[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 3 08:13:05 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d74b53f by security tracker role at 2026-02-03T08:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2026-25228 (Signal K Server is a server application that runs on a central hub in ...)
+ TODO: check
+CVE-2026-25222 (PolarLearn is a free and open-source learning program. In 0-PRERELEASE ...)
+ TODO: check
+CVE-2026-25221 (PolarLearn is a free and open-source learning program. In 0-PRERELEASE ...)
+ TODO: check
+CVE-2026-25144 (Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in ...)
+ TODO: check
+CVE-2026-25142 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJ ...)
+ TODO: check
+CVE-2026-25137 (The NixOs Odoo package is an open source ERP and CRM system. From 21.1 ...)
+ TODO: check
+CVE-2026-25134 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2026-25060 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, cer ...)
+ TODO: check
+CVE-2026-25059 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the ...)
+ TODO: check
+CVE-2026-24936 (When a specific function is enabled while joining a AD Domain from ADM ...)
+ TODO: check
+CVE-2026-24935 (A third-party NAT traversal module fails to validate SSL/TLS certifica ...)
+ TODO: check
+CVE-2026-24934 (The DDNS function uses an insecure HTTP connection or fails to validat ...)
+ TODO: check
+CVE-2026-24933 (The API communication component fails to validate the SSL/TLS certific ...)
+ TODO: check
+CVE-2026-24932 (The DDNS update function in ADM fails to properly validate the hostnam ...)
+ TODO: check
+CVE-2026-24763 (OpenClaw (formerly Clawdbot) is a personal AI assistant you run on yo ...)
+ TODO: check
+CVE-2026-24737 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...)
+ TODO: check
+CVE-2026-24694 (The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely ...)
+ TODO: check
+CVE-2026-24471 (continuwuity is a Matrix homeserver written in Rust. This vulnerabilit ...)
+ TODO: check
+CVE-2026-24465 (Stack-based buffer overflow vulnerability exists in ELECOM wireless LA ...)
+ TODO: check
+CVE-2026-24449 (For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be cal ...)
+ TODO: check
+CVE-2026-24133 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...)
+ TODO: check
+CVE-2026-24051 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTe ...)
+ TODO: check
+CVE-2026-24043 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...)
+ TODO: check
+CVE-2026-24040 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the ...)
+ TODO: check
+CVE-2026-24007 (Tuleap is an Open Source Suite for management of software development ...)
+ TODO: check
+CVE-2026-23997 (FacturaScripts is open-source enterprise resource planning and account ...)
+ TODO: check
+CVE-2026-23515 (Signal K Server is a server application that runs on a central hub in ...)
+ TODO: check
+CVE-2026-23476 (FacturaScripts is open-source enterprise resource planning and account ...)
+ TODO: check
+CVE-2026-22780 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2026-22778 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2026-22550 (OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X15 ...)
+ TODO: check
+CVE-2026-20704 (Cross-site request forgery vulnerability exists in WRC-X1500GS-B and W ...)
+ TODO: check
+CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xqui ...)
+ TODO: check
+CVE-2026-1778 (Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS cer ...)
+ TODO: check
+CVE-2026-1777 (The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes th ...)
+ TODO: check
+CVE-2026-1730 (The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2026-1592 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site script ...)
+ TODO: check
+CVE-2026-1591 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site script ...)
+ TODO: check
+CVE-2026-1447 (The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2026-1375 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2026-1371 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2026-1210 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2026-1065 (The Form Maker by 10Web plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2026-1058 (The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-0950 (The Spectra Gutenberg Blocks \u2013 Website Builder for the Block Edit ...)
+ TODO: check
+CVE-2026-0924 (BuhoCleanercontains an insecure XPC service that allows local, unprivi ...)
+ TODO: check
+CVE-2026-0909 (The WP ULike plugin for WordPress is vulnerable to Insecure Direct Obj ...)
+ TODO: check
+CVE-2026-0617 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2026-0383 (A vulnerability in Brocade Fabric OS could allow an authenticated, loc ...)
+ TODO: check
+CVE-2025-9711 (A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevat ...)
+ TODO: check
+CVE-2025-8590 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2025-8589 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-70960 (A stored cross-site scripting (XSS) vulnerability in the Forums module ...)
+ TODO: check
+CVE-2025-70959 (A stored cross-site scripting (XSS) vulnerability in the Jobs module o ...)
