Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a94ea3f by security tracker role at 2025-10-29T20:13:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,245 @@
-CVE-2025-11232
+CVE-2025-9871 (Razer Synapse 3 Chroma Connect Link Following Local Privilege
Escalati ...)
+ TODO: check
+CVE-2025-9870 (Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local
Privileg ...)
+ TODO: check
+CVE-2025-9869 (Razer Synapse 3 Macro Module Link Following Local Privilege
Escalation ...)
+ TODO: check
+CVE-2025-64291 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64290 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce
Premmerce ...)
+ TODO: check
+CVE-2025-64289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64288 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce
Premmerce ...)
+ TODO: check
+CVE-2025-64286 (Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP
Rentals ...)
+ TODO: check
+CVE-2025-64285 (Missing Authorization vulnerability in Premmerce Premmerce
Wholesale P ...)
+ TODO: check
+CVE-2025-64284 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64283 (Authorization Bypass Through User-Controlled Key vulnerability
in Rome ...)
+ TODO: check
+CVE-2025-64234 (Missing Authorization vulnerability in Evergreen Content
Poster Evergr ...)
+ TODO: check
+CVE-2025-64229 (Missing Authorization vulnerability in BoldGrid Client
Invoicing by Sp ...)
+ TODO: check
+CVE-2025-64228 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-64226 (Cross-Site Request Forgery (CSRF) vulnerability in colabrio
Stockie Ex ...)
+ TODO: check
+CVE-2025-64220 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64219 (Missing Authorization vulnerability in Strategy11 Team
Business Direct ...)
+ TODO: check
+CVE-2025-64216 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64212 (Missing Authorization vulnerability in StylemixThemes
MasterStudy LMS ...)
+ TODO: check
+CVE-2025-64211 (Missing Authorization vulnerability in StylemixThemes
Masterstudy Elem ...)
+ TODO: check
+CVE-2025-64210 (Missing Authorization vulnerability in StylemixThemes
Masterstudy Elem ...)
+ TODO: check
+CVE-2025-64208 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64204 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64202 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64201 (Cross-Site Request Forgery (CSRF) vulnerability in blubrry
PowerPress ...)
+ TODO: check
+CVE-2025-64200 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64199 (Missing Authorization vulnerability in WpEstate wpresidence
wpresidenc ...)
+ TODO: check
+CVE-2025-64197 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64195 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64194 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64150 (A missing permission check in Jenkins Publish to Bitbucket
Plugin 0.4 ...)
+ TODO: check
+CVE-2025-64149 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Publish t ...)
+ TODO: check
+CVE-2025-64148 (A missing permission check in Jenkins Publish to Bitbucket
Plugin 0.4 ...)
+ TODO: check
+CVE-2025-64147 (Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys
display ...)
+ TODO: check
+CVE-2025-64146 (Jenkins Curseforge Publisher Plugin 1.0 stores API Keys
unencrypted in ...)
+ TODO: check
+CVE-2025-64145 (Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API
tokens di ...)
+ TODO: check
+CVE-2025-64144 (Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens
unencrypt ...)
+ TODO: check
+CVE-2025-64143 (Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores
authorizat ...)
+ TODO: check
+CVE-2025-64142 (A missing permission check in Jenkins Nexus Task Runner Plugin
0.9.2 a ...)
+ TODO: check
+CVE-2025-64141 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Nexus Tas ...)
+ TODO: check
+CVE-2025-64140 (Jenkins Azure CLI Plugin 0.9 and earlier does not restrict
which comma ...)
+ TODO: check
+CVE-2025-64139 (A missing permission check in Jenkins Start Windocks
Containers Plugin ...)
+ TODO: check
+CVE-2025-64138 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Start Win ...)
+ TODO: check
+CVE-2025-64137 (A missing permission check in Jenkins Themis Plugin 1.4.1 and
earlier ...)
+ TODO: check
+CVE-2025-64136 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Themis Pl ...)
+ TODO: check
+CVE-2025-64135 (Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and
earlier se ...)
+ TODO: check
+CVE-2025-64134 (Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated
version ...)
+ TODO: check
+CVE-2025-64133 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Extensibl ...)
+ TODO: check
+CVE-2025-64132 (Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does
not per ...)
+ TODO: check
+CVE-2025-64131 (Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not
implemen ...)
