[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 18 Nov 2025 00:13:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
76190292 by security tracker role at 2025-11-18T08:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,93 @@
-CVE-2025-13223
+CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at 
Supermi ...)
+       TODO: check
+CVE-2025-8693 (A post-authentication command injection vulnerability in the 
"priv" pa ...)
+       TODO: check
+CVE-2025-8404 (Stack buffer overflow vulnerability exists in the Supermicro 
BMC Share ...)
+       TODO: check
+CVE-2025-8076 (There is a vulnerability in the Supermicro BMC web function at 
Supermi ...)
+       TODO: check
+CVE-2025-7711 (The The Classified Listing \u2013 Classified ads & Business 
Directory  ...)
+       TODO: check
+CVE-2025-7623 (Stack-based buffer overflow in the SMASH-CLP shell. An 
authenticated a ...)
+       TODO: check
+CVE-2025-6599 (An uncontrolled resource consumption vulnerability in the web 
server o ...)
+       TODO: check
+CVE-2025-64766 (NixOS's Onlyoffice is a software suite that offers online and 
offline  ...)
+       TODO: check
+CVE-2025-64734 (Missing Release of Resource after Effective Lifetime (CWE-772) 
in the  ...)
+       TODO: check
+CVE-2025-52578 (Incorrect Usage of Seeds in Pseudo-Random Number Generator 
(CWE- 335)  ...)
+       TODO: check
+CVE-2025-52457 (Observable Timing Discrepancy (CWE-208) in HBUS devices may 
allow an a ...)
+       TODO: check
+CVE-2025-48593 (In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a 
possible ...)
+       TODO: check
+CVE-2025-36553 (A buffer overflow vulnerability exists in the CvManager 
functionality  ...)
+       TODO: check
+CVE-2025-36463 (Multiple out-of-bounds read and write vulnerabilities exist in 
the Con ...)
+       TODO: check
+CVE-2025-36462 (Multiple out-of-bounds read and write vulnerabilities exist in 
the Con ...)
+       TODO: check
+CVE-2025-36461 (Multiple out-of-bounds read and write vulnerabilities exist in 
the Con ...)
+       TODO: check
+CVE-2025-36460 (Multiple out-of-bounds read and write vulnerabilities exist in 
the Con ...)
+       TODO: check
+CVE-2025-36357 (IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow 
a remote ...)
+       TODO: check
+CVE-2025-36299 (IBM Planning Analytics Local 2.1.0 through 2.1.14 stores 
sensitive inf ...)
+       TODO: check
+CVE-2025-36118 (IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 
implementation all ...)
+       TODO: check
+CVE-2025-32089 (A buffer overflow vulnerability exists in the CvManager_SBI 
functional ...)
+       TODO: check
+CVE-2025-31649 (A hard-coded password vulnerability exists in the ControlVault 
WBDI Dr ...)
+       TODO: check
+CVE-2025-31361 (A privilege escalation vulnerability exists in the 
ControlVault WBDI D ...)
+       TODO: check
+CVE-2025-13325 (A vulnerability was determined in itsourcecode Student 
Information Sys ...)
+       TODO: check
+CVE-2025-13323 (A security flaw has been discovered in code-projects Simple 
Pizza Orde ...)
+       TODO: check
+CVE-2025-13306 (A security vulnerability has been detected in D-Link DWR-M920, 
DWR-M92 ...)
+       TODO: check
+CVE-2025-13305 (A weakness has been identified in D-Link DWR-M920, DWR-M921, 
DWR-M960, ...)
+       TODO: check
+CVE-2025-13304 (A security flaw has been discovered in D-Link DWR-M920, 
DWR-M921, DWR- ...)
+       TODO: check
+CVE-2025-13303 (A vulnerability was determined in code-projects Courier 
Management Sys ...)
+       TODO: check
+CVE-2025-13302 (A vulnerability was identified in code-projects Courier 
Management Sys ...)
+       TODO: check
+CVE-2025-13301 (A vulnerability was found in itsourcecode Web-Based Internet 
Laborator ...)
+       TODO: check
+CVE-2025-13300 (A vulnerability has been found in itsourcecode Web-Based 
Internet Labo ...)
+       TODO: check
+CVE-2025-13230 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 
allowed a ...)
+       TODO: check
+CVE-2025-13229 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 
allowed a ...)
+       TODO: check
+CVE-2025-13228 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 
allowed a ...)
+       TODO: check
+CVE-2025-13227 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 
allowed a ...)
+       TODO: check
+CVE-2025-13226 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 
allowed a ...)
+       TODO: check
+CVE-2025-12974 (The Gravity Forms plugin for WordPress is vulnerable to 
arbitrary file ...)
+       TODO: check
+CVE-2025-12792 (The Mac App Store distribution of the Canva for Mac desktop 
app before ...)
+       TODO: check
+CVE-2025-12524 (The Post Type Switcher plugin for WordPress is vulnerable to 
Insecure  ...)
+       TODO: check
+CVE-2025-11267 (The VK All in One Expansion Unit plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-11265 (The VK All in One Expansion Unit plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-10089 (Malicious Code Execution Vulnerability in Setting and 
Operation Applic ...)
+       TODO: check
+CVE-2025-13223 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 
allowed  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-13224
+CVE-2025-13224 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 
allowed  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS certificate 
validation when  ...)
@@ -8912,11 +8998,13 @@ CVE-2025-11679 (Out-of-bounds Read in 
lws_upng_emit_next_line in warmcat libwebs
        NOTE: Introduced in: 
https://libwebsockets.org/git/libwebsockets/commit?id=48907fca0a25c39ce35692c527cb8aa82ee60d85
 (v4.4.0)
        NOTE: Fixed in: 
https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
 CVE-2025-11678 (Stack-based Buffer Overflowin lws_adns_parse_label in warmcat 
libwebso ...)
+       {DLA-4373-1}
        - libwebsockets 4.3.5-3 (bug #1118746)
        [trixie] - libwebsockets 4.3.5-1+deb13u1
        [bookworm] - libwebsockets <no-dsa> (Minor issue)
        NOTE: 
https://libwebsockets.org/git/libwebsockets/commit?id=2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a
 CVE-2025-11677 (Use After Free in WebSocket server implementation in 
lws_handshake_ser ...)
+       {DLA-4373-1}
        - libwebsockets 4.3.5-3 (bug #1118747)
        [trixie] - libwebsockets 4.3.5-1+deb13u1
        [bookworm] - libwebsockets <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76190292507741d2f548425cd9a6839e99044730

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76190292507741d2f548425cd9a6839e99044730
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to