Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdf132d9 by security tracker role at 2025-10-09T08:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2025-9970 (Cleartext Storage of Sensitive Information in Memory
vulnerability in ...)
+ TODO: check
+CVE-2025-9868 (Server-Side Request Forgery (SSRF) in the Remote Browser Plugin
in Son ...)
+ TODO: check
+CVE-2025-7634 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour
Operator S ...)
+ TODO: check
+CVE-2025-7526 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour
Operator S ...)
+ TODO: check
+CVE-2025-6038 (The Lisfinity Core - Lisfinity Core plugin used for pebas\xae
Lisfinit ...)
+ TODO: check
+CVE-2025-61913 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2025-61906 (Opencast is a free, open-source platform to support the
management of ...)
+ TODO: check
+CVE-2025-61788 (Opencast is a free, open-source platform to support the
management of ...)
+ TODO: check
+CVE-2025-61672 (Synapse is an open source Matrix homeserver implementation.
Lack of va ...)
+ TODO: check
+CVE-2025-61524 (An issue in the permission verification module and
organization/applic ...)
+ TODO: check
+CVE-2025-61183 (Cross Site Scripting in vaahcms v.2.3.1 allows a remote
attacker to ex ...)
+ TODO: check
+CVE-2025-60834 (A fastjson deserialization vulnerability in uzy-ssm-mall
v1.1.0 allows ...)
+ TODO: check
+CVE-2025-60833 (An XML External Entity (XXE) vulnerability in the
/mall/wxpay/pay comp ...)
+ TODO: check
+CVE-2025-60830 (redragon-erp v1.0 was discovered to contain a Shiro
deserialization vu ...)
+ TODO: check
+CVE-2025-60828 (WukongCRM-9.0-JAVA was discovered to contain a fastjson
deserializatio ...)
+ TODO: check
+CVE-2025-60318 (SourceCodester Pet Grooming Management Software 1.0 is
vulnerable to C ...)
+ TODO: check
+CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a
Stored C ...)
+ TODO: check
+CVE-2025-60313 (Sourcecodester Link Status Checker 1.0 is vulnerable to a
Cross-Site S ...)
+ TODO: check
+CVE-2025-60311 (ProjectWorlds Gym Management System1.0 is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2025-60299 (Novel-Plus with 5.2.0 was discovered to contain a Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-60298 (Novel-Plus up to 5.2.4 was discovered to contain a Stored
Cross-Site S ...)
+ TODO: check
+CVE-2025-5009 (In Gemini iOS, when a user shared a snippet of a conversation,
it woul ...)
+ TODO: check
+CVE-2025-59303 (HAProxy Kubernetes Ingress Controller before 3.1.13, when the
config-s ...)
+ TODO: check
+CVE-2025-57457 (An OS Command Injection vulnerability in the Admin panel in
Curo UC300 ...)
+ TODO: check
+CVE-2025-53967 (Framelink Figma MCP Server before 0.6.3 allows an
unauthenticated remo ...)
+ TODO: check
+CVE-2025-47355 (Memory corruption while invoking remote procedure IOCTL calls.)
+ TODO: check
+CVE-2025-47354 (Memory corruption while allocating buffers in DSP service.)
+ TODO: check
+CVE-2025-47351 (Memory corruption while processing user buffers.)
+ TODO: check
+CVE-2025-47349 (Memory corruption while processing an escape call.)
+ TODO: check
+CVE-2025-47347 (Memory corruption while processing control commands in the
virtual mem ...)
+ TODO: check
+CVE-2025-47342 (Transient DOS may occur when multi-profile concurrency arises
with QHS ...)
+ TODO: check
+CVE-2025-47341 (memory corruption while processing an image encoding
completion event.)
+ TODO: check
+CVE-2025-47340 (Memory corruption while processing IOCTL call to get the
mapping.)
+ TODO: check
+CVE-2025-47338 (Memory corruption while processing escape commands from
userspace.)
