[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 16 21:12:54 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23f13b25 by security tracker role at 2025-10-16T20:12:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2025-9955 (An improper access control vulnerability exists in WSO2 Enterprise Int ...)
+ TODO: check
+CVE-2025-9804 (An improper access control vulnerability exists in multiple WSO2 produ ...)
+ TODO: check
+CVE-2025-9559 (Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Inse ...)
+ TODO: check
+CVE-2025-9152 (An improper privilege management vulnerability exists in WSO2 API Mana ...)
+ TODO: check
+CVE-2025-6338 (There is an incomplete cleanup vulnerability in Qt Network's Schannel ...)
+ TODO: check
+CVE-2025-62586 (OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset t ...)
+ TODO: check
+CVE-2025-62496 (A vulnerability exists in the QuickJS engine's BigInt string parsing l ...)
+ TODO: check
+CVE-2025-62495 (An integer overflow vulnerability exists in the QuickJS regular expres ...)
+ TODO: check
+CVE-2025-62494 (A type confusion vulnerability exists in the handling of the string ad ...)
+ TODO: check
+CVE-2025-62493 (A vulnerability exists in the QuickJS engine's BigInt string conversio ...)
+ TODO: check
+CVE-2025-62492 (A vulnerability stemming from floating-point arithmetic precision erro ...)
+ TODO: check
+CVE-2025-62491 (A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's st ...)
+ TODO: check
+CVE-2025-62490 (In quickjs, in js_print_object, when printing an array, the function f ...)
+ TODO: check
+CVE-2025-62428 (Drawing-Captcha APP provides interactive, engaging verification for We ...)
+ TODO: check
+CVE-2025-62427 (The Angular CLI is a command-line interface tool for Angular applicati ...)
+ TODO: check
+CVE-2025-62425 (MAS (Matrix Authentication Service) is a user management and authentic ...)
+ TODO: check
+CVE-2025-62423 (ClipBucket V5 provides open source video hosting with PHP. In version5 ...)
+ TODO: check
+CVE-2025-62418 (Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3. ...)
+ TODO: check
+CVE-2025-62417 (Bagisto is an open source laravel eCommerce platform. When product dat ...)
+ TODO: check
+CVE-2025-62416 (Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 i ...)
+ TODO: check
+CVE-2025-62415 (Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3. ...)
+ TODO: check
+CVE-2025-62414 (Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3. ...)
+ TODO: check
+CVE-2025-62413 (MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Sit ...)
+ TODO: check
+CVE-2025-62412 (LibreNMS is a community-based GPL-licensed network monitoring system. ...)
+ TODO: check
+CVE-2025-62411 (LibreNMS is a community-based GPL-licensed network monitoring system. ...)
+ TODO: check
+CVE-2025-62409 (Envoy is a cloud-native, open source edge and service proxy. Prior to ...)
+ TODO: check
+CVE-2025-62407 (Frappe is a full-stack web application framework. Prior to 14.98.0 and ...)
+ TODO: check
+CVE-2025-61924 (PrestaShop Checkout is the PrestaShop official payment module in partn ...)
+ TODO: check
+CVE-2025-61923 (PrestaShop Checkout is the PrestaShop official payment module in partn ...)
+ TODO: check
+CVE-2025-61922 (PrestaShop Checkout is the PrestaShop official payment module in partn ...)
+ TODO: check
+CVE-2025-61909 (Icinga 2 is an open source monitoring system. From 2.10.0 to before 2. ...)
+ TODO: check
+CVE-2025-61908 (Icinga 2 is an open source monitoring system. From 2.10.0 to before 2. ...)
+ TODO: check
+CVE-2025-61907 (Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 ...)
+ TODO: check
+CVE-2025-61789 (Icinga DB Web provides a graphical interface for Icinga monitoring. Be ...)
+ TODO: check
+CVE-2025-61581 (** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complex ...)
+ TODO: check
+CVE-2025-61554 (A divide-by-zero in VirtIO network device emulation in BitVisor from c ...)
+ TODO: check
+CVE-2025-61553 (An out-of-bounds write in VirtIO network device emulation in BitVisor ...)
