[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 27 Oct 2025 13:14:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b49b59c3 by security tracker role at 2025-10-27T20:13:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,269 @@
+CVE-2025-9164 (Docker Desktop Installer.exe is vulnerable to DLL hijacking due 
to ins ...)
+       TODO: check
+CVE-2025-8432 (Incorrect Default Permissions vulnerability in Centreon Infra 
Monitori ...)
+       TODO: check
+CVE-2025-62516 (Landlord Onboarding & Rental Signup introduces the landlord 
onboarding ...)
+       TODO: check
+CVE-2025-62263 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay 
Portal  ...)
+       TODO: check
+CVE-2025-62253 (Open redirect vulnerability in page administration in Liferay 
Portal 7 ...)
+       TODO: check
+CVE-2025-61795 (Improper Resource Shutdown or Release vulnerability in Apache 
Tomcat.  ...)
+       TODO: check
+CVE-2025-61482 (Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH 
privacyID ...)
+       TODO: check
+CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 
allows a re ...)
+       TODO: check
+CVE-2025-61385 (SQL injection vulnerability in tlocke pg8000 1.31.4 allows 
remote atta ...)
+       TODO: check
+CVE-2025-61247 (indieka900 online-shopping-system-php 1.0 is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2025-61105 (FRRouting/frr from v4.0 through v10.4.1 was discovered to 
contain a NU ...)
+       TODO: check
+CVE-2025-61102 (FRRouting/frr from v4.0 through v10.4.1 was discovered to 
contain a NU ...)
+       TODO: check
+CVE-2025-61101 (FRRouting/frr from v4.0 through v10.4.1 was discovered to 
contain a NU ...)
+       TODO: check
+CVE-2025-61100 (FRRouting/frr from v2.0 through v10.4.1 was discovered to 
contain a NU ...)
+       TODO: check
+CVE-2025-61099 (FRRouting/frr from v2.0 through v10.4.1 was discovered to 
contain a NU ...)
+       TODO: check
+CVE-2025-60983 (Reflected Cross Site Scripting vulnerability in Rubikon 
Banking Soluti ...)
+       TODO: check
+CVE-2025-60982 (IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows 
unauthorized ...)
+       TODO: check
+CVE-2025-60791 (Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext 
Storage of Se ...)
+       TODO: check
+CVE-2025-60425 (Nagios Fusion v2024R1.2 and v2024R2 does not invalidate 
already existi ...)
+       TODO: check
+CVE-2025-60424 (A lack of rate limiting in the OTP verification component of 
Nagios Fu ...)
+       TODO: check
+CVE-2025-60291 (An issue was discovered in eTimeTrackLite Web thru 12.0 
(20250704). Th ...)
+       TODO: check
+CVE-2025-59463 (An attacker may cause chunk-size mismatches that block file 
transfers  ...)
+       TODO: check
+CVE-2025-59462 (An attacker who tampers with the C++ CLI client may crash the 
UpdateSe ...)
+       TODO: check
+CVE-2025-59461 (A remote unauthenticated attacker may use the unauthenticated 
C++ API  ...)
+       TODO: check
+CVE-2025-59460 (The system is deployed in its default state, with 
configuration settin ...)
+       TODO: check
+CVE-2025-59459 (An attacker that gains SSH access to an unprivileged account 
may be ab ...)
+       TODO: check
+CVE-2025-59151 (Pi-hole Admin Interface is a web interface for managing 
Pi-hole, a net ...)
+       TODO: check
+CVE-2025-58356 (Constellation is the first Confidential Kubernetes. The 
Constellation  ...)
+       TODO: check
+CVE-2025-55754 (Improper Neutralization of Escape, Meta, or Control Sequences 
vulnerab ...)
+       TODO: check
+CVE-2025-55752 (Relative Path Traversal vulnerability in Apache Tomcat.  The 
fix for b ...)
+       TODO: check
+CVE-2025-54970 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. The 
SOCET GXP ...)
+       TODO: check
+CVE-2025-54969 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. The 
SOCET GXP ...)
+       TODO: check
+CVE-2025-54968 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. The 
SOCET GXP ...)
+       TODO: check
+CVE-2025-54967 (An issue was discovered in BAE SOCET GXP before 4.6.0.3. It 
permits ex ...)
+       TODO: check
+CVE-2025-54965 (An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. 
The SOCET ...)
+       TODO: check
+CVE-2025-53533 (Pi-hole Admin Interface is a web interface for managing 
Pi-hole, a net ...)
+       TODO: check
+CVE-2025-52268 (StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to 
contain ...)
+       TODO: check
+CVE-2025-52264 (StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to 
contain ...)
