[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 30 20:13:05 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8aa993a6 by security tracker role at 2025-10-30T20:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,73 +1,201 @@
-CVE-2025-40105 [vfs: Don't leak disconnected dentries on umount]
+CVE-2025-8850 (In danny-avila/librechat version 0.7.9, there is an insecure API desig ...)
+ TODO: check
+CVE-2025-64118 (node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { s ...)
+ TODO: check
+CVE-2025-64116 (Movary is a web application to track, rate and explore your movie watc ...)
+ TODO: check
+CVE-2025-64115 (Movary is a web application to track, rate and explore your movie watc ...)
+ TODO: check
+CVE-2025-64112 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+ TODO: check
+CVE-2025-64096 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+ TODO: check
+CVE-2025-63885 (A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 0 ...)
+ TODO: check
+CVE-2025-63608 (A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Bu ...)
+ TODO: check
+CVE-2025-63423 (Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.201902 ...)
+ TODO: check
+CVE-2025-63422 (Incorrect access control in the Web management interface in Each Italy ...)
+ TODO: check
+CVE-2025-63298 (A path traversal vulnerability was identified in SourceCodester Pet Gr ...)
+ TODO: check
+CVE-2025-62795 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2025-62726 (n8n is an open source workflow automation platform. Prior to 1.113.0, ...)
+ TODO: check
+CVE-2025-62712 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2025-62266 (By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsuppor ...)
+ TODO: check
+CVE-2025-62265 (Cross-site scripting (XSS) vulnerability in the Blogs widget in Lifera ...)
+ TODO: check
+CVE-2025-61498 (A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10. ...)
+ TODO: check
+CVE-2025-61196 (An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker t ...)
+ TODO: check
+CVE-2025-61121 (Mobile Scanner Android App version 2.12.38 (package name com.glority.e ...)
+ TODO: check
+CVE-2025-61120 (AG Life Logger Android App version v1.0.2.72 and before (package name ...)
+ TODO: check
+CVE-2025-61119 (Kanova Android App version 1.0.27 (package name com.karelane), develop ...)
+ TODO: check
+CVE-2025-61118 (mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), d ...)
+ TODO: check
+CVE-2025-61117 (Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl ...)
+ TODO: check
+CVE-2025-61116 (AdForest - Classified Android App version 4.0.12 (package name scripts ...)
+ TODO: check
+CVE-2025-61115 (ABC Fine Wine & Spirits Android App version v.11.27.5 and before (pack ...)
+ TODO: check
+CVE-2025-61114 (2nd Line Android App version v1.2.92 and before (package name com.myse ...)
+ TODO: check
+CVE-2025-61113 (TalkTalk 3.3.6 Android App contains improper access control vulnerabil ...)
+ TODO: check
+CVE-2025-60950 (An arbitrary file upload vulnerability in the Data Preparation functio ...)
+ TODO: check
+CVE-2025-60319 (PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due t ...)
+ TODO: check
+CVE-2025-5347 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are ...)
+ TODO: check
+CVE-2025-5343 (Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are ...)
+ TODO: check
+CVE-2025-5342 (Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerab ...)
+ TODO: check
+CVE-2025-57109 (Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-Af ...)
+ TODO: check
+CVE-2025-56313 (A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in ...)
+ TODO: check
+CVE-2025-54471 (NeuVector used a hard-coded cryptographic key embedded in the source ...)
+ TODO: check
+CVE-2025-54470 (This vulnerability affects NeuVector deployments only when the Report ...)
+ TODO: check
+CVE-2025-54469 (A vulnerability was identified in NeuVector, where the enforcer used e ...)
+ TODO: check
+CVE-2025-53883 (A Improper Neutralization of Script-Related HTML Tags in a Web Page (B ...)
+ TODO: check
+CVE-2025-53880 (A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete ...)
+ TODO: check
+CVE-2025-52180 (Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity ...)
+ TODO: check
+CVE-2025-52179 (Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolutio ...)
+ TODO: check
+CVE-2025-50739 (iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via u ...)
+ TODO: check
+CVE-2025-50736 (An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9. ...)
+ TODO: check
+CVE-2025-50574 (Cross-site scripting (XSS) vulnerability in blog-details.php in Hiruna ...)
+ TODO: check
+CVE-2025-46423 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-46422 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-46363 (Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance versio ...)
+ TODO: check
+CVE-2025-43942 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-43941 (Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-43940 (Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-43939 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-43027 (A critical severity vulnerability has been identified in the ALPR Mana ...)
+ TODO: check
+CVE-2025-3356 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could al ...)
+ TODO: check
+CVE-2025-3355 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could al ...)
+ TODO: check
+CVE-2025-39663 (Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed moni ...)
+ TODO: check
+CVE-2025-36592 (Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.2 ...)
+ TODO: check
+CVE-2025-36137 (IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, ...)
+ TODO: check
+CVE-2025-12517 (Credits Page not Matching Versions in Use in the FirmwareThis issue af ...)
+ TODO: check
+CVE-2025-12516 (Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU ...)
+ TODO: check
+CVE-2025-12515 (Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects ...)
+ TODO: check
+CVE-2025-12060 (The keras.utils.get_file API in Keras, when used with the extract=True ...)
+ TODO: check
+CVE-2025-11998 (The following HP Card Readers B Models(X3D03B & Y7C05B) are potentiall ...)
+ TODO: check
+CVE-2025-10348 (URVE Smart Office is vulnerable to Stored XSS in report problem functi ...)
+ TODO: check
+CVE-2025-10317 (Quick.Cart is vulnerable to Cross-Site Request Forgery in product crea ...)
+ TODO: check
+CVE-2025-40105 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/56094ad3eaa21e6621396cc33811d8f72847a834 (6.18-rc2)
-CVE-2025-40104 [ixgbevf: fix mailbox API compatibility by negotiating supported features]
+CVE-2025-40104 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a7075f501bd33c93570af759b6f4302ef0175168 (6.18-rc2)
-CVE-2025-40103 [smb: client: Fix refcount leak for cifs_sb_tlink]
+CVE-2025-40103 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c2b77f42205ef485a647f62082c442c1cd69d3fc (6.18-rc2)
-CVE-2025-40102 [KVM: arm64: Prevent access to vCPU events before init]
+CVE-2025-40102 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0aa1b76fe1429629215a7c79820e4b96233ac4a3 (6.18-rc2)
-CVE-2025-40101 [btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST]
+CVE-2025-40101 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fec9b9d3ced39f16be8d7afdf81f4dd2653da319 (6.18-rc2)
-CVE-2025-40100 [btrfs: do not assert we found block group item when creating free space tree]
+CVE-2025-40100 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a5a51bf4e9b7354ce7cd697e610d72c1b33fd949 (6.18-rc2)
-CVE-2025-40099 [cifs: parse_dfs_referrals: prevent oob on malformed input]
+CVE-2025-40099 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9 (6.18-rc2)
-CVE-2025-40098 [ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state()]
+CVE-2025-40098 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8527bbb33936340525a3504a00932b2f8fd75754 (6.18-rc2)
-CVE-2025-40097 [ALSA: hda: Fix missing pointer check in hda_component_manager_init function]
+CVE-2025-40097 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1cf11d80db5df805b538c942269e05a65bcaf5bc (6.18-rc2)
-CVE-2025-40096 [drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies]
+CVE-2025-40096 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5801e65206b065b0b2af032f7f1eef222aa2fd83 (6.18-rc2)
-CVE-2025-40095 [usb: gadget: f_rndis: Refactor bind path to use __free()]
+CVE-2025-40095 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/08228941436047bdcd35a612c1aec0912a29d8cd (6.18-rc1)
-CVE-2025-40094 [usb: gadget: f_acm: Refactor bind path to use __free()]
+CVE-2025-40094 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/47b2116e54b4a854600341487e8b55249e926324 (6.18-rc1)
-CVE-2025-40093 [usb: gadget: f_ecm: Refactor bind path to use __free()]
