[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 21 21:13:03 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68537571 by security tracker role at 2025-10-21T20:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2025-9428 (Zohocorp ManageEngine Analytics Plus versions6171 and prior are vulner ...)
+	TODO: check
+CVE-2025-9339 (SQL injection vulnerability in the fields of warehouse document filter ...)
+	TODO: check
+CVE-2025-8050 (External Control of File Name or Path vulnerability in opentext Flippe ...)
+	TODO: check
+CVE-2025-7473 (Zohocorp ManageEngine EndPoint Central versions11.4.2516.1 and prior a ...)
+	TODO: check
+CVE-2025-6239 (Zohocorp ManageEngine Applications Manager versions 176800 and below a ...)
+	TODO: check
+CVE-2025-62763 (Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the c ...)
+	TODO: check
+CVE-2025-62661 (Incorrect Default Permissions vulnerability in The Wikimedia Foundatio ...)
+	TODO: check
+CVE-2025-62641 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62605 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2025-62598 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62597 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-62595 (Koa is expressive middleware for Node.js using ES2017 async functions. ...)
+	TODO: check
+CVE-2025-62592 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62591 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62590 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62589 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62588 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62587 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-62518 (astral-tokio-tar is a tar archive reading/writing library for async Ru ...)
+	TODO: check
+CVE-2025-62481 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+	TODO: check
+CVE-2025-62480 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62479 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62478 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62477 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62476 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62475 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62290 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62289 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-62288 (Vulnerability in the Oracle Health Sciences Data Management Workbench  ...)
+	TODO: check
+CVE-2025-62287 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
+	TODO: check
+CVE-2025-62250 (Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and ...)
+	TODO: check
+CVE-2025-62249 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+	TODO: check
+CVE-2025-61885 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
+	TODO: check
+CVE-2025-61881 (Vulnerability in the Java VM component of Oracle Database Server.  Sup ...)
+	TODO: check
+CVE-2025-61764 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+	TODO: check
+CVE-2025-61763 (Vulnerability in Oracle Essbase (component: Essbase Web Platform).   T ...)
+	TODO: check
+CVE-2025-61762 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...)
+	TODO: check
+CVE-2025-61761 (Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management  ...)
+	TODO: check
+CVE-2025-61760 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-61759 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2025-61758 (Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management pro ...)
+	TODO: check
+CVE-2025-61757 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
+	TODO: check
+CVE-2025-61755 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE  ...)
+	TODO: check
+CVE-2025-61754 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
+	TODO: check
+CVE-2025-61753 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+	TODO: check
+CVE-2025-61752 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+	TODO: check
+CVE-2025-61751 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+	TODO: check
+CVE-2025-61750 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-61749 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
+	TODO: check
+CVE-2025-61748 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2025-61457 (code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Fo ...)
+	TODO: check
+CVE-2025-61255 (Bank Locker Management System by PHPGurukul is affected by a Cross-Sit ...)
+	TODO: check
+CVE-2025-61220 (The incomplete verification mechanism in the AutoBizLine com.mysecondl ...)
+	TODO: check
+CVE-2025-61194 (daicuocms V1.3.13 contains a SQL injection vulnerability in the file l ...)
+	TODO: check
+CVE-2025-61181 (daicuocms V1.3.13 contains an arbitrary file upload vulnerability in t ...)
+	TODO: check
+CVE-2025-60934 (Multiple stored cross-site scripting (XSS) vulnerabilities in the inde ...)
+	TODO: check
+CVE-2025-60933 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Futu ...)
+	TODO: check
+CVE-2025-60932 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Curr ...)
+	TODO: check
+CVE-2025-60790 (ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to ...)
+	TODO: check
+CVE-2025-60772 (Improper authentication in the web-based management interface of NETLI ...)
+	TODO: check
+CVE-2025-60751 (GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS:: ...)
+	TODO: check
+CVE-2025-60511 (Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Ins ...)
+	TODO: check
+CVE-2025-60507 (Cross site scripting vulnerability in Moodle GeniAI plugin (local_geni ...)
+	TODO: check
+CVE-2025-60506 (Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site sc ...)
+	TODO: check
+CVE-2025-60500 (QDocs Smart School Management System 7.1 allows authenticated users wi ...)
+	TODO: check
+CVE-2025-60427 (LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken  ...)
+	TODO: check
+CVE-2025-60344 (An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link  ...)
+	TODO: check
+CVE-2025-60280 (Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allo ...)
+	TODO: check
+CVE-2025-5496 (ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508 ...)
+	TODO: check
