[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11566071 by security tracker role at 2025-09-25T20:13:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2025-60249 (vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and u ...)
+	TODO: check
+CVE-2025-60019 (glib-networking's OpenSSL backend fails to properly check the return v ...)
+	TODO: check
+CVE-2025-60018 (glib-networking's OpenSSL backend fails to properly check the return v ...)
+	TODO: check
+CVE-2025-5494 (ZohoCorp ManageEngine Endpoint Central was impacted by an improper pri ...)
+	TODO: check
+CVE-2025-59841 (Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2. ...)
+	TODO: check
+CVE-2025-59839 (The EmbedVideo Extension is a MediaWiki extension which adds a parser  ...)
+	TODO: check
+CVE-2025-59838 (Monkeytype is a minimalistic and customizable typing test. In versions ...)
+	TODO: check
+CVE-2025-59834 (ADB MCP Server is a MCP (Model Context Protocol) server for interactin ...)
+	TODO: check
+CVE-2025-59832 (Horilla is a free and open source Human Resource Management System (HR ...)
+	TODO: check
+CVE-2025-59831 (git-commiters is a Node.js function module providing committers stats  ...)
+	TODO: check
+CVE-2025-59830 (Rack is a modular Ruby web server interface. Prior to version 2.2.18,  ...)
+	TODO: check
+CVE-2025-59823 (Project Gardener implements the automated management and operation of  ...)
+	TODO: check
+CVE-2025-59817 (This vulnerability allows attackers to execute arbitrary commands on t ...)
+	TODO: check
+CVE-2025-59816 (This vulnerability allows attackers to directly query the underlying d ...)
+	TODO: check
+CVE-2025-59815 (This vulnerability allows malicious actors to execute arbitrary comman ...)
+	TODO: check
+CVE-2025-59814 (This vulnerability allows malicious actors to gain unauthorized access ...)
+	TODO: check
+CVE-2025-59426 (Lobe Chat is an open-source artificial intelligence chat framework. Pr ...)
+	TODO: check
+CVE-2025-59422 (Dify is an open-source LLM app development platform. In version 1.8.1, ...)
+	TODO: check
+CVE-2025-57632 (libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 ch ...)
+	TODO: check
+CVE-2025-57623 (A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2 ...)
+	TODO: check
+CVE-2025-57446 (An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release en ...)
+	TODO: check
+CVE-2025-57317 (apidoc-core is the core parser library to generate apidoc result follo ...)
+	TODO: check
+CVE-2025-55560 (An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when  ...)
+	TODO: check
+CVE-2025-55559 (An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS)  ...)
+	TODO: check
+CVE-2025-55558 (A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consis ...)
+	TODO: check
+CVE-2025-55557 (A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of ...)
+	TODO: check
+CVE-2025-55556 (TensorFlow v2.18.0 was discovered to output random results when compil ...)
+	TODO: check
+CVE-2025-55554 (pytorch v2.8.0 was discovered to contain an integer overflow in the co ...)
+	TODO: check
+CVE-2025-55553 (A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allo ...)
+	TODO: check
+CVE-2025-55552 (pytorch v2.8.0 was discovered to display unexpected behavior when the  ...)
+	TODO: check
+CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0 allows att ...)
+	TODO: check
+CVE-2025-48707 (An issue was discovered in Stormshield Network Security (SNS) before 5 ...)
+	TODO: check
+CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in decomposi ...)
+	TODO: check
+CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output ...)
+	TODO: check
+CVE-2025-46150 (In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool ...)
+	TODO: check
+CVE-2025-46149 (In PyTorch before 2.7.0, when inductor is used, nn.Fold has an asserti ...)
+	TODO: check
+CVE-2025-46148 (In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) ...)
+	TODO: check
+CVE-2025-43993 (Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS  ...)
+	TODO: check
+CVE-2025-43943 (Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an ...)
+	TODO: check
+CVE-2025-40838 (Ericsson Indoor Connect 8855 contains a vulnerability where server-sid ...)
+	TODO: check
+CVE-2025-40837 (Ericsson Indoor Connect 8855 contains a missing authorization vulnerab ...)
+	TODO: check
+CVE-2025-40836 (Ericsson Indoor Connect 8855 contains an improper input validation vul ...)
+	TODO: check
+CVE-2025-40698 (SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting.  ...)
+	TODO: check
+CVE-2025-36857 (Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken acce ...)
+	TODO: check
+CVE-2025-36601 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an  ...)
+	TODO: check
+CVE-2025-34227 (Nagios XI < 2026R1 is vulnerable to an authenticated command injection ...)
+	TODO: check
+CVE-2025-33116 (IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerabl ...)
+	TODO: check
+CVE-2025-29157 (An issue in petstore v.1.0.7 allows a remote attacker to execute arbit ...)
+	TODO: check
+CVE-2025-29156 (Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote ...)
+	TODO: check
+CVE-2025-29155 (An issue in petstore v.1.0.7 allows a remote attacker to execute arbit ...)
+	TODO: check
+CVE-2025-27262 (Ericsson Indoor Connect 8855 contains a command injection vulnerabilit ...)
+	TODO: check
+CVE-2025-27261 (Ericsson Indoor Connect 8855 contains a SQL injection vulnerability wh ...)
+	TODO: check
+CVE-2025-26333 (Dell Crypto-J generates an error message that includes sensitive infor ...)
+	TODO: check
+CVE-2025-26278 (A prototype pollution in the lib.set function of dref v0.1.2 allows at ...)
+	TODO: check
+CVE-2025-20363 (A vulnerability in the web services of Cisco Secure Firewall Adaptive  ...)
