Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1a4e7e0 by security tracker role at 2025-10-31T20:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,416 @@
-CVE-2025-40106 [comedi: fix divide-by-zero in comedi_buf_munge()]
+CVE-2025-8849 (LibreChat version 0.7.9 is vulnerable to a Denial of Service
(DoS) att ...)
+ TODO: check
+CVE-2025-8489 (The King Addons for Elementor \u2013 Free Elements, Widgets,
Templates ...)
+ TODO: check
+CVE-2025-8385 (The Zombify plugin for WordPress is vulnerable to Path
Traversal in al ...)
+ TODO: check
+CVE-2025-8383 (The Depicter plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of
service (Do ...)
+ TODO: check
+CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled
a perf ...)
+ TODO: check
+CVE-2025-64389 (The web server of the device performs exchanges of sensitive
informati ...)
+ TODO: check
+CVE-2025-64388 (Denial of service of the web server through specific requests
to this ...)
+ TODO: check
+CVE-2025-64387 (The web application is vulnerable to a so-called
\u2018clickjacking\u2 ...)
+ TODO: check
+CVE-2025-64386 (The equipment grants a JWT token for each connection in the
timeline, ...)
+ TODO: check
+CVE-2025-64385 (The equipment initially can be configured using the
manufacturer's app ...)
+ TODO: check
+CVE-2025-64368 (Cross-Site Request Forgery (CSRF) vulnerability in
Mikado-Themes Bard ...)
+ TODO: check
+CVE-2025-64367 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64366 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-64365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64364 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64363 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64362 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64360 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64359 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64358 (Missing Authorization vulnerability in WebToffee Smart Coupons
for Woo ...)
+ TODO: check
+CVE-2025-64357 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR.
Advance ...)
+ TODO: check
+CVE-2025-64356 (Missing Authorization vulnerability in f1logic Insert PHP Code
Snippet ...)
+ TODO: check
+CVE-2025-64354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64353 (Deserialization of Untrusted Data vulnerability in Chouby
Polylang pol ...)
+ TODO: check
+CVE-2025-64352 (Missing Authorization vulnerability in WPDeveloper Essential
Addons fo ...)
+ TODO: check
+CVE-2025-64351 (Insertion of Sensitive Information Into Sent Data
vulnerability in Ran ...)
+ TODO: check
+CVE-2025-64350 (Missing Authorization vulnerability in Rank Math SEO Rank Math
SEO seo ...)
+ TODO: check
+CVE-2025-64349 (ELOG allows an authenticated user to modify another user's
profile. An ...)
+ TODO: check
+CVE-2025-64348 (ELOG allows an authenticated user to modify or overwrite the
configura ...)
+ TODO: check
+CVE-2025-64168 (Agno is a multi-agent framework, runtime and control plane.
From 2.0.0 ...)
+ TODO: check
+CVE-2025-63675 (cryptidy through 1.2.4 allows code execution via untrusted
data becaus ...)
+ TODO: check
+CVE-2025-63562 (Summer Pearl Group Vacation Rental Management Platform prior
to v1.0.2 ...)
+ TODO: check
+CVE-2025-63561 (Summer Pearl Group Vacation Rental Management Platform prior
to 1.0.2 ...)
+ TODO: check
+CVE-2025-63469 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63468 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63467 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63466 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63465 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63464 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63463 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-63462 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2025-63461 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2025-63460 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2025-63459 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2025-63458 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack
overflow via ...)
+ TODO: check
+CVE-2025-63454 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-62618 (ELOG allows an authenticated user to upload arbitrary HTML
files. The ...)
+ TODO: check
+CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web
content tem ...)
+ TODO: check
+CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in
Languauge Overri ...)
+ TODO: check
+CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to
plaintext u ...)
+ TODO: check
+CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO
GmbH BEO A ...)
+ TODO: check
+CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in
the conf ...)
+ TODO: check
+CVE-2025-60749 (DLL Hijacking vulnerability in Trimble SketchUp desktop 2025
via craft ...)
