Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27dd3e61 by security tracker role at 2025-09-03T20:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,255 @@
+CVE-2025-9959 (Incomplete validation of dunder attributes allows an attacker
to escap ...)
+ TODO: check
+CVE-2025-9926 (A vulnerability was determined in projectworlds Travel
Management Syst ...)
+ TODO: check
+CVE-2025-9925 (A vulnerability was found in projectworlds Travel Management
System 1. ...)
+ TODO: check
+CVE-2025-9924 (A vulnerability has been found in projectworlds Travel
Management Syst ...)
+ TODO: check
+CVE-2025-9923 (A flaw has been found in Campcodes Sales and Inventory System
1.0. Thi ...)
+ TODO: check
+CVE-2025-9922 (A security vulnerability has been detected in Campcodes Sales
and Inve ...)
+ TODO: check
+CVE-2025-9921 (A weakness has been identified in code-projects POS Pharmacy
System 1. ...)
+ TODO: check
+CVE-2025-9920 (A security flaw has been discovered in Campcodes Recruitment
Managemen ...)
+ TODO: check
+CVE-2025-9919 (A vulnerability was identified in 1000projects Beauty Parlour
Manageme ...)
+ TODO: check
+CVE-2025-9901 (A flaw was found in libsoup\u2019s caching mechanism,
SoupCache, where ...)
+ TODO: check
+CVE-2025-9824 (ImpactThe attacker can validate if a user exists by checking
the time ...)
+ TODO: check
+CVE-2025-9823 (SummaryA Cross-Site Scripting (XSS) vulnerability allows an
attacker t ...)
+ TODO: check
+CVE-2025-9822 (SummaryA user with administrator rights can change the
configuration o ...)
+ TODO: check
+CVE-2025-9821 (SummaryUsers with webhook permissions can conduct SSRF via
webhooks. I ...)
+ TODO: check
+CVE-2025-9365 (Fuji Electric FRENIC-Loader 4 is vulnerable to a
deserialization of un ...)
+ TODO: check
+CVE-2025-9219 (The Post SMTP \u2013 WP SMTP Plugin with Email Logs and Mobile
App for ...)
+ TODO: check
+CVE-2025-58644 (Deserialization of Untrusted Data vulnerability in
enituretechnology L ...)
+ TODO: check
+CVE-2025-58643 (Deserialization of Untrusted Data vulnerability in
enituretechnology L ...)
+ TODO: check
+CVE-2025-58642 (Deserialization of Untrusted Data vulnerability in
enituretechnology L ...)
+ TODO: check
+CVE-2025-58641 (Server-Side Request Forgery (SSRF) vulnerability in
kamleshyadav Exit ...)
+ TODO: check
+CVE-2025-58640 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58639 (Missing Authorization vulnerability in Ali Khallad Contact
Form By Meg ...)
+ TODO: check
+CVE-2025-58637 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58635 (Missing Authorization vulnerability in PalsCode Support Genix
allows E ...)
+ TODO: check
+CVE-2025-58634 (Missing Authorization vulnerability in peachpay PeachPay
Payments allo ...)
+ TODO: check
+CVE-2025-58633 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58632 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58631 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58625 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58624 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58623 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58622 (Missing Authorization vulnerability in yydevelopment Mobile
Contact Li ...)
+ TODO: check
+CVE-2025-58621 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58620 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58618 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58617 (Missing Authorization vulnerability in FAKTOR VIER F4 Media
Taxonomies ...)
+ TODO: check
+CVE-2025-58616 (Missing Authorization vulnerability in Frisbii Frisbii Pay
allows Expl ...)
+ TODO: check
+CVE-2025-58615 (Server-Side Request Forgery (SSRF) vulnerability in gfazioli
WP Banner ...)
+ TODO: check
+CVE-2025-58614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58613 (Missing Authorization vulnerability in Barn2 Plugins Posts
Table with ...)
+ TODO: check
+CVE-2025-58612 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58611 (Cross-Site Request Forgery (CSRF) vulnerability in Tickera
Tickera all ...)
