Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53a2cd4b by security tracker role at 2025-11-27T20:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2025-8890 (Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44has
a netw ...)
+ TODO: check
+CVE-2025-59890 (Improper input sanitization in the file archives upload
functionality ...)
+ TODO: check
+CVE-2025-59454 (In Apache CloudStack, a gap in access control checks affected
the APIs ...)
+ TODO: check
+CVE-2025-59302 (In Apache CloudStack improper control of generation of code
('Code In ...)
+ TODO: check
+CVE-2025-59026 (Malicious content uploaded as file can be used to execute
script code ...)
+ TODO: check
+CVE-2025-59025 (Malicious e-mail content can be used to execute script code.
Unintende ...)
+ TODO: check
+CVE-2025-54057 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-3261 (ThingsBoard in versions prior to v4.2.1 allows an authenticated
user t ...)
+ TODO: check
+CVE-2025-30190 (Malicious content at office documents can be used to inject
script cod ...)
+ TODO: check
+CVE-2025-30186 (Malicious content uploaded as file can be used to execute
script code ...)
+ TODO: check
+CVE-2025-13765 (Exposure of email service credentials to users without
administrative ...)
+ TODO: check
+CVE-2025-13758 (Exposure of credentials in unintended requests in Devolutions
Server.T ...)
+ TODO: check
+CVE-2025-13757 (SQL Injection vulnerability in last usage logs in Devolutions
Server.T ...)
+ TODO: check
+CVE-2025-13742 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
+ TODO: check
+CVE-2025-13692 (The Unlimited Elements For Elementor plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-13536 (The Blubrry PowerPress plugin for WordPress is vulnerable to
arbitrary ...)
+ TODO: check
+CVE-2025-13381 (The AI ChatBot with ChatGPT and Content Generator by AYS
plugin for Wo ...)
+ TODO: check
+CVE-2025-13378 (The AI ChatBot with ChatGPT and Content Generator by AYS
plugin for Wo ...)
+ TODO: check
+CVE-2025-12971 (The Folders \u2013 Unlimited Folders to Organize Media Library
Folder, ...)
+ TODO: check
+CVE-2025-12584 (The Quick View for WooCommerce plugin for WordPress is
vulnerable to I ...)
+ TODO: check
+CVE-2025-12559 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1,
10.11.x <= 1 ...)
+ TODO: check
+CVE-2025-12421 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1,
10.11.x <= 1 ...)
+ TODO: check
+CVE-2025-12419 (Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4,
10.5.x <= ...)
+ TODO: check
+CVE-2025-12140 (The application contains an insecure 'redirectToUrl' mechanism
that in ...)
+ TODO: check
+CVE-2025-10476 (The WP Fastest Cache plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
CVE-2025-7820 (The SKT PayPal for WooCommerce plugin for WordPress is
vulnerable to P ...)
NOT-FOR-US: WordPress plugin
CVE-2025-66314 (Improper Privilege Management vulnerability in ZTE ElasticNet
UME R32 ...)
@@ -14226,7 +14276,7 @@ CVE-2025-11581 (A security vulnerability has been
detected in PowerJob up to 5.1
NOT-FOR-US: PowerJob
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This
affects t ...)
NOT-FOR-US: PowerJob
-CVE-2025-11579 (github.com/nwaples/rardecode versions <=2.1.1 fail to restrict
the dic ...)
+CVE-2025-11579 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail
to vali ...)
- golang-github-nwaples-rardecode 2.2.1-1 (bug #1117936)
NOTE:
https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9
(v2.2.0)
CVE-2025-11190 (The Kiwire Captive Portal contains an open redirection issue
via the l ...)
@@ -27178,6 +27228,7 @@ CVE-2025-8712 (Missing authorization in Ivanti Connect
Secure before 22.7R2.9 or
CVE-2025-8711 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti
Policy ...)
NOT-FOR-US: Ivanti
CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX)
processes ...)
+ {DLA-4385-1}
- libssh 0.11.3-1 (bug #1114859)
[trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
@@ -41567,6 +41618,7 @@ CVE-2025-54566 (hw/pci/pcie_sriov.c in QEMU through
10.0.3 has a migration state
CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand
Management Sys ...)
NOT-FOR-US: PHPGurukul
CVE-2025-8114 (A flaw was found in libssh, a library that implements the SSH
protocol ...)
+ {DLA-4385-1}
- libssh 0.11.3-1 (bug #1109860)
[trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
@@ -50637,6 +50689,7 @@ CVE-2025-5449 (A flaw was found in the SFTP server
message decoding logic of lib
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb
(libssh-0.11.2)
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7
(libssh-0.11.2)
CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions
older ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
@@ -50648,17 +50701,20 @@ CVE-2025-5351 (A flaw was found in the key export
functionality of libssh. The i
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5351.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256
(libssh-0.11.2)
CVE-2025-5318 (A flaw was found in the libssh library in versions less than
0.11.2. A ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
(libssh-0.11.2)
CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized
variable e ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
(libssh-0.11.2)
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb
(libssh-0.11.2)
CVE-2025-4877 (There's a vulnerability in the libssh package where when a
libssh cons ...)
+ {DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4877.txt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a2cd4bfdab7c2a29019c712754f7e3ada64940
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a2cd4bfdab7c2a29019c712754f7e3ada64940
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
