Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
461c7981 by security tracker role at 2025-10-06T20:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2025-6985 (The HTMLSectionSplitter class in langchain-text-splitters
version 0.3. ...)
+ TODO: check
+CVE-2025-61985 (ssh in OpenSSH before 10.1 allows the '\0' character in an
ssh:// URI, ...)
+ TODO: check
+CVE-2025-61984 (ssh in OpenSSH before 10.1 allows control characters in
usernames that ...)
+ TODO: check
+CVE-2025-61778 (Akka.NET is a .NET port of the Akka project from the Scala /
Java comm ...)
+ TODO: check
+CVE-2025-61777 (Flag Forge is a Capture The Flag (CTF) platform. Starting in
version 2 ...)
+ TODO: check
+CVE-2025-61769 (Emlog is an open source website building system. A cross-site
scriptin ...)
+ TODO: check
+CVE-2025-61766 (Bucket is a MediaWiki extension to store and retrieve
structured data ...)
+ TODO: check
+CVE-2025-61765 (python-socketio is a Python implementation of the Socket.IO
realtime c ...)
+ TODO: check
+CVE-2025-61687 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2025-61224 (Cross Site Scripting vulnerability in DokuWiki 2025-05-14a
'Librarian' ...)
+ TODO: check
+CVE-2025-61198 (A stored cross-site scripting (XSS) vulnerability in Optimod
5950 - Op ...)
+ TODO: check
+CVE-2025-61197 (An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750,
Optimod ...)
+ TODO: check
+CVE-2025-60969 (Directory Traversal vulnerability in EndRun Technologies
Sonoma D12 Ne ...)
+ TODO: check
+CVE-2025-60967 (Cross Site Scripting (XSS) vulnerability in EndRun
Technologies Sonoma ...)
+ TODO: check
+CVE-2025-60965 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60964 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60963 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60962 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60961 (Cross Site Scripting (XSS) vulnerability in EndRun
Technologies Sonoma ...)
+ TODO: check
+CVE-2025-60960 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60959 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60958 (Cross Site Scripting (XSS) vulnerability in EndRun
Technologies Sonoma ...)
+ TODO: check
+CVE-2025-60957 (OS Command Injection vulnerability in EndRun Technologies
Sonoma D12 N ...)
+ TODO: check
+CVE-2025-60956 (Cross Site Request Forgery (CSRF) vulnerability in EndRun
Technologies ...)
+ TODO: check
+CVE-2025-59734 (It is possible to cause an use-after-free write in SANM
decoding with ...)
+ TODO: check
+CVE-2025-59733 (When decoding an OpenEXR file that uses DWAA or DWAB
compression, ther ...)
+ TODO: check
+CVE-2025-59732 (When decoding an OpenEXR file that uses DWAA or DWAB
compression, ther ...)
+ TODO: check
+CVE-2025-59731 (When decoding an OpenEXR file that uses DWAA or DWAB
compression, the ...)
+ TODO: check
+CVE-2025-59730 (When decoding a frame for a SANM file (ANIM v0 variant), the
decoded d ...)
+ TODO: check
+CVE-2025-59729 (When parsing the header for a DHAV file, there's an integer
underflow ...)
+ TODO: check
+CVE-2025-59728 (When calculating the content path in handling of MPEG-DASH
manifests, ...)
+ TODO: check
+CVE-2025-59452 (The YoSmart YoLink API through 2025-10-02 uses an endpoint URL
that is ...)
+ TODO: check
+CVE-2025-59451 (The YoSmart YoLink application through 2025-10-02 has session
tokens w ...)
+ TODO: check
+CVE-2025-59450 (The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and
data ex ...)
+ TODO: check
+CVE-2025-59449 (The YoSmart YoLink MQTT broker through 2025-10-02 does not
enforce suf ...)
+ TODO: check
+CVE-2025-59448 (Components of the YoSmart YoLink ecosystem through 2025-10-02
leverage ...)
+ TODO: check
+CVE-2025-59447 (The YoSmart YoLink Smart Hub device 0382 exposes a UART debug
interfac ...)
+ TODO: check
+CVE-2025-59159 (SillyTavern is a locally installed user interface that allows
users to ...)
+ TODO: check
+CVE-2025-59152 (Litestar is an Asynchronous Server Gateway Interface (ASGI)
framework. ...)
+ TODO: check
+CVE-2025-57515 (A SQL injection vulnerability has been identified in Uniclare
Student ...)
+ TODO: check
+CVE-2025-57247 (The BATBToken smart contract (address
0xfbf1388408670c02f0dbbb74251d8d ...)
+ TODO: check
+CVE-2025-56382 (A stored Cross-site scripting (XSS) vulnerability exists in
the Custom ...)
+ TODO: check
+CVE-2025-52472 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2025-49594 (XWiki OIDC has various tools to manipulate OpenID Connect
protocol in ...)
+ TODO: check
+CVE-2025-36356 (IBM Security Verify Access and IBM Security Verify Access
Docker 10.0. ...)
+ TODO: check
+CVE-2025-36355 (IBM Security Verify Access and IBM Security Verify Access
Docker 10.0. ...)
+ TODO: check
+CVE-2025-36354 (IBM Security Verify Access and IBM Security Verify Access
Docker 10.0. ...)
+ TODO: check
+CVE-2025-28129 (Phpgurukul Hostel Management System 2.1 is vulnerable to
clickjacking.)
+ TODO: check
+CVE-2025-11346 (A vulnerability has been found in ILIAS up to 8.23/9.13/10.1.
This aff ...)
+ TODO: check
+CVE-2025-11345 (A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected
by this ...)