+ TODO: check
+CVE-2025-58610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58609 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58608 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58607 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58606 (Missing Authorization vulnerability in CozyThemes SaasLauncher
allows ...)
+ TODO: check
+CVE-2025-58605 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58604 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-58603 (Missing Authorization vulnerability in Surfer Surfer allows
Exploiting ...)
+ TODO: check
+CVE-2025-58602 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58601 (Missing Authorization vulnerability in RadiusTheme Classified
Listing ...)
+ TODO: check
+CVE-2025-58600 (Missing Authorization vulnerability in Cozmoslabs Paid Member
Subscrip ...)
+ TODO: check
+CVE-2025-58599 (Missing Authorization vulnerability in tychesoftwares Order
Delivery D ...)
+ TODO: check
+CVE-2025-58598 (Insertion of Sensitive Information Into Debugging Code
vulnerability i ...)
+ TODO: check
+CVE-2025-58597 (Authorization Bypass Through User-Controlled Key vulnerability
in Tomd ...)
+ TODO: check
+CVE-2025-58596 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58594 (Missing Authorization vulnerability in themefusecom Brizy
allows Explo ...)
+ TODO: check
+CVE-2025-58593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58460 (A missing permission check in Jenkins OpenTelemetry Plugin
3.1543.v844 ...)
+ TODO: check
+CVE-2025-58459 (Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and
earlier does ...)
+ TODO: check
+CVE-2025-58458 (In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field
form val ...)
+ TODO: check
+CVE-2025-57151 (phpgurukul Complaint Management System 2.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2025-57150 (phpgurukul Complaint Management System in PHP 2.0 is
vulnerable to Cro ...)
+ TODO: check
+CVE-2025-57149 (phpgurukul Complaint Management System 2.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2025-57148 (phpgurukul Online Shopping Portal 2.0 is vulnerable to
Arbitrary File ...)
+ TODO: check
+CVE-2025-57147 (A SQL Injection vulnerability was found in phpgurukul
Complaint Manage ...)
+ TODO: check
+CVE-2025-57146 (phpgurukul Complaint Management System in PHP 2.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2025-57052 (cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the
decode_ ...)
+ TODO: check
+CVE-2025-56803 (Figma Desktop for Windows version 125.6.5 contains a command
injection ...)
+ TODO: check
+CVE-2025-56761 (Memos 0.22 is vulnerable to Stored Cross site scripting (XSS)
vulnerab ...)
+ TODO: check
+CVE-2025-56760 (When Memos 0.22 is configured to store objects locally, an
attacker ca ...)
+ TODO: check
+CVE-2025-56752 (A vulnerability in the Ruijie RG-ES series switch firmware
ESW_1.0(1)B ...)
+ TODO: check
+CVE-2025-56689 (An issue was discovered in Quest One Identity 7.5.1.20903. A
crafted r ...)
+ TODO: check
+CVE-2025-56608 (The SourceCodester Android application "Corona Virus Tracker
App India ...)
+ TODO: check
+CVE-2025-56498 (An OS command injection vulnerability exists in PLDT WiFi
Router's Pro ...)
+ TODO: check
+CVE-2025-56435 (SQL Injection vulnerability in FoxCMS v1.2.6 and before allows
a remot ...)
+ TODO: check
+CVE-2025-56139 (LinkedIn Mobile Application for Android version 4.1.1087.2
fails to up ...)
+ TODO: check
+CVE-2025-55944 (Slink v1.4.9 allows stored cross-site scripting (XSS) via
crafted SVG ...)
+ TODO: check
+CVE-2025-55852 (Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the
formWif ...)
+ TODO: check
+CVE-2025-55162 (Envoy is an open source L7 proxy and communication bus
designed for la ...)
+ TODO: check
+CVE-2025-53694 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2025-53693 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
+ TODO: check
+CVE-2025-53691 (Deserialization of Untrusted Data vulnerability in Sitecore
Experience ...)
+ TODO: check
+CVE-2025-53690 (Deserialization of Untrusted Data vulnerability in Sitecore
Experience ...)
