[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 31 20:13:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1a4e7e0 by security tracker role at 2025-10-31T20:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,416 @@
-CVE-2025-40106 [comedi: fix divide-by-zero in comedi_buf_munge()]
+CVE-2025-8849 (LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) att ...)
+ TODO: check
+CVE-2025-8489 (The King Addons for Elementor \u2013 Free Elements, Widgets, Templates ...)
+ TODO: check
+CVE-2025-8385 (The Zombify plugin for WordPress is vulnerable to Path Traversal in al ...)
+ TODO: check
+CVE-2025-8383 (The Depicter plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of service (Do ...)
+ TODO: check
+CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled a perf ...)
+ TODO: check
+CVE-2025-64389 (The web server of the device performs exchanges of sensitive informati ...)
+ TODO: check
+CVE-2025-64388 (Denial of service of the web server through specific requests to this ...)
+ TODO: check
+CVE-2025-64387 (The web application is vulnerable to a so-called \u2018clickjacking\u2 ...)
+ TODO: check
+CVE-2025-64386 (The equipment grants a JWT token for each connection in the timeline, ...)
+ TODO: check
+CVE-2025-64385 (The equipment initially can be configured using the manufacturer's app ...)
+ TODO: check
+CVE-2025-64368 (Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard ...)
+ TODO: check
+CVE-2025-64367 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64366 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-64365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64364 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64363 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64362 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64360 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64359 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64358 (Missing Authorization vulnerability in WebToffee Smart Coupons for Woo ...)
+ TODO: check
+CVE-2025-64357 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...)
+ TODO: check
+CVE-2025-64356 (Missing Authorization vulnerability in f1logic Insert PHP Code Snippet ...)
+ TODO: check
+CVE-2025-64354 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64353 (Deserialization of Untrusted Data vulnerability in Chouby Polylang pol ...)
+ TODO: check
+CVE-2025-64352 (Missing Authorization vulnerability in WPDeveloper Essential Addons fo ...)
+ TODO: check
+CVE-2025-64351 (Insertion of Sensitive Information Into Sent Data vulnerability in Ran ...)
+ TODO: check
+CVE-2025-64350 (Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo ...)
+ TODO: check
+CVE-2025-64349 (ELOG allows an authenticated user to modify another user's profile. An ...)
+ TODO: check
+CVE-2025-64348 (ELOG allows an authenticated user to modify or overwrite the configura ...)
+ TODO: check
+CVE-2025-64168 (Agno is a multi-agent framework, runtime and control plane. From 2.0.0 ...)
+ TODO: check
+CVE-2025-63675 (cryptidy through 1.2.4 allows code execution via untrusted data becaus ...)
+ TODO: check
+CVE-2025-63562 (Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 ...)
+ TODO: check
+CVE-2025-63561 (Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 ...)
+ TODO: check
+CVE-2025-63469 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63468 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63467 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63466 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63465 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63464 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63463 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2025-63462 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-63461 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-63460 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-63459 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-63458 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-63454 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-62618 (ELOG allows an authenticated user to upload arbitrary HTML files. The ...)
+ TODO: check
+CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web content tem ...)
+ TODO: check
+CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in Languauge Overri ...)
+ TODO: check
+CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to plaintext u ...)
+ TODO: check
+CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO A ...)
+ TODO: check
+CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in the conf ...)
+ TODO: check
+CVE-2025-60749 (DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via craft ...)
+ TODO: check
+CVE-2025-60711 (Protection mechanism failure in Microsoft Edge (Chromium-based) allows ...)
+ TODO: check
+CVE-2025-5397 (The Noo JobMonster theme for WordPress is vulnerable to Authentication ...)
+ TODO: check
+CVE-2025-59501 (Authentication bypass by spoofing in Microsoft Configuration Manager a ...)
+ TODO: check
+CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put ...)
+ TODO: check
+CVE-2025-57108 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use- ...)
+ TODO: check
+CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buff ...)
+ TODO: check
+CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffe ...)
+ TODO: check
+CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. con ...)
+ TODO: check
+CVE-2025-52665 (A malicious actor with access to the management network could exploit ...)
+ TODO: check
+CVE-2025-52664 (SQL injection in Revive Adserver 6.0.0 causes potential disruption or ...)
+ TODO: check
+CVE-2025-52663 (A vulnerability was identified in certain UniFi Talk devices where int ...)
+ TODO: check
+CVE-2025-4952 (Tampering of the registry entries might have led to preventing the ESE ...)
+ TODO: check
+CVE-2025-48984 (A vulnerability allowing remote code execution (RCE) on the Backup Ser ...)
+ TODO: check
+CVE-2025-48983 (A vulnerability in the Mount service of Veeam Backup & Replication, wh ...)
+ TODO: check
+CVE-2025-48982 (This vulnerability in Veeam Agent for Microsoft Windows allows for Loc ...)
+ TODO: check
+CVE-2025-48980 (In Brave Browser Desktop versions prior to 1.83.10 that have the split ...)
+ TODO: check
+CVE-2025-40603 (A potential exposure of sensitive information in log files in SonicWal ...)
+ TODO: check
+CVE-2025-36249 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set ...)
+ TODO: check
+CVE-2025-34298 (Nagios Log Server versions prior to 2024R1.3.2 contain a privilege esc ...)
+ TODO: check
+CVE-2025-34287 (Nagios XI versions prior to 2024R2 contain an improperly owned script, ...)
+ TODO: check
+CVE-2025-34286 (Nagios XI versions prior to 2026R1 contain a remote code execution vu ...)
+ TODO: check
+CVE-2025-34284 (Nagios XI versions prior to2024R2contain a command injection vulnerabi ...)
+ TODO: check
+CVE-2025-34283 (Nagios XI versions prior to2024R1.4.2revealed API keys to users who we ...)
+ TODO: check
+CVE-2025-34280 (NagiosNetwork Analyzer versions prior to2024R2.0.1 contain a vulnerabi ...)
+ TODO: check
+CVE-2025-34278 (Nagios Network Analyzer versions prior to2024R1 contain a stored cross ...)
+ TODO: check
+CVE-2025-34277 (Nagios Log Server versions prior to2024R1.3.1 contain a code injection ...)
+ TODO: check
+CVE-2025-34274 (Nagios Log Server versions prior to 2024R2.0.3 contain an execution wi ...)
+ TODO: check
+CVE-2025-34273 (Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect au ...)
+ TODO: check
+CVE-2025-34272 (In Nagios Log Server versions prior to 2024R2.0.3, when a user's confi ...)
+ TODO: check
+CVE-2025-34271 (Nagios Log Server versions prior to2024R2.0.2 contain a vulnerability ...)
+ TODO: check
+CVE-2025-34270 (Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability ...)
+ TODO: check
+CVE-2025-34269 (Nagios Fusion versions prior to R2.1 contain a vulnerability due to th ...)
+ TODO: check
+CVE-2025-34249 (Nagios Fusion versions prior to 2024R2.1contain a brute-force bypass i ...)
+ TODO: check
+CVE-2025-34135 (Nagios XI versions prior to2024R1.4.2configure some systemd unit files ...)
+ TODO: check
+CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code execution ...)
+ TODO: check
+CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
+ TODO: check
+CVE-2025-30191 (Malicious content from E-Mail can be used to perform a redressing atta ...)
+ TODO: check
+CVE-2025-30188 (Malicious or unintentional API requests can be used to add significant ...)
+ TODO: check
+CVE-2025-29270 (Incorrect access control in the realtime.cgi endpoint of Deep Sea Elec ...)
+ TODO: check
+CVE-2025-27208 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
+ TODO: check
+CVE-2025-12554 (Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; B ...)
+ TODO: check
+CVE-2025-12553 (Email Server Certificate Verification Disabled.This issue affects BLU- ...)
+ TODO: check
+CVE-2025-12552 (Insufficient Password Policy.This issue affects BLU-IC2: through 1.19. ...)
+ TODO: check
+CVE-2025-12547 (A vulnerability was identified in LogicalDOC Community Edition up to 9 ...)
+ TODO: check
+CVE-2025-12546 (A vulnerability was determined in LogicalDOC Community Edition up to 9 ...)