+ TODO: check
+CVE-2025-43830 (Stored cross-site scripting (XSS) vulnerability in Forms in
Liferay Po ...)
+ TODO: check
+CVE-2025-43829 (Stored cross-site scripting (XSS) vulnerability in diagram
type produc ...)
+ TODO: check
+CVE-2025-43821 (Cross-site scripting (XSS) vulnerability in the Commerce
Product Compa ...)
+ TODO: check
+CVE-2025-43771 (Multiple cross-site scripting (XSS) vulnerabilities in the
Notificatio ...)
+ TODO: check
+CVE-2025-43724 (Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an
authori ...)
+ TODO: check
+CVE-2025-42706 (A logic error exists in the Falcon sensor for Windows that
could allow ...)
+ TODO: check
+CVE-2025-42701 (A race condition exists in the Falcon sensor for Windows that
could al ...)
+ TODO: check
+CVE-2025-36636 (In Tenable Security Center versions prior to 6.7.0, an
improper access ...)
+ TODO: check
+CVE-2025-27060 (Memory corruption while performing SCM call with malformed
inputs.)
+ TODO: check
+CVE-2025-27059 (Memory corruption while performing SCM call.)
+ TODO: check
+CVE-2025-27054 (Memory corruption while processing a malformed license file
during reb ...)
+ TODO: check
+CVE-2025-27053 (Memory corruption during PlayReady APP usecase while
processing TA com ...)
+ TODO: check
+CVE-2025-27049 (Transient DOS while processing IOCTL call for image encoding.)
+ TODO: check
+CVE-2025-27048 (Memory corruption while processing camera platform driver
IOCTL calls.)
+ TODO: check
+CVE-2025-27045 (Information disclosure while processing batch command
execution in Vid ...)
+ TODO: check
+CVE-2025-27041 (Transient DOS while processing video packets received from
video firmw ...)
+ TODO: check
+CVE-2025-27040 (Information disclosure may occur while processing the
hypervisor log.)
+ TODO: check
+CVE-2025-27039 (Memory corruption may occur while processing IOCTL call for
DMM/WARPNC ...)
+ TODO: check
+CVE-2025-11539 (Grafana Image Renderer is vulnerable to remote code execution
due to a ...)
+ TODO: check
+CVE-2025-11535 (MongoDB Connector for BI installation viaMSIon Windows leaves
ACLs uns ...)
+ TODO: check
+CVE-2025-11530 (A weakness has been identified in code-projects Online
Complaint Site ...)
+ TODO: check
+CVE-2025-11529 (A security flaw has been discovered in ChurchCRM up to 5.18.0.
This im ...)
+ TODO: check
+CVE-2025-11528 (A vulnerability was identified in Tenda AC7 15.03.06.44. This
affects ...)
+ TODO: check
+CVE-2025-11527 (A vulnerability was determined in Tenda AC7 15.03.06.44. The
impacted ...)
+ TODO: check
+CVE-2025-11526 (A vulnerability was found in Tenda AC7 15.03.06.44. The
affected eleme ...)
+ TODO: check
+CVE-2025-11525 (A vulnerability has been found in Tenda AC7 15.03.06.44.
Impacted is a ...)
+ TODO: check
+CVE-2025-11524 (A flaw has been found in Tenda AC7 15.03.06.44. This issue
affects som ...)
+ TODO: check
+CVE-2025-11523 (A vulnerability was detected in Tenda AC7 15.03.06.44. This
vulnerabil ...)
+ TODO: check
+CVE-2025-11522 (The Search & Go - Directory WordPress Theme theme for
WordPress is vul ...)
+ TODO: check
+CVE-2025-11516 (A weakness has been identified in code-projects Online
Complaint Site ...)
+ TODO: check
+CVE-2025-11515 (A security flaw has been discovered in code-projects Online
Complaint ...)
