[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 07 Nov 2025 00:13:33 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2d90b521 by security tracker role at 2025-11-07T08:13:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,86 @@
-CVE-2025-12790
+CVE-2025-64346 (archives is a Go library for extracting archives (tar, zip, 
etc.). Ver ...)
+       TODO: check
+CVE-2025-64343 ((conda) Constructor is a tool that enables users to create 
installers  ...)
+       TODO: check
+CVE-2025-64339 (ClipBucket v5 is an open source video sharing platform. In 
versions 5. ...)
+       TODO: check
+CVE-2025-64338
+       REJECTED
+CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In 
versions 5. ...)
+       TODO: check
+CVE-2025-64329 (containerd is an open-source container runtime. Versions 
1.7.28 and be ...)
+       TODO: check
+CVE-2025-64328 (FreePBX Endpoint Manager is a module for managing telephony 
endpoints  ...)
+       TODO: check
+CVE-2025-64327 (ThinkDashboard is a self-hosted bookmark dashboard built with 
Go and v ...)
+       TODO: check
+CVE-2025-64326 (Weblate is a web based localization tool. In versions 5.14 and 
below,  ...)
+       TODO: check
+CVE-2025-64323 (kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 
and belo ...)
+       TODO: check
+CVE-2025-64302 (Insufficient input sanitization in the dashboard label or path 
can all ...)
+       TODO: check
+CVE-2025-64187 (OctoPrint provides a web interface for controlling consumer 3D 
printer ...)
+       TODO: check
+CVE-2025-64184 (Dosage is a comic strip downloader and archiver. When 
downloading comi ...)
+       TODO: check
+CVE-2025-64180 (Manager-io/Manager is accounting software. In Manager Desktop 
and Serv ...)
+       TODO: check
+CVE-2025-64179 (lakeFS is an open-source tool that transforms object storage 
into a Gi ...)
+       TODO: check
+CVE-2025-64178 (Jellysweep is a cleanup tool for the Jellyfin media server. In 
version ...)
+       TODO: check
+CVE-2025-64177 (ThinkDashboard is a self-hosted bookmark dashboard built with 
Go and v ...)
+       TODO: check
+CVE-2025-64176 (ThinkDashboard is a self-hosted bookmark dashboard built with 
Go and v ...)
+       TODO: check
+CVE-2025-64174 (Magento-lts is a long-term support alternative to Magento 
Community Ed ...)
+       TODO: check
+CVE-2025-64173 (Apollo Router Core is a configurable graph router written in 
Rust to r ...)
+       TODO: check
+CVE-2025-62630 (Due to insufficient sanitization, an attacker can upload a 
specially   ...)
+       TODO: check
+CVE-2025-5483 (The LC Wizard plugin for WordPress is vulnerable to Privilege 
Escalati ...)
+       TODO: check
+CVE-2025-59171 (Due to insufficient sanitization, an attacker can upload a 
specially   ...)
+       TODO: check
+CVE-2025-58423 (Due to insufficient sanitization, an attacker can upload a 
specially   ...)
+       TODO: check
+CVE-2025-52662 (A vulnerability in Nuxt DevTools has been fixed in version 
**2.6.4***. ...)
+       TODO: check
+CVE-2025-4522 (The IDonate \u2013 Blood Donation, Request And Donor Management 
System ...)
+       TODO: check
+CVE-2025-4519 (The IDonate \u2013 Blood Donation, Request And Donor Management 
System ...)
+       TODO: check
+CVE-2025-48985 (A vulnerability in Vercel\u2019s AI SDK has been fixed in 
versions 5.0 ...)
+       TODO: check
+CVE-2025-33110 (IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML 
injection ...)
+       TODO: check
+CVE-2025-12636 (The Ubia camera ecosystem fails to adequately secure API 
credentials,  ...)
+       TODO: check
+CVE-2025-12527 (The Page & Post Notes plugin for WordPress is vulnerable to 
unauthoriz ...)
+       TODO: check
+CVE-2025-12520 (The WP Airbnb Review Slider plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2025-12490 (Netgate pfSense CE Suricata Path Traversal Remote Code 
Execution Vulne ...)
+       TODO: check
+CVE-2025-12489 (evernote-mcp-server openBrowser Command Injection Privilege 
Escalation ...)
+       TODO: check
+CVE-2025-12488 (oobabooga text-generation-webui trust_remote_code Reliance on 
Untruste ...)
+       TODO: check
+CVE-2025-12487 (oobabooga text-generation-webui trust_remote_code Reliance on 
Untruste ...)
+       TODO: check
+CVE-2025-12486 (Heimdall Data Database Proxy Cross-Site Scripting Remote Code 
Executio ...)
+       TODO: check
+CVE-2025-12352 (The Gravity Forms plugin for WordPress is vulnerable to 
arbitrary file ...)
+       TODO: check
+CVE-2025-11546 (CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and 
EXPRESSCLUS ...)
+       TODO: check
+CVE-2025-12790 (A flaw was found in Rubygem MQTT. By default, the package used 
to not  ...)
        NOT-FOR-US: Rubygem MQTT
-CVE-2025-12789
+CVE-2025-12789 (A flaw was found in Red Hat Single Sign-On. This issue is an 
Open Redi ...)
        NOT-FOR-US: Red Hat Single Sign-On
-CVE-2024-12125
+CVE-2024-12125 (A flaw was found in the 3scale developer portal. This issue 
can allow  ...)
        NOT-FOR-US: 3scale developer portal
 CVE-2025-6327 (Unrestricted Upload of File with Dangerous Type vulnerability 
in KingA ...)
