[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 29 20:14:22 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a94ea3f by security tracker role at 2025-10-29T20:13:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,245 @@
-CVE-2025-11232
+CVE-2025-9871 (Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalati ...)
+ TODO: check
+CVE-2025-9870 (Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privileg ...)
+ TODO: check
+CVE-2025-9869 (Razer Synapse 3 Macro Module Link Following Local Privilege Escalation ...)
+ TODO: check
+CVE-2025-64291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64290 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...)
+ TODO: check
+CVE-2025-64289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64288 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...)
+ TODO: check
+CVE-2025-64286 (Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals ...)
+ TODO: check
+CVE-2025-64285 (Missing Authorization vulnerability in Premmerce Premmerce Wholesale P ...)
+ TODO: check
+CVE-2025-64284 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64283 (Authorization Bypass Through User-Controlled Key vulnerability in Rome ...)
+ TODO: check
+CVE-2025-64234 (Missing Authorization vulnerability in Evergreen Content Poster Evergr ...)
+ TODO: check
+CVE-2025-64229 (Missing Authorization vulnerability in BoldGrid Client Invoicing by Sp ...)
+ TODO: check
+CVE-2025-64228 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-64226 (Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Ex ...)
+ TODO: check
+CVE-2025-64220 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64219 (Missing Authorization vulnerability in Strategy11 Team Business Direct ...)
+ TODO: check
+CVE-2025-64216 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64212 (Missing Authorization vulnerability in StylemixThemes MasterStudy LMS ...)
+ TODO: check
+CVE-2025-64211 (Missing Authorization vulnerability in StylemixThemes Masterstudy Elem ...)
+ TODO: check
+CVE-2025-64210 (Missing Authorization vulnerability in StylemixThemes Masterstudy Elem ...)
+ TODO: check
+CVE-2025-64208 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64204 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64202 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64201 (Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress ...)
+ TODO: check
+CVE-2025-64200 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64199 (Missing Authorization vulnerability in WpEstate wpresidence wpresidenc ...)
+ TODO: check
+CVE-2025-64197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64195 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64150 (A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 ...)
+ TODO: check
+CVE-2025-64149 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish t ...)
+ TODO: check
+CVE-2025-64148 (A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 ...)
+ TODO: check
+CVE-2025-64147 (Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys display ...)
+ TODO: check
+CVE-2025-64146 (Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in ...)
+ TODO: check
+CVE-2025-64145 (Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens di ...)
+ TODO: check
+CVE-2025-64144 (Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypt ...)
+ TODO: check
+CVE-2025-64143 (Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorizat ...)
+ TODO: check
+CVE-2025-64142 (A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 a ...)
+ TODO: check
+CVE-2025-64141 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Tas ...)
+ TODO: check
+CVE-2025-64140 (Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which comma ...)
+ TODO: check
+CVE-2025-64139 (A missing permission check in Jenkins Start Windocks Containers Plugin ...)
+ TODO: check
+CVE-2025-64138 (A cross-site request forgery (CSRF) vulnerability in Jenkins Start Win ...)
+ TODO: check
+CVE-2025-64137 (A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier ...)
+ TODO: check
+CVE-2025-64136 (A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Pl ...)
+ TODO: check
+CVE-2025-64135 (Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier se ...)
+ TODO: check
+CVE-2025-64134 (Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version ...)
+ TODO: check
+CVE-2025-64133 (A cross-site request forgery (CSRF) vulnerability in Jenkins Extensibl ...)
+ TODO: check
+CVE-2025-64132 (Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not per ...)
+ TODO: check
+CVE-2025-64131 (Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implemen ...)
+ TODO: check
+CVE-2025-64104 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
+ TODO: check
+CVE-2025-64103 (Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi ...)
+ TODO: check
+CVE-2025-64102 (Zitadel is open-source identity infrastructure software. Prior to 4.6. ...)
+ TODO: check
+CVE-2025-64101 (Zitadel is open-source identity infrastructure software. Prior to 4.6. ...)
+ TODO: check
+CVE-2025-64100 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
+CVE-2025-63622 (A vulnerability was found in code-projects Online Complaint Site 1.0. ...)
+ TODO: check
+CVE-2025-62797 (FluxCP is a web-based Control Panel for rAthena servers written in PHP ...)
+ TODO: check
+CVE-2025-62792 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62791 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62790 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62789 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62788 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62787 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62786 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-62785 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-61876 (Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint ...)
+ TODO: check
+CVE-2025-61429 (An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows atta ...)
+ TODO: check
+CVE-2025-61234 (Incorrect access control on Dataphone A920 v2025.07.161103 exposes a s ...)
+ TODO: check
+CVE-2025-61161 (DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related c ...)
