Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34fb12a2 by security tracker role at 2025-11-04T08:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,385 @@
+CVE-2025-63293 (FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is
vulnerable to ...)
+ TODO: check
+CVE-2025-47370 (Transient DOS when a remote device sends an invalid connection
request ...)
+ TODO: check
+CVE-2025-47368 (Memory corruption when dereferencing an invalid userspace
address in a ...)
+ TODO: check
+CVE-2025-47367 (Memory corruption while accessing a buffer during IOCTL
processing.)
+ TODO: check
+CVE-2025-47365 (Memory corruption while processing large input data from a
remote sour ...)
+ TODO: check
+CVE-2025-47362 (Information disclosure while processing message from client
with inval ...)
+ TODO: check
+CVE-2025-47361 (Memory corruption when triggering a subsystem crash with an
out-of-ran ...)
+ TODO: check
+CVE-2025-47360 (Memory corruption while processing client message during
device manage ...)
+ TODO: check
+CVE-2025-47357 (Information Disclosure when a user-level driver performs
QFPROM read o ...)
+ TODO: check
+CVE-2025-47353 (Memory corruption while processing request sent from GVM.)
+ TODO: check
+CVE-2025-47352 (Memory corruption while processing audio streaming operations.)
+ TODO: check
+CVE-2025-46556 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2025-43507 (A privacy issue was addressed by moving sensitive data. This
issue is ...)
+ TODO: check
+CVE-2025-43505 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2025-43504 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
+CVE-2025-43503 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2025-43502 (A privacy issue was addressed by removing sensitive data. This
issue i ...)
+ TODO: check
+CVE-2025-43500 (A privacy issue was addressed with improved handling of user
preferenc ...)
+ TODO: check
+CVE-2025-43499 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43498 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2025-43496 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-43495 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-43493 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-43481 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2025-43480 (The issue was addressed with improved checks. This issue is
fixed in S ...)
+ TODO: check
+CVE-2025-43479 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43478 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-43477 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2025-43476 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43474 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2025-43472 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2025-43469 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43468 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
+ TODO: check
+CVE-2025-43462 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43460 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43459 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2025-43458 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-43457 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-43455 (A privacy issue was addressed with improved checks. This issue
is fixe ...)
+ TODO: check
+CVE-2025-43454 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-43452 (This issue was addressed by restricting options offered on a
locked de ...)
+ TODO: check
+CVE-2025-43450 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43449 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-43448 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2025-43447 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43446 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2025-43445 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2025-43444 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43443 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2025-43442 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43441 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43440 (This issue was addressed with improved checks This issue is
fixed in S ...)
+ TODO: check
+CVE-2025-43439 (A privacy issue was addressed by removing sensitive data. This
issue i ...)
+ TODO: check
+CVE-2025-43438 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-43436 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43435 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43434 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-43433 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43432 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-43431 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43430 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-43429 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
+CVE-2025-43427 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-43426 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-43425 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43424 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2025-43423 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-43422 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-43421 (Multiple issues were addressed by disabling array allocation
sinking. ...)
+ TODO: check
+CVE-2025-43420 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2025-43419 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43414 (A permissions issue was addressed with improved validation.
This issue ...)
+ TODO: check
+CVE-2025-43413 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2025-43412 (A file quarantine bypass was addressed with additional checks.
This is ...)
+ TODO: check
+CVE-2025-43411 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43409 (A permissions issue was addressed with additional sandbox
restrictions ...)
+ TODO: check
+CVE-2025-43408 (This issue was addressed by restricting options offered on a
locked de ...)
+ TODO: check
+CVE-2025-43407 (This issue was addressed with improved entitlements. This
issue is fix ...)
+ TODO: check
+CVE-2025-43405 (A permissions issue was addressed with additional sandbox
restrictions ...)
+ TODO: check
+CVE-2025-43401 (A denial-of-service issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2025-43399 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2025-43398 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43397 (A permissions issue was addressed by removing the vulnerable
code. Thi ...)
+ TODO: check
+CVE-2025-43396 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43395 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-43394 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-43392 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-43391 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2025-43390 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
+ TODO: check
+CVE-2025-43389 (A privacy issue was addressed by removing the vulnerable code.
This is ...)
+ TODO: check
+CVE-2025-43387 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43386 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43385 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43384 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43383 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43382 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
+CVE-2025-43380 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2025-43379 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2025-43378 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43377 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43376 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2025-43373 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43365 (A denial-of-service issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2025-43364 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2025-43361 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43360 (The issue was addressed with improved UI. This issue is fixed
in iOS 2 ...)