        NOT-FOR-US: WordPress plugin or theme
@@ -604,11 +682,11 @@ CVE-2025-10713 (An XML External Entity (XXE) 
vulnerability exists in multiple WS
        NOT-FOR-US: WSO2
 CVE-2023-43000 (A use-after-free issue was addressed with improved memory 
management.  ...)
        NOT-FOR-US: Apple
-CVE-2025-52881
+CVE-2025-52881 (runc is a CLI tool for spawning and running containers 
according to th ...)
        - runc <unfixed> (bug #1120140)
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
        NOTE: https://www.openwall.com/lists/oss-security/2025/11/05/3
-CVE-2025-52565
+CVE-2025-52565 (runc is a CLI tool for spawning and running containers 
according to th ...)
        - runc <unfixed> (bug #1120140)
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r
        NOTE: https://www.openwall.com/lists/oss-security/2025/11/05/3
@@ -616,7 +694,7 @@ CVE-2025-31133 (runc is a CLI tool for spawning and running 
containers according
        - runc <unfixed> (bug #1120140)
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2
        NOTE: https://www.openwall.com/lists/oss-security/2025/11/05/3
-CVE-2025-10966
+CVE-2025-10966 (curl's code for managing SSH connections when SFTP was done 
using the  ...)
        - curl 8.17.0~rc2-1 (unimportant)
        NOTE: https://curl.se/docs/CVE-2025-10966.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/6773c7ca65cf2183295e56603f9b86a5ce816a06 
(curl-7_69_0)
@@ -5346,7 +5424,7 @@ CVE-2025-62526 (OpenWrt Project is a Linux operating 
system targeting embedded d
 CVE-2025-62525 (OpenWrt Project is a Linux operating system targeting embedded 
devices ...)
        NOT-FOR-US: OpenWRT (ltq-ptm)
        NOTE: https://openwrt.org/advisory/2025-10-22-2
-CVE-2025-12036
+CVE-2025-12036 (Out of bounds memory access in V8 in Google Chrome prior to 
141.0.7390 ...)
        {DSA-6046-1 DSA-6036-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -7101,7 +7179,7 @@ CVE-2017-20204 (DBLTek GoIP devices (models GoIP 1, 4, 8, 
16, and 32) contain an
        NOT-FOR-US: DBLTek
 CVE-2011-10033 (The WordPress pluginis-human <= v1.4.2 containsan eval 
injection vulne ...)
        NOT-FOR-US: WordPress plugin
-CVE-2025-11756
+CVE-2025-11756 (Use after free in Safe Browsing in Google Chrome prior to 
141.0.7390.1 ...)
        {DSA-6026-1}
        - chromium 141.0.7390.107-1
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -9752,11 +9830,11 @@ CVE-2025-0603 (Improper Neutralization of Special 
Elements used in an SQL Comman
        NOT-FOR-US: Callvision Emergency Code
 CVE-2023-6215 (A potential security vulnerability has been identified in HP 
Sure Star ...)
        NOT-FOR-US: HP
-CVE-2025-11460
+CVE-2025-11460 (Use after free in Storage in Google Chrome prior to 
141.0.7390.65 allo ...)
        {DSA-6021-1}
        - chromium 141.0.7390.65-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11458
+CVE-2025-11458 (Heap buffer overflow in Sync in Google Chrome prior to 
141.0.7390.65 a ...)
        {DSA-6021-1}
        - chromium 141.0.7390.65-1
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -12690,51 +12768,51 @@ CVE-2021-4460 (In the Linux kernel, the following 
vulnerability has been resolve
        NOTE: 
https://git.kernel.org/linus/50e2fc36e72d4ad672032ebf646cecb48656efe0 (5.13-rc1)
 CVE-2020-36852 (The Custom Searchable Data Entry System plugin for WordPress 
is vulner ...)
        NOT-FOR-US: WordPress plugin
-CVE-2025-11219
+CVE-2025-11219 (Use after free in V8 in Google Chrome prior to 141.0.7390.54 
allowed a ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11216
+CVE-2025-11216 (Inappropriate implementation in Storage in Google Chrome on 
Mac prior  ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11215
+CVE-2025-11215 (Off by one error in V8 in Google Chrome prior to 141.0.7390.54 
allowed ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11213
+CVE-2025-11213 (Inappropriate implementation in Omnibox in Google Chrome on 
Android pr ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11212
+CVE-2025-11212 (Inappropriate implementation in Media in Google Chrome on 
Windows prio ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11211
+CVE-2025-11211 (Out of bounds read in Media in Google Chrome prior to 
141.0.7390.54 al ...)
        {DSA-6021-1}
        - chromium 141.0.7390.65-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11210
+CVE-2025-11210 (Side-channel information leakage in Tab in Google Chrome prior 
to 141. ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11209
+CVE-2025-11209 (Inappropriate implementation in Omnibox in Google Chrome on 
Android pr ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11208
+CVE-2025-11208 (Inappropriate implementation in Media in Google Chrome prior 
to 141.0. ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11207
+CVE-2025-11207 (Side-channel information leakage in Storage in Google Chrome 
prior to  ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11206
+CVE-2025-11206 (Heap buffer overflow in Video in Google Chrome prior to 
141.0.7390.54  ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-11205
+CVE-2025-11205 (Heap buffer overflow in WebGPU in Google Chrome prior to 
141.0.7390.54 ...)
        {DSA-6016-1}
        - chromium 141.0.7390.54-1
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d90b5218e796d136c076aa39199434c5bc38db7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d90b5218e796d136c076aa39199434c5bc38db7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to