[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 7 08:13:22 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d90b521 by security tracker role at 2025-11-07T08:13:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,86 @@
-CVE-2025-12790
+CVE-2025-64346 (archives is a Go library for extracting archives (tar, zip, etc.). Ver ...)
+	TODO: check
+CVE-2025-64343 ((conda) Constructor is a tool that enables users to create installers  ...)
+	TODO: check
+CVE-2025-64339 (ClipBucket v5 is an open source video sharing platform. In versions 5. ...)
+	TODO: check
+CVE-2025-64338
+	REJECTED
+CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In versions 5. ...)
+	TODO: check
+CVE-2025-64329 (containerd is an open-source container runtime. Versions 1.7.28 and be ...)
+	TODO: check
+CVE-2025-64328 (FreePBX Endpoint Manager is a module for managing telephony endpoints  ...)
+	TODO: check
+CVE-2025-64327 (ThinkDashboard is a self-hosted bookmark dashboard built with Go and v ...)
+	TODO: check
+CVE-2025-64326 (Weblate is a web based localization tool. In versions 5.14 and below,  ...)
+	TODO: check
+CVE-2025-64323 (kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and belo ...)
+	TODO: check
+CVE-2025-64302 (Insufficient input sanitization in the dashboard label or path can all ...)
+	TODO: check
+CVE-2025-64187 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
+	TODO: check
+CVE-2025-64184 (Dosage is a comic strip downloader and archiver. When downloading comi ...)
+	TODO: check
+CVE-2025-64180 (Manager-io/Manager is accounting software. In Manager Desktop and Serv ...)
+	TODO: check
+CVE-2025-64179 (lakeFS is an open-source tool that transforms object storage into a Gi ...)
+	TODO: check
+CVE-2025-64178 (Jellysweep is a cleanup tool for the Jellyfin media server. In version ...)
+	TODO: check
+CVE-2025-64177 (ThinkDashboard is a self-hosted bookmark dashboard built with Go and v ...)
+	TODO: check
+CVE-2025-64176 (ThinkDashboard is a self-hosted bookmark dashboard built with Go and v ...)
+	TODO: check
+CVE-2025-64174 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+	TODO: check
+CVE-2025-64173 (Apollo Router Core is a configurable graph router written in Rust to r ...)
+	TODO: check
+CVE-2025-62630 (Due to insufficient sanitization, an attacker can upload a specially   ...)
+	TODO: check
+CVE-2025-5483 (The LC Wizard plugin for WordPress is vulnerable to Privilege Escalati ...)
+	TODO: check
+CVE-2025-59171 (Due to insufficient sanitization, an attacker can upload a specially   ...)
+	TODO: check
+CVE-2025-58423 (Due to insufficient sanitization, an attacker can upload a specially   ...)
+	TODO: check
+CVE-2025-52662 (A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. ...)
+	TODO: check
+CVE-2025-4522 (The IDonate \u2013 Blood Donation, Request And Donor Management System ...)
+	TODO: check
+CVE-2025-4519 (The IDonate \u2013 Blood Donation, Request And Donor Management System ...)
+	TODO: check
+CVE-2025-48985 (A vulnerability in Vercel\u2019s AI SDK has been fixed in versions 5.0 ...)
+	TODO: check
+CVE-2025-33110 (IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection ...)
+	TODO: check
+CVE-2025-12636 (The Ubia camera ecosystem fails to adequately secure API credentials,  ...)
+	TODO: check
+CVE-2025-12527 (The Page & Post Notes plugin for WordPress is vulnerable to unauthoriz ...)
+	TODO: check
+CVE-2025-12520 (The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2025-12490 (Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulne ...)
+	TODO: check
+CVE-2025-12489 (evernote-mcp-server openBrowser Command Injection Privilege Escalation ...)
+	TODO: check
+CVE-2025-12488 (oobabooga text-generation-webui trust_remote_code Reliance on Untruste ...)
+	TODO: check
+CVE-2025-12487 (oobabooga text-generation-webui trust_remote_code Reliance on Untruste ...)
+	TODO: check
+CVE-2025-12486 (Heimdall Data Database Proxy Cross-Site Scripting Remote Code Executio ...)
+	TODO: check
+CVE-2025-12352 (The Gravity Forms plugin for WordPress is vulnerable to arbitrary file ...)
+	TODO: check
+CVE-2025-11546 (CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUS ...)
+	TODO: check
+CVE-2025-12790 (A flaw was found in Rubygem MQTT. By default, the package used to not  ...)
 	NOT-FOR-US: Rubygem MQTT
-CVE-2025-12789
+CVE-2025-12789 (A flaw was found in Red Hat Single Sign-On. This issue is an Open Redi ...)
