[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 24 21:13:17 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
717a37c7 by security tracker role at 2025-09-24T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,216 @@
-CVE-2025-39890 [wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event]
+CVE-2025-9353 (The Themify Builder plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-9054 (The MultiLoca - WooCommerce Multi Locations Inventory Management plugi ...)
+ TODO: check
+CVE-2025-9031 (Observable Timing Discrepancy vulnerability in DivvyDrive Information ...)
+ TODO: check
+CVE-2025-8869 (When extracting a tar archive pip may not check symbolic links point i ...)
+ TODO: check
+CVE-2025-59828 (Claude Code is an agentic coding tool. Prior to Claude Code version 1. ...)
+ TODO: check
+CVE-2025-59824 (Omni manages Kubernetes on bare metal, virtual machines, or in a cloud ...)
+ TODO: check
+CVE-2025-59525 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2025-59524 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2025-59343 (tar-fs provides filesystem bindings for tar-stream. Versions prior to ...)
+ TODO: check
+CVE-2025-59305 (Improper authorization in the background migration endpoints of Langfu ...)
+ TODO: check
+CVE-2025-59251 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-58457 (Improper permission check in ZooKeeper AdminServer lets authorized cli ...)
+ TODO: check
+CVE-2025-57354 (A vulnerability exists in the 'counterpart' library for Node.js and th ...)
+ TODO: check
+CVE-2025-57353 (The Runtime components of messageformat package for Node.js prior to v ...)
+ TODO: check
+CVE-2025-57352 (A vulnerability exists in the 'min-document' package prior to version ...)
+ TODO: check
+CVE-2025-57351 (A prototype pollution vulnerability exists in the ts-fns package versi ...)
+ TODO: check
+CVE-2025-57350 (The csvtojson package, a tool for converting CSV data to JSON with cus ...)
+ TODO: check
+CVE-2025-57349 (The messageformat package, an implementation of the Unicode MessageFor ...)
+ TODO: check
+CVE-2025-57348 (The node-cube package (prior to version 5.0.0) contains a vulnerabilit ...)
+ TODO: check
+CVE-2025-57347 (A vulnerability exists in the 'dagre-d3-es' Node.js package version 7. ...)
+ TODO: check
+CVE-2025-57330 (The web3-core-subscriptions is a package designed to manages web3 subs ...)
+ TODO: check
+CVE-2025-57329 (web3-core-method is a package designed to creates the methods on the w ...)
+ TODO: check
+CVE-2025-57328 (toggle-array is a package designed to enables a property on the object ...)
+ TODO: check
+CVE-2025-57327 (spmrc is a package that provides the rc manager for spm. A Prototype P ...)
+ TODO: check
+CVE-2025-57326 (A Prototype Pollution vulnerability in the byGroupAndType function of ...)
+ TODO: check
+CVE-2025-57325 (rollbar is a package designed to effortlessly track and debug errors i ...)
+ TODO: check
+CVE-2025-57323 (mpregular is a package that provides a small program development frame ...)
+ TODO: check
+CVE-2025-57321 (A Prototype Pollution vulnerability in the util-deps.addFileDepend fun ...)
+ TODO: check
+CVE-2025-56819 (An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute ar ...)
+ TODO: check
+CVE-2025-56816 (Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configurat ...)
+ TODO: check
+CVE-2025-56815 (Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /vi ...)
+ TODO: check
+CVE-2025-56241 (Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versio ...)
+ TODO: check
+CVE-2025-55322 (Binding to an unrestricted ip address in GitHub allows an unauthorized ...)
+ TODO: check
+CVE-2025-55178 (Llama Stack prior to version v0.2.20 accepted unverified parameters in ...)
+ TODO: check
+CVE-2025-52907 (Improper Input Validation vulnerability in TOTOLINK X6000R allows Comm ...)
+ TODO: check
+CVE-2025-52906 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2025-48869 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2025-48868 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2025-48867 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2025-47329 (Memory corruption while handling invalid inputs in application info se ...)
+ TODO: check
+CVE-2025-47328 (Transient DOS while processing power control requests with invalid ant ...)
