[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ed1e014 by security tracker role at 2025-09-29T20:13:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,112 @@
-CVE-2025-41246
+CVE-2025-9648 (A vulnerability in the CivetWeb library's function 
mg_handle_form_requ ...)
+       TODO: check
+CVE-2025-8868 (In Progress Chef Automate, versions earlier than 4.13.295, on 
Linux x8 ...)
+       TODO: check
+CVE-2025-7104 (A mass assignment vulnerability exists in 
danny-avila/librechat, affec ...)
+       TODO: check
+CVE-2025-6724 (In Progress Chef Automate, versions earlier than 4.13.295, on 
Linux x8 ...)
+       TODO: check
+CVE-2025-61659 (bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the 
/tmp/git-index ...)
+       TODO: check
+CVE-2025-57879 (There is an unvalidated redirect vulnerability in Esri Portal 
for ArcG ...)
+       TODO: check
+CVE-2025-57878 (There is an unvalidated redirect vulnerability in Esri Portal 
for ArcG ...)
+       TODO: check
+CVE-2025-57877 (There is a reflected cross site scripting vulnerability in 
Esri Portal ...)
+       TODO: check
+CVE-2025-57876 (There is a stored Cross-site Scripting vulnerability in  Esri 
Portal f ...)
+       TODO: check
+CVE-2025-57875 (There is a reflected cross site scripting vulnerability in 
Esri Portal ...)
+       TODO: check
+CVE-2025-57874 (There is a reflected cross site scripting vulnerability in 
Esri Portal ...)
+       TODO: check
+CVE-2025-57873 (There is a reflected cross site scripting vulnerability in 
Esri Portal ...)
+       TODO: check
+CVE-2025-57872 (There is an unvalidated redirect vulnerability in Esri Portal 
for ArcG ...)
+       TODO: check
+CVE-2025-57871 (There is a reflected cross site scripting vulnerability in 
Esri Portal ...)
+       TODO: check
+CVE-2025-57516 (OS Command injection vulnerability in PublicCMS 
PublicCMS-V5.202506.a, ...)
+       TODO: check
+CVE-2025-57483 (A reflected cross-site scripting (XSS) vulnerability in 
tawk.to chatbo ...)
+       TODO: check
+CVE-2025-57428 (Default credentials in Italy Wireless Mini Router WIRELESS-N 
300M v28K ...)
+       TODO: check
+CVE-2025-57424 (A stored cross-site scripting (XSS) vulnerability exists in 
the MyCour ...)
+       TODO: check
+CVE-2025-57197 (In the Payeer Android application 2.5.0, an improper access 
control vu ...)
+       TODO: check
+CVE-2025-56807 (A cross-site scripting (XSS) vulnerability in FairSketch RISE 
Ultimate ...)
+       TODO: check
+CVE-2025-56795 (Mealie 3.0.1 and earlier is vulnerable to Cross-Site Scripting 
(XSS) i ...)
+       TODO: check
+CVE-2025-56764 (Trivision NC-227WF firmware 5.80 (build 20141010) login 
mechanism reve ...)
+       TODO: check
+CVE-2025-56449 (A security vulnerability was identified in Obsidian 
Scheduler's REST A ...)
+       TODO: check
+CVE-2025-56234 (AT_NA2000 from Nanda Automation Technology vendor has a 
denial-of-serv ...)
+       TODO: check
+CVE-2025-56233 (Openindiana, kernel SunOS 5.11 has a denial of service 
vulnerability.  ...)
+       TODO: check
+CVE-2025-55795 (The openml/openml.org web application version v2.0.20241110 
uses incre ...)
+       TODO: check
+CVE-2025-51495 (An integer overflow vulnerability exists in the WebSocket 
component of ...)
+       TODO: check
+CVE-2025-43400 (An out-of-bounds write issue was addressed with improved 
bounds checki ...)
+       TODO: check
+CVE-2025-41252 (Description: VMware NSX contains a username enumeration 
vulnerability. ...)
+       TODO: check
+CVE-2025-41251 (VMware NSX contains a weak password recovery mechanism 
vulnerability.  ...)
+       TODO: check
+CVE-2025-41250 (VMware vCenter contains an SMTP header injection 
vulnerability.A malic ...)
+       TODO: check
+CVE-2025-36352 (IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to 
stored c ...)
+       TODO: check
+CVE-2025-36351 (IBM License Metric Tool 9.2.0 through 9.2.40   could allow an 
authenti ...)
+       TODO: check
+CVE-2025-36099 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
a denial ...)
+       TODO: check
+CVE-2025-35034 (Medical Informatics Engineering Enterprise Health has a 
reflected cros ...)
