[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 27 20:12:59 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53a2cd4b by security tracker role at 2025-11-27T20:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2025-8890 (Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44has a netw ...)
+ TODO: check
+CVE-2025-59890 (Improper input sanitization in the file archives upload functionality ...)
+ TODO: check
+CVE-2025-59454 (In Apache CloudStack, a gap in access control checks affected the APIs ...)
+ TODO: check
+CVE-2025-59302 (In Apache CloudStack improper control of generation of code ('Code In ...)
+ TODO: check
+CVE-2025-59026 (Malicious content uploaded as file can be used to execute script code ...)
+ TODO: check
+CVE-2025-59025 (Malicious e-mail content can be used to execute script code. Unintende ...)
+ TODO: check
+CVE-2025-54057 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-3261 (ThingsBoard in versions prior to v4.2.1 allows an authenticated user t ...)
+ TODO: check
+CVE-2025-30190 (Malicious content at office documents can be used to inject script cod ...)
+ TODO: check
+CVE-2025-30186 (Malicious content uploaded as file can be used to execute script code ...)
+ TODO: check
+CVE-2025-13765 (Exposure of email service credentials to users without administrative ...)
+ TODO: check
+CVE-2025-13758 (Exposure of credentials in unintended requests in Devolutions Server.T ...)
+ TODO: check
+CVE-2025-13757 (SQL Injection vulnerability in last usage logs in Devolutions Server.T ...)
+ TODO: check
+CVE-2025-13742 (Emails sent by pretix can utilize placeholders that will be filled wit ...)
+ TODO: check
+CVE-2025-13692 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-13536 (The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2025-13381 (The AI ChatBot with ChatGPT and Content Generator by AYS plugin for Wo ...)
+ TODO: check
+CVE-2025-13378 (The AI ChatBot with ChatGPT and Content Generator by AYS plugin for Wo ...)
+ TODO: check
+CVE-2025-12971 (The Folders \u2013 Unlimited Folders to Organize Media Library Folder, ...)
+ TODO: check
+CVE-2025-12584 (The Quick View for WooCommerce plugin for WordPress is vulnerable to I ...)
+ TODO: check
+CVE-2025-12559 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 1 ...)
+ TODO: check
+CVE-2025-12421 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 1 ...)
+ TODO: check
+CVE-2025-12419 (Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= ...)
+ TODO: check
+CVE-2025-12140 (The application contains an insecure 'redirectToUrl' mechanism that in ...)
+ TODO: check
+CVE-2025-10476 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
CVE-2025-7820 (The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to P ...)
NOT-FOR-US: WordPress plugin
CVE-2025-66314 (Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 ...)
@@ -14226,7 +14276,7 @@ CVE-2025-11581 (A security vulnerability has been detected in PowerJob up to 5.1
NOT-FOR-US: PowerJob
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This affects t ...)
NOT-FOR-US: PowerJob
-CVE-2025-11579 (github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dic ...)
+CVE-2025-11579 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to vali ...)
- golang-github-nwaples-rardecode 2.2.1-1 (bug #1117936)
NOTE: https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 (v2.2.0)
CVE-2025-11190 (The Kiwire Captive Portal contains an open redirection issue via the l ...)
@@ -27178,6 +27228,7 @@ CVE-2025-8712 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or
CVE-2025-8711 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy ...)
NOT-FOR-US: Ivanti
CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX) processes ...)
+ {DLA-4385-1}
- libssh 0.11.3-1 (bug #1114859)
[trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
@@ -41567,6 +41618,7 @@ CVE-2025-54566 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state
CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand Management Sys ...)
NOT-FOR-US: PHPGurukul
CVE-2025-8114 (A flaw was found in libssh, a library that implements the SSH protocol ...)
+ {DLA-4385-1}
- libssh 0.11.3-1 (bug #1109860)
[trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
@@ -50637,6 +50689,7 @@ CVE-2025-5449 (A flaw was found in the SFTP server message decoding logic of lib
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2)
CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions older ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
@@ -50648,17 +50701,20 @@ CVE-2025-5351 (A flaw was found in the key export functionality of libssh. The i
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5351.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256 (libssh-0.11.2)
CVE-2025-5318 (A flaw was found in the libssh library in versions less than 0.11.2. A ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 (libssh-0.11.2)
CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized variable e ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 (libssh-0.11.2)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb (libssh-0.11.2)
CVE-2025-4877 (There's a vulnerability in the libssh package where when a libssh cons ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4877.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a2cd4bfdab7c2a29019c712754f7e3ada64940
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a2cd4bfdab7c2a29019c712754f7e3ada64940
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/47f62755/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list