[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 18 Oct 2025 00:43:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af608b07 by security tracker role at 2025-10-16T08:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2025-11683 [missing null-terminators which causes out-of-bounds read and 
potential information]
+CVE-2025-62585 (Whale browser before 4.33.325.17 allows an attacker to bypass 
the Cont ...)
+       TODO: check
+CVE-2025-62584 (Whale browser before 4.33.325.17 allows an attacker to bypass 
the Same ...)
+       TODO: check
+CVE-2025-62583 (Whale Browser before 4.33.325.17 allows an attacker to escape 
the ifra ...)
+       TODO: check
+CVE-2025-62580 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
+       TODO: check
+CVE-2025-62579 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
+       TODO: check
+CVE-2025-58778 (Multiple versions of RG-EST300 provided by Ruijie Networks 
provide SSH ...)
+       TODO: check
+CVE-2025-55091 (In NetX Duo before 6.4.4, the networking support module for 
Eclipse Fo ...)
+       TODO: check
+CVE-2025-55090 (In NetX Duo before 6.4.4, the networking support module for 
Eclipse Fo ...)
+       TODO: check
+CVE-2025-55089 (In FileX before 6.4.2, the file support module for Eclipse 
Foundation  ...)
+       TODO: check
+CVE-2025-55084 (In NetX Duo version before 6.4.4, the component of Eclipse 
Foundation  ...)
+       TODO: check
+CVE-2025-43313 (A logic issue was addressed with improved restrictions. This 
issue is  ...)
+       TODO: check
+CVE-2025-43282 (A double free issue was addressed with improved memory 
management. Thi ...)
+       TODO: check
+CVE-2025-43281 (The issue was addressed with improved authentication. This 
issue is fi ...)
+       TODO: check
+CVE-2025-43280 (The issue was resolved by not loading remote images This issue 
is fixe ...)
+       TODO: check
+CVE-2025-41021 (Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, 
consistin ...)
+       TODO: check
+CVE-2025-41020 (Insecure direct object reference (IDOR) vulnerability in 
Sergestec's E ...)
+       TODO: check
+CVE-2025-41019 (SQL injection in Sergestec's SISTICK v7.2. This vulnerability 
allows a ...)
+       TODO: check
+CVE-2025-41018 (SQL injection in Sergestec's Exito v8.0. This vulnerability 
allows an  ...)
+       TODO: check
+CVE-2025-11814 (The Ultimate Addons for WPBakery plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-10850 (The Felan Framework plugin for WordPress is vulnerable to 
improper aut ...)
+       TODO: check
+CVE-2025-10849 (The Felan Framework plugin for WordPress is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2025-10742 (The Truelysell Core plugin for WordPress is vulnerable to 
Arbitrary Us ...)
+       TODO: check
+CVE-2025-10706 (The Classified Pro theme for WordPress is vulnerable to 
unauthorized p ...)
+       TODO: check
+CVE-2025-10700 (The Ally \u2013 Web Accessibility & Usability plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2025-0275 (HCL BigFix Mobile 3.3 and earlier is affected by improper 
access contr ...)
+       TODO: check
+CVE-2025-0274 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier is 
affected  ...)
+       TODO: check
+CVE-2025-11683 (YAML::Syck versions before 1.36 for Perl has missing 
null-terminators  ...)
        - libyaml-syck-perl 1.34-4
        [trixie] - libyaml-syck-perl <no-dsa> (Minor issue)
        [bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
@@ -1165,6 +1217,7 @@ CVE-2025-11721 (Memory safety bug present in Firefox 143 
and Thunderbird 143. Th
        - firefox 144.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11721
 CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird 
ESR 140.3 ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>
@@ -1172,6 +1225,7 @@ CVE-2025-11715 (Memory safety bugs present in Firefox ESR 
140.3, Thunderbird ESR
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11715
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11715
 CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 
140.3, T ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>
@@ -1195,6 +1249,7 @@ CVE-2025-11718 (When the address bar was hidden due to 
scrolling on Android, a m
        - firefox 144.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11718
 CVE-2025-11712 (A malicious page could have used the type attribute of an 
OBJECT tag t ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>
@@ -1208,6 +1263,7 @@ CVE-2025-11716 (Links in a sandboxed iframe could open an 
external app on Androi
        - firefox <not-affected> (Only affects Firefox on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11716
 CVE-2025-11711 (There was a way to change the value of JavaScript Object 
properties th ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>
@@ -1215,6 +1271,7 @@ CVE-2025-11711 (There was a way to change the value of 
JavaScript Object propert
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11711
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11711
 CVE-2025-11710 (A compromised web process using malicious IPC messages could 
have caus ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>
@@ -1222,6 +1279,7 @@ CVE-2025-11710 (A compromised web process using malicious 
IPC messages could hav
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11710
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11710
 CVE-2025-11709 (A compromised web process was able to trigger out of bounds 
reads and  ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>
@@ -1229,6 +1287,7 @@ CVE-2025-11709 (A compromised web process was able to 
trigger out of bounds read
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11709
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11709
 CVE-2025-11708 (Use-after-free in MediaTrackGraphImpl::GetInstance() This 
vulnerabilit ...)
+       {DSA-6025-1}
        - firefox 144.0-1
        - firefox-esr 140.4.0esr-1
        - thunderbird <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af608b07a8b517f5c3cf9d1b3cdb69ca12ce71c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af608b07a8b517f5c3cf9d1b3cdb69ca12ce71c9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to