Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce7a6c46 by security tracker role at 2025-10-09T20:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,44 +1,206 @@
-CVE-2025-39963 [io_uring: fix incorrect io_kiocb reference in io_link_skb]
+CVE-2025-9371 (The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-62228 (Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via m ...)
+ TODO: check
+CVE-2025-61577 (D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overfl ...)
+ TODO: check
+CVE-2025-61532 (Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arb ...)
+ TODO: check
+CVE-2025-60316 (SourceCodester Pet Grooming Management Software 1.0 is vulnerable to S ...)
+ TODO: check
+CVE-2025-60304 (code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site ...)
+ TODO: check
+CVE-2025-60302 (code-projects Client Details System 1.0 is vulnerable to Cross Site Sc ...)
+ TODO: check
+CVE-2025-60267 (In xckk v9.6, there is a SQL injection vulnerability in which the cond ...)
+ TODO: check
+CVE-2025-60266 (In xckk v9.6, there is a SQL injection vulnerability in which the orde ...)
+ TODO: check
+CVE-2025-60265 (In xckk v9.6, there is a SQL injection vulnerability in which the orde ...)
+ TODO: check
+CVE-2025-60010 (A password aging vulnerability in the RADIUS client of Juniper Network ...)
+ TODO: check
+CVE-2025-60009 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-60006 (Multiple instances of an Improper Neutralization of Special Elements u ...)
+ TODO: check
+CVE-2025-60004 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2025-60002 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-60001 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-60000 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59999 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59998 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59997 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59996 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59995 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59994 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59993 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59992 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59991 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59990 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59989 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59988 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59987 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59986 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59985 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59984 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59983 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59982 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59981 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59980 (An Authentication Bypass by Primary Weakness in the FTP server of Jun ...)
+ TODO: check
+CVE-2025-59978 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59976 (An arbitrary file download vulnerability in the web interface of Junip ...)
+ TODO: check
+CVE-2025-59975 (An Uncontrolled Resource Consumption vulnerability in the HTTP daemon ...)
+ TODO: check
+CVE-2025-59974 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-59968 (A Missing Authorization vulnerability in the Juniper Networks Junos Sp ...)
+ TODO: check
+CVE-2025-59967 (A NULL Pointer Dereference vulnerability in the PFE management daemon ...)
+ TODO: check
+CVE-2025-59964 (A Use of Uninitialized Resource vulnerability in the Packet Forwarding ...)
+ TODO: check
+CVE-2025-59962 (An Access of Uninitialized Pointer vulnerability in the routing protoc ...)
+ TODO: check
+CVE-2025-59958 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2025-59957 (An Origin Validation Error vulnerability in an insufficient protected ...)
+ TODO: check
+CVE-2025-59146 (New API is a large language mode (LLM) gateway and artificial intellig ...)
+ TODO: check
+CVE-2025-56683 (A cross-site scripting (XSS) vulnerability in the component /app/marke ...)
+ TODO: check
+CVE-2025-56426 (An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute ar ...)
+ TODO: check
+CVE-2025-55200 (BigBlueButton is an open-source virtual classroom. In versions prior t ...)
+ TODO: check
+CVE-2025-52961 (An Uncontrolled Resource Consumption vulnerability in the Connectivity ...)
+ TODO: check
+CVE-2025-52960 (A Buffer Copy without Checking Size of Input vulnerability in the Se ...)
+ TODO: check
+CVE-2025-4615 (An improper input neutralization vulnerability in the management web i ...)
+ TODO: check
+CVE-2025-4614 (An information disclosure vulnerability in Palo Alto Networks PAN-OS\x ...)
+ TODO: check
+CVE-2025-45095 (Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions ...)
+ TODO: check
+CVE-2025-39664 (Insufficient escaping in the report scheduler within Checkmk <2.4.0p13 ...)
+ TODO: check
+CVE-2025-36225 (IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user info ...)
+ TODO: check
+CVE-2025-36171 (IBM Aspera Faspex 5.0.0 through 5.0.13.1could allow a privileged user ...)
+ TODO: check
+CVE-2025-32919 (Use of an insecure temporary directory in the Windows License plugin f ...)
+ TODO: check
+CVE-2025-32916 (Potential use of sensitive information in GET requests in Checkmk GmbH ...)
+ TODO: check
+CVE-2025-11573 (An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 ma ...)
+ TODO: check
+CVE-2025-11561 (A flaw was found in the integration of Active Directory and the System ...)
+ TODO: check
+CVE-2025-11554 (A security vulnerability has been detected in Portabilis i-Educar up t ...)
+ TODO: check
+CVE-2025-11553 (A weakness has been identified in code-projects Courier Management Sys ...)
