[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
398e1ac6 by security tracker role at 2025-10-24T20:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,30 +1,172 @@
-CVE-2025-40024 [vhost: Take a reference on the task in struct vhost_task.]
+CVE-2025-8536 (A SQL injection vulnerability has been identified in DobryCMS. Imprope ...)
+	TODO: check
+CVE-2025-62714 (Karmada Dashboard is a general-purpose, web-based control panel for Ka ...)
+	TODO: check
+CVE-2025-61430 (Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remot ...)
+	TODO: check
+CVE-2025-60938 (Emoncms 11.7.3 has a remote code execution vulnerability in the firmwa ...)
+	TODO: check
+CVE-2025-60936 (Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mecha ...)
+	TODO: check
+CVE-2025-60803 (Antabot White-Jotter up to commit 9bcadc was discovered to contain an  ...)
+	TODO: check
+CVE-2025-60801 (jshERP up to commit fbda24da was discovered to contain an unauthentica ...)
+	TODO: check
+CVE-2025-60735 (PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlug ...)
+	TODO: check
+CVE-2025-60731 (PerfreeBlog v4.0.11 has a File Upload vulnerability in the installThem ...)
+	TODO: check
+CVE-2025-60730 (PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in th ...)
+	TODO: check
+CVE-2025-60729 (PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the va ...)
+	TODO: check
+CVE-2025-60572 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60571 (D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2025-60570 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60569 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60568 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60566 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60565 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60564 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60563 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60562 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60561 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60559 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60558 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60557 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60556 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60555 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60554 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60553 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60552 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60551 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60550 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60549 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60548 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60547 (D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-60419 (An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, ...)
+	TODO: check
+CVE-2025-5605 (An authentication bypass vulnerability exists in the Management Consol ...)
+	TODO: check
+CVE-2025-5350 (SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products ...)
+	TODO: check
+CVE-2025-56438 (An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera ...)
+	TODO: check
+CVE-2025-46425 (Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contai ...)
+	TODO: check
+CVE-2025-46185 (An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a  ...)
+	TODO: check
+CVE-2025-46183 (The Utils.deserialize function in pgCodeKeeper 10.12.0 processes seria ...)
+	TODO: check
+CVE-2025-43995 (Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contai ...)
+	TODO: check
+CVE-2025-43994 (Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, co ...)
+	TODO: check
+CVE-2025-36361 (IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 thr ...)
+	TODO: check
+CVE-2025-12176 (Undocumented administrative accounts were getting created to facilitat ...)
+	TODO: check
+CVE-2025-12136 (The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for Word ...)
+	TODO: check
+CVE-2025-12134 (The ZoloBlocks \u2013 Gutenberg Block Editor Plugin with Advanced Bloc ...)
+	TODO: check
+CVE-2025-12096 (The Simple Excel Pricelist for WooCommerce plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-12072 (The Disable Content Editor For Specific Template plugin for WordPress  ...)
+	TODO: check
+CVE-2025-12028 (The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request ...)
+	TODO: check
+CVE-2025-12017 (The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflec ...)
+	TODO: check
+CVE-2025-12016 (The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-12014 (The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauth ...)
+	TODO: check
+CVE-2025-11992 (The Multi Item Responsive Slider plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-11889 (The AIO Forms \u2013 Craft Complex Forms Easily plugin for WordPress i ...)
+	TODO: check
+CVE-2025-11887 (The Supervisor plugin for WordPress is vulnerable to unauthorized modi ...)
+	TODO: check
+CVE-2025-11576 (The AI Chatbot Free Models \u2013 Customer Support, Live Chat, Virtual ...)
+	TODO: check
+CVE-2025-11504 (The Quickcreator \u2013 AI Blog Writer plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-11257 (The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unau ...)
+	TODO: check
+CVE-2025-11253 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-11172 (The Check Plagiarism plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2025-11145 (Observable Discrepancy, Exposure of Sensitive Information to an Unauth ...)
+	TODO: check
+CVE-2025-10902 (The Originality.ai AI Checker plugin for WordPress is vulnerable to un ...)
+	TODO: check
+CVE-2025-10901 (The Originality.ai AI Checker plugin for WordPress is vulnerable to un ...)
+	TODO: check
+CVE-2025-10861 (The Popup builder with Gamification, Multi-Step Popups, Page-Level Tar ...)
