Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd6dfe23 by security tracker role at 2025-11-17T20:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS certificate
validation when ...)
+ TODO: check
+CVE-2025-64758 (@dependencytrack/frontend is a Single Page Application (SPA)
used in D ...)
+ TODO: check
+CVE-2025-64756 (Glob matches files using patterns the shell uses. From
versions 10.3.7 ...)
+ TODO: check
+CVE-2025-64342 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2025-64046 (OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting
(XSS) i ...)
+ TODO: check
+CVE-2025-63918 (PDFPatcher executable does not validate user-supplied file
paths, allo ...)
+ TODO: check
+CVE-2025-63917 (PDFPatcher thru 1.1.3.4663 executable's XML bookmark import
functional ...)
+ TODO: check
+CVE-2025-63916 (MyScreenTools v2.2.1.0 contains a critical OS command
injection vulner ...)
+ TODO: check
+CVE-2025-63748 (QaTraq 6.9.2 allows authenticated users to upload arbitrary
files via ...)
+ TODO: check
+CVE-2025-63747 (QaTraq 6.9.2 ships with administrative account credentials
which are e ...)
+ TODO: check
+CVE-2025-63708 (Cross-Site Scripting (XSS) vulnerability exists in
SourceCodester AI F ...)
+ TODO: check
+CVE-2025-63292 (Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal
(firmware = 1.7. ...)
+ TODO: check
+CVE-2025-62519 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.0.1 ...)
+ TODO: check
+CVE-2025-58410 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2025-58407 (Kernel or driver software installed on a Guest VM may post
improper co ...)
+ TODO: check
+CVE-2025-55059 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
+ TODO: check
+CVE-2025-55058 (CWE-20 Improper Input Validation)
+ TODO: check
+CVE-2025-55057 (Multiple CWE-352 Cross-Site Request Forgery (CSRF))
+ TODO: check
+CVE-2025-55056 (Multiple CWE-79 Improper Neutralization of Input During Web
Page Gener ...)
+ TODO: check
+CVE-2025-55055 (CWE-78 Improper Neutralization of Special Elements used in an
OS Comma ...)
+ TODO: check
+CVE-2025-4321 (In a Bluetooth device, using RS9116-WiseConnect SDK experiences
a Deni ...)
+ TODO: check
+CVE-2025-40936 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+ TODO: check
+CVE-2025-40834 (A vulnerability has been identified in Mendix RichText (All
versions > ...)
+ TODO: check
+CVE-2025-34323 (Nagios Log Server versions prior to 2026R1.0.1 are vulnerable
to local ...)
+ TODO: check
+CVE-2025-34322 (Nagios Log Server versions prior to 2026R1.0.1 contain an
authenticate ...)
+ TODO: check
+CVE-2025-13319 (An injection vulnerability has been discovered in the API
feature in D ...)
+ TODO: check
+CVE-2025-13310
+ REJECTED
+CVE-2025-13299 (A flaw has been found in itsourcecode Web-Based Internet
Laboratory Ma ...)
+ TODO: check
+CVE-2025-13298 (A vulnerability was detected in itsourcecode Web-Based
Internet Labora ...)
+ TODO: check
+CVE-2025-13297 (A security vulnerability has been detected in itsourcecode
Web-Based I ...)
+ TODO: check
+CVE-2025-13291 (A vulnerability was found in Campcodes Supplier Management
System 1.0. ...)
+ TODO: check
+CVE-2025-13290 (A vulnerability has been found in code-projects Simple Food
Ordering S ...)
+ TODO: check
+CVE-2025-13289 (A vulnerability was detected in 1000projects Design &
Development of S ...)
+ TODO: check
+CVE-2025-13288 (A security vulnerability has been detected in Tenda CH22
1.0.0.1. This ...)
+ TODO: check
+CVE-2025-13287 (A weakness has been identified in itsourcecode Online Voting
System 1. ...)
+ TODO: check
+CVE-2025-13286 (A security flaw has been discovered in itsourcecode Online
Voting Syst ...)
+ TODO: check
+CVE-2025-13285 (A vulnerability was identified in itsourcecode Online Voting
System 1. ...)
+ TODO: check
+CVE-2025-13280 (A vulnerability was determined in CodeAstro Simple Inventory
System 1. ...)
+ TODO: check
+CVE-2025-13279 (A vulnerability was found in code-projects Nero Social
Networking Site ...)
