[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 21 20:13:19 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6fbb818 by security tracker role at 2025-11-21T20:13:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,176 @@
-CVE-2025-40211 [ACPI: video: Fix use-after-free in acpi_video_switch_brightness()]
+CVE-2025-66115 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-66114 (Missing Authorization vulnerability in theme funda Show Variations as ...)
+ TODO: check
+CVE-2025-66113 (Missing Authorization vulnerability in ThemeAtelier Better Chat Suppor ...)
+ TODO: check
+CVE-2025-66112 (Missing Authorization vulnerability in WebToffee Accessibility Toolkit ...)
+ TODO: check
+CVE-2025-66111 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66110 (Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-f ...)
+ TODO: check
+CVE-2025-66109 (Missing Authorization vulnerability in octolize Cart Weight for WooCom ...)
+ TODO: check
+CVE-2025-66108 (Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Too ...)
+ TODO: check
+CVE-2025-66107 (Missing Authorization vulnerability in Scott Paterson Subscriptions & ...)
+ TODO: check
+CVE-2025-66106 (Missing Authorization vulnerability in Essential Plugin Featured Post ...)
+ TODO: check
+CVE-2025-66101 (Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favo ...)
+ TODO: check
+CVE-2025-66099 (Missing Authorization vulnerability in ThemeAtelier Chat Help chat-hel ...)
+ TODO: check
+CVE-2025-66098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66097 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimi\u0107 ...)
+ TODO: check
+CVE-2025-66096 (Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Ta ...)
+ TODO: check
+CVE-2025-66095 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-66093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66089 (Missing Authorization vulnerability in WebToffee Product Feed for WooC ...)
+ TODO: check
+CVE-2025-66087 (Missing Authorization vulnerability in Property Hive PropertyHive prop ...)
+ TODO: check
+CVE-2025-66086 (Missing Authorization vulnerability in Cozy Vision SMS Alert Order Not ...)
+ TODO: check
+CVE-2025-66085 (Missing Authorization vulnerability in tychesoftwares Arconix Shortcod ...)
+ TODO: check
+CVE-2025-66084 (Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity ...)
+ TODO: check
+CVE-2025-66083 (Missing Authorization vulnerability in magepeopleteam WpEvently mage-e ...)
+ TODO: check
+CVE-2025-66082 (Missing Authorization vulnerability in magepeopleteam WpEvently mage-e ...)
+ TODO: check
+CVE-2025-66081 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66079 (Missing Authorization vulnerability in Jegstudio Gutenverse Form guten ...)
+ TODO: check
+CVE-2025-66077 (Missing Authorization vulnerability in wpWax Legal Pages legal-pages a ...)
+ TODO: check
+CVE-2025-66075 (Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice ...)
+ TODO: check
+CVE-2025-66073 (Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webho ...)
+ TODO: check
+CVE-2025-66072 (Missing Authorization vulnerability in Stiofan UsersWP userswp allows ...)
+ TODO: check
+CVE-2025-66071 (Missing Authorization vulnerability in tychesoftwares Custom Order Num ...)
+ TODO: check
+CVE-2025-66069 (Missing Authorization vulnerability in Themeisle PPOM for WooCommerce ...)
+ TODO: check
+CVE-2025-66067 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66066 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66065 (Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse ...)
+ TODO: check
+CVE-2025-66064 (Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveawa ...)
+ TODO: check
+CVE-2025-66063 (Missing Authorization vulnerability in jgwhite33 WP Google Review Slid ...)
+ TODO: check
+CVE-2025-66062 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
+ TODO: check
+CVE-2025-66061 (Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriou ...)
+ TODO: check
+CVE-2025-66060 (Missing Authorization vulnerability in Craig Hewitt Seriously Simple P ...)
+ TODO: check
+CVE-2025-66059 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-66057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66056 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-66055 (Deserialization of Untrusted Data vulnerability in Icegram Email Subsc ...)
+ TODO: check
+CVE-2025-66053 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64767 (hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top o ...)
+ TODO: check
+CVE-2025-64483 (Wazuh is a security detection, visibility, and compliance open source ...)
+ TODO: check
+CVE-2025-64169 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62609 (MLX is an array framework for machine learning on Apple silicon. Prior ...)
+ TODO: check
+CVE-2025-62608 (MLX is an array framework for machine learning on Apple silicon. Prior ...)
+ TODO: check
+CVE-2025-54866 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-48502 (Improper input validation within AMD uprof can allow a local attacker ...)
+ TODO: check
+CVE-2025-41115 (SCIM provisioning wasintroducedin Grafana Enterprise and Grafana Cloud ...)
+ TODO: check
+CVE-2025-36149 (IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker ...)
+ TODO: check
+CVE-2025-30201 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-29934 (A bug within some AMD CPUs could allow a local admin-privileged attack ...)
+ TODO: check
+CVE-2025-13524 (Improper resource release in the call termination process in AWS Wickr ...)
+ TODO: check
+CVE-2025-13470 (In RNP version 0.18.0 a refactoring regression causes the symmetric s ...)
+ TODO: check
+CVE-2025-13432 (Terraform state versions can be created by a user with specific but in ...)