+ TODO: check
+CVE-2025-64104 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
+ TODO: check
+CVE-2025-64103 (Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only
required multi ...)
+ TODO: check
+CVE-2025-64102 (Zitadel is open-source identity infrastructure software. Prior
to 4.6. ...)
+ TODO: check
+CVE-2025-64101 (Zitadel is open-source identity infrastructure software. Prior
to 4.6. ...)
+ TODO: check
+CVE-2025-64100 (CKAN is an open-source DMS (data management system) for
powering data ...)
+ TODO: check
+CVE-2025-63622 (A vulnerability was found in code-projects Online Complaint
Site 1.0. ...)
+ TODO: check
+CVE-2025-62797 (FluxCP is a web-based Control Panel for rAthena servers
written in PHP ...)
+ TODO: check
+CVE-2025-62792 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62791 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62790 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62789 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62788 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62787 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62786 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-62785 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-61876 (Insecure Direct Object Reference (IDOR) in /tenants/{id} API
endpoint ...)
+ TODO: check
+CVE-2025-61429 (An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0
allows atta ...)
+ TODO: check
+CVE-2025-61234 (Incorrect access control on Dataphone A920 v2025.07.161103
exposes a s ...)
+ TODO: check
+CVE-2025-61161 (DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and
related c ...)
+ TODO: check
+CVE-2025-61156 (Incorrect access control in the kernel driver of ThreatFire
System Mon ...)
+ TODO: check
+CVE-2025-60898 (An unauthenticated server-side request forgery (SSRF)
vulnerability in ...)
+ TODO: check
+CVE-2025-60595 (SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code
execution.)
+ TODO: check
+CVE-2025-60542 (SQL Injection vulnerability in TypeORM before 0.3.26 via
crafted reque ...)
+ TODO: check
+CVE-2025-60320 (memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted
service pat ...)
+ TODO: check
+CVE-2025-60075 (Cross-Site Request Forgery (CSRF) vulnerability in Allegro
Marketing h ...)
+ TODO: check
+CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden
Super St ...)
+ TODO: check
+CVE-2025-58711 (Missing Authorization vulnerability in solwin Blog Designer
PRO blog-d ...)
+ TODO: check
+CVE-2025-57227 (An unquoted service path in Kingosoft Technology Ltd Kingo
ROOT v1.5.8 ...)
+ TODO: check
+CVE-2025-56558 (An issue discovered in Dyson App v6.1.23041-23595 allows
unauthenticat ...)
+ TODO: check
+CVE-2025-54384 (CKAN is an open-source DMS (data management system) for
powering data ...)
+ TODO: check
+CVE-2025-35980
+ REJECTED
+CVE-2025-1549 (A local privilege escalation vulnerability in the WatchGuard
Mobile VP ...)
+ TODO: check
+CVE-2025-12479 (Systemic Lack of Cross-Site Request Forgery (CSRF) Token
Implementatio ...)
+ TODO: check
+CVE-2025-12478 (Non-Compliant TLS Configuration.This issue affects BLU-IC2:
through 1. ...)
+ TODO: check
+CVE-2025-12477 (Server Version Disclosure.This issue affects BLU-IC2: through
1.19.5; ...)
+ TODO: check
+CVE-2025-12476 (Resource Lacking AuthN.This issue affects BLU-IC2: through
1.19.5; BLU ...)
+ TODO: check
+CVE-2025-12461 (This vulnerability allows an attacker to access parts of the
applicati ...)
+ TODO: check
+CVE-2025-12450 (The LiteSpeed Cache plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2025-12148 (In Search Guard versions 3.1.1 and earlier, Field Masking (FM)
rules a ...)
+ TODO: check
+CVE-2025-12147 (In Search Guard FLX versions 3.1.1 and earlier, Field-Level
Security ( ...)
+ TODO: check
+CVE-2025-12142 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
+ TODO: check
+CVE-2025-12058 (The Keras.Model.load_model method, including when executed
with the in ...)
+ TODO: check
+CVE-2025-11632 (The Call Now Button \u2013 The #1 Click to Call Button for
WordPress p ...)
+ TODO: check
+CVE-2025-11587 (The Call Now Button \u2013 The #1 Click to Call Button for
WordPress p ...)
