[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 24 09:38:40 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53ce6bf3 by security tracker role at 2025-09-24T08:38:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,172 @@
-CVE-2025-59825
+CVE-2025-9966 (Improper privilege management vulnerability in Novakon P series allows ...)
+ TODO: check
+CVE-2025-9965 (Improper authentication vulnerability in Novakon P series allows unaut ...)
+ TODO: check
+CVE-2025-9964 (No password for the root user is set in Novakon P series. This allows ...)
+ TODO: check
+CVE-2025-9963 (A path traversal vulnerability in Novakon P series allows to expose th ...)
+ TODO: check
+CVE-2025-9962 (A buffer overflow vulnerability in Novakon P series allows attackers t ...)
+ TODO: check
+CVE-2025-9846 (Unrestricted Upload of File with Dangerous Type vulnerability in Talen ...)
+ TODO: check
+CVE-2025-9844 (Uncontrolled Search Path Element vulnerability in Salesforce Salesforc ...)
+ TODO: check
+CVE-2025-9798 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-9342 (Authorization Bypass Through User-Controlled Key vulnerability in Anad ...)
+ TODO: check
+CVE-2025-9197
+ REJECTED
+CVE-2025-8410 (Use After Free vulnerability in RTI Connext Professional (Security Plu ...)
+ TODO: check
+CVE-2025-8354 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
+ TODO: check
+CVE-2025-7106 (danny-avila/librechat is affected by an authorization bypass vulnerabi ...)
+ TODO: check
+CVE-2025-5717 (An authenticated remote code execution (RCE) vulnerability exists in m ...)
+ TODO: check
+CVE-2025-59930
+ REJECTED
+CVE-2025-59929
+ REJECTED
+CVE-2025-59928
+ REJECTED
+CVE-2025-59927
+ REJECTED
+CVE-2025-59926
+ REJECTED
+CVE-2025-59925
+ REJECTED
+CVE-2025-59924
+ REJECTED
+CVE-2025-59826 (Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non ...)
+ TODO: check
+CVE-2025-59822 (Http4s is a Scala interface for HTTP services. In versions from 1.0.0- ...)
+ TODO: check
+CVE-2025-59821 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-59548 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-59547 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-59546 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-59545 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-59539 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-59534 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+ TODO: check
+CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was discovered in ...)
+ TODO: check
+CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58473 (An improper resource shutdown or release vulnerability has been identi ...)
+ TODO: check
+CVE-2025-58354 (Kata Containers is an open source project focusing on a standard imple ...)
+ TODO: check
+CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
+ TODO: check
+CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
+ TODO: check
+CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data vulnerability in Aut ...)
+ TODO: check
+CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in firmware v ...)
+ TODO: check
+CVE-2025-57882 (An improper resource shutdown or release vulnerability has been identi ...)
+ TODO: check
+CVE-2025-57639 (OS Command injection vulnerability in Tenda AC9 1.0 was discovered to ...)
+ TODO: check
+CVE-2025-57638 (Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied s ...)
+ TODO: check
+CVE-2025-57637 (Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub ...)
+ TODO: check
+CVE-2025-57636 (OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47 ...)
+ TODO: check
+CVE-2025-57407 (A stored cross-site scripting (XSS) vulnerability in the Admin Log Vie ...)
+ TODO: check
+CVE-2025-56394 (Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly va ...)
+ TODO: check
+CVE-2025-56311 (In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), ...)
+ TODO: check
+CVE-2025-56304 (Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the re ...)
+ TODO: check
+CVE-2025-56146 (Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Ce ...)
+ TODO: check
+CVE-2025-55780 (A null pointer dereference occurs in the function break_word_for_overf ...)
+ TODO: check
+CVE-2025-55069 (A predictable seed in pseudo-random number generator vulnerability has ...)
+ TODO: check
+CVE-2025-55038 (An authorization bypass vulnerability has been discovered in the Click ...)
+ TODO: check
+CVE-2025-54855 (Cleartext storage of sensitive information was discovered in Click Pro ...)
+ TODO: check
+CVE-2025-54081 (Sunshine is a self-hosted game stream host for Moonlight. Prior to ver ...)
+ TODO: check
+CVE-2025-52905 (Improper Input Validation vulnerability in TOTOLINK X6000R allows Floo ...)
+ TODO: check
+CVE-2025-51005 (A heap-buffer-overflow vulnerability exists in the tcpliveplay utility ...)
+ TODO: check
+CVE-2025-4993 (Untrusted Pointer Dereference vulnerability in RTI Connext Professiona ...)
+ TODO: check
+CVE-2025-4760 (An authenticated stored cross-site scripting (XSS) vulnerability exist ...)
+ TODO: check
+CVE-2025-4582 (Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Profes ...)
