[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 26 21:13:26 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6f22a3e by security tracker role at 2025-09-26T20:13:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,307 @@
+CVE-2025-9958 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-9642 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-9267 (In Seagate Toolkit on Windows avulnerability exists in the Toolkit Ins ...)
+ TODO: check
+CVE-2025-7691 (A privilege escalation issue has been discovered in GitLab EE affectin ...)
+ TODO: check
+CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability in HaruT ...)
+ TODO: check
+CVE-2025-60186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60181 (Server-Side Request Forgery (SSRF) vulnerability in silence Silencesof ...)
+ TODO: check
+CVE-2025-60179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60173 (Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST f ...)
+ TODO: check
+CVE-2025-60172 (Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk ...)
+ TODO: check
+CVE-2025-60171 (Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditi ...)
+ TODO: check
+CVE-2025-60170 (Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HT ...)
+ TODO: check
+CVE-2025-60169 (Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technolog ...)
+ TODO: check
+CVE-2025-60167 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-60166 (Missing Authorization vulnerability in wpshuffle WP Subscription Forms ...)
+ TODO: check
+CVE-2025-60165 (Missing Authorization vulnerability in HaruTheme Frames allows Exploit ...)
+ TODO: check
+CVE-2025-60164 (Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp ...)
+ TODO: check
+CVE-2025-60163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60161 (Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlock ...)
+ TODO: check
+CVE-2025-60160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60159 (Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletr\xf ...)
+ TODO: check
+CVE-2025-60158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60156 (Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For ...)
+ TODO: check
+CVE-2025-60155 (Missing Authorization vulnerability in loopus WP Virtual Assistant all ...)
+ TODO: check
+CVE-2025-60154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60153 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60152 (Missing Authorization vulnerability in wpshuffle Subscribe To Unlock a ...)
+ TODO: check
+CVE-2025-60150 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60148 (Missing Authorization vulnerability in wpshuffle Subscribe to Download ...)
+ TODO: check
+CVE-2025-60147 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60146 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60145 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss ...)
+ TODO: check
+CVE-2025-60144 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60143 (Missing Authorization vulnerability in netgsm Netgsm allows Exploiting ...)
+ TODO: check
+CVE-2025-60142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60141 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60140 (Insertion of Sensitive Information Into Sent Data vulnerability in the ...)
+ TODO: check
+CVE-2025-60139 (Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipp ...)
+ TODO: check
+CVE-2025-60138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60137 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Pos ...)
+ TODO: check
+CVE-2025-60136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60133 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60130 (Missing Authorization vulnerability in wedos.com WEDOS Global allows A ...)
+ TODO: check
+CVE-2025-60129 (Missing Authorization vulnerability in Yext Yext allows Accessing Func ...)
+ TODO: check
+CVE-2025-60128 (Missing Authorization vulnerability in WP Delicious Delisho allows Exp ...)
+ TODO: check
+CVE-2025-60127 (Missing Authorization vulnerability in ArtistScope CopySafe Web Protec ...)
+ TODO: check
+CVE-2025-60126 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60125 (Insertion of Sensitive Information Into Sent Data vulnerability in the ...)
+ TODO: check
+CVE-2025-60124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60123 (Missing Authorization vulnerability in HivePress HivePress Claim Listi ...)
+ TODO: check
+CVE-2025-60122 (Missing Authorization vulnerability in HivePress HivePress Claim Listi ...)
+ TODO: check
+CVE-2025-60121 (Missing Authorization vulnerability in Ex-Themes WooEvents allows Expl ...)
+ TODO: check
+CVE-2025-60120 (Missing Authorization vulnerability in wpdirectorykit WP Directory Kit ...)
+ TODO: check
+CVE-2025-60119 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-60118 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-60117 (Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica C ...)
+ TODO: check
+CVE-2025-60116 (Missing Authorization vulnerability in ThemeGoods Grand Conference The ...)
+ TODO: check
+CVE-2025-60115 (Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instap ...)
+ TODO: check
+CVE-2025-60114 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-60113 (Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu ...)
