Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6f22a3e by security tracker role at 2025-09-26T20:13:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,307 @@
+CVE-2025-9958 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-9642 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-9267 (In Seagate Toolkit on Windows avulnerability exists in the
Toolkit Ins ...)
+ TODO: check
+CVE-2025-7691 (A privilege escalation issue has been discovered in GitLab EE
affectin ...)
+ TODO: check
+CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability
in HaruT ...)
+ TODO: check
+CVE-2025-60186 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60185 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60184 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60181 (Server-Side Request Forgery (SSRF) vulnerability in silence
Silencesof ...)
+ TODO: check
+CVE-2025-60179 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60177 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60173 (Cross-Site Request Forgery (CSRF) vulnerability in Ashwani
kumar GST f ...)
+ TODO: check
+CVE-2025-60172 (Cross-Site Request Forgery (CSRF) vulnerability in flytedesk
Flytedesk ...)
+ TODO: check
+CVE-2025-60171 (Cross-Site Request Forgery (CSRF) vulnerability in yourplugins
Conditi ...)
+ TODO: check
+CVE-2025-60170 (Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad
Swain HT ...)
+ TODO: check
+CVE-2025-60169 (Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud
Technolog ...)
+ TODO: check
+CVE-2025-60167 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-60166 (Missing Authorization vulnerability in wpshuffle WP
Subscription Forms ...)
+ TODO: check
+CVE-2025-60165 (Missing Authorization vulnerability in HaruTheme Frames allows
Exploit ...)
+ TODO: check
+CVE-2025-60164 (Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN
NewsmanApp ...)
+ TODO: check
+CVE-2025-60163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60162 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60161 (Server-Side Request Forgery (SSRF) vulnerability in bdthemes
ZoloBlock ...)
+ TODO: check
+CVE-2025-60160 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60159 (Missing Authorization vulnerability in webmaniabr Nota Fiscal
Eletr\xf ...)
+ TODO: check
+CVE-2025-60158 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60157 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60156 (Cross-Site Request Forgery (CSRF) vulnerability in webandprint
AR For ...)
+ TODO: check
+CVE-2025-60155 (Missing Authorization vulnerability in loopus WP Virtual
Assistant all ...)
+ TODO: check
+CVE-2025-60154 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60153 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60152 (Missing Authorization vulnerability in wpshuffle Subscribe To
Unlock a ...)
+ TODO: check
+CVE-2025-60150 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60149 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60148 (Missing Authorization vulnerability in wpshuffle Subscribe to
Download ...)
+ TODO: check
+CVE-2025-60147 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60146 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60145 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre
Lenix scss ...)
+ TODO: check
+CVE-2025-60144 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60143 (Missing Authorization vulnerability in netgsm Netgsm allows
Exploiting ...)
+ TODO: check
+CVE-2025-60142 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60141 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60140 (Insertion of Sensitive Information Into Sent Data
vulnerability in the ...)
+ TODO: check
+CVE-2025-60139 (Cross-Site Request Forgery (CSRF) vulnerability in Joovii
Sendle Shipp ...)
+ TODO: check
+CVE-2025-60138 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60137 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy
Weblinks Pos ...)
+ TODO: check
+CVE-2025-60136 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60133 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60130 (Missing Authorization vulnerability in wedos.com WEDOS Global
allows A ...)
+ TODO: check
+CVE-2025-60129 (Missing Authorization vulnerability in Yext Yext allows
Accessing Func ...)
+ TODO: check
+CVE-2025-60128 (Missing Authorization vulnerability in WP Delicious Delisho
allows Exp ...)
+ TODO: check
+CVE-2025-60127 (Missing Authorization vulnerability in ArtistScope CopySafe
Web Protec ...)
+ TODO: check
+CVE-2025-60126 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60125 (Insertion of Sensitive Information Into Sent Data
vulnerability in the ...)
+ TODO: check
+CVE-2025-60124 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60123 (Missing Authorization vulnerability in HivePress HivePress
Claim Listi ...)
+ TODO: check
+CVE-2025-60122 (Missing Authorization vulnerability in HivePress HivePress
Claim Listi ...)
+ TODO: check
+CVE-2025-60121 (Missing Authorization vulnerability in Ex-Themes WooEvents
allows Expl ...)
+ TODO: check
+CVE-2025-60120 (Missing Authorization vulnerability in wpdirectorykit WP
Directory Kit ...)
+ TODO: check
+CVE-2025-60119 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-60118 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-60117 (Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP
Vehica C ...)
+ TODO: check
+CVE-2025-60116 (Missing Authorization vulnerability in ThemeGoods Grand
Conference The ...)
+ TODO: check
+CVE-2025-60115 (Cross-Site Request Forgery (CSRF) vulnerability in
instapagedev Instap ...)
