Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b8ac5c5 by security tracker role at 2025-10-15T20:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,240 @@
-CVE-2025-9640 [uninitialized memory disclosure via vfs_streams_xattr]
+CVE-2025-9967 (The Orion SMS OTP Verification plugin for WordPress is
vulnerable to p ...)
+ TODO: check
+CVE-2025-9548 (A potential null pointer dereference vulnerability was reported
in the ...)
+ TODO: check
+CVE-2025-8486 (A potential vulnerability was reported in PC Manager that could
allow ...)
+ TODO: check
+CVE-2025-6026 (An improper certificate validation vulnerability was reported
in the L ...)
+ TODO: check
+CVE-2025-62410 (In versions before 20.0.2, it was found that
--disallow-code-generatio ...)
+ TODO: check
+CVE-2025-62382 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2025-62381 (sveltekit-superforms makes SvelteKit forms a pleasure to use.
svelteki ...)
+ TODO: check
+CVE-2025-62380 (mailgen is a Node.js package that generates responsive HTML
e-mails fo ...)
+ TODO: check
+CVE-2025-62379 (Reflex is a library to build full-stack web apps in pure
Python. In ve ...)
+ TODO: check
+CVE-2025-62378 (CommandKit is the discord.js meta-framework for building
Discord bots. ...)
+ TODO: check
+CVE-2025-62375 (go-witness and witness are Go modules for generating
attestations. In ...)
+ TODO: check
+CVE-2025-62371 (OpenSearch Data Prepper as an open source data collector for
observabi ...)
+ TODO: check
+CVE-2025-62370 (Alloy Core libraries at the root of the Rust Ethereum
ecosystem. Prior ...)
+ TODO: check
+CVE-2025-61990 (When using a multi-bladed platform with more than one blade,
undisclos ...)
+ TODO: check
+CVE-2025-61974 (When a client SSL profile is configured on a virtual server,
undisclos ...)
+ TODO: check
+CVE-2025-61960 (When a per-request policy is configured on a BIG-IP APM portal
access ...)
+ TODO: check
+CVE-2025-61958 (A vulnerability exists in the iHealth command that may allow
an authen ...)
+ TODO: check
+CVE-2025-61955 (A vulnerability exists in F5OS-A and F5OS-C systems that may
allow an ...)
+ TODO: check
+CVE-2025-61951 (Undisclosed traffic can cause the Traffic Management
Microkernel (TMM) ...)
+ TODO: check
+CVE-2025-61938 (When a BIG-IP Advanced WAF or ASM security policy is
configured with a ...)
+ TODO: check
+CVE-2025-61935 (When a BIG IP Advanced WAF or ASM security policy is
configured on a v ...)
+ TODO: check
+CVE-2025-61933 (A reflected cross-site scripting (XSS) vulnerability exists in
an undi ...)
+ TODO: check
+CVE-2025-60016 (When Diffie-Hellman (DH) group Elliptic Curve Cryptography
(ECC) Brain ...)
+ TODO: check
+CVE-2025-60015 (An out-of-bounds write vulnerability exists in F5OS-A and
F5OS-C that ...)
+ TODO: check
+CVE-2025-60013 (When a user attempts to initialize the rSeries FIPS module
using a pas ...)
+ TODO: check
+CVE-2025-59781 (When DNS cache is configured on a BIG-IP or BIG-IP Next CNF
virtual se ...)
+ TODO: check
+CVE-2025-59778 (When the Allowed IP Addresses feature is configured on the
F5OS-C part ...)
+ TODO: check
+CVE-2025-59483 (A validation vulnerability exists in an undisclosed URL in the
Configu ...)
+ TODO: check
+CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and
BIG-IP TMOS ...)
+ TODO: check
+CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile
is config ...)
+ TODO: check
+CVE-2025-59419 (Netty is an asynchronous, event-driven network application
framework. ...)
+ TODO: check
+CVE-2025-59269 (A stored cross-site scripting (XSS) vulnerability exists in an
undiscl ...)
+ TODO: check
+CVE-2025-59268 (On the BIG-IP system, undisclosed endpoints that contain
static non-se ...)
+ TODO: check
+CVE-2025-58474 (When BIG-IP Advanced WAF is configured on a virtual server
with Server ...)
