[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 10 Nov 2025 12:14:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bbb3394f by security tracker role at 2025-11-10T20:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-8768
+       REJECTED
+CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie 
configuratio ...)
+       TODO: check
+CVE-2025-64689 (In JetBrains YouTrack before 2025.3.104432 misconfiguration in 
the Jun ...)
+       TODO: check
+CVE-2025-64688 (In JetBrains YouTrack before 2025.3.104432 missing VCS URL 
validation  ...)
+       TODO: check
+CVE-2025-64687 (In JetBrains YouTrack before 2025.3.104432 improper access 
control all ...)
+       TODO: check
+CVE-2025-64686 (In JetBrains YouTrack before 2025.3.104432 missing user 
principal clea ...)
+       TODO: check
+CVE-2025-64685 (In JetBrains YouTrack before 2025.3.104432 missing TLS 
certificate val ...)
+       TODO: check
+CVE-2025-64684 (In JetBrains YouTrack before 2025.3.104432 information 
disclosure was  ...)
+       TODO: check
+CVE-2025-64683 (In JetBrains Hub before 2025.3.104432 information disclosure 
was possi ...)
+       TODO: check
+CVE-2025-64682 (In JetBrains Hub before 2025.3.104432 a race condition allowed 
bypass  ...)
+       TODO: check
+CVE-2025-64681 (In JetBrains Hub before 2025.3.104992 a race condition allowed 
bypass  ...)
+       TODO: check
+CVE-2025-64457 (In JetBrains dotTrace before 2025.2.5 local privilege 
escalation possi ...)
+       TODO: check
+CVE-2025-64456 (In JetBrains ReSharper before 2025.2.4 missing signature 
verification  ...)
+       TODO: check
+CVE-2025-63835 (A stack-based buffer overflow vulnerability was discovered in 
Tenda AC ...)
+       TODO: check
+CVE-2025-63834 (A stored cross-site scripting (XSS) vulnerability was 
discovered in Te ...)
+       TODO: check
+CVE-2025-63712 (Cross-Site Request Forgery (CSRF) in SourceCodester Product 
Expiry Man ...)
+       TODO: check
+CVE-2025-63711 (A Cross-Site Request Forgery (CSRF) vulnerability in the 
SourceCodeste ...)
+       TODO: check
+CVE-2025-63710 (The send_message.php endpoint in SourceCodester Simple Public 
Chat Roo ...)
+       TODO: check
+CVE-2025-63709 (A Cross-Site Scripting (XSS) vulnerability exists in 
SourceCodester Si ...)
+       TODO: check
+CVE-2025-63497 (The patient prescription viewing functionality in 
his_doc_view_single_ ...)
+       TODO: check
+CVE-2025-63457 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack 
overflow via  ...)
+       TODO: check
+CVE-2025-63456 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack 
overflow via  ...)
+       TODO: check
+CVE-2025-63455 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack 
overflow  ...)
+       TODO: check
+CVE-2025-63288 (In Open5GS 2.7.6, AMF crashes when receiving an abnormal 
NGSetupReques ...)
+       TODO: check
+CVE-2025-63154 (TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to 
contain a sta ...)
+       TODO: check
+CVE-2025-63153 (TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to 
contain a sta ...)
+       TODO: check
+CVE-2025-63152 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack 
overflow i ...)
+       TODO: check
+CVE-2025-63149 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack 
overflow i ...)
+       TODO: check
+CVE-2025-63147 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack 
overflow i ...)
+       TODO: check
+CVE-2025-60876 (BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and 
other C0  ...)
+       TODO: check
+CVE-2025-56503 (An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows 
authenticate ...)
+       TODO: check
+CVE-2025-47932 (Combodo iTop is a web based IT service management tool. 
Versions prior ...)
+       TODO: check
+CVE-2025-47773 (Combodo iTop is a web based IT service management tool. 
Versions prior ...)
+       TODO: check
+CVE-2025-47286 (Combodo iTop is a web based IT service management tool. In 
versions pr ...)
