[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 17 20:13:09 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd6dfe23 by security tracker role at 2025-11-17T20:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS certificate validation when ...)
+ TODO: check
+CVE-2025-64758 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
+ TODO: check
+CVE-2025-64756 (Glob matches files using patterns the shell uses. From versions 10.3.7 ...)
+ TODO: check
+CVE-2025-64342 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2025-64046 (OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) i ...)
+ TODO: check
+CVE-2025-63918 (PDFPatcher executable does not validate user-supplied file paths, allo ...)
+ TODO: check
+CVE-2025-63917 (PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functional ...)
+ TODO: check
+CVE-2025-63916 (MyScreenTools v2.2.1.0 contains a critical OS command injection vulner ...)
+ TODO: check
+CVE-2025-63748 (QaTraq 6.9.2 allows authenticated users to upload arbitrary files via ...)
+ TODO: check
+CVE-2025-63747 (QaTraq 6.9.2 ships with administrative account credentials which are e ...)
+ TODO: check
+CVE-2025-63708 (Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI F ...)
+ TODO: check
+CVE-2025-63292 (Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7. ...)
+ TODO: check
+CVE-2025-62519 (phpMyFAQ is an open source FAQ web application. Prior to version 4.0.1 ...)
+ TODO: check
+CVE-2025-58410 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2025-58407 (Kernel or driver software installed on a Guest VM may post improper co ...)
+ TODO: check
+CVE-2025-55059 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
+ TODO: check
+CVE-2025-55058 (CWE-20 Improper Input Validation)
+ TODO: check
+CVE-2025-55057 (Multiple CWE-352 Cross-Site Request Forgery (CSRF))
+ TODO: check
+CVE-2025-55056 (Multiple CWE-79 Improper Neutralization of Input During Web Page Gener ...)
+ TODO: check
+CVE-2025-55055 (CWE-78 Improper Neutralization of Special Elements used in an OS Comma ...)
+ TODO: check
+CVE-2025-4321 (In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Deni ...)
+ TODO: check
+CVE-2025-40936 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2025-40834 (A vulnerability has been identified in Mendix RichText (All versions > ...)
+ TODO: check
+CVE-2025-34323 (Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local ...)
+ TODO: check
+CVE-2025-34322 (Nagios Log Server versions prior to 2026R1.0.1 contain an authenticate ...)
+ TODO: check
+CVE-2025-13319 (An injection vulnerability has been discovered in the API feature in D ...)
+ TODO: check
+CVE-2025-13310
+ REJECTED
+CVE-2025-13299 (A flaw has been found in itsourcecode Web-Based Internet Laboratory Ma ...)
+ TODO: check
+CVE-2025-13298 (A vulnerability was detected in itsourcecode Web-Based Internet Labora ...)
+ TODO: check
+CVE-2025-13297 (A security vulnerability has been detected in itsourcecode Web-Based I ...)
+ TODO: check
+CVE-2025-13291 (A vulnerability was found in Campcodes Supplier Management System 1.0. ...)
+ TODO: check
+CVE-2025-13290 (A vulnerability has been found in code-projects Simple Food Ordering S ...)
+ TODO: check
+CVE-2025-13289 (A vulnerability was detected in 1000projects Design & Development of S ...)
+ TODO: check
+CVE-2025-13288 (A security vulnerability has been detected in Tenda CH22 1.0.0.1. This ...)
+ TODO: check
+CVE-2025-13287 (A weakness has been identified in itsourcecode Online Voting System 1. ...)
+ TODO: check
+CVE-2025-13286 (A security flaw has been discovered in itsourcecode Online Voting Syst ...)
+ TODO: check
+CVE-2025-13285 (A vulnerability was identified in itsourcecode Online Voting System 1. ...)
+ TODO: check
+CVE-2025-13280 (A vulnerability was determined in CodeAstro Simple Inventory System 1. ...)
