[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 29 21:13:27 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ed1e014 by security tracker role at 2025-09-29T20:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,112 @@
-CVE-2025-41246
+CVE-2025-9648 (A vulnerability in the CivetWeb library's function mg_handle_form_requ ...)
+ TODO: check
+CVE-2025-8868 (In Progress Chef Automate, versions earlier than 4.13.295, on Linux x8 ...)
+ TODO: check
+CVE-2025-7104 (A mass assignment vulnerability exists in danny-avila/librechat, affec ...)
+ TODO: check
+CVE-2025-6724 (In Progress Chef Automate, versions earlier than 4.13.295, on Linux x8 ...)
+ TODO: check
+CVE-2025-61659 (bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index ...)
+ TODO: check
+CVE-2025-57879 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+ TODO: check
+CVE-2025-57878 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+ TODO: check
+CVE-2025-57877 (There is a reflected cross site scripting vulnerability in Esri Portal ...)
+ TODO: check
+CVE-2025-57876 (There is a stored Cross-site Scripting vulnerability in Esri Portal f ...)
+ TODO: check
+CVE-2025-57875 (There is a reflected cross site scripting vulnerability in Esri Portal ...)
+ TODO: check
+CVE-2025-57874 (There is a reflected cross site scripting vulnerability in Esri Portal ...)
+ TODO: check
+CVE-2025-57873 (There is a reflected cross site scripting vulnerability in Esri Portal ...)
+ TODO: check
+CVE-2025-57872 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+ TODO: check
+CVE-2025-57871 (There is a reflected cross site scripting vulnerability in Esri Portal ...)
+ TODO: check
+CVE-2025-57516 (OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, ...)
+ TODO: check
+CVE-2025-57483 (A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbo ...)
+ TODO: check
+CVE-2025-57428 (Default credentials in Italy Wireless Mini Router WIRELESS-N 300M v28K ...)
+ TODO: check
+CVE-2025-57424 (A stored cross-site scripting (XSS) vulnerability exists in the MyCour ...)
+ TODO: check
+CVE-2025-57197 (In the Payeer Android application 2.5.0, an improper access control vu ...)
+ TODO: check
+CVE-2025-56807 (A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate ...)
+ TODO: check
+CVE-2025-56795 (Mealie 3.0.1 and earlier is vulnerable to Cross-Site Scripting (XSS) i ...)
+ TODO: check
+CVE-2025-56764 (Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reve ...)
+ TODO: check
+CVE-2025-56449 (A security vulnerability was identified in Obsidian Scheduler's REST A ...)
+ TODO: check
+CVE-2025-56234 (AT_NA2000 from Nanda Automation Technology vendor has a denial-of-serv ...)
+ TODO: check
+CVE-2025-56233 (Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. ...)
+ TODO: check
+CVE-2025-55795 (The openml/openml.org web application version v2.0.20241110 uses incre ...)
+ TODO: check
+CVE-2025-51495 (An integer overflow vulnerability exists in the WebSocket component of ...)
+ TODO: check
+CVE-2025-43400 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2025-41252 (Description: VMware NSX contains a username enumeration vulnerability. ...)
+ TODO: check
+CVE-2025-41251 (VMware NSX contains a weak password recovery mechanism vulnerability. ...)
+ TODO: check
+CVE-2025-41250 (VMware vCenter contains an SMTP header injection vulnerability.A malic ...)
+ TODO: check
+CVE-2025-36352 (IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored c ...)
+ TODO: check
+CVE-2025-36351 (IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenti ...)
+ TODO: check
+CVE-2025-36099 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial ...)
+ TODO: check
+CVE-2025-35034 (Medical Informatics Engineering Enterprise Health has a reflected cros ...)
+ TODO: check
+CVE-2025-35033 (Medical Informatics Engineering Enterprise Health has a CSV injection ...)
+ TODO: check
+CVE-2025-35032 (Medical Informatics Engineering Enterprise Health allows authenticated ...)
+ TODO: check
+CVE-2025-35031 (Medical Informatics Engineering Enterprise Health includes the user's ...)
+ TODO: check
+CVE-2025-35030 (Medical Informatics Engineering Enterprise Health has a cross site req ...)
+ TODO: check
+CVE-2025-34196 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-11155 (The credentials required to access the device's web server are sent in ...)
+ TODO: check
+CVE-2025-11150
+ REJECTED
+CVE-2025-11147 (Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...)
+ TODO: check
+CVE-2025-11146 (Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...)
+ TODO: check
+CVE-2025-10346 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a sto ...)
+ TODO: check
+CVE-2025-10345 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a sto ...)
+ TODO: check
+CVE-2025-10344 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a sto ...)
+ TODO: check
+CVE-2025-10343 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a sto ...)
+ TODO: check
+CVE-2025-10342 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a sto ...)
+ TODO: check
+CVE-2025-10341 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a sto ...)
+ TODO: check
+CVE-2024-57412 (An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of S ...)
+ TODO: check
+CVE-2024-13150 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-41246 (VMware Tools for Windows contains an improper authorisationvulnerabili ...)
NOT-FOR-US: VMware Tools for Windows
-CVE-2025-41245
+CVE-2025-41245 (VMware Aria Operations contains an information disclosure vulnerabilit ...)
NOT-FOR-US: WMware
-CVE-2025-41244
+CVE-2025-41244 (VMware Aria Operations and VMware Tools contain a local privilege esca ...)
- open-vm-tools <unfixed>
[trixie] - open-vm-tools <no-dsa> (Will be fixed via point release)
[bookworm] - open-vm-tools <no-dsa> (Will be fixed via point release)
@@ -2862,15 +2966,15 @@ CVE-2025-34197 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host vers
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-34195 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
-CVE-2025-34194 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+CVE-2025-34194 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
-CVE-2025-34193 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+CVE-2025-34193 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-34192 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-34191 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
-CVE-2025-34190 (Vasion Print (formerly PrinterLogic) Virtual Appliance Hostand Applica ...)
+CVE-2025-34190 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-34189 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
@@ -31625,7 +31729,7 @@ CVE-2025-6494 (A vulnerability was found in sparklemotion nokogiri c29c920907366
NOTE: Fixed in: https://github.com/sparklemotion/nokogiri/commit/a17dec46112931a3f43dd21c004e8418457166ef
NOTE: https://github.com/sparklemotion/nokogiri/issues/3508
NOTE: https://github.com/sparklemotion/nokogiri/pull/3524
-CVE-2025-6493 (A vulnerability was found in CodeMirror up to 5.17.0 and classified as ...)
+CVE-2025-6493 (A weakness has been identified in CodeMirror up to 5.65.20. Affected i ...)
- codemirror-js <unfixed> (bug #1108477)
[trixie] - codemirror-js <no-dsa> (Minor issue)
[bookworm] - codemirror-js <no-dsa> (Minor issue)
@@ -161593,7 +161697,7 @@ CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyn
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
NOTE: https://github.com/aio-libs/aiohttp/pull/8319
NOTE: https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397 (v3.9.4)
-CVE-2024-24910 (A local attacker can escalate privileges on affected Check Point ZoneA ...)
+CVE-2024-24910 (A local attacker can erscalate privileges on affected Check Point Zone ...)
NOT-FOR-US: Check Point
CVE-2024-23557 (HCL Connections contains a user enumeration vulnerability. Certain act ...)
NOT-FOR-US: HCL
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed1e014ff79f5fea645aed244c2de7e8b6dde8b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed1e014ff79f5fea645aed244c2de7e8b6dde8b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250929/c61f7fc6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list