Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
717a37c7 by security tracker role at 2025-09-24T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,216 @@
-CVE-2025-39890 [wifi: ath12k: fix memory leak in
ath12k_service_ready_ext_event]
+CVE-2025-9353 (The Themify Builder plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-9054 (The MultiLoca - WooCommerce Multi Locations Inventory
Management plugi ...)
+ TODO: check
+CVE-2025-9031 (Observable Timing Discrepancy vulnerability in DivvyDrive
Information ...)
+ TODO: check
+CVE-2025-8869 (When extracting a tar archive pip may not check symbolic links
point i ...)
+ TODO: check
+CVE-2025-59828 (Claude Code is an agentic coding tool. Prior to Claude Code
version 1. ...)
+ TODO: check
+CVE-2025-59824 (Omni manages Kubernetes on bare metal, virtual machines, or in
a cloud ...)
+ TODO: check
+CVE-2025-59525 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2025-59524 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2025-59343 (tar-fs provides filesystem bindings for tar-stream. Versions
prior to ...)
+ TODO: check
+CVE-2025-59305 (Improper authorization in the background migration endpoints
of Langfu ...)
+ TODO: check
+CVE-2025-59251 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2025-58457 (Improper permission check in ZooKeeper AdminServer lets
authorized cli ...)
+ TODO: check
+CVE-2025-57354 (A vulnerability exists in the 'counterpart' library for
Node.js and th ...)
+ TODO: check
+CVE-2025-57353 (The Runtime components of messageformat package for Node.js
prior to v ...)
+ TODO: check
+CVE-2025-57352 (A vulnerability exists in the 'min-document' package prior to
version ...)
+ TODO: check
+CVE-2025-57351 (A prototype pollution vulnerability exists in the ts-fns
package versi ...)
+ TODO: check
+CVE-2025-57350 (The csvtojson package, a tool for converting CSV data to JSON
with cus ...)
+ TODO: check
+CVE-2025-57349 (The messageformat package, an implementation of the Unicode
MessageFor ...)
+ TODO: check
+CVE-2025-57348 (The node-cube package (prior to version 5.0.0) contains a
vulnerabilit ...)
+ TODO: check
+CVE-2025-57347 (A vulnerability exists in the 'dagre-d3-es' Node.js package
version 7. ...)
+ TODO: check
+CVE-2025-57330 (The web3-core-subscriptions is a package designed to manages
web3 subs ...)
+ TODO: check
+CVE-2025-57329 (web3-core-method is a package designed to creates the methods
on the w ...)
+ TODO: check
+CVE-2025-57328 (toggle-array is a package designed to enables a property on
the object ...)
+ TODO: check
+CVE-2025-57327 (spmrc is a package that provides the rc manager for spm. A
Prototype P ...)
+ TODO: check
+CVE-2025-57326 (A Prototype Pollution vulnerability in the byGroupAndType
function of ...)
+ TODO: check
+CVE-2025-57325 (rollbar is a package designed to effortlessly track and debug
errors i ...)
+ TODO: check
+CVE-2025-57323 (mpregular is a package that provides a small program
development frame ...)
+ TODO: check
+CVE-2025-57321 (A Prototype Pollution vulnerability in the
util-deps.addFileDepend fun ...)
+ TODO: check
+CVE-2025-56819 (An issue in Datart v.1.0.0-rc.3 allows a remote attacker to
execute ar ...)
+ TODO: check
+CVE-2025-56816 (Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The
configurat ...)
+ TODO: check
+CVE-2025-56815 (Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the
POST /vi ...)
+ TODO: check
+CVE-2025-56241 (Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly
other versio ...)
+ TODO: check
+CVE-2025-55322 (Binding to an unrestricted ip address in GitHub allows an
unauthorized ...)
+ TODO: check
+CVE-2025-55178 (Llama Stack prior to version v0.2.20 accepted unverified
parameters in ...)
+ TODO: check
+CVE-2025-52907 (Improper Input Validation vulnerability in TOTOLINK X6000R
allows Comm ...)
+ TODO: check
+CVE-2025-52906 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2025-48869 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2025-48868 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2025-48867 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2025-47329 (Memory corruption while handling invalid inputs in application
info se ...)
+ TODO: check
+CVE-2025-47328 (Transient DOS while processing power control requests with
invalid ant ...)
+ TODO: check
+CVE-2025-47327 (Memory corruption while encoding the image data.)
+ TODO: check
+CVE-2025-47326 (Transient DOS while handling command data during power control
process ...)
