[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 14 20:12:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7126cb02 by security tracker role at 2025-11-14T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,111 @@
+CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive admin c ...)
+	TODO: check
+CVE-2025-8870 (On affected platforms running Arista EOS, certain serial console input ...)
+	TODO: check
+CVE-2025-8855 (Authorization Bypass Through User-Controlled Key, Weak Password Recove ...)
+	TODO: check
+CVE-2025-64446 (A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 thr ...)
+	TODO: check
+CVE-2025-63830 (CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File ...)
+	TODO: check
+CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A  ...)
+	TODO: check
+CVE-2025-63724 (SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POS ...)
+	TODO: check
+CVE-2025-63701 (A heap corruption vulnerability exists in the Advantech TP-3250 printe ...)
+	TODO: check
+CVE-2025-63680 (Nero BackItUp in the Nero Productline is vulnerable to a path parsing/ ...)
+	TODO: check
+CVE-2025-63291 (When processing API requests, the Alteryx server 2022.1.1.42654 and 20 ...)
+	TODO: check
+CVE-2025-54562 (A vulnerability was found in the Application Server of Desktop Alert P ...)
+	TODO: check
+CVE-2025-54561 (An Incorrect Access Control vulnerability was found in the Application ...)
+	TODO: check
+CVE-2025-54560 (A Server-side Request Forgery vulnerability was found in the Applicati ...)
+	TODO: check
+CVE-2025-54559 (An issue was found in the Application Server of Desktop Alert PingAler ...)
+	TODO: check
+CVE-2025-54348 (A Stored Cross Site Scripting (XSS) vulnerability was found in the App ...)
+	TODO: check
+CVE-2025-54346 (A Reflected Cross Site Scripting (XSS) vulnerability was found in the  ...)
+	TODO: check
+CVE-2025-54345 (An issue was found in the Application Server of Desktop Alert PingAler ...)
+	TODO: check
+CVE-2025-54343 (An Incorrect Access Control vulnerability was found in the Application ...)
+	TODO: check
+CVE-2025-54342 (A vulnerability was found in the Application Server of Desktop Alert P ...)
+	TODO: check
+CVE-2025-54340 (A vulnerability was found in the Application Server of Desktop Alert P ...)
+	TODO: check
+CVE-2025-54339 (An Incorrect Access Control vulnerability was found in the Application ...)
+	TODO: check
+CVE-2025-4618 (A sensitive information disclosure vulnerability in Palo Alto Networks ...)
+	TODO: check
+CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto Networks ...)
+	TODO: check
+CVE-2025-4616 (An insufficient validation of an untrusted input vulnerability in Palo ...)
+	TODO: check
+CVE-2025-13204 (npm package `expr-eval` is vulnerable to Prototype Pollution. An attac ...)
+	TODO: check
+CVE-2025-13180 (A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Con ...)
+	TODO: check
+CVE-2025-13179 (A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventor ...)
+	TODO: check
+CVE-2025-13178 (A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. Th ...)
+	TODO: check
+CVE-2025-13177 (A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250 ...)
+	TODO: check
+CVE-2025-13174 (A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7 ...)
+	TODO: check
+CVE-2025-13172 (A security flaw has been discovered in CodeAstro Gym Management System ...)
+	TODO: check
+CVE-2025-13171 (A vulnerability was identified in ZZCMS 2023. This impacts an unknown  ...)
+	TODO: check
+CVE-2025-13170 (A vulnerability was detected in code-projects Simple Online Hotel Rese ...)
+	TODO: check
+CVE-2025-13169 (A security vulnerability has been detected in code-projects Simple Onl ...)
+	TODO: check
+CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0. This affect ...)
+	TODO: check
+CVE-2025-13033 (A vulnerability was identified in the email parsing library due to imp ...)
+	TODO: check
+CVE-2025-12897
+	REJECTED
+CVE-2025-12187
+	REJECTED
+CVE-2025-12149 (In Search Guard FLX versions 3.1.2 and earlier, while Document-Level S ...)
+	TODO: check
+CVE-2025-11981 (The School Management System \u2013 WPSchoolPress plugin for WordPress ...)
+	TODO: check
+CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based buffer overfl ...)
+	TODO: check
+CVE-2025-11794 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <=  ...)
