[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 15 21:13:01 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b8ac5c5 by security tracker role at 2025-10-15T20:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,240 @@
-CVE-2025-9640 [uninitialized memory disclosure via vfs_streams_xattr]
+CVE-2025-9967 (The Orion SMS OTP Verification plugin for WordPress is vulnerable to p ...)
+ TODO: check
+CVE-2025-9548 (A potential null pointer dereference vulnerability was reported in the ...)
+ TODO: check
+CVE-2025-8486 (A potential vulnerability was reported in PC Manager that could allow ...)
+ TODO: check
+CVE-2025-6026 (An improper certificate validation vulnerability was reported in the L ...)
+ TODO: check
+CVE-2025-62410 (In versions before 20.0.2, it was found that --disallow-code-generatio ...)
+ TODO: check
+CVE-2025-62382 (Frigate is a network video recorder (NVR) with realtime local object d ...)
+ TODO: check
+CVE-2025-62381 (sveltekit-superforms makes SvelteKit forms a pleasure to use. svelteki ...)
+ TODO: check
+CVE-2025-62380 (mailgen is a Node.js package that generates responsive HTML e-mails fo ...)
+ TODO: check
+CVE-2025-62379 (Reflex is a library to build full-stack web apps in pure Python. In ve ...)
+ TODO: check
+CVE-2025-62378 (CommandKit is the discord.js meta-framework for building Discord bots. ...)
+ TODO: check
+CVE-2025-62375 (go-witness and witness are Go modules for generating attestations. In ...)
+ TODO: check
+CVE-2025-62371 (OpenSearch Data Prepper as an open source data collector for observabi ...)
+ TODO: check
+CVE-2025-62370 (Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior ...)
+ TODO: check
+CVE-2025-61990 (When using a multi-bladed platform with more than one blade, undisclos ...)
+ TODO: check
+CVE-2025-61974 (When a client SSL profile is configured on a virtual server, undisclos ...)
+ TODO: check
+CVE-2025-61960 (When a per-request policy is configured on a BIG-IP APM portal access ...)
+ TODO: check
+CVE-2025-61958 (A vulnerability exists in the iHealth command that may allow an authen ...)
+ TODO: check
+CVE-2025-61955 (A vulnerability exists in F5OS-A and F5OS-C systems that may allow an ...)
+ TODO: check
+CVE-2025-61951 (Undisclosed traffic can cause the Traffic Management Microkernel (TMM) ...)
+ TODO: check
+CVE-2025-61938 (When a BIG-IP Advanced WAF or ASM security policy is configured with a ...)
+ TODO: check
+CVE-2025-61935 (When a BIG IP Advanced WAF or ASM security policy is configured on a v ...)
+ TODO: check
+CVE-2025-61933 (A reflected cross-site scripting (XSS) vulnerability exists in an undi ...)
+ TODO: check
+CVE-2025-60016 (When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brain ...)
+ TODO: check
+CVE-2025-60015 (An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that ...)
+ TODO: check
+CVE-2025-60013 (When a user attempts to initialize the rSeries FIPS module using a pas ...)
+ TODO: check
+CVE-2025-59781 (When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual se ...)
+ TODO: check
+CVE-2025-59778 (When the Allowed IP Addresses feature is configured on the F5OS-C part ...)
+ TODO: check
+CVE-2025-59483 (A validation vulnerability exists in an undisclosed URL in the Configu ...)
+ TODO: check
+CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS ...)
+ TODO: check
+CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile is config ...)
+ TODO: check
+CVE-2025-59419 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2025-59269 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
+ TODO: check
+CVE-2025-59268 (On the BIG-IP system, undisclosed endpoints that contain static non-se ...)
+ TODO: check
+CVE-2025-58474 (When BIG-IP Advanced WAF is configured on a virtual server with Server ...)
+ TODO: check
+CVE-2025-58424 (On BIG-IP systems, undisclosed traffic can cause data corruption and u ...)
+ TODO: check
+CVE-2025-58153 (Under undisclosed traffic conditions along with conditions beyond the ...)
+ TODO: check
+CVE-2025-58133 (Authentication bypass in some Zoom Rooms Clients before version 6.5.1 ...)
+ TODO: check
+CVE-2025-58132 (Command injection in some Zoom Clients for Windows may allow an authen ...)
+ TODO: check
+CVE-2025-58120 (When HTTP/2 Ingress is configured, undisclosed traffic can cause the T ...)
+ TODO: check
+CVE-2025-58096 (When the database variable tm.tcpudptxchecksumis configured as non-def ...)
+ TODO: check
+CVE-2025-58071 (When IPsec is configured on the BIG-IP system, undisclosed traffic can ...)
+ TODO: check
+CVE-2025-57780 (A vulnerability exists in F5OS-A and F5OS-C system that may allow an a ...)
+ TODO: check
+CVE-2025-56749 (Creativeitem Academy LMS up to and including 6.14 uses a hardcoded def ...)
+ TODO: check
+CVE-2025-56748 (Creativeitem Academy LMS up to and including 5.13 uses predictable pas ...)