+ TODO: check
+CVE-2025-13278 (A vulnerability has been found in projectworlds Advanced
Library Manag ...)
+ TODO: check
+CVE-2025-13277 (A flaw has been found in code-projects Nero Social Networking
Site 1.0 ...)
+ TODO: check
+CVE-2025-13276 (A vulnerability was detected in g33kyrash
Online-Banking-System up to ...)
+ TODO: check
+CVE-2025-13275 (A security vulnerability has been detected in Iqbolshoh
php-business-w ...)
+ TODO: check
+CVE-2025-13274 (A weakness has been identified in Campcodes School Fees
Payment Manage ...)
+ TODO: check
+CVE-2025-13273 (A security flaw has been discovered in Campcodes School Fees
Payment M ...)
+ TODO: check
+CVE-2025-13272 (A vulnerability was identified in Campcodes School Fees
Payment Manage ...)
+ TODO: check
+CVE-2025-13271 (A vulnerability was determined in Campcodes School Fees
Payment Manage ...)
+ TODO: check
+CVE-2025-13216
+ REJECTED
+CVE-2025-11681 (Denial-of-service condition in M-Files Server versions before
25.11.15 ...)
+ TODO: check
+CVE-2024-46336 (kashipara School Management System 1.0 is vulnerable to Cross
Site Scr ...)
+ TODO: check
+CVE-2024-46335 (PHPGurukul Complaint Management System 2.0 is vulnerble to
Cross Site ...)
+ TODO: check
+CVE-2024-46334 (kashipara School Management System 1.0 is vulnerable to Cross
Site Scr ...)
+ TODO: check
+CVE-2024-44664 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2024-44663 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2024-44662 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2024-44661 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross
Site Scri ...)
+ TODO: check
+CVE-2024-44660 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2024-44659 (PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2024-44658 (PHPGurukul Complaint Management System 2.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-44657 (PHPGurukul Complaint Management System 2.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-44655 (PHPGurukul Complaint Management System 2.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-44654 (PHPGurukul Complaint Management System 2.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-44653 (Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection
via the ...)
+ TODO: check
+CVE-2024-44652 (Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection
via the ...)
+ TODO: check
+CVE-2024-44651 (Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection
via the ...)
+ TODO: check
+CVE-2024-44648 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id
and adm ...)
+ TODO: check
+CVE-2024-44647 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2024-44644 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via
the frm_id ...)
+ TODO: check
+CVE-2024-44641 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via
the oldpas ...)
+ TODO: check
CVE-2025-9501 (The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable
to com ...)
NOT-FOR-US: WordPress plugin
CVE-2025-60022 (Improper certificate validation vulnerability exists in
'\u30c7\u30b8\ ...)
@@ -98,7 +236,7 @@ CVE-2025-13232 (A flaw has been found in projectsend up to
r1720. Impacted is an
NOT-FOR-US: projectsend
CVE-2025-12482 (The Booking for Appointments and Events Calendar \u2013 Amelia
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-13193 [libvirt-daemon: data leak for new offline snapshots]
+CVE-2025-13193 (A flaw was found in libvirt. External inactive snapshots for
shut-down ...)
- libvirt <unfixed> (bug #1120119)
[trixie] - libvirt <no-dsa> (Minor issue)
[bookworm] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -3735,7 +3873,8 @@ CVE-2025-11690 (An Insecure Direct Object Reference
(IDOR) vulnerability exists
NOT-FOR-US: CFMOTO RIDE
CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting
vulnerability ...)
NOT-FOR-US: Salesforce
-CVE-2025-65073 [OSSA-2025-002: Unauthenticated access to EC2/S3 token
endpoints can grant Keystone authorization]
+CVE-2025-65073 (OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a
/v3/ec2t ...)
+ {DSA-6056-1 DLA-4367-1}
- keystone 2:28.0.0-2 (bug #1120053)
NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2
NOTE: https://bugs.launchpad.net/keystone/+bug/2119646
@@ -144379,7 +144518,7 @@ CVE-2024-3958 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/456988
NOTE: https://hackerone.com/reports/2437784
-CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is
vulnerable t ...)
+CVE-2024-3659 (Firmware in KAON AR2140 routers, prior to versions 3.2.50 and
4.2.16, ...)
NOT-FOR-US: KAON AR2140 routers
CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- gitlab 17.3.5-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6dfe2314da711e7de7fcd1270219f2e72cf12c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6dfe2314da711e7de7fcd1270219f2e72cf12c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