+	TODO: check
+CVE-2025-10749 (The Microsoft Azure Storage for WordPress plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2025-10748 (The RapidResult plugin for WordPress is vulnerable to SQL Injection vi ...)
+	TODO: check
+CVE-2025-10740 (The URL Shortener Plugin For WordPress plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-10701 (The Time Clock \u2013 A WordPress Employee & Volunteer Time Clock Plug ...)
+	TODO: check
+CVE-2025-10680 (OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a ...)
+	TODO: check
+CVE-2025-40024 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
 	- linux 6.16.10-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/afe16653e05db07d658b55245c7a2e0603f136c0 (6.17)
-CVE-2025-40023 [drm/xe/vf: Don't expose sysfs attributes not applicable for VFs]
+CVE-2025-40023 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.16.10-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/500dad428e5b0de4c1bdfa893822a6e06ddad0b5 (6.17)
-CVE-2025-40022 [crypto: af_alg - Fix incorrect boolean values in af_alg_ctx]
+CVE-2025-40022 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.16.10-1
 	NOTE: https://git.kernel.org/linus/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb (6.17)
-CVE-2025-40021 [tracing: dynevent: Add a missing lockdown check on dynevent]
+CVE-2025-40021 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 6.16.10-1
 	NOTE: https://git.kernel.org/linus/456c32e3c4316654f95f9d49c12cbecfb77d5660 (6.17)
-CVE-2025-40020 [can: peak_usb: fix shift-out-of-bounds issue]
+CVE-2025-40020 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.16.10-1
 	NOTE: https://git.kernel.org/linus/c443be70aaee42c2d1d251e0329e0a69dd96ae54 (6.17)
-CVE-2025-40019 [crypto: essiv - Check ssize for decryption and in-place encryption]
+CVE-2025-40019 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/6bb73db6948c2de23e407fe1b7ef94bf02b7529f (6.18-rc1)
-CVE-2025-40018 [ipvs: Defer ip_vs_ftp unregister during netns cleanup]
+CVE-2025-40018 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/134121bfd99a06d44ef5ba15a9beb075297c0821 (6.18-rc1)
-CVE-2023-53733 [net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode]
+CVE-2023-53733 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.4.11-1
 	[bookworm] - linux 6.1.52-1
 	NOTE: https://git.kernel.org/linus/9cb36faedeafb9720ac236aeae2ea57091d90a09 (6.5-rc3)
@@ -1369,6 +1511,7 @@ CVE-2025-61750 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-61749 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61748 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-6037-1}
 	- openjdk-21 21.0.9+10-1
 	- openjdk-25 25.0.1+8-1
 	NOTE: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
@@ -1446,6 +1589,7 @@ CVE-2025-53068 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2025-53067 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <not-affected> (Only affects 9.x)
 CVE-2025-53066 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-6037-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.29+6-1
 	- openjdk-17 17.0.17+10-1
@@ -1469,6 +1613,7 @@ CVE-2025-53059 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-53058 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53057 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-6037-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.29+6-1
 	- openjdk-17 17.0.17+10-1
@@ -10414,7 +10559,7 @@ CVE-2025-27262 (Ericsson Indoor Connect 8855 contains a command injection vulner
 	NOT-FOR-US: Ericsson
 CVE-2025-27261 (Ericsson Indoor Connect 8855 contains an SQL injection vulnerability w ...)
 	NOT-FOR-US: Ericsson
-CVE-2025-26333 (Dell Crypto-J generates an error message that includes sensitive infor ...)
+CVE-2025-26333 (Dell BSAFE Crypto-J generates an error message that includes sensitive ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-26278 (A prototype pollution in the lib.set function of dref v0.1.2 allows at ...)
 	NOT-FOR-US: Node dref
@@ -353730,8 +353875,8 @@ CVE-2021-43770
 	RESERVED
 CVE-2021-43769
 	RESERVED
-CVE-2021-43768
-	RESERVED
+CVE-2021-43768 (In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 ...)
+	TODO: check
 CVE-2021-43767 (Odyssey passes to client unencrypted bytes from man-in-the-middle When ...)
 	NOT-FOR-US: yandex/odyssey
 CVE-2021-43766 (Odyssey passes to server unencrypted bytes from man-in-the-middle When ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398e1ac61fc9ee0c51181d77d260a81b2d9e70de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398e1ac61fc9ee0c51181d77d260a81b2d9e70de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251024/88bcb439/attachment.htm>