+ TODO: check
+CVE-2025-60112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60111 (Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Cor ...)
+ TODO: check
+CVE-2025-60110 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-60109 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-60108 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-60107 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-60106 (Missing Authorization vulnerability in Roxnor EmailKit allows Exploiti ...)
+ TODO: check
+CVE-2025-60105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60103 (Missing Authorization vulnerability in CridioStudio ListingPro allows ...)
+ TODO: check
+CVE-2025-60102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60100 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-60099 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60098 (Missing Authorization vulnerability in Jeff Farthing Theme My Login al ...)
+ TODO: check
+CVE-2025-60097 (Missing Authorization vulnerability in CodexThemes TheGem allows Explo ...)
+ TODO: check
+CVE-2025-60096 (Missing Authorization vulnerability in CodexThemes TheGem (Elementor) ...)
+ TODO: check
+CVE-2025-60095 (Insertion of Sensitive Information Into Sent Data vulnerability in Ben ...)
+ TODO: check
+CVE-2025-60094 (Missing Authorization vulnerability in Benjamin Intal Stackable allows ...)
+ TODO: check
+CVE-2025-60093 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download M ...)
+ TODO: check
+CVE-2025-60092 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-60040 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-5069 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for continuou ...)
+ TODO: check
+CVE-2025-59843 (Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 t ...)
+ TODO: check
+CVE-2025-59842 (jupyterlab is an extensible environment for interactive and reproducib ...)
+ TODO: check
+CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This oc ...)
+ TODO: check
+CVE-2025-59012 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-59011 (Missing Authorization vulnerability in shinetheme Traveler allows Expl ...)
+ TODO: check
+CVE-2025-59010 (Insertion of Sensitive Information Into Sent Data vulnerability in Mac ...)
+ TODO: check
+CVE-2025-59002 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-58919 (Missing Authorization vulnerability in guihom Wide Banner allows Explo ...)
+ TODO: check
+CVE-2025-58917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58914 (Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes ...)
+ TODO: check
+CVE-2025-58385 (In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be d ...)
+ TODO: check
+CVE-2025-58384 (In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Da ...)
+ TODO: check
+CVE-2025-57692 (PiranhaCMS 12.0 allows stored XSS in the Text content block of Standar ...)
+ TODO: check
+CVE-2025-57292 (Todoist v8484 contains a stored cross-site scripting (XSS) vulnerabili ...)
+ TODO: check
+CVE-2025-56463 (Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) ...)
+ TODO: check
+CVE-2025-56383 (Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace ...)
+ TODO: check
+CVE-2025-55848 (An issue was discovered in DIR-823 firmware 20250416. There is an RCE ...)
+ TODO: check
+CVE-2025-55847 (Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the ...)
+ TODO: check
+CVE-2025-55187 (In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 be ...)
+ TODO: check
+CVE-2025-4957 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media Acclectic Media ...)
+ TODO: check
+CVE-2025-48107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-45994 (An issue in Aranda PassRecovery v1.0 allows attackers to enumerate val ...)
+ TODO: check
+CVE-2025-36326 (IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 ...)
+ TODO: check
+CVE-2025-36274 (IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive informati ...)
+ TODO: check
+CVE-2025-27006 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26258 (Sourcecodester Employee Management System v1.0 is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-1862 (An arbitrary file upload vulnerability exists in multiple WSO2 product ...)
+ TODO: check
+CVE-2025-11060 (A flaw was found in the live query subscription mechanism of the datab ...)
+ TODO: check
+CVE-2025-11042 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2025-11039 (A security vulnerability has been detected in Campcodes Computer Sales ...)
+ TODO: check
+CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic Managemen ...)
+ TODO: check
+CVE-2025-11037 (A security flaw has been discovered in code-projects E-Commerce Websit ...)
+ TODO: check
+CVE-2025-11036 (A vulnerability was identified in code-projects E-Commerce Website 1.0 ...)
+ TODO: check
+CVE-2025-11035 (A vulnerability was determined in Jinher OA 2.0. The impacted element ...)