+       TODO: check
+CVE-2025-52263 (An issue in the Web Configuration module of Startcharge 
Artemis AC Cha ...)
+       TODO: check
+CVE-2025-50055 (Cross-site scripting (XSS) vulnerability in the SAML 
Authentication mo ...)
+       TODO: check
+CVE-2025-46602 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, 
contain an ...)
+       TODO: check
+CVE-2025-46583 (There is a Denial of Service\uff08DoS\uff09vulnerability in 
the ZTE MC ...)
+       TODO: check
+CVE-2025-46582 (A private key disclosure vulnerability exists in ZTE's ZXMP 
M721 produ ...)
+       TODO: check
+CVE-2025-41384 (Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM 
v7.14.1 ...)
+       TODO: check
+CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version 
2.7.5 allow ...)
+       TODO: check
+CVE-2025-41067 (Reachable Assertion vulnerability in Open5GS up to version 
2.7.5 allow ...)
+       TODO: check
+CVE-2025-41009 (SQL injection vulnerability in the DRED virtual campus 
platform. This  ...)
+       TODO: check
+CVE-2025-36170 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent 
Fix 02 is ...)
+       TODO: check
+CVE-2025-36138 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent 
Fix 02 is ...)
+       TODO: check
+CVE-2025-36121 (IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A 
remotely  ...)
+       TODO: check
+CVE-2025-36007 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent 
Fix 02 is ...)
+       TODO: check
+CVE-2025-34292 (Rox, the software running BeWelcome,contains a PHP object 
injection vu ...)
+       TODO: check
+CVE-2025-34133 (Wimi Teamwork versions prior to 7.38.17 contains a cross-site 
request  ...)
+       TODO: check
+CVE-2025-32785 (Pi-hole Admin Interface is a web interface for managing 
Pi-hole, a net ...)
+       TODO: check
+CVE-2025-27225 (TRUfusion Enterprise through 7.10.4.0 exposes the 
/trufusionPortal/jsp ...)
+       TODO: check
+CVE-2025-27224 (TRUfusion Enterprise through 7.10.4.0 uses the 
/trufusionPortal/fileup ...)
+       TODO: check
+CVE-2025-27223 (TRUfusion Enterprise through 7.10.4.0 exposes the encrypted 
COOKIEID a ...)
+       TODO: check
+CVE-2025-27222 (TRUfusion Enterprise through 7.10.4.0 uses the 
/trufusionPortal/getCob ...)
+       TODO: check
+CVE-2025-26862 (Unexpected authentication form rendering in HTML Form Adapter 
using on ...)
+       TODO: check
+CVE-2025-12365 (Error Messages Wrapped In HTTP Header.This issue affects 
BLU-IC2: thro ...)
+       TODO: check
+CVE-2025-12364 (Weak Password Policy.This issue affects BLU-IC2: through 
1.19.5; BLU-I ...)
+       TODO: check
+CVE-2025-12363 (Email Password Disclosure.This issue affects BLU-IC2: through 
1.19.5;  ...)
+       TODO: check
+CVE-2025-12351 (Honeywell S35 Series Cameras contains an authorization bypass 
Vulnerab ...)
+       TODO: check
+CVE-2025-12312 (A flaw has been found in PHPGurukul Curfew e-Pass Management 
System 1. ...)
+       TODO: check
+CVE-2025-12311 (A vulnerability was detected in PHPGurukul Curfew e-Pass 
Management Sy ...)
+       TODO: check
+CVE-2025-12310 (A security vulnerability has been detected in VirtFusion up to 
6.0.2.  ...)
+       TODO: check
+CVE-2025-12309 (A weakness has been identified in code-projects Nero Social 
Networking ...)
+       TODO: check
+CVE-2025-12308 (A security flaw has been discovered in code-projects Nero 
Social Netwo ...)
+       TODO: check
+CVE-2025-12307 (A vulnerability was identified in code-projects Nero Social 
Networking ...)
+       TODO: check
+CVE-2025-12306 (A vulnerability was determined in code-projects Nero Social 
Networking ...)
+       TODO: check
+CVE-2025-12305 (A vulnerability was found in quequnlong shiyi-blog up to 
1.2.1. This i ...)
+       TODO: check
+CVE-2025-12304 (A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS 
up to f ...)
+       TODO: check
+CVE-2025-12303 (A flaw has been found in PHPGurukul Curfew e-Pass Management 
System 1. ...)
+       TODO: check
+CVE-2025-12302 (A vulnerability was detected in code-projects Simple Food 
Ordering Sys ...)
+       TODO: check
+CVE-2025-12301 (A security vulnerability has been detected in code-projects 
Simple Foo ...)
