[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 10 09:13:27 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af6b4f97 by security tracker role at 2025-10-10T08:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2025-62292 (In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authent ...)
+ TODO: check
+CVE-2025-62240 (Multiple cross-site scripting (XSS) vulnerabilities with Calendar even ...)
+ TODO: check
+CVE-2025-61928 (Better Auth is an authentication and authorization library for TypeScr ...)
+ TODO: check
+CVE-2025-61926 (Allstar is a GitHub App to set and enforce security policies. In versi ...)
+ TODO: check
+CVE-2025-61871 (NAS Navigator2 Windows version by BUFFALO INC. registers a Windows ser ...)
+ TODO: check
+CVE-2025-61783 (Python Social Auth is a social authentication/registration mechanism. ...)
+ TODO: check
+CVE-2025-61779 (Confidential Containers's Trustee project contains tools and component ...)
+ TODO: check
+CVE-2025-61773 (pyLoad is a free and open-source download manager written in Python. I ...)
+ TODO: check
+CVE-2025-61602 (BigBlueButton is an open-source virtual classroom. A denial-of-service ...)
+ TODO: check
+CVE-2025-61601 (BigBlueButton is an open-source virtual classroom. A Denial of Service ...)
+ TODO: check
+CVE-2025-60375 (The authentication mechanism in Perfex CRM before 3.3.1 allows attacke ...)
+ TODO: check
+CVE-2025-59286 (Copilot Spoofing Vulnerability)
+ TODO: check
+CVE-2025-59272 (Copilot Spoofing Vulnerability)
+ TODO: check
+CVE-2025-59271 (Redis Enterprise Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-59252 (M365 Copilot Spoofing Vulnerability)
+ TODO: check
+CVE-2025-59247 (Azure PlayFab Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-59246 (Azure Entra ID Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-59218 (Azure Entra ID Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-55321 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2025-43296 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2025-35062 (Newforma Info Exchange (NIX) before version 2023.1 by default allows a ...)
+ TODO: check
+CVE-2025-35061 (Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices ...)
+ TODO: check
+CVE-2025-35060 (Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature ...)
+ TODO: check
+CVE-2025-35059 (Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' pro ...)
+ TODO: check
+CVE-2025-35058 (Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' all ...)
+ TODO: check
+CVE-2025-35057 (Newforma Info Exchange (NIX) '/RemoteWeb/IntegrationServices.ashx' all ...)
+ TODO: check
+CVE-2025-35056 (Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'St ...)
+ TODO: check
+CVE-2025-35055 (Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allo ...)
+ TODO: check
+CVE-2025-35054 (Newforma Info Exchange (NIX) stores credentials used to configure NPC ...)
+ TODO: check
+CVE-2025-35053 (Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/Mark ...)
+ TODO: check
+CVE-2025-35052 (Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain ...)
+ TODO: check
+CVE-2025-35051 (Newforma Project Center Server (NPCS) accepts serialized .NET data via ...)
+ TODO: check
+CVE-2025-35050 (Newforma Info Exchange (NIX) accepts serialized .NET data via the '/re ...)
+ TODO: check
+CVE-2025-34248 (D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory ...)
+ TODO: check
+CVE-2025-21070 (Out-of-bounds write in the SPI decoder in Samsung Notes prior to versi ...)
+ TODO: check
+CVE-2025-21069 (Out-of-bounds read in the parsing of image data in Samsung Notes prior ...)
+ TODO: check
+CVE-2025-21068 (Out-of-bounds read in the reading of image data in Samsung Notes prior ...)
+ TODO: check
+CVE-2025-21067 (Out-of-bounds read in the allocation of image buffer in Samsung Notes ...)
+ TODO: check
+CVE-2025-21066 (Out-of-bounds read in the SPI decoder in Samsung Notes prior to versio ...)
+ TODO: check
+CVE-2025-21065 (Improper input validation in Retail Mode prior to version 5.59.11 allo ...)
+ TODO: check
+CVE-2025-21064 (Improper authentication in Smart Switch prior to version 3.7.66.6 allo ...)
+ TODO: check
+CVE-2025-21063 (Improper access control in Samsung Voice Recorder prior to version 21. ...)
+ TODO: check
+CVE-2025-21062 (Use of a broken or risky cryptographic algorithm in Smart Switch prior ...)
+ TODO: check
+CVE-2025-21061 (Cleartext storage of sensitive information in Smart Switch prior to ve ...)
+ TODO: check
+CVE-2025-21060 (Cleartext storage of sensitive information in Smart Switch prior to ve ...)
+ TODO: check
+CVE-2025-21059 (Improper authorization in Samsung Health prior to version 6.30.5.105 a ...)
+ TODO: check
+CVE-2025-21058 (Improper access control in Routines prior to version 4.8.7.1 in Androi ...)
+ TODO: check
+CVE-2025-21057 (Use of implicit intent for sensitive communication in Samsung Notes pr ...)
+ TODO: check
+CVE-2025-21055 (Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oc ...)
+ TODO: check
+CVE-2025-21054 (Out-of-bounds read in the parsing header for JPEG decoding in libpadm. ...)
+ TODO: check
+CVE-2025-21053 (Out-of-bounds write in the parsing header for JPEG decoding in libpadm ...)
+ TODO: check
+CVE-2025-21052 (Out-of-bounds write under specific condition in the pre-processing of ...)
+ TODO: check
+CVE-2025-21051 (Out-of-bounds write in the pre-processing of JPEG decoding in libpadm. ...)
+ TODO: check
+CVE-2025-21050 (Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 ...)
+ TODO: check
+CVE-2025-21049 (Improper access control in SecSettings prior to SMR Oct-2025 Release 1 ...)
+ TODO: check
+CVE-2025-21048 (Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Relea ...)
+ TODO: check
+CVE-2025-21047 (Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 a ...)
+ TODO: check
+CVE-2025-21046 (Improper access control in WindowManager in Samsung DeX prior to SMR O ...)
+ TODO: check
+CVE-2025-21045 (Insecure storage of sensitive information in Galaxy Watch prior to SMR ...)
+ TODO: check
+CVE-2025-21044 (Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Rele ...)
+ TODO: check
+CVE-2025-11570 (Versions of the package drupal-pattern-lab/unified-twig-extensions fro ...)
+ TODO: check
+CVE-2025-11569 (All versions of the package cross-zip are vulnerable to Directory Trav ...)
+ TODO: check
+CVE-2025-11558 (A vulnerability was found in code-projects E-Commerce Website 1.0. Imp ...)
+ TODO: check
+CVE-2025-11557 (A vulnerability has been found in projectworlds Gate Pass Management S ...)
+ TODO: check
+CVE-2025-11556 (A flaw has been found in code-projects Simple Leave Manager 1.0. This ...)
+ TODO: check
+CVE-2025-11555 (A vulnerability was detected in Campcodes Online Learning Management S ...)
+ TODO: check
+CVE-2025-11450 (ServiceNow has addressed a reflected cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2025-11449 (ServiceNow has addressed a reflected cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2025-10124 (The Booking Manager WordPress plugin before 2.1.15 registers a shortc ...)
+ TODO: check
+CVE-2016-15047 (AVTECH devices that include the CloudSetup.cgi management endpoint are ...)
+ TODO: check
CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
- golang-1.25 1.25.2-1
- golang-1.24 1.24.8-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af6b4f97e58eb8a1f6dfff32f47516248a054544
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af6b4f97e58eb8a1f6dfff32f47516248a054544
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/6053b4c1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list