[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 04 Nov 2025 12:13:31 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
08bd990d by security tracker role at 2025-11-04T20:13:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-64322 (Incorrect Permission Assignment for Critical Resource 
vulnerability in ...)
+       TODO: check
+CVE-2025-64321 (Improper Neutralization of Input Used for LLM Prompting 
vulnerability  ...)
+       TODO: check
+CVE-2025-64320 (Improper Neutralization of Input Used for LLM Prompting 
vulnerability  ...)
+       TODO: check
+CVE-2025-64319 (Incorrect Permission Assignment for Critical Resource 
vulnerability in ...)
+       TODO: check
+CVE-2025-64318 (Improper Neutralization of Input Used for LLM Prompting 
vulnerability  ...)
+       TODO: check
+CVE-2025-63294 (WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable 
to Inse ...)
+       TODO: check
+CVE-2025-61956 (Radiometrics VizAir is vulnerable to a lack of authentication 
mechanis ...)
+       TODO: check
+CVE-2025-61945 (Radiometrics VizAir is vulnerable to any remote attacker via 
access to ...)
+       TODO: check
+CVE-2025-61431 (A reflected cross-site scripted (XSS) vulnerability in the 
/jsp/gsfr_f ...)
+       TODO: check
+CVE-2025-60925 (codeshare v1.0.0 was discovered to contain an information 
leakage vuln ...)
+       TODO: check
+CVE-2025-54863 (Radiometrics VizAir is vulnerable to exposure of the system's 
REST API ...)
+       TODO: check
+CVE-2025-54334 (An issue was discovered in the NPU driver in Samsung Mobile 
Processor  ...)
+       TODO: check
+CVE-2025-54333 (An issue was discovered in NPU in Samsung Mobile Processor 
Exynos thro ...)
+       TODO: check
+CVE-2025-54332 (An issue was discovered in NPU in Samsung Mobile Processor 
Exynos thro ...)
+       TODO: check
+CVE-2025-54331 (An issue was discovered in NPU in Samsung Mobile Processor 
Exynos thro ...)
+       TODO: check
+CVE-2025-54330 (An issue was discovered in NPU in Samsung Mobile Processor 
Exynos thro ...)
+       TODO: check
+CVE-2025-54329 (An issue was discovered in NAS in Samsung Mobile Processor, 
Wearable P ...)
+       TODO: check
+CVE-2025-54327 (An issue was discovered in VTS in Samsung Mobile Processor and 
Wearabl ...)
+       TODO: check
+CVE-2025-54325 (An issue was discovered in VTS in Samsung Mobile Processor and 
Wearabl ...)
+       TODO: check
+CVE-2025-54323 (An issue was discovered in the camera in Samsung Mobile 
Processor Exyn ...)
+       TODO: check
+CVE-2025-52513 (An issue was discovered in Samsung Mobile Processor Exynos 
2400, 1580, ...)
+       TODO: check
+CVE-2025-52512 (An issue was discovered in Samsung Mobile Processor Exynos 
2400, 1580, ...)
+       TODO: check
+CVE-2025-49494 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
+       TODO: check
+CVE-2025-41345 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41344 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41343 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41342 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41341 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41340 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41339 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41338 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41337 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41336 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41335 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41114 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41113 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41112 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-41111 (A lack of authorisation vulnerability has been detected in 
CanalDenunc ...)
+       TODO: check
+CVE-2025-33176 (NVIDIA RunAI for all platforms contains a vulnerability where 
a user c ...)
+       TODO: check
+CVE-2025-23358 (NVIDIA NVApp for Windows contains a vulnerability in the 
installer, wh ...)
+       TODO: check
+CVE-2025-12695 (The overly permissive sandbox configuration in DSPy allows 
attackers t ...)
+       TODO: check
+CVE-2025-12682 (The Easy Upload Files During Checkout plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-12493 (The ShopLentor \u2013 WooCommerce Builder for Elementor & 
Gutenberg +2 ...)
+       TODO: check
+CVE-2025-12184 (The MeetingList plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-12108 (The Survision LPR Camera system does not enforce password 
protection b ...)
+       TODO: check
+CVE-2025-12045 (The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie 
Notice, ...)
+       TODO: check
+CVE-2025-11690 (An Insecure Direct Object Reference (IDOR) vulnerability 
exists in the ...)
+       TODO: check
+CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting 
vulnerability  ...)
+       TODO: check
 CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints 
can grant Keystone authorization]
        - keystone <unfixed> (bug #1120053)
        NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2
@@ -1723,7 +1819,7 @@ CVE-2025-11374 (Consul and Consul Enterprise\u2019s 
(\u201cConsul\u201d) key/val
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724
 CVE-2023-7320 (The WooCommerce plugin for WordPress is vulnerable to Sensitive 
Inform ...)
        NOT-FOR-US: WordPress plugin
-CVE-2025-62727 (Starlette is a lightweight ASGI framework/toolkit. Prior to 
0.49.1 , a ...)
+CVE-2025-62727 (Starlette is a lightweight ASGI framework/toolkit. Starting in 
version ...)
        - starlette <unfixed> (bug #1119662)
        NOTE: 
https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8
        NOTE: Fixed by: 
https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5
 (0.49.1)
@@ -4349,14 +4445,14 @@ CVE-2022-50556 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux 5.10.178-1
        NOTE: 
https://git.kernel.org/linus/834c23e4f798dcdc8af251b3c428ceef94741991 (6.3-rc1)
 CVE-2025-40780 (In specific circumstances, due to a weakness in the Pseudo 
Random Numb ...)
-       {DSA-6033-1}
+       {DSA-6033-1 DLA-4364-1}
        - bind9 1:9.20.15-1
        NOTE: https://kb.isc.org/docs/cve-2025-40780
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/2924910eeea5c86720149bc48d799ccb69e59797
 (v9.20.15)
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/26c77915d52a577be6f421fd351506c29185ab97
 (v9.20.15)
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe
 (v9.18.41)
 CVE-2025-40778 (Under certain circumstances, BIND is too lenient when 
accepting record ...)
-       {DSA-6033-1}
+       {DSA-6033-1 DLA-4364-1}
        - bind9 1:9.20.15-1
        NOTE: https://kb.isc.org/docs/cve-2025-40778
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/196732041318b931b6fa97f18077117b3b548d18
 (v9.20.15)
@@ -4366,7 +4462,7 @@ CVE-2025-40778 (Under certain circumstances, BIND is too 
lenient when accepting
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846
 (v9.18.41)
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72
 (v9.18.41)
 CVE-2025-8677 (Querying for records within a specially crafted zone containing 
certai ...)
-       {DSA-6033-1}
+       {DSA-6033-1 DLA-4364-1}
        - bind9 1:9.20.15-1
        NOTE: https://kb.isc.org/docs/cve-2025-8677
        NOTE: Fixed by: 
https://gitlab.isc.org/isc-projects/bind9/-/commit/0d676bf9f23b1441f6697f1d6b25b4744dacda52
 (v9.20.15)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd990df7d8a80585115e1732e63eb9cadd6e03

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd990df7d8a80585115e1732e63eb9cadd6e03
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to