+ TODO: check
+CVE-2025-60711 (Protection mechanism failure in Microsoft Edge
(Chromium-based) allows ...)
+ TODO: check
+CVE-2025-5397 (The Noo JobMonster theme for WordPress is vulnerable to
Authentication ...)
+ TODO: check
+CVE-2025-59501 (Authentication bypass by spoofing in Microsoft Configuration
Manager a ...)
+ TODO: check
+CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co.,
Ltd. put ...)
+ TODO: check
+CVE-2025-57108 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a
heap use- ...)
+ TODO: check
+CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a
heap buff ...)
+ TODO: check
+CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co.,
Ltd. con ...)
+ TODO: check
+CVE-2025-52665 (A malicious actor with access to the management network could
exploit ...)
+ TODO: check
+CVE-2025-52664 (SQL injection in Revive Adserver 6.0.0 causes potential
disruption or ...)
+ TODO: check
+CVE-2025-52663 (A vulnerability was identified in certain UniFi Talk devices
where int ...)
+ TODO: check
+CVE-2025-4952 (Tampering of the registry entries might have led to preventing
the ESE ...)
+ TODO: check
+CVE-2025-48984 (A vulnerability allowing remote code execution (RCE) on the
Backup Ser ...)
+ TODO: check
+CVE-2025-48983 (A vulnerability in the Mount service of Veeam Backup &
Replication, wh ...)
+ TODO: check
+CVE-2025-48982 (This vulnerability in Veeam Agent for Microsoft Windows allows
for Loc ...)
+ TODO: check
+CVE-2025-48980 (In Brave Browser Desktop versions prior to 1.83.10 that have
the split ...)
+ TODO: check
+CVE-2025-40603 (A potential exposure of sensitive information in log files in
SonicWal ...)
+ TODO: check
+CVE-2025-36249 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does
not set ...)
+ TODO: check
+CVE-2025-34298 (Nagios Log Server versions prior to 2024R1.3.2 contain a
privilege esc ...)
+ TODO: check
+CVE-2025-34287 (Nagios XI versions prior to 2024R2 contain an improperly owned
script, ...)
+ TODO: check
+CVE-2025-34286 (Nagios XI versions prior to 2026R1 contain a remote code
execution vu ...)
+ TODO: check
+CVE-2025-34284 (Nagios XI versions prior to2024R2contain a command injection
vulnerabi ...)
+ TODO: check
+CVE-2025-34283 (Nagios XI versions prior to2024R1.4.2revealed API keys to
users who we ...)
+ TODO: check
+CVE-2025-34280 (NagiosNetwork Analyzer versions prior to2024R2.0.1 contain a
vulnerabi ...)
+ TODO: check
+CVE-2025-34278 (Nagios Network Analyzer versions prior to2024R1 contain a
stored cross ...)
+ TODO: check
+CVE-2025-34277 (Nagios Log Server versions prior to2024R1.3.1 contain a code
injection ...)
+ TODO: check
+CVE-2025-34274 (Nagios Log Server versions prior to 2024R2.0.3 contain an
execution wi ...)
+ TODO: check
+CVE-2025-34273 (Nagios Log Server versions prior to 2024R2.0.3 contain an
incorrect au ...)
+ TODO: check
+CVE-2025-34272 (In Nagios Log Server versions prior to 2024R2.0.3, when a
user's confi ...)
+ TODO: check
+CVE-2025-34271 (Nagios Log Server versions prior to2024R2.0.2 contain a
vulnerability ...)
+ TODO: check
+CVE-2025-34270 (Nagios Log Server versions prior to 2024R2.0.2 contain a
vulnerability ...)
+ TODO: check
+CVE-2025-34269 (Nagios Fusion versions prior to R2.1 contain a vulnerability
due to th ...)
+ TODO: check
+CVE-2025-34249 (Nagios Fusion versions prior to 2024R2.1contain a brute-force
bypass i ...)
