[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 10 21:13:02 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
692b85db by security tracker role at 2025-09-10T20:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,277 @@
+CVE-2025-9997 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
+ TODO: check
+CVE-2025-9996 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
+ TODO: check
+CVE-2025-9979 (The Maspik plugin for WordPress is vulnerable to Missing Authorization ...)
+ TODO: check
+CVE-2025-9888 (The Maspik \u2013 Ultimate Spam Protection plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-9857 (The Heateor Login \u2013 Social Login Plugin plugin for WordPress is v ...)
+ TODO: check
+CVE-2025-9622 (The WP Blast | SEO & Performance Booster plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-9463 (The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPa ...)
+ TODO: check
+CVE-2025-9367 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-8778 (The NitroPack plugin for WordPress is vulnerable to unauthorized modif ...)
+ TODO: check
+CVE-2025-8696 (If an unauthenticated user sends a large amount of data to the Stork U ...)
+ TODO: check
+CVE-2025-8681 (Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stor ...)
+ TODO: check
+CVE-2025-8388 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
+ TODO: check
+CVE-2025-7843 (The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-7826 (The Testimonial plugin for WordPress is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2025-7746 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
+ TODO: check
+CVE-2025-7718 (The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin fo ...)
+ TODO: check
+CVE-2025-7049 (The WPGYM - Wordpress Gym Management System plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-6189 (The Duplicate Page and Post plugin for WordPress is vulnerable to time ...)
+ TODO: check
+CVE-2025-59049 (Mockoon provides way to design and run mock APIs. Prior to version 9.2 ...)
+ TODO: check
+CVE-2025-59046 (The npm package `interactive-git-checkout` is an interactive command-l ...)
+ TODO: check
+CVE-2025-59045 (Stalwart is a mail and collaboration server. Starting in version 0.12. ...)
+ TODO: check
+CVE-2025-59044 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
+ TODO: check
+CVE-2025-59042 (PyInstaller bundles a Python application and all its dependencies into ...)
+ TODO: check
+CVE-2025-59041 (Claude Code is an agentic coding tool. At startup, Claude Code execute ...)
+ TODO: check
+CVE-2025-59039 (Prebid Universal Creative (PUC) is a JavaScript API to render multiple ...)
+ TODO: check
+CVE-2025-59038 (Prebid.js is a free and open source library for publishers to quickly ...)
+ TODO: check
+CVE-2025-59037 (DuckDB is an analytical in-process SQL database management system. On ...)
+ TODO: check
+CVE-2025-59036 (Infrahub offers a central hub to manage data, templates, and playbooks ...)
+ TODO: check
+CVE-2025-59035 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2025-59034 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2025-58768 (DeepChat is a smart assistant uses artificial intelligence. Prior to v ...)
+ TODO: check
+CVE-2025-58765 (wabac.js provides a full web archive replay system, or 'wayback machin ...)
+ TODO: check
+CVE-2025-58764 (Claude Code is an agentic coding tool. Due to an error in command pars ...)
+ TODO: check
+CVE-2025-58763 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
+ TODO: check
+CVE-2025-58750 (rAthena is an open-source cross-platform massively multiplayer online ...)
+ TODO: check
+CVE-2025-58462 (OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 al ...)
+ TODO: check
+CVE-2025-58448 (rAthena is an open-source cross-platform massively multiplayer online ...)
+ TODO: check
+CVE-2025-58447 (rAthena is an open-source cross-platform massively multiplayer online ...)
+ TODO: check
+CVE-2025-58135 (Improper action enforcement in certain Zoom Workplace Clients for Wind ...)
+ TODO: check
+CVE-2025-58134 (Incorrect authorization in certain Zoom Workplace Clients for Windows ...)
+ TODO: check
+CVE-2025-58131 (Race condition in the Zoom Workplace VDI Plugin macOS Universal instal ...)
