[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 2 21:13:07 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d78223e by security tracker role at 2025-10-02T20:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2025-61735 (Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Thi ...)
+ TODO: check
+CVE-2025-61734 (Files or Directories Accessible to External Parties vulnerability in A ...)
+ TODO: check
+CVE-2025-61733 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-61603 (WeGIA is a Web manager for charitable institutions. Versions 3.4.12 an ...)
+ TODO: check
+CVE-2025-61595 (MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence ...)
+ TODO: check
+CVE-2025-61096 (PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL In ...)
+ TODO: check
+CVE-2025-61087 (SourceCodester Pet Grooming Management Software 1.0 is vulnerable to C ...)
+ TODO: check
+CVE-2025-60782 (PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2025-60663 (Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-60662 (Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-60661 (Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-60660 (Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-59835 (LangBot is a global IM bot platform designed for LLMs. In versions 4.1 ...)
+ TODO: check
+CVE-2025-59774 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59773 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59772 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59771 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59770 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59769 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59768 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59767 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59766 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59765 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59764 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59763 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59762 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59761 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59760 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59759 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59758 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59757 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59756 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59755 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59754 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59753 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59752 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59751 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59750 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59749 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59748 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59747 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59746 (Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS ...)
+ TODO: check
+CVE-2025-59745 (Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03 ...)
+ TODO: check
+CVE-2025-59744 (Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerabi ...)
+ TODO: check
+CVE-2025-59743 (SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerabil ...)
+ TODO: check
+CVE-2025-59742 (SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerabil ...)
+ TODO: check
+CVE-2025-59741 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59740 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59739 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59738 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59737 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59736 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59735 (Operating system command injection vulnerability in AndSoft's e-TMS v2 ...)
+ TODO: check
+CVE-2025-59409 (Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ...)
+ TODO: check
+CVE-2025-59407 (The Flock Safety DetectionProcessing com.flocksafety.android.objects a ...)
+ TODO: check
+CVE-2025-59406 (The Flock Safety Pisco com.flocksafety.android.pisco application 6.21. ...)
+ TODO: check
+CVE-2025-59405 (The Flock Safety Peripheral com.flocksafety.android.peripheral applica ...)
+ TODO: check
+CVE-2025-59403 (The Flock Safety Android Collins application (aka com.flocksafety.andr ...)
+ TODO: check
+CVE-2025-57443 (FrostWire 6.14.0-build-326 for macOS contains permissive entitlements ...)
+ TODO: check
+CVE-2025-57305 (VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fil ...)
+ TODO: check
+CVE-2025-56381 (ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vuln ...)
+ TODO: check
+CVE-2025-56380 (Frappe Framework v15.72.4 was discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2025-56379 (A stored cross-site scripting (XSS) vulnerability in the blog post fea ...)
+ TODO: check
+CVE-2025-56162 (YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsI ...)
+ TODO: check
+CVE-2025-56161 (YOSHOP 2.0 allows unauthenticated information disclosure via comment-l ...)
+ TODO: check
+CVE-2025-56154 (htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /autho ...)
+ TODO: check
+CVE-2025-56019 (An insecure permission vulnerability exists in the Agasta Easytouch+ v ...)
+ TODO: check
+CVE-2025-54468 (A vulnerability has been identified within Rancher Manager whereby `Im ...)
+ TODO: check
+CVE-2025-54315 (The Matrix specification before 1.16 (i.e., with a room version before ...)
+ TODO: check
+CVE-2025-54293 (Path Traversal in the log file retrieval function in Canonical LXD 5.0 ...)
+ TODO: check
+CVE-2025-54292 (Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 ...)
+ TODO: check
+CVE-2025-54291 (Information disclosure in images API in Canonical LXD before 6.5 and 5 ...)
+ TODO: check
+CVE-2025-54290 (Information disclosure in image export API in Canonical LXD before 6.5 ...)
+ TODO: check
+CVE-2025-54289 (Privilege Escalation in operations API in Canonical LXD 6.5 on multipl ...)
+ TODO: check
+CVE-2025-54288 (Information Spoofing in devLXD Server in Canonical LXD versions 4.0 an ...)
+ TODO: check
+CVE-2025-54287 (Template Injection in instance snapshot creation component in Canonica ...)
+ TODO: check
+CVE-2025-54286 (Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions ...)
+ TODO: check
+CVE-2025-54086 (CVE-2025-54086 is an excess permissions vulnerability in the Warehouse ...)
+ TODO: check
+CVE-2025-53881 (A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate co ...)
+ TODO: check
+CVE-2025-49090 (The Matrix specification before 1.16 (i.e., with a room version before ...)
+ TODO: check
+CVE-2025-41064 (Incorrect authentication vulnerability in OpenSIAC, which could allow ...)
+ TODO: check
+CVE-2025-41010 (Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberu ...)
+ TODO: check
+CVE-2025-40992 (Stored XSS vulnerability in Creativeitem Sociopro due to lack of prope ...)
+ TODO: check
+CVE-2025-40991 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creat ...)
+ TODO: check
+CVE-2025-40990 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creat ...)
+ TODO: check
+CVE-2025-40989 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creat ...)
+ TODO: check
+CVE-2025-40646 (Exposure of sensitive information in Viday. This vulnerability could a ...)
+ TODO: check
+CVE-2025-40645 (Exposure of sensitive information in Viday. This vulnerability could a ...)
+ TODO: check
+CVE-2025-34210 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34208 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-32942 (SSH Tectia Server before 6.6.6 sometimes allows attackers to read and ...)
+ TODO: check
+CVE-2025-22862 (AnAuthentication Bypass Using an Alternate Path or Channel vulnerabili ...)
+ TODO: check
+CVE-2025-11240 (An open redirect vulnerability existed in KNIME Business Hub prior to ...)
+ TODO: check
+CVE-2025-11239 (Potentially sensitive information in jobs on KNIME Business Hub prior ...)
+ TODO: check
+CVE-2025-0642 (Use of Hard-coded Credentials, Authorization Bypass Through User-Contr ...)
+ TODO: check
+CVE-2024-58267 (A vulnerability has been identified within Rancher Manager whereby the ...)
+ TODO: check
+CVE-2024-58260 (A vulnerability has been identified within Rancher Manager where a mis ...)
+ TODO: check
CVE-2025-61642 [Escape submit button label for Codex-based HTMLForms]
- mediawiki <unfixed>
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
@@ -564,39 +758,51 @@ CVE-2021-4460 (In the Linux kernel, the following vulnerability has been resolve
CVE-2020-36852 (The Custom Searchable Data Entry System plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11219
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11216
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11215
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11213
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11212
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11211
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11210
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11209
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11208
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11207
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11206
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11205
+ {DSA-6016-1}
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2023-53487 (In the Linux kernel, the following vulnerability has been resolved: p ...)
@@ -235004,8 +235210,8 @@ CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions 42
NOT-FOR-US: SAP
CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthenticated at ...)
NOT-FOR-US: SAP
-CVE-2023-28760
- RESERVED
+CVE-2023-28760 (TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticat ...)
+ TODO: check
CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0 on Windows. A ...)
NOT-FOR-US: Veritas
CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d78223e49d2c8ad677b8f7274cded85ebc3ba10
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d78223e49d2c8ad677b8f7274cded85ebc3ba10
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251002/350b1353/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list