Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8aa993a6 by security tracker role at 2025-10-30T20:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,73 +1,201 @@
-CVE-2025-40105 [vfs: Don't leak disconnected dentries on umount]
+CVE-2025-8850 (In danny-avila/librechat version 0.7.9, there is an insecure
API desig ...)
+ TODO: check
+CVE-2025-64118 (node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list)
with { s ...)
+ TODO: check
+CVE-2025-64116 (Movary is a web application to track, rate and explore your
movie watc ...)
+ TODO: check
+CVE-2025-64115 (Movary is a web application to track, rate and explore your
movie watc ...)
+ TODO: check
+CVE-2025-64112 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
+ TODO: check
+CVE-2025-64096 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2025-63885 (A stored cross-site scripting (XSS) vulnerability in AIxBlock
commit 0 ...)
+ TODO: check
+CVE-2025-63608 (A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the
Form Bu ...)
+ TODO: check
+CVE-2025-63423 (Each Italy Wireless Mini Router WIRELESS-N 300M
v28K.MiniRouter.201902 ...)
+ TODO: check
+CVE-2025-63422 (Incorrect access control in the Web management interface in
Each Italy ...)
+ TODO: check
+CVE-2025-63298 (A path traversal vulnerability was identified in
SourceCodester Pet Gr ...)
+ TODO: check
+CVE-2025-62795 (JumpServer is an open source bastion host and an operation and
mainten ...)
+ TODO: check
+CVE-2025-62726 (n8n is an open source workflow automation platform. Prior to
1.113.0, ...)
+ TODO: check
+CVE-2025-62712 (JumpServer is an open source bastion host and an operation and
mainten ...)
+ TODO: check
+CVE-2025-62266 (By default, Liferay Portal 7.4.0 through 7.4.3.119, and older
unsuppor ...)
+ TODO: check
+CVE-2025-62265 (Cross-site scripting (XSS) vulnerability in the Blogs widget
in Lifera ...)
+ TODO: check
+CVE-2025-61498 (A buffer overflow in the UPnP service of Tenda AC8 Hardware
v03.03.10. ...)
+ TODO: check
+CVE-2025-61196 (An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote
attacker t ...)
+ TODO: check
+CVE-2025-61121 (Mobile Scanner Android App version 2.12.38 (package name
com.glority.e ...)
+ TODO: check
+CVE-2025-61120 (AG Life Logger Android App version v1.0.2.72 and before
(package name ...)
+ TODO: check
+CVE-2025-61119 (Kanova Android App version 1.0.27 (package name com.karelane),
develop ...)
+ TODO: check
+CVE-2025-61118 (mCarFix Motorists App version 2.3 (package name
com.skytop.mcarfix), d ...)
+ TODO: check
+CVE-2025-61117 (Senza: Keto & Fasting Android App version 2.10.15 (package
name com.gl ...)
+ TODO: check
+CVE-2025-61116 (AdForest - Classified Android App version 4.0.12 (package name
scripts ...)
+ TODO: check
+CVE-2025-61115 (ABC Fine Wine & Spirits Android App version v.11.27.5 and
before (pack ...)
+ TODO: check
+CVE-2025-61114 (2nd Line Android App version v1.2.92 and before (package name
com.myse ...)
+ TODO: check
+CVE-2025-61113 (TalkTalk 3.3.6 Android App contains improper access control
vulnerabil ...)
+ TODO: check
+CVE-2025-60950 (An arbitrary file upload vulnerability in the Data Preparation
functio ...)
+ TODO: check
+CVE-2025-60319 (PerfreeBlog v4.0.11 is vulnerable to Server-Side Request
Forgery due t ...)
+ TODO: check
+CVE-2025-5347 (Zohocorp ManageEngine Exchange Reporter Plus versions before
5723 are ...)
+ TODO: check
+CVE-2025-5343 (Zohocorp ManageEngine Exchange Reporter Plus versions through
5721 are ...)
+ TODO: check
+CVE-2025-5342 (Zohocorp ManageEngine Exchange Reporter Plus through 5721 are
vulnerab ...)
+ TODO: check
+CVE-2025-57109 (Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to
Heap Use-Af ...)
+ TODO: check
+CVE-2025-56313 (A Reflected Cross-Site Scripting (XSS) vulnerability was
discovered in ...)
+ TODO: check
+CVE-2025-54471 (NeuVector used a hard-coded cryptographic key embedded in the
source ...)
+ TODO: check
+CVE-2025-54470 (This vulnerability affects NeuVector deployments only when the
Report ...)
+ TODO: check
+CVE-2025-54469 (A vulnerability was identified in NeuVector, where the
enforcer used e ...)
+ TODO: check
+CVE-2025-53883 (A Improper Neutralization of Script-Related HTML Tags in a Web
Page (B ...)