+ TODO: check
+CVE-2025-13357 (Vault\u2019s Terraform Provider incorrectly set the default deny_null_ ...)
+ TODO: check
+CVE-2025-13156 (The Vitepos \u2013 Point of Sale (POS) for WooCommerce plugin for Word ...)
+ TODO: check
+CVE-2025-13149 (The Schedule Post Changes With PublishPress Future: Unpublish, Delete, ...)
+ TODO: check
+CVE-2025-13141 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2025-13138 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2025-13132 (This vulnerability allowed a site to enter fullscreen, after a user cl ...)
+ TODO: check
+CVE-2025-12973 (The S2B AI Assistant \u2013 ChatBot, ChatGPT, OpenAI, Content & Image ...)
+ TODO: check
+CVE-2025-12964 (The Magical Products Display plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12935 (The FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Em ...)
+ TODO: check
+CVE-2025-12750 (The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugi ...)
+ TODO: check
+CVE-2025-12747 (The Tainacan plugin for WordPress is vulnerable to Information Exposur ...)
+ TODO: check
+CVE-2025-12160 (The Simple User Registration plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12066 (The WP Delete Post Copies plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-12039 (The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2025-11973 (The \u7b80\u6570\u91c7\u96c6\u5668 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-11826 (The WP Company Info plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-11808 (The Shortcode for Google Street View plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-11803 (The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-11127 (The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp M ...)
+ TODO: check
+CVE-2025-10054 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-10039 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-40211 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.8-1
NOTE: https://git.kernel.org/linus/8f067aa59430266386b83c18b983ca583faa6a11 (6.18-rc4)
-CVE-2025-40210 [Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"]
+CVE-2025-40210 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.17.8-1
NOTE: https://git.kernel.org/linus/3e7f011c255582d7c914133785bbba1990441713 (6.18-rc4)
-CVE-2025-40209 [btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation]
+CVE-2025-40209 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -794,7 +960,7 @@ CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user ed
NOT-FOR-US: Windu CMS
CVE-2025-58692 (An improper neutralization of special elements used in an SQL Command ...)
NOT-FOR-US: Fortinet
-CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
+CVE-2025-58413 (A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 ...)
NOT-FOR-US: Fortinet
CVE-2025-58122 (Insufficient permission validation in Checkmk 2.4.0 before version 2.4 ...)
- check-mk <removed>
@@ -838,7 +1004,7 @@ CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate li
NOT-FOR-US: Ascertia SigningHub
CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
NOT-FOR-US: Ascertia SigningHub
-CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
+CVE-2025-53843 (A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 ...)
NOT-FOR-US: Fortinet
CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventor ...)
NOT-FOR-US: GLPI plugin
@@ -5516,7 +5682,7 @@ CVE-2025-12595 (A weakness has been identified in Tenda AC23 16.03.07.52. This i
NOT-FOR-US: Tenda
CVE-2025-12594 (A security flaw has been discovered in code-projects Simple Online Hot ...)
NOT-FOR-US: code-projects
-CVE-2025-62626 [RDSEED Failure on AMD Zen 5 Processors]
+CVE-2025-62626 (Improper handling of insufficient entropy in the AMD CPUs could allow ...)
- amd64-microcode <unfixed> (bug #1120005)
[trixie] - amd64-microcode <ignored> (Only affects AMD Zen 5 processors, limited support; problematic microcode update)
[bookworm] - amd64-microcode <ignored> (Only affects AMD Zen 5 processors, limited support; problematic microcode update)
@@ -7805,7 +7971,8 @@ CVE-2025-62910 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2025-62909 (Missing Authorization vulnerability in mrityunjay Smart WeTransfer sma ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-62908 (Missing Authorization vulnerability in gerritvanaaken Podlove Web Play ...)
+CVE-2025-62908
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-62907 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -52857,7 +53024,7 @@ CVE-2025-2091 (An open redirection vulnerability in M-Files mobile applications
NOT-FOR-US: M-Files
CVE-2025-25265 (A web application for configuring the controller is accessible at a sp ...)
NOT-FOR-US: WAGO
-CVE-2025-25264 (A low-privileged remote attacker can take advantage of the current ove ...)
+CVE-2025-25264 (An unauthenticated remote attacker can trick an admin to visit a websi ...)
NOT-FOR-US: WAGO
CVE-2025-24388 (A vulnerability in the OTRS Admin Interface and Agent Interface (versi ...)
NOT-FOR-US: OTRS
@@ -68792,7 +68959,7 @@ CVE-2025-46398 (In xfig diagramming tool, a stack-overflow while running fig2dev
NOTE: https://sourceforge.net/p/mcj/tickets/191/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
NOTE: Crash in CLI tool, no security impact
-CVE-2025-46397 (In xfig diagramming tool, a stack-overflowwhile running fig2dev allows ...)
+CVE-2025-46397 (A flaw was found in xfig. This vulnerability allows possible code exec ...)
{DLA-4147-1}
- fig2dev 1:3.2.9a-4 (unimportant)
[bookworm] - fig2dev 1:3.2.8b-3+deb12u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fbb818a0d7d6396185adc39dc829b8a8beda2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fbb818a0d7d6396185adc39dc829b8a8beda2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/0479e43f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list