[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 14 Nov 2025 12:12:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7126cb02 by security tracker role at 2025-11-14T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,111 @@
+CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive 
admin c ...)
+       TODO: check
+CVE-2025-8870 (On affected platforms running Arista EOS, certain serial 
console input ...)
+       TODO: check
+CVE-2025-8855 (Authorization Bypass Through User-Controlled Key, Weak Password 
Recove ...)
+       TODO: check
+CVE-2025-64446 (A relative path traversal vulnerability in Fortinet FortiWeb 
8.0.0 thr ...)
+       TODO: check
+CVE-2025-63830 (CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in 
the File ...)
+       TODO: check
+CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX 
Portal 2.7A  ...)
+       TODO: check
+CVE-2025-63724 (SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via 
crafted POS ...)
+       TODO: check
+CVE-2025-63701 (A heap corruption vulnerability exists in the Advantech 
TP-3250 printe ...)
+       TODO: check
+CVE-2025-63680 (Nero BackItUp in the Nero Productline is vulnerable to a path 
parsing/ ...)
+       TODO: check
+CVE-2025-63291 (When processing API requests, the Alteryx server 
2022.1.1.42654 and 20 ...)
+       TODO: check
+CVE-2025-54562 (A vulnerability was found in the Application Server of Desktop 
Alert P ...)
+       TODO: check
+CVE-2025-54561 (An Incorrect Access Control vulnerability was found in the 
Application ...)
+       TODO: check
+CVE-2025-54560 (A Server-side Request Forgery vulnerability was found in the 
Applicati ...)
+       TODO: check
+CVE-2025-54559 (An issue was found in the Application Server of Desktop Alert 
PingAler ...)
+       TODO: check
+CVE-2025-54348 (A Stored Cross Site Scripting (XSS) vulnerability was found in 
the App ...)
+       TODO: check
+CVE-2025-54346 (A Reflected Cross Site Scripting (XSS) vulnerability was found 
in the  ...)
+       TODO: check
+CVE-2025-54345 (An issue was found in the Application Server of Desktop Alert 
PingAler ...)
+       TODO: check
+CVE-2025-54343 (An Incorrect Access Control vulnerability was found in the 
Application ...)
+       TODO: check
+CVE-2025-54342 (A vulnerability was found in the Application Server of Desktop 
Alert P ...)
+       TODO: check
+CVE-2025-54340 (A vulnerability was found in the Application Server of Desktop 
Alert P ...)
+       TODO: check
+CVE-2025-54339 (An Incorrect Access Control vulnerability was found in the 
Application ...)
+       TODO: check
+CVE-2025-4618 (A sensitive information disclosure vulnerability in Palo Alto 
Networks ...)
+       TODO: check
+CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto 
Networks ...)
+       TODO: check
+CVE-2025-4616 (An insufficient validation of an untrusted input vulnerability 
in Palo ...)
+       TODO: check
+CVE-2025-13204 (npm package `expr-eval` is vulnerable to Prototype Pollution. 
An attac ...)
+       TODO: check
+CVE-2025-13180 (A vulnerability was found in Bdtask/CodeCanyon Wholesale 
Inventory Con ...)
+       TODO: check
+CVE-2025-13179 (A vulnerability has been found in Bdtask/CodeCanyon Wholesale 
Inventor ...)
+       TODO: check
+CVE-2025-13178 (A flaw has been found in Bdtask/CodeCanyon SalesERP up to 
20250728. Th ...)
+       TODO: check
+CVE-2025-13177 (A vulnerability was detected in Bdtask/CodeCanyon SalesERP up 
to 20250 ...)
+       TODO: check
+CVE-2025-13174 (A weakness has been identified in rachelos WeRSS we-mp-rss up 
to 1.4.7 ...)
+       TODO: check
+CVE-2025-13172 (A security flaw has been discovered in CodeAstro Gym 
Management System ...)
+       TODO: check
+CVE-2025-13171 (A vulnerability was identified in ZZCMS 2023. This impacts an 
unknown  ...)
+       TODO: check
+CVE-2025-13170 (A vulnerability was detected in code-projects Simple Online 
Hotel Rese ...)
+       TODO: check
+CVE-2025-13169 (A security vulnerability has been detected in code-projects 
Simple Onl ...)
+       TODO: check
+CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0. 
This affect ...)
+       TODO: check
+CVE-2025-13033 (A vulnerability was identified in the email parsing library 
due to imp ...)
+       TODO: check
+CVE-2025-12897
+       REJECTED
+CVE-2025-12187
+       REJECTED
+CVE-2025-12149 (In Search Guard FLX versions 3.1.2 and earlier, while 
Document-Level S ...)
+       TODO: check
+CVE-2025-11981 (The School Management System \u2013 WPSchoolPress plugin for 
WordPress ...)
+       TODO: check
+CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based 
buffer overfl ...)
+       TODO: check
+CVE-2025-11794 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 
10.12.x <=  ...)
+       TODO: check
+CVE-2025-10018 (QuickCMS is vulnerable to multiple Stored XSS in language 
editor funct ...)
+       TODO: check
+CVE-2024-55016 (PHPGurukul Student Record Management System 3.20 is vulnerable 
to SQL  ...)