+ TODO: check
+CVE-2025-60114 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-60113 (Cross-Site Request Forgery (CSRF) vulnerability in grooni
Groovy Menu ...)
+ TODO: check
+CVE-2025-60112 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60111 (Cross-Site Request Forgery (CSRF) vulnerability in javothemes
Javo Cor ...)
+ TODO: check
+CVE-2025-60110 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-60109 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-60108 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-60107 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-60106 (Missing Authorization vulnerability in Roxnor EmailKit allows
Exploiti ...)
+ TODO: check
+CVE-2025-60105 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60104 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60103 (Missing Authorization vulnerability in CridioStudio ListingPro
allows ...)
+ TODO: check
+CVE-2025-60102 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60101 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60100 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-60099 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60098 (Missing Authorization vulnerability in Jeff Farthing Theme My
Login al ...)
+ TODO: check
+CVE-2025-60097 (Missing Authorization vulnerability in CodexThemes TheGem
allows Explo ...)
+ TODO: check
+CVE-2025-60096 (Missing Authorization vulnerability in CodexThemes TheGem
(Elementor) ...)
+ TODO: check
+CVE-2025-60095 (Insertion of Sensitive Information Into Sent Data
vulnerability in Ben ...)
+ TODO: check
+CVE-2025-60094 (Missing Authorization vulnerability in Benjamin Intal
Stackable allows ...)
+ TODO: check
+CVE-2025-60093 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjada
Download M ...)
+ TODO: check
+CVE-2025-60092 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-60040 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-5069 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for
continuou ...)
+ TODO: check
+CVE-2025-59843 (Flag Forge is a Capture The Flag (CTF) platform. From versions
2.0.0 t ...)
+ TODO: check
+CVE-2025-59842 (jupyterlab is an extensible environment for interactive and
reproducib ...)
+ TODO: check
+CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs.
This oc ...)
+ TODO: check
+CVE-2025-59012 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-59011 (Missing Authorization vulnerability in shinetheme Traveler
allows Expl ...)
+ TODO: check
+CVE-2025-59010 (Insertion of Sensitive Information Into Sent Data
vulnerability in Mac ...)
+ TODO: check
+CVE-2025-59002 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-58919 (Missing Authorization vulnerability in guihom Wide Banner
allows Explo ...)
+ TODO: check
+CVE-2025-58917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58914 (Cross-Site Request Forgery (CSRF) vulnerability in Di Themes
Di Themes ...)
+ TODO: check
+CVE-2025-58385 (In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes
can be d ...)
+ TODO: check
+CVE-2025-58384 (In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of
Untrusted Da ...)
+ TODO: check
+CVE-2025-57692 (PiranhaCMS 12.0 allows stored XSS in the Text content block of
Standar ...)
+ TODO: check
+CVE-2025-57292 (Todoist v8484 contains a stored cross-site scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2025-56463 (Mercusys MW305R 3.30 and below is has a Transport Layer
Security (TLS) ...)
+ TODO: check
+CVE-2025-56383 (Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can
replace ...)
+ TODO: check
+CVE-2025-55848 (An issue was discovered in DIR-823 firmware 20250416. There is
an RCE ...)
+ TODO: check
+CVE-2025-55847 (Wavlink M86X3A_V240730 contains a buffer overflow
vulnerability in the ...)
+ TODO: check
+CVE-2025-55187 (In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and
25.1.2 be ...)
+ TODO: check
+CVE-2025-4957 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media
Acclectic Media ...)
+ TODO: check
+CVE-2025-48107 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-45994 (An issue in Aranda PassRecovery v1.0 allows attackers to
enumerate val ...)
+ TODO: check
+CVE-2025-36326 (IBM Cognos Controller 11.0.0 through 11.0.1, and IBM
Controller 11.1.0 ...)
+ TODO: check
+CVE-2025-36274 (IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive
informati ...)
+ TODO: check
+CVE-2025-27006 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26258 (Sourcecodester Employee Management System v1.0 is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-1862 (An arbitrary file upload vulnerability exists in multiple WSO2
product ...)
+ TODO: check
+CVE-2025-11060 (A flaw was found in the live query subscription mechanism of
the datab ...)
+ TODO: check
+CVE-2025-11042 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2025-11039 (A security vulnerability has been detected in Campcodes
Computer Sales ...)
+ TODO: check
+CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic
Managemen ...)
+ TODO: check
+CVE-2025-11037 (A security flaw has been discovered in code-projects
E-Commerce Websit ...)
+ TODO: check
+CVE-2025-11036 (A vulnerability was identified in code-projects E-Commerce
Website 1.0 ...)
+ TODO: check
+CVE-2025-11035 (A vulnerability was determined in Jinher OA 2.0. The impacted
element ...)
+ TODO: check
+CVE-2025-11034 (A vulnerability was found in Dibo Data Decision Making System
up to 2. ...)
