[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 03 Feb 2026 00:13:21 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0d74b53f by security tracker role at 2026-02-03T08:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2026-25228 (Signal K Server is a server application that runs on a central 
hub in  ...)
+       TODO: check
+CVE-2026-25222 (PolarLearn is a free and open-source learning program. In 
0-PRERELEASE ...)
+       TODO: check
+CVE-2026-25221 (PolarLearn is a free and open-source learning program. In 
0-PRERELEASE ...)
+       TODO: check
+CVE-2026-25144 (Talishar is a fan-made Flesh and Blood project. A Stored XSS 
exists in ...)
+       TODO: check
+CVE-2026-25142 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, 
SanboxJ ...)
+       TODO: check
+CVE-2026-25137 (The NixOs Odoo package is an open source ERP and CRM system. 
From 21.1 ...)
+       TODO: check
+CVE-2026-25134 (Group-Office is an enterprise customer relationship management 
and gro ...)
+       TODO: check
+CVE-2026-25060 (OpenList Frontend is a UI component for OpenList. Prior to 
4.1.10, cer ...)
+       TODO: check
+CVE-2026-25059 (OpenList Frontend is a UI component for OpenList. Prior to 
4.1.10, the ...)
+       TODO: check
+CVE-2026-24936 (When a specific function is enabled while joining a AD Domain 
from ADM ...)
+       TODO: check
+CVE-2026-24935 (A third-party NAT traversal module fails to validate SSL/TLS 
certifica ...)
+       TODO: check
+CVE-2026-24934 (The DDNS function uses an insecure HTTP connection or fails to 
validat ...)
+       TODO: check
+CVE-2026-24933 (The API communication component fails to validate the SSL/TLS 
certific ...)
+       TODO: check
+CVE-2026-24932 (The DDNS update function in ADM fails to properly validate the 
hostnam ...)
+       TODO: check
+CVE-2026-24763 (OpenClaw (formerly  Clawdbot) is a personal AI assistant you 
run on yo ...)
+       TODO: check
+CVE-2026-24737 (jsPDF is a library to generate PDFs in JavaScript. Prior to 
4.1.0, use ...)
+       TODO: check
+CVE-2026-24694 (The installer for Roland Cloud Manager ver.3.1.19 and prior 
insecurely ...)
+       TODO: check
+CVE-2026-24471 (continuwuity is a Matrix homeserver written in Rust. This 
vulnerabilit ...)
+       TODO: check
+CVE-2026-24465 (Stack-based buffer overflow vulnerability exists in ELECOM 
wireless LA ...)
+       TODO: check
+CVE-2026-24449 (For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords 
can be cal ...)
+       TODO: check
+CVE-2026-24133 (jsPDF is a library to generate PDFs in JavaScript. Prior to 
4.1.0, use ...)
+       TODO: check
+CVE-2026-24051 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. 
The OpenTe ...)
+       TODO: check
+CVE-2026-24043 (jsPDF is a library to generate PDFs in JavaScript. Prior to 
4.1.0, use ...)
+       TODO: check
+CVE-2026-24040 (jsPDF is a library to generate PDFs in JavaScript. Prior to 
4.1.0, the ...)
+       TODO: check
+CVE-2026-24007 (Tuleap is an Open Source Suite for management of software 
development  ...)
+       TODO: check
+CVE-2026-23997 (FacturaScripts is open-source enterprise resource planning and 
account ...)
+       TODO: check
+CVE-2026-23515 (Signal K Server is a server application that runs on a central 
hub in  ...)
+       TODO: check
+CVE-2026-23476 (FacturaScripts is open-source enterprise resource planning and 
account ...)
+       TODO: check
+CVE-2026-22780 (Rizin is a UNIX-like reverse engineering framework and 
command-line to ...)
+       TODO: check
+CVE-2026-22778 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-22550 (OS command injection vulnerability exists in WRC-X1500GS-B and 
WRC-X15 ...)
+       TODO: check
+CVE-2026-20704 (Cross-site request forgery vulnerability exists in 
WRC-X1500GS-B and W ...)
+       TODO: check
+CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic 
Server xqui ...)
+       TODO: check
+CVE-2026-1778 (Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables 
TLS cer ...)
+       TODO: check
+CVE-2026-1777 (The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 
includes th ...)
+       TODO: check
+CVE-2026-1730 (The OS DataHub Maps plugin for WordPress is vulnerable to 
arbitrary fi ...)
+       TODO: check
+CVE-2026-1592 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site 
script ...)
+       TODO: check
+CVE-2026-1591 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site 
script ...)
