[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8d78223e by security tracker role at 2025-10-02T20:13:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2025-61735 (Server-Side Request Forgery (SSRF) vulnerability in Apache 
Kylin.  Thi ...)
+       TODO: check
+CVE-2025-61734 (Files or Directories Accessible to External Parties 
vulnerability in A ...)
+       TODO: check
+CVE-2025-61733 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+       TODO: check
+CVE-2025-61603 (WeGIA is a Web manager for charitable institutions. Versions 
3.4.12 an ...)
+       TODO: check
+CVE-2025-61595 (MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of 
adherence ...)
+       TODO: check
+CVE-2025-61096 (PHPGurukul Online Shopping Portal Project v2.1 is vulnerable 
to SQL In ...)
+       TODO: check
+CVE-2025-61087 (SourceCodester Pet Grooming Management Software 1.0 is 
vulnerable to C ...)
+       TODO: check
+CVE-2025-60782 (PHP Education Manager v1.0 is vulnerable to Cross Site 
Scripting (XSS) ...)
+       TODO: check
+CVE-2025-60663 (Tenda AC18 V15.03.05.19 was discovered to contain a stack 
overflow via ...)
+       TODO: check
+CVE-2025-60662 (Tenda AC18 V15.03.05.19 was discovered to contain a stack 
overflow via ...)
+       TODO: check
+CVE-2025-60661 (Tenda AC18 V15.03.05.19 was discovered to contain a stack 
overflow via ...)
+       TODO: check
+CVE-2025-60660 (Tenda AC18 V15.03.05.19 was discovered to contain a stack 
overflow via ...)
+       TODO: check
+CVE-2025-59835 (LangBot is a global IM bot platform designed for LLMs. In 
versions 4.1 ...)
+       TODO: check
+CVE-2025-59774 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59773 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59772 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59771 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59770 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59769 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59768 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59767 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59766 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59765 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59764 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59763 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59762 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59761 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59760 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59759 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59758 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59757 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59756 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59755 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59754 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59753 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59752 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59751 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59750 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59749 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59748 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59747 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59746 (Cross-site scripting (XSS) vulnerability reflected in 
AndSoft's e-TMS  ...)
+       TODO: check
+CVE-2025-59745 (Vulnerability in the cryptographic algorithm of AndSoft's 
e-TMS v25.03 ...)
+       TODO: check
+CVE-2025-59744 (Path traversal vulnerability in AndSoft's e-TMS v25.03. This 
vulnerabi ...)
+       TODO: check
+CVE-2025-59743 (SQL injection vulnerability in AndSoft's e-TMS v25.03. This 
vulnerabil ...)
+       TODO: check
+CVE-2025-59742 (SQL injection vulnerability in AndSoft's e-TMS v25.03. This 
vulnerabil ...)
+       TODO: check
+CVE-2025-59741 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59740 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59739 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59738 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59737 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59736 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59735 (Operating system command injection vulnerability in AndSoft's 
e-TMS v2 ...)
+       TODO: check
+CVE-2025-59409 (Flock Safety Falcon and Sparrow License Plate Readers 
OPM1.171019.026  ...)
+       TODO: check
+CVE-2025-59407 (The Flock Safety DetectionProcessing 
com.flocksafety.android.objects a ...)
+       TODO: check
+CVE-2025-59406 (The Flock Safety Pisco com.flocksafety.android.pisco 
application 6.21. ...)
+       TODO: check
+CVE-2025-59405 (The Flock Safety Peripheral com.flocksafety.android.peripheral 
applica ...)
+       TODO: check
+CVE-2025-59403 (The Flock Safety Android Collins application (aka 
com.flocksafety.andr ...)
+       TODO: check
+CVE-2025-57443 (FrostWire 6.14.0-build-326 for macOS contains permissive 
entitlements  ...)
+       TODO: check
+CVE-2025-57305 (VitaraCharts 5.3.5 is vulnerable to Server-Side Request 
Forgery in fil ...)
+       TODO: check
+CVE-2025-56381 (ERPNEXT v15.67.0 was discovered to contain multiple SQL 
injection vuln ...)
+       TODO: check
+CVE-2025-56380 (Frappe Framework v15.72.4 was discovered to contain a SQL 
injection vu ...)
+       TODO: check
+CVE-2025-56379 (A stored cross-site scripting (XSS) vulnerability in the blog 
post fea ...)
+       TODO: check
+CVE-2025-56162 (YOSHOP 2.0 suffers from an unauthenticated SQL injection in 
the goodsI ...)
+       TODO: check
+CVE-2025-56161 (YOSHOP 2.0 allows unauthenticated information disclosure via 
comment-l ...)
+       TODO: check
+CVE-2025-56154 (htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in 
the /autho ...)
+       TODO: check
+CVE-2025-56019 (An insecure permission vulnerability exists in the Agasta 
Easytouch+ v ...)
