[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 16 09:12:22 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da409653 by security tracker role at 2025-09-16T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,223 @@
+CVE-2025-9808 (The The Events Calendar plugin for WordPress is vulnerable to Informat ...)
+	TODO: check
+CVE-2025-6999 (An HTTP Request Smuggling [CWE-444] vulnerability in the Authenticatio ...)
+	TODO: check
+CVE-2025-6947 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-5518 (Authorization Bypass Through User-Controlled Key vulnerability with us ...)
+	TODO: check
+CVE-2025-59453 (Click Studios Passwordstate before 9.9 Build 9972 has a potential auth ...)
+	TODO: check
+CVE-2025-59437 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
+	TODO: check
+CVE-2025-59436 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
+	TODO: check
+CVE-2025-59332 (3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8 ...)
+	TODO: check
+CVE-2025-59145 (color-name is a JSON with CSS color names. On 8 September 2025, an npm ...)
+	TODO: check
+CVE-2025-59056 (FreePBX is an open-source web-based graphical user interface. In FreeP ...)
+	TODO: check
+CVE-2025-57118 (An issue in PHPGurukul Online-Library-Management-System v3.0 allows an ...)
+	TODO: check
+CVE-2025-57117 (A Clickjacking vulnerability exists in Rems' Employee Management Syste ...)
+	TODO: check
+CVE-2025-56448 (The Positron PX360BT SW REV 8 car alarm system is vulnerable to a repl ...)
+	TODO: check
+CVE-2025-56274 (SourceCodester Web-based Pharmacy Product Management System 1.0 is vul ...)
+	TODO: check
+CVE-2025-55211 (FreePBX is an open-source web-based graphical user interface. From 17. ...)
+	TODO: check
+CVE-2025-43802 (Stored cross-site scripting (XSS) vulnerability in a custom object\u20 ...)
+	TODO: check
+CVE-2025-43799 (Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions ...)
+	TODO: check
+CVE-2025-43798 (Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through upd ...)
+	TODO: check
+CVE-2025-43797 (In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0,  ...)
+	TODO: check
+CVE-2025-43375 (The issue was addressed with improved checks. This issue is fixed in X ...)
+	TODO: check
+CVE-2025-43372 (The issue was addressed with improved input validation. This issue is  ...)
+	TODO: check
+CVE-2025-43371 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-43370 (A path handling issue was addressed with improved validation. This iss ...)
+	TODO: check
+CVE-2025-43369 (This issue was addressed with improved handling of symlinks. This issu ...)
+	TODO: check
+CVE-2025-43368 (A use-after-free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2025-43367 (A privacy issue was addressed by moving sensitive data. This issue is  ...)
+	TODO: check
+CVE-2025-43366 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2025-43362 (The issue was addressed with improved checks. This issue is fixed in i ...)
+	TODO: check
+CVE-2025-43359 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2025-43358 (A permissions issue was addressed with additional sandbox restrictions ...)
+	TODO: check
+CVE-2025-43357 (This issue was addressed with improved redaction of sensitive informat ...)
+	TODO: check
+CVE-2025-43356 (The issue was addressed with improved handling of caches. This issue i ...)
+	TODO: check
+CVE-2025-43355 (A type confusion issue was addressed with improved memory handling. Th ...)
+	TODO: check
+CVE-2025-43354 (A logging issue was addressed with improved data redaction. This issue ...)
+	TODO: check
+CVE-2025-43353 (The issue was addressed with improved bounds checks. This issue is fix ...)
+	TODO: check
+CVE-2025-43349 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2025-43347 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-43346 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2025-43344 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2025-43343 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43342 (A correctness issue was addressed with improved checks. This issue is  ...)
+	TODO: check
+CVE-2025-43341 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43340 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43337 (An access issue was addressed with additional sandbox restrictions. Th ...)
+	TODO: check
+CVE-2025-43333 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43332 (A file quarantine bypass was addressed with additional checks. This is ...)
+	TODO: check
+CVE-2025-43331 (A downgrade issue was addressed with additional code-signing restricti ...)
+	TODO: check
+CVE-2025-43330 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-43329 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43328 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43327 (The issue was addressed by adding additional logic. This issue is fixe ...)
+	TODO: check
+CVE-2025-43326 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2025-43325 (An access issue was addressed with additional sandbox restrictions. Th ...)
+	TODO: check
+CVE-2025-43321 (The issue was resolved by blocking unsigned services from launching on ...)
+	TODO: check
+CVE-2025-43319 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-43318 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2025-43317 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43316 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43315 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-43314 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-43312 (A buffer overflow was addressed with improved bounds checking. This is ...)