+CVE-2025-59438 (Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.)
+	TODO: check
+CVE-2025-57521 (Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that  ...)
+	TODO: check
+CVE-2025-56802 (The Reolink desktop application uses a hard-coded and predictable AES  ...)
+	TODO: check
+CVE-2025-56801 (The Reolink Desktop Application 8.18.12 contains hardcoded credentials ...)
+	TODO: check
+CVE-2025-56800 (Reolink desktop application 8.18.12 contains a vulnerability in its lo ...)
+	TODO: check
+CVE-2025-56799 (Reolink desktop application 8.18.12 contains a command injection vulne ...)
+	TODO: check
+CVE-2025-56450 (Log2Space Subscriber Management Software 1.1 is vulnerable to unauthen ...)
+	TODO: check
+CVE-2025-53072 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+	TODO: check
+CVE-2025-53071 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+	TODO: check
+CVE-2025-53070 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2025-53069 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53068 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2025-53067 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53066 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2025-53065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53064 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+	TODO: check
+CVE-2025-53063 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53062 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53061 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53060 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
+	TODO: check
+CVE-2025-53059 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53058 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+	TODO: check
+CVE-2025-53057 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2025-53056 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
+	TODO: check
+CVE-2025-53055 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53054 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53053 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53052 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+	TODO: check
+CVE-2025-53051 (Vulnerability in the RDBMS Functional Index component of Oracle Databa ...)
+	TODO: check
+CVE-2025-53050 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53049 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+	TODO: check
+CVE-2025-53048 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2025-53047 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
+	TODO: check
+CVE-2025-53046 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2025-53045 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53044 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53043 (Vulnerability in the Oracle Product Hub product of Oracle E-Business S ...)
+	TODO: check
+CVE-2025-53042 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53041 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite  ...)
+	TODO: check
+CVE-2025-53040 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2025-53037 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+	TODO: check
+CVE-2025-53036 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+	TODO: check
+CVE-2025-53035 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+	TODO: check
+CVE-2025-53034 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+	TODO: check
+CVE-2025-52079 (The administrator password setting of the D-Link DIR-820L 1.06B02 is h ...)
+	TODO: check
+CVE-2025-50075 (Vulnerability in the Oracle Financial Services Revenue Management and  ...)
+	TODO: check
+CVE-2025-50074 (Vulnerability in the Oracle Financial Services Revenue Management and  ...)
+	TODO: check
+CVE-2025-22166 (This High severity DoS (Denial of Service) vulnerability was introduce ...)
+	TODO: check
+CVE-2025-12031 (HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute ...)
+	TODO: check
+CVE-2025-12024
+	REJECTED
+CVE-2025-11757 (The CloudEdge Cloud does not sanitize the MQTT topic input, which coul ...)
+	TODO: check
+CVE-2025-11625 (Improper host authentication vulnerability in wolfSSH version 1.4.20 a ...)
+	TODO: check
+CVE-2025-11624 (Potential stack buffer overwrite on the SFTP server side when receivin ...)
+	TODO: check
+CVE-2025-11534 (The affected Raisecom devices allow SSH sessions to be established wit ...)
+	TODO: check
+CVE-2025-11151 (Exposure of Sensitive Information to an Unauthorized Actor, Exposure o ...)
+	TODO: check
+CVE-2025-10641 (All WorkExaminer Professional traffic between monitoring client, conso ...)
+	TODO: check
+CVE-2025-10640 (An unauthenticated attacker with access to TCP port 12306 of the WorkE ...)
+	TODO: check
+CVE-2025-10639 (The WorkExaminer Professional server installation comes with an FTP se ...)
+	TODO: check
+CVE-2025-10612 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-10020 (Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerabl ...)
+	TODO: check
+CVE-2022-4981 (A vulnerability was detected in DCMTK up to 3.6.7. The impacted elemen ...)
+	TODO: check
+CVE-2020-36855 (A security vulnerability has been detected in DCMTK up to 3.6.5. The a ...)
+	TODO: check
 CVE-2025-XXXX [Stored XSS Vulnerability]
 	- tryton-sao 7.0.38+ds1-1
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-14290/8895
@@ -139,7 +401,7 @@ CVE-2025-55086 (In NetXDuo version before 6.4.4, a networking support module for
 	NOT-FOR-US: Eclipse
 CVE-2025-54957 (An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the  ...)
 	NOT-FOR-US: Dolby UDC
-CVE-2025-48025 (In Samsung Mobile Processor and Wearable Processor Exynos 980, 1280, 1 ...)
+CVE-2025-48025 (In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 12 ...)
 	NOT-FOR-US: Samsung
 CVE-2025-47902 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Microchip



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68537571706157bd1a6039903ca9b2396fb88cde

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68537571706157bd1a6039903ca9b2396fb88cde
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/5c63b718/attachment.htm>

More information about the debian-security-tracker-commits mailing list