+ TODO: check
+CVE-2025-34135 (Nagios XI versions prior to2024R1.4.2configure some systemd
unit files ...)
+ TODO: check
+CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code
execution ...)
+ TODO: check
+CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could allo ...)
+ TODO: check
+CVE-2025-30191 (Malicious content from E-Mail can be used to perform a
redressing atta ...)
+ TODO: check
+CVE-2025-30188 (Malicious or unintentional API requests can be used to add
significant ...)
+ TODO: check
+CVE-2025-29270 (Incorrect access control in the realtime.cgi endpoint of Deep
Sea Elec ...)
+ TODO: check
+CVE-2025-27208 (A reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
+ TODO: check
+CVE-2025-12554 (Missing Security Headers.This issue affects BLU-IC2: through
1.19.5; B ...)
+ TODO: check
+CVE-2025-12553 (Email Server Certificate Verification Disabled.This issue
affects BLU- ...)
+ TODO: check
+CVE-2025-12552 (Insufficient Password Policy.This issue affects BLU-IC2:
through 1.19. ...)
+ TODO: check
+CVE-2025-12547 (A vulnerability was identified in LogicalDOC Community Edition
up to 9 ...)
+ TODO: check
+CVE-2025-12546 (A vulnerability was determined in LogicalDOC Community Edition
up to 9 ...)
+ TODO: check
+CVE-2025-12521 (The Analytify Pro plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2025-12509 (On a client with an admin user, a Global_Shipping script can
be implem ...)
+ TODO: check
+CVE-2025-12508 (When using domain users as BRAIN2 users, communication with
Active Dir ...)
+ TODO: check
+CVE-2025-12507 (The service Bizerba Communication Server (BCS) has an unquoted
service ...)
+ TODO: check
+CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can
lead to ...)
+ TODO: check
+CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail
version 9.8.3 ...)
+ TODO: check
+CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization
(SLAC) ...)
+ TODO: check
+CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2025-12115 (The WPC Name Your Price for WooCommerce plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-12094 (The OOPSpam Anti-Spam: Spam Protection for WordPress Forms &
Comments ...)
+ TODO: check
+CVE-2025-12041 (The ERI File Library plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2025-11975 (The FuseWP \u2013 WordPress User Sync to Email List &
Marketing Automa ...)
+ TODO: check
+CVE-2025-11843 (Therefore Corporation GmbH has recently become aware that
Therefore\u2 ...)
+ TODO: check
+CVE-2025-11806 (The Qzzr Shortcode Plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-11602 (Potential information leak in bolt protocol handshake in Neo4j
Enterpr ...)
+ TODO: check
+CVE-2025-11191 (The RealPress WordPress plugin before 1.1.0 registers the
REST routes ...)
+ TODO: check
+CVE-2025-10897 (The WooCommerce Designer Pro theme for WordPress is vulnerable
to arbi ...)
+ TODO: check
+CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a
Z-Wave PIR ...)
+ TODO: check
+CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local
privile ...)
+ TODO: check
+CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored
cross-site ...)
+ TODO: check
+CVE-2024-14009 (Nagios XI versions prior to2024R1.0.1contain a privilege
escalation vu ...)
+ TODO: check
+CVE-2024-14008 (Nagios XI versions prior to 2024R1.3.2contain a remote command
executi ...)
+ TODO: check
+CVE-2024-14006 (Nagios XI versions prior to 2024R1.2.2contain a host header
injection ...)
+ TODO: check
+CVE-2024-14005 (Nagios XI versions prior to 2024R1.2 contain a command
injection vulne ...)
+ TODO: check
+CVE-2024-14004 (Nagios XI versions prior to 2024R1.2 containa privilege
escalation vul ...)
+ TODO: check
+CVE-2024-14003 (Nagios XI versions prior to 2024R1.2 arevulnerable to remote
code exec ...)