+ TODO: check
+CVE-2025-47327 (Memory corruption while encoding the image data.)
+ TODO: check
+CVE-2025-47326 (Transient DOS while handling command data during power control process ...)
+ TODO: check
+CVE-2025-47318 (Transient DOS while parsing the EPTM test control message to get the t ...)
+ TODO: check
+CVE-2025-47317 (Memory corruption due to global buffer overflow when a test command us ...)
+ TODO: check
+CVE-2025-47316 (Memory corruption due to double free when multiple threads race to set ...)
+ TODO: check
+CVE-2025-47315 (Memory corruption while handling repeated memory unmap requests from g ...)
+ TODO: check
+CVE-2025-47314 (Memory corruption while processing data sent by FE driver.)
+ TODO: check
+CVE-2025-41716 (The web application allows an unauthenticated remote attacker to learn ...)
+ TODO: check
+CVE-2025-41715 (The database for the web application is exposed without authentication ...)
+ TODO: check
+CVE-2025-27077 (Memory corruption while processing message in guest VM.)
+ TODO: check
+CVE-2025-27037 (Memory corruption while processing config_dev IOCTL when camera kernel ...)
+ TODO: check
+CVE-2025-27036 (Information disclosure when Video engine escape input data is less tha ...)
+ TODO: check
+CVE-2025-27034 (Memory corruption while selecting the PLMN from SOR failed list.)
+ TODO: check
+CVE-2025-27033 (Information disclosure while running video usecase having rogue firmwa ...)
+ TODO: check
+CVE-2025-27032 (memory corruption while loading a PIL authenticated VM, when authentic ...)
+ TODO: check
+CVE-2025-27030 (information disclosure while invoking calibration data from user space ...)
+ TODO: check
+CVE-2025-23354 (NVIDIA Megatron-LM for all platforms contains a vulnerability in the e ...)
+ TODO: check
+CVE-2025-23353 (NVIDIA Megatron-LM for all platforms contains a vulnerability in the m ...)
+ TODO: check
+CVE-2025-23349 (NVIDIA Megatron-LM for all platforms contains a vulnerability in the t ...)
+ TODO: check
+CVE-2025-23348 (NVIDIA Megatron-LM for all platforms contains a vulnerability in the p ...)
+ TODO: check
+CVE-2025-23346 (NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an un ...)
+ TODO: check
+CVE-2025-23340 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the ...)
+ TODO: check
+CVE-2025-23339 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuob ...)
+ TODO: check
+CVE-2025-23338 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdi ...)
+ TODO: check
+CVE-2025-23308 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdi ...)
+ TODO: check
+CVE-2025-23275 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJP ...)
+ TODO: check
+CVE-2025-23274 (NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user m ...)
+ TODO: check
+CVE-2025-23273 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJP ...)
+ TODO: check
+CVE-2025-23272 (NVIDIA nvJPEG library contains a vulnerability where an attacker can c ...)
+ TODO: check
+CVE-2025-23271 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the ...)
+ TODO: check
+CVE-2025-23255 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the ...)
+ TODO: check
+CVE-2025-23248 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the ...)
+ TODO: check
+CVE-2025-21488 (Information disclosure while decoding this RTP packet headers received ...)
+ TODO: check
+CVE-2025-21487 (Information disclosure while decoding RTP packet received by UE from t ...)
+ TODO: check
+CVE-2025-21484 (Information disclosure when UE receives the RTP packet from the networ ...)
+ TODO: check
+CVE-2025-21483 (Memory corruption when the UE receives an RTP packet from the network, ...)
+ TODO: check
+CVE-2025-21482 (Cryptographic issue while performing RSA PKCS padding decoding.)
+ TODO: check
+CVE-2025-21481 (Memory corruption while performing private key encryption in trusted a ...)
+ TODO: check
+CVE-2025-21476 (Memory corruption when passing parameters to the Trusted Virtual Machi ...)
+ TODO: check
+CVE-2025-20365 (A vulnerability in the IPv6 Router Advertisement (RA) packet processin ...)
+ TODO: check
+CVE-2025-20364 (A vulnerability in the Device Analytics action frame processing of Cis ...)