+       TODO: check
+CVE-2026-1447 (The Mail Mint plugin for WordPress is vulnerable to Cross-Site 
Request ...)
+       TODO: check
+CVE-2026-1375 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
+       TODO: check
+CVE-2026-1371 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
+       TODO: check
+CVE-2026-1210 (The Happy Addons for Elementor plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2026-1065 (The Form Maker by 10Web plugin for WordPress is vulnerable to 
Stored C ...)
+       TODO: check
+CVE-2026-1058 (The Form Maker plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2026-0950 (The Spectra Gutenberg Blocks \u2013 Website Builder for the 
Block Edit ...)
+       TODO: check
+CVE-2026-0924 (BuhoCleanercontains an insecure XPC service that allows local, 
unprivi ...)
+       TODO: check
+CVE-2026-0909 (The WP ULike plugin for WordPress is vulnerable to Insecure 
Direct Obj ...)
+       TODO: check
+CVE-2026-0617 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
+       TODO: check
+CVE-2026-0383 (A vulnerability in Brocade Fabric OS could allow an 
authenticated, loc ...)
+       TODO: check
+CVE-2025-9711 (A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow 
elevat ...)
+       TODO: check
+CVE-2025-8590 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       TODO: check
+CVE-2025-8589 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-70960 (A stored cross-site scripting (XSS) vulnerability in the 
Forums module ...)
+       TODO: check
+CVE-2025-70959 (A stored cross-site scripting (XSS) vulnerability in the Jobs 
module o ...)
+       TODO: check
+CVE-2025-70958 (Multiple reflected cross-site scripting (XSS) vulnerabilities 
in the i ...)
+       TODO: check
+CVE-2025-69207 (Khoj is a self-hostable artificial intelligence app. Prior to 
2.0.0-be ...)
+       TODO: check
+CVE-2025-66480 (Wildfire IM is an instant messaging and real-time audio/video 
solution ...)
+       TODO: check
+CVE-2025-61650 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-61649 (Vulnerability in Wikimedia Foundation CheckUser. This 
vulnerability is ...)
+       TODO: check
+CVE-2025-61647 (Vulnerability in Wikimedia Foundation CheckUser. This 
vulnerability is ...)
+       TODO: check
+CVE-2025-61644 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-58383 (A vulnerability in Brocade Fabric OS versions before 9.2.1c2 
could all ...)
+       TODO: check
+CVE-2025-58382 (A vulnerability in the secure configuration of authentication 
and  man ...)
+       TODO: check
+CVE-2025-58381 (A  vulnerability in Brocade Fabric OS before 9.2.1c2 could 
allow an  a ...)
+       TODO: check
+CVE-2025-58380 (A vulnerability in Brocade Fabric OS before 9.2.1 could allow 
an authe ...)
+       TODO: check
+CVE-2025-58379 (Brocade Fabric OS before 9.2.1 has a vulnerability that could 
allow a  ...)
+       TODO: check
+CVE-2025-36436 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 
Interim Fi ...)
+       TODO: check
+CVE-2025-36253 (IBM Concert 1.0.0 through 2.1.0 uses weaker than expected 
cryptographi ...)
+       TODO: check
+CVE-2025-36238 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 
through  ...)
+       TODO: check
+CVE-2025-36194 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 
through  ...)
+       TODO: check
+CVE-2025-15556 (Notepad++ versions prior to 8.8.9, when using the WinGUp 
updater, cont ...)
+       TODO: check
+CVE-2025-14274 (The Unlimited Elements for Elementor plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2025-13096 (IBM Business Automation Workflow containers V25.0.0 through 
V25.0.0-IF ...)
+       TODO: check
+CVE-2025-12774 (A vulnerability in the migration script for Brocade SANnav 
before 3.0  ...)
+       TODO: check
+CVE-2025-12773 (A vulnerability in update-reports-purge-settings.sh script 
logging for ...)
+       TODO: check
+CVE-2025-12772 (Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch 
admin p ...)
+       TODO: check
+CVE-2025-12680 (Brocade SANnav before Brocade SANnav 2.4.0b logs database 
passwords in ...)
+       TODO: check
+CVE-2025-12679 (A vulnerability in Brocade SANnav before 2.4.0b prints the  
Password-B ...)
+       TODO: check
 CVE-2026-24514
        NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2026-24513
@@ -1856,6 +2012,7 @@ CVE-2025-69562 (code-projects Mobile Shop Management 
System 1.0 is vulnerable to
 CVE-2025-69559 (code-projects Computer Book Store 1.0 is vulnerable to File 
Upload in  ...)