+ TODO: check
+CVE-2025-47318 (Transient DOS while parsing the EPTM test control message to
get the t ...)
+ TODO: check
+CVE-2025-47317 (Memory corruption due to global buffer overflow when a test
command us ...)
+ TODO: check
+CVE-2025-47316 (Memory corruption due to double free when multiple threads
race to set ...)
+ TODO: check
+CVE-2025-47315 (Memory corruption while handling repeated memory unmap
requests from g ...)
+ TODO: check
+CVE-2025-47314 (Memory corruption while processing data sent by FE driver.)
+ TODO: check
+CVE-2025-41716 (The web application allows an unauthenticated remote attacker
to learn ...)
+ TODO: check
+CVE-2025-41715 (The database for the web application is exposed without
authentication ...)
+ TODO: check
+CVE-2025-27077 (Memory corruption while processing message in guest VM.)
+ TODO: check
+CVE-2025-27037 (Memory corruption while processing config_dev IOCTL when
camera kernel ...)
+ TODO: check
+CVE-2025-27036 (Information disclosure when Video engine escape input data is
less tha ...)
+ TODO: check
+CVE-2025-27034 (Memory corruption while selecting the PLMN from SOR failed
list.)
+ TODO: check
+CVE-2025-27033 (Information disclosure while running video usecase having
rogue firmwa ...)
+ TODO: check
+CVE-2025-27032 (memory corruption while loading a PIL authenticated VM, when
authentic ...)
+ TODO: check
+CVE-2025-27030 (information disclosure while invoking calibration data from
user space ...)
+ TODO: check
+CVE-2025-23354 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in the e ...)
+ TODO: check
+CVE-2025-23353 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in the m ...)
+ TODO: check
+CVE-2025-23349 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in the t ...)
+ TODO: check
+CVE-2025-23348 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in the p ...)
+ TODO: check
+CVE-2025-23346 (NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump,
where an un ...)
+ TODO: check
+CVE-2025-23340 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in the ...)
+ TODO: check
+CVE-2025-23339 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in cuob ...)
+ TODO: check
+CVE-2025-23338 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in nvdi ...)
+ TODO: check
+CVE-2025-23308 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in nvdi ...)
+ TODO: check
+CVE-2025-23275 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in nvJP ...)
+ TODO: check
+CVE-2025-23274 (NVIDIA nvJPEG contains a vulnerability in jpeg encoding where
a user m ...)
+ TODO: check
+CVE-2025-23273 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in nvJP ...)
+ TODO: check
+CVE-2025-23272 (NVIDIA nvJPEG library contains a vulnerability where an
attacker can c ...)
+ TODO: check
+CVE-2025-23271 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in the ...)
+ TODO: check
+CVE-2025-23255 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in the ...)
+ TODO: check
+CVE-2025-23248 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in the ...)
+ TODO: check
+CVE-2025-21488 (Information disclosure while decoding this RTP packet headers
received ...)
+ TODO: check
+CVE-2025-21487 (Information disclosure while decoding RTP packet received by
UE from t ...)
+ TODO: check
+CVE-2025-21484 (Information disclosure when UE receives the RTP packet from
the networ ...)
+ TODO: check
+CVE-2025-21483 (Memory corruption when the UE receives an RTP packet from the
network, ...)
+ TODO: check
+CVE-2025-21482 (Cryptographic issue while performing RSA PKCS padding
decoding.)
+ TODO: check
+CVE-2025-21481 (Memory corruption while performing private key encryption in
trusted a ...)
+ TODO: check
+CVE-2025-21476 (Memory corruption when passing parameters to the Trusted
Virtual Machi ...)
+ TODO: check
+CVE-2025-20365 (A vulnerability in the IPv6 Router Advertisement (RA) packet
processin ...)
+ TODO: check
+CVE-2025-20364 (A vulnerability in the Device Analytics action frame
processing of Cis ...)
+ TODO: check
+CVE-2025-20352 (A vulnerability in the Simple Network Management Protocol
(SNMP) subsy ...)
+ TODO: check
+CVE-2025-20339 (A vulnerability in the access control list (ACL) processing of
IPv4 pa ...)
+ TODO: check
+CVE-2025-20338 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
+ TODO: check
+CVE-2025-20334 (A vulnerability in the HTTP API subsystem of Cisco IOS XE
Software cou ...)
+ TODO: check
+CVE-2025-20327 (A vulnerability in the web UI of Cisco IOS Software could
allow an aut ...)
+ TODO: check
+CVE-2025-20316 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
+ TODO: check
+CVE-2025-20315 (A vulnerability in the Network-Based Application Recognition
(NBAR) fe ...)