+ TODO: check
+CVE-2025-11466 (Allegra DatabaseBackupBL Directory Traversal Information
Disclosure Vu ...)
+ TODO: check
+CVE-2025-11465 (Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote
Code Execut ...)
+ TODO: check
+CVE-2025-11464 (Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer
Overflow Remote ...)
+ TODO: check
+CVE-2025-11463 (Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote
Code Exec ...)
+ TODO: check
+CVE-2025-11203 (LiteLLM Information health API_KEY Information Disclosure
Vulnerabilit ...)
+ TODO: check
+CVE-2025-11202 (win-cli-mcp-server resolveCommandPath Command Injection Remote
Code Ex ...)
+ TODO: check
+CVE-2025-11201 (MLflow Tracking Server Model Creation Directory Traversal
Remote Code ...)
+ TODO: check
+CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass
Vulnerability. ...)
+ TODO: check
+CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
+ TODO: check
+CVE-2025-10932 (Uncontrolled Resource Consumption vulnerability in Progress
MOVEit Tra ...)
+ TODO: check
+CVE-2024-58269 (A vulnerability has been identified in Rancher Manager, where
sensitiv ...)
+ TODO: check
+CVE-2024-45162 (A stack-based buffer overflow issue was discovered in the
phddns clien ...)
+ TODO: check
+CVE-2024-45161 (A CSRF issue was discovered in the administrative web GUI in
Blu-Castl ...)
+ TODO: check
+CVE-2024-14012 (Potential privilege escalation issue in Revenera InstallShield
version ...)
+ TODO: check
+CVE-2023-39178
+ REJECTED
+CVE-2023-39177
+ REJECTED
+CVE-2023-32199 (A vulnerability has been identified within Rancher Manager,
where aft ...)
+ TODO: check
+CVE-2018-25120 (D-Link DNS-343 ShareCenter devices running firmware versions
up to and ...)
+ TODO: check
+CVE-2015-10147 (The Easy Testimonial Slider and Form plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2015-10146 (The Thumbnail Slider With Lightbox plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-11232 (To trigger the issue, three configuration parameters must have
specifi ...)
- isc-kea <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2025-11232
-CVE-2025-40085 [ALSA: usb-audio: Fix NULL pointer deference in
try_to_register_card]
+CVE-2025-40085 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/28412b489b088fb88dff488305fd4e56bd47f6e4 (6.18-rc2)
-CVE-2025-40084 [ksmbd: transport_ipc: validate payload size before reading
handle]
+CVE-2025-40084 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0
-CVE-2025-40083 [net/sched: sch_qfq: Fix null-deref in agg_dequeue]
+CVE-2025-40083 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.16.3-1
NOTE:
https://git.kernel.org/linus/dd831ac8221e691e9e918585b1003c7071df0379 (6.16-rc6)
-CVE-2023-7324 [scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses]
+CVE-2023-7324 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE:
https://git.kernel.org/linus/db95d4df71cb55506425b6e4a5f8d68e3a765b63 (6.3-rc1)
@@ -433,7 +661,7 @@ CVE-2025-40025 (In the Linux kernel, the following
vulnerability has been resolv
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c18ecd99e0c707ef8f83cace861cbc3162f4fdf1 (6.18-rc1)
CVE-2025-62231
- {DSA-6044-1}
+ {DSA-6044-1 DLA-4353-1}
- xorg-server 2:21.1.20-1
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -442,7 +670,7 @@ CVE-2025-62231
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa
(xorg-server-21.1.19)
CVE-2025-62230
- {DSA-6044-1}
+ {DSA-6044-1 DLA-4353-1}
- xorg-server 2:21.1.20-1
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -453,7 +681,7 @@ CVE-2025-62230
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175
(xorg-server-21.1.19)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839
(xorg-server-21.1.19)
CVE-2025-62229
- {DSA-6044-1}
+ {DSA-6044-1 DLA-4353-1}
- xorg-server 2:21.1.20-1
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -585,7 +813,8 @@ CVE-2025-9164 (Docker Desktop Installer.exe is vulnerable
to DLL hijacking due t
NOT-FOR-US: Docker products not packaged in Debian
CVE-2025-8432 (Incorrect Default Permissions vulnerability in Centreon Infra
Monitori ...)