+ TODO: check
+CVE-2025-56746 (Creativeitem Academy LMS up to and including 5.13 does not regenerate ...)
+ TODO: check
+CVE-2025-55670 (On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes sy ...)
+ TODO: check
+CVE-2025-55669 (When the BIG-IP Advanced WAF and ASM security policy and a server-side ...)
+ TODO: check
+CVE-2025-55083 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation ...)
+ TODO: check
+CVE-2025-55082 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation ...)
+ TODO: check
+CVE-2025-55081 (In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the ...)
+ TODO: check
+CVE-2025-55036 (When BIG-IP SSL Orchestrator explicit forward proxy is configured on a ...)
+ TODO: check
+CVE-2025-54858 (When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured ...)
+ TODO: check
+CVE-2025-54854 (When a BIG-IP APM OAuth access profile (Resource Server or Resource Cl ...)
+ TODO: check
+CVE-2025-54805 (When an iRule is configured on a virtual server via the declarative AP ...)
+ TODO: check
+CVE-2025-54755 (A directory traversal vulnerability exists in TMUI that allows an auth ...)
+ TODO: check
+CVE-2025-54479 (When a classification profile is configured on a virtual server withou ...)
+ TODO: check
+CVE-2025-54271 (Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by ...)
+ TODO: check
+CVE-2025-53868 (When running in Appliance mode, a highly privileged authenticated atta ...)
+ TODO: check
+CVE-2025-53860 (A vulnerability exists in F5OS-A software that allows a highly privile ...)
+ TODO: check
+CVE-2025-53856 (When a virtual server, network address translation (NAT) object, or se ...)
+ TODO: check
+CVE-2025-53521 (When a BIG-IP APM Access Policy is configured on a virtual server, und ...)
+ TODO: check
+CVE-2025-53474 (When an iRule using an ILX::callcommand is configured on a virtual ser ...)
+ TODO: check
+CVE-2025-48008 (When a TCP profile with Multipath TCP (MPTCP) enabled is configured on ...)
+ TODO: check
+CVE-2025-47150 (When SNMP is configured on F5OS Appliance and Chassis systems, undiscl ...)
+ TODO: check
+CVE-2025-47148 (When the BIG-IP system is configured as both a Security Assertion Mark ...)
+ TODO: check
+CVE-2025-46706 (When an iRule containing the HTTP::respond command is configured on a ...)
+ TODO: check
+CVE-2025-41430 (When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause ...)
+ TODO: check
+CVE-2025-2529 (Applications using affected versions of Ehcache 3.x can experience deg ...)
+ TODO: check
+CVE-2025-20360 (Multiple Cisco products are affected by a vulnerability in the Snort 3 ...)
+ TODO: check
+CVE-2025-20359 (Multiple Cisco products are affected by a vulnerability in the Snort 3 ...)
+ TODO: check
+CVE-2025-20351 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco I ...)
+ TODO: check
+CVE-2025-20350 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco I ...)
+ TODO: check
+CVE-2025-20329 (A vulnerability in the logging component of Cisco TelePresence Collabo ...)
+ TODO: check
+CVE-2025-11832 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2025-11728 (The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-11722 (The Woocommerce Category and Products Accordion Panel plugin for WordP ...)
+ TODO: check
+CVE-2025-11701 (The Zip Attachments plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-11692 (The Zip Attachments plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-11619 (Improper certificate validation when connecting to gateways in Devolut ...)
+ TODO: check
+CVE-2025-11568 (A data corruption vulnerability has been identified in the luksmeta ut ...)
+ TODO: check
+CVE-2025-11365 (The WP Google Map Plugin plugin for WordPress is vulnerable to blind S ...)
+ TODO: check
+CVE-2025-11196 (The External Login plugin for WordPress is vulnerable to sensitive inf ...)
+ TODO: check
+CVE-2025-11177 (The External Login plugin for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2025-10869 (Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnera ...)
+ TODO: check
+CVE-2025-10754 (The DocoDoco Store Locator plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2025-10743 (The Outdoor plugin for WordPress is vulnerable to SQL Injection via th ...)
+ TODO: check
+CVE-2025-10730 (The Wp tabber widget plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2025-10699 (A vulnerability was reported in the Lenovo LeCloud client application ...)
+ TODO: check
+CVE-2025-10682 (The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in v ...)
+ TODO: check
+CVE-2025-10660 (The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2025-10648 (The YourMembership Single Sign On \u2013 YM SSO Login plugin for WordP ...)
+ TODO: check
+CVE-2025-10581 (A potential DLL hijacking vulnerability was discovered in the Lenovo P ...)
+ TODO: check
+CVE-2025-10577 (Potential vulnerabilities have been identified in the audio package fo ...)
+ TODO: check
+CVE-2025-10576 (Potential vulnerabilities have been identified in the audio package fo ...)
+ TODO: check
+CVE-2025-10575 (The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2025-10486 (The Content Writer plugin for WordPress is vulnerable to Sensitive Inf ...)