+       TODO: check
+CVE-2025-35033 (Medical Informatics Engineering Enterprise Health has a CSV 
injection  ...)
+       TODO: check
+CVE-2025-35032 (Medical Informatics Engineering Enterprise Health allows 
authenticated ...)
+       TODO: check
+CVE-2025-35031 (Medical Informatics Engineering Enterprise Health includes the 
user's  ...)
+       TODO: check
+CVE-2025-35030 (Medical Informatics Engineering Enterprise Health has a cross 
site req ...)
+       TODO: check
+CVE-2025-34196 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
+       TODO: check
+CVE-2025-11155 (The credentials required to access the device's web server are 
sent in ...)
+       TODO: check
+CVE-2025-11150
+       REJECTED
+CVE-2025-11147 (Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. 
The vuln ...)
+       TODO: check
+CVE-2025-11146 (Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. 
The vuln ...)
+       TODO: check
+CVE-2025-10346 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting 
of a  sto ...)
+       TODO: check
+CVE-2025-10345 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting 
of a  sto ...)
+       TODO: check
+CVE-2025-10344 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting 
of a  sto ...)
+       TODO: check
+CVE-2025-10343 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting 
of a  sto ...)
+       TODO: check
+CVE-2025-10342 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting 
of a  sto ...)
+       TODO: check
+CVE-2025-10341 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting 
of a  sto ...)
+       TODO: check
+CVE-2024-57412 (An issue in SunOS Omnios v5.11 allows attackers to cause a 
Denial of S ...)
+       TODO: check
+CVE-2024-13150 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-41246 (VMware Tools for Windows contains an improper 
authorisationvulnerabili ...)
        NOT-FOR-US: VMware Tools for Windows
-CVE-2025-41245
+CVE-2025-41245 (VMware Aria Operations contains an information disclosure 
vulnerabilit ...)
        NOT-FOR-US: WMware
-CVE-2025-41244
+CVE-2025-41244 (VMware Aria Operations and VMware Tools contain a local 
privilege esca ...)
        - open-vm-tools <unfixed>
        [trixie] - open-vm-tools <no-dsa> (Will be fixed via point release)
        [bookworm] - open-vm-tools <no-dsa> (Will be fixed via point release)
@@ -2862,15 +2966,15 @@ CVE-2025-34197 (Vasion Print (formerly PrinterLogic) 
Virtual Appliance Host vers
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-34195 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
-CVE-2025-34194 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
and Applic ...)
+CVE-2025-34194 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
-CVE-2025-34193 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
and Applic ...)
+CVE-2025-34193 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-34192 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-34191 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
-CVE-2025-34190 (Vasion Print (formerly PrinterLogic) Virtual Appliance Hostand 
Applica ...)
+CVE-2025-34190 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-34189 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
        NOT-FOR-US: Vasion Print (formerly PrinterLogic)
@@ -31625,7 +31729,7 @@ CVE-2025-6494 (A vulnerability was found in 
sparklemotion nokogiri c29c920907366
        NOTE: Fixed in: 
https://github.com/sparklemotion/nokogiri/commit/a17dec46112931a3f43dd21c004e8418457166ef
        NOTE: https://github.com/sparklemotion/nokogiri/issues/3508
        NOTE: https://github.com/sparklemotion/nokogiri/pull/3524
-CVE-2025-6493 (A vulnerability was found in CodeMirror up to 5.17.0 and 
classified as ...)
+CVE-2025-6493 (A weakness has been identified in CodeMirror up to 5.65.20. 
Affected i ...)
        - codemirror-js <unfixed> (bug #1108477)
        [trixie] - codemirror-js <no-dsa> (Minor issue)
        [bookworm] - codemirror-js <no-dsa> (Minor issue)
@@ -161593,7 +161697,7 @@ CVE-2024-27306 (aiohttp is an asynchronous HTTP 
client/server framework for asyn
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
        NOTE: https://github.com/aio-libs/aiohttp/pull/8319
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
 (v3.9.4)
-CVE-2024-24910 (A local attacker can escalate privileges on affected Check 
Point ZoneA ...)
+CVE-2024-24910 (A local attacker can erscalate privileges on affected Check 
Point Zone ...)
        NOT-FOR-US: Check Point
 CVE-2024-23557 (HCL Connections contains a user enumeration vulnerability. 
Certain act ...)
        NOT-FOR-US: HCL



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed1e014ff79f5fea645aed244c2de7e8b6dde8b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed1e014ff79f5fea645aed244c2de7e8b6dde8b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits