[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 9 09:13:08 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdf132d9 by security tracker role at 2025-10-09T08:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2025-9970 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ TODO: check
+CVE-2025-9868 (Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Son ...)
+ TODO: check
+CVE-2025-7634 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator S ...)
+ TODO: check
+CVE-2025-7526 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator S ...)
+ TODO: check
+CVE-2025-6038 (The Lisfinity Core - Lisfinity Core plugin used for pebas\xae Lisfinit ...)
+ TODO: check
+CVE-2025-61913 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2025-61906 (Opencast is a free, open-source platform to support the management of ...)
+ TODO: check
+CVE-2025-61788 (Opencast is a free, open-source platform to support the management of ...)
+ TODO: check
+CVE-2025-61672 (Synapse is an open source Matrix homeserver implementation. Lack of va ...)
+ TODO: check
+CVE-2025-61524 (An issue in the permission verification module and organization/applic ...)
+ TODO: check
+CVE-2025-61183 (Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to ex ...)
+ TODO: check
+CVE-2025-60834 (A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows ...)
+ TODO: check
+CVE-2025-60833 (An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay comp ...)
+ TODO: check
+CVE-2025-60830 (redragon-erp v1.0 was discovered to contain a Shiro deserialization vu ...)
+ TODO: check
+CVE-2025-60828 (WukongCRM-9.0-JAVA was discovered to contain a fastjson deserializatio ...)
+ TODO: check
+CVE-2025-60318 (SourceCodester Pet Grooming Management Software 1.0 is vulnerable to C ...)
+ TODO: check
+CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored C ...)
+ TODO: check
+CVE-2025-60313 (Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site S ...)
+ TODO: check
+CVE-2025-60311 (ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2025-60299 (Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-60298 (Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-5009 (In Gemini iOS, when a user shared a snippet of a conversation, it woul ...)
+ TODO: check
+CVE-2025-59303 (HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-s ...)
+ TODO: check
+CVE-2025-57457 (An OS Command Injection vulnerability in the Admin panel in Curo UC300 ...)
+ TODO: check
+CVE-2025-53967 (Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remo ...)
+ TODO: check
+CVE-2025-47355 (Memory corruption while invoking remote procedure IOCTL calls.)
+ TODO: check
+CVE-2025-47354 (Memory corruption while allocating buffers in DSP service.)
+ TODO: check
+CVE-2025-47351 (Memory corruption while processing user buffers.)
+ TODO: check
+CVE-2025-47349 (Memory corruption while processing an escape call.)
+ TODO: check
+CVE-2025-47347 (Memory corruption while processing control commands in the virtual mem ...)
+ TODO: check
+CVE-2025-47342 (Transient DOS may occur when multi-profile concurrency arises with QHS ...)
+ TODO: check
+CVE-2025-47341 (memory corruption while processing an image encoding completion event.)
+ TODO: check
+CVE-2025-47340 (Memory corruption while processing IOCTL call to get the mapping.)
+ TODO: check
+CVE-2025-47338 (Memory corruption while processing escape commands from userspace.)
+ TODO: check
+CVE-2025-43830 (Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Po ...)
+ TODO: check
+CVE-2025-43829 (Stored cross-site scripting (XSS) vulnerability in diagram type produc ...)
+ TODO: check
+CVE-2025-43821 (Cross-site scripting (XSS) vulnerability in the Commerce Product Compa ...)
+ TODO: check
+CVE-2025-43771 (Multiple cross-site scripting (XSS) vulnerabilities in the Notificatio ...)
+ TODO: check
+CVE-2025-43724 (Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authori ...)
+ TODO: check
+CVE-2025-42706 (A logic error exists in the Falcon sensor for Windows that could allow ...)
+ TODO: check
+CVE-2025-42701 (A race condition exists in the Falcon sensor for Windows that could al ...)
+ TODO: check
+CVE-2025-36636 (In Tenable Security Center versions prior to 6.7.0, an improper access ...)
+ TODO: check
+CVE-2025-27060 (Memory corruption while performing SCM call with malformed inputs.)
+ TODO: check
+CVE-2025-27059 (Memory corruption while performing SCM call.)
+ TODO: check
+CVE-2025-27054 (Memory corruption while processing a malformed license file during reb ...)
+ TODO: check
+CVE-2025-27053 (Memory corruption during PlayReady APP usecase while processing TA com ...)
+ TODO: check
+CVE-2025-27049 (Transient DOS while processing IOCTL call for image encoding.)
