[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 18 09:12:05 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73b8fc6b by security tracker role at 2025-09-18T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,132 @@
+CVE-2025-9083 (The Ninja Forms WordPress plugin before 3.11.1 unserializes user inpu ...)
+ TODO: check
+CVE-2025-8942 (The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server ...)
+ TODO: check
+CVE-2025-8006 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-8005 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execut ...)
+ TODO: check
+CVE-2025-8004 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-8003 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-8002 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execut ...)
+ TODO: check
+CVE-2025-8001 (Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Exe ...)
+ TODO: check
+CVE-2025-8000 (Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execut ...)
+ TODO: check
+CVE-2025-7999 (Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execut ...)
+ TODO: check
+CVE-2025-7998 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code E ...)
+ TODO: check
+CVE-2025-7997 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-7996 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code E ...)
+ TODO: check
+CVE-2025-7995 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execut ...)
+ TODO: check
+CVE-2025-7994 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-7993 (Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execut ...)
+ TODO: check
+CVE-2025-7992 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-7991 (Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code E ...)
+ TODO: check
+CVE-2025-7990 (Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code ...)
+ TODO: check
+CVE-2025-7989 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-7988 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Cod ...)
+ TODO: check
+CVE-2025-7987 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Cod ...)
+ TODO: check
+CVE-2025-7986 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Cod ...)
+ TODO: check
+CVE-2025-7985 (Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Exe ...)
+ TODO: check
+CVE-2025-7984 (Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Cod ...)
+ TODO: check
+CVE-2025-7983 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Rem ...)
+ TODO: check
+CVE-2025-7982 (Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Exec ...)
+ TODO: check
+CVE-2025-7981 (Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote ...)
+ TODO: check
+CVE-2025-7980 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Cod ...)
+ TODO: check
+CVE-2025-7979 (Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Re ...)
+ TODO: check
+CVE-2025-7978 (Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote ...)
+ TODO: check
+CVE-2025-7977 (Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Ex ...)
+ TODO: check
+CVE-2025-5305 (The Password Reset with Code for WordPress REST API WordPress plugin b ...)
+ TODO: check
+CVE-2025-59415 (Frappe Learning is a learning system that helps users structure their ...)
+ TODO: check
+CVE-2025-23337 (NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HG ...)
+ TODO: check
+CVE-2025-23336 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+ TODO: check
+CVE-2025-23329 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+ TODO: check
+CVE-2025-23328 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+ TODO: check
+CVE-2025-23316 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
+ TODO: check
+CVE-2025-23268 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)
+ TODO: check
+CVE-2025-10644 (Wondershare Repairit SAS Token Incorrect Permission Assignment Authent ...)
+ TODO: check
+CVE-2025-10643 (Wondershare Repairit Incorrect Permission Assignment Authentication By ...)
+ TODO: check
+CVE-2025-10642 (A vulnerability has been found in wangchenyi1996 chat_forum up to 80bd ...)
+ TODO: check
+CVE-2025-10634 (A weakness has been identified in D-Link DIR-823X 240126/240802/250416 ...)
+ TODO: check
+CVE-2025-10632 (A security flaw has been discovered in itsourcecode Online Petshop Man ...)
+ TODO: check
+CVE-2025-10631 (A vulnerability was identified in itsourcecode Online Petshop Manageme ...)
+ TODO: check
+CVE-2025-10629 (A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issu ...)
+ TODO: check
+CVE-2025-10628 (A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerabi ...)
+ TODO: check
+CVE-2025-10627 (A vulnerability has been found in SourceCodester Online Exam Form Subm ...)
+ TODO: check
+CVE-2025-10626 (A flaw has been found in SourceCodester Online Exam Form Submission 1. ...)
+ TODO: check
+CVE-2025-10625 (A vulnerability was detected in SourceCodester Online Exam Form Submis ...)
+ TODO: check
+CVE-2025-10624 (A security flaw has been discovered in PHPGurukul User Management Syst ...)
+ TODO: check
+CVE-2025-10623 (A vulnerability was identified in SourceCodester Hotel Reservation Sys ...)
+ TODO: check
+CVE-2025-10621 (A vulnerability was determined in SourceCodester Hotel Reservation Sys ...)
+ TODO: check
+CVE-2025-10620 (A flaw has been found in itsourcecode Online Clinic Management System ...)
+ TODO: check
+CVE-2025-10619 (A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This ...)
+ TODO: check
+CVE-2025-10618 (A security vulnerability has been detected in itsourcecode Online Clin ...)
+ TODO: check
+CVE-2025-10617 (A weakness has been identified in SourceCodester Online Polling System ...)
+ TODO: check
+CVE-2025-10616 (A security flaw has been discovered in itsourcecode E-Commerce Website ...)
+ TODO: check
+CVE-2025-10493 (The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct ...)
+ TODO: check
+CVE-2023-49565 (The cbis_manager Podman container is vulnerable to remote command exec ...)
+ TODO: check
+CVE-2023-49564 (The CBIS/NCS Manager API is vulnerable to an authentication bypass. By ...)
+ TODO: check
CVE-2025-9862 (Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an at ...)
- ghost <itp> (bug #892150)
CVE-2025-8999 (The Sydney theme for WordPress is vulnerable to unauthorized modificat ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-8463 (Authorization Bypass Through User-Controlled Key vulnerability in Nebu ...)
+CVE-2025-8463 (Authorization Bypass Through User-Controlled Key vulnerability in SecH ...)
NOT-FOR-US: Nebula Informatics SecHard
CVE-2025-8411 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Dokuzsoft Technology E-Commerce Web Design Product
@@ -228482,6 +228606,7 @@ CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/desktop/pull/5323
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.7.0-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/desktop/pull/5324
@@ -279204,24 +279329,28 @@ CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintain
NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
CVE-2022-39334 (Nextcloud also ships a CLI utility called nextcloudcmd which is someti ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
NOTE: https://github.com/nextcloud/desktop/issues/4927
NOTE: https://github.com/nextcloud/desktop/pull/5022
CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1711847
CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1668028
CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b8fc6ba3e0056268c9d88410c1b6ad090685da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b8fc6ba3e0056268c9d88410c1b6ad090685da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250918/c3b1aba1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list