+ TODO: check
+CVE-2025-53880 (A Path Traversal vulnerability in the tftpsync/add and
tftpsync/delete ...)
+ TODO: check
+CVE-2025-52180 (Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc
Infinity ...)
+ TODO: check
+CVE-2025-52179 (Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc
Revolutio ...)
+ TODO: check
+CVE-2025-50739 (iib0011 omni-tools v0.4.0 is vulnerable to remote code
execution via u ...)
+ TODO: check
+CVE-2025-50736 (An open redirect vulnerability exists in Byaidu
PDFMathTranslate v1.9. ...)
+ TODO: check
+CVE-2025-50574 (Cross-site scripting (XSS) vulnerability in blog-details.php
in Hiruna ...)
+ TODO: check
+CVE-2025-46423 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper
Neutraliz ...)
+ TODO: check
+CVE-2025-46422 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper
Neutraliz ...)
+ TODO: check
+CVE-2025-46363 (Dell Secure Connect Gateway (SCG) 5.0 Application and
Appliance versio ...)
+ TODO: check
+CVE-2025-43942 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper
Neutraliz ...)
+ TODO: check
+CVE-2025-43941 (Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper
Neutraliz ...)
+ TODO: check
+CVE-2025-43940 (Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper
Neutraliz ...)
+ TODO: check
+CVE-2025-43939 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper
Neutraliz ...)
+ TODO: check
+CVE-2025-43027 (A critical severity vulnerability has been identified in the
ALPR Mana ...)
+ TODO: check
+CVE-2025-3356 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21
could al ...)
+ TODO: check
+CVE-2025-3355 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21
could al ...)
+ TODO: check
+CVE-2025-39663 (Cross-Site Scripting (XSS) vulnerability in Checkmk's
distributed moni ...)
+ TODO: check
+CVE-2025-36592 (Dell Secure Connect Gateway (SCG) Policy Manager, version(s)
5.20. 5.2 ...)
+ TODO: check
+CVE-2025-36137 (IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9
iFix004, ...)
+ TODO: check
+CVE-2025-12517 (Credits Page not Matching Versions in Use in the FirmwareThis
issue af ...)
+ TODO: check
+CVE-2025-12516 (Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue
affects BLU ...)
+ TODO: check
+CVE-2025-12515 (Systemic Internal Server Errors - HTTP 500 ResponseThis issue
affects ...)
+ TODO: check
+CVE-2025-12060 (The keras.utils.get_file API in Keras, when used with the
extract=True ...)
+ TODO: check
+CVE-2025-11998 (The following HP Card Readers B Models(X3D03B & Y7C05B) are
potentiall ...)
+ TODO: check
+CVE-2025-10348 (URVE Smart Office is vulnerable to Stored XSS in report
problem functi ...)
+ TODO: check
+CVE-2025-10317 (Quick.Cart is vulnerable to Cross-Site Request Forgery in
product crea ...)
+ TODO: check
+CVE-2025-40105 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/56094ad3eaa21e6621396cc33811d8f72847a834 (6.18-rc2)
-CVE-2025-40104 [ixgbevf: fix mailbox API compatibility by negotiating
supported features]
+CVE-2025-40104 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a7075f501bd33c93570af759b6f4302ef0175168 (6.18-rc2)
-CVE-2025-40103 [smb: client: Fix refcount leak for cifs_sb_tlink]
+CVE-2025-40103 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c2b77f42205ef485a647f62082c442c1cd69d3fc (6.18-rc2)
-CVE-2025-40102 [KVM: arm64: Prevent access to vCPU events before init]
+CVE-2025-40102 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/0aa1b76fe1429629215a7c79820e4b96233ac4a3 (6.18-rc2)
-CVE-2025-40101 [btrfs: fix memory leaks when rejecting a non SINGLE data
profile without an RST]
+CVE-2025-40101 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fec9b9d3ced39f16be8d7afdf81f4dd2653da319 (6.18-rc2)
-CVE-2025-40100 [btrfs: do not assert we found block group item when creating
free space tree]
+CVE-2025-40100 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a5a51bf4e9b7354ce7cd697e610d72c1b33fd949 (6.18-rc2)
-CVE-2025-40099 [cifs: parse_dfs_referrals: prevent oob on malformed input]
+CVE-2025-40099 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9 (6.18-rc2)
-CVE-2025-40098 [ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_get_acpi_mute_state()]
+CVE-2025-40098 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8527bbb33936340525a3504a00932b2f8fd75754 (6.18-rc2)
-CVE-2025-40097 [ALSA: hda: Fix missing pointer check in
hda_component_manager_init function]
+CVE-2025-40097 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1cf11d80db5df805b538c942269e05a65bcaf5bc (6.18-rc2)
-CVE-2025-40096 [drm/sched: Fix potential double free in
drm_sched_job_add_resv_dependencies]
+CVE-2025-40096 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5801e65206b065b0b2af032f7f1eef222aa2fd83 (6.18-rc2)
-CVE-2025-40095 [usb: gadget: f_rndis: Refactor bind path to use __free()]
+CVE-2025-40095 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/08228941436047bdcd35a612c1aec0912a29d8cd (6.18-rc1)
-CVE-2025-40094 [usb: gadget: f_acm: Refactor bind path to use __free()]
+CVE-2025-40094 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/47b2116e54b4a854600341487e8b55249e926324 (6.18-rc1)