+       TODO: check
+CVE-2025-46430 (Dell Display and Peripheral Manager, versions prior to 
2.1.2.12, conta ...)
+       TODO: check
+CVE-2025-43723 (Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 
9.11.0. ...)
+       TODO: check
+CVE-2025-43079 (The Qualys Cloud Agent included a bundled uninstall script 
(qagent_uni ...)
+       TODO: check
+CVE-2025-41107 (Stored Cross Site Scripting (XSS) vulnerability in Smart 
School 7.0 du ...)
+       TODO: check
+CVE-2025-41001 (Cross Site Scripting (XSS) vulnerability stored in SOPlanning 
v1.53.02 ...)
+       TODO: check
+CVE-2025-33150 (IBM Cognos Analytics Certified Containers 12.1.0 could 
disclose packag ...)
+       TODO: check
+CVE-2025-12967 (An issue in AWS Wrappers for Amazon Aurora PostgreSQL may 
allow for pr ...)
+       TODO: check
+CVE-2025-12939 (A security flaw has been discovered in SourceCodester 
Interview Manage ...)
+       TODO: check
+CVE-2025-12938 (A vulnerability was identified in projectworlds Online 
Admission Syste ...)
+       TODO: check
+CVE-2025-12480 (Triofox versions prior to 16.7.10368.56560, are vulnerable to 
an Impro ...)
+       TODO: check
+CVE-2025-12409 (A SQL injection vulnerability was discovered in Looker Studio 
that all ...)
+       TODO: check
+CVE-2025-12405 (An improper privilege management vulnerability was found in 
Looker Stu ...)
+       TODO: check
+CVE-2025-12397 (A SQL injection vulnerability was found in Looker Studio.  A 
Looker St ...)
+       TODO: check
+CVE-2025-12155 (A Command Injection vulnerability, resulting from improper 
file path s ...)
+       TODO: check
 CVE-2025-XXXX [GHSA-c978-wq47-pvvw]
        - rust-sudo-rs 0.2.10-1
        NOTE: 
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw
@@ -57,6 +153,7 @@ CVE-2025-12864 (U-Office Force developed by e-Excellence has 
a SQL Injection vul
 CVE-2025-12613 (Versions of the package cloudinary before 2.7.0 are vulnerable 
to Arbi ...)
        TODO: check
 CVE-2025-64507 [GHSA-56mx-8g9f-5crf]
+       {DSA-6051-1}
        - incus 6.0.5-4
        - lxd <removed>
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf
@@ -901,23 +998,23 @@ CVE-2025-10683 (The Easy Email Subscription plugin for 
WordPress is vulnerable t
        NOT-FOR-US: WordPress plugin
 CVE-2025-10259 (Improper Validation of Specified Quantity in Input 
vulnerability in TC ...)
        NOT-FOR-US: Mitsubishi
-CVE-2025-12729
+CVE-2025-12729 (Inappropriate implementation in Omnibox in Google Chrome on 
Android pr ...)
        {DSA-6050-1}
        - chromium 142.0.7444.134-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12728
+CVE-2025-12728 (Inappropriate implementation in Omnibox in Google Chrome on 
Android pr ...)
        {DSA-6050-1}
        - chromium 142.0.7444.134-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12727
+CVE-2025-12727 (Inappropriate implementation in V8 in Google Chrome prior to 
142.0.744 ...)
        {DSA-6050-1}
        - chromium 142.0.7444.134-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12726
+CVE-2025-12726 (Inappropriate implementation in Views in Google Chrome on 
Windows prio ...)
        {DSA-6050-1}
        - chromium 142.0.7444.134-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12725
+CVE-2025-12725 (Out of bounds read in WebGPU in Google Chrome on Android prior 
to 142. ...)