        NOT-FOR-US: code-projects
 CVE-2025-68670 (xrdp is an open source RDP server. xrdp before v0.10.5 
contains an una ...)
+       {DLA-4464-1}
        [experimental] - xrdp 0.10.5-1
        - xrdp 0.10.1-4.1 (bug #1126537)
        NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f
@@ -22057,7 +22214,7 @@ CVE-2025-67897 (In Sequoia before 2.1.0, aes_key_unwrap 
panics if passed a ciphe
        [bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)
        [bullseye] - rust-sequoia-openpgp <ignored> (Minor issue)
        NOTE: Fixed by: 
https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5
 (openpgp/v2.1.0)
-CVE-2025-67484
+CVE-2025-67484 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22066,7 +22223,7 @@ CVE-2025-67484
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1203865 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1208038 
(REL1_43)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1208364 
(REL1_39)
-CVE-2025-67483
+CVE-2025-67483 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.6+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present, 
introduced in 1.40)
@@ -22075,7 +22232,7 @@ CVE-2025-67483
        NOTE: https://phabricator.wikimedia.org/T409226
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217337 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217299 
(REL1_43)
-CVE-2025-67482
+CVE-2025-67482 (Vulnerability in Wikimedia Foundation Scribunto, Wikimedia 
Foundation  ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22083,7 +22240,7 @@ CVE-2025-67482
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1217290 
(master)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1217293 
(REL1_43)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1217289 
(REL1_39)
-CVE-2025-67481
+CVE-2025-67481 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22091,7 +22248,7 @@ CVE-2025-67481
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217338 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217300 
(REL1_43)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217287 
(REL1_39)
-CVE-2025-67480
+CVE-2025-67480 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22099,7 +22256,7 @@ CVE-2025-67480
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217336 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217298 
(REL1_43)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217286 
(REL1_39)
-CVE-2025-67479
+CVE-2025-67479 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia 
Foundation  ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22107,7 +22264,7 @@ CVE-2025-67479
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217335 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217297 
(REL1_43)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217285 
(REL1_39)
-CVE-2025-67478
+CVE-2025-67478 (Vulnerability in Wikimedia Foundation CheckUser. This 
vulnerability is ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -22115,7 +22272,7 @@ CVE-2025-67478
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217334 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217296 
(REL1_43)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217284 
(REL1_39)
-CVE-2025-67477
+CVE-2025-67477 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.6+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
@@ -22124,12 +22281,12 @@ CVE-2025-67477
        NOTE: https://phabricator.wikimedia.org/T406639
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217332 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217295 
(REL1_43)
-CVE-2025-67476
+CVE-2025-67476 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        - mediawiki <not-affected> (Vulnerable code not present, introduced in 
1.44)
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
        NOTE: https://phabricator.wikimedia.org/T405859
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1217333 (master)
-CVE-2025-67475
+CVE-2025-67475 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4428-1}
        - mediawiki 1:1.43.6+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/
@@ -35552,7 +35709,7 @@ CVE-2025-40106 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.17.6-1
        [trixie] - linux 6.12.57-1
        NOTE: 
https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)
-CVE-2025-11261
+CVE-2025-11261 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T406322
@@ -40323,7 +40480,7 @@ CVE-2025-60016 (When Diffie-Hellman (DH) group Elliptic 
Curve Cryptography (ECC)
        NOT-FOR-US: F5
 CVE-2025-60015 (An out-of-bounds write vulnerability exists in F5OS-A and 
F5OS-C that  ...)
        NOT-FOR-US: F5
-CVE-2025-60013 (When a user attempts to initialize the rSeries FIPS module 
using a pas ...)
+CVE-2025-60013 (When a highly-privileged, authenticated attacker attempts to 
initializ ...)
        NOT-FOR-US: F5
 CVE-2025-59781 (When DNS cache is configured on a BIG-IP or BIG-IP Next CNF 
virtual se ...)
        NOT-FOR-US: F5
@@ -45537,23 +45694,23 @@ CVE-2025-61962 (In fetchmail before 6.5.6, the SMTP 
client can crash when authen
        NOTE: https://www.fetchmail.info/fetchmail-SA-2025-01.txt
        NOTE: Fixed by: 
https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
 (6.5.6)
        NOTE: Followup: 
https://gitlab.com/fetchmail/fetchmail/-/commit/3c9e49d70e5d958f10b94fc58b3c5046f87cff7a
 (6.5.7)
-CVE-2025-61656 [Sanitize attributes unwrapped from data-ve-attributes]
+CVE-2025-61656 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T397232
        NOTE: 
https://gerrit.wikimedia.org/r/c/VisualEditor/VisualEditor/+/1193247
-CVE-2025-61655 [Properly escape and parse system messages]
+CVE-2025-61655 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T395858
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/1193248
-CVE-2025-61657 [Insert sticky header labels as text instead of HTML]
+CVE-2025-61657 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
        NOTE: http://phabricator.wikimedia.org/T398636
-CVE-2025-61654 [Exclude deleted entries when counting thanks]
+CVE-2025-61654 (Vulnerability in Wikimedia Foundation Thanks. This 
vulnerability is as ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
@@ -45613,12 +45770,12 @@ CVE-2025-10895
        REJECTED
 CVE-2025-10653 (An unauthenticated debug port may allow access to the device 
file syst ...)