+	TODO: check
+CVE-2025-10018 (QuickCMS is vulnerable to multiple Stored XSS in language editor funct ...)
+	TODO: check
+CVE-2024-55016 (PHPGurukul Student Record Management System 3.20 is vulnerable to SQL  ...)
+	TODO: check
+CVE-2024-44640 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
+	TODO: check
+CVE-2024-44639 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
+	TODO: check
+CVE-2024-44636 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
+	TODO: check
+CVE-2024-44635 (PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scri ...)
+	TODO: check
+CVE-2024-44633 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
+	TODO: check
+CVE-2024-44632 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
+	TODO: check
+CVE-2024-44630 (Multiple parameters in register.php in PHPGurukul Student Record Syste ...)
+	TODO: check
+CVE-2024-42749 (Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local ...)
+	TODO: check
+CVE-2024-21635 (Memos is a privacy-first, lightweight note-taking service that uses Ac ...)
+	TODO: check
 CVE-2025-9479 (Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allo ...)
+	{DSA-5875-1}
 	- chromium 133.0.6943.141-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-64754 (Jitsi Meet is an open source video conferencing application. A vulnera ...)
@@ -74,11 +181,13 @@ CVE-2024-9126 (Use after free in Internals in Google Chrome on iOS prior to 127.
 CVE-2024-7021 (Inappropriate implementation in Autofill in Google Chrome on Windows p ...)
 	- chromium <not-affected> (Only affects Google Chrome on Windows)
 CVE-2024-7017 (Inappropriate implementation in DevTools in Google Chrome prior to 126 ...)
+	{DSA-5732-1}
 	- chromium 126.0.6478.182-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-13983 (Inappropriate implementation in Lens in Google Chrome on iOS prior to  ...)
 	- chromium <not-affected> (Only affects Google Chrome on iOS)
 CVE-2024-13178 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
+	{DSA-5757-1}
 	- chromium 128.0.6613.84-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-11920 (Inappropriate implementation in Dawn in Google Chrome on Mac prior to  ...)
@@ -628,7 +737,7 @@ CVE-2025-8485 (An improper permissions vulnerability was reported in Lenovo App
 	NOT-FOR-US: Lenovo
 CVE-2025-8421 (An improper default permission vulnerability was reported in Lenovo Do ...)
 	NOT-FOR-US: Lenovo
-CVE-2025-65002 (Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if  ...)
+CVE-2025-65002 (Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redf ...)
 	NOT-FOR-US: Fujitsu
 CVE-2025-65001 (Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially  ...)
 	NOT-FOR-US: Fujitsu
@@ -10360,7 +10469,7 @@ CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 14
 CVE-2025-11720 (The Firefox and Firefox Focus UI for the Android custom tab feature on ...)
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11720
-CVE-2025-11719 (Starting in Firefox 143, the use of the native messaging API by web ex ...)
+CVE-2025-11719 (Starting in Thunderbird 143, the use of the native messaging API by we ...)
 	- firefox <not-affected> (Only affects Firefox on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11719
 CVE-2025-11713 (Insufficient escaping in the \u201cCopy as cURL\u201d feature could ha ...)
@@ -34796,6 +34905,7 @@ CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/templat
 CVE-2025-50675 (GPMAW 14, a bioinformatics software, has a critical vulnerability rela ...)
 	NOT-FOR-US: GPMAW
 CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line ...)
+	{DLA-4371-1}
 	- gst-plugins-base1.0 1.26.2-1
 	[bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u5
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
@@ -34804,6 +34914,7 @@ CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's tmplayer_pars
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9 (1.27.1)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9b810e83d0f4135cf5a066da8b9430cf6e375d29 (1.26.2)
 CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_for ...)
+	{DLA-4371-1}
 	- gst-plugins-base1.0 1.26.2-1
 	[bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u5
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
@@ -34812,6 +34923,7 @@ CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's subrip_unesca
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2 (1.27.1)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0711a31221a27c076dde3b9716cbcabf85088fa5 (1.26.2)
 CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time f ...)
+	{DLA-4371-1}
 	- gst-plugins-base1.0 1.26.2-1
 	[bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u5
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7126cb021d1134c92a6789016ab3c0a4c5e26be5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7126cb021d1134c92a6789016ab3c0a4c5e26be5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251114/1565f32c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list