+       TODO: check
+CVE-2025-12300 (A weakness has been identified in code-projects Simple Food 
Ordering S ...)
+       TODO: check
+CVE-2025-12299 (A security flaw has been discovered in code-projects Simple 
Food Order ...)
+       TODO: check
+CVE-2025-12298 (A vulnerability was identified in code-projects Simple Food 
Ordering S ...)
+       TODO: check
+CVE-2025-12297 (A vulnerability was detected in atjiu pybbs up to 6.0.0. This 
affects  ...)
+       TODO: check
+CVE-2025-12296 (A security vulnerability has been detected in D-Link DAP-2695 
2.00RC13 ...)
+       TODO: check
+CVE-2025-12295 (A weakness has been identified in D-Link DAP-2695 2.00RC13. 
The affect ...)
+       TODO: check
+CVE-2025-12294 (A security flaw has been discovered in SourceCodester Point of 
Sales 1 ...)
+       TODO: check
+CVE-2025-12293 (A vulnerability was identified in SourceCodester Point of 
Sales 1.0. T ...)
+       TODO: check
+CVE-2025-12292 (A vulnerability was determined in SourceCodester Point of 
Sales 1.0. T ...)
+       TODO: check
+CVE-2025-12291 (A vulnerability was found in ashymuzuro Full-Ecommece-Website 
and Muzu ...)
+       TODO: check
+CVE-2025-12290 (A vulnerability has been found in Sui Shang Information 
Technology Sui ...)
+       TODO: check
+CVE-2025-12289 (A flaw has been found in Sui Shang Information Technology 
Suishang Ent ...)
+       TODO: check
+CVE-2025-12288 (A vulnerability was detected in Bdtask Pharmacy Management 
System up t ...)
+       TODO: check
+CVE-2025-12287 (A security vulnerability has been detected in Bdtask Wholesale 
Invento ...)
+       TODO: check
+CVE-2025-12286 (A weakness has been identified in VeePN up to 1.6.2. This 
affects an u ...)
+       TODO: check
+CVE-2025-12283 (A security flaw has been discovered in code-projects Client 
Details Sy ...)
+       TODO: check
+CVE-2025-12282 (A vulnerability was identified in code-projects Client Details 
System  ...)
+       TODO: check
+CVE-2025-12281 (A vulnerability was determined in code-projects Client Details 
System  ...)
+       TODO: check
+CVE-2025-12280 (A vulnerability was found in code-projects Client Details 
System 1.0.  ...)
+       TODO: check
+CVE-2025-12279 (A vulnerability has been found in code-projects Client Details 
System  ...)
+       TODO: check
+CVE-2025-12277 (A flaw has been found in Abdullah-Hasan-Sajjad Online-School 
up to f09 ...)
+       TODO: check
+CVE-2025-12276 (A vulnerability was detected in LearnHouse up to 
98dfad76aad70711a8113 ...)
+       TODO: check
+CVE-2025-12274 (A security vulnerability has been detected in Tenda CH22 
1.0.0.1. Affe ...)
+       TODO: check
+CVE-2025-12273 (A weakness has been identified in Tenda CH22 1.0.0.1. Affected 
is the  ...)
+       TODO: check
+CVE-2025-12272 (A security flaw has been discovered in Tenda CH22 1.0.0.1. 
This impact ...)
+       TODO: check
+CVE-2025-12271 (A vulnerability was identified in Tenda CH22 1.0.0.1. This 
affects the ...)
+       TODO: check
+CVE-2025-12270 (A vulnerability was determined in LearnHouse up to 
98dfad76aad70711a81 ...)
+       TODO: check
+CVE-2025-12269 (A vulnerability was found in LearnHouse up to 
98dfad76aad70711a8113f6c ...)
+       TODO: check
+CVE-2025-12268 (A vulnerability has been found in LearnHouse up to 
98dfad76aad70711a81 ...)
+       TODO: check
+CVE-2025-12267 (A flaw has been found in abhicodebox ModernShop 20250922. This 
issue a ...)
+       TODO: check
+CVE-2025-12266 (A vulnerability was detected in Zytec Dalian Zhuoyun 
Technology Centra ...)
+       TODO: check
+CVE-2025-12265 (A weakness has been identified in Tenda CH22 1.0.0.1. Affected 
by this ...)
+       TODO: check
+CVE-2025-12264 (A security flaw has been discovered in Wisencode up to 
20251012. Affec ...)
+       TODO: check
+CVE-2025-12263 (A vulnerability was identified in code-projects Online Event 
Judging S ...)
+       TODO: check
+CVE-2025-12262 (A vulnerability was determined in code-projects Online Event 
Judging S ...)
