[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 26 20:13:24 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c3fb1d4 by security tracker role at 2025-11-26T20:13:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2025-9191 (The Houzez theme for WordPress is vulnerable to PHP Object Injection i ...)
+ TODO: check
+CVE-2025-9163 (The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2025-7449 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-6195 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2025-66028 (OneUptime is a solution for monitoring and managing online services. P ...)
+ TODO: check
+CVE-2025-65966 (OneUptime is a solution for monitoring and managing online services. I ...)
+ TODO: check
+CVE-2025-65681 (An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tu ...)
+ TODO: check
+CVE-2025-65676 (Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1 ...)
+ TODO: check
+CVE-2025-65675 (Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1 ...)
+ TODO: check
+CVE-2025-65672 (Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows u ...)
+ TODO: check
+CVE-2025-65670 (An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allow ...)
+ TODO: check
+CVE-2025-65669 (An issue was discovered in classroomio 0.1.13. Student accounts are ab ...)
+ TODO: check
+CVE-2025-65278 (An issue was discovered in file users.json in GroceryMart commit 21934 ...)
+ TODO: check
+CVE-2025-65276 (An unauthenticated administrative access vulnerability exists in the o ...)
+ TODO: check
+CVE-2025-65239 (Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCod ...)
+ TODO: check
+CVE-2025-65238 (Incorrect access control in the getSubUsersByProvider function of Open ...)
+ TODO: check
+CVE-2025-65237 (A reflected cross-site scripted (XSS) vulnerability in OpenCode System ...)
+ TODO: check
+CVE-2025-65236 (OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain ...)
+ TODO: check
+CVE-2025-65235 (OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discov ...)
+ TODO: check
+CVE-2025-64130 (Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vul ...)
+ TODO: check
+CVE-2025-64129 (Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability ...)
+ TODO: check
+CVE-2025-64128 (An OS command injection vulnerability exists due to incomplete valida ...)
+ TODO: check
+CVE-2025-64127 (An OS command injection vulnerability exists due to insufficient sani ...)
+ TODO: check
+CVE-2025-64126 (An OS command injection vulnerability exists due to improper input va ...)
+ TODO: check
+CVE-2025-63938 (Tinyproxy through 1.11.2 contains an integer overflow vulnerability in ...)
+ TODO: check
+CVE-2025-62728 (SQL injection vulnerability in Hive Metastore Server (HMS) when proces ...)
+ TODO: check
+CVE-2025-62354 (Improper neutralization of special elements used in an OS command ('co ...)
+ TODO: check
+CVE-2025-59390 (Apache Druid\u2019s Kerberos authenticator uses a weak fallback secret ...)
+ TODO: check
+CVE-2025-56396 (An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain esca ...)
+ TODO: check
+CVE-2025-55471 (Incorrect access control in the getUserFormData function of youlai-boo ...)
+ TODO: check
+CVE-2025-55469 (Incorrect access control in youlai-boot v2.21.1 allows attackers to es ...)
+ TODO: check
+CVE-2025-50433 (An issue was discovered in imonnit.com (2025-04-24) allowing malicious ...)
+ TODO: check
+CVE-2025-50402 (FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the ...)
+ TODO: check
+CVE-2025-50399 (FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the ...)
+ TODO: check
+CVE-2025-46175 (Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a mis ...)
+ TODO: check
+CVE-2025-46174 (Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missin ...)
+ TODO: check
+CVE-2025-45311 (Insecure permissions in fail2ban-client v0.11.2 allows attackers with ...)
+ TODO: check
+CVE-2025-3747
+ REJECTED
+CVE-2025-2486 (The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI S ...)
+ TODO: check
+CVE-2025-26155 (NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client ...)
+ TODO: check
+CVE-2025-20373 (In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add- ...)
+ TODO: check
+CVE-2025-13674 (BPv7 dissector crash in Wireshark 4.6.0 allows denial of service)
+ TODO: check
+CVE-2025-13611 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-13601 (A heap-based buffer overflow problem was found in glib through an inco ...)
+ TODO: check
+CVE-2025-13084 (The users endpoint in the groov View API returns a list of all users a ...)
+ TODO: check
+CVE-2025-12653 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-12571 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-11461 (Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsa ...)
+ TODO: check
+CVE-2021-4472 (The mistral-dashboard plugin for openstack has a local file inclusion ...)
+ TODO: check
CVE-2025-9558 (There is a potential OOB Write vulnerability in the gen_prov_start fun ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-9557 (An out-of-bound write can lead to an arbitrary code execution. Even on ...)
@@ -10200,7 +10298,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechanism rev ...)
NOT-FOR-US: langgenius/dify-web
-CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to ...)
+CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to ...)
{DLA-4365-1}
- unbound 1.24.1-1
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
@@ -12069,6 +12167,7 @@ CVE-2025-10041 (The Flex QR Code Generator plugin for WordPress is vulnerable to
CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to limited Priv ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module, where unin ...)
+ {DLA-4384-1}
- samba 2:4.23.2+dfsg-1
[trixie] - samba 2:4.22.6+dfsg-0+deb13u1
[bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c3fb1d453c58b91ea16c1b168c9c7fb3c207c49
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c3fb1d453c58b91ea16c1b168c9c7fb3c207c49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251126/a90d0a57/attachment.htm>
More information about the debian-security-tracker-commits
mailing list