+ TODO: check
+CVE-2025-11033 (A vulnerability has been found in kidaze CourseSelectionSystem
up to 4 ...)
+ TODO: check
+CVE-2025-11032 (A flaw has been found in kidaze CourseSelectionSystem up to
42cd892b40 ...)
+ TODO: check
+CVE-2025-11031 (A flaw has been found in DataTables up to 1.10.13. The
affected elemen ...)
+ TODO: check
+CVE-2025-11030 (A vulnerability was detected in Tutorials-Website Employee
Management ...)
+ TODO: check
+CVE-2025-11029 (A weakness has been identified in givanz Vvveb up to 1.0.7.2.
This vul ...)
+ TODO: check
+CVE-2025-11028 (A security flaw has been discovered in givanz Vvveb up to
1.0.7.2. Thi ...)
+ TODO: check
+CVE-2025-11027 (A vulnerability was identified in givanz Vvveb up to 1.0.7.2.
Affected ...)
+ TODO: check
+CVE-2025-11026 (A vulnerability was determined in givanz Vvveb up to 1.0.7.2.
Affected ...)
+ TODO: check
+CVE-2025-11025 (Insertion of Sensitive Information Into Sent Data
vulnerability in Vim ...)
+ TODO: check
+CVE-2025-11021 (A flaw was found in the cookie date handling logic of the
libsoup HTTP ...)
+ TODO: check
+CVE-2025-11019 (A vulnerability has been found in Total.js CMS up to 19.9.0.
This impa ...)
+ TODO: check
+CVE-2025-11018 (A flaw has been found in Four-Faith Water Conservancy
Informatization ...)
+ TODO: check
+CVE-2025-11017 (A vulnerability was detected in OGRECave Ogre up to 14.4.1.
The impact ...)
+ TODO: check
+CVE-2025-11016 (A security vulnerability has been detected in kalcaddle kodbox
up to 1 ...)
+ TODO: check
+CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1.
Impacted ...)
+ TODO: check
+CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to
14.4.1. Thi ...)
+ TODO: check
+CVE-2025-11013 (A vulnerability was identified in BehaviorTree up to 4.7.0.
This vulne ...)
+ TODO: check
+CVE-2025-11012 (A vulnerability was determined in BehaviorTree up to 4.7.0.
This affec ...)
+ TODO: check
+CVE-2025-11011 (A vulnerability was found in BehaviorTree up to 4.7.0.
Affected by thi ...)
+ TODO: check
+CVE-2025-11010 (A vulnerability has been found in vstakhov libucl up to 0.9.2.
Affecte ...)
+ TODO: check
+CVE-2025-10871 (An issue has been discovered in GitLab EE affecting all
versions from ...)
+ TODO: check
+CVE-2025-10868 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-10867 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-10858 (An issue was discovered in GitLab CE/EE affecting all versions
before ...)
+ TODO: check
+CVE-2025-10544 (Unrestricted file upload vulnerability in DocAve 6.13.2,
Perimeter 1.1 ...)
+ TODO: check
CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer
Overflow Remote Code Execution Vulnerability]
- gimp <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14816
@@ -650,7 +954,7 @@ CVE-2025-20311 (A vulnerability in the handling of certain
Ethernet frames in Ci
NOT-FOR-US: Cisco
CVE-2025-20293 (A vulnerability in the Day One setup process of Cisco IOS XE
Software ...)
NOT-FOR-US: Cisco
-CVE-2025-20240 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
+CVE-2025-20240 (A vulnerability in the Web Authentication feature of Cisco IOS
XE Soft ...)
NOT-FOR-US: Cisco
CVE-2025-20160 (A vulnerability in the implementation of the TACACS+ protocol
in Cisco ...)
NOT-FOR-US: Cisco
@@ -208631,13 +208935,13 @@ CVE-2023-3865 (In the Linux kernel, the following
vulnerability has been resolve
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/
NOTE:
https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4)
-CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the
gaih_inet fun ...)
+CVE-2023-4813 (A flaw has been identified in glibc. In an uncommon situation,
the gai ...)
- glibc 2.36-3
[bullseye] - glibc <ignored> (Uncommon config required, fix comes along
with invasive refactoring, new tests do not all pass, 5th test generated by
tst-nss-gai-actions.c fails)
[buster] - glibc <ignored> (Uncommon config required, fix comes along
with invasive refactoring, new tests do not all pass on bullseye)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215
(glibc-2.36)
-CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the
getaddr ...)
+CVE-2023-4806 (A flaw has been identified in glibc. In an extremely rare
situation, t ...)
- glibc 2.37-10
[bookworm] - glibc 2.36-9+deb12u3
[bullseye] - glibc <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f22a3e050030201e53b32f88087cee20d7dbd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f22a3e050030201e53b32f88087cee20d7dbd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