+ TODO: check
+CVE-2025-20314 (A vulnerability in Cisco IOS XE Software could allow an
authenticated, ...)
+ TODO: check
+CVE-2025-20313 (Multiple vulnerabilities in Cisco IOS XE Software of could
allow an au ...)
+ TODO: check
+CVE-2025-20312 (A vulnerability in the Simple Network Management Protocol
(SNMP) subsy ...)
+ TODO: check
+CVE-2025-20311 (A vulnerability in the handling of certain Ethernet frames in
Cisco IO ...)
+ TODO: check
+CVE-2025-20293 (A vulnerability in the Day One setup process of Cisco IOS XE
Software ...)
+ TODO: check
+CVE-2025-20240 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
+ TODO: check
+CVE-2025-20160 (A vulnerability in the implementation of the TACACS+ protocol
in Cisco ...)
+ TODO: check
+CVE-2025-20149 (A vulnerability in the CLI of Cisco IOS Software and Cisco IOS
XE Soft ...)
+ TODO: check
+CVE-2025-10909 (A security flaw has been discovered in Mangati NovoSGA up to
2.2.9. Th ...)
+ TODO: check
+CVE-2025-10906 (A flaw has been found in Magnetism Studios Endurance up to
3.3.0 on ma ...)
+ TODO: check
+CVE-2025-10360 (In Puppet Enterprise versions 2025.4.0 and 2025.5, the
encryption key ...)
+ TODO: check
+CVE-2025-39890 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.16.3-1
[trixie] - linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/89142d34d5602c7447827beb181fa06eb08b9d5c (6.16-rc1)
-CVE-2025-39889 [Bluetooth: l2cap: Check encryption key size on incoming
connection]
+CVE-2025-39889 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.16.3-1
[trixie] - linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/522e9ed157e3c21b4dd623c79967f72c21e45b78 (6.15-rc3)
-CVE-2024-58241 [Bluetooth: hci_core: Disable works on hci_unregister_dev]
+CVE-2024-58241 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.11.6-1
NOTE:
https://git.kernel.org/linus/989fa5171f005ecf63440057218d8aeb1795287d (6.12-rc5)
CVE-2025-9966 (Improper privilege management vulnerability in Novakon P series
allows ...)
@@ -190,16 +390,16 @@ CVE-2025-10894
NOT-FOR-US: Compromised Node nx package
CVE-2025-6921 (The huggingface/transformers library, versions prior to 4.53.0,
is vul ...)
NOT-FOR-US: huggingface/transformers
-CVE-2025-10890
+CVE-2025-10890 (Side-channel information leakage in V8 in Google Chrome prior
to 140.0 ...)
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10891
+CVE-2025-10891 (Integer overflow in V8 in Google Chrome prior to
140.0.7339.207 allowe ...)
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10892
+CVE-2025-10892 (Integer overflow in V8 in Google Chrome prior to
140.0.7339.207 allowe ...)
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-60020 [NNCP path traversal attack]
+CVE-2025-60020 (nncp before 8.12.0 allows path traversal (for reading or
writing) duri ...)
- nncp <unfixed> (bug #1115848)
NOTE: http://www.nncpgo.org/Release-8_005f12_005f0.html
NOTE:
http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scw...@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7
@@ -2376,19 +2576,19 @@ CVE-2025-30187 (In some circumstances, when DNSdist is
configured to use the ngh
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
NOTE:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
-CVE-2025-10500
+CVE-2025-10500 (Use after free in Dawn in Google Chrome prior to
140.0.7339.185 allowe ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10501
+CVE-2025-10501 (Use after free in WebRTC in Google Chrome prior to
140.0.7339.185 allo ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10502
+CVE-2025-10502 (Heap buffer overflow in ANGLE in Google Chrome prior to
140.0.7339.185 ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-10585
+CVE-2025-10585 (Type confusion in V8 in Google Chrome prior to 140.0.7339.185
allowed ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -8169,7 +8369,7 @@ CVE-2025-55244 (Azure Bot Service Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-55242 (Exposure of sensitive information to an unauthorized actor in
Xbox all ...)
NOT-FOR-US: Microsoft
-CVE-2025-55241 (Azure Entra Elevation of Privilege Vulnerability)
+CVE-2025-55241 (Azure Entra ID Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-55238 (Dynamics 365 FastTrack Implementation Assets Information
Disclosure Vu ...)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717a37c774632a02fe4a72d4916221ff535bd331
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717a37c774632a02fe4a72d4916221ff535bd331
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