+CVE-2025-40093 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 (6.18-rc1)
-CVE-2025-40092 [usb: gadget: f_ncm: Refactor bind path to use __free()]
+CVE-2025-40092 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef (6.18-rc1)
-CVE-2025-40091 [ixgbe: fix too early devlink_free() in ixgbe_remove()]
+CVE-2025-40091 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5feef67b646d8f5064bac288e22204ffba2b9a4a (6.18-rc2)
-CVE-2025-40090 [ksmbd: fix recursive locking in RPC handle list access]
+CVE-2025-40090 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/88f170814fea74911ceab798a43cbd7c5599bed4 (6.18-rc2)
-CVE-2025-40089 [cxl/features: Add check for no entries in cxl_feature_info]
+CVE-2025-40089 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a375246fcf2bbdaeb1df7fa7ee5a8b884a89085e (6.18-rc2)
-CVE-2025-40088 [hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()]
+CVE-2025-40088 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/42520df65bf67189541a425f7d36b0b3e7bd7844 (6.18-rc1)
-CVE-2025-40087 [NFSD: Define a proc_layoutcommit for the FlexFiles layout type]
+CVE-2025-40087 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4b47a8601b71ad98833b447d465592d847b4dc77 (6.18-rc2)
-CVE-2025-40086 [drm/xe: Don't allow evicting of BOs in same VM in array of VM binds]
+CVE-2025-40086 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -122,67 +250,86 @@ CVE-2025-10636 (The NS Maintenance Mode for WP WordPress plugin through 1.3.1 do
NOT-FOR-US: WordPress plugin
CVE-2025-10008 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-62503
+CVE-2025-62503 (User with CREATE and no UPDATE privilege for Pools, Connections, Varia ...)
- airflow <itp> (bug #819700)
-CVE-2025-62402
+CVE-2025-62402 (API users via `/api/v2/dagReports` could perform Dag code execution in ...)
- airflow <itp> (bug #819700)
-CVE-2025-54941
+CVE-2025-54941 (An example dag `example_dag_decorator` had non-validated parameter tha ...)
- airflow <itp> (bug #819700)
CVE-2025-12447
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12446
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12445
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12444
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12443
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12441
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12440
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12439
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12438
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12437
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12436
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12435
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12434
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12433
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12432
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12431
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12430
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12429
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12428
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9871 (Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalati ...)
@@ -1021,7 +1168,7 @@ CVE-2025-61795 (Improper Resource Shutdown or Release vulnerability in Apache To
NOTE: https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
CVE-2025-61482 (Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyID ...)
NOT-FOR-US: NetKnights GmbH privacyIDEA Authenticator
-CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a re ...)
+CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the Web ...)
NOT-FOR-US: MikroTik
CVE-2025-61385 (SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote atta ...)
NOT-FOR-US: tlocke pg8000
@@ -3171,7 +3318,7 @@ CVE-2025-62525 (OpenWrt Project is a Linux operating system targeting embedded d
NOT-FOR-US: OpenWRT (ltq-ptm)
NOTE: https://openwrt.org/advisory/2025-10-22-2
CVE-2025-12036
- {DSA-6036-1}
+ {DSA-6046-1 DSA-6036-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9428 (Zohocorp ManageEngine Analytics Plus versions6171 and prior are vulner ...)
@@ -3928,6 +4075,7 @@ CVE-2025-62171 (ImageMagick is an open source software suite for displaying, con
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 (7.1.2-7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/456771fae8baa9558a1421ec8d522e6937d9b2d7 (6.9.13-32)
CVE-2025-62168 (Squid is a caching proxy for the Web. In Squid versions prior to 7.2, ...)