 	NOT-FOR-US: Red Hat Single Sign-On
-CVE-2024-12125
+CVE-2024-12125 (A flaw was found in the 3scale developer portal. This issue can allow  ...)
 	NOT-FOR-US: 3scale developer portal
 CVE-2025-6327 (Unrestricted Upload of File with Dangerous Type vulnerability in KingA ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -604,11 +682,11 @@ CVE-2025-10713 (An XML External Entity (XXE) vulnerability exists in multiple WS
 	NOT-FOR-US: WSO2
 CVE-2023-43000 (A use-after-free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
-CVE-2025-52881
+CVE-2025-52881 (runc is a CLI tool for spawning and running containers according to th ...)
 	- runc <unfixed> (bug #1120140)
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
 	NOTE: https://www.openwall.com/lists/oss-security/2025/11/05/3
-CVE-2025-52565
+CVE-2025-52565 (runc is a CLI tool for spawning and running containers according to th ...)
 	- runc <unfixed> (bug #1120140)
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r
 	NOTE: https://www.openwall.com/lists/oss-security/2025/11/05/3
@@ -616,7 +694,7 @@ CVE-2025-31133 (runc is a CLI tool for spawning and running containers according
 	- runc <unfixed> (bug #1120140)
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2
 	NOTE: https://www.openwall.com/lists/oss-security/2025/11/05/3
-CVE-2025-10966
+CVE-2025-10966 (curl's code for managing SSH connections when SFTP was done using the  ...)
 	- curl 8.17.0~rc2-1 (unimportant)
 	NOTE: https://curl.se/docs/CVE-2025-10966.html
 	NOTE: Introduced with: https://github.com/curl/curl/commit/6773c7ca65cf2183295e56603f9b86a5ce816a06 (curl-7_69_0)
@@ -5346,7 +5424,7 @@ CVE-2025-62526 (OpenWrt Project is a Linux operating system targeting embedded d
 CVE-2025-62525 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
 	NOT-FOR-US: OpenWRT (ltq-ptm)
 	NOTE: https://openwrt.org/advisory/2025-10-22-2
-CVE-2025-12036
+CVE-2025-12036 (Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390 ...)
 	{DSA-6046-1 DSA-6036-1}
 	- chromium 142.0.7444.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -7101,7 +7179,7 @@ CVE-2017-20204 (DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an
 	NOT-FOR-US: DBLTek
 CVE-2011-10033 (The WordPress pluginis-human <= v1.4.2 containsan eval injection vulne ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-11756
+CVE-2025-11756 (Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.1 ...)
 	{DSA-6026-1}
 	- chromium 141.0.7390.107-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -9752,11 +9830,11 @@ CVE-2025-0603 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Callvision Emergency Code
 CVE-2023-6215 (A potential security vulnerability has been identified in HP Sure Star ...)
 	NOT-FOR-US: HP
-CVE-2025-11460
+CVE-2025-11460 (Use after free in Storage in Google Chrome prior to 141.0.7390.65 allo ...)
 	{DSA-6021-1}
 	- chromium 141.0.7390.65-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11458
+CVE-2025-11458 (Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 a ...)
 	{DSA-6021-1}
 	- chromium 141.0.7390.65-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -12690,51 +12768,51 @@ CVE-2021-4460 (In the Linux kernel, the following vulnerability has been resolve
 	NOTE: https://git.kernel.org/linus/50e2fc36e72d4ad672032ebf646cecb48656efe0 (5.13-rc1)
 CVE-2020-36852 (The Custom Searchable Data Entry System plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-11219
+CVE-2025-11219 (Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11216
+CVE-2025-11216 (Inappropriate implementation in Storage in Google Chrome on Mac prior  ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11215
+CVE-2025-11215 (Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11213
+CVE-2025-11213 (Inappropriate implementation in Omnibox in Google Chrome on Android pr ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11212
+CVE-2025-11212 (Inappropriate implementation in Media in Google Chrome on Windows prio ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11211
+CVE-2025-11211 (Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 al ...)
 	{DSA-6021-1}
 	- chromium 141.0.7390.65-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11210
+CVE-2025-11210 (Side-channel information leakage in Tab in Google Chrome prior to 141. ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11209
+CVE-2025-11209 (Inappropriate implementation in Omnibox in Google Chrome on Android pr ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11208
+CVE-2025-11208 (Inappropriate implementation in Media in Google Chrome prior to 141.0. ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11207
+CVE-2025-11207 (Side-channel information leakage in Storage in Google Chrome prior to  ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11206
+CVE-2025-11206 (Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54  ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11205
+CVE-2025-11205 (Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 ...)
 	{DSA-6016-1}
 	- chromium 141.0.7390.54-1
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d90b5218e796d136c076aa39199434c5bc38db7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d90b5218e796d136c076aa39199434c5bc38db7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251107/604250ac/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list