+       TODO: check
+CVE-2024-44640 (PHPGurukul Student Record System 3.20 is vulnerable to SQL 
Injection v ...)
+       TODO: check
+CVE-2024-44639 (PHPGurukul Student Record System 3.20 is vulnerable to SQL 
Injection v ...)
+       TODO: check
+CVE-2024-44636 (PHPGurukul Student Record System 3.20 is vulnerable to SQL 
Injection v ...)
+       TODO: check
+CVE-2024-44635 (PHPGurukul Student Record System 3.20 is vulnerable to Cross 
Site Scri ...)
+       TODO: check
+CVE-2024-44633 (PHPGurukul Student Record System 3.20 is vulnerable to SQL 
Injection v ...)
+       TODO: check
+CVE-2024-44632 (PHPGurukul Student Record System 3.20 is vulnerable to SQL 
Injection v ...)
+       TODO: check
+CVE-2024-44630 (Multiple parameters in register.php in PHPGurukul Student 
Record Syste ...)
+       TODO: check
+CVE-2024-42749 (Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows 
a local ...)
+       TODO: check
+CVE-2024-21635 (Memos is a privacy-first, lightweight note-taking service that 
uses Ac ...)
+       TODO: check
 CVE-2025-9479 (Out of bounds read in V8 in Google Chrome prior to 
133.0.6943.141 allo ...)
+       {DSA-5875-1}
        - chromium 133.0.6943.141-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-64754 (Jitsi Meet is an open source video conferencing application. A 
vulnera ...)
@@ -74,11 +181,13 @@ CVE-2024-9126 (Use after free in Internals in Google 
Chrome on iOS prior to 127.
 CVE-2024-7021 (Inappropriate implementation in Autofill in Google Chrome on 
Windows p ...)
        - chromium <not-affected> (Only affects Google Chrome on Windows)
 CVE-2024-7017 (Inappropriate implementation in DevTools in Google Chrome prior 
to 126 ...)
+       {DSA-5732-1}
        - chromium 126.0.6478.182-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-13983 (Inappropriate implementation in Lens in Google Chrome on iOS 
prior to  ...)
        - chromium <not-affected> (Only affects Google Chrome on iOS)
 CVE-2024-13178 (Inappropriate implementation in Fullscreen in Google Chrome 
prior to 1 ...)
+       {DSA-5757-1}
        - chromium 128.0.6613.84-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-11920 (Inappropriate implementation in Dawn in Google Chrome on Mac 
prior to  ...)
@@ -628,7 +737,7 @@ CVE-2025-8485 (An improper permissions vulnerability was 
reported in Lenovo App
        NOT-FOR-US: Lenovo
 CVE-2025-8421 (An improper default permission vulnerability was reported in 
Lenovo Do ...)
        NOT-FOR-US: Lenovo
-CVE-2025-65002 (Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI 
access if  ...)
+CVE-2025-65002 (Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S 
mishandles Redf ...)
        NOT-FOR-US: Fujitsu
 CVE-2025-65001 (Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to 
potentially  ...)
        NOT-FOR-US: Fujitsu
@@ -10360,7 +10469,7 @@ CVE-2025-11714 (Memory safety bugs present in Firefox 
ESR 115.28, Firefox ESR 14
 CVE-2025-11720 (The Firefox and Firefox Focus UI for the Android custom tab 
feature on ...)
        - firefox <not-affected> (Only affects Firefox on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11720
-CVE-2025-11719 (Starting in Firefox 143, the use of the native messaging API 
by web ex ...)
+CVE-2025-11719 (Starting in Thunderbird 143, the use of the native messaging 
API by we ...)
        - firefox <not-affected> (Only affects Firefox on Windows)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11719
 CVE-2025-11713 (Insufficient escaping in the \u201cCopy as cURL\u201d feature 
could ha ...)
@@ -34796,6 +34905,7 @@ CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code 
Execution in admin/templat
 CVE-2025-50675 (GPMAW 14, a bioinformatics software, has a critical 
vulnerability rela ...)
        NOT-FOR-US: GPMAW
 CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's 
tmplayer_parse_line ...)
+       {DLA-4371-1}
        - gst-plugins-base1.0 1.26.2-1
        [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u5
        NOTE: 
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
@@ -34804,6 +34914,7 @@ CVE-2025-47808 (In GStreamer through 1.26.1, the 
subparse plugin's tmplayer_pars
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9
 (1.27.1)
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9b810e83d0f4135cf5a066da8b9430cf6e375d29
 (1.26.2)
 CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's 
subrip_unescape_for ...)
+       {DLA-4371-1}
        - gst-plugins-base1.0 1.26.2-1
        [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u5
        NOTE: 
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
@@ -34812,6 +34923,7 @@ CVE-2025-47807 (In GStreamer through 1.26.1, the 
subparse plugin's subrip_unesca
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2
 (1.27.1)
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0711a31221a27c076dde3b9716cbcabf85088fa5
 (1.26.2)
 CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's 
parse_subrip_time f ...)
+       {DLA-4371-1}
        - gst-plugins-base1.0 1.26.2-1
        [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u5
        NOTE: 
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7126cb021d1134c92a6789016ab3c0a4c5e26be5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7126cb021d1134c92a6789016ab3c0a4c5e26be5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to