+ TODO: check
+CVE-2025-57642 (A Shell Upload vulnerability in Tourism Management System 2.0 allows a ...)
+ TODO: check
+CVE-2025-57633 (A command injection vulnerability in FTP-Flask-python through 5173b68 ...)
+ TODO: check
+CVE-2025-57573 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2025-57572 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2025-57571 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2025-57570 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2025-57569 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2025-57520 (A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3. ...)
+ TODO: check
+CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The ...)
+ TODO: check
+CVE-2025-56578 (An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensi ...)
+ TODO: check
+CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows attackers t ...)
+ TODO: check
+CVE-2025-56413 (OS Command injection vulnerability in function OperateSSH in 1panel 2. ...)
+ TODO: check
+CVE-2025-56407 (A vulnerability has been found in HuangDou UTCMS V9 and classified as ...)
+ TODO: check
+CVE-2025-56406 (An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain ...)
+ TODO: check
+CVE-2025-56405 (An issue was discovered in litmusautomation litmus-mcp-server thru 0.0 ...)
+ TODO: check
+CVE-2025-56404 (An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gai ...)
+ TODO: check
+CVE-2025-55976 (Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via ...)
+ TODO: check
+CVE-2025-54376 (Hoverfly is an open source API simulation tool. In versions 1.11.3 and ...)
+ TODO: check
+CVE-2025-54260 (Substance3D - Modeler versions 1.22.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2025-54259 (Substance3D - Modeler versions 1.22.2 and earlier are affected by an I ...)
+ TODO: check
+CVE-2025-54258 (Substance3D - Modeler versions 1.22.2 and earlier are affected by a Us ...)
+ TODO: check
+CVE-2025-54245 (Substance3D - Viewer versions 0.25.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-54244 (Substance3D - Viewer versions 0.25.1 and earlier are affected by a Hea ...)
+ TODO: check
+CVE-2025-54243 (Substance3D - Viewer versions 0.25.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-54241 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-54240 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-54239 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-54123 (Hoverfly is an open source API simulation tool. In versions 1.11.3 and ...)
+ TODO: check
+CVE-2025-54084 (OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ...)
+ TODO: check
+CVE-2025-54083 (Insecure Storage of Sensitive Information vulnerability in Calix GigaC ...)
+ TODO: check
+CVE-2025-50892 (The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Back ...)
+ TODO: check
+CVE-2025-49461 (Cross-site scripting in certain Zoom Workplace Clients may allow an un ...)
+ TODO: check
+CVE-2025-49460 (Uncontrolled resource consumption in certain Zoom Workplace Clients ma ...)
+ TODO: check
+CVE-2025-49459 (Missing authorization in the installer for Zoom Workplace for Windows ...)
+ TODO: check
+CVE-2025-49458 (Buffer overflow in certain Zoom Workplace Clients may allow an authent ...)
+ TODO: check
+CVE-2025-44595 (Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) i ...)
+ TODO: check
+CVE-2025-44593 (Halo prior to 2.20.13 allows bypassing file type detection and uploadi ...)
+ TODO: check
+CVE-2025-43938 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
+ TODO: check
+CVE-2025-43888 (Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, c ...)
+ TODO: check
+CVE-2025-43887 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
+ TODO: check
+CVE-2025-43886 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
+ TODO: check
+CVE-2025-43885 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
+ TODO: check
+CVE-2025-43884 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
+ TODO: check
+CVE-2025-43785 (Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4. ...)
+ TODO: check
+CVE-2025-43784 (Improper Access Control vulnerability in Liferay Portal 7.4.0 through ...)
+ TODO: check
+CVE-2025-43783 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...)
+ TODO: check
+CVE-2025-43725 (Dell PowerProtect Data Manager, Generic Application Agent, version(s) ...)
+ TODO: check
+CVE-2025-43491 (A vulnerability in the Poly Lens Desktop application running on the Wi ...)
+ TODO: check
+CVE-2025-41714 (The upload endpoint insufficiently validates the 'Upload-Key' request ...)