+ TODO: check
+CVE-2024-14002 (Nagios XI versions prior to 2024R1.1.4 contain a local file
inclusion ...)
+ TODO: check
+CVE-2024-14001 (Nagios XI versions prior to 2024R1.1.3are vulnerable to
cross-site scr ...)
+ TODO: check
+CVE-2024-14000 (Nagios XI versions prior to 2024R1.1.3are vulnerable to
cross-site scr ...)
+ TODO: check
+CVE-2024-13999 (Nagios XI versions prior to 2024R1.1.3, under certain
circumstances,di ...)
+ TODO: check
+CVE-2024-13996 (Nagios XI versions prior to2024R1.1.3did not invalidate all
other acti ...)
+ TODO: check
+CVE-2024-13995 (Nagios XI versions prior to2024R1.1.2 may (confirmed
in2024R1.1 and 20 ...)
+ TODO: check
+CVE-2024-13994 (Nagios XI versions prior to2024R1.1.2 contain a missing
authorization ...)
+ TODO: check
+CVE-2024-13993 (Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a
reflected ...)
+ TODO: check
+CVE-2024-13992 (Nagios XI versions prior to < 2024R1.1 is vulnerable to a
cross-site s ...)
+ TODO: check
+CVE-2023-7325 (Anheng Mingyu Operation and Maintenance Audit and Risk Control
System ...)
+ TODO: check
+CVE-2023-7323 (Nagios Log Server versions prior to 2024R1are vulnerable to
cross-site ...)
+ TODO: check
+CVE-2023-7322 (Nagios Log Server versions prior to 2024R1 contain an incorrect
author ...)
+ TODO: check
+CVE-2023-7321 (Nagios Log Server versions prior to 2.1.14 are vulnerable to
cross-sit ...)
+ TODO: check
+CVE-2023-7319 (Nagios Network Analyzer versions prior to 2024R1 are vulnerable
to cro ...)
+ TODO: check
+CVE-2023-7318 (Nagios XI versions prior to < 2024R1.0.2 are vulnerable to
cross-site ...)
+ TODO: check
+CVE-2023-7317 (Nagios XI versions prior to 2024R1contain a missing access
control vul ...)
+ TODO: check
+CVE-2023-7316 (Nagios XI versions prior to 2024R1 are vulnerable to cross-site
script ...)
+ TODO: check
+CVE-2023-7315 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site
script ...)
+ TODO: check
+CVE-2023-7314 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site
script ...)
+ TODO: check
+CVE-2023-7313 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site
script ...)
+ TODO: check
+CVE-2023-7312 (Nagios Fusion versions prior to4.2.0 contain a stored
cross-site scrip ...)
+ TODO: check
+CVE-2023-53690 (Nagios Fusion versions prior to 4.2.0 contain a stored
cross-site scri ...)
+ TODO: check
+CVE-2023-53689 (Nagios Fusion versions prior to4.2.0 contain a reflected
cross-site sc ...)
+ TODO: check
+CVE-2023-53688 (Nagios XI versions prior to 5.11.3 are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2022-50588 (Nagios XI versions prior to5.8.9are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2022-50587 (Nagios XI versions prior to5.8.9are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2022-50586 (Nagios XI versions prior to5.8.9are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2022-50585 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.7 ...)
+ TODO: check
+CVE-2022-50584 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.6 ...)
+ TODO: check
+CVE-2021-4461 (Seeyon Zhiyuan OA Web Application System versions up to and
including ...)
+ TODO: check
+CVE-2021-47700 (Nagios XI versions prior to5.8.7used a temporary directory for
Highcha ...)
+ TODO: check
+CVE-2021-47699 (Nagios XI versions prior to5.8.7are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2021-47697 (Nagios XI versions prior to5.8.0are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2021-47696 (Nagios XI versions prior to5.8.0are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2021-47695 (Nagios XI versions prior to5.8.0are vulnerable to stored
cross-site sc ...)
+ TODO: check
+CVE-2021-47694 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.4 ...)