+ TODO: check
+CVE-2025-70958 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the i ...)
+ TODO: check
+CVE-2025-69207 (Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-be ...)
+ TODO: check
+CVE-2025-66480 (Wildfire IM is an instant messaging and real-time audio/video solution ...)
+ TODO: check
+CVE-2025-61650 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-61649 (Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is ...)
+ TODO: check
+CVE-2025-61647 (Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is ...)
+ TODO: check
+CVE-2025-61644 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-58383 (A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could all ...)
+ TODO: check
+CVE-2025-58382 (A vulnerability in the secure configuration of authentication and man ...)
+ TODO: check
+CVE-2025-58381 (A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an a ...)
+ TODO: check
+CVE-2025-58380 (A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authe ...)
+ TODO: check
+CVE-2025-58379 (Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a ...)
+ TODO: check
+CVE-2025-36436 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fi ...)
+ TODO: check
+CVE-2025-36253 (IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographi ...)
+ TODO: check
+CVE-2025-36238 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through ...)
+ TODO: check
+CVE-2025-36194 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through ...)
+ TODO: check
+CVE-2025-15556 (Notepad++ versions prior to 8.8.9, when using the WinGUp updater, cont ...)
+ TODO: check
+CVE-2025-14274 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-13096 (IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF ...)
+ TODO: check
+CVE-2025-12774 (A vulnerability in the migration script for Brocade SANnav before 3.0 ...)
+ TODO: check
+CVE-2025-12773 (A vulnerability in update-reports-purge-settings.sh script logging for ...)
+ TODO: check
+CVE-2025-12772 (Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin p ...)
+ TODO: check
+CVE-2025-12680 (Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in ...)
+ TODO: check
+CVE-2025-12679 (A vulnerability in Brocade SANnav before 2.4.0b prints the Password-B ...)
+ TODO: check
CVE-2026-24514
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-24513
@@ -1856,6 +2012,7 @@ CVE-2025-69562 (code-projects Mobile Shop Management System 1.0 is vulnerable to
CVE-2025-69559 (code-projects Computer Book Store 1.0 is vulnerable to File Upload in ...)
NOT-FOR-US: code-projects
CVE-2025-68670 (xrdp is an open source RDP server. xrdp before v0.10.5 contains an una ...)
+ {DLA-4464-1}
[experimental] - xrdp 0.10.5-1
- xrdp 0.10.1-4.1 (bug #1126537)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f
@@ -22057,7 +22214,7 @@ CVE-2025-67897 (In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphe
[bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)
[bullseye] - rust-sequoia-openpgp <ignored> (Minor issue)
NOTE: Fixed by: https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5 (openpgp/v2.1.0)
-CVE-2025-67484
+CVE-2025-67484 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22066,7 +22223,7 @@ CVE-2025-67484
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1203865 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1208038 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1208364 (REL1_39)
-CVE-2025-67483
+CVE-2025-67483 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.6+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.40)
@@ -22075,7 +22232,7 @@ CVE-2025-67483
NOTE: https://phabricator.wikimedia.org/T409226
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217337 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217299 (REL1_43)
-CVE-2025-67482
+CVE-2025-67482 (Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22083,7 +22240,7 @@ CVE-2025-67482
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1217290 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1217293 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1217289 (REL1_39)
-CVE-2025-67481
+CVE-2025-67481 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22091,7 +22248,7 @@ CVE-2025-67481
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217338 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217300 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217287 (REL1_39)
-CVE-2025-67480
+CVE-2025-67480 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22099,7 +22256,7 @@ CVE-2025-67480
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217336 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217298 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217286 (REL1_39)
-CVE-2025-67479
+CVE-2025-67479 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22107,7 +22264,7 @@ CVE-2025-67479
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217335 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217297 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217285 (REL1_39)
-CVE-2025-67478
+CVE-2025-67478 (Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22115,7 +22272,7 @@ CVE-2025-67478
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217334 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217296 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217284 (REL1_39)
-CVE-2025-67477
+CVE-2025-67477 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.6+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
@@ -22124,12 +22281,12 @@ CVE-2025-67477
NOTE: https://phabricator.wikimedia.org/T406639
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217332 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217295 (REL1_43)
-CVE-2025-67476
+CVE-2025-67476 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
- mediawiki <not-affected> (Vulnerable code not present, introduced in 1.44)
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
NOTE: https://phabricator.wikimedia.org/T405859
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217333 (master)
-CVE-2025-67475
+CVE-2025-67475 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4428-1}
- mediawiki 1:1.43.6+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -35552,7 +35709,7 @@ CVE-2025-40106 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE: https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)
-CVE-2025-11261
+CVE-2025-11261 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T406322
@@ -40323,7 +40480,7 @@ CVE-2025-60016 (When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC)
NOT-FOR-US: F5
CVE-2025-60015 (An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that ...)