+ TODO: check
+CVE-2025-27048 (Memory corruption while processing camera platform driver IOCTL calls.)
+ TODO: check
+CVE-2025-27045 (Information disclosure while processing batch command execution in Vid ...)
+ TODO: check
+CVE-2025-27041 (Transient DOS while processing video packets received from video firmw ...)
+ TODO: check
+CVE-2025-27040 (Information disclosure may occur while processing the hypervisor log.)
+ TODO: check
+CVE-2025-27039 (Memory corruption may occur while processing IOCTL call for DMM/WARPNC ...)
+ TODO: check
+CVE-2025-11539 (Grafana Image Renderer is vulnerable to remote code execution due to a ...)
+ TODO: check
+CVE-2025-11535 (MongoDB Connector for BI installation viaMSIon Windows leaves ACLs uns ...)
+ TODO: check
+CVE-2025-11530 (A weakness has been identified in code-projects Online Complaint Site ...)
+ TODO: check
+CVE-2025-11529 (A security flaw has been discovered in ChurchCRM up to 5.18.0. This im ...)
+ TODO: check
+CVE-2025-11528 (A vulnerability was identified in Tenda AC7 15.03.06.44. This affects ...)
+ TODO: check
+CVE-2025-11527 (A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted ...)
+ TODO: check
+CVE-2025-11526 (A vulnerability was found in Tenda AC7 15.03.06.44. The affected eleme ...)
+ TODO: check
+CVE-2025-11525 (A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is a ...)
+ TODO: check
+CVE-2025-11524 (A flaw has been found in Tenda AC7 15.03.06.44. This issue affects som ...)
+ TODO: check
+CVE-2025-11523 (A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerabil ...)
+ TODO: check
+CVE-2025-11522 (The Search & Go - Directory WordPress Theme theme for WordPress is vul ...)
+ TODO: check
+CVE-2025-11516 (A weakness has been identified in code-projects Online Complaint Site ...)
+ TODO: check
+CVE-2025-11515 (A security flaw has been discovered in code-projects Online Complaint ...)
+ TODO: check
+CVE-2025-11514 (A vulnerability was identified in code-projects Online Complaint Site ...)
+ TODO: check
+CVE-2025-11513 (A vulnerability was determined in code-projects E-Commerce Website 1.0 ...)
+ TODO: check
+CVE-2025-11512 (A vulnerability was found in code-projects Voting System 1.0. Affected ...)
+ TODO: check
+CVE-2025-11511 (A flaw has been found in code-projects E-Commerce Website 1.0. Affecte ...)
+ TODO: check
+CVE-2025-11509 (A vulnerability was detected in code-projects E-Commerce Website 1.0. ...)
+ TODO: check
+CVE-2025-11508 (A security vulnerability has been detected in code-projects Voting Sys ...)
+ TODO: check
+CVE-2025-11507 (A weakness has been identified in PHPGurukul Beauty Parlour Management ...)
+ TODO: check
+CVE-2025-11506 (A security flaw has been discovered in PHPGurukul Beauty Parlour Manag ...)
+ TODO: check
+CVE-2025-11505 (A vulnerability was identified in PHPGurukul Beauty Parlour Management ...)
+ TODO: check
+CVE-2025-11503 (A vulnerability was determined in PHPGurukul Beauty Parlour Management ...)
+ TODO: check
+CVE-2025-11495 (A vulnerability was determined in GNU Binutils 2.45. The affected elem ...)
+ TODO: check
+CVE-2025-11494 (A vulnerability was found in GNU Binutils 2.45. Impacted is the functi ...)
+ TODO: check
+CVE-2025-11491 (A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0. ...)
+ TODO: check
+CVE-2025-11490 (A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up ...)
+ TODO: check
+CVE-2025-11489 (A security vulnerability has been detected in wonderwhy-er DesktopComm ...)
+ TODO: check
+CVE-2025-11488 (A weakness has been identified in D-Link DIR-852 up to 20251002. This ...)
+ TODO: check
+CVE-2025-11487 (A security flaw has been discovered in SourceCodester Farm Management ...)
+ TODO: check
+CVE-2025-11486 (A vulnerability was identified in SourceCodester Farm Management Syste ...)
+ TODO: check
+CVE-2025-11485 (A vulnerability was determined in SourceCodester Student Grades Manage ...)
+ TODO: check
+CVE-2025-11481 (A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Manag ...)
+ TODO: check
+CVE-2025-11480 (A vulnerability was detected in SourceCodester Simple E-Commerce Books ...)
