[Git][security-tracker-team/security-tracker][master] automatic update

Thu Nov 6 08:12:54 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0822e9bf by security tracker role at 2025-11-06T08:12:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-9338 (A improper restriction of operations within the bounds of a memory buf ...)
+	TODO: check
+CVE-2025-64480
+	REJECTED
+CVE-2025-64479
+	REJECTED
+CVE-2025-64478
+	REJECTED
+CVE-2025-64477
+	REJECTED
+CVE-2025-64476
+	REJECTED
+CVE-2025-64475
+	REJECTED
+CVE-2025-64474
+	REJECTED
+CVE-2025-64473
+	REJECTED
+CVE-2025-64472
+	REJECTED
+CVE-2025-64171 (MARIN3R is a lightweight, CRD based envoy control plane for kubernetes ...)
+	TODO: check
+CVE-2025-64164 (Dataease is an open source data visualization analysis tool. In versio ...)
+	TODO: check
+CVE-2025-64163 (DataEase is an open source data visualization analysis tool. In versio ...)
+	TODO: check
+CVE-2025-64114 (ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 ...)
+	TODO: check
+CVE-2025-63585 (OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection i ...)
+	TODO: check
+CVE-2025-62596 (Youki is a container runtime written in Rust. In versions 0.5.6 and be ...)
+	TODO: check
+CVE-2025-62161 (Youki is a container runtime written in Rust. In versions 0.5.6 and be ...)
+	TODO: check
+CVE-2025-61994 (Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. I ...)
+	TODO: check
+CVE-2025-60784 (A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows ...)
+	TODO: check
+CVE-2025-55278 (Improper authentication in the API authentication middleware of HCL De ...)
+	TODO: check
+CVE-2025-12779 (Improper handling of the authentication token in the Amazon WorkSpaces ...)
+	TODO: check
+CVE-2025-12563 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+	TODO: check
+CVE-2025-12560 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+	TODO: check
+CVE-2025-12471 (The Hubbub Lite \u2013 Fast, free social sharing and follow buttons pl ...)
+	TODO: check
+CVE-2025-12360 (The Better Find and Replace \u2013 AI-Powered Suggestions plugin for W ...)
+	TODO: check
+CVE-2025-11271 (The Easy Digital Downloads plugin for WordPress is vulnerable to Order ...)
+	TODO: check
+CVE-2025-10691 (The Easy Email Subscription plugin for WordPress is vulnerable to Cros ...)
+	TODO: check
+CVE-2025-10683 (The Easy Email Subscription plugin for WordPress is vulnerable to SQL  ...)
+	TODO: check
+CVE-2025-10259 (Improper Validation of Specified Quantity in Input vulnerability in TC ...)
+	TODO: check
 CVE-2025-12729
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -4514,6 +4572,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress is vulnerable to Stored
 CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechanism rev ...)
 	NOT-FOR-US: langgenius/dify-web
 CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to ...)
+	{DLA-4365-1}
 	- unbound 1.24.1-1
 	NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/a33f0638e1dacf2633cf2292078a674576bca852 (release-1.24.1)
@@ -14189,7 +14248,7 @@ CVE-2025-26278 (A prototype pollution in the lib.set function of dref v0.1.2 all
 	NOT-FOR-US: Node dref
 CVE-2025-20363 (A vulnerability in the web services of Cisco Secure Firewall Adaptive  ...)
 	NOT-FOR-US: Cisco
-CVE-2025-20362 (A vulnerability in the VPN web server of Cisco Secure Firewall Adaptiv ...)
+CVE-2025-20362 (Update: On November 5, 2025, Cisco became aware of a new attack varian ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20333 (A vulnerability in the VPN web server of Cisco Secure Firewall Adaptiv ...)
 	NOT-FOR-US: Cisco



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0822e9bffa4a0c17cf8d8e289c5e91fd8e2b19d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0822e9bffa4a0c17cf8d8e289c5e91fd8e2b19d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251106/a128b7b3/attachment-0001.htm>
