[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 3 09:12:57 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af03690d by security tracker role at 2025-10-03T08:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-61847
+	REJECTED
+CVE-2025-61671
+	REJECTED
+CVE-2025-61668 (Volto is a ReactJS-based frontend for the Plone Content Management Sys ...)
+	TODO: check
+CVE-2025-61666 (Traccar is an open source GPS tracking system. Default installs of Tra ...)
+	TODO: check
+CVE-2025-61665 (WeGIA is an open source web manager with a focus on charitable institu ...)
+	TODO: check
+CVE-2025-61606 (WeGIA is an open source web manager with a focus on charitable institu ...)
+	TODO: check
+CVE-2025-61605 (WeGIA is an open source web manager with a focus on charitable institu ...)
+	TODO: check
+CVE-2025-61604 (WeGIA is an open source web manager with a focus on charitable institu ...)
+	TODO: check
+CVE-2025-61600 (Stalwart is a mail and collaboration server. Versions 0.13.3 and below ...)
+	TODO: check
+CVE-2025-61599 (Emlog is an open source website building system. A stored Cross-Site S ...)
+	TODO: check
+CVE-2025-61597 (Emlog is an open source website building system. In versions 2.5.21 an ...)
+	TODO: check
+CVE-2025-61589 (Cursor is a code editor built for programming with AI. In versions 1.6 ...)
+	TODO: check
+CVE-2025-59536 (Claude Code is an agentic coding tool. Versions before 1.0.111 were vu ...)
+	TODO: check
+CVE-2025-59300 (Delta Electronics DIAScreenlacks proper validation of the user-supplie ...)
+	TODO: check
+CVE-2025-59299 (Delta Electronics DIAScreenlacks proper validation of the user-supplie ...)
+	TODO: check
+CVE-2025-59298 (Delta Electronics DIAScreenlacks proper validation of the user-supplie ...)
+	TODO: check
+CVE-2025-59297 (Delta Electronics DIAScreenlacks proper validation of the user-supplie ...)
+	TODO: check
+CVE-2025-54089 (CVE-2025-54089 is a cross-site scripting vulnerability in versions of  ...)
+	TODO: check
+CVE-2025-54088 (CVE-2025-54088 is an open-redirect vulnerability in Secure Access prio ...)
+	TODO: check
+CVE-2025-54087 (CVE-2025-54087 is a server-side request forgery vulnerability in Secur ...)
+	TODO: check
+CVE-2025-11241 (The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-10895
+	REJECTED
+CVE-2025-10653 (An unauthenticated debug port may allow access to the device file syst ...)
+	TODO: check
 CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
 	- mediawiki <unfixed>
 	NOTE: http://phabricator.wikimedia.org/T397577
@@ -45470,7 +45516,7 @@ CVE-2025-47436 (Heap-based Buffer Overflow vulnerability in Apache ORC.  A vulne
 	NOT-FOR-US: Apache ORC
 CVE-2025-47292 (Cap Collectif is an online decision making platform that integrates se ...)
 	NOT-FOR-US: Cap Collectif
-CVE-2025-46786 (Improper neutralization of special elements in some Zoom Workplace App ...)
+CVE-2025-46786 (Cross-site scripting in some Zoom Workplace Apps may allow an authenti ...)
 	NOT-FOR-US: Zoom
 CVE-2025-46785 (Buffer over-read in some Zoom Workplace Apps for Windows may allow an  ...)
 	NOT-FOR-US: Zoom
@@ -45516,7 +45562,7 @@ CVE-2025-30666 (NULL pointer dereference in some Zoom Workplace Apps for Windows
 	NOT-FOR-US: Zoom
 CVE-2025-30665 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
 	NOT-FOR-US: Zoom
-CVE-2025-30664 (Improper neutralization of special elements in some Zoom Workplace App ...)
+CVE-2025-30664 (Cross-site scripting in some Zoom Workplace Apps may allow an authenti ...)
 	NOT-FOR-US: Zoom
 CVE-2025-30663 (Time-of-check time-of-use race condition in some Zoom Workplace Apps m ...)
 	NOT-FOR-US: Zoom
@@ -127691,7 +127737,7 @@ CVE-2024-5914 (A command injection issue in Palo Alto Networks Cortex XSOAR Comm
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-4389 (The Slider and Carousel slider by Depicter plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-42441 (Improper privilege management in the installer for Zoom Workplace Desk ...)
+CVE-2024-42441 (Incorrect privilege assignment in the installer for Zoom Workplace Des ...)
 	NOT-FOR-US: Zoom
 CVE-2024-42440 (Improper privilege management in the installer for Zoom Workplace Desk ...)
 	NOT-FOR-US: Zoom
@@ -127705,7 +127751,7 @@ CVE-2024-42436 (Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients
 	NOT-FOR-US: Zoom
 CVE-2024-42435 (Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Ro ...)
 	NOT-FOR-US: Zoom
-CVE-2024-42434 (Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Ro ...)
+CVE-2024-42434 (Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients ...)
 	NOT-FOR-US: Zoom
 CVE-2024-42360 (SequenceServer lets you rapidly set up a BLAST+ server with an intuiti ...)
 	NOT-FOR-US: SequenceServer
@@ -127765,9 +127811,9 @@ CVE-2024-40619 (CVE-2024-40619 IMPACT  A denial-of-service vulnerability exists
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-39825 (Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allo ...)
 	NOT-FOR-US: Zoom
-CVE-2024-39824 (Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Ro ...)
+CVE-2024-39824 (Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients ...)
 	NOT-FOR-US: Zoom
-CVE-2024-39823 (Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Ro ...)
+CVE-2024-39823 (Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients ...)
 	NOT-FOR-US: Zoom
 CVE-2024-39822 (Sensitive information exposure in some Zoom Workplace Apps, SDKs, Room ...)
 	NOT-FOR-US: Zoom
@@ -135150,13 +135196,13 @@ CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries and
 	NOT-FOR-US: web-auth/webauthn-lib PHP libraries and Symfony bundle
 CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace Desktop  ...)
 	NOT-FOR-US: Zoom
-CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for  ...)
+CVE-2024-39826 (Race condition in Team Chat for some Zoom Workplace Apps and SDKs for  ...)
 	NOT-FOR-US: Zoom
 CVE-2024-39821 (Race condition in the installer for Zoom Workplace App for Windows and ...)
 	NOT-FOR-US: Zoom
 CVE-2024-39820 (Uncontrolled search path element in the installer for Zoom Workplace D ...)
 	NOT-FOR-US: Zoom
-CVE-2024-39819 (Improper privilege management in the installer for some Zoom Workplace ...)
+CVE-2024-39819 (Integrity checkin the installer for some Zoom Workplace Apps and SDKs  ...)
 	NOT-FOR-US: Zoom
 CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that the pus ...)
 	NOT-FOR-US: Mattermost Mobile Apps



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af03690d4e1cd279f1fb586a7ee1f975e2f0104f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af03690d4e1cd279f1fb586a7ee1f975e2f0104f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251003/df240613/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list