[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 21 08:13:12 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95005983 by security tracker role at 2025-11-21T08:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2025-64770 (The affected products allow unauthenticated access to Open Network Vid ...)
+ TODO: check
+CVE-2025-64762 (The AuthKit library for Next.js provides convenient helpers for authen ...)
+ TODO: check
+CVE-2025-64755 (Claude Code is an agentic coding tool. Prior to version 2.0.31, due to ...)
+ TODO: check
+CVE-2025-64751 (OpenFGA is a high-performance and flexible authorization/permission en ...)
+ TODO: check
+CVE-2025-64695 (Uncontrolled search path element issue exists in the installer of LogS ...)
+ TODO: check
+CVE-2025-64660 (Improper access control in GitHub Copilot and Visual Studio Code allow ...)
+ TODO: check
+CVE-2025-64655 (Improper authorization in Dynamics OmniChannel SDK Storage Containers ...)
+ TODO: check
+CVE-2025-64310 (EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Produc ...)
+ TODO: check
+CVE-2025-64299 (LogStare Collector improperly handles the password hash data. An admin ...)
+ TODO: check
+CVE-2025-63807 (An issue was discovered in weijiang1994 university-bbs (aka Blogin) in ...)
+ TODO: check
+CVE-2025-63685 (Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vuln ...)
+ TODO: check
+CVE-2025-62687 (Cross-site request forgery vulnerability exists in LogStare Collector. ...)
+ TODO: check
+CVE-2025-62674 (The affected product allows unauthenticated access to Real Time Stream ...)
+ TODO: check
+CVE-2025-62459 (Microsoft Defender Portal Spoofing Vulnerability)
+ TODO: check
+CVE-2025-62426 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-62372 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-62207 (Azure Monitor Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-62189 (LogStare Collector contains an incorrect authorization vulnerability i ...)
+ TODO: check
+CVE-2025-62164 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-61949 (LogStare Collector contains a stored cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2025-61138 (Qlik Sense Enterprise v14.212.13 was discovered to contain an informat ...)
+ TODO: check
+CVE-2025-59245 (Microsoft SharePoint Online Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-58097 (The installation directory of LogStare Collector is configured with in ...)
+ TODO: check
+CVE-2025-49752 (Azure Bastion Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-36160 (IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server inform ...)
+ TODO: check
+CVE-2025-36159 (IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log ...)
+ TODO: check
+CVE-2025-36158 (IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific ...)
+ TODO: check
+CVE-2025-36153 (IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. ...)
+ TODO: check
+CVE-2025-36072 (IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 throu ...)
+ TODO: check
+CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45 ...)
+ TODO: check
+CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...)
+ TODO: check
+CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...)
+ TODO: check
+CVE-2025-13484 (A vulnerability was identified in Campcodes Complete Online Beauty Par ...)
+ TODO: check
+CVE-2025-13322 (The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary f ...)
+ TODO: check
+CVE-2025-13159 (The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPres ...)
+ TODO: check
+CVE-2025-13142 (The Custom Post Type plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2025-13135 (The HotelRunner Booking Widget plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-13134 (The AuthorSure plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2025-13087 (A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC ...)
+ TODO: check
+CVE-2025-12894 (The Import WP \u2013 Export and Import CSV and XML files to WordPress ...)
+ TODO: check
+CVE-2025-12881 (The Return Refund and Exchange For WooCommerce plugin for WordPress is ...)
+ TODO: check
+CVE-2025-12746 (The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2025-12661 (The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-12660 (The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-12170 (The Checkbox plugin for WordPress is vulnerable to unauthorized loss o ...)
+ TODO: check
+CVE-2025-12169 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-12138 (The URL Image Importer plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2025-12135 (The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-12086 (The Return Refund and Exchange For WooCommerce plugin for WordPress is ...)
+ TODO: check
+CVE-2025-12085 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-12023 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-12022 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-11985 (The Realty Portal plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2025-11885 (The EchBay Admin Security plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2025-11815 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
+ TODO: check
+CVE-2025-11802 (The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-11801 (The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-11800 (The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-11799 (The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-11773 (The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by ...)
+ TODO: check
+CVE-2025-11771 (The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by ...)
+ TODO: check
+CVE-2025-11770 (The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-11768 (The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-11767 (The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-11765 (The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-11764 (The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-11763 (The Display Pages Shortcode plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-11456 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-11368 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-11003 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
+ TODO: check
+CVE-2025-10938 (The UiPress lite plugin for WordPress is vulnerable to Sensitive Infor ...)
+ TODO: check
CVE-2025-9820 [GNUTLS-SA-2025-11-18]
- gnutls28 <unfixed>
[trixie] - gnutls28 <no-dsa> (Minor issue)
@@ -2414,7 +2556,8 @@ CVE-2025-40145 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ab81f2f79c683c94bac622aafafbe8232e547159 (6.18-rc1)
-CVE-2025-40144 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+CVE-2025-40144
+ REJECTED
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
@@ -11265,7 +11408,7 @@ CVE-2025-59290 (Use after free in Windows Bluetooth Service allows an authorized
NOT-FOR-US: Microsoft
CVE-2025-59289 (Double free in Windows Bluetooth Service allows an authorized attacker ...)
NOT-FOR-US: Microsoft
-CVE-2025-59288 (Improper verification of cryptographic signature in GitHub allows an u ...)
+CVE-2025-59288 (Improper verification of cryptographic signature in Github: Playwright ...)
NOT-FOR-US: Github
CVE-2025-59287 (Deserialization of untrusted data in Windows Server Update Service all ...)
NOT-FOR-US: Microsoft
@@ -13507,7 +13650,7 @@ CVE-2017-20201 (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds
NOT-FOR-US: CCleaner
CVE-2025-2934 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-9825
+CVE-2025-9825 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2025-10004 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/950059837448f740360855b453509f6cc53e30ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/950059837448f740360855b453509f6cc53e30ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/e10210a4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list