[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 02 Oct 2025 01:13:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
50142734 by security tracker role at 2025-10-02T08:12:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-9697 (The Ajax WooSearch WordPress plugin through 1.0.0 does not 
properly sa ...)
+       TODO: check
+CVE-2025-9587 (The CTL Behance Importer Lite WordPress plugin through 1.0 does 
not pr ...)
+       TODO: check
+CVE-2025-61855
+       REJECTED
+CVE-2025-61854
+       REJECTED
+CVE-2025-61853
+       REJECTED
+CVE-2025-61852
+       REJECTED
+CVE-2025-61851
+       REJECTED
+CVE-2025-61850
+       REJECTED
+CVE-2025-61849
+       REJECTED
+CVE-2025-61692 (VT STUDIO versions 8.53 and prior contain a use after free 
vulnerabili ...)
+       TODO: check
+CVE-2025-61691 (VT STUDIO versions 8.53 and prior contain an out-of-bounds 
read vulner ...)
+       TODO: check
+CVE-2025-61690 (KV STUDIO versions 12.23 and prior contain a buffer underflow 
vulnerab ...)
+       TODO: check
+CVE-2025-61588 (RISC Zero is a zero-knowledge verifiable general computing 
platform ba ...)
+       TODO: check
+CVE-2025-61587 (Weblate is a web based localization tool. An open redirect 
exists in v ...)
+       TODO: check
+CVE-2025-61583 (TS3 Manager is modern web interface for maintaining Teamspeak3 
servers ...)
+       TODO: check
+CVE-2025-61582 (TS3 Manager is modern web interface for maintaining Teamspeak3 
servers ...)
+       TODO: check
+CVE-2025-59951 (Termix is a web-based server management platform with SSH 
terminal, tu ...)
+       TODO: check
+CVE-2025-59538 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
+       TODO: check
+CVE-2025-59537 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
+       TODO: check
+CVE-2025-59531 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
+       TODO: check
+CVE-2025-59337 (Discourse is an open-source community discussion platform. In 
versions ...)
+       TODO: check
+CVE-2025-58777 (VT Studio versions 8.53 and prior contain an access of 
uninitialized p ...)
+       TODO: check
+CVE-2025-58776 (KV Studio versions 12.23 and prior contain a stack-based 
buffer overfl ...)
+       TODO: check
+CVE-2025-58775 (KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer 
overflow vuln ...)
+       TODO: check
+CVE-2025-57389 (A reflected cross-site scripted (XSS) vulnerability in the 
/admin/syst ...)
+       TODO: check
+CVE-2025-54811 (OpenPLC_V3 has a vulnerability in the enipThread function that 
occurs  ...)
+       TODO: check
+CVE-2025-23355 (NVIDIA Nsight Graphics for Windows contains a vulnerability in 
an ngfx ...)
+       TODO: check
+CVE-2025-23297 (NVIDIA Installer for NvAPP for Windows contains a 
vulnerability in the ...)
+       TODO: check
+CVE-2025-11221 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-11182 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-11020 (An attacker can obtain server information using Path Traversal 
vulnera ...)
+       TODO: check
 CVE-2025-9512 (The Schema & Structured Data for WP & AMP WordPress plugin 
before 1.50 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-9075 (The ZoloBlocks plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
@@ -46,7 +108,7 @@ CVE-2025-59685 (Kazaar 1.25.12 allows a JWT with none in the 
alg field.)
        NOT-FOR-US: Kazaar
 CVE-2025-59684 (DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.)
        NOT-FOR-US: DigiSign DigiSigner ONE
-CVE-2025-59150
+CVE-2025-59150 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
        - suricata <not-affected> (Vulnerable code never present in a Debian 
released version, 8.0.x only issue)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3
        NOTE: 
https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d
 (suricata-8.0.1)
@@ -6944,7 +7006,8 @@ CVE-2025-30468 (This issue was addressed through improved 
state management. This
        NOT-FOR-US: Apple
 CVE-2025-24197 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
        NOT-FOR-US: Apple
-CVE-2025-24133 (This issue was addressed by restricting options offered on a 
locked de ...)
+CVE-2025-24133
+       REJECTED
        NOT-FOR-US: Apple
 CVE-2025-24088 (The issue was addressed by adding additional logic. This issue 
is fixe ...)
        NOT-FOR-US: Apple



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/501427346a9e353706f6b92aa374d557c8526d7e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/501427346a9e353706f6b92aa374d557c8526d7e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to