+ TODO: check
+CVE-2025-13279 (A vulnerability was found in code-projects Nero Social Networking Site ...)
+ TODO: check
+CVE-2025-13278 (A vulnerability has been found in projectworlds Advanced Library Manag ...)
+ TODO: check
+CVE-2025-13277 (A flaw has been found in code-projects Nero Social Networking Site 1.0 ...)
+ TODO: check
+CVE-2025-13276 (A vulnerability was detected in g33kyrash Online-Banking-System up to ...)
+ TODO: check
+CVE-2025-13275 (A security vulnerability has been detected in Iqbolshoh php-business-w ...)
+ TODO: check
+CVE-2025-13274 (A weakness has been identified in Campcodes School Fees Payment Manage ...)
+ TODO: check
+CVE-2025-13273 (A security flaw has been discovered in Campcodes School Fees Payment M ...)
+ TODO: check
+CVE-2025-13272 (A vulnerability was identified in Campcodes School Fees Payment Manage ...)
+ TODO: check
+CVE-2025-13271 (A vulnerability was determined in Campcodes School Fees Payment Manage ...)
+ TODO: check
+CVE-2025-13216
+ REJECTED
+CVE-2025-11681 (Denial-of-service condition in M-Files Server versions before 25.11.15 ...)
+ TODO: check
+CVE-2024-46336 (kashipara School Management System 1.0 is vulnerable to Cross Site Scr ...)
+ TODO: check
+CVE-2024-46335 (PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site ...)
+ TODO: check
+CVE-2024-46334 (kashipara School Management System 1.0 is vulnerable to Cross Site Scr ...)
+ TODO: check
+CVE-2024-44664 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2024-44663 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2024-44662 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2024-44661 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scri ...)
+ TODO: check
+CVE-2024-44660 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2024-44659 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2024-44658 (PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-44657 (PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-44655 (PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site ...)
+ TODO: check
+CVE-2024-44654 (PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-44653 (Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2024-44652 (Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2024-44651 (Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2024-44648 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adm ...)
+ TODO: check
+CVE-2024-44647 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) v ...)
+ TODO: check
+CVE-2024-44644 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id ...)
+ TODO: check
+CVE-2024-44641 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpas ...)
+ TODO: check
CVE-2025-9501 (The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to com ...)
NOT-FOR-US: WordPress plugin
CVE-2025-60022 (Improper certificate validation vulnerability exists in '\u30c7\u30b8\ ...)
@@ -98,7 +236,7 @@ CVE-2025-13232 (A flaw has been found in projectsend up to r1720. Impacted is an
NOT-FOR-US: projectsend
CVE-2025-12482 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-13193 [libvirt-daemon: data leak for new offline snapshots]
+CVE-2025-13193 (A flaw was found in libvirt. External inactive snapshots for shut-down ...)
- libvirt <unfixed> (bug #1120119)
[trixie] - libvirt <no-dsa> (Minor issue)
[bookworm] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -3735,7 +3873,8 @@ CVE-2025-11690 (An Insecure Direct Object Reference (IDOR) vulnerability exists
NOT-FOR-US: CFMOTO RIDE
CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting vulnerability ...)
NOT-FOR-US: Salesforce
-CVE-2025-65073 [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization]
+CVE-2025-65073 (OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2t ...)
+ {DSA-6056-1 DLA-4367-1}
- keystone 2:28.0.0-2 (bug #1120053)
NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2
NOTE: https://bugs.launchpad.net/keystone/+bug/2119646
@@ -144379,7 +144518,7 @@ CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/456988
NOTE: https://hackerone.com/reports/2437784
-CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is vulnerable t ...)
+CVE-2024-3659 (Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, ...)
NOT-FOR-US: KAON AR2140 routers
CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- gitlab 17.3.5-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6dfe2314da711e7de7fcd1270219f2e72cf12c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6dfe2314da711e7de7fcd1270219f2e72cf12c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251117/0bb849ce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list