Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c6b0ffb by security tracker role at 2025-08-26T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,126 @@
-CVE-2025-38676 [iommu/amd: Avoid stack buffer overflow from kernel cmdline]
+CVE-2025-9491 (Microsoft Windows LNK File UI Misrepresentation Remote Code
Execution ...)
+ TODO: check
+CVE-2025-9483 (A flaw has been found in Linksys RE6250, RE6300, RE6350,
RE6500, RE700 ...)
+ TODO: check
+CVE-2025-9482 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350,
RE6500 ...)
+ TODO: check
+CVE-2025-9481 (A security vulnerability has been detected in Linksys RE6250,
RE6300, ...)
+ TODO: check
+CVE-2025-9478 (Use after free in ANGLE in Google Chrome prior to
139.0.7258.154 allow ...)
+ TODO: check
+CVE-2025-9190 (The configuration of Cursor on macOS, specifically the
"RunAsNode" fus ...)
+ TODO: check
+CVE-2025-8700 (Invoice Ninja's configuration on macOS, specifically the
presence of e ...)
+ TODO: check
+CVE-2025-8597 (MacVim's configuration on macOS, specifically the presence of
entitlem ...)
+ TODO: check
+CVE-2025-8424 (Improper access control on the NetScaler Management Interface
in NetSc ...)
+ TODO: check
+CVE-2025-7776 (Memory overflow vulnerability leading to unpredictable or
erroneous be ...)
+ TODO: check
+CVE-2025-7775 (Memory overflow vulnerability leading to Remote Code Execution
and/or ...)
+ TODO: check
+CVE-2025-6366 (The Event List plugin for WordPress is vulnerable to privilege
escalat ...)
+ TODO: check
+CVE-2025-6247 (The WordPress Automatic Plugin plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2025-57818 (Firecrawl turns entire websites into LLM-ready markdown or
structured ...)
+ TODO: check
+CVE-2025-57813 (traQ is a messenger application built for Digital Creators
Club traP. ...)
+ TODO: check
+CVE-2025-57810 (jsPDF is a library to generate PDFs in JavaScript. Prior to
3.0.2, use ...)
+ TODO: check
+CVE-2025-57803 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2025-57425 (A Stored Cross-Site Scripting (XSS) vulnerability in
SourceCodester FA ...)
+ TODO: check
+CVE-2025-56432 (A cross-site scripting (XSS) vulnerability exists in Nagios XI
2024R2. ...)
+ TODO: check
+CVE-2025-55526 (n8n-workflows Main Commit ee25413 allows attackers to execute
a direct ...)
+ TODO: check
+CVE-2025-55443 (Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive
administrato ...)
+ TODO: check
+CVE-2025-55298 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2025-55212 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2025-53813 (The configuration of Nozbe on macOS, specifically the
"RunAsNode" fuse ...)
+ TODO: check
+CVE-2025-53811 (The configuration of Mosh-Pro on macOS, specifically the
"RunAsNode" f ...)
+ TODO: check
+CVE-2025-52353 (An arbitrary code execution vulnerability in Badaso CMS
2.9.11. The Me ...)
+ TODO: check
+CVE-2025-52219 (SelectZero SelectZero Data Observability Platform before
2025.5.2 cont ...)
+ TODO: check
+CVE-2025-52218 (SelectZero Data Observability Platform before 2025.5.2 is
vulnerable t ...)
+ TODO: check
+CVE-2025-52217 (SelectZero Data Observability Platform before 2025.5.2 is
vulnerable t ...)
+ TODO: check
+CVE-2025-52184 (Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows
a remote ...)
+ TODO: check
+CVE-2025-52037 (A vulnerability has been found in NotesCMS and classified as
medium. A ...)
+ TODO: check
+CVE-2025-52036 (A vulnerability has been found in NotesCMS and classified as
medium. A ...)
+ TODO: check
+CVE-2025-52035 (A vulnerability in NotesCMS and specifically in the page
/index.php?ro ...)
+ TODO: check
+CVE-2025-50976 (IPFire 2.29 DNS management interface (dns.cgi) fails to
properly sanit ...)
+ TODO: check
+CVE-2025-50975 (IPFire 2.29 web-based firewall interface (firewall.cgi) fails
to sanit ...)
+ TODO: check
+CVE-2025-50974 (The Calamaris log exporter CGI
(/cgi-bin/logs.cgi/calamaris.dat) in IP ...)
+ TODO: check
+CVE-2025-50971 (Directory traversal vulnerability in AbanteCart version 1.4.2
allows u ...)
+ TODO: check
+CVE-2025-50753 (Mitrastar GPT-2741GNAC-N2 devices are provided with access
through ssh ...)
+ TODO: check
+CVE-2025-48108 (Missing Authorization vulnerability in Mojoomla School
Management allo ...)
+ TODO: check
+CVE-2025-44002 (Race Condition in the Directory Validation Logic in the
TeamViewer Ful ...)