+ TODO: check
+CVE-2025-58424 (On BIG-IP systems, undisclosed traffic can cause data
corruption and u ...)
+ TODO: check
+CVE-2025-58153 (Under undisclosed traffic conditions along with conditions
beyond the ...)
+ TODO: check
+CVE-2025-58133 (Authentication bypass in some Zoom Rooms Clients before
version 6.5.1 ...)
+ TODO: check
+CVE-2025-58132 (Command injection in some Zoom Clients for Windows may allow
an authen ...)
+ TODO: check
+CVE-2025-58120 (When HTTP/2 Ingress is configured, undisclosed traffic can
cause the T ...)
+ TODO: check
+CVE-2025-58096 (When the database variable tm.tcpudptxchecksumis configured as
non-def ...)
+ TODO: check
+CVE-2025-58071 (When IPsec is configured on the BIG-IP system, undisclosed
traffic can ...)
+ TODO: check
+CVE-2025-57780 (A vulnerability exists in F5OS-A and F5OS-C system that may
allow an a ...)
+ TODO: check
+CVE-2025-56749 (Creativeitem Academy LMS up to and including 6.14 uses a
hardcoded def ...)
+ TODO: check
+CVE-2025-56748 (Creativeitem Academy LMS up to and including 5.13 uses
predictable pas ...)
+ TODO: check
+CVE-2025-56746 (Creativeitem Academy LMS up to and including 5.13 does not
regenerate ...)
+ TODO: check
+CVE-2025-55670 (On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for
Kubernetes sy ...)
+ TODO: check
+CVE-2025-55669 (When the BIG-IP Advanced WAF and ASM security policy and a
server-side ...)
+ TODO: check
+CVE-2025-55083 (In NetX Duo version before 6.4.4, the component of Eclipse
Foundation ...)
+ TODO: check
+CVE-2025-55082 (In NetX Duo version before 6.4.4, the component of Eclipse
Foundation ...)
+ TODO: check
+CVE-2025-55081 (In Eclipse Foundation NextX Duo before 6.4.4, a module of
ThreadX, the ...)
+ TODO: check
+CVE-2025-55036 (When BIG-IP SSL Orchestrator explicit forward proxy is
configured on a ...)
+ TODO: check
+CVE-2025-54858 (When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is
configured ...)
+ TODO: check
+CVE-2025-54854 (When a BIG-IP APM OAuth access profile (Resource Server or
Resource Cl ...)
+ TODO: check
+CVE-2025-54805 (When an iRule is configured on a virtual server via the
declarative AP ...)
+ TODO: check
+CVE-2025-54755 (A directory traversal vulnerability exists in TMUI that allows
an auth ...)
+ TODO: check
+CVE-2025-54479 (When a classification profile is configured on a virtual
server withou ...)
+ TODO: check
+CVE-2025-54271 (Creative Cloud Desktop versions 6.7.0.278 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-53868 (When running in Appliance mode, a highly privileged
authenticated atta ...)
+ TODO: check
+CVE-2025-53860 (A vulnerability exists in F5OS-A software that allows a highly
privile ...)
+ TODO: check
+CVE-2025-53856 (When a virtual server, network address translation (NAT)
object, or se ...)
+ TODO: check
+CVE-2025-53521 (When a BIG-IP APM Access Policy is configured on a virtual
server, und ...)
+ TODO: check
+CVE-2025-53474 (When an iRule using an ILX::callcommand is configured on a
virtual ser ...)
+ TODO: check
+CVE-2025-48008 (When a TCP profile with Multipath TCP (MPTCP) enabled is
configured on ...)
+ TODO: check
+CVE-2025-47150 (When SNMP is configured on F5OS Appliance and Chassis systems,
undiscl ...)
+ TODO: check
+CVE-2025-47148 (When the BIG-IP system is configured as both a Security
Assertion Mark ...)
+ TODO: check
+CVE-2025-46706 (When an iRule containing the HTTP::respond command is
configured on a ...)
+ TODO: check
+CVE-2025-41430 (When BIG-IP SSL Orchestrator is enabled, undisclosed traffic
can cause ...)
+ TODO: check
+CVE-2025-2529 (Applications using affected versions of Ehcache 3.x can
experience deg ...)
+ TODO: check
+CVE-2025-20360 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2025-20359 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2025-20351 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series,
Cisco I ...)