+ TODO: check
+CVE-2025-43350 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43348 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2025-43345 (A correctness issue was addressed with improved checks. This
issue is ...)
+ TODO: check
+CVE-2025-43338 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43336 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43335 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-43334 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43323 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-43322 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43309 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43288 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2025-36172 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0
Interim Fi ...)
+ TODO: check
+CVE-2025-35021 (By failing to authenticate three times to an unconfigured
Abilis CPX d ...)
+ TODO: check
+CVE-2025-34501 (Deck Mate 2 is distributed with static, hard-coded credentials
for the ...)
+ TODO: check
+CVE-2025-27074 (Memory corruption while processing a GP command response.)
+ TODO: check
+CVE-2025-27070 (Memory corruption while performing encryption and decryption
commands.)
+ TODO: check
+CVE-2025-27064 (Information disclosure while registering commands from clients
with di ...)
+ TODO: check
+CVE-2025-20749 (In charger, there is a possible out of bounds write due to a
missing b ...)
+ TODO: check
+CVE-2025-20748 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20747 (In gnss service, there is a possible out of bounds write due
to an inc ...)
+ TODO: check
+CVE-2025-20746 (In gnss service, there is a possible out of bounds write due
to an inc ...)
+ TODO: check
+CVE-2025-20745 (In apusys, there is a possible memory corruption due to use
after free ...)
+ TODO: check
+CVE-2025-20744 (In pda, there is a possible escalation of privilege due to use
after f ...)
+ TODO: check
+CVE-2025-20743 (In clkdbg, there is a possible escalation of privilege due to
use afte ...)
+ TODO: check
+CVE-2025-20742 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20741 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20740 (In wlan STA driver, there is a possible out of bounds read due
to a ra ...)
+ TODO: check
+CVE-2025-20739 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20738 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20737 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20736 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20735 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20734 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20733 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20732 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20731 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20730 (In preloader, there is a possible escalation of privilege due
to an in ...)
+ TODO: check
+CVE-2025-20729 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20728 (In wlan STA driver, there is a possible out of bounds write
due to an ...)
+ TODO: check
+CVE-2025-20727 (In Modem, there is a possible out of bounds write due to a
heap buffer ...)
+ TODO: check
+CVE-2025-20726 (In Modem, there is a possible out of bounds write due to an
incorrect ...)
+ TODO: check
+CVE-2025-20725 (In ims service, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2025-12683 (The service employed by Everything, running as SYSTEM,
communicates wi ...)
+ TODO: check
+CVE-2025-12657 (The KMIP response parser built into mongo binaries is overly
tolerant ...)
+ TODO: check
+CVE-2025-12456 (The Centangle-Team plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2025-12452 (The Visit Counter plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-12416 (The Pagerank Tools plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-12415 (The MapMap plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2025-12413 (The Social Media WPCF7 Stop Words plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-12412 (The Top Bar Notification plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2025-12410 (The SH Contextual Help plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2025-12403 (The Associados Amazon Plugin plugin for WordPress is
vulnerable to Cro ...)
+ TODO: check
+CVE-2025-12402 (The LinkedIn Resume plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2025-12401 (The Label Plugins plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-12400 (The LMB^Box Smileys plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2025-12396 (The clubmember plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-12393 (The Free Quotation plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-12389 (The Import Export For WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-12371 (The Nari Accountant plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-12369 (The Extensions for Leaflet Map plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-12350 (The DominoKit plugin for WordPress is vulnerable to
unauthorized acces ...)
+ TODO: check
+CVE-2025-12324 (The TablePress \u2013 Tables in WordPress made easy plugin for
WordPre ...)
+ TODO: check
+CVE-2025-12188 (The Posts Navigation Links for Sections and Headings \u2013
Free by WP ...)
+ TODO: check
+CVE-2025-12158 (The Simple User Capabilities plugin for WordPress is
vulnerable to Pri ...)
+ TODO: check
+CVE-2025-12157 (The Simple User Capabilities plugin for WordPress is
vulnerable to una ...)
+ TODO: check
+CVE-2025-12156 (The Ai Auto Tool Content Writing Assistant (Gemini Writer,
ChatGPT ) A ...)
+ TODO: check
+CVE-2025-12070 (The ViaAds plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2025-12069 (The WP Global Screen Options plugin for WordPress is
vulnerable to Cro ...)
+ TODO: check
+CVE-2025-12065 (The WP Carticon plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-11890 (The Crypto Payment Gateway with Payeer for WooCommerce plugin
for Word ...)