        {DSA-6050-1}
        - chromium 142.0.7444.134-1
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -1713,7 +1810,8 @@ CVE-2024-13997 (Nagios XI versions prior 
to2024R1.1.3contain a privilege escalat
        NOT-FOR-US: Nagios XI
 CVE-2021-47698 (Nagios XI versions prior to5.8.7using embedded Nagios Core are 
vulnera ...)
        NOT-FOR-US: Nagios XI
-CVE-2016-15054 (Nagios XI versions prior to5.4.0 are vulnerable to cross-site 
scriptin ...)
+CVE-2016-15054
+       REJECTED
        NOT-FOR-US: Nagios XI
 CVE-2025-8900 (The Doccure Core plugin for WordPress is vulnerable to 
privilege escal ...)
        NOT-FOR-US: WordPress plugin
@@ -2228,7 +2326,8 @@ CVE-2025-10693 (When SmartStart Inclusion fails during 
the onboarding of a Z-Wav
        NOT-FOR-US: Silicon Labs
 CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local 
privile ...)
        NOT-FOR-US: Nagios Log Server
-CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored 
cross-site ...)
+CVE-2024-58272
+       REJECTED
        NOT-FOR-US: Nagios Log Server
 CVE-2024-14009 (Nagios XI versions prior to2024R1.0.1contain a privilege 
escalation vu ...)
        NOT-FOR-US: Nagios XI
@@ -2686,79 +2785,79 @@ CVE-2025-62402 (API users via `/api/v2/dagReports` 
could perform Dag code execut
        - airflow <itp> (bug #819700)
 CVE-2025-54941 (An example dag `example_dag_decorator` had non-validated 
parameter tha ...)
        - airflow <itp> (bug #819700)
-CVE-2025-12447
+CVE-2025-12447 (Incorrect security UI in Omnibox in Google Chrome on Android 
prior to  ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12446
+CVE-2025-12446 (Incorrect security UI in SplitView in Google Chrome prior to 
142.0.744 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12445
+CVE-2025-12445 (Policy bypass in Extensions in Google Chrome prior to 
142.0.7444.59 al ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12444
+CVE-2025-12444 (Incorrect security UI in Fullscreen UI in Google Chrome prior 
to 142.0 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12443
+CVE-2025-12443 (Out of bounds read in WebXR in Google Chrome prior to 
142.0.7444.59 al ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12441
+CVE-2025-12441 (Out of bounds read in V8 in Google Chrome prior to 
142.0.7444.59 allow ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12440
+CVE-2025-12440 (Inappropriate implementation in Autofill in Google Chrome 
prior to 142 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12439
+CVE-2025-12439 (Inappropriate implementation in App-Bound Encryption in Google 
Chrome  ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12438
+CVE-2025-12438 (Use after free in Ozone in Google Chrome on Linux and ChromeOS 
prior t ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12437
+CVE-2025-12437 (Use after free in PageInfo in Google Chrome prior to 
142.0.7444.59 all ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12436
+CVE-2025-12436 (Policy bypass in Extensions in Google Chrome prior to 
142.0.7444.59 al ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12435
+CVE-2025-12435 (Incorrect security UI in Omnibox in Google Chrome on Android 
prior to  ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12434
+CVE-2025-12434 (Race in Storage in Google Chrome on Windows prior to 
142.0.7444.59 all ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12433
+CVE-2025-12433 (Inappropriate implementation in V8 in Google Chrome prior to 
142.0.744 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12432
+CVE-2025-12432 (Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a 
remote at ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12431
+CVE-2025-12431 (Inappropriate implementation in Extensions in Google Chrome 
prior to 1 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12430
+CVE-2025-12430 (Object lifecycle issue in Media in Google Chrome prior to 
142.0.7444.5 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12429
+CVE-2025-12429 (Inappropriate implementation in V8 in Google Chrome prior to 
142.0.744 ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-12428
+CVE-2025-12428 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 
allowed a ...)
        {DSA-6046-1}
        - chromium 142.0.7444.59-1
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb3394f2a71a0dc64eebada9aaf03cd5c922699

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb3394f2a71a0dc64eebada9aaf03cd5c922699
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to