[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 12 08:13:48 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3ec6309 by security tracker role at 2025-11-12T08:12:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-64531 (Substance3D - Stager versions 3.1.5 and earlier are affected by a Use ...)
+ TODO: check
+CVE-2025-61835 (Substance3D - Stager versions 3.1.5 and earlier are affected by an Int ...)
+ TODO: check
+CVE-2025-61834 (Substance3D - Stager versions 3.1.5 and earlier are affected by a Use ...)
+ TODO: check
+CVE-2025-61833 (Substance3D - Stager versions 3.1.5 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-54983 (A health check port on Zscaler Client Connector on Windows, versions 4 ...)
+ TODO: check
+CVE-2025-43205 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2025-41116 (When using the Grafana Databricks Datasource Plugin, if Oauth passthro ...)
+ TODO: check
+CVE-2025-40827 (A vulnerability has been identified in Siemens Software Center (All ve ...)
+ TODO: check
+CVE-2025-40817 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
+ TODO: check
+CVE-2025-40816 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
+ TODO: check
+CVE-2025-40815 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
+ TODO: check
+CVE-2025-40763 (A vulnerability has been identified in Altair Grid Engine (All version ...)
+ TODO: check
+CVE-2025-40760 (A vulnerability has been identified in Altair Grid Engine (All version ...)
+ TODO: check
+CVE-2025-40744 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
+ TODO: check
+CVE-2025-40111 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2025-40110 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2025-3717 (When using the Grafana Snowflake Datasource Plugin, if Oauth passthrou ...)
+ TODO: check
+CVE-2025-13047 (Bacteriology Laboratory Reporting System developed by ViewLead Technol ...)
+ TODO: check
+CVE-2025-13046 (Bacteriology Laboratory Reporting System developed by ViewLead Technol ...)
+ TODO: check
+CVE-2025-12901 (The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-12872 (The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scrip ...)
+ TODO: check
+CVE-2025-12871 (The a+HRD developed by aEnrich has an Authentication Abuse vulnerabili ...)
+ TODO: check
+CVE-2025-12870 (The a+HRD developed by aEnrich has an Authentication Abuse vulnerabili ...)
+ TODO: check
+CVE-2025-12869 (The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulne ...)
+ TODO: check
+CVE-2025-12833 (The GeoDirectory \u2013 WP Business Directory Plugin and Classified Li ...)
+ TODO: check
+CVE-2025-12633 (The Booking Calendar | Appointment Booking | Bookit plugin for WordPre ...)
+ TODO: check
+CVE-2025-12113 (The Alt Text Generator AI \u2013 Auto Generate & Bulk Update Alt Texts ...)
+ TODO: check
+CVE-2025-12087 (The Wishlist and Save for later for Woocommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2025-12018 (The MembershipWorks \u2013 Membership, Events & Directory plugin for W ...)
+ TODO: check
+CVE-2025-11560 (The Team Members Showcase WordPress plugin before 3.5.0 does not sanit ...)
+ TODO: check
+CVE-2024-32014 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ TODO: check
+CVE-2024-32011 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ TODO: check
+CVE-2024-32010 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ TODO: check
+CVE-2024-32009 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ TODO: check
+CVE-2024-32008 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ TODO: check
CVE-2025-9408 (System call entry on Cortex M (and possibly R and A, but I think not) ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-9227 (Zohocorp ManageEngine OpManager versions 128609 and below are vulnerab ...)
@@ -7468,7 +7538,7 @@ CVE-2025-62171 (ImageMagick is an open source software suite for displaying, con
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 (7.1.2-7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/456771fae8baa9558a1421ec8d522e6937d9b2d7 (6.9.13-32)
CVE-2025-62168 (Squid is a caching proxy for the Web. In Squid versions prior to 7.2, ...)
- {DSA-6047-1}
+ {DSA-6047-1 DLA-4369-1}
- squid 7.2-1 (bug #1118341)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
NOTE: https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f (SQUID_7_2)
@@ -15519,6 +15589,7 @@ CVE-2025-59842 (jupyterlab is an extensible environment for interactive and repr
NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm
NOTE: https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This oc ...)