-CVE-2025-40093 [usb: gadget: f_ecm: Refactor bind path to use __free()]
+CVE-2025-40093 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 (6.18-rc1)
-CVE-2025-40092 [usb: gadget: f_ncm: Refactor bind path to use __free()]
+CVE-2025-40092 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef (6.18-rc1)
-CVE-2025-40091 [ixgbe: fix too early devlink_free() in ixgbe_remove()]
+CVE-2025-40091 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5feef67b646d8f5064bac288e22204ffba2b9a4a (6.18-rc2)
-CVE-2025-40090 [ksmbd: fix recursive locking in RPC handle list access]
+CVE-2025-40090 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/88f170814fea74911ceab798a43cbd7c5599bed4 (6.18-rc2)
-CVE-2025-40089 [cxl/features: Add check for no entries in cxl_feature_info]
+CVE-2025-40089 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a375246fcf2bbdaeb1df7fa7ee5a8b884a89085e (6.18-rc2)
-CVE-2025-40088 [hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()]
+CVE-2025-40088 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/42520df65bf67189541a425f7d36b0b3e7bd7844 (6.18-rc1)
-CVE-2025-40087 [NFSD: Define a proc_layoutcommit for the FlexFiles layout type]
+CVE-2025-40087 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/4b47a8601b71ad98833b447d465592d847b4dc77 (6.18-rc2)
-CVE-2025-40086 [drm/xe: Don't allow evicting of BOs in same VM in array of VM
binds]
+CVE-2025-40086 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -122,67 +250,86 @@ CVE-2025-10636 (The NS Maintenance Mode for WP WordPress
plugin through 1.3.1 do
NOT-FOR-US: WordPress plugin
CVE-2025-10008 (The Translate WordPress and go Multilingual \u2013 Weglot
plugin for W ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-62503
+CVE-2025-62503 (User with CREATE and no UPDATE privilege for Pools,
Connections, Varia ...)
- airflow <itp> (bug #819700)
-CVE-2025-62402
+CVE-2025-62402 (API users via `/api/v2/dagReports` could perform Dag code
execution in ...)
- airflow <itp> (bug #819700)
-CVE-2025-54941
+CVE-2025-54941 (An example dag `example_dag_decorator` had non-validated
parameter tha ...)
- airflow <itp> (bug #819700)
CVE-2025-12447
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12446
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12445
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12444
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12443
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12441
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12440
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12439
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12438
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12437
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12436
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12435
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12434
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12433
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12432
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12431
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12430
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12429
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12428
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9871 (Razer Synapse 3 Chroma Connect Link Following Local Privilege
Escalati ...)
@@ -1021,7 +1168,7 @@ CVE-2025-61795 (Improper Resource Shutdown or Release
vulnerability in Apache To
NOTE: https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
CVE-2025-61482 (Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH
privacyID ...)
NOT-FOR-US: NetKnights GmbH privacyIDEA Authenticator
-CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18
allows a re ...)
+CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes
the Web ...)
NOT-FOR-US: MikroTik
CVE-2025-61385 (SQL injection vulnerability in tlocke pg8000 1.31.4 allows
remote atta ...)
NOT-FOR-US: tlocke pg8000
@@ -3171,7 +3318,7 @@ CVE-2025-62525 (OpenWrt Project is a Linux operating
system targeting embedded d
NOT-FOR-US: OpenWRT (ltq-ptm)
NOTE: https://openwrt.org/advisory/2025-10-22-2
CVE-2025-12036
- {DSA-6036-1}
+ {DSA-6046-1 DSA-6036-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9428 (Zohocorp ManageEngine Analytics Plus versions6171 and prior are
vulner ...)
@@ -3928,6 +4075,7 @@ CVE-2025-62171 (ImageMagick is an open source software
suite for displaying, con
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00
(7.1.2-7)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/456771fae8baa9558a1421ec8d522e6937d9b2d7
(6.9.13-32)
CVE-2025-62168 (Squid is a caching proxy for the Web. In Squid versions prior
to 7.2, ...)
+ {DSA-6047-1}
- squid 7.2-1 (bug #1118341)
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
NOTE:
https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f
(SQUID_7_2)
@@ -6598,7 +6746,8 @@ CVE-2025-21044 (Out-of-bounds write in fingerprint
trustlet prior to SMR Oct-202
NOT-FOR-US: Samsung Mobile
CVE-2025-11570 (Versions of the package
drupal-pattern-lab/unified-twig-extensions fro ...)