NOT-FOR-US: Centreon
-CVE-2025-62516 (Landlord Onboarding & Rental Signup introduces the landlord
onboarding ...)
+CVE-2025-62516
+ REJECTED
NOT-FOR-US: Landlord Onboarding & Rental Signup
CVE-2025-62263 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay
Portal ...)
NOT-FOR-US: Liferay
@@ -700,9 +929,9 @@ CVE-2025-46582 (A private key disclosure vulnerability
exists in ZTE's ZXMP M721
NOT-FOR-US: ZTE
CVE-2025-41384 (Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM
v7.14.1 ...)
NOT-FOR-US: SuiteCRM
-CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version
2.7.5 allow ...)
+CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version
2.7.6 allow ...)
- open5gs <itp> (bug #1094791)
-CVE-2025-41067 (Reachable Assertion vulnerability in Open5GS up to version
2.7.5 allow ...)
+CVE-2025-41067 (Reachable Assertion vulnerability in Open5GS up to version
2.7.6 allow ...)
- open5gs <itp> (bug #1094791)
CVE-2025-41009 (SQL injection vulnerability in the DRED virtual campus
platform. This ...)
NOT-FOR-US: DRED virtual campus platform
@@ -11540,7 +11769,7 @@ CVE-2025-10858 (An issue was discovered in GitLab CE/EE
affecting all versions b
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-10544 (Unrestricted file upload vulnerability in DocAve 6.13.2,
Perimeter 1.1 ...)
NOT-FOR-US: DocAve
-CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer
Overflow Remote Code Execution Vulnerability]
+CVE-2025-10925 (GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code
Executi ...)
- gimp <unfixed> (unimportant)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -11550,7 +11779,7 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing
Stack-based Buffer Overflo
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68
(GIMP_2_99_16)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/002b22c15028b18557bd0823a081af9ed5316679
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
-CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote
Code Execution Vulnerability]
+CVE-2025-10924 (GIMP FF File Parsing Integer Overflow Remote Code Execution
Vulnerabil ...)
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116461)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
@@ -11560,7 +11789,7 @@ CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing
Integer Overflow Remote Code
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28
(GIMP_2_99_18)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
-CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote
Code Execution Vulnerability]
+CVE-2025-10923 (GIMP WBMP File Parsing Integer Overflow Remote Code Execution
Vulnerab ...)
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116460)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
@@ -11570,14 +11799,14 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing
Integer Overflow Remote Co
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2445
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8
(GIMP_2_99_12)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/fb31ddf32298bb2f0f09b3ccc53464b8693a050e
-CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer
Overflow Remote Code Execution Vulnerability]
+CVE-2025-10922 (GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
{DSA-6043-1 DSA-6014-1 DLA-4342-1}
- gimp 3.0.4-6.1 (bug #1116459)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-911/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
-CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write
Remote Code Execution Vulnerability]
+CVE-2025-10920 (GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code
Execution Vulne ...)
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116458)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
@@ -11587,7 +11816,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing
Out-Of-Bounds Write Remote
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8
(GIMP_2_99_14)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/5f4329d324b0db7a857918941ef7e1d27f3d3992
-CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability]
+CVE-2025-10921 (GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
{DSA-6018-1 DLA-4341-1}
- gegl 1:0.4.62-3.1 (bug #1116470)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
@@ -63896,7 +64125,7 @@ CVE-2024-58249 (In wxWidgets before 3.2.7, a crash can
be triggered in wxWidgets
[bookworm] - wxwidgets3.2 <no-dsa> (Minor issue)
NOTE: https://github.com/wxWidgets/wxWidgets/issues/24885
NOTE:
https://github.com/wxWidgets/wxWidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d
(v3.2.7)
-CVE-2024-58248 (nopCommerce before 4.80.0 does not offer locking for order
placement. ...)
+CVE-2024-58248 (nopCommerce through 4.90.1 does not offer locking for order
placement. ...)
NOT-FOR-US: nopCommerce
CVE-2024-56736 (Server-Side Request Forgery (SSRF) vulnerability in Apache
HertzBeat. ...)
NOT-FOR-US: Apache HertzBeat
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a94ea3febbb9993b11ddd7989a34c94c8ad019f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a94ea3febbb9993b11ddd7989a34c94c8ad019f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