+       TODO: check
+CVE-2025-54468 (A vulnerability has been identified within Rancher Manager 
whereby `Im ...)
+       TODO: check
+CVE-2025-54315 (The Matrix specification before 1.16 (i.e., with a room 
version before ...)
+       TODO: check
+CVE-2025-54293 (Path Traversal in the log file retrieval function in Canonical 
LXD 5.0 ...)
+       TODO: check
+CVE-2025-54292 (Path traversal in Canonical LXD LXD-UI versions before 6.5 and 
5.21.4  ...)
+       TODO: check
+CVE-2025-54291 (Information disclosure in images API in Canonical LXD before 
6.5 and 5 ...)
+       TODO: check
+CVE-2025-54290 (Information disclosure in image export API in Canonical LXD 
before 6.5 ...)
+       TODO: check
+CVE-2025-54289 (Privilege Escalation in operations API in Canonical LXD 6.5 on 
multipl ...)
+       TODO: check
+CVE-2025-54288 (Information Spoofing in devLXD Server in Canonical LXD 
versions 4.0 an ...)
+       TODO: check
+CVE-2025-54287 (Template Injection in instance snapshot creation component in 
Canonica ...)
+       TODO: check
+CVE-2025-54286 (Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD 
versions  ...)
+       TODO: check
+CVE-2025-54086 (CVE-2025-54086 is an excess permissions vulnerability in the 
Warehouse ...)
+       TODO: check
+CVE-2025-53881 (A UNIX Symbolic Link (Symlink) Following vulnerability in 
logrotate co ...)
+       TODO: check
+CVE-2025-49090 (The Matrix specification before 1.16 (i.e., with a room 
version before ...)
+       TODO: check
+CVE-2025-41064 (Incorrect authentication vulnerability in OpenSIAC, which 
could allow  ...)
+       TODO: check
+CVE-2025-41010 (Incorrect Cross-Origin Resource Sharing (CORS) configuration 
in Hiberu ...)
+       TODO: check
+CVE-2025-40992 (Stored XSS vulnerability in Creativeitem Sociopro due to lack 
of prope ...)
+       TODO: check
+CVE-2025-40991 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 
by Creat ...)
+       TODO: check
+CVE-2025-40990 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 
by Creat ...)
+       TODO: check
+CVE-2025-40989 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 
by Creat ...)
+       TODO: check
+CVE-2025-40646 (Exposure of sensitive information in Viday. This vulnerability 
could a ...)
+       TODO: check
+CVE-2025-40645 (Exposure of sensitive information in Viday. This vulnerability 
could a ...)
+       TODO: check
+CVE-2025-34210 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
and Applic ...)
+       TODO: check
+CVE-2025-34208 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
and Applic ...)
+       TODO: check
+CVE-2025-32942 (SSH Tectia Server before 6.6.6 sometimes allows attackers to 
read and  ...)
+       TODO: check
+CVE-2025-22862 (AnAuthentication Bypass Using an Alternate Path or Channel 
vulnerabili ...)
+       TODO: check
+CVE-2025-11240 (An open redirect vulnerability existed in KNIME Business Hub 
prior to  ...)
+       TODO: check
+CVE-2025-11239 (Potentially sensitive information in jobs on KNIME Business 
Hub prior  ...)
+       TODO: check
+CVE-2025-0642 (Use of Hard-coded Credentials, Authorization Bypass Through 
User-Contr ...)
+       TODO: check
+CVE-2024-58267 (A vulnerability has been identified within Rancher Manager 
whereby the ...)
+       TODO: check
+CVE-2024-58260 (A vulnerability has been identified within Rancher Manager 
where a mis ...)
+       TODO: check
 CVE-2025-61642 [Escape submit button label for Codex-based HTMLForms]
        - mediawiki <unfixed>
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
@@ -564,39 +758,51 @@ CVE-2021-4460 (In the Linux kernel, the following 
vulnerability has been resolve
 CVE-2020-36852 (The Custom Searchable Data Entry System plugin for WordPress 
is vulner ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11219
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11216
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11215
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11213
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11212
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11211
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11210
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11209
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11208
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11207
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11206
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-11205
+       {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2023-53487 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
@@ -235004,8 +235210,8 @@ CVE-2023-28762 (SAP BusinessObjects Business 
Intelligence Platform - versions 42
        NOT-FOR-US: SAP
 CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an 
unauthenticated at ...)
        NOT-FOR-US: SAP
-CVE-2023-28760
-       RESERVED
+CVE-2023-28760 (TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow 
unauthenticat ...)
+       TODO: check
 CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0 on 
Windows. A ...)
        NOT-FOR-US: Veritas
 CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. 
BPCD allo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d78223e49d2c8ad677b8f7274cded85ebc3ba10

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d78223e49d2c8ad677b8f7274cded85ebc3ba10
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits