Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da409653 by security tracker role at 2025-09-16T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,223 @@
+CVE-2025-9808 (The The Events Calendar plugin for WordPress is vulnerable to
Informat ...)
+ TODO: check
+CVE-2025-6999 (An HTTP Request Smuggling [CWE-444] vulnerability in the
Authenticatio ...)
+ TODO: check
+CVE-2025-6947 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-5518 (Authorization Bypass Through User-Controlled Key vulnerability
with us ...)
+ TODO: check
+CVE-2025-59453 (Click Studios Passwordstate before 9.9 Build 9972 has a
potential auth ...)
+ TODO: check
+CVE-2025-59437 (The ip (aka node-ip) package through 2.0.1 (in NPM) might
allow SSRF b ...)
+ TODO: check
+CVE-2025-59436 (The ip (aka node-ip) package through 2.0.1 (in NPM) might
allow SSRF b ...)
+ TODO: check
+CVE-2025-59332 (3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0
through 1.8 ...)
+ TODO: check
+CVE-2025-59145 (color-name is a JSON with CSS color names. On 8 September
2025, an npm ...)
+ TODO: check
+CVE-2025-59056 (FreePBX is an open-source web-based graphical user interface.
In FreeP ...)
+ TODO: check
+CVE-2025-57118 (An issue in PHPGurukul Online-Library-Management-System v3.0
allows an ...)
+ TODO: check
+CVE-2025-57117 (A Clickjacking vulnerability exists in Rems' Employee
Management Syste ...)
+ TODO: check
+CVE-2025-56448 (The Positron PX360BT SW REV 8 car alarm system is vulnerable
to a repl ...)
+ TODO: check
+CVE-2025-56274 (SourceCodester Web-based Pharmacy Product Management System
1.0 is vul ...)
+ TODO: check
+CVE-2025-55211 (FreePBX is an open-source web-based graphical user interface.
From 17. ...)
+ TODO: check
+CVE-2025-43802 (Stored cross-site scripting (XSS) vulnerability in a custom
object\u20 ...)
+ TODO: check
+CVE-2025-43799 (Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported
versions ...)
+ TODO: check
+CVE-2025-43798 (Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA
through upd ...)
+ TODO: check
+CVE-2025-43797 (In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP
2023.Q4.0, ...)
+ TODO: check
+CVE-2025-43375 (The issue was addressed with improved checks. This issue is
fixed in X ...)
+ TODO: check
+CVE-2025-43372 (The issue was addressed with improved input validation. This
issue is ...)
+ TODO: check
+CVE-2025-43371 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2025-43370 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2025-43369 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-43368 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-43367 (A privacy issue was addressed by moving sensitive data. This
issue is ...)
+ TODO: check
+CVE-2025-43366 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43362 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-43359 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2025-43358 (A permissions issue was addressed with additional sandbox
restrictions ...)
+ TODO: check
+CVE-2025-43357 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2025-43356 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-43355 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2025-43354 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-43353 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2025-43349 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2025-43347 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-43346 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43344 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43343 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43342 (A correctness issue was addressed with improved checks. This
issue is ...)
+ TODO: check
+CVE-2025-43341 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43340 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43337 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2025-43333 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43332 (A file quarantine bypass was addressed with additional checks.
This is ...)
+ TODO: check
+CVE-2025-43331 (A downgrade issue was addressed with additional code-signing
restricti ...)
+ TODO: check
+CVE-2025-43330 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-43329 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43328 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43327 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-43326 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43325 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2025-43321 (The issue was resolved by blocking unsigned services from
launching on ...)
+ TODO: check
+CVE-2025-43319 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-43318 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43317 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43316 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43315 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-43314 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
+CVE-2025-43312 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
+CVE-2025-43311 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43310 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2025-43308 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43307 (This issue was addressed with improved checks to prevent
unauthorized ...)
+ TODO: check
+CVE-2025-43305 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43304 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2025-43303 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-43302 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
+CVE-2025-43301 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2025-43299 (A denial-of-service issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2025-43298 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
+CVE-2025-43297 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2025-43295 (A denial-of-service issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2025-43294 (An issue existed in the handling of environment variables.
This issue ...)
+ TODO: check
+CVE-2025-43293 (The issue was addressed with improved input validation. This
issue is ...)
+ TODO: check
+CVE-2025-43292 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2025-43291 (A permissions issue was addressed by removing the vulnerable
code. Thi ...)
+ TODO: check
+CVE-2025-43287 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43286 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43285 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43283 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43279 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2025-43272 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43263 (The issue was addressed with improved checks. This issue is
fixed in X ...)
+ TODO: check
+CVE-2025-43262 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43231 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43208 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43207 (This issue was addressed with improved entitlements. This
issue is fix ...)
+ TODO: check
+CVE-2025-43204 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-43203 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-43190 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
+CVE-2025-31271 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-31270 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-31269 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-31268 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-31255 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2025-31254 (This issue was addressed with improved URL validation. This
issue is f ...)
+ TODO: check
+CVE-2025-30468 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-24197 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-24133 (This issue was addressed by restricting options offered on a
locked de ...)
+ TODO: check
+CVE-2025-24088 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-10485 (A vulnerability has been found in pojoin h3blog up to
5bf704425ebc11f4 ...)
+ TODO: check
+CVE-2025-10483 (A flaw has been found in SourceCodester Online Student File
Management ...)
+ TODO: check
+CVE-2025-10482 (A vulnerability was detected in SourceCodester Online Student
File Man ...)
+ TODO: check
+CVE-2025-10481 (A security vulnerability has been detected in SourceCodester
Online St ...)
+ TODO: check
+CVE-2025-10480 (A weakness has been identified in SourceCodester Online
Student File M ...)
+ TODO: check
+CVE-2025-10479 (A security flaw has been discovered in SourceCodester Online
Student F ...)
+ TODO: check
+CVE-2025-10477 (A vulnerability was identified in kidaze CourseSelectionSystem
up to 4 ...)
+ TODO: check
+CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
CVE-2025-24293
- rails 2:7.2.2.2+dfsg-1
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
@@ -4767,6 +4987,7 @@ CVE-2024-13063 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is
vulnerab ...)
NOT-FOR-US: mikecao/flight
CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1
before 5.1.12 ...)
+ {DLA-4301-1}
- python-django 3:4.2.24-1 (bug #1113865)
NOTE:
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
(4.2.24)
@@ -8173,6 +8394,7 @@ CVE-2025-XXXX [OSSN-0094]
NOTE: default policy is only possible to create the inconsistent state
described in
NOTE: the OSSN-0094 if one has admin rights on the relevant OpenStack
project.
CVE-2025-9288 (Improper Input Validation vulnerability in sha.js allows Input
Data Ma ...)
+ {DLA-4302-1}
- node-sha.js 2.4.12+~3.0.5-1 (bug #1111769)
NOTE:
https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
NOTE: https://github.com/browserify/sha.js/pull/78
@@ -95732,7 +95954,7 @@ CVE-2024-10691
REJECTED
CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics
Personne ...)
NOT-FOR-US: Dataprom Informatics Personnel Attendance Control Systems
(PACS) / Access Control Security Systems (ACSS)
-CVE-2024-10443 (Improper neutralization of special elements used in a command
('Comman ...)
+CVE-2024-10443 (Improper neutralization of special elements used in an OS
command ('OS ...)
NOT-FOR-US: Synology
CVE-2024-10311 (The External Database Based Actions plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da409653c5c6ad6fbf1215b0a944c20a2597434a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da409653c5c6ad6fbf1215b0a944c20a2597434a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
