[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 17 Oct 2025 09:02:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af03690d by security tracker role at 2025-10-03T08:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-61847
+       REJECTED
+CVE-2025-61671
+       REJECTED
+CVE-2025-61668 (Volto is a ReactJS-based frontend for the Plone Content 
Management Sys ...)
+       TODO: check
+CVE-2025-61666 (Traccar is an open source GPS tracking system. Default 
installs of Tra ...)
+       TODO: check
+CVE-2025-61665 (WeGIA is an open source web manager with a focus on charitable 
institu ...)
+       TODO: check
+CVE-2025-61606 (WeGIA is an open source web manager with a focus on charitable 
institu ...)
+       TODO: check
+CVE-2025-61605 (WeGIA is an open source web manager with a focus on charitable 
institu ...)
+       TODO: check
+CVE-2025-61604 (WeGIA is an open source web manager with a focus on charitable 
institu ...)
+       TODO: check
+CVE-2025-61600 (Stalwart is a mail and collaboration server. Versions 0.13.3 
and below ...)
+       TODO: check
+CVE-2025-61599 (Emlog is an open source website building system. A stored 
Cross-Site S ...)
+       TODO: check
+CVE-2025-61597 (Emlog is an open source website building system. In versions 
2.5.21 an ...)
+       TODO: check
+CVE-2025-61589 (Cursor is a code editor built for programming with AI. In 
versions 1.6 ...)
+       TODO: check
+CVE-2025-59536 (Claude Code is an agentic coding tool. Versions before 1.0.111 
were vu ...)
+       TODO: check
+CVE-2025-59300 (Delta Electronics DIAScreenlacks proper validation of the 
user-supplie ...)
+       TODO: check
+CVE-2025-59299 (Delta Electronics DIAScreenlacks proper validation of the 
user-supplie ...)
+       TODO: check
+CVE-2025-59298 (Delta Electronics DIAScreenlacks proper validation of the 
user-supplie ...)
+       TODO: check
+CVE-2025-59297 (Delta Electronics DIAScreenlacks proper validation of the 
user-supplie ...)
+       TODO: check
+CVE-2025-54089 (CVE-2025-54089 is a cross-site scripting vulnerability in 
versions of  ...)
+       TODO: check
+CVE-2025-54088 (CVE-2025-54088 is an open-redirect vulnerability in Secure 
Access prio ...)
+       TODO: check
+CVE-2025-54087 (CVE-2025-54087 is a server-side request forgery vulnerability 
in Secur ...)
+       TODO: check
+CVE-2025-11241 (The Yoast SEO Premium plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-10895
+       REJECTED
+CVE-2025-10653 (An unauthenticated debug port may allow access to the device 
file syst ...)
+       TODO: check
 CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
        - mediawiki <unfixed>
        NOTE: http://phabricator.wikimedia.org/T397577
@@ -45470,7 +45516,7 @@ CVE-2025-47436 (Heap-based Buffer Overflow 
vulnerability in Apache ORC.  A vulne
        NOT-FOR-US: Apache ORC
 CVE-2025-47292 (Cap Collectif is an online decision making platform that 
integrates se ...)
        NOT-FOR-US: Cap Collectif
-CVE-2025-46786 (Improper neutralization of special elements in some Zoom 
Workplace App ...)
+CVE-2025-46786 (Cross-site scripting in some Zoom Workplace Apps may allow an 
authenti ...)
        NOT-FOR-US: Zoom
 CVE-2025-46785 (Buffer over-read in some Zoom Workplace Apps for Windows may 
allow an  ...)
        NOT-FOR-US: Zoom
@@ -45516,7 +45562,7 @@ CVE-2025-30666 (NULL pointer dereference in some Zoom 
Workplace Apps for Windows
        NOT-FOR-US: Zoom
 CVE-2025-30665 (NULL pointer dereference in some Zoom Workplace Apps for 
Windows may a ...)
        NOT-FOR-US: Zoom
-CVE-2025-30664 (Improper neutralization of special elements in some Zoom 
Workplace App ...)
+CVE-2025-30664 (Cross-site scripting in some Zoom Workplace Apps may allow an 
authenti ...)