+ TODO: check
+CVE-2025-20350 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series,
Cisco I ...)
+ TODO: check
+CVE-2025-20329 (A vulnerability in the logging component of Cisco TelePresence
Collabo ...)
+ TODO: check
+CVE-2025-11832 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2025-11728 (The Oceanpayment CreditCard Gateway plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-11722 (The Woocommerce Category and Products Accordion Panel plugin
for WordP ...)
+ TODO: check
+CVE-2025-11701 (The Zip Attachments plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-11692 (The Zip Attachments plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-11619 (Improper certificate validation when connecting to gateways in
Devolut ...)
+ TODO: check
+CVE-2025-11568 (A data corruption vulnerability has been identified in the
luksmeta ut ...)
+ TODO: check
+CVE-2025-11365 (The WP Google Map Plugin plugin for WordPress is vulnerable to
blind S ...)
+ TODO: check
+CVE-2025-11196 (The External Login plugin for WordPress is vulnerable to
sensitive inf ...)
+ TODO: check
+CVE-2025-11177 (The External Login plugin for WordPress is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2025-10869 (Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This
vulnera ...)
+ TODO: check
+CVE-2025-10754 (The DocoDoco Store Locator plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2025-10743 (The Outdoor plugin for WordPress is vulnerable to SQL
Injection via th ...)
+ TODO: check
+CVE-2025-10730 (The Wp tabber widget plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2025-10699 (A vulnerability was reported in the Lenovo LeCloud client
application ...)
+ TODO: check
+CVE-2025-10682 (The TARIFFUXX plugin for WordPress is vulnerable to SQL
Injection in v ...)
+ TODO: check
+CVE-2025-10660 (The WP Dashboard Chat plugin for WordPress is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2025-10648 (The YourMembership Single Sign On \u2013 YM SSO Login plugin
for WordP ...)
+ TODO: check
+CVE-2025-10581 (A potential DLL hijacking vulnerability was discovered in the
Lenovo P ...)
+ TODO: check
+CVE-2025-10577 (Potential vulnerabilities have been identified in the audio
package fo ...)
+ TODO: check
+CVE-2025-10576 (Potential vulnerabilities have been identified in the audio
package fo ...)
+ TODO: check
+CVE-2025-10575 (The WP jQuery Pager plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2025-10486 (The Content Writer plugin for WordPress is vulnerable to
Sensitive Inf ...)
+ TODO: check
+CVE-2025-10313 (The Find And Replace content for WordPress plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2025-10312 (The Theme Importer plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2025-10310 (The Rich Snippet Site Report plugin for WordPress is
vulnerable to SQ ...)
+ TODO: check
+CVE-2025-10303 (The Library Management System plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2025-10301 (The FunKItools plugin for WordPress is vulnerable to
Cross-Site Reques ...)
+ TODO: check
+CVE-2025-10300 (The TopBar plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2025-10299 (The WPBifr\xf6st \u2013 Instant Passwordless Temporary Login
Links plu ...)
+ TODO: check
+CVE-2025-10294 (The OwnID Passwordless Login plugin for WordPress is
vulnerable to Aut ...)
+ TODO: check
+CVE-2025-10293 (The Keyy Two Factor Authentication (like Clef) plugin for
WordPress is ...)
+ TODO: check
+CVE-2025-10194 (The Shortcode Button plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-10186 (The WhyDonate \u2013 FREE Donate button \u2013 Crowdfunding
\u2013 Fun ...)
+ TODO: check
+CVE-2025-10141 (The Digiseller plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-10140 (The Quick Social Login plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-10139 (The WP BookWidgets plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-10135 (The WP ViewSTL plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-10133 (The URLYar URL Shortner plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-10132 (The Dhivehi Text plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-10056 (The Task Scheduler plugin for WordPress is vulnerable to
Server-Side R ...)
+ TODO: check
+CVE-2025-10051 (The Demo Import Kit plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2025-10045 (The onOffice for WP-Websites plugin for WordPress is
vulnerable to SQL ...)
+ TODO: check
+CVE-2025-10041 (The Flex QR Code Generator plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to
limited Priv ...)
+ TODO: check
+CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module,
where unin ...)