+ TODO: check
+CVE-2025-61156 (Incorrect access control in the kernel driver of ThreatFire System Mon ...)
+ TODO: check
+CVE-2025-60898 (An unauthenticated server-side request forgery (SSRF) vulnerability in ...)
+ TODO: check
+CVE-2025-60595 (SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.)
+ TODO: check
+CVE-2025-60542 (SQL Injection vulnerability in TypeORM before 0.3.26 via crafted reque ...)
+ TODO: check
+CVE-2025-60320 (memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service pat ...)
+ TODO: check
+CVE-2025-60075 (Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing h ...)
+ TODO: check
+CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super St ...)
+ TODO: check
+CVE-2025-58711 (Missing Authorization vulnerability in solwin Blog Designer PRO blog-d ...)
+ TODO: check
+CVE-2025-57227 (An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8 ...)
+ TODO: check
+CVE-2025-56558 (An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticat ...)
+ TODO: check
+CVE-2025-54384 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
+CVE-2025-35980
+ REJECTED
+CVE-2025-1549 (A local privilege escalation vulnerability in the WatchGuard Mobile VP ...)
+ TODO: check
+CVE-2025-12479 (Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementatio ...)
+ TODO: check
+CVE-2025-12478 (Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1. ...)
+ TODO: check
+CVE-2025-12477 (Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; ...)
+ TODO: check
+CVE-2025-12476 (Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU ...)
+ TODO: check
+CVE-2025-12461 (This vulnerability allows an attacker to access parts of the applicati ...)
+ TODO: check
+CVE-2025-12450 (The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2025-12148 (In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules a ...)
+ TODO: check
+CVE-2025-12147 (In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security ( ...)
+ TODO: check
+CVE-2025-12142 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ TODO: check
+CVE-2025-12058 (The Keras.Model.load_model method, including when executed with the in ...)
+ TODO: check
+CVE-2025-11632 (The Call Now Button \u2013 The #1 Click to Call Button for WordPress p ...)
+ TODO: check
+CVE-2025-11587 (The Call Now Button \u2013 The #1 Click to Call Button for WordPress p ...)
+ TODO: check
+CVE-2025-11466 (Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vu ...)
+ TODO: check
+CVE-2025-11465 (Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execut ...)
+ TODO: check
+CVE-2025-11464 (Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote ...)
+ TODO: check
+CVE-2025-11463 (Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Exec ...)
+ TODO: check
+CVE-2025-11203 (LiteLLM Information health API_KEY Information Disclosure Vulnerabilit ...)
+ TODO: check
+CVE-2025-11202 (win-cli-mcp-server resolveCommandPath Command Injection Remote Code Ex ...)
+ TODO: check
+CVE-2025-11201 (MLflow Tracking Server Model Creation Directory Traversal Remote Code ...)
+ TODO: check
+CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass Vulnerability. ...)
+ TODO: check
+CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
+ TODO: check
+CVE-2025-10932 (Uncontrolled Resource Consumption vulnerability in Progress MOVEit Tra ...)
+ TODO: check
+CVE-2024-58269 (A vulnerability has been identified in Rancher Manager, where sensitiv ...)
+ TODO: check
+CVE-2024-45162 (A stack-based buffer overflow issue was discovered in the phddns clien ...)
+ TODO: check
+CVE-2024-45161 (A CSRF issue was discovered in the administrative web GUI in Blu-Castl ...)
+ TODO: check
+CVE-2024-14012 (Potential privilege escalation issue in Revenera InstallShield version ...)
+ TODO: check
+CVE-2023-39178
+ REJECTED
+CVE-2023-39177
+ REJECTED
+CVE-2023-32199 (A vulnerability has been identified within Rancher Manager, where aft ...)
+ TODO: check
+CVE-2018-25120 (D-Link DNS-343 ShareCenter devices running firmware versions up to and ...)
+ TODO: check
+CVE-2015-10147 (The Easy Testimonial Slider and Form plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2015-10146 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-11232 (To trigger the issue, three configuration parameters must have specifi ...)
- isc-kea <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2025-11232
-CVE-2025-40085 [ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card]
+CVE-2025-40085 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/28412b489b088fb88dff488305fd4e56bd47f6e4 (6.18-rc2)
-CVE-2025-40084 [ksmbd: transport_ipc: validate payload size before reading handle]
+CVE-2025-40084 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0
-CVE-2025-40083 [net/sched: sch_qfq: Fix null-deref in agg_dequeue]
+CVE-2025-40083 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
NOTE: https://git.kernel.org/linus/dd831ac8221e691e9e918585b1003c7071df0379 (6.16-rc6)
-CVE-2023-7324 [scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses]
+CVE-2023-7324 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/db95d4df71cb55506425b6e4a5f8d68e3a765b63 (6.3-rc1)
@@ -433,7 +661,7 @@ CVE-2025-40025 (In the Linux kernel, the following vulnerability has been resolv
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c18ecd99e0c707ef8f83cace861cbc3162f4fdf1 (6.18-rc1)
CVE-2025-62231
- {DSA-6044-1}
+ {DSA-6044-1 DLA-4353-1}
- xorg-server 2:21.1.20-1
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -442,7 +670,7 @@ CVE-2025-62231
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa (xorg-server-21.1.19)
CVE-2025-62230
- {DSA-6044-1}
+ {DSA-6044-1 DLA-4353-1}
- xorg-server 2:21.1.20-1
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -453,7 +681,7 @@ CVE-2025-62230
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175 (xorg-server-21.1.19)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839 (xorg-server-21.1.19)
CVE-2025-62229
- {DSA-6044-1}
+ {DSA-6044-1 DLA-4353-1}
- xorg-server 2:21.1.20-1
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -585,7 +813,8 @@ CVE-2025-9164 (Docker Desktop Installer.exe is vulnerable to DLL hijacking due t
NOT-FOR-US: Docker products not packaged in Debian
CVE-2025-8432 (Incorrect Default Permissions vulnerability in Centreon Infra Monitori ...)
NOT-FOR-US: Centreon
-CVE-2025-62516 (Landlord Onboarding & Rental Signup introduces the landlord onboarding ...)
+CVE-2025-62516
+ REJECTED
NOT-FOR-US: Landlord Onboarding & Rental Signup
CVE-2025-62263 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...)
NOT-FOR-US: Liferay
@@ -700,9 +929,9 @@ CVE-2025-46582 (A private key disclosure vulnerability exists in ZTE's ZXMP M721
NOT-FOR-US: ZTE
CVE-2025-41384 (Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1 ...)
NOT-FOR-US: SuiteCRM
-CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allow ...)
+CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allow ...)
- open5gs <itp> (bug #1094791)
-CVE-2025-41067 (Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allow ...)
+CVE-2025-41067 (Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allow ...)
- open5gs <itp> (bug #1094791)
CVE-2025-41009 (SQL injection vulnerability in the DRED virtual campus platform. This ...)
NOT-FOR-US: DRED virtual campus platform
@@ -11540,7 +11769,7 @@ CVE-2025-10858 (An issue was discovered in GitLab CE/EE affecting all versions b
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-10544 (Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.1 ...)
NOT-FOR-US: DocAve
-CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]
+CVE-2025-10925 (GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Executi ...)
- gimp <unfixed> (unimportant)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -11550,7 +11779,7 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflo
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68 (GIMP_2_99_16)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/002b22c15028b18557bd0823a081af9ed5316679
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
-CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability]
+CVE-2025-10924 (GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerabil ...)
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116461)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
@@ -11560,7 +11789,7 @@ CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28 (GIMP_2_99_18)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
-CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability]
+CVE-2025-10923 (GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerab ...)
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116460)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
@@ -11570,14 +11799,14 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Co
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2445
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8 (GIMP_2_99_12)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fb31ddf32298bb2f0f09b3ccc53464b8693a050e
-CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
+CVE-2025-10922 (GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
{DSA-6043-1 DSA-6014-1 DLA-4342-1}
- gimp 3.0.4-6.1 (bug #1116459)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-911/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
-CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
+CVE-2025-10920 (GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulne ...)
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116458)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
@@ -11587,7 +11816,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8 (GIMP_2_99_14)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5f4329d324b0db7a857918941ef7e1d27f3d3992
-CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
+CVE-2025-10921 (GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
{DSA-6018-1 DLA-4341-1}
- gegl 1:0.4.62-3.1 (bug #1116470)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
@@ -63896,7 +64125,7 @@ CVE-2024-58249 (In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets
[bookworm] - wxwidgets3.2 <no-dsa> (Minor issue)
NOTE: https://github.com/wxWidgets/wxWidgets/issues/24885
NOTE: https://github.com/wxWidgets/wxWidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d (v3.2.7)
-CVE-2024-58248 (nopCommerce before 4.80.0 does not offer locking for order placement. ...)
+CVE-2024-58248 (nopCommerce through 4.90.1 does not offer locking for order placement. ...)
NOT-FOR-US: nopCommerce
CVE-2024-56736 (Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. ...)
NOT-FOR-US: Apache HertzBeat
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a94ea3febbb9993b11ddd7989a34c94c8ad019f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a94ea3febbb9993b11ddd7989a34c94c8ad019f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251029/ecdf9bc4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list