+ TODO: check
+CVE-2021-47693 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.3 ...)
+ TODO: check
+CVE-2021-47692
+ REJECTED
+CVE-2021-47691 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.1 ...)
+ TODO: check
+CVE-2021-47690 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.1 ...)
+ TODO: check
+CVE-2021-47689 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.0 ...)
+ TODO: check
+CVE-2020-36869 (Nagios XI versions prior to5.7.5contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2020-36868 (Nagios XI versions prior to5.7.3contain a privilege escalation
vulnera ...)
+ TODO: check
+CVE-2020-36867 (Nagios XI versions prior to5.7.3contain a command injection
vulnerabil ...)
+ TODO: check
+CVE-2020-36866 (Nagios XI versions prior to5.7.2are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2020-36865 (Nagios XI versions prior to5.7.2are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2020-36864 (Nagios XI versions prior to5.7.2are vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2020-36863 (Nagios XI versions prior to5.7.2allow PHP files to be uploaded
to the ...)
+ TODO: check
+CVE-2020-36862 (Nagios XI versions prior to5.6.11contain unauthenticated
vulnerabiliti ...)
+ TODO: check
+CVE-2020-36861 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.0.8 ...)
+ TODO: check
+CVE-2020-36860 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.0.7 ...)
+ TODO: check
+CVE-2020-36859 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.0.7 ...)
+ TODO: check
+CVE-2020-36858 (Nagios Log Server versions prior to 2.1.6contain cross-site
scripting ...)
+ TODO: check
+CVE-2020-36857 (Nagios XI versions prior to 5.6.14 containa
post-authentication SQL in ...)
+ TODO: check
+CVE-2020-36856 (Nagios XI versions prior to 5.6.14 contain an authenticated
remote com ...)
+ TODO: check
+CVE-2018-25123 (Nagios XI versions prior to5.5.7contain a privilege escalation
vulnera ...)
+ TODO: check
+CVE-2018-25122 (Nagios XI versions prior to5.4.13contain a remote code
execution vulne ...)
+ TODO: check
+CVE-2018-25121 (Nagios XI versions prior to5.4.13 are vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2018-25119 (Nagios Fusion versions prior to 4.1.5 arevulnerable to
cross-site scri ...)
+ TODO: check
+CVE-2017-20209 (Nagios Fusion versions prior to 4.0.1arevulnerable to
cross-site scrip ...)
+ TODO: check
+CVE-2016-15053 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site
scriptin ...)
+ TODO: check
+CVE-2016-15052 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site
scriptin ...)
+ TODO: check
+CVE-2016-15051 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site
scriptin ...)
+ TODO: check
+CVE-2016-15050 (Nagios XI versions prior to5.2.4 containa SQL injection
vulnerability ...)
+ TODO: check
+CVE-2016-15049 (Nagios Log Server versions prior to 1.4.2 are vulnerable to
cross-site ...)
+ TODO: check
+CVE-2013-10074 (Nagios XI versions prior to2012R2.6are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2013-10073 (Nagios XI versions prior to2012R1.6 contain ashell command
injection v ...)
+ TODO: check
+CVE-2013-10072 (Nagios XI versions prior to2012R1.6 contain an authorization
flaw in t ...)
+ TODO: check
+CVE-2013-10071 (Nagios XI versions prior to2012R1.6contain a reflected
cross-site scri ...)
+ TODO: check
+CVE-2012-10063 (Nagios XI versions prior to2012R1.3 containa SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2011-10040 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2011-10039 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2011-10038 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2011-10037 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2011-10036 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
+ TODO: check
+CVE-2011-10035 (Nagios XI versions prior to2011R1.9contain privilege
escalation vulner ...)
+ TODO: check
+CVE-2025-40106 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.17.6-1
NOTE:
https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)
CVE-2025-11261
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T406322
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193414
@@ -7355,6 +7764,7 @@ CVE-2025-10004 (GitLab has remediated an issue in GitLab
CE/EE affecting all ver
CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64
End of ...)