+ TODO: check
+CVE-2025-12521 (The Analytify Pro plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2025-12509 (On a client with an admin user, a Global_Shipping script can be implem ...)
+ TODO: check
+CVE-2025-12508 (When using domain users as BRAIN2 users, communication with Active Dir ...)
+ TODO: check
+CVE-2025-12507 (The service Bizerba Communication Server (BCS) has an unquoted service ...)
+ TODO: check
+CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can lead to ...)
+ TODO: check
+CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 ...)
+ TODO: check
+CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization (SLAC) ...)
+ TODO: check
+CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2025-12115 (The WPC Name Your Price for WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-12094 (The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments ...)
+ TODO: check
+CVE-2025-12041 (The ERI File Library plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2025-11975 (The FuseWP \u2013 WordPress User Sync to Email List & Marketing Automa ...)
+ TODO: check
+CVE-2025-11843 (Therefore Corporation GmbH has recently become aware that Therefore\u2 ...)
+ TODO: check
+CVE-2025-11806 (The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-11602 (Potential information leak in bolt protocol handshake in Neo4j Enterpr ...)
+ TODO: check
+CVE-2025-11191 (The RealPress WordPress plugin before 1.1.0 registers the REST routes ...)
+ TODO: check
+CVE-2025-10897 (The WooCommerce Designer Pro theme for WordPress is vulnerable to arbi ...)
+ TODO: check
+CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR ...)
+ TODO: check
+CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local privile ...)
+ TODO: check
+CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored cross-site ...)
+ TODO: check
+CVE-2024-14009 (Nagios XI versions prior to2024R1.0.1contain a privilege escalation vu ...)
+ TODO: check
+CVE-2024-14008 (Nagios XI versions prior to 2024R1.3.2contain a remote command executi ...)
+ TODO: check
+CVE-2024-14006 (Nagios XI versions prior to 2024R1.2.2contain a host header injection ...)
+ TODO: check
+CVE-2024-14005 (Nagios XI versions prior to 2024R1.2 contain a command injection vulne ...)
+ TODO: check
+CVE-2024-14004 (Nagios XI versions prior to 2024R1.2 containa privilege escalation vul ...)
+ TODO: check
+CVE-2024-14003 (Nagios XI versions prior to 2024R1.2 arevulnerable to remote code exec ...)
+ TODO: check
+CVE-2024-14002 (Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion ...)
+ TODO: check
+CVE-2024-14001 (Nagios XI versions prior to 2024R1.1.3are vulnerable to cross-site scr ...)
+ TODO: check
+CVE-2024-14000 (Nagios XI versions prior to 2024R1.1.3are vulnerable to cross-site scr ...)
+ TODO: check
+CVE-2024-13999 (Nagios XI versions prior to 2024R1.1.3, under certain circumstances,di ...)
+ TODO: check
+CVE-2024-13996 (Nagios XI versions prior to2024R1.1.3did not invalidate all other acti ...)
+ TODO: check
+CVE-2024-13995 (Nagios XI versions prior to2024R1.1.2 may (confirmed in2024R1.1 and 20 ...)
+ TODO: check
+CVE-2024-13994 (Nagios XI versions prior to2024R1.1.2 contain a missing authorization ...)
+ TODO: check
+CVE-2024-13993 (Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected ...)
+ TODO: check
+CVE-2024-13992 (Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site s ...)
+ TODO: check
+CVE-2023-7325 (Anheng Mingyu Operation and Maintenance Audit and Risk Control System ...)
+ TODO: check
+CVE-2023-7323 (Nagios Log Server versions prior to 2024R1are vulnerable to cross-site ...)
+ TODO: check
+CVE-2023-7322 (Nagios Log Server versions prior to 2024R1 contain an incorrect author ...)
+ TODO: check
+CVE-2023-7321 (Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-sit ...)
+ TODO: check
+CVE-2023-7319 (Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cro ...)
+ TODO: check
+CVE-2023-7318 (Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site ...)
+ TODO: check
+CVE-2023-7317 (Nagios XI versions prior to 2024R1contain a missing access control vul ...)