+ TODO: check
+CVE-2025-61543 (A Host Header Injection vulnerability exists in the password reset fun ...)
+ TODO: check
+CVE-2025-61541 (Webmin 2.510 is vulnerable to a Host Header Injection in the password ...)
+ TODO: check
+CVE-2025-61540 (SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the userna ...)
+ TODO: check
+CVE-2025-61539 (Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 v ...)
+ TODO: check
+CVE-2025-61536 (FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magi ...)
+ TODO: check
+CVE-2025-61514 (An arbitrary file upload vulnerability in SageMath, Inc CoCalc before ...)
+ TODO: check
+CVE-2025-61330 (A hard-coded weak password vulnerability has been discovered in all Ma ...)
+ TODO: check
+CVE-2025-60855 (Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient vali ...)
+ TODO: check
+CVE-2025-60641 (The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerab ...)
+ TODO: check
+CVE-2025-60639 (Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-2 ...)
+ TODO: check
+CVE-2025-60358 (radare2 v.5.9.8 and before contains a memory leak in the function _loa ...)
+ TODO: check
+CVE-2025-58426 (desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic ...)
+ TODO: check
+CVE-2025-58115 (ChatLuck contains a cross-site scripting vulnerability in Guest User S ...)
+ TODO: check
+CVE-2025-58079 (Improper Protection of Alternate Path (CWE-424) in the AppSuite of des ...)
+ TODO: check
+CVE-2025-58075 (Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= ...)
+ TODO: check
+CVE-2025-58073 (Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= ...)
+ TODO: check
+CVE-2025-58051 (Nextcloud Tables allows you to create your own tables with individual ...)
+ TODO: check
+CVE-2025-56700 (Boolean SQL injection vulnerability in the web app of Base Digitale Gr ...)
+ TODO: check
+CVE-2025-56699 (SQL injection vulnerability in the cmd component of Base Digitale Grou ...)
+ TODO: check
+CVE-2025-55072 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R ...)
+ TODO: check
+CVE-2025-55035 (Mattermost Desktop App versions <=5.13.0 fail to manage modals in the ...)
+ TODO: check
+CVE-2025-54859 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R ...)
+ TODO: check
+CVE-2025-54760 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R ...)
+ TODO: check
+CVE-2025-54658 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ TODO: check
+CVE-2025-54539 (A Deserialization of Untrusted Data vulnerability exists in the Apache ...)
+ TODO: check
+CVE-2025-54499 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use ...)
+ TODO: check
+CVE-2025-54461 (ChatLuck contains an insufficient granularity of access control vulner ...)
+ TODO: check
+CVE-2025-53951 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ TODO: check
+CVE-2025-53950 (An Exposure of Private Personal Information ('Privacy Violation') vuln ...)
+ TODO: check
+CVE-2025-53858 (ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. ...)
+ TODO: check
+CVE-2025-53092 (Strapi is an open source headless content management system. Strapi ve ...)
+ TODO: check
+CVE-2025-52583 (Reflected cross-site scripting (XSS) vulnerability in desknet's Web Se ...)
+ TODO: check
+CVE-2025-46752 (A insertion of sensitive information into log file in Fortinet FortiDL ...)
+ TODO: check
+CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
+ TODO: check
+CVE-2025-41410 (Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= ...)
+ TODO: check
+CVE-2025-41254 (STOMP over WebSocket applications may be vulnerable to a security bypa ...)
+ TODO: check
+CVE-2025-41253 (The following versions of Spring Cloud Gateway Server Webflux may be v ...)
+ TODO: check
+CVE-2025-3930 (Strapi uses JSON Web Tokens (JWT) for authentication. After logout or ...)
+ TODO: check
+CVE-2025-36128 (IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denia ...)
+ TODO: check
+CVE-2025-36002 (IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and I ...)
+ TODO: check
+CVE-2025-34519 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
+ TODO: check
+CVE-2025-34518 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a r ...)
+ TODO: check
+CVE-2025-34517 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
+ TODO: check
+CVE-2025-34516 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a u ...)