+ TODO: check
+CVE-2025-11344 (A vulnerability was detected in ILIAS up to 8.23/9.13/10.1.
Affected b ...)
+ TODO: check
+CVE-2025-11343 (A security vulnerability has been detected in code-projects
Student Cr ...)
+ TODO: check
+CVE-2025-11342 (A weakness has been identified in code-projects Online Course
Registra ...)
+ TODO: check
+CVE-2025-11341 (A security flaw has been discovered in Jinher OA up to 2.0.
This affec ...)
+ TODO: check
+CVE-2025-11339 (A vulnerability has been found in D-Link DI-7100G C1 up to
20250928. T ...)
+ TODO: check
+CVE-2025-11338 (A flaw has been found in D-Link DI-7100G C1 up to 20250928.
This vulne ...)
+ TODO: check
+CVE-2025-11337 (A vulnerability was detected in Four-Faith Water Conservancy
Informati ...)
+ TODO: check
+CVE-2025-11336 (A security vulnerability has been detected in Four-Faith Water
Conserv ...)
+ TODO: check
+CVE-2025-11335 (A weakness has been identified in D-Link DI-7100G C1 up to
20250928. A ...)
+ TODO: check
+CVE-2025-11334 (A security flaw has been discovered in Campcodes Online
Apartment Visi ...)
+ TODO: check
+CVE-2025-11333 (A vulnerability was identified in langleyfcu Online Banking
System up ...)
+ TODO: check
+CVE-2025-11332 (A vulnerability was determined in CmsEasy up to 7.7.7. This
affects an ...)
+ TODO: check
+CVE-2025-11331 (A vulnerability was found in IdeaCMS up to 1.8. The impacted
element i ...)
+ TODO: check
+CVE-2025-11330 (A vulnerability has been found in PHPGurukul Beauty Parlour
Management ...)
+ TODO: check
+CVE-2025-11329 (A flaw has been found in code-projects Online Course
Registration 1.0. ...)
+ TODO: check
+CVE-2025-11328 (A vulnerability was detected in Tenda AC18 15.03.05.19(6318).
This iss ...)
+ TODO: check
+CVE-2025-11327 (A security vulnerability has been detected in Tenda AC18
15.03.05.19(6 ...)
+ TODO: check
+CVE-2025-10363 (Deserialization of Untrusted Data vulnerability in Topal
Solutions AG ...)
+ TODO: check
+CVE-2025-0609 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-0608 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in L ...)
+ TODO: check
+CVE-2025-0607 (Improper Encoding or Escaping of Output vulnerability in Logo
Software ...)
+ TODO: check
+CVE-2025-0606 (Authorization Bypass Through User-Controlled Key vulnerability
in Logo ...)
+ TODO: check
+CVE-2025-0038 (In AMD Zynq UltraScale+ devices, the lack of address validation
when e ...)
+ TODO: check
+CVE-2023-49886 (IBM Standards Processing Engine 10.0.1.10 could allow a remote
attacke ...)
+ TODO: check
CVE-2025-9914 (The credentials of the users stored in the system's local
database can ...)
NOT-FOR-US: SICK AG
CVE-2025-9913 (JavaScript can be ran inside the address bar via the dashboard
"Open i ...)
@@ -4845,6 +4993,7 @@ CVE-2025-39868 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-39867
REJECTED
CVE-2025-30189 [auth: Use AUTH_CACHE_KEY_USER instead of per-database
constants]
+ {DSA-6019-1}
- dovecot 1:2.4.1+dfsg1-7 (bug #1115474)
[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
[bullseye] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -30365,6 +30514,7 @@ CVE-2025-48385 (Git is a fast, scalable, distributed
revision control system wit
NOTE: https://lore.kernel.org/git/[email protected]/
NOTE: Fixed by:
https://github.com/git/git/commit/35cb1bb0b92c132249d932c05bbd860d410e12d4
(v2.43.7)
CVE-2025-48384 (Git is a fast, scalable, distributed revision control system
with an u ...)
+ {DLA-4323-1}
- git 1:2.50.1-0.1 (bug #1108983)
[trixie] - git 1:2.47.3-0+deb13u1
[bookworm] - git <no-dsa> (Will be fixed in point release)
@@ -30372,6 +30522,7 @@ CVE-2025-48384 (Git is a fast, scalable, distributed
revision control system wit
NOTE: https://lore.kernel.org/git/[email protected]/
NOTE: Fixed by:
https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89
(2.43.7)
CVE-2025-46835 (Git GUI allows you to use the Git source control management
tools via ...)
+ {DLA-4323-1}
- git 1:2.50.1-0.1 (bug #1108983)
[trixie] - git 1:2.47.3-0+deb13u1
[bookworm] - git <no-dsa> (Will be fixed in point release)
@@ -30391,6 +30542,7 @@ CVE-2025-27614 (Gitk is a Tcl/Tk based Git history
browser. Starting with 2.41.0
NOTE: Introduced after:
https://github.com/git/git/commit/bb5cb23daf751790950ff9f761f8884e21c88d00
(v2.41.0)
NOTE: Fixed by:
https://github.com/git/git/commit/8e3070aa5e331be45d4d03e3be41f84494fce129
(v2.43.7)
CVE-2025-27613 (Gitk is a Tcl/Tk based Git history browser. Starting with
1.7.0, when ...)
+ {DLA-4323-1}
- git 1:2.50.1-0.1 (bug #1108983)
[trixie] - git 1:2.47.3-0+deb13u1
[bookworm] - git <no-dsa> (Will be fixed in point release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/461c7981d98e8e8f0dba67566d424a0221a84034
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/461c7981d98e8e8f0dba67566d424a0221a84034
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
