Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53ce6bf3 by security tracker role at 2025-09-24T08:38:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,172 @@
-CVE-2025-59825
+CVE-2025-9966 (Improper privilege management vulnerability in Novakon P series
allows ...)
+ TODO: check
+CVE-2025-9965 (Improper authentication vulnerability in Novakon P series
allows unaut ...)
+ TODO: check
+CVE-2025-9964 (No password for the root user is set in Novakon P series. This
allows ...)
+ TODO: check
+CVE-2025-9963 (A path traversal vulnerability in Novakon P series allows to
expose th ...)
+ TODO: check
+CVE-2025-9962 (A buffer overflow vulnerability in Novakon P series allows
attackers t ...)
+ TODO: check
+CVE-2025-9846 (Unrestricted Upload of File with Dangerous Type vulnerability
in Talen ...)
+ TODO: check
+CVE-2025-9844 (Uncontrolled Search Path Element vulnerability in Salesforce
Salesforc ...)
+ TODO: check
+CVE-2025-9798 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-9342 (Authorization Bypass Through User-Controlled Key vulnerability
in Anad ...)
+ TODO: check
+CVE-2025-9197
+ REJECTED
+CVE-2025-8410 (Use After Free vulnerability in RTI Connext Professional
(Security Plu ...)
+ TODO: check
+CVE-2025-8354 (A maliciously crafted RFA file, when parsed through Autodesk
Revit, ca ...)
+ TODO: check
+CVE-2025-7106 (danny-avila/librechat is affected by an authorization bypass
vulnerabi ...)
+ TODO: check
+CVE-2025-5717 (An authenticated remote code execution (RCE) vulnerability
exists in m ...)
+ TODO: check
+CVE-2025-59930
+ REJECTED
+CVE-2025-59929
+ REJECTED
+CVE-2025-59928
+ REJECTED
+CVE-2025-59927
+ REJECTED
+CVE-2025-59926
+ REJECTED
+CVE-2025-59925
+ REJECTED
+CVE-2025-59924
+ REJECTED
+CVE-2025-59826 (Flag Forge is a Capture The Flag (CTF) platform. In version
2.1.0, non ...)
+ TODO: check
+CVE-2025-59822 (Http4s is a Scala interface for HTTP services. In versions
from 1.0.0- ...)
+ TODO: check
+CVE-2025-59821 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-59548 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-59547 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-59546 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-59545 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-59539 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-59534 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was
discovered in ...)
+ TODO: check
+CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58473 (An improper resource shutdown or release vulnerability has
been identi ...)
+ TODO: check
+CVE-2025-58354 (Kata Containers is an open source project focusing on a
standard imple ...)
+ TODO: check
+CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the
user-suppli ...)
+ TODO: check
+CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the
user-suppli ...)
+ TODO: check
+CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data
vulnerability in Aut ...)
+ TODO: check
+CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in
firmware v ...)
+ TODO: check
+CVE-2025-57882 (An improper resource shutdown or release vulnerability has
been identi ...)
+ TODO: check
+CVE-2025-57639 (OS Command injection vulnerability in Tenda AC9 1.0 was
discovered to ...)
+ TODO: check
+CVE-2025-57638 (Buffer overflow vulnerability in Tenda AC9 1.0 via the user
supplied s ...)
+ TODO: check
+CVE-2025-57637 (Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in
the sub ...)
+ TODO: check
+CVE-2025-57636 (OS Command injection vulnerability in D-Link C1 2020-02-21.
The sub_47 ...)
+ TODO: check
+CVE-2025-57407 (A stored cross-site scripting (XSS) vulnerability in the Admin
Log Vie ...)
+ TODO: check
+CVE-2025-56394 (Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF
incorrectly va ...)
+ TODO: check
+CVE-2025-56311 (In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware
v2.2.14), ...)
+ TODO: check
+CVE-2025-56304 (Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3
via the re ...)
+ TODO: check
+CVE-2025-56146 (Indian Bank IndSMART Android App 3.8.1 is vulnerable to
Missing SSL Ce ...)
+ TODO: check
+CVE-2025-55780 (A null pointer dereference occurs in the function
break_word_for_overf ...)
+ TODO: check
+CVE-2025-55069 (A predictable seed in pseudo-random number generator
vulnerability has ...)
+ TODO: check
+CVE-2025-55038 (An authorization bypass vulnerability has been discovered in
the Click ...)
+ TODO: check
+CVE-2025-54855 (Cleartext storage of sensitive information was discovered in
Click Pro ...)
+ TODO: check
+CVE-2025-54081 (Sunshine is a self-hosted game stream host for Moonlight.
Prior to ver ...)
+ TODO: check
+CVE-2025-52905 (Improper Input Validation vulnerability in TOTOLINK X6000R
allows Floo ...)
+ TODO: check
+CVE-2025-51005 (A heap-buffer-overflow vulnerability exists in the tcpliveplay
utility ...)
+ TODO: check
+CVE-2025-4993 (Untrusted Pointer Dereference vulnerability in RTI Connext
Professiona ...)
+ TODO: check
+CVE-2025-4760 (An authenticated stored cross-site scripting (XSS)
vulnerability exist ...)
+ TODO: check
+CVE-2025-4582 (Buffer Over-read, Off-by-one Error vulnerability in RTI Connext
Profes ...)