        NOT-FOR-US: Raise3D
-CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
+CVE-2025-61653 (Vulnerability in Wikimedia Foundation TextExtracts. This 
vulnerability ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: http://phabricator.wikimedia.org/T397577
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TextExtracts/+/1193249
-CVE-2025-11173
+CVE-2025-11173 (Vulnerability in Wikimedia Foundation OATHAuth. This 
vulnerability is  ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T401862
@@ -45632,33 +45789,33 @@ CVE-2025-11175 (Improper Neutralization of Special 
Elements used in an Expressio
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
        NOTE: https://phabricator.wikimedia.org/T364910
        NOTE: https://phabricator.wikimedia.org/T396248
-CVE-2025-61652 [In API check user read permissions before showing PageInfo]
+CVE-2025-61652 (Vulnerability in Wikimedia Foundation DiscussionTools.This 
issue affec ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
        NOTE: https://phabricator.wikimedia.org/T397580
-CVE-2025-61635 [ApiFancyCaptchaReload: Reuse badcaptcha rate limit]
+CVE-2025-61635 (Vulnerability in Wikimedia Foundation ConfirmEdit. This 
vulnerability  ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: http://phabricator.wikimedia.org/T355073
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ConfirmEdit/+/1193206
-CVE-2025-61648
+CVE-2025-61648 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: MediaWiki extension CheckUser
-CVE-2025-61658
+CVE-2025-61658 (Vulnerability in Wikimedia Foundation CheckUser. This 
vulnerability is ...)
        NOT-FOR-US: MediaWiki extension CheckUser
-CVE-2025-61651
+CVE-2025-61651 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: MediaWiki extension CheckUser
-CVE-2025-61646 [Prevent leaking hidden usernames in Watchlist/RecentChanges]
+CVE-2025-61646 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T398706
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193226
-CVE-2025-61645 [Fix i18n XSS in CodexTablePager]
+CVE-2025-61645 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki <not-affected> (Introduced in 1.44)
        NOTE: http://phabricator.wikimedia.org/T403761
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193202
-CVE-2025-61643 [Don't send suppressed recent changes to RCFeeds]
+CVE-2025-61643 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T403757
@@ -45886,50 +46043,50 @@ CVE-2024-58267 (A vulnerability has been identified 
within Rancher Manager where
        NOT-FOR-US: Rancher
 CVE-2024-58260 (A vulnerability has been identified within Rancher Manager 
where a mis ...)
        NOT-FOR-US: Rancher
-CVE-2025-61642 [Escape submit button label for Codex-based HTMLForms]
+CVE-2025-61642 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
        NOTE: https://phabricator.wikimedia.org/T402313
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193175
-CVE-2025-61641 [api: Disable maxsize in QueryAllPages in miser mode]
+CVE-2025-61641 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T298690
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193174
-CVE-2025-61640 [Parse messages instead of inserting them as HTML]
+CVE-2025-61640 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T402075
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193173
-CVE-2025-61639 [Use ManualLogEntry::getDeleted in ::getRecentChange]
+CVE-2025-61639 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T280413
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193178
-CVE-2025-61638 [Sanitize data- attributes]
+CVE-2025-61638 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-6085-1 DLA-4355-1}
        - mediawiki 1:1.43.5+dfsg-1
        NOTE: https://phabricator.wikimedia.org/T401099
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193172
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193218
        NOTE: The fix needs changes in embedded parsoid too: 
https://gerrit.wikimedia.org/r/c/mediawiki/services/parsoid/+/1192154 (v0.16.6)
-CVE-2025-61637 [Escape three system messages used by live preview]
+CVE-2025-61637 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
        NOTE: https://phabricator.wikimedia.org/T394856
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193171
-CVE-2025-61636 [Escape rawElement $content]
+CVE-2025-61636 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
        NOTE: https://phabricator.wikimedia.org/T394396
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193170
-CVE-2025-61634 [REST: Set cache-control value of max-age=60 for redirects]
+CVE-2025-61634 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        - mediawiki 1:1.43.5+dfsg-1
        [trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
        [bookworm] - mediawiki <not-affected> (Redirect introduced in 1.40)
@@ -77182,7 +77339,7 @@ CVE-2025-38091 (In the Linux kernel, the following 
vulnerability has been resolv
        NOTE: 
https://git.kernel.org/linus/2ddac70fed50485aa4ae49cdb7478ce41d8d4715 (6.15-rc7)
 CVE-2025-46647 (A vulnerability of pluginopenid-connect in Apache APISIX.  