NOT-FOR-US: drupal-pattern-lab/unified-twig-extensions
-CVE-2025-11569 (All versions of the package cross-zip are vulnerable to
Directory Trav ...)
+CVE-2025-11569
+ REJECTED
NOT-FOR-US: cross-zip Node.js module
CVE-2025-11558 (A vulnerability was found in code-projects E-Commerce Website
1.0. Imp ...)
NOT-FOR-US: code-projects E-Commerce Website
@@ -11047,7 +11196,7 @@ CVE-2025-11178 (Local privilege escalation due to DLL
hijacking vulnerability. T
CVE-2025-11153 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- firefox 143.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/#CVE-2025-11153
-CVE-2025-11152 (This vulnerability affects Firefox < 143.0.3.)
+CVE-2025-11152 (Sandbox escape due to integer overflow in the Graphics:
Canvas2D compo ...)
- firefox 143.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/#CVE-2025-11152
CVE-2025-10859 (Cookie storage for non-HTML temporary documents was being
shared incor ...)
@@ -16490,7 +16639,7 @@ CVE-2025-10537 (Memory safety bugs present in Firefox
ESR 140.2, Thunderbird ESR
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10537
-CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3,
Thunder ...)
+CVE-2025-10536 (Information disclosure in the Networking: Cache component.
This vulner ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16498,13 +16647,13 @@ CVE-2025-10536 (This vulnerability affects Firefox <
143, Firefox ESR < 140.3, T
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10536
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10536
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10536
-CVE-2025-10535 (This vulnerability affects Firefox < 143.)
+CVE-2025-10535 (Information disclosure, mitigation bypass in the Privacy
component in ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10535
-CVE-2025-10534 (This vulnerability affects Firefox < 143 and Thunderbird <
143.)
+CVE-2025-10534 (Spoofing issue in the Site Permissions component. This
vulnerability a ...)
- firefox 143.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10534
-CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR <
115.28, Firefo ...)
+CVE-2025-10533 (Integer overflow in the SVG component. This vulnerability
affects Fire ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16512,7 +16661,7 @@ CVE-2025-10533 (This vulnerability affects Firefox <
143, Firefox ESR < 115.28,
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10533
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10533
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10533
-CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3,
Thunder ...)
+CVE-2025-10532 (Incorrect boundary conditions in the JavaScript: GC component.
This vu ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16520,13 +16669,13 @@ CVE-2025-10532 (This vulnerability affects Firefox <
143, Firefox ESR < 140.3, T
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10532
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10532
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10532
-CVE-2025-10531 (This vulnerability affects Firefox < 143 and Thunderbird <
143.)
+CVE-2025-10531 (Mitigation bypass in the Web Compatibility: Tooling component.
This vu ...)
- firefox 143.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10531
-CVE-2025-10530 (This vulnerability affects Firefox < 143 and Thunderbird <
143.)
+CVE-2025-10530 (Spoofing issue in the WebAuthn component in Firefox for
Android. This ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10530
-CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3,
Thunder ...)
+CVE-2025-10529 (Same-origin policy bypass in the Layout component. This
vulnerability ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16534,7 +16683,7 @@ CVE-2025-10529 (This vulnerability affects Firefox <
143, Firefox ESR < 140.3, T
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10529
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10529
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10529
-CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3,
Thunder ...)
+CVE-2025-10528 (Sandbox escape due to undefined behavior, invalid pointer in
the Graph ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -16542,7 +16691,7 @@ CVE-2025-10528 (This vulnerability affects Firefox <
143, Firefox ESR < 140.3, T
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10528
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10528
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10528
-CVE-2025-10527 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3,
Thunder ...)
+CVE-2025-10527 (Sandbox escape due to use-after-free in the Graphics: Canvas2D
compone ...)
{DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
@@ -26064,7 +26213,7 @@ CVE-2025-9184 (Memory safety bugs present in Firefox
ESR 140.1, Thunderbird ESR
CVE-2025-9183 (Spoofing issue in the Address Bar component. This vulnerability
affect ...)
- firefox 142.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9183
-CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics:
WebRender com ...)
+CVE-2025-9182 (Denial-of-service due to out-of-memory in the Graphics:
WebRender comp ...)
- firefox 142.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This
vulnerab ...)
@@ -26075,7 +26224,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript
Engine component. This vul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9181
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
-CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D
component.' This ...)
+CVE-2025-9180 (Same-origin policy bypass in the Graphics: Canvas2D component.
This vu ...)
{DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
- firefox 142.0-1
- firefox-esr 128.14.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aa993a682d34aee407378c8b086fc813dde755b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aa993a682d34aee407378c8b086fc813dde755b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