+ TODO: check
+CVE-2025-11034 (A vulnerability was found in Dibo Data Decision Making System up to 2. ...)
+ TODO: check
+CVE-2025-11033 (A vulnerability has been found in kidaze CourseSelectionSystem up to 4 ...)
+ TODO: check
+CVE-2025-11032 (A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40 ...)
+ TODO: check
+CVE-2025-11031 (A flaw has been found in DataTables up to 1.10.13. The affected elemen ...)
+ TODO: check
+CVE-2025-11030 (A vulnerability was detected in Tutorials-Website Employee Management ...)
+ TODO: check
+CVE-2025-11029 (A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vul ...)
+ TODO: check
+CVE-2025-11028 (A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. Thi ...)
+ TODO: check
+CVE-2025-11027 (A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected ...)
+ TODO: check
+CVE-2025-11026 (A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected ...)
+ TODO: check
+CVE-2025-11025 (Insertion of Sensitive Information Into Sent Data vulnerability in Vim ...)
+ TODO: check
+CVE-2025-11021 (A flaw was found in the cookie date handling logic of the libsoup HTTP ...)
+ TODO: check
+CVE-2025-11019 (A vulnerability has been found in Total.js CMS up to 19.9.0. This impa ...)
+ TODO: check
+CVE-2025-11018 (A flaw has been found in Four-Faith Water Conservancy Informatization ...)
+ TODO: check
+CVE-2025-11017 (A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impact ...)
+ TODO: check
+CVE-2025-11016 (A security vulnerability has been detected in kalcaddle kodbox up to 1 ...)
+ TODO: check
+CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted ...)
+ TODO: check
+CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to 14.4.1. Thi ...)
+ TODO: check
+CVE-2025-11013 (A vulnerability was identified in BehaviorTree up to 4.7.0. This vulne ...)
+ TODO: check
+CVE-2025-11012 (A vulnerability was determined in BehaviorTree up to 4.7.0. This affec ...)
+ TODO: check
+CVE-2025-11011 (A vulnerability was found in BehaviorTree up to 4.7.0. Affected by thi ...)
+ TODO: check
+CVE-2025-11010 (A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...)
+ TODO: check
+CVE-2025-10871 (An issue has been discovered in GitLab EE affecting all versions from ...)
+ TODO: check
+CVE-2025-10868 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-10867 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-10858 (An issue was discovered in GitLab CE/EE affecting all versions before ...)
+ TODO: check
+CVE-2025-10544 (Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.1 ...)
+ TODO: check
CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]
- gimp <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14816
@@ -650,7 +954,7 @@ CVE-2025-20311 (A vulnerability in the handling of certain Ethernet frames in Ci
NOT-FOR-US: Cisco
CVE-2025-20293 (A vulnerability in the Day One setup process of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
-CVE-2025-20240 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+CVE-2025-20240 (A vulnerability in the Web Authentication feature of Cisco IOS XE Soft ...)
NOT-FOR-US: Cisco
CVE-2025-20160 (A vulnerability in the implementation of the TACACS+ protocol in Cisco ...)
NOT-FOR-US: Cisco
@@ -208631,13 +208935,13 @@ CVE-2023-3865 (In the Linux kernel, the following vulnerability has been resolve
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/
NOTE: https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4)
-CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...)
+CVE-2023-4813 (A flaw has been identified in glibc. In an uncommon situation, the gai ...)
- glibc 2.36-3
[bullseye] - glibc <ignored> (Uncommon config required, fix comes along with invasive refactoring, new tests do not all pass, 5th test generated by tst-nss-gai-actions.c fails)
[buster] - glibc <ignored> (Uncommon config required, fix comes along with invasive refactoring, new tests do not all pass on bullseye)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36)
-CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...)
+CVE-2023-4806 (A flaw has been identified in glibc. In an extremely rare situation, t ...)
- glibc 2.37-10
[bookworm] - glibc 2.36-9+deb12u3
[bullseye] - glibc <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f22a3e050030201e53b32f88087cee20d7dbd4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f22a3e050030201e53b32f88087cee20d7dbd4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/9172aa4c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list