+ TODO: check
+CVE-2025-11514 (A vulnerability was identified in code-projects Online
Complaint Site ...)
+ TODO: check
+CVE-2025-11513 (A vulnerability was determined in code-projects E-Commerce
Website 1.0 ...)
+ TODO: check
+CVE-2025-11512 (A vulnerability was found in code-projects Voting System 1.0.
Affected ...)
+ TODO: check
+CVE-2025-11511 (A flaw has been found in code-projects E-Commerce Website 1.0.
Affecte ...)
+ TODO: check
+CVE-2025-11509 (A vulnerability was detected in code-projects E-Commerce
Website 1.0. ...)
+ TODO: check
+CVE-2025-11508 (A security vulnerability has been detected in code-projects
Voting Sys ...)
+ TODO: check
+CVE-2025-11507 (A weakness has been identified in PHPGurukul Beauty Parlour
Management ...)
+ TODO: check
+CVE-2025-11506 (A security flaw has been discovered in PHPGurukul Beauty
Parlour Manag ...)
+ TODO: check
+CVE-2025-11505 (A vulnerability was identified in PHPGurukul Beauty Parlour
Management ...)
+ TODO: check
+CVE-2025-11503 (A vulnerability was determined in PHPGurukul Beauty Parlour
Management ...)
+ TODO: check
+CVE-2025-11495 (A vulnerability was determined in GNU Binutils 2.45. The
affected elem ...)
+ TODO: check
+CVE-2025-11494 (A vulnerability was found in GNU Binutils 2.45. Impacted is
the functi ...)
+ TODO: check
+CVE-2025-11491 (A vulnerability was found in wonderwhy-er DesktopCommanderMCP
up to 0. ...)
+ TODO: check
+CVE-2025-11490 (A vulnerability has been found in wonderwhy-er
DesktopCommanderMCP up ...)
+ TODO: check
+CVE-2025-11489 (A security vulnerability has been detected in wonderwhy-er
DesktopComm ...)
+ TODO: check
+CVE-2025-11488 (A weakness has been identified in D-Link DIR-852 up to
20251002. This ...)
+ TODO: check
+CVE-2025-11487 (A security flaw has been discovered in SourceCodester Farm
Management ...)
+ TODO: check
+CVE-2025-11486 (A vulnerability was identified in SourceCodester Farm
Management Syste ...)
+ TODO: check
+CVE-2025-11485 (A vulnerability was determined in SourceCodester Student
Grades Manage ...)
+ TODO: check
+CVE-2025-11481 (A flaw has been found in varunsardana004
Blood-Bank-And-Donation-Manag ...)
+ TODO: check
+CVE-2025-11480 (A vulnerability was detected in SourceCodester Simple
E-Commerce Books ...)
+ TODO: check
+CVE-2025-11479 (A security vulnerability has been detected in SourceCodester
Wedding R ...)
+ TODO: check
+CVE-2025-11478 (A weakness has been identified in SourceCodester Farm
Management Syste ...)
+ TODO: check
+CVE-2025-11477 (A security flaw has been discovered in SourceCodester Wedding
Reservat ...)
+ TODO: check
+CVE-2025-11476 (A vulnerability was identified in SourceCodester Simple
E-Commerce Boo ...)
+ TODO: check
+CVE-2025-11475 (A vulnerability was determined in projectworlds Advanced
Library Manag ...)
+ TODO: check
+CVE-2025-11474 (A vulnerability was found in SourceCodester Hotel and Lodge
Management ...)
+ TODO: check
+CVE-2025-11473 (A vulnerability has been found in SourceCodester Hotel and
Lodge Manag ...)
+ TODO: check
+CVE-2025-11472 (A flaw has been found in SourceCodester Hotel and Lodge
Management Sys ...)
+ TODO: check
+CVE-2025-11471 (A vulnerability was detected in SourceCodester Hotel and Lodge
Managem ...)
+ TODO: check
+CVE-2025-11470 (A security vulnerability has been detected in SourceCodester
Hotel and ...)
