[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 10 20:14:39 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbb3394f by security tracker role at 2025-11-10T20:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-8768
+ REJECTED
+CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie configuratio ...)
+ TODO: check
+CVE-2025-64689 (In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Jun ...)
+ TODO: check
+CVE-2025-64688 (In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation ...)
+ TODO: check
+CVE-2025-64687 (In JetBrains YouTrack before 2025.3.104432 improper access control all ...)
+ TODO: check
+CVE-2025-64686 (In JetBrains YouTrack before 2025.3.104432 missing user principal clea ...)
+ TODO: check
+CVE-2025-64685 (In JetBrains YouTrack before 2025.3.104432 missing TLS certificate val ...)
+ TODO: check
+CVE-2025-64684 (In JetBrains YouTrack before 2025.3.104432 information disclosure was ...)
+ TODO: check
+CVE-2025-64683 (In JetBrains Hub before 2025.3.104432 information disclosure was possi ...)
+ TODO: check
+CVE-2025-64682 (In JetBrains Hub before 2025.3.104432 a race condition allowed bypass ...)
+ TODO: check
+CVE-2025-64681 (In JetBrains Hub before 2025.3.104992 a race condition allowed bypass ...)
+ TODO: check
+CVE-2025-64457 (In JetBrains dotTrace before 2025.2.5 local privilege escalation possi ...)
+ TODO: check
+CVE-2025-64456 (In JetBrains ReSharper before 2025.2.4 missing signature verification ...)
+ TODO: check
+CVE-2025-63835 (A stack-based buffer overflow vulnerability was discovered in Tenda AC ...)
+ TODO: check
+CVE-2025-63834 (A stored cross-site scripting (XSS) vulnerability was discovered in Te ...)
+ TODO: check
+CVE-2025-63712 (Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Man ...)
+ TODO: check
+CVE-2025-63711 (A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodeste ...)
+ TODO: check
+CVE-2025-63710 (The send_message.php endpoint in SourceCodester Simple Public Chat Roo ...)
+ TODO: check
+CVE-2025-63709 (A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Si ...)
+ TODO: check
+CVE-2025-63497 (The patient prescription viewing functionality in his_doc_view_single_ ...)
+ TODO: check
+CVE-2025-63457 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-63456 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-63455 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-63288 (In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupReques ...)
+ TODO: check
+CVE-2025-63154 (TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-63153 (TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-63152 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ TODO: check
+CVE-2025-63149 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ TODO: check
+CVE-2025-63147 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ TODO: check
+CVE-2025-60876 (BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 ...)
+ TODO: check
+CVE-2025-56503 (An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticate ...)
+ TODO: check
+CVE-2025-47932 (Combodo iTop is a web based IT service management tool. Versions prior ...)
+ TODO: check
+CVE-2025-47773 (Combodo iTop is a web based IT service management tool. Versions prior ...)
+ TODO: check
+CVE-2025-47286 (Combodo iTop is a web based IT service management tool. In versions pr ...)
+ TODO: check
+CVE-2025-46430 (Dell Display and Peripheral Manager, versions prior to 2.1.2.12, conta ...)
+ TODO: check
+CVE-2025-43723 (Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0. ...)
+ TODO: check
+CVE-2025-43079 (The Qualys Cloud Agent included a bundled uninstall script (qagent_uni ...)
+ TODO: check
+CVE-2025-41107 (Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 du ...)
+ TODO: check
+CVE-2025-41001 (Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02 ...)
+ TODO: check
+CVE-2025-33150 (IBM Cognos Analytics Certified Containers 12.1.0 could disclose packag ...)
+ TODO: check
+CVE-2025-12967 (An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for pr ...)
+ TODO: check
+CVE-2025-12939 (A security flaw has been discovered in SourceCodester Interview Manage ...)
+ TODO: check
+CVE-2025-12938 (A vulnerability was identified in projectworlds Online Admission Syste ...)
+ TODO: check
+CVE-2025-12480 (Triofox versions prior to 16.7.10368.56560, are vulnerable to an Impro ...)
+ TODO: check
+CVE-2025-12409 (A SQL injection vulnerability was discovered in Looker Studio that all ...)
+ TODO: check
+CVE-2025-12405 (An improper privilege management vulnerability was found in Looker Stu ...)
+ TODO: check
+CVE-2025-12397 (A SQL injection vulnerability was found in Looker Studio. A Looker St ...)
+ TODO: check
+CVE-2025-12155 (A Command Injection vulnerability, resulting from improper file path s ...)