+ TODO: check
+CVE-2025-48459 (Deserialization of Untrusted Data vulnerability in Apache
IoTDB. This ...)
+ TODO: check
+CVE-2025-48392 (A vulnerability in Apache IoTDB. This issue affects Apache
IoTDB: fro ...)
+ TODO: check
+CVE-2025-45326 (An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote
attacke ...)
+ TODO: check
+CVE-2025-43819 (A Insufficient Session Expiration vulnerability in the Liferay
Portal ...)
+ TODO: check
+CVE-2025-43779 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-29084 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote
attacke ...)
+ TODO: check
+CVE-2025-29083 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote
attacke ...)
+ TODO: check
+CVE-2025-1255 (Untrusted Pointer Dereference vulnerability in RTI Connext
Professiona ...)
+ TODO: check
+CVE-2025-10857 (A security flaw has been discovered in Campcodes Point of Sale
System ...)
+ TODO: check
+CVE-2025-10851 (A security flaw has been discovered in Campcodes Gym
Management System ...)
+ TODO: check
+CVE-2025-10412 (The Product Options and Price Calculation Formulas for
WooCommerce \u2 ...)
+ TODO: check
+CVE-2025-10244 (A maliciously crafted HTML payload, when rendered by the
Autodesk Fusi ...)
+ TODO: check
+CVE-2025-10184 (The vulnerability allows any application installed on the
device to re ...)
+ TODO: check
+CVE-2025-10147 (The Podlove Podcast Publisher plugin for WordPress is
vulnerable to ar ...)
+ TODO: check
+CVE-2025-0672 (An authentication bypass vulnerability exists in multiple WSO2
product ...)
+ TODO: check
+CVE-2025-0663 (A cross-tenant authentication vulnerability exists in multiple
WSO2 pr ...)
+ TODO: check
+CVE-2025-0209 (A reflected cross-site scripting (XSS) vulnerability exists in
the acc ...)
+ TODO: check
+CVE-2024-6429 (A content spoofing vulnerability exists in multiple WSO2
products due ...)
+ TODO: check
+CVE-2024-4598 (An information disclosure vulnerability exists in multiple WSO2
produc ...)
+ TODO: check
+CVE-2024-21935 (Improper input validation in Satellite Management Controller
(SMC) may ...)
+ TODO: check
+CVE-2024-21927 (Improper input validation in Satellite Management Controller
(SMC) may ...)
+ TODO: check
+CVE-2023-47538
+ REJECTED
+CVE-2017-20200 (A vulnerability has been found in Coinomi up to 1.7.6. This
issue affe ...)
+ TODO: check
+CVE-2025-59825 (astral-tokio-tar is a tar archive reading/writing library for
async Ru ...)
- rust-astral-tokio-tar <unfixed>
NOTE: https://github.com/advisories/GHSA-3wgq-wrwc-vqmv
NOTE:
https://github.com/astral-sh/tokio-tar/commit/036fdecc85c52458ace92dc9e02e9cef90684e75
(v0.5.4)
CVE-2025-10894
NOT-FOR-US: Compromised Node nx package
-CVE-2025-6921
+CVE-2025-6921 (The huggingface/transformers library, versions prior to 4.53.0,
is vul ...)
NOT-FOR-US: huggingface/transformers
CVE-2025-10890
- chromium 140.0.7339.207-1
@@ -19,7 +181,7 @@ CVE-2025-XXXX [NNCP path traversal attack]
- nncp <unfixed> (bug #1115848)
NOTE: http://www.nncpgo.org/Release-8_005f12_005f0.html
NOTE:
http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scw...@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7
-CVE-2025-9900
+CVE-2025-9900 (A flaw was found in Libtiff. This vulnerability is a
"write-what-where ...)
- tiff 4.7.1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/704
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/732
@@ -24029,7 +24191,7 @@ CVE-2025-5241 (Overly Restrictive Account Lockout
Mechanism vulnerability in Mit
NOT-FOR-US: Mitsubishi
CVE-2025-5028 (Installation file of ESET security products on Windows allow
an atta ...)
NOT-FOR-US: ESET
-CVE-2025-53864 (Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote
attacker to ...)
+CVE-2025-53864 (Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x
before 9. ...)
NOT-FOR-US: Connect2id
CVE-2025-53852
REJECTED
@@ -113533,7 +113695,7 @@ CVE-2024-45519 (The postjournal service in Zimbra
Collaboration (ZCS) before 8.8
NOT-FOR-US: Zimbra
CVE-2024-42504 (A security vulnerability in HPE IceWall Agent products could
be exploi ...)
NOT-FOR-US: HPE IceWall Agent products
-CVE-2024-28888 (A use-after-free vulnerability exists in the way Foxit Reade
2024.1.0. ...)
+CVE-2024-28888 (A use-after-free vulnerability exists in the way Foxit Reader
2024.1.0 ...)
NOT-FOR-US: Foxit Reader
CVE-2024-24117 (Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P
RGOS v.10.4 ...)
NOT-FOR-US: Ruijie
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ce6bf31a57ca871b7b9fcd889dc1c2b38d1fd5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ce6bf31a57ca871b7b9fcd889dc1c2b38d1fd5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