+ TODO: check
+CVE-2025-11469 (A weakness has been identified in SourceCodester Hotel and
Lodge Manag ...)
+ TODO: check
+CVE-2025-11445 (A vulnerability was detected in Kilo Code up to 4.86.0.
Affected is th ...)
+ TODO: check
+CVE-2025-11444 (A security vulnerability has been detected in TOTOLINK N600R
up to 4.3 ...)
+ TODO: check
+CVE-2025-11166 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-10649 (The Welcart e-Commerce plugin for WordPress is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2025-10586 (The Community Events plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2025-10496 (The Cookie Notice & Consent plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2025-10353 (File upload leading to remote code execution (RCE) in the
\u201cmelis- ...)
+ TODO: check
+CVE-2025-10352 (Vulnerability in the melis-core module of Melis Technology's
Melis Pla ...)
+ TODO: check
+CVE-2025-10351 (SQL injection vulnerability based on the melis-cms module of
the Melis ...)
+ TODO: check
+CVE-2017-20202 (Web Developer for Chrome v0.4.9 contained malicious code that
generate ...)
+ TODO: check
+CVE-2017-20201 (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit
builds) cont ...)
+ TODO: check
CVE-2025-2934
- gitlab <unfixed>
CVE-2025-9825
@@ -147,11 +363,11 @@ CVE-2025-3719 (An access control vulnerability was
discovered in the CLI functio
NOT-FOR-US: Guardian/CMC
CVE-2025-3718 (A client-side path traversal vulnerability was discovered in
the web m ...)
NOT-FOR-US: Guardian/CMC
-CVE-2025-3450 (Improper Resource Locking vulnerability in B&R Industrial
Automation A ...)
+CVE-2025-3450 (An Improper Resource Locking vulnerability in the SDM component
of B&R ...)
NOT-FOR-US: ABB group
-CVE-2025-3449 (Generation of Predictable Numbers or Identifiers vulnerability
in B&R ...)
+CVE-2025-3449 (A Generation of Predictable Numbers or Identifiers
vulnerability in th ...)
NOT-FOR-US: ABB group
-CVE-2025-3448 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+CVE-2025-3448 (Reflected cross-site scripting (XSS) vulnerabilities exist in
System D ...)
NOT-FOR-US: ABB group
CVE-2025-37728 (Insufficiently Protected Credentials in the Crowdstrike
connector can ...)
NOT-FOR-US: Crowdstrike connector
@@ -303,9 +519,11 @@ CVE-2025-0603 (Improper Neutralization of Special Elements
used in an SQL Comman
CVE-2023-6215 (A potential security vulnerability has been identified in HP
Sure Star ...)
NOT-FOR-US: HP
CVE-2025-11460
+ {DSA-6021-1}
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11458
+ {DSA-6021-1}
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-61772 (Rack is a modular Ruby web server interface. In versions prior
to 2.2. ...)
@@ -2071,6 +2289,7 @@ CVE-2025-52427 (A NULL pointer dereference vulnerability
has been reported to af
CVE-2025-52424 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
NOT-FOR-US: QNAP
CVE-2025-49844 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed>
- valkey <unfixed>
@@ -2102,6 +2321,7 @@ CVE-2025-47211 (A path traversal vulnerability has been
reported to affect sever
CVE-2025-47210 (A NULL pointer dereference vulnerability has been reported to
affect Q ...)
