[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 20 21:13:02 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
072491ed by security tracker role at 2025-10-20T20:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,53 +1,151 @@
-CVE-2025-40017 [media: iris: Fix memory leak by freeing untracked persist buffer]
+CVE-2025-9574 (Missing Authentication for Critical Function vulnerability in ABB ALS- ...)
+ TODO: check
+CVE-2025-8884 (Authorization Bypass Through User-Controlled Key vulnerability in VHS ...)
+ TODO: check
+CVE-2025-8349 (Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. Thi ...)
+ TODO: check
+CVE-2025-8053 (Insufficient Granularity of Access Control vulnerability in opentext F ...)
+ TODO: check
+CVE-2025-8052 (SQL Injection vulnerability in opentext Flipper allows SQL Injection. ...)
+ TODO: check
+CVE-2025-8051 (Path Traversal vulnerability in opentext Flipper allows Absolute Path ...)
+ TODO: check
+CVE-2025-8049 (Insufficient Granularity of Access Control vulnerability in opentext F ...)
+ TODO: check
+CVE-2025-8048 (External Control of File Name or Path vulnerability in opentext Flippe ...)
+ TODO: check
+CVE-2025-6515 (The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the s ...)
+ TODO: check
+CVE-2025-62700 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-62698 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-62697 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
+ TODO: check
+CVE-2025-62693 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-62528 (Taguette is an open source qualitative research tool. An issue has bee ...)
+ TODO: check
+CVE-2025-62527 (Taguette is an open source qualitative research tool. An issue has bee ...)
+ TODO: check
+CVE-2025-62522 (Vite is a frontend tooling framework for JavaScript. In versions from ...)
+ TODO: check
+CVE-2025-62510 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
+ TODO: check
+CVE-2025-62509 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
+ TODO: check
+CVE-2025-62429 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
+ TODO: check
+CVE-2025-61488 (An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 ...)
+ TODO: check
+CVE-2025-61456 (A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-c ...)
+ TODO: check
+CVE-2025-61455 (SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, sp ...)
+ TODO: check
+CVE-2025-61454 (A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-c ...)
+ TODO: check
+CVE-2025-61417 (Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, ...)
+ TODO: check
+CVE-2025-60856 (Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access t ...)
+ TODO: check
+CVE-2025-5517 (Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40 ...)
+ TODO: check
+CVE-2025-57837 (Tileservice module is affected by information leak vulnerability, succ ...)
+ TODO: check
+CVE-2025-57738 (Apache Syncope offers the ability to extend / customize the base behav ...)
+ TODO: check
+CVE-2025-56224 (A lack of rate limiting in the One-Time Password (OTP) verification en ...)
+ TODO: check
+CVE-2025-56223 (A lack of rate limiting in the component /Home/UploadStreamDocument of ...)
+ TODO: check
+CVE-2025-56219 (Incorrect access control in SigningHub v8.6.8 allows attackers to arbi ...)
+ TODO: check
+CVE-2025-55086 (In NetXDuo version before 6.4.4, a networking support module for Eclip ...)
+ TODO: check
+CVE-2025-54957 (An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the ...)
+ TODO: check
+CVE-2025-48025 (In Samsung Mobile Processor and Wearable Processor Exynos 980, 1280, 1 ...)
+ TODO: check
+CVE-2025-47902 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47901 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2025-47900 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2025-41390 (An arbitrary code execution vulnerability exists in the git functional ...)
+ TODO: check
+CVE-2025-41028 (A SQL Injection vulnerability has been found in Epsilon RH by Grupo Ca ...)
+ TODO: check
+CVE-2025-3465 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-26782 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
+ TODO: check
+CVE-2025-26781 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
+ TODO: check
+CVE-2025-11979 (An authorized user may crash the MongoDB server by causing buffer over ...)
+ TODO: check
+CVE-2025-11680 (Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allo ...)
+ TODO: check
+CVE-2025-11679 (Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets ...)
+ TODO: check
+CVE-2025-11678 (Stack-based Buffer Overflowin lws_adns_parse_label in warmcat libwebso ...)
+ TODO: check
+CVE-2025-11677 (Use After Free in WebSocket server implementation in lws_handshake_ser ...)
+ TODO: check
+CVE-2025-10678 (NetBird VPN when installed using vendor's provided script failed to re ...)
