[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 06 Nov 2025 00:13:05 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0822e9bf by security tracker role at 2025-11-06T08:12:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-9338 (A improper restriction of operations within the bounds of a 
memory buf ...)
+       TODO: check
+CVE-2025-64480
+       REJECTED
+CVE-2025-64479
+       REJECTED
+CVE-2025-64478
+       REJECTED
+CVE-2025-64477
+       REJECTED
+CVE-2025-64476
+       REJECTED
+CVE-2025-64475
+       REJECTED
+CVE-2025-64474
+       REJECTED
+CVE-2025-64473
+       REJECTED
+CVE-2025-64472
+       REJECTED
+CVE-2025-64171 (MARIN3R is a lightweight, CRD based envoy control plane for 
kubernetes ...)
+       TODO: check
+CVE-2025-64164 (Dataease is an open source data visualization analysis tool. 
In versio ...)
+       TODO: check
+CVE-2025-64163 (DataEase is an open source data visualization analysis tool. 
In versio ...)
+       TODO: check
+CVE-2025-64114 (ClipBucket v5 is an open source video sharing platform. 
Versions 5.5.2 ...)
+       TODO: check
+CVE-2025-63585 (OSSN (Open Source Social Network) 8.6 is vulnerable to SQL 
Injection i ...)
+       TODO: check
+CVE-2025-62596 (Youki is a container runtime written in Rust. In versions 
0.5.6 and be ...)
+       TODO: check
+CVE-2025-62161 (Youki is a container runtime written in Rust. In versions 
0.5.6 and be ...)
+       TODO: check
+CVE-2025-61994 (Cross-site scripting vulnerability exists in GROWI prior to 
v7.2.10. I ...)
+       TODO: check
+CVE-2025-60784 (A vulnerability in the XiaozhangBang Voluntary Like System 
V8.8 allows ...)
+       TODO: check
+CVE-2025-55278 (Improper authentication in the API authentication middleware 
of HCL De ...)
+       TODO: check
+CVE-2025-12779 (Improper handling of the authentication token in the Amazon 
WorkSpaces ...)
+       TODO: check
+CVE-2025-12563 (The Blog2Social: Social Media Auto Post & Scheduler plugin for 
WordPre ...)
+       TODO: check
+CVE-2025-12560 (The Blog2Social: Social Media Auto Post & Scheduler plugin for 
WordPre ...)
+       TODO: check
+CVE-2025-12471 (The Hubbub Lite \u2013 Fast, free social sharing and follow 
buttons pl ...)
+       TODO: check
+CVE-2025-12360 (The Better Find and Replace \u2013 AI-Powered Suggestions 
plugin for W ...)
+       TODO: check
+CVE-2025-11271 (The Easy Digital Downloads plugin for WordPress is vulnerable 
to Order ...)
+       TODO: check
+CVE-2025-10691 (The Easy Email Subscription plugin for WordPress is vulnerable 
to Cros ...)
+       TODO: check
+CVE-2025-10683 (The Easy Email Subscription plugin for WordPress is vulnerable 
to SQL  ...)
+       TODO: check
+CVE-2025-10259 (Improper Validation of Specified Quantity in Input 
vulnerability in TC ...)
+       TODO: check
 CVE-2025-12729
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -4514,6 +4572,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress 
is vulnerable to Stored
 CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication 
mechanism rev ...)
        NOT-FOR-US: langgenius/dify-web
 CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.0 is 
vulnerable to ...)
+       {DLA-4365-1}
        - unbound 1.24.1-1
        NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
        NOTE: Fixed by: 
https://github.com/NLnetLabs/unbound/commit/a33f0638e1dacf2633cf2292078a674576bca852
 (release-1.24.1)
@@ -14189,7 +14248,7 @@ CVE-2025-26278 (A prototype pollution in the lib.set 
function of dref v0.1.2 all
        NOT-FOR-US: Node dref
 CVE-2025-20363 (A vulnerability in the web services of Cisco Secure Firewall 
Adaptive  ...)
        NOT-FOR-US: Cisco
-CVE-2025-20362 (A vulnerability in the VPN web server of Cisco Secure Firewall 
Adaptiv ...)
+CVE-2025-20362 (Update: On November 5, 2025, Cisco became aware of a new 
attack varian ...)
        NOT-FOR-US: Cisco
 CVE-2025-20333 (A vulnerability in the VPN web server of Cisco Secure Firewall 
Adaptiv ...)
        NOT-FOR-US: Cisco



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0822e9bffa4a0c17cf8d8e289c5e91fd8e2b19d1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0822e9bffa4a0c17cf8d8e289c5e91fd8e2b19d1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to