+ TODO: check
+CVE-2025-20352 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
+ TODO: check
+CVE-2025-20339 (A vulnerability in the access control list (ACL) processing of IPv4 pa ...)
+ TODO: check
+CVE-2025-20338 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ TODO: check
+CVE-2025-20334 (A vulnerability in the HTTP API subsystem of Cisco IOS XE Software cou ...)
+ TODO: check
+CVE-2025-20327 (A vulnerability in the web UI of Cisco IOS Software could allow an aut ...)
+ TODO: check
+CVE-2025-20316 (A vulnerability in the access control list (ACL) programming of Cisco ...)
+ TODO: check
+CVE-2025-20315 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
+ TODO: check
+CVE-2025-20314 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ TODO: check
+CVE-2025-20313 (Multiple vulnerabilities in Cisco IOS XE Software of could allow an au ...)
+ TODO: check
+CVE-2025-20312 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
+ TODO: check
+CVE-2025-20311 (A vulnerability in the handling of certain Ethernet frames in Cisco IO ...)
+ TODO: check
+CVE-2025-20293 (A vulnerability in the Day One setup process of Cisco IOS XE Software ...)
+ TODO: check
+CVE-2025-20240 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2025-20160 (A vulnerability in the implementation of the TACACS+ protocol in Cisco ...)
+ TODO: check
+CVE-2025-20149 (A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Soft ...)
+ TODO: check
+CVE-2025-10909 (A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. Th ...)
+ TODO: check
+CVE-2025-10906 (A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on ma ...)
+ TODO: check
+CVE-2025-10360 (In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key ...)
+ TODO: check
+CVE-2025-39890 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.16.3-1
[trixie] - linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/89142d34d5602c7447827beb181fa06eb08b9d5c (6.16-rc1)
-CVE-2025-39889 [Bluetooth: l2cap: Check encryption key size on incoming connection]
+CVE-2025-39889 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.16.3-1
[trixie] - linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/522e9ed157e3c21b4dd623c79967f72c21e45b78 (6.15-rc3)
-CVE-2024-58241 [Bluetooth: hci_core: Disable works on hci_unregister_dev]
+CVE-2024-58241 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/989fa5171f005ecf63440057218d8aeb1795287d (6.12-rc5)
CVE-2025-9966 (Improper privilege management vulnerability in Novakon P series allows ...)
@@ -190,16 +390,16 @@ CVE-2025-10894
NOT-FOR-US: Compromised Node nx package
CVE-2025-6921 (The huggingface/transformers library, versions prior to 4.53.0, is vul ...)
NOT-FOR-US: huggingface/transformers
-CVE-2025-10890
+CVE-2025-10890 (Side-channel information leakage in V8 in Google Chrome prior to 140.0 ...)
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10891
+CVE-2025-10891 (Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowe ...)
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10892
+CVE-2025-10892 (Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowe ...)
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-60020 [NNCP path traversal attack]
+CVE-2025-60020 (nncp before 8.12.0 allows path traversal (for reading or writing) duri ...)
- nncp <unfixed> (bug #1115848)
NOTE: http://www.nncpgo.org/Release-8_005f12_005f0.html
NOTE: http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scWD1A@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7
@@ -2376,19 +2576,19 @@ CVE-2025-30187 (In some circumstances, when DNSdist is configured to use the ngh
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
-CVE-2025-10500
+CVE-2025-10500 (Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowe ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10501
+CVE-2025-10501 (Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allo ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10502
+CVE-2025-10502 (Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10585
+CVE-2025-10585 (Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -8169,7 +8369,7 @@ CVE-2025-55244 (Azure Bot Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-55242 (Exposure of sensitive information to an unauthorized actor in Xbox all ...)
NOT-FOR-US: Microsoft
-CVE-2025-55241 (Azure Entra Elevation of Privilege Vulnerability)
+CVE-2025-55241 (Azure Entra ID Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-55238 (Dynamics 365 FastTrack Implementation Assets Information Disclosure Vu ...)
NOT-FOR-US: Microsoft
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717a37c774632a02fe4a72d4916221ff535bd331
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717a37c774632a02fe4a72d4916221ff535bd331
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250924/0b22dd7f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list