Upload Files During Checkout plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-12493 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...)
+ TODO: check
+CVE-2025-12184 (The MeetingList plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-12108 (The Survision LPR Camera system does not enforce password protection b ...)
+ TODO: check
+CVE-2025-12045 (The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...)
+ TODO: check
+CVE-2025-11690 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
+ TODO: check
+CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting vulnerability ...)
+ TODO: check
CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization]
- keystone <unfixed> (bug #1120053)
NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2
@@ -1723,7 +1819,7 @@ CVE-2025-11374 (Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/val
NOTE: https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724
CVE-2023-7320 (The WooCommerce plugin for WordPress is vulnerable to Sensitive Inform ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-62727 (Starlette is a lightweight ASGI framework/toolkit. Prior to 0.49.1 , a ...)
+CVE-2025-62727 (Starlette is a lightweight ASGI framework/toolkit. Starting in version ...)
- starlette <unfixed> (bug #1119662)
NOTE: https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8
NOTE: Fixed by: https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5 (0.49.1)
@@ -4349,14 +4445,14 @@ CVE-2022-50556 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/834c23e4f798dcdc8af251b3c428ceef94741991 (6.3-rc1)
CVE-2025-40780 (In specific circumstances, due to a weakness in the Pseudo Random Numb ...)
- {DSA-6033-1}
+ {DSA-6033-1 DLA-4364-1}
- bind9 1:9.20.15-1
NOTE: https://kb.isc.org/docs/cve-2025-40780
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/2924910eeea5c86720149bc48d799ccb69e59797 (v9.20.15)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/26c77915d52a577be6f421fd351506c29185ab97 (v9.20.15)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe (v9.18.41)
CVE-2025-40778 (Under certain circumstances, BIND is too lenient when accepting record ...)
- {DSA-6033-1}
+ {DSA-6033-1 DLA-4364-1}
- bind9 1:9.20.15-1
NOTE: https://kb.isc.org/docs/cve-2025-40778
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/196732041318b931b6fa97f18077117b3b548d18 (v9.20.15)
@@ -4366,7 +4462,7 @@ CVE-2025-40778 (Under certain circumstances, BIND is too lenient when accepting
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846 (v9.18.41)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72 (v9.18.41)
CVE-2025-8677 (Querying for records within a specially crafted zone containing certai ...)
- {DSA-6033-1}
+ {DSA-6033-1 DLA-4364-1}
- bind9 1:9.20.15-1
NOTE: https://kb.isc.org/docs/cve-2025-8677
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/0d676bf9f23b1441f6697f1d6b25b4744dacda52 (v9.20.15)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd990df7d8a80585115e1732e63eb9cadd6e03
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd990df7d8a80585115e1732e63eb9cadd6e03
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251104/7052aa6e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list