+	TODO: check
+CVE-2025-43311 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2025-43310 (A configuration issue was addressed with additional restrictions. This ...)
+	TODO: check
+CVE-2025-43308 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2025-43307 (This issue was addressed with improved checks to prevent unauthorized  ...)
+	TODO: check
+CVE-2025-43305 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43304 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2025-43303 (A logging issue was addressed with improved data redaction. This issue ...)
+	TODO: check
+CVE-2025-43302 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2025-43301 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2025-43299 (A denial-of-service issue was addressed with improved validation. This ...)
+	TODO: check
+CVE-2025-43298 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-43297 (A type confusion issue was addressed with improved memory handling. Th ...)
+	TODO: check
+CVE-2025-43295 (A denial-of-service issue was addressed with improved validation. This ...)
+	TODO: check
+CVE-2025-43294 (An issue existed in the handling of environment variables. This issue  ...)
+	TODO: check
+CVE-2025-43293 (The issue was addressed with improved input validation. This issue is  ...)
+	TODO: check
+CVE-2025-43292 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2025-43291 (A permissions issue was addressed by removing the vulnerable code. Thi ...)
+	TODO: check
+CVE-2025-43287 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43286 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43285 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43283 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2025-43279 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2025-43272 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43263 (The issue was addressed with improved checks. This issue is fixed in X ...)
+	TODO: check
+CVE-2025-43262 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43231 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43208 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43207 (This issue was addressed with improved entitlements. This issue is fix ...)
+	TODO: check
+CVE-2025-43204 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-43203 (The issue was addressed with improved handling of caches. This issue i ...)
+	TODO: check
+CVE-2025-43190 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-31271 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-31270 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31269 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31268 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31255 (An authorization issue was addressed with improved state management. T ...)
+	TODO: check
+CVE-2025-31254 (This issue was addressed with improved URL validation. This issue is f ...)
+	TODO: check
+CVE-2025-30468 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-24197 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-24133 (This issue was addressed by restricting options offered on a locked de ...)
+	TODO: check
+CVE-2025-24088 (The issue was addressed by adding additional logic. This issue is fixe ...)
+	TODO: check
+CVE-2025-10485 (A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4 ...)
+	TODO: check
+CVE-2025-10483 (A flaw has been found in SourceCodester Online Student File Management ...)
+	TODO: check
+CVE-2025-10482 (A vulnerability was detected in SourceCodester Online Student File Man ...)
+	TODO: check
+CVE-2025-10481 (A security vulnerability has been detected in SourceCodester Online St ...)
+	TODO: check
+CVE-2025-10480 (A weakness has been identified in SourceCodester Online Student File M ...)
+	TODO: check
+CVE-2025-10479 (A security flaw has been discovered in SourceCodester Online Student F ...)
+	TODO: check
+CVE-2025-10477 (A vulnerability was identified in kidaze CourseSelectionSystem up to 4 ...)
+	TODO: check
+CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+	TODO: check
 CVE-2025-24293
 	- rails 2:7.2.2.2+dfsg-1
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
@@ -4767,6 +4987,7 @@ CVE-2024-13063 (Authorization Bypass Through User-Controlled Key vulnerability i
 CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is vulnerab ...)
 	NOT-FOR-US: mikecao/flight
 CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12 ...)
+	{DLA-4301-1}
 	- python-django 3:4.2.24-1 (bug #1113865)
 	NOTE: https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92 (4.2.24)
@@ -8173,6 +8394,7 @@ CVE-2025-XXXX [OSSN-0094]
 	NOTE: default policy is only possible to create the inconsistent state described in
 	NOTE: the OSSN-0094 if one has admin rights on the relevant OpenStack project.
 CVE-2025-9288 (Improper Input Validation vulnerability in sha.js allows Input Data Ma ...)
+	{DLA-4302-1}
 	- node-sha.js 2.4.12+~3.0.5-1 (bug #1111769)
 	NOTE: https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
 	NOTE: https://github.com/browserify/sha.js/pull/78
@@ -95732,7 +95954,7 @@ CVE-2024-10691
 	REJECTED
 CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics Personne ...)
 	NOT-FOR-US: Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS)
-CVE-2024-10443 (Improper neutralization of special elements used in a command ('Comman ...)
+CVE-2024-10443 (Improper neutralization of special elements used in an OS command ('OS ...)
 	NOT-FOR-US: Synology
 CVE-2024-10311 (The External Database Based Actions plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da409653c5c6ad6fbf1215b0a944c20a2597434a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da409653c5c6ad6fbf1215b0a944c20a2597434a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250916/95d9956f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list