[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 6 21:13:07 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
461c7981 by security tracker role at 2025-10-06T20:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2025-6985 (The HTMLSectionSplitter class in langchain-text-splitters version 0.3. ...)
+ TODO: check
+CVE-2025-61985 (ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, ...)
+ TODO: check
+CVE-2025-61984 (ssh in OpenSSH before 10.1 allows control characters in usernames that ...)
+ TODO: check
+CVE-2025-61778 (Akka.NET is a .NET port of the Akka project from the Scala / Java comm ...)
+ TODO: check
+CVE-2025-61777 (Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2 ...)
+ TODO: check
+CVE-2025-61769 (Emlog is an open source website building system. A cross-site scriptin ...)
+ TODO: check
+CVE-2025-61766 (Bucket is a MediaWiki extension to store and retrieve structured data ...)
+ TODO: check
+CVE-2025-61765 (python-socketio is a Python implementation of the Socket.IO realtime c ...)
+ TODO: check
+CVE-2025-61687 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2025-61224 (Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian' ...)
+ TODO: check
+CVE-2025-61198 (A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Op ...)
+ TODO: check
+CVE-2025-61197 (An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod ...)
+ TODO: check
+CVE-2025-60969 (Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Ne ...)
+ TODO: check
+CVE-2025-60967 (Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma ...)
+ TODO: check
+CVE-2025-60965 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60964 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60963 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60962 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60961 (Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma ...)
+ TODO: check
+CVE-2025-60960 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60959 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60958 (Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma ...)
+ TODO: check
+CVE-2025-60957 (OS Command Injection vulnerability in EndRun Technologies Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60956 (Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies ...)
+ TODO: check
+CVE-2025-59734 (It is possible to cause an use-after-free write in SANM decoding with ...)
+ TODO: check
+CVE-2025-59733 (When decoding an OpenEXR file that uses DWAA or DWAB compression, ther ...)
+ TODO: check
+CVE-2025-59732 (When decoding an OpenEXR file that uses DWAA or DWAB compression, ther ...)
+ TODO: check
+CVE-2025-59731 (When decoding an OpenEXR file that uses DWAA or DWAB compression, the ...)
+ TODO: check
+CVE-2025-59730 (When decoding a frame for a SANM file (ANIM v0 variant), the decoded d ...)
+ TODO: check
+CVE-2025-59729 (When parsing the header for a DHAV file, there's an integer underflow ...)
+ TODO: check
+CVE-2025-59728 (When calculating the content path in handling of MPEG-DASH manifests, ...)
+ TODO: check
+CVE-2025-59452 (The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is ...)
+ TODO: check
+CVE-2025-59451 (The YoSmart YoLink application through 2025-10-02 has session tokens w ...)
+ TODO: check
+CVE-2025-59450 (The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data ex ...)
+ TODO: check
+CVE-2025-59449 (The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce suf ...)
+ TODO: check
+CVE-2025-59448 (Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage ...)
+ TODO: check
+CVE-2025-59447 (The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interfac ...)
+ TODO: check
+CVE-2025-59159 (SillyTavern is a locally installed user interface that allows users to ...)
+ TODO: check
+CVE-2025-59152 (Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
+ TODO: check
+CVE-2025-57515 (A SQL injection vulnerability has been identified in Uniclare Student ...)
+ TODO: check
+CVE-2025-57247 (The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8d ...)
+ TODO: check
+CVE-2025-56382 (A stored Cross-site scripting (XSS) vulnerability exists in the Custom ...)
+ TODO: check
+CVE-2025-52472 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2025-49594 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...)
+ TODO: check
+CVE-2025-36356 (IBM Security Verify Access and IBM Security Verify Access Docker 10.0. ...)
+ TODO: check
+CVE-2025-36355 (IBM Security Verify Access and IBM Security Verify Access Docker 10.0. ...)
+ TODO: check
+CVE-2025-36354 (IBM Security Verify Access and IBM Security Verify Access Docker 10.0. ...)
+ TODO: check
+CVE-2025-28129 (Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.)
+ TODO: check
+CVE-2025-11346 (A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This aff ...)
+ TODO: check
+CVE-2025-11345 (A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this ...)
+ TODO: check
+CVE-2025-11344 (A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected b ...)
+ TODO: check
+CVE-2025-11343 (A security vulnerability has been detected in code-projects Student Cr ...)
+ TODO: check
+CVE-2025-11342 (A weakness has been identified in code-projects Online Course Registra ...)
+ TODO: check
+CVE-2025-11341 (A security flaw has been discovered in Jinher OA up to 2.0. This affec ...)