+ TODO: check
+CVE-2025-40979 (DLL search order hijacking vulnerability in the wave.exe executable fo ...)
+ TODO: check
+CVE-2025-40725 (Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. ...)
+ TODO: check
+CVE-2025-36759 (Through the provision of user names, SolaX Cloud will suggest (similar ...)
+ TODO: check
+CVE-2025-36758 (It is possible to bypass the clipping level of authentication attempts ...)
+ TODO: check
+CVE-2025-36757 (It is possible to bypass the administrator login screen on SolaX Cloud ...)
+ TODO: check
+CVE-2025-36756 (A problem with missing authorization on SolaX Cloud platform allows ta ...)
+ TODO: check
+CVE-2025-34178 (In pfSense CE/suricata/suricata_app_parsers.php, the value of the poli ...)
+ TODO: check
+CVE-2025-34177 (In pfSense CE/suricata/suricata_flow_stream.php, the value of the poli ...)
+ TODO: check
+CVE-2025-34176 (In pfSense CE/suricata/suricata_ip_reputation.php, the value of the ip ...)
+ TODO: check
+CVE-2025-29592 (oasys v1.1 is vulnerable to Directory Traversal in ProcedureController ...)
+ TODO: check
+CVE-2025-23344 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
+ TODO: check
+CVE-2025-23343 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
+ TODO: check
+CVE-2025-23342 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
+ TODO: check
+CVE-2025-20340 (A vulnerability in the Address Resolution Protocol (ARP) implementatio ...)
+ TODO: check
+CVE-2025-20248 (A vulnerability in the installation process of Cisco IOS XR Software c ...)
+ TODO: check
+CVE-2025-20159 (A vulnerability in the management interface access control list (ACL) ...)
+ TODO: check
+CVE-2025-10231 (An Incorrect File Handling Permission bug exists on the N-central Wind ...)
+ TODO: check
+CVE-2025-10227 (Missing Encryption of Sensitive Data (CWE-311) in the Object Archive c ...)
+ TODO: check
+CVE-2025-10226 (Dependency on Vulnerable Third-Party Component (CWE-1395) in the Postg ...)
+ TODO: check
+CVE-2025-10225 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2025-10224 (Improper Authentication (CWE-287) in the LDAP authentication engine in ...)
+ TODO: check
+CVE-2025-10223 (Insufficient Session Expiration (CWE-613) in the Web Admin Panel in Ax ...)
+ TODO: check
+CVE-2025-10222 (Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) i ...)
+ TODO: check
+CVE-2025-10221 (Insertion of Sensitive Information into Log File (CWE-532) in the ARP ...)
+ TODO: check
+CVE-2025-10220 (Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dep ...)
+ TODO: check
+CVE-2025-10219
+ REJECTED
+CVE-2025-10215 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
+ TODO: check
+CVE-2025-10214 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
+ TODO: check
+CVE-2025-10213 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
+ TODO: check
+CVE-2025-10211 (A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3 ...)
+ TODO: check
+CVE-2025-10210 (A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Im ...)
+ TODO: check
+CVE-2025-10209 (A security flaw has been discovered in Papermerge DMS up to 3.5.3. Thi ...)
+ TODO: check
+CVE-2025-10197 (A vulnerability was found in HJSoft HCM Human Resources Management Sys ...)
+ TODO: check
+CVE-2025-10195 (A vulnerability has been found in Seismic App 2.4.2 on Android. Affect ...)
+ TODO: check
+CVE-2025-10172 (A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affec ...)
+ TODO: check
+CVE-2025-10171 (A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vu ...)
+ TODO: check
+CVE-2025-10170 (A security vulnerability has been detected in UTT 1200GW up to 3.0.0-1 ...)
+ TODO: check
+CVE-2025-10169 (A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affec ...)
+ TODO: check
+CVE-2025-10159 (An authentication bypass vulnerability allows remote attackers to gain ...)