+ TODO: check
+CVE-2025-36729 (A non-primary administrator user with admin rights to the web
interfac ...)
+ TODO: check
+CVE-2025-2697 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a
remote a ...)
+ TODO: check
+CVE-2025-29992 (Mahara before 24.04.9 exposes database connection information
if the d ...)
+ TODO: check
+CVE-2025-29901 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
+ TODO: check
+CVE-2025-25737 (Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs)
v3.2.0.829 ...)
+ TODO: check
+CVE-2025-25736 (Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23,
v3.8.0.1119.42, and ...)
+ TODO: check
+CVE-2025-25735 (Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs)
v3.2.0.829 ...)
+ TODO: check
+CVE-2025-25734 (Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs)
v3.2.0.829 ...)
+ TODO: check
+CVE-2025-25733 (Incorrect access control in the SPI Flash Chip of Kapsch
TrafficCom RI ...)
+ TODO: check
+CVE-2025-25732 (Incorrect access control in the EEPROM component of Kapsch
TrafficCom ...)
+ TODO: check
+CVE-2025-23315 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
+ TODO: check
+CVE-2025-23314 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
+ TODO: check
+CVE-2025-23313 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
+ TODO: check
+CVE-2025-23312 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
+ TODO: check
+CVE-2025-23307 (NVIDIA NeMo Curator for all platforms contains a vulnerability
where a ...)
+ TODO: check
+CVE-2025-1994 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a
local ...)
+ TODO: check
+CVE-2025-1501 (An access control vulnerability was discovered in the Request
Trace an ...)
+ TODO: check
+CVE-2025-1494 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a
remote att ...)
+ TODO: check
+CVE-2024-47853 (An issue was discovered in Mahara 23.04.8 and 24.04.4.
Attackers may u ...)
+ TODO: check
+CVE-2024-45753 (In Mahara 23.04.8 and 24.04.4, the external RSS feed block can
cause X ...)
+ TODO: check
+CVE-2024-39335 (Supported versions of Mahara 24.04 before 24.04.1 and 23.04
before 23. ...)
+ TODO: check
+CVE-2025-38676 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec (6.17-rc3)
CVE-2025-9476 (A vulnerability has been found in SourceCodester Human Resource
Inform ...)
@@ -1212,6 +1334,7 @@ CVE-2025-9288 (Improper Input Validation vulnerability in
sha.js allows Input Da
NOTE: https://github.com/browserify/sha.js/pull/78
NOTE: Fixed by:
https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5
(v2.4.12)
CVE-2025-9287 (Improper Input Validation vulnerability in cipher-base allows
Input Da ...)
+ {DSA-5986-1}
- node-cipher-base 1.0.6-1 (bug #1111772)
NOTE:
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
NOTE: https://github.com/browserify/cipher-base/pull/23
@@ -79308,7 +79431,7 @@ CVE-2024-36831 (A NULL pointer dereference in the
plugins_call_handle_uri_clean
NOT-FOR-US: D-Link
CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk
Naviswor ...)
NOT-FOR-US: Autodesk
-CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk
Naviswork ...)
+CVE-2024-12670 (A maliciously crafted DWFX file, when parsed through Autodesk
Naviswor ...)
NOT-FOR-US: Autodesk
CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk
Naviswor ...)
NOT-FOR-US: Autodesk
@@ -102578,7 +102701,7 @@ CVE-2024-7869 (The 123.chat - Video Chat plugin for
WordPress is vulnerable to S
NOT-FOR-US: WordPress plugin
CVE-2024-7675 (A maliciously crafted DWF file, when parsed in w3dtk.dll
through Autod ...)
NOT-FOR-US: Autodesk
-CVE-2024-7674 (A maliciously crafted DWF file, when parsed in dwfcore.dll
through Aut ...)
+CVE-2024-7674 (A maliciously crafted DWFX file, when parsed in dwfcore.dll
through Au ...)
NOT-FOR-US: Autodesk
CVE-2024-7673 (A maliciously crafted DWFX file, when parsed in w3dtk.dll
through Auto ...)
NOT-FOR-US: Autodesk
@@ -674379,7 +674502,7 @@ CVE-2015-7297 (SQL injection vulnerability in Joomla!
3.2 before 3.4.4 allows re
CVE-2015-XXXX [Privilege escalation via core-gui]
- core-network <removed> (bug #799756)
NOTE:
http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
-CVE-2015-7313 (LibTIFF allows remote attackers to cause a denial of service
(memory c ...)
+CVE-2015-7313 (LibTIFF before 4.0.7 allows remote attackers to cause a denial
of serv ...)
- tiff 4.0.7-1 (bug #800124)
[jessie] - tiff <ignored> (Minor issue)
[wheezy] - tiff <not-affected> (Can't reproduce)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6b0ffbf8daccc2f9624a3b30ac4dd27ff94ab4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6b0ffbf8daccc2f9624a3b30ac4dd27ff94ab4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
