Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73b8fc6b by security tracker role at 2025-09-18T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,132 @@
+CVE-2025-9083 (The Ninja Forms WordPress plugin before 3.11.1 unserializes
user inpu ...)
+ TODO: check
+CVE-2025-8942 (The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper
server ...)
+ TODO: check
+CVE-2025-8006 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-8005 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code
Execut ...)
+ TODO: check
+CVE-2025-8004 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-8003 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-8002 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code
Execut ...)
+ TODO: check
+CVE-2025-8001 (Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote
Code Exe ...)
+ TODO: check
+CVE-2025-8000 (Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code
Execut ...)
+ TODO: check
+CVE-2025-7999 (Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code
Execut ...)
+ TODO: check
+CVE-2025-7998 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote
Code E ...)
+ TODO: check
+CVE-2025-7997 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-7996 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote
Code E ...)
+ TODO: check
+CVE-2025-7995 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code
Execut ...)
+ TODO: check
+CVE-2025-7994 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-7993 (Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code
Execut ...)
+ TODO: check
+CVE-2025-7992 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-7991 (Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote
Code E ...)
+ TODO: check
+CVE-2025-7990 (Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write
Remote Code ...)
+ TODO: check
+CVE-2025-7989 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-7988 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write
Remote Cod ...)
+ TODO: check
+CVE-2025-7987 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write
Remote Cod ...)
+ TODO: check
+CVE-2025-7986 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write
Remote Cod ...)
+ TODO: check
+CVE-2025-7985 (Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote
Code Exe ...)
+ TODO: check
+CVE-2025-7984 (Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable
Remote Cod ...)
+ TODO: check
+CVE-2025-7983 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer
Overflow Rem ...)
+ TODO: check
+CVE-2025-7982 (Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote
Code Exec ...)
+ TODO: check
+CVE-2025-7981 (Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable
Remote ...)
+ TODO: check
+CVE-2025-7980 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write
Remote Cod ...)
+ TODO: check
+CVE-2025-7979 (Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer
Overflow Re ...)
+ TODO: check
+CVE-2025-7978 (Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable
Remote ...)
+ TODO: check
+CVE-2025-7977 (Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote
Code Ex ...)
+ TODO: check
+CVE-2025-5305 (The Password Reset with Code for WordPress REST API WordPress
plugin b ...)
+ TODO: check
+CVE-2025-59415 (Frappe Learning is a learning system that helps users
structure their ...)
+ TODO: check
+CVE-2025-23337 (NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability
in the HG ...)
+ TODO: check
+CVE-2025-23336 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23329 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23328 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23316 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
+ TODO: check
+CVE-2025-23268 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
+ TODO: check
+CVE-2025-10644 (Wondershare Repairit SAS Token Incorrect Permission Assignment
Authent ...)
+ TODO: check
+CVE-2025-10643 (Wondershare Repairit Incorrect Permission Assignment
Authentication By ...)
+ TODO: check
+CVE-2025-10642 (A vulnerability has been found in wangchenyi1996 chat_forum up
to 80bd ...)
+ TODO: check
+CVE-2025-10634 (A weakness has been identified in D-Link DIR-823X
240126/240802/250416 ...)
+ TODO: check
+CVE-2025-10632 (A security flaw has been discovered in itsourcecode Online
Petshop Man ...)
+ TODO: check
+CVE-2025-10631 (A vulnerability was identified in itsourcecode Online Petshop
Manageme ...)
+ TODO: check
+CVE-2025-10629 (A vulnerability was determined in D-Link DIR-852 1.00CN B09.
This issu ...)
+ TODO: check
+CVE-2025-10628 (A vulnerability was found in D-Link DIR-852 1.00CN B09. This
vulnerabi ...)
+ TODO: check
+CVE-2025-10627 (A vulnerability has been found in SourceCodester Online Exam
Form Subm ...)
+ TODO: check
+CVE-2025-10626 (A flaw has been found in SourceCodester Online Exam Form
Submission 1. ...)
+ TODO: check
+CVE-2025-10625 (A vulnerability was detected in SourceCodester Online Exam
Form Submis ...)
+ TODO: check
+CVE-2025-10624 (A security flaw has been discovered in PHPGurukul User
Management Syst ...)
+ TODO: check
+CVE-2025-10623 (A vulnerability was identified in SourceCodester Hotel
Reservation Sys ...)
+ TODO: check
+CVE-2025-10621 (A vulnerability was determined in SourceCodester Hotel
Reservation Sys ...)
+ TODO: check
+CVE-2025-10620 (A flaw has been found in itsourcecode Online Clinic Management
System ...)
+ TODO: check
+CVE-2025-10619 (A vulnerability was detected in sequa-ai sequa-mcp up to
1.0.13. This ...)
+ TODO: check
+CVE-2025-10618 (A security vulnerability has been detected in itsourcecode
Online Clin ...)
+ TODO: check
+CVE-2025-10617 (A weakness has been identified in SourceCodester Online
Polling System ...)
+ TODO: check
+CVE-2025-10616 (A security flaw has been discovered in itsourcecode E-Commerce
Website ...)
+ TODO: check
+CVE-2025-10493 (The Chained Quiz plugin for WordPress is vulnerable to
Insecure Direct ...)
+ TODO: check
+CVE-2023-49565 (The cbis_manager Podman container is vulnerable to remote
command exec ...)
+ TODO: check
+CVE-2023-49564 (The CBIS/NCS Manager API is vulnerable to an authentication
bypass. By ...)
+ TODO: check
CVE-2025-9862 (Server-Side Request Forgery (SSRF) vulnerability in Ghost
allows an at ...)
- ghost <itp> (bug #892150)
CVE-2025-8999 (The Sydney theme for WordPress is vulnerable to unauthorized
modificat ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-8463 (Authorization Bypass Through User-Controlled Key vulnerability
in Nebu ...)
+CVE-2025-8463 (Authorization Bypass Through User-Controlled Key vulnerability
in SecH ...)
NOT-FOR-US: Nebula Informatics SecHard
CVE-2025-8411 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Dokuzsoft Technology E-Commerce Web Design Product
@@ -228482,6 +228606,7 @@ CVE-2023-28998 (The Nextcloud Desktop Client is a
tool to synchronize files from
NOTE: https://github.com/nextcloud/desktop/pull/5323
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files
from Nextc ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.7.0-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/desktop/pull/5324
@@ -279204,24 +279329,28 @@ CVE-2022-39335 (Synapse is an open-source Matrix
homeserver written and maintain
NOTE:
https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
CVE-2022-39334 (Nextcloud also ships a CLI utility called nextcloudcmd which
is someti ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
NOTE: https://github.com/nextcloud/desktop/issues/4927
NOTE: https://github.com/nextcloud/desktop/pull/5022
CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An
attacker ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1711847
CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An
attacker ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1668028
CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An
attacker ...)
+ {DLA-4303-1}
- nextcloud-desktop 3.6.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b8fc6ba3e0056268c9d88410c1b6ad090685da
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b8fc6ba3e0056268c9d88410c1b6ad090685da
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