+ TODO: check
+CVE-2023-7316 (Nagios XI versions prior to 2024R1 are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2023-7315 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2023-7314 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2023-7313 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2023-7312 (Nagios Fusion versions prior to4.2.0 contain a stored cross-site scrip ...)
+ TODO: check
+CVE-2023-53690 (Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scri ...)
+ TODO: check
+CVE-2023-53689 (Nagios Fusion versions prior to4.2.0 contain a reflected cross-site sc ...)
+ TODO: check
+CVE-2023-53688 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2022-50588 (Nagios XI versions prior to5.8.9are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2022-50587 (Nagios XI versions prior to5.8.9are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2022-50586 (Nagios XI versions prior to5.8.9are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2022-50585 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 ...)
+ TODO: check
+CVE-2022-50584 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 ...)
+ TODO: check
+CVE-2021-4461 (Seeyon Zhiyuan OA Web Application System versions up to and including ...)
+ TODO: check
+CVE-2021-47700 (Nagios XI versions prior to5.8.7used a temporary directory for Highcha ...)
+ TODO: check
+CVE-2021-47699 (Nagios XI versions prior to5.8.7are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2021-47697 (Nagios XI versions prior to5.8.0are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2021-47696 (Nagios XI versions prior to5.8.0are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2021-47695 (Nagios XI versions prior to5.8.0are vulnerable to stored cross-site sc ...)
+ TODO: check
+CVE-2021-47694 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 ...)
+ TODO: check
+CVE-2021-47693 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 ...)
+ TODO: check
+CVE-2021-47692
+ REJECTED
+CVE-2021-47691 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 ...)
+ TODO: check
+CVE-2021-47690 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 ...)
+ TODO: check
+CVE-2021-47689 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 ...)
+ TODO: check
+CVE-2020-36869 (Nagios XI versions prior to5.7.5contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2020-36868 (Nagios XI versions prior to5.7.3contain a privilege escalation vulnera ...)
+ TODO: check
+CVE-2020-36867 (Nagios XI versions prior to5.7.3contain a command injection vulnerabil ...)
+ TODO: check
+CVE-2020-36866 (Nagios XI versions prior to5.7.2are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2020-36865 (Nagios XI versions prior to5.7.2are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2020-36864 (Nagios XI versions prior to5.7.2are vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2020-36863 (Nagios XI versions prior to5.7.2allow PHP files to be uploaded to the ...)
+ TODO: check
+CVE-2020-36862 (Nagios XI versions prior to5.6.11contain unauthenticated vulnerabiliti ...)
+ TODO: check
+CVE-2020-36861 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 ...)
+ TODO: check
+CVE-2020-36860 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 ...)
+ TODO: check
+CVE-2020-36859 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 ...)
+ TODO: check
+CVE-2020-36858 (Nagios Log Server versions prior to 2.1.6contain cross-site scripting ...)
+ TODO: check
+CVE-2020-36857 (Nagios XI versions prior to 5.6.14 containa post-authentication SQL in ...)
+ TODO: check
+CVE-2020-36856 (Nagios XI versions prior to 5.6.14 contain an authenticated remote com ...)
+ TODO: check
+CVE-2018-25123 (Nagios XI versions prior to5.5.7contain a privilege escalation vulnera ...)
+ TODO: check
+CVE-2018-25122 (Nagios XI versions prior to5.4.13contain a remote code execution vulne ...)
+ TODO: check
+CVE-2018-25121 (Nagios XI versions prior to5.4.13 are vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2018-25119 (Nagios Fusion versions prior to 4.1.5 arevulnerable to cross-site scri ...)
+ TODO: check
+CVE-2017-20209 (Nagios Fusion versions prior to 4.0.1arevulnerable to cross-site scrip ...)
+ TODO: check
+CVE-2016-15053 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site scriptin ...)
+ TODO: check
+CVE-2016-15052 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site scriptin ...)
+ TODO: check
+CVE-2016-15051 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site scriptin ...)
+ TODO: check
+CVE-2016-15050 (Nagios XI versions prior to5.2.4 containa SQL injection vulnerability ...)
+ TODO: check
+CVE-2016-15049 (Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site ...)