+	TODO: check
+CVE-2025-20362 (A vulnerability in the VPN web server of Cisco Secure Firewall Adaptiv ...)
+	TODO: check
+CVE-2025-20333 (A vulnerability in the VPN web server of Cisco Secure Firewall Adaptiv ...)
+	TODO: check
+CVE-2025-10964 (A weakness has been identified in Wavlink NU516U1. Affected by this vu ...)
+	TODO: check
+CVE-2025-10963 (A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425.  ...)
+	TODO: check
+CVE-2025-10962 (A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This  ...)
+	TODO: check
+CVE-2025-10961 (A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This  ...)
+	TODO: check
+CVE-2025-10960 (A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impact ...)
+	TODO: check
+CVE-2025-10959 (A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The a ...)
+	TODO: check
+CVE-2025-10958 (A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is th ...)
+	TODO: check
+CVE-2025-10957 (This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router d ...)
+	TODO: check
+CVE-2025-10953 (A security vulnerability has been detected in UTT 1200GW and 1250GW up ...)
+	TODO: check
+CVE-2025-10952 (A security flaw has been discovered in geyang ml-logger up to acf255ba ...)
+	TODO: check
+CVE-2025-10951 (A vulnerability was identified in geyang ml-logger up to acf255bade5be ...)
+	TODO: check
+CVE-2025-10950 (A vulnerability was determined in geyang ml-logger up to acf255bade5be ...)
+	TODO: check
+CVE-2025-10949 (A vulnerability was found in Changsha Developer Technology iView Edito ...)
+	TODO: check
+CVE-2025-10948 (A vulnerability has been found in MikroTik RouterOS 7. This affects th ...)
+	TODO: check
+CVE-2025-10947 (A flaw has been found in Sistemas Pleno Gest\xe3o de Loca\xe7\xe3o up  ...)
+	TODO: check
+CVE-2025-10946 (A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0 ...)
+	TODO: check
+CVE-2025-10945 (A security vulnerability has been detected in nuz007 smsboom up to 01b ...)
+	TODO: check
+CVE-2025-10944 (A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb ...)
+	TODO: check
+CVE-2025-10943 (A security flaw has been discovered in MikeCen WeChat-Face-Recognition ...)
+	TODO: check
+CVE-2025-10942 (A vulnerability was identified in H3C Magic B3 up to 100R002. This aff ...)
+	TODO: check
+CVE-2025-10941 (A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.1 ...)
+	TODO: check
+CVE-2025-10940 (A vulnerability was found in Total.js CMS 1.0.0. Affected by this vuln ...)
+	TODO: check
+CVE-2025-10911 (A use-after-free vulnerability was found in libxslt while parsing xsl  ...)
+	TODO: check
+CVE-2025-10880 (All versions of Dingtian DT-R002 are vulnerable to an Insufficiently P ...)
+	TODO: check
+CVE-2025-10879 (All versions of Dingtian DT-R002 are vulnerable to an Insufficiently P ...)
+	TODO: check
+CVE-2025-10542 (iMonitor EAM 9.6394 ships with default administrative credentials that ...)
+	TODO: check
+CVE-2025-10541 (iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that r ...)
+	TODO: check
+CVE-2025-10540 (iMonitor EAM 9.6394 transmits communication between the EAM client age ...)
+	TODO: check
+CVE-2025-10467 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-10449 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-10438 (Path Traversal: 'dir/../../filename' vulnerability in Yordam Informati ...)
+	TODO: check
+CVE-2024-48014 (Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an O ...)
+	TODO: check
+CVE-2020-36851 (Rob -- W / cors-anywhere instances configured as an open proxy allow u ...)
+	TODO: check
 CVE-2025-59833 (Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1. ...)
 	NOT-FOR-US: Flag Forge
 CVE-2025-59827 (Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the ...)
@@ -4017,7 +4197,7 @@ CVE-2022-50339 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f74ca25d6d6629ffd4fd80a1a73037253b57d06b (6.1-rc1)
 CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2 ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -4025,7 +4205,7 @@ CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10537
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10537
 CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -4039,7 +4219,7 @@ CVE-2025-10534 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
 	- firefox 143.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10534
 CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefo ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -4047,7 +4227,7 @@ CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28,
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10533
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10533
 CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -4061,7 +4241,7 @@ CVE-2025-10530 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10530
 CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -4069,7 +4249,7 @@ CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10529
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10529
 CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -4077,7 +4257,7 @@ CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10528
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10528
 CVE-2025-10527 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
-	{DSA-6003-1 DLA-4305-1}
+	{DSA-6011-1 DSA-6003-1 DLA-4305-1}
 	- firefox 143.0-1
 	- firefox-esr 140.3.0esr-1
 	- thunderbird 1:140.3.0esr-1
@@ -24583,7 +24763,7 @@ CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flag
 	NOTE: 2.9.14+dfsg-1.3~deb12u4) mitigate the issue in trixie and bookworm.
 	NOTE: Potential libxslt-only solution: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140#note_2513942
 CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field, psvi,  ...)
-	{DSA-5979-1}
+	{DSA-5979-1 DLA-4309-1}
 	- libxslt 1.1.35-2 (bug #1109123)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379228
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
@@ -206582,7 +206762,7 @@ CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue
 CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...)
-	{DSA-5979-1}
+	{DSA-5979-1 DLA-4309-1}
 	- libxslt 1.1.35-2 (bug #1108074; unimportant)
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d (v1.1.38)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115660711ce0f033bf98df325dac6b9d7e8af096

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115660711ce0f033bf98df325dac6b9d7e8af096
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250925/b9ae04cb/attachment-0001.htm>