+ TODO: check
+CVE-2025-11552 (A vulnerability was identified in code-projects Online Complaint Site ...)
+ TODO: check
+CVE-2025-11551 (A vulnerability was determined in code-projects Student Result Manager ...)
+ TODO: check
+CVE-2025-11550 (A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted ele ...)
+ TODO: check
+CVE-2025-11549 (A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affecte ...)
+ TODO: check
+CVE-2025-11371 (In the default installation and configuration of Gladinet CentreStack ...)
+ TODO: check
+CVE-2025-11198 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
+ TODO: check
+CVE-2025-10862 (The Popup builder with Gamification, Multi-Step Popups, Page-Level Tar ...)
+ TODO: check
+CVE-2025-10284 (BBOT's unarchive module could be abused by supplying malicious archive ...)
+ TODO: check
+CVE-2025-10283 (BBOT's gitdumper module could be abused to execute commands through a ...)
+ TODO: check
+CVE-2025-10282 (BBOT's gitlab module could be abused to disclose a GitLab API key to a ...)
+ TODO: check
+CVE-2025-10281 (BBOT's git_clone module could be abused to disclose a GitHub API key t ...)
+ TODO: check
+CVE-2025-10249 (The Slider Revolution plugin for WordPress is vulnerable to unauthoriz ...)
+ TODO: check
+CVE-2025-10240 (A vulnerability exists in the Progress Flowmon web application prior t ...)
+ TODO: check
+CVE-2025-10239 (In Flowmon versions prior to 12.5.5, a vulnerability has been identifi ...)
+ TODO: check
+CVE-2023-37401 (IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy fi ...)
+ TODO: check
+CVE-2017-20203 (NetSarang Xmanager Enterprise 5.0 Build 1232,Xmanager 5.0 Build 1045,X ...)
+ TODO: check
+CVE-2025-39963 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2c139a47eff8de24e3350dadb4c9d5e3426db826 (6.17-rc7)
-CVE-2025-39962 [rxrpc: Fix untrusted unsigned subtract]
+CVE-2025-39962 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.16.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2429a197648178cd4dc930a9d87c13c547460564 (6.17-rc7)
-CVE-2025-39961 [iommu/amd/pgtbl: Fix possible race while increase page table level]
+CVE-2025-39961 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.9-1
NOTE: https://git.kernel.org/linus/1e56310b40fd2e7e0b9493da9ff488af145bdd0c (6.17-rc7)
-CVE-2025-39960 [gpiolib: acpi: initialize acpi_gpio_info struct]
+CVE-2025-39960 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.16.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/19c839a98c731169f06d32e7c9e00c78a0086ebe (6.17-rc7)
-CVE-2025-39959 [ASoC: amd: acp: Fix incorrect retrival of acp_chip_info]
+CVE-2025-39959 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d7871f400cad1da376f1d7724209a1c49226c456 (6.17-rc7)
-CVE-2025-39958 [iommu/s390: Make attach succeed when the device was surprise removed]
+CVE-2025-39958 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.9-1
NOTE: https://git.kernel.org/linus/9ffaf5229055fcfbb3b3d6f1c7e58d63715c3f73 (6.17-rc7)
-CVE-2025-39957 [wifi: mac80211: increase scan_ies_len for S1G]
+CVE-2025-39957 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.16.9-1
NOTE: https://git.kernel.org/linus/7e2f3213e85eba00acb4cfe6d71647892d63c3a1 (6.17-rc5)
-CVE-2025-39956 [igc: don't fail igc_probe() on LED setup error]
+CVE-2025-39956 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/528eb4e19ec0df30d0c9ae4074ce945667dde919 (6.17-rc7)
-CVE-2025-39955 [tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().]
+CVE-2025-39955 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.16.9-1
NOTE: https://git.kernel.org/linus/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01 (6.17-rc7)
-CVE-2025-39954 [clk: sunxi-ng: mp: Fix dual-divider clock rate readback]
+CVE-2025-39954 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -260,13 +422,13 @@ CVE-2017-20202 (Web Developer for Chrome v0.4.9 contained malicious code that ge
NOT-FOR-US: Chrome extension
CVE-2017-20201 (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) cont ...)
NOT-FOR-US: CCleaner
-CVE-2025-2934
+CVE-2025-2934 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2025-9825
- gitlab <unfixed>
-CVE-2025-10004
+CVE-2025-10004 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-11340
+CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64 End of ...)
- python3.14 <unfixed>
@@ -428,7 +590,8 @@ CVE-2025-36565 (Dell PowerProtect Data Domain with Data Domain Operating System
NOT-FOR-US: Dell / EMC
CVE-2025-36156 (IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vu ...)