+ TODO: check
+CVE-2025-48459 (Deserialization of Untrusted Data vulnerability in Apache IoTDB. This ...)
+ TODO: check
+CVE-2025-48392 (A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro ...)
+ TODO: check
+CVE-2025-45326 (An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attacke ...)
+ TODO: check
+CVE-2025-43819 (A Insufficient Session Expiration vulnerability in the Liferay Portal ...)
+ TODO: check
+CVE-2025-43779 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-29084 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacke ...)
+ TODO: check
+CVE-2025-29083 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacke ...)
+ TODO: check
+CVE-2025-1255 (Untrusted Pointer Dereference vulnerability in RTI Connext Professiona ...)
+ TODO: check
+CVE-2025-10857 (A security flaw has been discovered in Campcodes Point of Sale System ...)
+ TODO: check
+CVE-2025-10851 (A security flaw has been discovered in Campcodes Gym Management System ...)
+ TODO: check
+CVE-2025-10412 (The Product Options and Price Calculation Formulas for WooCommerce \u2 ...)
+ TODO: check
+CVE-2025-10244 (A maliciously crafted HTML payload, when rendered by the Autodesk Fusi ...)
+ TODO: check
+CVE-2025-10184 (The vulnerability allows any application installed on the device to re ...)
+ TODO: check
+CVE-2025-10147 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to ar ...)
+ TODO: check
+CVE-2025-0672 (An authentication bypass vulnerability exists in multiple WSO2 product ...)
+ TODO: check
+CVE-2025-0663 (A cross-tenant authentication vulnerability exists in multiple WSO2 pr ...)
+ TODO: check
+CVE-2025-0209 (A reflected cross-site scripting (XSS) vulnerability exists in the acc ...)
+ TODO: check
+CVE-2024-6429 (A content spoofing vulnerability exists in multiple WSO2 products due ...)
+ TODO: check
+CVE-2024-4598 (An information disclosure vulnerability exists in multiple WSO2 produc ...)
+ TODO: check
+CVE-2024-21935 (Improper input validation in Satellite Management Controller (SMC) may ...)
+ TODO: check
+CVE-2024-21927 (Improper input validation in Satellite Management Controller (SMC) may ...)
+ TODO: check
+CVE-2023-47538
+ REJECTED
+CVE-2017-20200 (A vulnerability has been found in Coinomi up to 1.7.6. This issue affe ...)
+ TODO: check
+CVE-2025-59825 (astral-tokio-tar is a tar archive reading/writing library for async Ru ...)
- rust-astral-tokio-tar <unfixed>
NOTE: https://github.com/advisories/GHSA-3wgq-wrwc-vqmv
NOTE: https://github.com/astral-sh/tokio-tar/commit/036fdecc85c52458ace92dc9e02e9cef90684e75 (v0.5.4)
CVE-2025-10894
NOT-FOR-US: Compromised Node nx package
-CVE-2025-6921
+CVE-2025-6921 (The huggingface/transformers library, versions prior to 4.53.0, is vul ...)
NOT-FOR-US: huggingface/transformers
CVE-2025-10890
- chromium 140.0.7339.207-1
@@ -19,7 +181,7 @@ CVE-2025-XXXX [NNCP path traversal attack]
- nncp <unfixed> (bug #1115848)
NOTE: http://www.nncpgo.org/Release-8_005f12_005f0.html
NOTE: http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scWD1A@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7
-CVE-2025-9900
+CVE-2025-9900 (A flaw was found in Libtiff. This vulnerability is a "write-what-where ...)
- tiff 4.7.1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/704
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/732
@@ -24029,7 +24191,7 @@ CVE-2025-5241 (Overly Restrictive Account Lockout Mechanism vulnerability in Mit
NOT-FOR-US: Mitsubishi
CVE-2025-5028 (Installation file of ESET security products on Windows allow an atta ...)
NOT-FOR-US: ESET
-CVE-2025-53864 (Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to ...)
+CVE-2025-53864 (Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9. ...)
NOT-FOR-US: Connect2id
CVE-2025-53852
REJECTED
@@ -113533,7 +113695,7 @@ CVE-2024-45519 (The postjournal service in Zimbra Collaboration (ZCS) before 8.8
NOT-FOR-US: Zimbra
CVE-2024-42504 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
NOT-FOR-US: HPE IceWall Agent products
-CVE-2024-28888 (A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0. ...)
+CVE-2024-28888 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...)
NOT-FOR-US: Foxit Reader
CVE-2024-24117 (Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4 ...)
NOT-FOR-US: Ruijie
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ce6bf31a57ca871b7b9fcd889dc1c2b38d1fd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ce6bf31a57ca871b7b9fcd889dc1c2b38d1fd5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250924/18e62514/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list