+ TODO: check
+CVE-2025-11479 (A security vulnerability has been detected in SourceCodester Wedding R ...)
+ TODO: check
+CVE-2025-11478 (A weakness has been identified in SourceCodester Farm Management Syste ...)
+ TODO: check
+CVE-2025-11477 (A security flaw has been discovered in SourceCodester Wedding Reservat ...)
+ TODO: check
+CVE-2025-11476 (A vulnerability was identified in SourceCodester Simple E-Commerce Boo ...)
+ TODO: check
+CVE-2025-11475 (A vulnerability was determined in projectworlds Advanced Library Manag ...)
+ TODO: check
+CVE-2025-11474 (A vulnerability was found in SourceCodester Hotel and Lodge Management ...)
+ TODO: check
+CVE-2025-11473 (A vulnerability has been found in SourceCodester Hotel and Lodge Manag ...)
+ TODO: check
+CVE-2025-11472 (A flaw has been found in SourceCodester Hotel and Lodge Management Sys ...)
+ TODO: check
+CVE-2025-11471 (A vulnerability was detected in SourceCodester Hotel and Lodge Managem ...)
+ TODO: check
+CVE-2025-11470 (A security vulnerability has been detected in SourceCodester Hotel and ...)
+ TODO: check
+CVE-2025-11469 (A weakness has been identified in SourceCodester Hotel and Lodge Manag ...)
+ TODO: check
+CVE-2025-11445 (A vulnerability was detected in Kilo Code up to 4.86.0. Affected is th ...)
+ TODO: check
+CVE-2025-11444 (A security vulnerability has been detected in TOTOLINK N600R up to 4.3 ...)
+ TODO: check
+CVE-2025-11166 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-10649 (The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2025-10586 (The Community Events plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2025-10496 (The Cookie Notice & Consent plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-10353 (File upload leading to remote code execution (RCE) in the \u201cmelis- ...)
+ TODO: check
+CVE-2025-10352 (Vulnerability in the melis-core module of Melis Technology's Melis Pla ...)
+ TODO: check
+CVE-2025-10351 (SQL injection vulnerability based on the melis-cms module of the Melis ...)
+ TODO: check
+CVE-2017-20202 (Web Developer for Chrome v0.4.9 contained malicious code that generate ...)
+ TODO: check
+CVE-2017-20201 (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) cont ...)
+ TODO: check
CVE-2025-2934
- gitlab <unfixed>
CVE-2025-9825
@@ -147,11 +363,11 @@ CVE-2025-3719 (An access control vulnerability was discovered in the CLI functio
NOT-FOR-US: Guardian/CMC
CVE-2025-3718 (A client-side path traversal vulnerability was discovered in the web m ...)
NOT-FOR-US: Guardian/CMC
-CVE-2025-3450 (Improper Resource Locking vulnerability in B&R Industrial Automation A ...)
+CVE-2025-3450 (An Improper Resource Locking vulnerability in the SDM component of B&R ...)
NOT-FOR-US: ABB group
-CVE-2025-3449 (Generation of Predictable Numbers or Identifiers vulnerability in B&R ...)
+CVE-2025-3449 (A Generation of Predictable Numbers or Identifiers vulnerability in th ...)
NOT-FOR-US: ABB group
-CVE-2025-3448 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+CVE-2025-3448 (Reflected cross-site scripting (XSS) vulnerabilities exist in System D ...)
NOT-FOR-US: ABB group
CVE-2025-37728 (Insufficiently Protected Credentials in the Crowdstrike connector can ...)
NOT-FOR-US: Crowdstrike connector
@@ -303,9 +519,11 @@ CVE-2025-0603 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2023-6215 (A potential security vulnerability has been identified in HP Sure Star ...)
NOT-FOR-US: HP
CVE-2025-11460
+ {DSA-6021-1}
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11458
+ {DSA-6021-1}
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-61772 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
@@ -2071,6 +2289,7 @@ CVE-2025-52427 (A NULL pointer dereference vulnerability has been reported to af
CVE-2025-52424 (A NULL pointer dereference vulnerability has been reported to affect s ...)