+ TODO: check
+CVE-2025-10313 (The Find And Replace content for WordPress plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-10312 (The Theme Importer plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2025-10310 (The Rich Snippet Site Report plugin for WordPress is vulnerable to SQ ...)
+ TODO: check
+CVE-2025-10303 (The Library Management System plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2025-10301 (The FunKItools plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2025-10300 (The TopBar plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2025-10299 (The WPBifr\xf6st \u2013 Instant Passwordless Temporary Login Links plu ...)
+ TODO: check
+CVE-2025-10294 (The OwnID Passwordless Login plugin for WordPress is vulnerable to Aut ...)
+ TODO: check
+CVE-2025-10293 (The Keyy Two Factor Authentication (like Clef) plugin for WordPress is ...)
+ TODO: check
+CVE-2025-10194 (The Shortcode Button plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-10186 (The WhyDonate \u2013 FREE Donate button \u2013 Crowdfunding \u2013 Fun ...)
+ TODO: check
+CVE-2025-10141 (The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-10140 (The Quick Social Login plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-10139 (The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-10135 (The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-10133 (The URLYar URL Shortner plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-10132 (The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-10056 (The Task Scheduler plugin for WordPress is vulnerable to Server-Side R ...)
+ TODO: check
+CVE-2025-10051 (The Demo Import Kit plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2025-10045 (The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2025-10041 (The Flex QR Code Generator plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to limited Priv ...)
+ TODO: check
+CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module, where unin ...)
- samba 2:4.23.2+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15885
@@ -39145,7 +39381,7 @@ CVE-2025-6268 (A vulnerability classified as problematic has been found in Luna
NOT-FOR-US: Luna Imaging
CVE-2025-6267 (A vulnerability was found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\ ...)
NOT-FOR-US: zhilink ADP Application Developer Platform
-CVE-2025-6266 (A vulnerability was found in FLIR AX8 up to 1.46. It has been declared ...)
+CVE-2025-6266 (A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected ...)
NOT-FOR-US: FLIR AX8
CVE-2025-5234 (The Gutenverse News plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
@@ -44277,7 +44513,7 @@ CVE-2025-5697 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: Brilliance Golden Link Secondary System
CVE-2025-5696 (A vulnerability classified as critical was found in Brilliance Golden ...)
NOT-FOR-US: Brilliance Golden Link Secondary System
-CVE-2025-5695 (A vulnerability classified as critical has been found in FLIR AX8 up t ...)
+CVE-2025-5695 (A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Thi ...)
NOT-FOR-US: FLIR AX8
CVE-2025-5694 (A vulnerability was found in PHPGurukul Human Metapneumovirus Testing ...)
NOT-FOR-US: PHPGurukul
@@ -46933,9 +47169,9 @@ CVE-2025-5129 (A vulnerability has been found in Sangfor \u96f6\u4fe1\u4efb\u8bb
NOT-FOR-US: Sangfor aTrust
CVE-2025-5128 (A vulnerability, which was classified as critical, was found in Script ...)
NOT-FOR-US: ScriptAndTools Real-Estate-website-in-PHP
-CVE-2025-5127 (A vulnerability, which was classified as problematic, has been found i ...)
+CVE-2025-5127 (A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. Thi ...)
NOT-FOR-US: FLIR AX8
-CVE-2025-5126 (A vulnerability classified as critical was found in FLIR AX8 up to 1.4 ...)
+CVE-2025-5126 (A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vul ...)
NOT-FOR-US: FLIR AX8
CVE-2025-5124 (A vulnerability classified as critical has been found in Sony SNC-M1, ...)
NOT-FOR-US: Sony
@@ -50841,7 +51077,7 @@ CVE-2025-4658 (Versions of OpenPubkey library prior to 0.10.0 contained a vulne
NOTE: CVE is assigned for opkssh's use of vulnerable versions of
NOTE: golang-github-openpubkey-openpubkey subjected to CVE-2025-3757 (cf. #1105741)
NOTE: https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
-CVE-2025-4649 (Improper Privilege Management vulnerability in Centreon web allows Pri ...)
+CVE-2025-4649 (Improper Handling of Exceptional Conditions vulnerability in Centreon ...)
NOT-FOR-US: Centreon
CVE-2025-4648 (The content of a SVG file, received as input in Centreon web, was no ...)
NOT-FOR-US: Centreon
@@ -176169,7 +176405,7 @@ CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Simple Subscription Website
CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Simple Subscription Website
-CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated ...)
+CVE-2024-3013 (A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted ...)
NOT-FOR-US: FLIR AX8
CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been de ...)
NOT-FOR-US: Tenda
@@ -266379,7 +266615,7 @@ CVE-2022-4366 (Missing Authorization in GitHub repository lirantal/daloradius pr
NOT-FOR-US: daloRADIUS
CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...)
+CVE-2022-4364 (A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Aff ...)
NOT-FOR-US: Teledyne
CVE-2022-4363 (The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market f ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b8ac5c5d8e5b193853711f87e31cdf78dce6dd0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b8ac5c5d8e5b193853711f87e31cdf78dce6dd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/80b0b299/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list