+ TODO: check
+CVE-2025-34515 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
+ TODO: check
+CVE-2025-34514 (Ilevia EVE X1 Server firmware versions \u2264 4.7.18.0.eden contain au ...)
+ TODO: check
+CVE-2025-34513 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
+ TODO: check
+CVE-2025-34512 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a r ...)
+ TODO: check
+CVE-2025-34255 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observa ...)
+ TODO: check
+CVE-2025-34254 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observa ...)
+ TODO: check
+CVE-2025-34253 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored c ...)
+ TODO: check
+CVE-2025-25298 (Strapi is an open source headless CMS. The @strapi/core package before ...)
+ TODO: check
+CVE-2025-24833 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO versi ...)
+ TODO: check
+CVE-2025-22381 (Aggie 2.6.1 has a Host Header injection vulnerability in the forgot pa ...)
+ TODO: check
+CVE-2025-11854
+ REJECTED
+CVE-2025-11853 (A vulnerability was determined in Sismics Teedy up to 1.11. This affec ...)
+ TODO: check
+CVE-2025-11852 (A vulnerability was found in Apeman ID71 218.53.203.117. The impacted ...)
+ TODO: check
+CVE-2025-11851 (A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affect ...)
+ TODO: check
+CVE-2025-11842 (A security vulnerability has been detected in Shazwazza Smidge up to 4 ...)
+ TODO: check
+CVE-2025-11840 (A weakness has been identified in GNU Binutils 2.45. The affected elem ...)
+ TODO: check
+CVE-2025-11839 (A security flaw has been discovered in GNU Binutils 2.45. Impacted is ...)
+ TODO: check
+CVE-2025-11493 (The ConnectWise Automate Agent does not fully verify the authenticity ...)
+ TODO: check
+CVE-2025-11492 (In the ConnectWise Automate Agent, communications could be configured ...)
+ TODO: check
+CVE-2025-10611 (Due to an insufficient access control implementation in multiple WSO2 ...)
+ TODO: check
+CVE-2025-10545 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
+ TODO: check
+CVE-2025-0277 (HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure d ...)
+ TODO: check
+CVE-2025-0276 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerab ...)
+ TODO: check
+CVE-2024-56143 (Strapi is an open-source headless content management system. In versio ...)
+ TODO: check
CVE-2025-62585 (Whale browser before 4.33.325.17 allows an attacker to bypass the Cont ...)
NOT-FOR-US: Whale Browser
CVE-2025-62584 (Whale browser before 4.33.325.17 allows an attacker to bypass the Same ...)
@@ -552,6 +762,7 @@ CVE-2017-20204 (DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an
CVE-2011-10033 (The WordPress pluginis-human <= v1.4.2 containsan eval injection vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11756
+ {DSA-6026-1}
- chromium 141.0.7390.107-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9437 (A security issue exists within the Studio 5000 Logix Designer add-on p ...)
@@ -49373,7 +49584,7 @@ CVE-2025-47750 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds
CVE-2025-47749 (V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not ...)
NOT-FOR-US: Fuji V-SFT
CVE-2025-46801 (Pgpool-II provided by PgPool Global Development Group contains an auth ...)
- {DSA-5974-1}
+ {DSA-5974-1 DLA-4334-1}
- pgpool2 4.6.1-1 (bug #1106119)
NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.6.1.2C_4.5.7.2C_4.4.12.2C_4.3.15_and_4.2.22_officially_released_.282025.2F05.2F15.29_2
NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=pgpool2.git;a=commit;h=d8e2ace8737f64eee2bf5ca74f6294835fb75ccb (V4_6_1)
@@ -54136,7 +54347,7 @@ CVE-2025-43843 (Retrieval-based-Voice-Conversion-WebUI is a voice changing frame
NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
-CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the gateway compo ...)
+CVE-2025-2905 (Due to the improper configuration of XML parser, user-supplied XML is ...)
NOT-FOR-US: WSO2
CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 ...)
NOT-FOR-US: Mezzanine CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23f13b255972eda436eb90aa03e93d181d7b7d7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23f13b255972eda436eb90aa03e93d181d7b7d7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/cac7541a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list