+ TODO: check
CVE-2025-XXXX [GHSA-c978-wq47-pvvw]
- rust-sudo-rs 0.2.10-1
NOTE: https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw
@@ -57,6 +153,7 @@ CVE-2025-12864 (U-Office Force developed by e-Excellence has a SQL Injection vul
CVE-2025-12613 (Versions of the package cloudinary before 2.7.0 are vulnerable to Arbi ...)
TODO: check
CVE-2025-64507 [GHSA-56mx-8g9f-5crf]
+ {DSA-6051-1}
- incus 6.0.5-4
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf
@@ -901,23 +998,23 @@ CVE-2025-10683 (The Easy Email Subscription plugin for WordPress is vulnerable t
NOT-FOR-US: WordPress plugin
CVE-2025-10259 (Improper Validation of Specified Quantity in Input vulnerability in TC ...)
NOT-FOR-US: Mitsubishi
-CVE-2025-12729
+CVE-2025-12729 (Inappropriate implementation in Omnibox in Google Chrome on Android pr ...)
{DSA-6050-1}
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12728
+CVE-2025-12728 (Inappropriate implementation in Omnibox in Google Chrome on Android pr ...)
{DSA-6050-1}
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12727
+CVE-2025-12727 (Inappropriate implementation in V8 in Google Chrome prior to 142.0.744 ...)
{DSA-6050-1}
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12726
+CVE-2025-12726 (Inappropriate implementation in Views in Google Chrome on Windows prio ...)
{DSA-6050-1}
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12725
+CVE-2025-12725 (Out of bounds read in WebGPU in Google Chrome on Android prior to 142. ...)
{DSA-6050-1}
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -1713,7 +1810,8 @@ CVE-2024-13997 (Nagios XI versions prior to2024R1.1.3contain a privilege escalat
NOT-FOR-US: Nagios XI
CVE-2021-47698 (Nagios XI versions prior to5.8.7using embedded Nagios Core are vulnera ...)
NOT-FOR-US: Nagios XI
-CVE-2016-15054 (Nagios XI versions prior to5.4.0 are vulnerable to cross-site scriptin ...)
+CVE-2016-15054
+ REJECTED
NOT-FOR-US: Nagios XI
CVE-2025-8900 (The Doccure Core plugin for WordPress is vulnerable to privilege escal ...)
NOT-FOR-US: WordPress plugin
@@ -2228,7 +2326,8 @@ CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a Z-Wav
NOT-FOR-US: Silicon Labs
CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local privile ...)
NOT-FOR-US: Nagios Log Server
-CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored cross-site ...)
+CVE-2024-58272
+ REJECTED
NOT-FOR-US: Nagios Log Server
CVE-2024-14009 (Nagios XI versions prior to2024R1.0.1contain a privilege escalation vu ...)
NOT-FOR-US: Nagios XI
@@ -2686,79 +2785,79 @@ CVE-2025-62402 (API users via `/api/v2/dagReports` could perform Dag code execut
- airflow <itp> (bug #819700)
CVE-2025-54941 (An example dag `example_dag_decorator` had non-validated parameter tha ...)
- airflow <itp> (bug #819700)
-CVE-2025-12447
+CVE-2025-12447 (Incorrect security UI in Omnibox in Google Chrome on Android prior to ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12446
+CVE-2025-12446 (Incorrect security UI in SplitView in Google Chrome prior to 142.0.744 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12445
+CVE-2025-12445 (Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 al ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12444
+CVE-2025-12444 (Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12443
+CVE-2025-12443 (Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 al ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12441
+CVE-2025-12441 (Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allow ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12440
+CVE-2025-12440 (Inappropriate implementation in Autofill in Google Chrome prior to 142 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12439
+CVE-2025-12439 (Inappropriate implementation in App-Bound Encryption in Google Chrome ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12438
+CVE-2025-12438 (Use after free in Ozone in Google Chrome on Linux and ChromeOS prior t ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12437
+CVE-2025-12437 (Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 all ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12436
+CVE-2025-12436 (Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 al ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12435
+CVE-2025-12435 (Incorrect security UI in Omnibox in Google Chrome on Android prior to ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12434
+CVE-2025-12434 (Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 all ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12433
+CVE-2025-12433 (Inappropriate implementation in V8 in Google Chrome prior to 142.0.744 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12432
+CVE-2025-12432 (Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12431
+CVE-2025-12431 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12430
+CVE-2025-12430 (Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.5 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12429
+CVE-2025-12429 (Inappropriate implementation in V8 in Google Chrome prior to 142.0.744 ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12428
+CVE-2025-12428 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
{DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb3394f2a71a0dc64eebada9aaf03cd5c922699
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb3394f2a71a0dc64eebada9aaf03cd5c922699
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251110/c6bbcd6f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list