[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 18 08:12:59 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76190292 by security tracker role at 2025-11-18T08:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,93 @@
-CVE-2025-13223
+CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
+ TODO: check
+CVE-2025-8693 (A post-authentication command injection vulnerability in the "priv" pa ...)
+ TODO: check
+CVE-2025-8404 (Stack buffer overflow vulnerability exists in the Supermicro BMC Share ...)
+ TODO: check
+CVE-2025-8076 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
+ TODO: check
+CVE-2025-7711 (The The Classified Listing \u2013 Classified ads & Business Directory ...)
+ TODO: check
+CVE-2025-7623 (Stack-based buffer overflow in the SMASH-CLP shell. An authenticated a ...)
+ TODO: check
+CVE-2025-6599 (An uncontrolled resource consumption vulnerability in the web server o ...)
+ TODO: check
+CVE-2025-64766 (NixOS's Onlyoffice is a software suite that offers online and offline ...)
+ TODO: check
+CVE-2025-64734 (Missing Release of Resource after Effective Lifetime (CWE-772) in the ...)
+ TODO: check
+CVE-2025-52578 (Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) ...)
+ TODO: check
+CVE-2025-52457 (Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an a ...)
+ TODO: check
+CVE-2025-48593 (In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible ...)
+ TODO: check
+CVE-2025-36553 (A buffer overflow vulnerability exists in the CvManager functionality ...)
+ TODO: check
+CVE-2025-36463 (Multiple out-of-bounds read and write vulnerabilities exist in the Con ...)
+ TODO: check
+CVE-2025-36462 (Multiple out-of-bounds read and write vulnerabilities exist in the Con ...)
+ TODO: check
+CVE-2025-36461 (Multiple out-of-bounds read and write vulnerabilities exist in the Con ...)
+ TODO: check
+CVE-2025-36460 (Multiple out-of-bounds read and write vulnerabilities exist in the Con ...)
+ TODO: check
+CVE-2025-36357 (IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote ...)
+ TODO: check
+CVE-2025-36299 (IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive inf ...)
+ TODO: check
+CVE-2025-36118 (IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation all ...)
+ TODO: check
+CVE-2025-32089 (A buffer overflow vulnerability exists in the CvManager_SBI functional ...)
+ TODO: check
+CVE-2025-31649 (A hard-coded password vulnerability exists in the ControlVault WBDI Dr ...)
+ TODO: check
+CVE-2025-31361 (A privilege escalation vulnerability exists in the ControlVault WBDI D ...)
+ TODO: check
+CVE-2025-13325 (A vulnerability was determined in itsourcecode Student Information Sys ...)
+ TODO: check
+CVE-2025-13323 (A security flaw has been discovered in code-projects Simple Pizza Orde ...)
+ TODO: check
+CVE-2025-13306 (A security vulnerability has been detected in D-Link DWR-M920, DWR-M92 ...)
+ TODO: check
+CVE-2025-13305 (A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, ...)
+ TODO: check
+CVE-2025-13304 (A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR- ...)
+ TODO: check
+CVE-2025-13303 (A vulnerability was determined in code-projects Courier Management Sys ...)
+ TODO: check
+CVE-2025-13302 (A vulnerability was identified in code-projects Courier Management Sys ...)
+ TODO: check
+CVE-2025-13301 (A vulnerability was found in itsourcecode Web-Based Internet Laborator ...)
+ TODO: check
+CVE-2025-13300 (A vulnerability has been found in itsourcecode Web-Based Internet Labo ...)
+ TODO: check
+CVE-2025-13230 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ TODO: check
+CVE-2025-13229 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ TODO: check
+CVE-2025-13228 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ TODO: check
+CVE-2025-13227 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ TODO: check
+CVE-2025-13226 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ TODO: check
+CVE-2025-12974 (The Gravity Forms plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2025-12792 (The Mac App Store distribution of the Canva for Mac desktop app before ...)
+ TODO: check
+CVE-2025-12524 (The Post Type Switcher plugin for WordPress is vulnerable to Insecure ...)
+ TODO: check
+CVE-2025-11267 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-11265 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-10089 (Malicious Code Execution Vulnerability in Setting and Operation Applic ...)
+ TODO: check
+CVE-2025-13223 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-13224
+CVE-2025-13224 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS certificate validation when ...)
@@ -8912,11 +8998,13 @@ CVE-2025-11679 (Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebs
NOTE: Introduced in: https://libwebsockets.org/git/libwebsockets/commit?id=48907fca0a25c39ce35692c527cb8aa82ee60d85 (v4.4.0)
NOTE: Fixed in: https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
CVE-2025-11678 (Stack-based Buffer Overflowin lws_adns_parse_label in warmcat libwebso ...)
+ {DLA-4373-1}
- libwebsockets 4.3.5-3 (bug #1118746)
[trixie] - libwebsockets 4.3.5-1+deb13u1
[bookworm] - libwebsockets <no-dsa> (Minor issue)
NOTE: https://libwebsockets.org/git/libwebsockets/commit?id=2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a
CVE-2025-11677 (Use After Free in WebSocket server implementation in lws_handshake_ser ...)
+ {DLA-4373-1}
- libwebsockets 4.3.5-3 (bug #1118747)
[trixie] - libwebsockets 4.3.5-1+deb13u1
[bookworm] - libwebsockets <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76190292507741d2f548425cd9a6839e99044730
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76190292507741d2f548425cd9a6839e99044730
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/c7a37951/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list