+       TODO: check
+CVE-2025-12261 (A vulnerability was found in CodeAstro Gym Management System 
1.0. This ...)
+       TODO: check
+CVE-2025-12260 (A vulnerability has been found in TOTOLINK A3300R 
17.0.0cu.557_B202210 ...)
+       TODO: check
+CVE-2025-12259 (A flaw has been found in TOTOLINK A3300R 
17.0.0cu.557_B20221024. The a ...)
+       TODO: check
+CVE-2025-12258 (A vulnerability was detected in TOTOLINK A3300R 
17.0.0cu.557_B20221024 ...)
+       TODO: check
+CVE-2025-12257 (A security vulnerability has been detected in SourceCodester 
Online St ...)
+       TODO: check
+CVE-2025-12256 (A weakness has been identified in code-projects Online Event 
Judging S ...)
+       TODO: check
+CVE-2025-12255 (A security flaw has been discovered in code-projects Online 
Event Judg ...)
+       TODO: check
+CVE-2025-12254 (A vulnerability was identified in code-projects Online Event 
Judging S ...)
+       TODO: check
+CVE-2025-12253 (A vulnerability was determined in AMTT Hotel Broadband 
Operation Syste ...)
+       TODO: check
+CVE-2025-12252 (A vulnerability was found in code-projects Online Event 
Judging System ...)
+       TODO: check
+CVE-2025-12251 (A vulnerability has been found in OpenWGA 7.11.12 Build 737. 
This impa ...)
+       TODO: check
+CVE-2025-12250 (A flaw has been found in OpenWGA 7.11.12 Build 737. This 
affects an un ...)
+       TODO: check
+CVE-2025-12249 (A vulnerability was detected in Axosoft Scrum and Bug Tracking 
22.1.1. ...)
+       TODO: check
+CVE-2025-12248 (A security vulnerability has been detected in CLTPHP 3.0. The 
affected ...)
+       TODO: check
+CVE-2025-12247 (A weakness has been identified in Hasleo Backup Suite up to 
5.2. Impac ...)
+       TODO: check
+CVE-2025-12080 (On Wear OS devices, when Google Messages is configured as the 
default  ...)
+       TODO: check
+CVE-2025-11955 (Incorrect validation of OCSP certificates vulnerability in 
TheGreenBow ...)
+       TODO: check
+CVE-2025-11248 (ZohoCorp ManageEngine Endpoint Central versions prior to 
11.4.2528.05  ...)
+       TODO: check
+CVE-2025-10561 (The device is running an outdated operating system, which may 
be susce ...)
+       TODO: check
+CVE-2025-10023 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2023-49440 (AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the 
"preview para ...)
+       TODO: check
+CVE-2023-37749 (Incorrect access control in the REST API endpoint of HubSpot 
v1.29441  ...)
+       TODO: check
 CVE-2025-62291
+       {DSA-6041-1}
        - strongswan <unfixed>
        NOTE: 
https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html
        NOTE: Patch: https://download.strongswan.org/security/CVE-2025-62291/
@@ -45190,17 +45455,17 @@ CVE-2025-29902 (Remote code execution that allows 
unauthorized users to execute
        NOT-FOR-US: Bosch
 CVE-2025-28389 (Weak password requirements in OpenC3 COSMOS v6.0.0 allow 
attackers to  ...)
        NOT-FOR-US: OpenC3 COSMOS
-CVE-2025-28388 (OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded 
credentials f ...)
+CVE-2025-28388 (OpenC3 COSMOS before v6.0.2 was discovered to contain 
hardcoded creden ...)
        NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28386 (A remote code execution (RCE) vulnerability in the Plugin 
Management c ...)
        NOT-FOR-US: OpenC3 COSMOS
-CVE-2025-28384 (An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 
6.0.0 a ...)
+CVE-2025-28384 (An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 
before  ...)
        NOT-FOR-US: OpenC3 COSMOS
-CVE-2025-28382 (An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 
6.0.0 allo ...)
+CVE-2025-28382 (An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 
before 6.1 ...)
        NOT-FOR-US: OpenC3 COSMOS
-CVE-2025-28381 (A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to 
access s ...)
+CVE-2025-28381 (A credential leak in OpenC3 COSMOS before v6.0.2 allows 
attackers to a ...)
        NOT-FOR-US: OpenC3 COSMOS
-CVE-2025-28380 (A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS 
v6.0.0 all ...)
+CVE-2025-28380 (A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS 
before v6. ...)
        NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-6012 (The Auto Attachments plugin for WordPress is vulnerable to 
Stored Cros ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49b59c31ea3627c69c39b345a33465dae4cd526

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49b59c31ea3627c69c39b345a33465dae4cd526
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to