+ TODO: check
+CVE-2013-10074 (Nagios XI versions prior to2012R2.6are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2013-10073 (Nagios XI versions prior to2012R1.6 contain ashell command injection v ...)
+ TODO: check
+CVE-2013-10072 (Nagios XI versions prior to2012R1.6 contain an authorization flaw in t ...)
+ TODO: check
+CVE-2013-10071 (Nagios XI versions prior to2012R1.6contain a reflected cross-site scri ...)
+ TODO: check
+CVE-2012-10063 (Nagios XI versions prior to2012R1.3 containa SQL injection vulnerabili ...)
+ TODO: check
+CVE-2011-10040 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2011-10039 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2011-10038 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2011-10037 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2011-10036 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
+ TODO: check
+CVE-2011-10035 (Nagios XI versions prior to2011R1.9contain privilege escalation vulner ...)
+ TODO: check
+CVE-2025-40106 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)
CVE-2025-11261
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T406322
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193414
@@ -7355,6 +7764,7 @@ CVE-2025-10004 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64 End of ...)
+ {DLA-4354-1}
- python3.14 3.14.0-3
- python3.13 <unfixed>
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -9646,10 +10056,12 @@ CVE-2025-61962 (In fetchmail before 6.5.6, the SMTP client can crash when authen
NOTE: https://www.fetchmail.info/fetchmail-SA-2025-01.txt
NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8 (6.5.6)
CVE-2025-61656 [Sanitize attributes unwrapped from data-ve-attributes]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T397232
NOTE: https://gerrit.wikimedia.org/r/c/VisualEditor/VisualEditor/+/1193247
CVE-2025-61655 [Properly escape and parse system messages]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T395858
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/1193248
@@ -9718,10 +10130,12 @@ CVE-2025-10895
CVE-2025-10653 (An unauthenticated debug port may allow access to the device file syst ...)
NOT-FOR-US: Raise3D
CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: http://phabricator.wikimedia.org/T397577
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TextExtracts/+/1193249
CVE-2025-11173
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T401862
NOTE: https://phabricator.wikimedia.org/T402094
@@ -9739,6 +10153,7 @@ CVE-2025-61652 [In API check user read permissions before showing PageInfo]
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T397580
CVE-2025-61635 [ApiFancyCaptchaReload: Reuse badcaptcha rate limit]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: http://phabricator.wikimedia.org/T355073
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ConfirmEdit/+/1193206
@@ -9749,6 +10164,7 @@ CVE-2025-61658
CVE-2025-61651
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-61646 [Prevent leaking hidden usernames in Watchlist/RecentChanges]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T398706
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193226
@@ -9757,6 +10173,7 @@ CVE-2025-61645 [Fix i18n XSS in CodexTablePager]
NOTE: http://phabricator.wikimedia.org/T403761
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193202
CVE-2025-61643 [Don't send suppressed recent changes to RCFeeds]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T403757
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193223
@@ -9989,18 +10406,22 @@ CVE-2025-61642 [Escape submit button label for Codex-based HTMLForms]
NOTE: https://phabricator.wikimedia.org/T402313
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193175
CVE-2025-61641 [api: Disable maxsize in QueryAllPages in miser mode]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T298690
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193174
CVE-2025-61640 [Parse messages instead of inserting them as HTML]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T402075
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193173
CVE-2025-61639 [Use ManualLogEntry::getDeleted in ::getRecentChange]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T280413
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193178
CVE-2025-61638 [Sanitize data- attributes]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T401099
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193172
@@ -12664,7 +13085,7 @@ CVE-2025-58457 (Improper permission check in ZooKeeper AdminServer lets authoriz
NOTE: Fixed by: https://github.com/apache/zookeeper/commit/63723a77a29dae974611702769bf62c4d77fe3f5 (release-3.9.4)
CVE-2025-57354 (A vulnerability exists in the 'counterpart' library for Node.js and th ...)
NOT-FOR-US: 'counterpart' library for Node.js
-CVE-2025-57353 (The Runtime components of messageformat package for Node.js prior to v ...)
+CVE-2025-57353 (The Runtime components of messageformat package for Node.js before 3.0 ...)