+ TODO: check
+CVE-2025-10142 (The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2025-10126 (The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-10049 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-10040 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
+ TODO: check
+CVE-2025-10001 (The Import any XML, CSV or Excel File to WordPress plugin for WordPres ...)
+ TODO: check
+CVE-2024-47120 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
+ TODO: check
+CVE-2024-45671 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
+ TODO: check
+CVE-2024-45669 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
+ TODO: check
CVE-2025-6769
- gitlab <unfixed>
CVE-2025-10094
@@ -10,10 +284,10 @@ CVE-2025-6454
- gitlab <unfixed>
CVE-2025-2256
- gitlab <unfixed>
-CVE-2025-10201
+CVE-2025-10201 (Inappropriate implementation in Mojo in Google Chrome on Android, Linu ...)
- chromium 140.0.7339.127-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10200
+CVE-2025-10200 (Use after free in Serviceworker in Google Chrome on Desktop prior to 1 ...)
- chromium 140.0.7339.127-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9086 [Out of bounds read for cookie path]
@@ -955,7 +1229,7 @@ CVE-2023-31322 (Type confusion in the ASP could allow an attacker to pass a malf
NOT-FOR-US: AMD
CVE-2023-31306 (Improper validation of an array index in the AMD graphics driver softw ...)
TODO: check
-CVE-2025-9943 [SQL injection vulnerability in Service Provider ODBC plugin]
+CVE-2025-9943 (An SQL injection vulnerability has been identified in the "ID" attribu ...)
{DSA-5994-1}
- shibboleth-sp 3.5.1+dfsg-1 (bug #1114506)
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-1014
@@ -2790,7 +3064,7 @@ CVE-2024-32444 (Incorrect Privilege Assignment vulnerability in InspiryThemes Re
NOT-FOR-US: WordPress plugin or theme
CVE-2023-3666 (The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitis ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-9714
+CVE-2025-9714 (Uncontrolled recursion inXPath evaluationin libxml2 up to and includin ...)
- libxml2 2.14.5+dfsg-0.1
[trixie] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
[bookworm] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
@@ -6370,13 +6644,13 @@ CVE-2025-8145 (The Redirection for Contact Form 7 plugin for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2025-8141 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-57791 (An issue was discovered in Commvault before 11.36.60. A security vulne ...)
+CVE-2025-57791 (A security vulnerability has been identified that allows remote attack ...)
NOT-FOR-US: Commvault
-CVE-2025-57790 (An issue was discovered in Commvault before 11.36.60. A security vulne ...)
+CVE-2025-57790 (A security vulnerability has been identified that allows remote attack ...)
NOT-FOR-US: Commvault
-CVE-2025-57789 (An issue was discovered in Commvault before 11.36.60. During the brief ...)
+CVE-2025-57789 (During the brief window between installation and the first administrat ...)
NOT-FOR-US: Commvault
-CVE-2025-57788 (An issue was discovered in Commvault before 11.36.60. A vulnerability ...)
+CVE-2025-57788 (A vulnerability in a known login mechanism allows unauthenticated atta ...)
NOT-FOR-US: Commvault
CVE-2025-57748
REJECTED
@@ -229384,7 +229658,7 @@ CVE-2023-27636 (Progress Sitefinity before 15.0.0 allows XSS by authenticated us
CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: ECshop
CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an ...)
- {DSA-5437-1 DSA-5436-1 DLA-3468-1 DLA-3467-1}
+ {DSA-5995-1 DSA-5437-1 DSA-5436-1 DLA-3468-1 DLA-3467-1}
- hsqldb 2.7.2-1
- hsqldb1.8.0 1.8.0.10+dfsg-14
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/692b85db1d918f68073b914628da27f6fe2c68e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/692b85db1d918f68073b914628da27f6fe2c68e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250910/eb988801/attachment.htm>
More information about the debian-security-tracker-commits
mailing list