[Git][security-tracker-team/security-tracker][master] Add new CVEs for mattermost-server, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 16 22:32:42 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b8e94c7 by Salvatore Bonaccorso at 2025-10-16T23:32:16+02:00
Add new CVEs for mattermost-server, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -136,9 +136,9 @@ CVE-2025-58115 (ChatLuck contains a cross-site scripting vulnerability in Guest
CVE-2025-58079 (Improper Protection of Alternate Path (CWE-424) in the AppSuite of des ...)
NOT-FOR-US: desknet
CVE-2025-58075 (Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-58073 (Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-58051 (Nextcloud Tables allows you to create your own tables with individual ...)
NOT-FOR-US: Nextcloud Tables
CVE-2025-56700 (Boolean SQL injection vulnerability in the web app of Base Digitale Gr ...)
@@ -158,7 +158,7 @@ CVE-2025-54658 (An Improper Limitation of a Pathname to a Restricted Directory (
CVE-2025-54539 (A Deserialization of Untrusted Data vulnerability exists in the Apache ...)
TODO: check
CVE-2025-54499 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-54461 (ChatLuck contains an insufficient granularity of access control vulner ...)
NOT-FOR-US: ChatLuck
CVE-2025-53951 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
@@ -174,9 +174,9 @@ CVE-2025-52583 (Reflected cross-site scripting (XSS) vulnerability in desknet's
CVE-2025-46752 (A insertion of sensitive information into log file in Fortinet FortiDL ...)
NOT-FOR-US: Fortinet
CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-41410 (Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-41254 (STOMP over WebSocket applications may be vulnerable to a security bypa ...)
TODO: check
CVE-2025-41253 (The following versions of Spring Cloud Gateway Server Webflux may be v ...)
@@ -236,7 +236,7 @@ CVE-2025-11492 (In the ConnectWise Automate Agent, communications could be confi
CVE-2025-10611 (Due to an insufficient access control implementation in multiple WSO2 ...)
NOT-FOR-US: WSO2
CVE-2025-10545 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-0277 (HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure d ...)
NOT-FOR-US: HCL
CVE-2025-0276 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8e94c7e89b7637f899537685c3bf9382c73ab0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8e94c7e89b7637f899537685c3bf9382c73ab0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/3dd6d588/attachment.htm>
More information about the debian-security-tracker-commits
mailing list