[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 14 09:12:51 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc8f5f30 by security tracker role at 2025-10-14T08:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-9713 (Path traversal in Ivanti Endpoint Manager allows a remote unauthentica ...)
+	TODO: check
+CVE-2025-8594 (The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a para ...)
+	TODO: check
+CVE-2025-62392 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62391 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62390 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62389 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62388 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62387 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62386 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62385 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62384 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62383 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-62365 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+	TODO: check
+CVE-2025-62364 (text-generation-webui is an open-source web interface for running Larg ...)
+	TODO: check
+CVE-2025-62363 (yt-grabber-tui is a terminal user interface application for downloadin ...)
+	TODO: check
+CVE-2025-62362 (gpp-burgerportaal is a Dutch government citizen portal application. In ...)
+	TODO: check
+CVE-2025-62361 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62360 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62359 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62358 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62252 (Insecure Direct Object Reference (IDOR) vulnerability in Liferay Porta ...)
+	TODO: check
+CVE-2025-62251 (Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 thro ...)
+	TODO: check
+CVE-2025-62246 (Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay  ...)
+	TODO: check
+CVE-2025-62179 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62178 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62177 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62176 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2025-62175 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2025-62174 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2025-61688 (Omni manages Kubernetes on bare metal, virtual machines, or in a cloud ...)
+	TODO: check
+CVE-2025-59889 (Improper authentication of library files in the Eaton IPP software ins ...)
+	TODO: check
+CVE-2025-59836 (Omni manages Kubernetes on bare metal, virtual machines, or in a cloud ...)
+	TODO: check
+CVE-2025-55078 (In Eclipse ThreadX before version 6.4.3, an attacker can cause a denia ...)
+	TODO: check
+CVE-2025-42939 (SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an  ...)
+	TODO: check
+CVE-2025-42937 (SAP Print Service (SAPSprint) performs insufficient validation of path ...)
+	TODO: check
+CVE-2025-42910 (Due to missing verification of file type or content, SAP Supplier Rela ...)
+	TODO: check
+CVE-2025-42909 (SAP Cloud Appliance Library Appliances allows an attacker with high pr ...)
+	TODO: check
+CVE-2025-42908 (Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWea ...)
+	TODO: check
+CVE-2025-42906 (SAP Commerce Cloud contains a path traversal vulnerability that may al ...)
+	TODO: check
+CVE-2025-42903 (A vulnerability in SAP Financial Service Claims Management RFC functio ...)
+	TODO: check
+CVE-2025-42902 (Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP an ...)
+	TODO: check
+CVE-2025-42901 (SAP Application Server for ABAP allows an authenticated attacker to st ...)
+	TODO: check
+CVE-2025-11731 (A flaw was found in the exsltFuncResultComp() function of libxslt, whi ...)
+	TODO: check
+CVE-2025-11623 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
+	TODO: check
+CVE-2025-11622 (Insecure deserialization in Ivanti Endpoint Manager allows a local aut ...)
+	TODO: check
+CVE-2025-10732 (The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin f ...)
+	TODO: check
+CVE-2025-10357 (The Simple SEO WordPress plugin before 2.0.32 does not sanitise and es ...)
+	TODO: check
+CVE-2024-6211
+	REJECTED
 CVE-2025-9968 (A link following vulnerability exists in the UnifyScanner component of ...)
 	NOT-FOR-US: ASUS
 CVE-2025-9902 (Authorization Bypass Through User-Controlled Key vulnerability in AKIN ...)
@@ -8163,12 +8259,12 @@ CVE-2025-59800 (In Artifex Ghostscript through 10.05.1, ocr_begin_page in device
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350 (ghostpdl-10.06.0rc1)
 	NOTE: Ghostscript in Debian not compiled with Tesseract support
 CVE-2025-59799 (Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow  ...)
-	{DSA-6024-1}
+	{DSA-6024-1 DLA-4330-1}
 	- ghostscript 10.06.0~dfsg-1 (bug #1116443)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708517
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781 (ghostpdl-10.06.0rc1)
 CVE-2025-59798 (Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow  ...)
-	{DSA-6024-1}
+	{DSA-6024-1 DLA-4330-1}
 	- ghostscript 10.06.0~dfsg-1 (bug #1116444)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708539
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7 (ghostpdl-10.06.0rc1)
@@ -30962,7 +31058,7 @@ CVE-2025-7464 (A vulnerability classified as problematic has been found in osrg
 CVE-2025-7463 (A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declar ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7462 (A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1 ...)
-	{DSA-6024-1}
+	{DSA-6024-1 DLA-4330-1}
 	- ghostscript 10.05.1~dfsg-2 (bug #1109270)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708606
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4abed95110f84d5efcd7aee38c7cb
@@ -733430,7 +733526,7 @@ CVE-2014-2375 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Bet
 	NOT-FOR-US: Ecava IntegraXor SCADA Server
 CVE-2014-2374 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim I ...)
 	NOT-FOR-US: Accuenergy
-CVE-2014-2373 (The web server on the AXN-NET Ethernet module accessory 3.04 for the A ...)
+CVE-2014-2373 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim I ...)
 	NOT-FOR-US: Accuenergy
 CVE-2014-2372
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc8f5f300446281cb8a352ad1b518f1bb158cfe5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc8f5f300446281cb8a352ad1b518f1bb158cfe5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251014/ceba888d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list