NOT-FOR-US: IBM
-CVE-2025-34252 (NetSarang Xmanager Enterprise 5.0 Build 1232,Xmanager 5.0 Build 1045,X ...)
+CVE-2025-34252
+ REJECTED
NOT-FOR-US: NetSarang Xmanager
CVE-2025-1826 (IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundatio ...)
NOT-FOR-US: IBM
@@ -2338,7 +2501,7 @@ CVE-2025-52427 (A NULL pointer dereference vulnerability has been reported to af
CVE-2025-52424 (A NULL pointer dereference vulnerability has been reported to affect s ...)
NOT-FOR-US: QNAP
CVE-2025-49844 (Redis is an open source, in-memory database that persists on disk. Ver ...)
- {DSA-6020-1}
+ {DSA-6022-1 DSA-6020-1 DLA-4325-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed> (bug #1117690)
- valkey <unfixed> (bug #1117687)
@@ -2370,7 +2533,7 @@ CVE-2025-47211 (A path traversal vulnerability has been reported to affect sever
CVE-2025-47210 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
NOT-FOR-US: QNAP
CVE-2025-46819 (Redis is an open source, in-memory database that persists on disk. Ver ...)
- {DSA-6020-1}
+ {DSA-6022-1 DSA-6020-1 DLA-4325-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed> (bug #1117690)
- valkey <unfixed> (bug #1117687)
@@ -2378,7 +2541,7 @@ CVE-2025-46819 (Redis is an open source, in-memory database that persists on dis
NOTE: https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba (8.2.2)
NOTE: https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-46818 (Redis is an open source, in-memory database that persists on disk. Ver ...)
- {DSA-6020-1}
+ {DSA-6022-1 DSA-6020-1}
- redis <unfixed> (bug #1117553)
[bullseye] - redis <ignored> (patch too invasive to backport to this version)
- redict <unfixed> (bug #1117690)
@@ -2387,7 +2550,7 @@ CVE-2025-46818 (Redis is an open source, in-memory database that persists on dis
NOTE: https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e (8.2.2)
NOTE: https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-46817 (Redis is an open source, in-memory database that persists on disk. Ver ...)
- {DSA-6020-1}
+ {DSA-6022-1 DSA-6020-1 DLA-4325-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed> (bug #1117690)
- valkey <unfixed> (bug #1117687)
@@ -4684,7 +4847,7 @@ CVE-2025-60163 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-60161 (Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlock ...)
+CVE-2025-60161 (Server-Side Request Forgery (SSRF) vulnerability in BdThemes ZoloBlock ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -9968,7 +10131,7 @@ CVE-2025-59399 (libocpp before 0.28.0 allows a denial of service (EVerest crash)
NOT-FOR-US: libocpp
CVE-2025-59398 (The OCPP implementation in libocpp before 0.26.2 allows a denial of se ...)
NOT-FOR-US: libocpp
-CVE-2025-59397 (Open Web Analytics (OWA) before 1.8.1 allows SQL injection.)
+CVE-2025-59397 (Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL i ...)
NOT-FOR-US: Open Web Analytics (OWA)
CVE-2025-59377 (feiskyer mcp-kubernetes-server through 0.1.11 allows OS command inject ...)
NOT-FOR-US: feiskyer mcp-kubernetes-server
@@ -34004,7 +34167,8 @@ CVE-2025-34054 (An unauthenticated command injection vulnerability exists in AVT
NOT-FOR-US: AVTECH
CVE-2025-34053 (An authentication bypass vulnerability exists in AVTECH IP camera, DVR ...)
NOT-FOR-US: AVTECH
-CVE-2025-34052 (An unauthenticated information disclosure vulnerability exists in AVTE ...)
+CVE-2025-34052
+ REJECTED
NOT-FOR-US: AVTECH
CVE-2025-34051 (A server-side request forgery vulnerability exists in multiple firmwar ...)
NOT-FOR-US: AVTECH
@@ -230817,7 +230981,7 @@ CVE-2023-31033 (NVIDIA DGX A100 BMC contains a vulnerability where a user may ca
NOT-FOR-US: NVIDIA
CVE-2023-31032 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31031 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause ...)
+CVE-2023-31031 (NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerab ...)
NOT-FOR-US: NVIDIA
CVE-2023-31030 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...)
NOT-FOR-US: NVIDIA
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7a6c46c303d0eb5c2d440f10575a08074fbf44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7a6c46c303d0eb5c2d440f10575a08074fbf44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251009/68de2efb/attachment-0001.htm>