This vulner ...)
        NOT-FOR-US: Apache APISIX
-CVE-2025-6927
+CVE-2025-6927 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        - mediawiki 1:1.43.3+dfsg-1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
@@ -77198,63 +77355,63 @@ CVE-2025-6926 (Improper Authentication vulnerability 
in Wikimedia Foundation Med
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1165164 
(master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165090 
(REL1_39)
-CVE-2025-6597
+CVE-2025-6597 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-5957-1 DLA-4249-1}
        - mediawiki 1:1.43.3+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T389009
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165116 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165088 
(REL1_39)
-CVE-2025-6596
+CVE-2025-6596 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.3+dfsg-1
        [bookworm] - mediawiki <not-affected> (Introduced in 1.40)
        [bullseye] - mediawiki <not-affected> (Introduced in 1.40)
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T396685
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/skins/Vector/+/1165107 
(master)
-CVE-2025-6595
+CVE-2025-6595 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-5957-1 DLA-4249-1}
        - mediawiki 1:1.43.3+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T394863
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165106
 (master)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165144
 (REL1_39)
-CVE-2025-6594
+CVE-2025-6594 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        {DSA-5957-1 DLA-4249-1}
        - mediawiki 1:1.43.3+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T395063
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165115 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165087 
(REL1_39)
-CVE-2025-6593
+CVE-2025-6593 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-5957-1 DLA-4249-1}
        - mediawiki 1:1.43.3+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T396230
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165114 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165086 
(REL1_39)
-CVE-2025-6592
+CVE-2025-6592 (Vulnerability in Wikimedia Foundation AbuseFilter. This 
vulnerability  ...)
        - mediawiki 1:1.43.3+dfsg-1
        [bookworm] - mediawiki <not-affected> (Only affects 1.44 and later)
        [bullseye] - mediawiki <not-affected> (Only affects 1.44 and later)
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T391218
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1143146 (master)
-CVE-2025-6591
+CVE-2025-6591 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        {DSA-5957-1 DLA-4249-1}
        - mediawiki 1:1.43.3+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T392276
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165113 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165085 
(REL1_39)
-CVE-2025-6590
+CVE-2025-6590 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        {DSA-5957-1 DLA-4249-1}
        - mediawiki 1:1.43.3+dfsg-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
        NOTE: https://phabricator.wikimedia.org/T392746
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165112 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165084 
(REL1_39)
-CVE-2025-6589
+CVE-2025-6589 (Vulnerability in Wikimedia Foundation MediaWiki. This 
vulnerability is ...)
        - mediawiki 1:1.43.3+dfsg-1
        [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
        [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
@@ -125730,7 +125887,7 @@ CVE-2025-23413 (When users log in through the webUI 
or API using local authentic
        NOT-FOR-US: F5
 CVE-2025-23412 (When BIG-IP APM Access Profile is configured on a virtual 
server, undi ...)
        NOT-FOR-US: F5
-CVE-2025-23239 (When running in Appliance mode, an authenticated remote 
command inject ...)
+CVE-2025-23239 (When running in Appliance mode, and logged into a 
highly-privileged ro ...)
        NOT-FOR-US: F5
 CVE-2025-22891 (When BIG-IP PEM Control Plane listener Virtual Server is 
configured wi ...)
        NOT-FOR-US: F5
@@ -202915,7 +203072,7 @@ CVE-2024-32980 (Spin is the developer tool for 
building and running serverless a
        NOT-FOR-US: Spin
 CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling 
of MySQL ...)
        NOT-FOR-US: Vitess
-CVE-2024-32761 (Under certain conditions, a potential data leak may occur in 
the Traff ...)
+CVE-2024-32761 (Under certain conditions, a data leak may occur in the Traffic 
Managem ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2024-32113 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: Apache OFBiz



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d74b53f6da2cef7e5c7a8afe7ae0e08bbe8128a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d74b53f6da2cef7e5c7a8afe7ae0e08bbe8128a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to