+ {DSA-6047-1}
- squid 7.2-1 (bug #1118341)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
NOTE: https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f (SQUID_7_2)
@@ -6598,7 +6746,8 @@ CVE-2025-21044 (Out-of-bounds write in fingerprint trustlet prior to SMR Oct-202
NOT-FOR-US: Samsung Mobile
CVE-2025-11570 (Versions of the package drupal-pattern-lab/unified-twig-extensions fro ...)
NOT-FOR-US: drupal-pattern-lab/unified-twig-extensions
-CVE-2025-11569 (All versions of the package cross-zip are vulnerable to Directory Trav ...)
+CVE-2025-11569
+ REJECTED
NOT-FOR-US: cross-zip Node.js module
CVE-2025-11558 (A vulnerability was found in code-projects E-Commerce Website 1.0. Imp ...)
NOT-FOR-US: code-projects E-Commerce Website
@@ -11047,7 +11196,7 @@ CVE-2025-11178 (Local privilege escalation due to DLL hijacking vulnerability. T
CVE-2025-11153 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- firefox 143.0.3-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/#CVE-2025-11153
-CVE-2025-11152 (This vulnerability affects Firefox < 143.0.3.)
+CVE-2025-11152 (Sandbox escape due to integer overflow in the Graphics: Canvas2D compo ...)
- firefox 143.0.3-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/#CVE-2025-11152
CVE-2025-10859 (Cookie storage for non-HTML temporary documents was being shared incor ...)
@@ -16490,7 +16639,7 @@ CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10537
-CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
+CVE-2025-10536 (Information disclosure in the Networking: Cache component. This vulner ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16498,13 +16647,13 @@ CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10536
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10536
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10536
-CVE-2025-10535 (This vulnerability affects Firefox < 143.)
+CVE-2025-10535 (Information disclosure, mitigation bypass in the Privacy component in ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10535
-CVE-2025-10534 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
+CVE-2025-10534 (Spoofing issue in the Site Permissions component. This vulnerability a ...)
- firefox 143.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10534
-CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefo ...)
+CVE-2025-10533 (Integer overflow in the SVG component. This vulnerability affects Fire ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16512,7 +16661,7 @@ CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28,
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10533
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10533
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10533
-CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
+CVE-2025-10532 (Incorrect boundary conditions in the JavaScript: GC component. This vu ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16520,13 +16669,13 @@ CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10532
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10532
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10532
-CVE-2025-10531 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
+CVE-2025-10531 (Mitigation bypass in the Web Compatibility: Tooling component. This vu ...)
- firefox 143.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10531
-CVE-2025-10530 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
+CVE-2025-10530 (Spoofing issue in the WebAuthn component in Firefox for Android. This ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10530
-CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
+CVE-2025-10529 (Same-origin policy bypass in the Layout component. This vulnerability ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16534,7 +16683,7 @@ CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10529
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10529
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10529
-CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
+CVE-2025-10528 (Sandbox escape due to undefined behavior, invalid pointer in the Graph ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16542,7 +16691,7 @@ CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10528
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10528
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10528
-CVE-2025-10527 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
+CVE-2025-10527 (Sandbox escape due to use-after-free in the Graphics: Canvas2D compone ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -26064,7 +26213,7 @@ CVE-2025-9184 (Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR
CVE-2025-9183 (Spoofing issue in the Address Bar component. This vulnerability affect ...)
- firefox 142.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9183
-CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics: WebRender com ...)
+CVE-2025-9182 (Denial-of-service due to out-of-memory in the Graphics: WebRender comp ...)
- firefox 142.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vulnerab ...)
@@ -26075,7 +26224,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9181
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
-CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.' This ...)
+CVE-2025-9180 (Same-origin policy bypass in the Graphics: Canvas2D component. This vu ...)
{DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
- firefox 142.0-1
- firefox-esr 128.14.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aa993a682d34aee407378c8b086fc813dde755b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aa993a682d34aee407378c8b086fc813dde755b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251030/d9f448d9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list