        NOT-FOR-US: Zoom
 CVE-2025-30663 (Time-of-check time-of-use race condition in some Zoom 
Workplace Apps m ...)
        NOT-FOR-US: Zoom
@@ -127691,7 +127737,7 @@ CVE-2024-5914 (A command injection issue in Palo Alto 
Networks Cortex XSOAR Comm
        NOT-FOR-US: Palo Alto Networks
 CVE-2024-4389 (The Slider and Carousel slider by Depicter plugin for WordPress 
is vul ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-42441 (Improper privilege management in the installer for Zoom 
Workplace Desk ...)
+CVE-2024-42441 (Incorrect privilege assignment in the installer for Zoom 
Workplace Des ...)
        NOT-FOR-US: Zoom
 CVE-2024-42440 (Improper privilege management in the installer for Zoom 
Workplace Desk ...)
        NOT-FOR-US: Zoom
@@ -127705,7 +127751,7 @@ CVE-2024-42436 (Buffer overflow in some Zoom 
Workplace Apps, SDKs, Rooms Clients
        NOT-FOR-US: Zoom
 CVE-2024-42435 (Sensitive information disclosure in some Zoom Workplace Apps, 
SDKs, Ro ...)
        NOT-FOR-US: Zoom
-CVE-2024-42434 (Sensitive information disclosure in some Zoom Workplace Apps, 
SDKs, Ro ...)
+CVE-2024-42434 (Missing authorization in some Zoom Workplace Apps, SDKs, Rooms 
Clients ...)
        NOT-FOR-US: Zoom
 CVE-2024-42360 (SequenceServer lets you rapidly set up a BLAST+ server with an 
intuiti ...)
        NOT-FOR-US: SequenceServer
@@ -127765,9 +127811,9 @@ CVE-2024-40619 (CVE-2024-40619 IMPACT  A 
denial-of-service vulnerability exists
        NOT-FOR-US: Rockwell Automation
 CVE-2024-39825 (Buffer overflow in some Zoom Workplace Apps and Rooms Clients 
may allo ...)
        NOT-FOR-US: Zoom
-CVE-2024-39824 (Sensitive information disclosure in some Zoom Workplace Apps, 
SDKs, Ro ...)
+CVE-2024-39824 (Missing authorization in some Zoom Workplace Apps, SDKs, Rooms 
Clients ...)
        NOT-FOR-US: Zoom
-CVE-2024-39823 (Sensitive information disclosure in some Zoom Workplace Apps, 
SDKs, Ro ...)
+CVE-2024-39823 (Missing authorization in some Zoom Workplace Apps, SDKs, Rooms 
Clients ...)
        NOT-FOR-US: Zoom
 CVE-2024-39822 (Sensitive information exposure in some Zoom Workplace Apps, 
SDKs, Room ...)
        NOT-FOR-US: Zoom
@@ -135150,13 +135196,13 @@ CVE-2024-39912 (web-auth/webauthn-lib is an open 
source set of PHP libraries and
        NOT-FOR-US: web-auth/webauthn-lib PHP libraries and Symfony bundle
 CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace 
Desktop  ...)
        NOT-FOR-US: Zoom
-CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and 
SDKs for  ...)
+CVE-2024-39826 (Race condition in Team Chat for some Zoom Workplace Apps and 
SDKs for  ...)
        NOT-FOR-US: Zoom
 CVE-2024-39821 (Race condition in the installer for Zoom Workplace App for 
Windows and ...)
        NOT-FOR-US: Zoom
 CVE-2024-39820 (Uncontrolled search path element in the installer for Zoom 
Workplace D ...)
        NOT-FOR-US: Zoom
-CVE-2024-39819 (Improper privilege management in the installer for some Zoom 
Workplace ...)
+CVE-2024-39819 (Integrity checkin the installer for some Zoom Workplace Apps 
and SDKs  ...)
        NOT-FOR-US: Zoom
 CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that 
the pus ...)
        NOT-FOR-US: Mattermost Mobile Apps



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af03690d4e1cd279f1fb586a7ee1f975e2f0104f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af03690d4e1cd279f1fb586a7ee1f975e2f0104f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to