[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 16 09:12:57 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af608b07 by security tracker role at 2025-10-16T08:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2025-11683 [missing null-terminators which causes out-of-bounds read and potential information]
+CVE-2025-62585 (Whale browser before 4.33.325.17 allows an attacker to bypass the Cont ...)
+	TODO: check
+CVE-2025-62584 (Whale browser before 4.33.325.17 allows an attacker to bypass the Same ...)
+	TODO: check
+CVE-2025-62583 (Whale Browser before 4.33.325.17 allows an attacker to escape the ifra ...)
+	TODO: check
+CVE-2025-62580 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
+	TODO: check
+CVE-2025-62579 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
+	TODO: check
+CVE-2025-58778 (Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH ...)
+	TODO: check
+CVE-2025-55091 (In NetX Duo before 6.4.4, the networking support module for Eclipse Fo ...)
+	TODO: check
+CVE-2025-55090 (In NetX Duo before 6.4.4, the networking support module for Eclipse Fo ...)
+	TODO: check
+CVE-2025-55089 (In FileX before 6.4.2, the file support module for Eclipse Foundation  ...)
+	TODO: check
+CVE-2025-55084 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation  ...)
+	TODO: check
+CVE-2025-43313 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2025-43282 (A double free issue was addressed with improved memory management. Thi ...)
+	TODO: check
+CVE-2025-43281 (The issue was addressed with improved authentication. This issue is fi ...)
+	TODO: check
+CVE-2025-43280 (The issue was resolved by not loading remote images This issue is fixe ...)
+	TODO: check
+CVE-2025-41021 (Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consistin ...)
+	TODO: check
+CVE-2025-41020 (Insecure direct object reference (IDOR) vulnerability in Sergestec's E ...)
+	TODO: check
+CVE-2025-41019 (SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows a ...)
+	TODO: check
+CVE-2025-41018 (SQL injection in Sergestec's Exito v8.0. This vulnerability allows an  ...)
+	TODO: check
+CVE-2025-11814 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-10850 (The Felan Framework plugin for WordPress is vulnerable to improper aut ...)
+	TODO: check
+CVE-2025-10849 (The Felan Framework plugin for WordPress is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2025-10742 (The Truelysell Core plugin for WordPress is vulnerable to Arbitrary Us ...)
+	TODO: check
+CVE-2025-10706 (The Classified Pro theme for WordPress is vulnerable to unauthorized p ...)
+	TODO: check
+CVE-2025-10700 (The Ally \u2013 Web Accessibility & Usability plugin for WordPress is  ...)
+	TODO: check
+CVE-2025-0275 (HCL BigFix Mobile 3.3 and earlier is affected by improper access contr ...)
+	TODO: check
+CVE-2025-0274 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected  ...)
+	TODO: check
+CVE-2025-11683 (YAML::Syck versions before 1.36 for Perl has missing null-terminators  ...)
 	- libyaml-syck-perl 1.34-4
 	[trixie] - libyaml-syck-perl <no-dsa> (Minor issue)
 	[bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
@@ -1165,6 +1217,7 @@ CVE-2025-11721 (Memory safety bug present in Firefox 143 and Thunderbird 143. Th
 	- firefox 144.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11721
 CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>
@@ -1172,6 +1225,7 @@ CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11715
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11715
 CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>
@@ -1195,6 +1249,7 @@ CVE-2025-11718 (When the address bar was hidden due to scrolling on Android, a m
 	- firefox 144.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11718
 CVE-2025-11712 (A malicious page could have used the type attribute of an OBJECT tag t ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>
@@ -1208,6 +1263,7 @@ CVE-2025-11716 (Links in a sandboxed iframe could open an external app on Androi
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11716
 CVE-2025-11711 (There was a way to change the value of JavaScript Object properties th ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>
@@ -1215,6 +1271,7 @@ CVE-2025-11711 (There was a way to change the value of JavaScript Object propert
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11711
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11711
 CVE-2025-11710 (A compromised web process using malicious IPC messages could have caus ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>
@@ -1222,6 +1279,7 @@ CVE-2025-11710 (A compromised web process using malicious IPC messages could hav
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11710
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11710
 CVE-2025-11709 (A compromised web process was able to trigger out of bounds reads and  ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>
@@ -1229,6 +1287,7 @@ CVE-2025-11709 (A compromised web process was able to trigger out of bounds read
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11709
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11709
 CVE-2025-11708 (Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerabilit ...)
+	{DSA-6025-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af608b07a8b517f5c3cf9d1b3cdb69ca12ce71c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af608b07a8b517f5c3cf9d1b3cdb69ca12ce71c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/6b1779fc/attachment.htm>

More information about the debian-security-tracker-commits mailing list