+ TODO: check
+CVE-2025-11841 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
+ TODO: check
+CVE-2025-11812 (The Reuse Builder plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-11758 (The All in One Time Clock Lite plugin for WordPress is
vulnerable to u ...)
+ TODO: check
+CVE-2025-11753 (The Bootstrap Multi-language Responsive Portfolio plugin for
WordPress ...)
+ TODO: check
+CVE-2025-11733 (The Footnotes Made Easy plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-11724 (The EM Beer Manager plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2025-11704 (The Elegance Menu plugin for WordPress is vulnerable to Local
File Inc ...)
+ TODO: check
+CVE-2025-11193 (A potential vulnerability was reported in some Lenovo Tablets
that cou ...)
+ TODO: check
+CVE-2025-11008 (The CE21 Suite plugin for WordPress is vulnerable to Sensitive
Informa ...)
+ TODO: check
+CVE-2025-11007 (The CE21 Suite plugin for WordPress is vulnerable to
unauthorized plug ...)
+ TODO: check
+CVE-2025-10896 (Multiple plugins for WordPress with the Jewel Theme
Recommended Plugin ...)
+ TODO: check
+CVE-2024-13998 (Nagios XI versions prior to2024R1.1.3, under certain
circumstances, di ...)
+ TODO: check
+CVE-2024-13997 (Nagios XI versions prior to2024R1.1.3contain a privilege
escalation vu ...)
+ TODO: check
+CVE-2021-47698 (Nagios XI versions prior to5.8.7using embedded Nagios Core are
vulnera ...)
+ TODO: check
+CVE-2016-15054 (Nagios XI versions prior to5.4.0 are vulnerable to cross-site
scriptin ...)
+ TODO: check
CVE-2025-8900 (The Doccure Core plugin for WordPress is vulnerable to
privilege escal ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8558 (Insider Threat Management (ITM) Serverversions prior to
7.17.2contain ...)
@@ -1222,6 +1604,7 @@ CVE-2025-11201 (MLflow Tracking Server Model Creation
Directory Traversal Remote
CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass
Vulnerability. ...)
NOT-FOR-US: mlflow
CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
+ {DLA-4362-1}
- gimp 3.0.4-6.2 (bug #1119661)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-978/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
@@ -2431,13 +2814,16 @@ CVE-2025-12202 (A security flaw has been discovered in
ajayrandhawa User-Managem
NOT-FOR-US: ajayrandhawa User-Management-PHP-MYSQL
CVE-2025-12201 (A vulnerability was identified in ajayrandhawa
User-Management-PHP-MYS ...)
NOT-FOR-US: ajayrandhawa User-Management-PHP-MYSQL
-CVE-2025-12200 (A vulnerability was determined in dnsmasq up to 2.73rc6.
Affected by t ...)
+CVE-2025-12200
+ REJECTED
- dnsmasq <unfixed> (unimportant)
NOTE: Doesn't cross any security boundary, config files are trusted
-CVE-2025-12199 (A vulnerability was found in dnsmasq up to 2.73rc6. Affected
by this v ...)
+CVE-2025-12199
+ REJECTED
- dnsmasq <unfixed> (unimportant)
NOTE: Doesn't cross any security boundary, config files are trusted
-CVE-2025-12198 (A vulnerability has been found in dnsmasq up to 2.73rc6.
Affected is t ...)
+CVE-2025-12198
+ REJECTED
- dnsmasq <unfixed> (unimportant)
NOTE: Doesn't cross any security boundary, config files are trusted
CVE-2025-12055 (HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from
an unauth ...)
@@ -4157,6 +4543,7 @@ CVE-2025-60790 (ProcessWire CMS 3.0.246 allows a
low-privileged user with lang-e
CVE-2025-60772 (Improper authentication in the web-based management interface
of NETLI ...)
NOT-FOR-US: NETLINK
CVE-2025-60751 (GeographicLib 2.5 is vulnerable to Buffer Overflow in
GeoConvert DMS:: ...)
+ {DLA-4361-1}
- geographiclib 2.5.2-1
NOTE: https://github.com/geographiclib/geographiclib/issues/43
NOTE: https://github.com/zer0matt/CVE-2025-60751
@@ -4320,11 +4707,13 @@ CVE-2025-10612 (Improper Neutralization of Input During
Web Page Generation (XSS
CVE-2025-10020 (Zohocorp ManageEngine ADManager Plus version before 8024 are
vulnerabl ...)
NOT-FOR-US: Zoho
CVE-2022-4981 (A vulnerability was detected in DCMTK up to 3.6.7. The impacted
elemen ...)