+ TODO: check
+CVE-2024-55568 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2025-40017 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.11-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/02a24f13b3a1d9da9f3de56aa5fdb7cc1fe167a2 (6.18-rc1)
-CVE-2025-40016 [media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID]
+CVE-2025-40016 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.11-1
NOTE: https://git.kernel.org/linus/0e2ee70291e64a30fe36960c85294726d34a103e (6.18-rc1)
-CVE-2025-40015 [media: stm32-csi: Fix dereference before NULL check]
+CVE-2025-40015 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.11-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/80eaf32672871bd2623ce6ba13ffc1f018756580 (6.18-rc1)
-CVE-2025-40013 [ASoC: qcom: audioreach: fix potential null pointer dereference]
+CVE-2025-40013 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8318e04ab2526b155773313b66a1542476ce1106 (6.18-rc1)
-CVE-2025-40012 [net/smc: fix warning in smc_rx_splice() when calling get_page()]
+CVE-2025-40012 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a35c04de2565db191726b5741e6b66a35002c652 (6.17)
-CVE-2025-40011 [drm/gma500: Fix null dereference in hdmi teardown]
+CVE-2025-40011 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.10-1
NOTE: https://git.kernel.org/linus/352e66900cde63f3dadb142364d3c35170bbaaff (6.17)
-CVE-2025-40010 [afs: Fix potential null pointer dereference in afs_put_server]
+CVE-2025-40010 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.16.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9158c6bb245113d4966df9b2ba602197a379412e (6.17)
-CVE-2025-40009 [fs/proc/task_mmu: check p->vec_buf for NULL]
+CVE-2025-40009 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/28aa29986dde79e8466bc87569141291053833f5 (6.17)
-CVE-2025-40008 [kmsan: fix out-of-bounds access to shadow memory]
+CVE-2025-40008 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.16.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/85e1ff61060a765d91ee62dc5606d4d547d9d105 (6.17)
-CVE-2025-40007 [netfs: fix reference leak]
+CVE-2025-40007 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4d428dca252c858bfac691c31fa95d26cd008706 (6.17)
-CVE-2025-40006 [mm/hugetlb: fix folio is still mapped when deleted]
+CVE-2025-40006 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.10-1
NOTE: https://git.kernel.org/linus/7b7387650dcf2881fd8bb55bcf3c8bd6c9542dd7 (6.17)
-CVE-2025-40005 [spi: cadence-quadspi: Implement refcount to handle unbind during busy]
+CVE-2025-40005 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.10-1
NOTE: https://git.kernel.org/linus/7446284023e8ef694fb392348185349c773eefb3 (6.17-rc5)
CVE-2025-62577 (ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect de ...)
@@ -27138,6 +27236,7 @@ CVE-2025-54135 (Cursor is a code editor built for programming with AI. Cursor al
CVE-2025-54130 (Cursor is a code editor built for programming with AI. Cursor allows w ...)
NOT-FOR-US: Cursor
CVE-2025-54119 (ADOdb is a PHP database class library that provides abstractions for p ...)
+ {DLA-4340-1}
- libphp-adodb 5.22.10-0.1 (bug #1110464)
[trixie] - libphp-adodb <no-dsa> (Minor issue; can be fixed via point release)
[bookworm] - libphp-adodb <no-dsa> (Minor issue; can be fixed via point release)
@@ -31565,7 +31664,7 @@ CVE-2025-7763 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: thinkgem JeeSite
CVE-2025-7762 (A vulnerability, which was classified as critical, has been found in D ...)
NOT-FOR-US: D-Link
-CVE-2025-7759 (A vulnerability, which was classified as critical, was found in thinkg ...)
+CVE-2025-7759 (A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This ...)
NOT-FOR-US: thinkgem JeeSite
CVE-2025-7758 (A vulnerability, which was classified as critical, has been found in T ...)
NOT-FOR-US: TOTOLINK
@@ -86425,7 +86524,7 @@ CVE-2024-57968 (Advantive VeraCore before 2024.4.2.1 allows remote authenticated
CVE-2024-57967 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
NOT-FOR-US: CyberArk
CVE-2024-57966 (libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absol ...)
- {DLA-4046-1}
+ {DSA-6029-1 DLA-4046-1}
- ark 4:24.12.0-1 (bug #1106104)
NOTE: Fixed by: https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58 (v24.12.0)
CVE-2024-57669 (Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.3 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/072491ed1be43a70534bc89cd9768dac2814c46e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/072491ed1be43a70534bc89cd9768dac2814c46e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/67c5dbc8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list