- samba 2:4.23.2+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15885
@@ -39145,7 +39381,7 @@ CVE-2025-6268 (A vulnerability classified as
problematic has been found in Luna
NOT-FOR-US: Luna Imaging
CVE-2025-6267 (A vulnerability was found in zhilink
\u667a\u4e92\u8054(\u6df1\u5733)\ ...)
NOT-FOR-US: zhilink ADP Application Developer Platform
-CVE-2025-6266 (A vulnerability was found in FLIR AX8 up to 1.46. It has been
declared ...)
+CVE-2025-6266 (A vulnerability was detected in Teledyne FLIR AX8 up to 1.46.
Affected ...)
NOT-FOR-US: FLIR AX8
CVE-2025-5234 (The Gutenverse News plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
@@ -44277,7 +44513,7 @@ CVE-2025-5697 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: Brilliance Golden Link Secondary System
CVE-2025-5696 (A vulnerability classified as critical was found in Brilliance
Golden ...)
NOT-FOR-US: Brilliance Golden Link Secondary System
-CVE-2025-5695 (A vulnerability classified as critical has been found in FLIR
AX8 up t ...)
+CVE-2025-5695 (A vulnerability has been found in Teledyne FLIR AX8 up to
1.46.16. Thi ...)
NOT-FOR-US: FLIR AX8
CVE-2025-5694 (A vulnerability was found in PHPGurukul Human Metapneumovirus
Testing ...)
NOT-FOR-US: PHPGurukul
@@ -46933,9 +47169,9 @@ CVE-2025-5129 (A vulnerability has been found in
Sangfor \u96f6\u4fe1\u4efb\u8bb
NOT-FOR-US: Sangfor aTrust
CVE-2025-5128 (A vulnerability, which was classified as critical, was found in
Script ...)
NOT-FOR-US: ScriptAndTools Real-Estate-website-in-PHP
-CVE-2025-5127 (A vulnerability, which was classified as problematic, has been
found i ...)
+CVE-2025-5127 (A vulnerability was determined in Teledyne FLIR AX8 up to
1.46.16. Thi ...)
NOT-FOR-US: FLIR AX8
-CVE-2025-5126 (A vulnerability classified as critical was found in FLIR AX8 up
to 1.4 ...)
+CVE-2025-5126 (A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16.
This vul ...)
NOT-FOR-US: FLIR AX8
CVE-2025-5124 (A vulnerability classified as critical has been found in Sony
SNC-M1, ...)
NOT-FOR-US: Sony
@@ -50841,7 +51077,7 @@ CVE-2025-4658 (Versions of OpenPubkey library prior to
0.10.0 contained a vulne
NOTE: CVE is assigned for opkssh's use of vulnerable versions of
NOTE: golang-github-openpubkey-openpubkey subjected to CVE-2025-3757
(cf. #1105741)
NOTE:
https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
-CVE-2025-4649 (Improper Privilege Management vulnerability in Centreon web
allows Pri ...)
+CVE-2025-4649 (Improper Handling of Exceptional Conditions vulnerability in
Centreon ...)
NOT-FOR-US: Centreon
CVE-2025-4648 (The content of a SVG file, received as input in Centreon web,
was no ...)
NOT-FOR-US: Centreon
@@ -176169,7 +176405,7 @@ CVE-2024-3015 (A vulnerability classified as critical
was found in SourceCodeste
NOT-FOR-US: SourceCodester Simple Subscription Website
CVE-2024-3014 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Simple Subscription Website
-CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has
been rated ...)
+CVE-2024-3013 (A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The
impacted ...)
NOT-FOR-US: FLIR AX8
CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has
been de ...)
NOT-FOR-US: Tenda
@@ -266379,7 +266615,7 @@ CVE-2022-4366 (Missing Authorization in GitHub
repository lirantal/daloradius pr
NOT-FOR-US: daloRADIUS
CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-4364 (A vulnerability classified as critical has been found in
Teledyne FLIR ...)
+CVE-2022-4364 (A vulnerability has been found in Teledyne FLIR AX8 up to
1.46.16. Aff ...)
NOT-FOR-US: Teledyne
CVE-2022-4363 (The Wholesale Market WordPress plugin before 2.2.2, Wholesale
Market f ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b8ac5c5d8e5b193853711f87e31cdf78dce6dd0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b8ac5c5d8e5b193853711f87e31cdf78dce6dd0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