+ {DLA-4354-1}
- python3.14 3.14.0-3
- python3.13 <unfixed>
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -9646,10 +10056,12 @@ CVE-2025-61962 (In fetchmail before 6.5.6, the SMTP
client can crash when authen
NOTE: https://www.fetchmail.info/fetchmail-SA-2025-01.txt
NOTE: Fixed by:
https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
(6.5.6)
CVE-2025-61656 [Sanitize attributes unwrapped from data-ve-attributes]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T397232
NOTE:
https://gerrit.wikimedia.org/r/c/VisualEditor/VisualEditor/+/1193247
CVE-2025-61655 [Properly escape and parse system messages]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T395858
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/1193248
@@ -9718,10 +10130,12 @@ CVE-2025-10895
CVE-2025-10653 (An unauthenticated debug port may allow access to the device
file syst ...)
NOT-FOR-US: Raise3D
CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: http://phabricator.wikimedia.org/T397577
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TextExtracts/+/1193249
CVE-2025-11173
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T401862
NOTE: https://phabricator.wikimedia.org/T402094
@@ -9739,6 +10153,7 @@ CVE-2025-61652 [In API check user read permissions
before showing PageInfo]
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T397580
CVE-2025-61635 [ApiFancyCaptchaReload: Reuse badcaptcha rate limit]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: http://phabricator.wikimedia.org/T355073
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ConfirmEdit/+/1193206
@@ -9749,6 +10164,7 @@ CVE-2025-61658
CVE-2025-61651
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-61646 [Prevent leaking hidden usernames in Watchlist/RecentChanges]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T398706
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193226
@@ -9757,6 +10173,7 @@ CVE-2025-61645 [Fix i18n XSS in CodexTablePager]
NOTE: http://phabricator.wikimedia.org/T403761
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193202
CVE-2025-61643 [Don't send suppressed recent changes to RCFeeds]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T403757
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193223
@@ -9989,18 +10406,22 @@ CVE-2025-61642 [Escape submit button label for
Codex-based HTMLForms]
NOTE: https://phabricator.wikimedia.org/T402313
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193175
CVE-2025-61641 [api: Disable maxsize in QueryAllPages in miser mode]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T298690
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193174
CVE-2025-61640 [Parse messages instead of inserting them as HTML]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T402075
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193173
CVE-2025-61639 [Use ManualLogEntry::getDeleted in ::getRecentChange]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T280413
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193178
CVE-2025-61638 [Sanitize data- attributes]
+ {DLA-4355-1}
- mediawiki 1:1.43.5+dfsg-1
NOTE: https://phabricator.wikimedia.org/T401099
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193172
@@ -12664,7 +13085,7 @@ CVE-2025-58457 (Improper permission check in ZooKeeper
AdminServer lets authoriz
NOTE: Fixed by:
https://github.com/apache/zookeeper/commit/63723a77a29dae974611702769bf62c4d77fe3f5
(release-3.9.4)
CVE-2025-57354 (A vulnerability exists in the 'counterpart' library for
Node.js and th ...)
NOT-FOR-US: 'counterpart' library for Node.js
-CVE-2025-57353 (The Runtime components of messageformat package for Node.js
prior to v ...)
+CVE-2025-57353 (The Runtime components of messageformat package for Node.js
before 3.0 ...)
NOT-FOR-US: messageformat package for Node.js
CVE-2025-57352 (A vulnerability exists in the 'min-document' package prior to
version ...)
- node-min-document <unfixed> (bug #1116340)
@@ -13374,7 +13795,7 @@ CVE-2025-39868 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/181993bb0d626cf88cc803f4356ce5c5abe86278 (6.17-rc6)
CVE-2025-39867
REJECTED
-CVE-2025-30189 [auth: Use AUTH_CACHE_KEY_USER instead of per-database
constants]
+CVE-2025-30189 (When cache is enabled, some passdb/userdb drivers incorrectly
cache al ...)