NOT-FOR-US: F5
-CVE-2025-60013 (When a user attempts to initialize the rSeries FIPS module using a pas ...)
+CVE-2025-60013 (When a highly-privileged, authenticated attacker attempts to initializ ...)
NOT-FOR-US: F5
CVE-2025-59781 (When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual se ...)
NOT-FOR-US: F5
@@ -45537,23 +45694,23 @@ CVE-2025-61962 (In fetchmail before 6.5.6, the SMTP client can crash when authen
NOTE: https://www.fetchmail.info/fetchmail-SA-2025-01.txt
NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8 (6.5.6)
NOTE: Followup: https://gitlab.com/fetchmail/fetchmail/-/commit/3c9e49d70e5d958f10b94fc58b3c5046f87cff7a (6.5.7)
-CVE-2025-61656 [Sanitize attributes unwrapped from data-ve-attributes]
+CVE-2025-61656 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T397232
NOTE: https://gerrit.wikimedia.org/r/c/VisualEditor/VisualEditor/+/1193247
-CVE-2025-61655 [Properly escape and parse system messages]
+CVE-2025-61655 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T395858
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/1193248
-CVE-2025-61657 [Insert sticky header labels as text instead of HTML]
+CVE-2025-61657 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: http://phabricator.wikimedia.org/T398636
-CVE-2025-61654 [Exclude deleted entries when counting thanks]
+CVE-2025-61654 (Vulnerability in Wikimedia Foundation Thanks. This vulnerability is as ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
@@ -45613,12 +45770,12 @@ CVE-2025-10895
REJECTED
CVE-2025-10653 (An unauthenticated debug port may allow access to the device file syst ...)
NOT-FOR-US: Raise3D
-CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
+CVE-2025-61653 (Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: http://phabricator.wikimedia.org/T397577
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TextExtracts/+/1193249
-CVE-2025-11173
+CVE-2025-11173 (Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T401862
@@ -45632,33 +45789,33 @@ CVE-2025-11175 (Improper Neutralization of Special Elements used in an Expressio
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T364910
NOTE: https://phabricator.wikimedia.org/T396248
-CVE-2025-61652 [In API check user read permissions before showing PageInfo]
+CVE-2025-61652 (Vulnerability in Wikimedia Foundation DiscussionTools.This issue affec ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T397580
-CVE-2025-61635 [ApiFancyCaptchaReload: Reuse badcaptcha rate limit]
+CVE-2025-61635 (Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: http://phabricator.wikimedia.org/T355073
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ConfirmEdit/+/1193206
-CVE-2025-61648
+CVE-2025-61648 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: MediaWiki extension CheckUser
-CVE-2025-61658
+CVE-2025-61658 (Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is ...)
NOT-FOR-US: MediaWiki extension CheckUser
-CVE-2025-61651
+CVE-2025-61651 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: MediaWiki extension CheckUser
-CVE-2025-61646 [Prevent leaking hidden usernames in Watchlist/RecentChanges]
+CVE-2025-61646 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T398706
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193226
-CVE-2025-61645 [Fix i18n XSS in CodexTablePager]
+CVE-2025-61645 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki <not-affected> (Introduced in 1.44)
NOTE: http://phabricator.wikimedia.org/T403761
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193202
-CVE-2025-61643 [Don't send suppressed recent changes to RCFeeds]
+CVE-2025-61643 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T403757
@@ -45886,50 +46043,50 @@ CVE-2024-58267 (A vulnerability has been identified within Rancher Manager where
NOT-FOR-US: Rancher
CVE-2024-58260 (A vulnerability has been identified within Rancher Manager where a mis ...)
