[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 12 21:13:05 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02317729 by security tracker role at 2025-09-12T20:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,119 @@
-CVE-2025-39799 [ACPI: processor: perflib: Move problematic pr->performance check]
+CVE-2025-9556 (Langchaingo supports the use of jinja2 syntax when parsing prompts, wh ...)
+ TODO: check
+CVE-2025-8699 (Some "Stored Value" Unattended Payment Solutions of KioSoft use vulner ...)
+ TODO: check
+CVE-2025-7448 (Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predi ...)
+ TODO: check
+CVE-2025-6638 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
+ TODO: check
+CVE-2025-59139 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2025-59058 (httpsig-rs is a Rust implementation of IETF RFC 9421 http message sign ...)
+ TODO: check
+CVE-2025-59054 (dstack is a software development kit (SDK) to simplify the deployment ...)
+ TODO: check
+CVE-2025-58434 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2025-57579 (An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 all ...)
+ TODO: check
+CVE-2025-57578 (An issue in H3C Magic M Device M2V100R006 allows a remote attacker to ...)
+ TODO: check
+CVE-2025-57577 (An issue in H3C Device R365V300R004 allows a remote attacker to execut ...)
+ TODO: check
+CVE-2025-56467 (An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 allow ...)
+ TODO: check
+CVE-2025-55996 (Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text para ...)
+ TODO: check
+CVE-2025-55835 (File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker ...)
+ TODO: check
+CVE-2025-52074 (PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scri ...)
+ TODO: check
+CVE-2025-4235 (An information exposure vulnerability in the Palo Alto Networks User-I ...)
+ TODO: check
+CVE-2025-4234 (A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defende ...)
+ TODO: check
+CVE-2025-43796 (Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 thro ...)
+ TODO: check
+CVE-2025-43795 (Open redirect vulnerability in the System Settings in Liferay Portal 7 ...)
+ TODO: check
+CVE-2025-43787 (A Stored cross-site scripting vulnerability in the Liferay Portal 7.4 ...)
+ TODO: check
+CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autoremoval ...)
+ TODO: check
+CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists all hos ...)
+ TODO: check
+CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
+ TODO: check
+CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
+ TODO: check
+CVE-2025-10365 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fab ...)
+ TODO: check
+CVE-2025-10364 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fab ...)
+ TODO: check
+CVE-2025-10325 (A vulnerability was identified in Wavlink WL-WN578W2 221110. This impa ...)
+ TODO: check
+CVE-2025-10324 (A vulnerability was determined in Wavlink WL-WN578W2 221110. This affe ...)
+ TODO: check
+CVE-2025-10323 (A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted e ...)
+ TODO: check
+CVE-2025-10322 (A vulnerability has been found in Wavlink WL-WN578W2 221110. The affec ...)
+ TODO: check
+CVE-2025-10321 (A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unk ...)
+ TODO: check
+CVE-2025-10320 (A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. T ...)
+ TODO: check
+CVE-2025-10319 (A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected ...)
+ TODO: check
+CVE-2025-10318 (A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by t ...)
+ TODO: check
+CVE-2025-10267 (NUP Portal developed by NewType Infortech has a Missing Authentication ...)
+ TODO: check
+CVE-2025-10266 (NUP Pro developed by NewType Infortech has a SQL Injection vulnerabili ...)
+ TODO: check
+CVE-2025-10265 (Certain models of NVR developed by Digiever has an OS Command Injectio ...)
+ TODO: check
+CVE-2025-10264 (Certain models of NVR developed by Digiever has an Exposure of Sensiti ...)
+ TODO: check
+CVE-2024-45434 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. T ...)
+ TODO: check
+CVE-2024-45433 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control F ...)
+ TODO: check
+CVE-2024-45432 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function c ...)
+ TODO: check
+CVE-2024-45431 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Vali ...)
+ TODO: check
+CVE-2025-39799 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d405ec23df13e6df599f5bd965a55d13420366b8 (6.17-rc2)
-CVE-2025-39798 [NFS: Fix the setting of capabilities when automounting a new filesystem]
+CVE-2025-39798 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/b01f21cacde9f2878492cf318fee61bf4ccad323 (6.17-rc1)
-CVE-2025-39797 [xfrm: Duplicate SPI Handling]
+CVE-2025-39797 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/94f39804d891cffe4ce17737d295f3b195bc7299 (6.17-rc1)
-CVE-2025-39796 [net: lapbether: ignore ops-locked netdevs]
+CVE-2025-39796 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/53898ebabe843bfa7baea9dae152797d5d0563c9 (6.17-rc2)
-CVE-2025-39795 [block: avoid possible overflow for chunk_sectors check in blk_stack_limits()]
+CVE-2025-39795 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/448dfecc7ff807822ecd47a5c052acedca7d09e8 (6.17-rc1)
-CVE-2025-39794 [ARM: tegra: Use I/O memcpy to write to IRAM]
+CVE-2025-39794 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/398e67e0f5ae04b29bcc9cbf342e339fe9d3f6f1 (6.17-rc1)
-CVE-2025-39793 [io_uring/memmap: cast nr_pages to size_t before shifting]
+CVE-2025-39793 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.3-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/33503c083fda048c77903460ac0429e1e2c0e341 (6.17-rc1)
-CVE-2025-39792 [dm: Always split write BIOs to zoned device limits]
+CVE-2025-39792 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -5136,7 +5220,7 @@ CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contain
NOT-FOR-US: Craft CMS plugin
CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The / ...)
NOT-FOR-US: simple-admin-core
-CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection vulnerabilit ...)
+CVE-2025-50989 (OPNsense before 25.1.8 contains an authenticated command injection vul ...)
NOT-FOR-US: OPNsense
CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple stored cro ...)
NOT-FOR-US: diskover-web
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0231772984933680271c311b8aa9e61ebe7ade80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0231772984933680271c311b8aa9e61ebe7ade80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250912/c9f8240f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list