{DSA-6019-1}
- dovecot 1:2.4.1+dfsg1-7 (bug #1115474)
[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -40125,15 +40546,15 @@ CVE-2025-23970 (Incorrect Privilege Assignment
vulnerability in aonetheme Servic
NOT-FOR-US: WordPress plugin
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The
bearer tok ...)
NOT-FOR-US: Red Hat OpenShift Jenkins
-CVE-2025-58149
+CVE-2025-58149 (When passing through PCI devices, the detach logic in libxl
won't remo ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-476.html
-CVE-2025-58148
+CVE-2025-58148 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
-CVE-2025-58147
+CVE-2025-58147 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
@@ -45807,6 +46228,7 @@ CVE-2025-6196 (A flaw was found in libgepub, a library
used to read EPUB files.
NOTE: https://gitlab.gnome.org/GNOME/libgepub/-/issues/18
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c
(0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic
complexity w ...)
+ {DLA-4354-1}
- python3.13 3.13.6-1
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
@@ -80369,7 +80791,7 @@ CVE-2025-20060 (An attacker could expose cross-user
personal identifiable inform
CVE-2025-20049 (The Dario Health portal service application is vulnerable to
XSS, whic ...)
NOT-FOR-US: Dario Health
CVE-2025-1795 (During an address list folding when a separating comma ends up
on a fo ...)
- {DLA-4087-1}
+ {DLA-4354-1 DLA-4087-1}
- python3.13 3.13.0~b1-1
- python3.12 3.12.9-1
- python3.11 <removed>
@@ -90639,7 +91061,7 @@ CVE-2025-22332 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-22265 (Missing Authorization vulnerability in mgplugin EMI Calculator
allows ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit`
and `url ...)
- {DLA-4087-1}
+ {DLA-4354-1 DLA-4087-1}
- python3.13 3.13.2-1
- python3.12 3.12.9-1
- python3.11 <removed>
@@ -93040,7 +93462,7 @@ CVE-2023-50309 (IBM Sterling B2B Integrator 6.0.0.0
through 6.1.2.5 and 6.2.0.0i
NOT-FOR-US: IBM
CVE-2023-32340 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and
6.2.0.0 is vul ...)
NOT-FOR-US: IBM
-CVE-2025-23050
+CVE-2025-23050 (QLowEnergyController in Qt before 6.8.2 mishandles malformed
Bluetooth ...)
- qt6-connectivity 6.7.2-8
[bookworm] - qt6-connectivity <no-dsa> (Minor issue)
- qtconnectivity-opensource-src 5.15.15-3 (bug #1093882)
@@ -114186,7 +114608,7 @@ CVE-2024-21541 (Versions of the package dom-iterator
before 1.0.1 are vulnerable
CVE-2024-21540
REJECTED
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions
improperly valida ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
- python3.11 3.11.4-1
[bookworm] - python3.11 3.11.2-6+deb12u5
@@ -133245,7 +133667,7 @@ CVE-2024-34463 (BPL Personal Weighing Scale PWS-01BT
IND/09/18/599 devices send
CVE-2023-49233 (Insufficient access checks in Visual Planning Admin Center 8
before v. ...)
NOT-FOR-US: Visual Planning Admin Center
CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
Regul ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -136373,7 +136795,7 @@ CVE-2024-7924 (A vulnerability was found in ZZCMS
2023. It has been declared as
CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L,
DNS-315L, DNS-3 ...)
NOT-FOR-US: D-Link
CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython,
specifically ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -140687,7 +141109,7 @@ CVE-2024-7357 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability was found in D-Li
CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende
Identity S ...)
NOT-FOR-US: 1E Platform
CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython.
The emai ...)
- {DLA-3980-1}
+ {DLA-4354-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.5-1
- python3.11 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1a4e7e04ecb19829c1e2409c8d28b9d73ee70f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1a4e7e04ecb19829c1e2409c8d28b9d73ee70f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