+ {DLA-4369-1}
- squid 7.2-1 (bug #1117048)
[trixie] - squid 6.13-2+deb13u1
[bookworm] - squid <no-dsa> (Minor issue)
@@ -51729,6 +51800,7 @@ CVE-2025-0036 (In AMD Versal Adaptive SoC devices, the incorrect configuration o
CVE-2024-55595
REJECTED
CVE-2025-5918 (A vulnerability has been identified in the libarchive library. This fl ...)
+ {DLA-4368-1}
- libarchive <unfixed> (bug #1107624)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
@@ -51737,11 +51809,13 @@ CVE-2025-5918 (A vulnerability has been identified in the libarchive library. Th
NOTE: Regression: https://github.com/libarchive/libarchive/issues/2641
NOTE: Regression fixed by: https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01
CVE-2025-5917 (A vulnerability has been identified in the libarchive library. This fl ...)
+ {DLA-4368-1}
- libarchive 3.7.4-4 (bug #1107626)
[bookworm] - libarchive 3.6.2-1+deb12u3
NOTE: https://github.com/libarchive/libarchive/pull/2588
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/7c02cde37a63580cd1859183fbbd2cf04a89be85 (v3.8.0)
CVE-2025-5916 (A vulnerability has been identified in the libarchive library. This fl ...)
+ {DLA-4368-1}
- libarchive 3.7.4-4 (bug #1107623)
[bookworm] - libarchive 3.6.2-1+deb12u3
NOTE: https://github.com/libarchive/libarchive/pull/2568
@@ -51753,6 +51827,7 @@ CVE-2025-5915 (A vulnerability has been identified in the libarchive library. Th
NOTE: https://github.com/libarchive/libarchive/pull/2599
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/a612bf62f86a6faa47bd57c52b94849f0a404d8c (v3.8.0)
CVE-2025-5914 (A vulnerability has been identified in the libarchive library, specifi ...)
+ {DLA-4368-1}
- libarchive 3.7.4-4 (bug #1107621)
[bookworm] - libarchive 3.6.2-1+deb12u3
NOTE: https://github.com/libarchive/libarchive/pull/2598
@@ -241105,7 +241180,7 @@ CVE-2023-31251
CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file paths in ...)
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2023-005
-CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2023-31238 (A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) ...)
NOT-FOR-US: Siemens
CVE-2023-31237 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...)
NOT-FOR-US: WordPress plugin
@@ -242158,7 +242233,7 @@ CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (
NOT-FOR-US: HPE
CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex One and A ...)
NOT-FOR-US: Trend Micro
-CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2023-30901 (A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) ...)
NOT-FOR-US: Siemens
CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout Browser (All v ...)
NOT-FOR-US: Siemens
@@ -312709,7 +312784,7 @@ CVE-2022-34466 (A vulnerability has been identified in Mendix Applications using
NOT-FOR-US: Siemens
CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
+CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge (Classic) (All v ...)
NOT-FOR-US: Siemens
CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion plug ...)
NOT-FOR-US: WordPress plugin
@@ -324615,13 +324690,13 @@ CVE-2022-30233 (A CWE-20: Improper Input Validation vulnerability exists that co
NOT-FOR-US: Schneider Electric
CVE-2022-30232 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-30231 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
+CVE-2022-30231 (A vulnerability has been identified in SICAM GridEdge (Classic) (All v ...)
NOT-FOR-US: Siemens
-CVE-2022-30230 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
+CVE-2022-30230 (A vulnerability has been identified in SICAM GridEdge (Classic) (All v ...)
NOT-FOR-US: Siemens
-CVE-2022-30229 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
+CVE-2022-30229 (A vulnerability has been identified in SICAM GridEdge (Classic) (All v ...)
NOT-FOR-US: Siemens
-CVE-2022-30228 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
+CVE-2022-30228 (A vulnerability has been identified in SICAM GridEdge (Classic) (All v ...)
NOT-FOR-US: Siemens
CVE-2022-1584 (Reflected XSS in GitHub repository microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ec6309d6ece781a9c2b398d6bd92700d4d6871
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ec6309d6ece781a9c2b398d6bd92700d4d6871
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251112/d3e45168/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list