NOT-FOR-US: QNAP
CVE-2025-49844 (Redis is an open source, in-memory database that persists on disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed>
- valkey <unfixed>
@@ -2102,6 +2321,7 @@ CVE-2025-47211 (A path traversal vulnerability has been reported to affect sever
CVE-2025-47210 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
NOT-FOR-US: QNAP
CVE-2025-46819 (Redis is an open source, in-memory database that persists on disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed>
- valkey <unfixed>
@@ -2109,6 +2329,7 @@ CVE-2025-46819 (Redis is an open source, in-memory database that persists on dis
NOTE: https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba (8.2.2)
NOTE: https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-46818 (Redis is an open source, in-memory database that persists on disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
[bullseye] - redis <ignored> (patch too invasive to backport to this version)
- redict <unfixed>
@@ -2117,6 +2338,7 @@ CVE-2025-46818 (Redis is an open source, in-memory database that persists on dis
NOTE: https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e (8.2.2)
NOTE: https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-46817 (Redis is an open source, in-memory database that persists on disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed>
- valkey <unfixed>
@@ -3102,7 +3324,8 @@ CVE-2022-50452 (In the Linux kernel, the following vulnerability has been resolv
CVE-2022-50451 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.1.4-1
NOTE: https://git.kernel.org/linus/51e76a232f8c037f1d9e9922edc25b003d5f3414 (6.2-rc1)
-CVE-2022-50450 (In the Linux kernel, the following vulnerability has been resolved: l ...)
+CVE-2022-50450
+ REJECTED
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/51deedc9b8680953437dfe359e5268120de10e30 (6.2-rc1)
@@ -3151,6 +3374,7 @@ CVE-2025-11212
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11211
+ {DSA-6021-1}
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11210
@@ -13257,7 +13481,8 @@ CVE-2025-26434 (In libxml2, there is a possible out of bounds read due to a buff
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/commit/5e7874015ef5ed8b2705eb2f7b0960f56f7760ea (v2.14.0)
CVE-2025-10044 (A flaw was found in Keycloak. Keycloak\u2019s account console and othe ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-10043 (A path traversal validation flaw exists in Keycloak\u2019s vault key h ...)
+CVE-2025-10043
+ REJECTED
- keycloak <itp> (bug #1088287)
CVE-2025-10026 (A vulnerability was found in itsourcecode POS Point of Sale System 1.0 ...)
NOT-FOR-US: itsourcecode System
@@ -34245,7 +34470,7 @@ CVE-2025-6766 (A vulnerability was found in sfturing hosp_order up to 627f426331
NOT-FOR-US: sfturing hosp_order
CVE-2025-6765 (A vulnerability, which was classified as critical, has been found in I ...)
NOT-FOR-US: Intelbras InControl
-CVE-2025-6763 (A vulnerability classified as critical was found in Comet System T0510 ...)
+CVE-2025-6763 (A vulnerability was found in Comet System T0510, T3510, T3511, T4511, ...)
NOT-FOR-US: Comet System
CVE-2025-6762 (A vulnerability classified as critical has been found in diyhi bbs up ...)
NOT-FOR-US: diyhi bbs
@@ -48186,11 +48411,11 @@ CVE-2025-4658 (Versions of OpenPubkey library prior to 0.10.0 contained a vulne
NOTE: https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
CVE-2025-4649 (Improper Privilege Management vulnerability in Centreon web allows Pri ...)
NOT-FOR-US: Centreon
-CVE-2025-4648 (Download of Code Without Integrity Check vulnerability in Centreon web ...)
+CVE-2025-4648 (The content of a SVG file, received as input in Centreon web, was no ...)
NOT-FOR-US: Centreon
CVE-2025-4647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Centreon
-CVE-2025-4646 (Improper Privilege Management vulnerability in Centreon web (API Token ...)
+CVE-2025-4646 (Incorrect Authorization vulnerability in Centreon web (API Token creat ...)
NOT-FOR-US: Centreon
CVE-2025-4428 (Remote Code Execution in API component in Ivanti Endpoint Manager Mobi ...)
NOT-FOR-US: Ivanti
@@ -98800,7 +99025,7 @@ CVE-2024-55546 (Missing input validation in the ORing IAP-420 web-interface allo
NOT-FOR-US: ORing IAP-420
CVE-2024-55545 (Missing input validation in the ORing IAP-420 web-interface allows Cro ...)
NOT-FOR-US: ORing IAP-420
-CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface allows sto ...)
+CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface allows aut ...)
NOT-FOR-US: ORing IAP-420
CVE-2024-55500 (Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and befor ...)
NOT-FOR-US: Avenwu Whistle
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf132d93403a69f350d073c587b58072737c769
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf132d93403a69f350d073c587b58072737c769
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251009/c5621a45/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list