+ {DLA-4363-1}
- dcmtk 3.6.8-5
[bookworm] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1026
NOTE: Fixed by:
https://github.com/DCMTK/dcmtk/commit/957fb31e5d96f51ecf5cb3422c7dc2227f8e0423
(DCMTK-3.6.8)
CVE-2020-36855 (A security vulnerability has been detected in DCMTK up to
3.6.5. The a ...)
+ {DLA-4363-1}
- dcmtk 3.6.6-1
NOTE: Fixed by:
https://github.com/DCMTK/dcmtk/commit/0fef9f02e7c3976c36826b272ed4929f3977c3db
(DCMTK-3.6.6)
CVE-2025-XXXX [Stored XSS Vulnerability]
@@ -7026,7 +7415,7 @@ CVE-2025-61920 (Authlib is a Python library which builds
OAuth and OpenID Connec
NOTE:
https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
NOTE:
https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e
(v1.6.5)
CVE-2025-61919 (Rack is a modular Ruby web server interface. Prior to versions
2.2.20, ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117856)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
NOTE:
https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
(v3.2.3)
@@ -7051,7 +7440,7 @@ CVE-2025-61857 (An out-of-bounds write vulnerability
exists in VS6ComFile!CItemE
CVE-2025-61856 (A stack-based buffer overflow vulnerability exists in
VS6ComFile!CV7Ba ...)
NOT-FOR-US: FUJI
CVE-2025-61780 (Rack is a modular Ruby web server interface. Prior to versions
2.2.20, ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117855)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
NOTE:
https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
(v3.2.3)
@@ -8370,21 +8759,21 @@ CVE-2025-11458
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-61772 (Rack is a modular Ruby web server interface. In versions prior
to 2.2. ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117627)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
NOTE: Fixed by:
https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
(v3.2.2)
NOTE: Fixed by:
https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
(v3.1.17)
NOTE: Fixed by:
https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
(v2.2.19)
CVE-2025-61771 (Rack is a modular Ruby web server interface. In versions prior
to 2.2. ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117628)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
NOTE: Fixed by:
https://github.com/rack/rack/commit/3beacfcd494ec5600c9022d561cfa2f556a524d1
(v3.2.2)
NOTE: Fixed by:
https://github.com/rack/rack/commit/f224f93bb3f16e9b968493fbd7bac751e66d2fdc
(v3.1.17)
NOTE: Fixed by:
https://github.com/rack/rack/commit/c370dcd9405a6799763b70a83f06ae2d1aaa0e87
(v2.2.19)
CVE-2025-61770 (Rack is a modular Ruby web server interface. In versions prior
to 2.2. ...)
- {DLA-4357-1}
+ {DSA-6048-1 DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117627)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
NOTE: Fixed by:
https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
(v3.2.2)
@@ -23437,6 +23826,7 @@ CVE-2025-9734 (A security flaw has been discovered in
O2OA up to 10.0-410. The i
CVE-2025-9733 (A security flaw has been discovered in code-projects Human
Resource In ...)
NOT-FOR-US: code-projects
CVE-2025-9732 (A vulnerability was identified in DCMTK up to 3.6.9. This
affects an u ...)
+ {DLA-4363-1}
- dcmtk <unfixed> (bug #1113993)
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
@@ -30555,13 +30945,15 @@ CVE-2025-8735 (A vulnerability classified as
problematic was found in GNU cflow
- cflow <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
NOTE: Crash in CLI tool, no security impact
-CVE-2025-8734 (A vulnerability has been found in GNU Bison up to 3.8.2. This
impacts ...)
+CVE-2025-8734
+ REJECTED
- bison <unfixed> (bug #1110611)
[trixie] - bison <no-dsa> (Minor issue)
[bookworm] - bison <no-dsa> (Minor issue)
[bullseye] - bison <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/akimd/bison/issues/115
-CVE-2025-8733 (A flaw has been found in GNU Bison up to 3.8.2. This affects
the funct ...)
+CVE-2025-8733
+ REJECTED
- bison <unfixed> (unimportant; bug #1110610)
NOTE: https://github.com/akimd/bison/issues/113
NOTE: https://github.com/akimd/bison/issues/114
@@ -367491,6 +367883,7 @@ CVE-2021-3772 (A flaw was found in the Linux SCTP
stack. A blind attacker may be
CVE-2021-3771
REJECTED
CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota
mechanism ...)
+ {DLA-4360-1}
- pure-ftpd 1.0.50-1 (bug #993810)
[buster] - pure-ftpd <no-dsa> (Minor issue)
[stretch] - pure-ftpd <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34fb12a2975ddaa9b0ddf692d149595d5c64b014
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34fb12a2975ddaa9b0ddf692d149595d5c64b014
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