+ TODO: check
+CVE-2025-11339 (A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. T ...)
+ TODO: check
+CVE-2025-11338 (A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulne ...)
+ TODO: check
+CVE-2025-11337 (A vulnerability was detected in Four-Faith Water Conservancy Informati ...)
+ TODO: check
+CVE-2025-11336 (A security vulnerability has been detected in Four-Faith Water Conserv ...)
+ TODO: check
+CVE-2025-11335 (A weakness has been identified in D-Link DI-7100G C1 up to 20250928. A ...)
+ TODO: check
+CVE-2025-11334 (A security flaw has been discovered in Campcodes Online Apartment Visi ...)
+ TODO: check
+CVE-2025-11333 (A vulnerability was identified in langleyfcu Online Banking System up ...)
+ TODO: check
+CVE-2025-11332 (A vulnerability was determined in CmsEasy up to 7.7.7. This affects an ...)
+ TODO: check
+CVE-2025-11331 (A vulnerability was found in IdeaCMS up to 1.8. The impacted element i ...)
+ TODO: check
+CVE-2025-11330 (A vulnerability has been found in PHPGurukul Beauty Parlour Management ...)
+ TODO: check
+CVE-2025-11329 (A flaw has been found in code-projects Online Course Registration 1.0. ...)
+ TODO: check
+CVE-2025-11328 (A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This iss ...)
+ TODO: check
+CVE-2025-11327 (A security vulnerability has been detected in Tenda AC18 15.03.05.19(6 ...)
+ TODO: check
+CVE-2025-10363 (Deserialization of Untrusted Data vulnerability in Topal Solutions AG ...)
+ TODO: check
+CVE-2025-0609 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-0608 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in L ...)
+ TODO: check
+CVE-2025-0607 (Improper Encoding or Escaping of Output vulnerability in Logo Software ...)
+ TODO: check
+CVE-2025-0606 (Authorization Bypass Through User-Controlled Key vulnerability in Logo ...)
+ TODO: check
+CVE-2025-0038 (In AMD Zynq UltraScale+ devices, the lack of address validation when e ...)
+ TODO: check
+CVE-2023-49886 (IBM Standards Processing Engine 10.0.1.10 could allow a remote attacke ...)
+ TODO: check
CVE-2025-9914 (The credentials of the users stored in the system's local database can ...)
NOT-FOR-US: SICK AG
CVE-2025-9913 (JavaScript can be ran inside the address bar via the dashboard "Open i ...)
@@ -4845,6 +4993,7 @@ CVE-2025-39868 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-39867
REJECTED
CVE-2025-30189 [auth: Use AUTH_CACHE_KEY_USER instead of per-database constants]
+ {DSA-6019-1}
- dovecot 1:2.4.1+dfsg1-7 (bug #1115474)
[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
[bullseye] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -30365,6 +30514,7 @@ CVE-2025-48385 (Git is a fast, scalable, distributed revision control system wit
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Fixed by: https://github.com/git/git/commit/35cb1bb0b92c132249d932c05bbd860d410e12d4 (v2.43.7)
CVE-2025-48384 (Git is a fast, scalable, distributed revision control system with an u ...)
+ {DLA-4323-1}
- git 1:2.50.1-0.1 (bug #1108983)
[trixie] - git 1:2.47.3-0+deb13u1
[bookworm] - git <no-dsa> (Will be fixed in point release)
@@ -30372,6 +30522,7 @@ CVE-2025-48384 (Git is a fast, scalable, distributed revision control system wit
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Fixed by: https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 (2.43.7)
CVE-2025-46835 (Git GUI allows you to use the Git source control management tools via ...)
+ {DLA-4323-1}
- git 1:2.50.1-0.1 (bug #1108983)
[trixie] - git 1:2.47.3-0+deb13u1
[bookworm] - git <no-dsa> (Will be fixed in point release)
@@ -30391,6 +30542,7 @@ CVE-2025-27614 (Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0
NOTE: Introduced after: https://github.com/git/git/commit/bb5cb23daf751790950ff9f761f8884e21c88d00 (v2.41.0)
NOTE: Fixed by: https://github.com/git/git/commit/8e3070aa5e331be45d4d03e3be41f84494fce129 (v2.43.7)
CVE-2025-27613 (Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when ...)
+ {DLA-4323-1}
- git 1:2.50.1-0.1 (bug #1108983)
[trixie] - git 1:2.47.3-0+deb13u1
[bookworm] - git <no-dsa> (Will be fixed in point release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/461c7981d98e8e8f0dba67566d424a0221a84034
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/461c7981d98e8e8f0dba67566d424a0221a84034
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251006/32000fd7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list