NOT-FOR-US: messageformat package for Node.js
CVE-2025-57352 (A vulnerability exists in the 'min-document' package prior to version ...)
- node-min-document <unfixed> (bug #1116340)
@@ -13374,7 +13795,7 @@ CVE-2025-39868 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/181993bb0d626cf88cc803f4356ce5c5abe86278 (6.17-rc6)
CVE-2025-39867
REJECTED
-CVE-2025-30189 [auth: Use AUTH_CACHE_KEY_USER instead of per-database constants]
+CVE-2025-30189 (When cache is enabled, some passdb/userdb drivers incorrectly cache al ...)
{DSA-6019-1}
- dovecot 1:2.4.1+dfsg1-7 (bug #1115474)
[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -40125,15 +40546,15 @@ CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Servic
NOT-FOR-US: WordPress plugin
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)
NOT-FOR-US: Red Hat OpenShift Jenkins
-CVE-2025-58149
+CVE-2025-58149 (When passing through PCI devices, the detach logic in libxl won't remo ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-476.html
-CVE-2025-58148
+CVE-2025-58148 ([This CNA information record relates to multiple CVEs; the text explai ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
-CVE-2025-58147
+CVE-2025-58147 ([This CNA information record relates to multiple CVEs; the text explai ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
@@ -45807,6 +46228,7 @@ CVE-2025-6196 (A flaw was found in libgepub, a library used to read EPUB files.
NOTE: https://gitlab.gnome.org/GNOME/libgepub/-/issues/18
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c (0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complexity w ...)
+ {DLA-4354-1}
- python3.13 3.13.6-1
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
@@ -80369,7 +80791,7 @@ CVE-2025-20060 (An attacker could expose cross-user personal identifiable inform
CVE-2025-20049 (The Dario Health portal service application is vulnerable to XSS, whic ...)
NOT-FOR-US: Dario Health
CVE-2025-1795 (During an address list folding when a separating comma ends up on a fo ...)
- {DLA-4087-1}
+ {DLA-4354-1 DLA-4087-1}
- python3.13 3.13.0~b1-1
- python3.12 3.12.9-1
- python3.11 <removed>
@@ -90639,7 +91061,7 @@ CVE-2025-22332 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-22265 (Missing Authorization vulnerability in mgplugin EMI Calculator allows ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and `url ...)
- {DLA-4087-1}
+ {DLA-4354-1 DLA-4087-1}
- python3.13 3.13.2-1
- python3.12 3.12.9-1
- python3.11 <removed>
@@ -93040,7 +93462,7 @@ CVE-2023-50309 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0i
NOT-FOR-US: IBM
CVE-2023-32340 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vul ...)
NOT-FOR-US: IBM
-CVE-2025-23050
+CVE-2025-23050 (QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ...)
- qt6-connectivity 6.7.2-8
[bookworm] - qt6-connectivity <no-dsa> (Minor issue)
- qtconnectivity-opensource-src 5.15.15-3 (bug #1093882)
@@ -114186,7 +114608,7 @@ CVE-2024-21541 (Versions of the package dom-iterator before 1.0.1 are vulnerable
CVE-2024-21540
REJECTED
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
- python3.11 3.11.4-1
[bookworm] - python3.11 3.11.2-6+deb12u5
@@ -133245,7 +133667,7 @@ CVE-2024-34463 (BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send
CVE-2023-49233 (Insufficient access checks in Visual Planning Admin Center 8 before v. ...)
NOT-FOR-US: Visual Planning Admin Center
CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython. Regul ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -136373,7 +136795,7 @@ CVE-2024-7924 (A vulnerability was found in ZZCMS 2023. It has been declared as
CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
NOT-FOR-US: D-Link
CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython, specifically ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -140687,7 +141109,7 @@ CVE-2024-7357 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Li
CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende Identity S ...)
NOT-FOR-US: 1E Platform
CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The emai ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.5-1
- python3.11 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1a4e7e04ecb19829c1e2409c8d28b9d73ee70f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1a4e7e04ecb19829c1e2409c8d28b9d73ee70f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251031/a7907d39/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list