[Git][security-tracker-team/security-tracker][master] automatic update

Tue Oct 21 09:13:05 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe36c45e by security tracker role at 2025-10-21T08:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-9133 (A missing authorization vulnerability in Zyxel ATP series firmware ver ...)
+	TODO: check
+CVE-2025-8078 (A post-authentication command injection vulnerability in Zyxel ATP ser ...)
+	TODO: check
+CVE-2025-7851 (An attacker may obtain the root shell on the underlying OS system with ...)
+	TODO: check
+CVE-2025-7850 (A command injection vulnerability may be exploited after the admin's a ...)
+	TODO: check
+CVE-2025-6542 (An arbitrary OS command may be executed on the product by a remote una ...)
+	TODO: check
+CVE-2025-6541 (An arbitrary OS command may be executed on the product by the user who ...)
+	TODO: check
+CVE-2025-62702 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62701 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62699 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2025-62696 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+	TODO: check
+CVE-2025-62695 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62694 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62684
+	REJECTED
+CVE-2025-62683
+	REJECTED
+CVE-2025-62682
+	REJECTED
+CVE-2025-62681
+	REJECTED
+CVE-2025-62680
+	REJECTED
+CVE-2025-62679
+	REJECTED
+CVE-2025-62678
+	REJECTED
+CVE-2025-62677
+	REJECTED
+CVE-2025-62658 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-62657 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62656 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-61303 (Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows ...)
+	TODO: check
+CVE-2025-61301 (Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py i ...)
+	TODO: check
+CVE-2025-60783 (There is a SQL injection vulnerability in Restaurant Management System ...)
+	TODO: check
+CVE-2025-60781 (PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2025-54764 (Mbed TLS before 3.6.5 allows a local timing attack against certain RSA ...)
+	TODO: check
+CVE-2025-26392 (SolarWinds Observability Self-Hosted is susceptible to SQL injection v ...)
+	TODO: check
+CVE-2025-12004 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+	TODO: check
+CVE-2025-12001 (Lack of application manifest sanitation could lead to potential stored ...)
+	TODO: check
+CVE-2025-11949 (EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing  ...)
+	TODO: check
+CVE-2025-11536 (The Element Pack Addons for Elementor plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-10916 (The FormGent  WordPress plugin before 1.0.4 is vulnerable to arbitrary ...)
+	TODO: check
+CVE-2018-25118 (GeoVision embedded IP devices, confirmed onGV-BX1500 andGV-MFD1501, co ...)
+	TODO: check
 CVE-2025-9574 (Missing Authentication for Critical Function vulnerability in ABB ALS- ...)
 	NOT-FOR-US: ABB group
 CVE-2025-8884 (Authorization Bypass Through User-Controlled Key vulnerability in VHS  ...)
@@ -55146,7 +55216,7 @@ CVE-2024-41753 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF00
 CVE-2025-37799 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
 	- linux 6.12.27-1
 	NOTE: https://git.kernel.org/linus/4c2227656d9003f4d77afc76f34dd81b95e4c2c4
-CVE-2024-58135 (Mojolicious versions from 7.28 through 9.40 for Perl may generate weak ...)
+CVE-2024-58135 (Mojolicious versions from 7.28 for Perl will generate weak HMAC sessio ...)
 	- libmojolicious-perl <unfixed> (bug #1104633)
 	[trixie] - libmojolicious-perl <no-dsa> (Minor issue)
 	[bookworm] - libmojolicious-perl <no-dsa> (Minor issue)
@@ -55161,7 +55231,7 @@ CVE-2024-58135 (Mojolicious versions from 7.28 through 9.40 for Perl may generat
 	NOTE: the fix works fine with older CryptX: https://github.com/mojolicious/mojo/discussions/2255
 	NOTE: As per upstream mojolicious/v9.39 will still be considered vulnerable to the
 	NOTE: CVE since the CryptX is not a required dependency.
-CVE-2024-58134 (Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard c ...)
+CVE-2024-58134 (Mojolicious versions from 0.999922 for Perl uses a hard coded string,  ...)
 	- libmojolicious-perl <unfixed> (bug #1104648)
 	[trixie] - libmojolicious-perl <no-dsa> (Minor issue)
 	[bookworm] - libmojolicious-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe36c45ebb12e84c020b8d31242ef17d7f551286

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe36c45ebb12e84c020b8d31242ef17d7f551286
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/53df5df2/attachment-0001.htm>