NOT-FOR-US: Rancher
-CVE-2025-61642 [Escape submit button label for Codex-based HTMLForms]
+CVE-2025-61642 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T402313
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193175
-CVE-2025-61641 [api: Disable maxsize in QueryAllPages in miser mode]
+CVE-2025-61641 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T298690
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193174
-CVE-2025-61640 [Parse messages instead of inserting them as HTML]
+CVE-2025-61640 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T402075
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193173
-CVE-2025-61639 [Use ManualLogEntry::getDeleted in ::getRecentChange]
+CVE-2025-61639 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T280413
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193178
-CVE-2025-61638 [Sanitize data- attributes]
+CVE-2025-61638 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-6085-1 DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T401099
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193172
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193218
NOTE: The fix needs changes in embedded parsoid too: https://gerrit.wikimedia.org/r/c/mediawiki/services/parsoid/+/1192154 (v0.16.6)
-CVE-2025-61637 [Escape three system messages used by live preview]
+CVE-2025-61637 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T394856
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193171
-CVE-2025-61636 [Escape rawElement $content]
+CVE-2025-61636 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T394396
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193170
-CVE-2025-61634 [REST: Set cache-control value of max-age=60 for redirects]
+CVE-2025-61634 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Redirect introduced in 1.40)
@@ -77182,7 +77339,7 @@ CVE-2025-38091 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/2ddac70fed50485aa4ae49cdb7478ce41d8d4715 (6.15-rc7)
CVE-2025-46647 (A vulnerability of pluginopenid-connect in Apache APISIX. This vulner ...)
NOT-FOR-US: Apache APISIX
-CVE-2025-6927
+CVE-2025-6927 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
- mediawiki 1:1.43.3+dfsg-1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
@@ -77198,63 +77355,63 @@ CVE-2025-6926 (Improper Authentication vulnerability in Wikimedia Foundation Med
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1165164 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165090 (REL1_39)
-CVE-2025-6597
+CVE-2025-6597 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T389009
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165116 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165088 (REL1_39)
-CVE-2025-6596
+CVE-2025-6596 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- mediawiki 1:1.43.3+dfsg-1
[bookworm] - mediawiki <not-affected> (Introduced in 1.40)
[bullseye] - mediawiki <not-affected> (Introduced in 1.40)
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T396685
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/skins/Vector/+/1165107 (master)
-CVE-2025-6595
+CVE-2025-6595 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T394863
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165106 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165144 (REL1_39)
-CVE-2025-6594
+CVE-2025-6594 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
{DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T395063
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165115 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165087 (REL1_39)
-CVE-2025-6593
+CVE-2025-6593 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T396230
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165114 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165086 (REL1_39)
-CVE-2025-6592
+CVE-2025-6592 (Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability ...)
- mediawiki 1:1.43.3+dfsg-1
[bookworm] - mediawiki <not-affected> (Only affects 1.44 and later)
[bullseye] - mediawiki <not-affected> (Only affects 1.44 and later)
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T391218
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1143146 (master)
-CVE-2025-6591
+CVE-2025-6591 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
{DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T392276
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165113 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165085 (REL1_39)
-CVE-2025-6590
+CVE-2025-6590 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
{DSA-5957-1 DLA-4249-1}
- mediawiki 1:1.43.3+dfsg-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
NOTE: https://phabricator.wikimedia.org/T392746
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165112 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165084 (REL1_39)
-CVE-2025-6589
+CVE-2025-6589 (Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...)
- mediawiki 1:1.43.3+dfsg-1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
@@ -125730,7 +125887,7 @@ CVE-2025-23413 (When users log in through the webUI or API using local authentic
NOT-FOR-US: F5
CVE-2025-23412 (When BIG-IP APM Access Profile is configured on a virtual server, undi ...)
NOT-FOR-US: F5
-CVE-2025-23239 (When running in Appliance mode, an authenticated remote command inject ...)
+CVE-2025-23239 (When running in Appliance mode, and logged into a highly-privileged ro ...)
NOT-FOR-US: F5
CVE-2025-22891 (When BIG-IP PEM Control Plane listener Virtual Server is configured wi ...)
NOT-FOR-US: F5
@@ -202915,7 +203072,7 @@ CVE-2024-32980 (Spin is the developer tool for building and running serverless a
NOT-FOR-US: Spin
CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
NOT-FOR-US: Vitess
-CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...)
+CVE-2024-32761 (Under certain conditions, a data leak may occur in the Traffic Managem ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-32113 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Apache OFBiz
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d74b53f6da2cef7e5c7a8afe7ae0e08bbe8128a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d74b53f6da2cef7e5c7a8afe7ae0e08bbe8128a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/338f675a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list