NOT-FOR-US: QNAP
CVE-2025-46819 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed>
- valkey <unfixed>
@@ -2109,6 +2329,7 @@ CVE-2025-46819 (Redis is an open source, in-memory
database that persists on dis
NOTE:
https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba
(8.2.2)
NOTE:
https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-46818 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
[bullseye] - redis <ignored> (patch too invasive to backport to this
version)
- redict <unfixed>
@@ -2117,6 +2338,7 @@ CVE-2025-46818 (Redis is an open source, in-memory
database that persists on dis
NOTE:
https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e
(8.2.2)
NOTE:
https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-46817 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
+ {DSA-6020-1}
- redis <unfixed> (bug #1117553)
- redict <unfixed>
- valkey <unfixed>
@@ -3102,7 +3324,8 @@ CVE-2022-50452 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2022-50451 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.1.4-1
NOTE:
https://git.kernel.org/linus/51e76a232f8c037f1d9e9922edc25b003d5f3414 (6.2-rc1)
-CVE-2022-50450 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
+CVE-2022-50450
+ REJECTED
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/51deedc9b8680953437dfe359e5268120de10e30 (6.2-rc1)
@@ -3151,6 +3374,7 @@ CVE-2025-11212
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11211
+ {DSA-6021-1}
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-11210
@@ -13257,7 +13481,8 @@ CVE-2025-26434 (In libxml2, there is a possible out of
bounds read due to a buff
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/commit/5e7874015ef5ed8b2705eb2f7b0960f56f7760ea
(v2.14.0)
CVE-2025-10044 (A flaw was found in Keycloak. Keycloak\u2019s account console
and othe ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-10043 (A path traversal validation flaw exists in Keycloak\u2019s
vault key h ...)
+CVE-2025-10043
+ REJECTED
- keycloak <itp> (bug #1088287)
CVE-2025-10026 (A vulnerability was found in itsourcecode POS Point of Sale
System 1.0 ...)
NOT-FOR-US: itsourcecode System
@@ -34245,7 +34470,7 @@ CVE-2025-6766 (A vulnerability was found in sfturing
hosp_order up to 627f426331
NOT-FOR-US: sfturing hosp_order
CVE-2025-6765 (A vulnerability, which was classified as critical, has been
found in I ...)
NOT-FOR-US: Intelbras InControl
-CVE-2025-6763 (A vulnerability classified as critical was found in Comet
System T0510 ...)
+CVE-2025-6763 (A vulnerability was found in Comet System T0510, T3510, T3511,
T4511, ...)
NOT-FOR-US: Comet System
CVE-2025-6762 (A vulnerability classified as critical has been found in diyhi
bbs up ...)
NOT-FOR-US: diyhi bbs
@@ -48186,11 +48411,11 @@ CVE-2025-4658 (Versions of OpenPubkey library prior
to 0.10.0 contained a vulne
NOTE:
https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
CVE-2025-4649 (Improper Privilege Management vulnerability in Centreon web
allows Pri ...)
NOT-FOR-US: Centreon
-CVE-2025-4648 (Download of Code Without Integrity Check vulnerability in
Centreon web ...)
+CVE-2025-4648 (The content of a SVG file, received as input in Centreon web,
was no ...)
NOT-FOR-US: Centreon
CVE-2025-4647 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Centreon
-CVE-2025-4646 (Improper Privilege Management vulnerability in Centreon web
(API Token ...)
+CVE-2025-4646 (Incorrect Authorization vulnerability in Centreon web (API
Token creat ...)
NOT-FOR-US: Centreon
CVE-2025-4428 (Remote Code Execution in API component in Ivanti Endpoint
Manager Mobi ...)
NOT-FOR-US: Ivanti
@@ -98800,7 +99025,7 @@ CVE-2024-55546 (Missing input validation in the ORing
IAP-420 web-interface allo
NOT-FOR-US: ORing IAP-420
CVE-2024-55545 (Missing input validation in the ORing IAP-420 web-interface
allows Cro ...)
NOT-FOR-US: ORing IAP-420
-CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface
allows sto ...)
+CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface
allows aut ...)
NOT-FOR-US: ORing IAP-420
CVE-2024-55500 (Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90
and befor ...)
NOT-FOR-US: Avenwu Whistle
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf132d93403a69f350d073c587b58072737c769
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf132d93403a69f350d073c587b58072737c769
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