+ TODO: check
+CVE-2025-52494 (Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a
denial-of- ...)
+ TODO: check
+CVE-2025-48876
+ REJECTED
+CVE-2025-47421 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
+ TODO: check
+CVE-2025-45805 (In phpgurukul Doctor Appointment Management System 1.0, an
authenticat ...)
+ TODO: check
+CVE-2025-41000 (Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4
from UXB L ...)
+ TODO: check
+CVE-2025-3701 (Missing Authorization vulnerability in Malcure Web Security
Malcure Ma ...)
+ TODO: check
+CVE-2025-36193 (IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly
assigns pri ...)
+ TODO: check
+CVE-2025-2416 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-2415 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-26210 (An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1
through V3. ...)
+ TODO: check
+CVE-2025-20336 (A vulnerability in the directory permissions of Cisco Desk
Phone 9800 ...)
+ TODO: check
+CVE-2025-20335 (A vulnerability in the directory permissions of Cisco Desk
Phone 9800 ...)
+ TODO: check
+CVE-2025-20330 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2025-20328 (A vulnerability in the user profile component of Cisco Webex
Meetings ...)
+ TODO: check
+CVE-2025-20326 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2025-20291 (A vulnerability in Cisco Webex Meetings could have allowed an
unauthen ...)
+ TODO: check
+CVE-2025-20287 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
+ TODO: check
+CVE-2025-20280 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
+ TODO: check
+CVE-2025-20270 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
+ TODO: check
+CVE-2025-1740 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-0878 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-0280 (A security vulnerability in HCL Compass can allow attacker to
gain una ...)
+ TODO: check
+CVE-2024-43166 (Incorrect Default Permissions vulnerability in Apache
DolphinScheduler ...)
+ TODO: check
+CVE-2024-43115 (Improper Input Validation vulnerability in Apache
DolphinScheduler. An ...)
+ TODO: check
+CVE-2024-13068 (Origin Validation Error vulnerability in Akinsoft LimonDesk
allows For ...)
+ TODO: check
+CVE-2024-13066 (Improper Restriction of Rendered UI Layers or Frames
vulnerability in ...)
+ TODO: check
+CVE-2024-13065 (Improper Enforcement of Behavioral Workflow, Uncontrolled
Resource Con ...)
+ TODO: check
+CVE-2024-13064 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-13063 (Authorization Bypass Through User-Controlled Key vulnerability
in Akin ...)
+ TODO: check
+CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is
vulnerab ...)
+ TODO: check
CVE-2025-57833
- python-django 3:4.2.24-1 (bug #1113865)
NOTE:
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
(4.2.24)
NOTE:
https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
(5.2.6)
-CVE-2025-9867
+CVE-2025-9867 (Inappropriate implementation in Downloads in Google Chrome on
Android ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-9866
+CVE-2025-9866 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-9865
+CVE-2025-9865 (Inappropriate implementation in Toolbar in Google Chrome on
Android pr ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-9864
+CVE-2025-9864 (Use after free in V8 in Google Chrome prior to 140.0.7339.80
allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-38678 [netfilter: nf_tables: reject duplicate device on updates]
+CVE-2025-38678 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.16.3-1
NOTE:
https://git.kernel.org/linus/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973 (6.17-rc2)
CVE-2025-9848 (A security vulnerability has been detected in ScriptAndTools
Real Esta ...)
@@ -3372,7 +3606,7 @@ CVE-2025-9288 (Improper Input Validation vulnerability in
sha.js allows Input Da
NOTE: https://github.com/browserify/sha.js/pull/78
NOTE: Fixed by:
https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5
(v2.4.12)
CVE-2025-9287 (Improper Input Validation vulnerability in cipher-base allows
Input Da ...)
- {DSA-5986-1}
+ {DSA-5986-1 DLA-4291-1}
- node-cipher-base 1.0.6-1 (bug #1111772)
NOTE:
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
NOTE: https://github.com/browserify/cipher-base/pull/23
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27dd3e617fd07d5c7fa8a788442370021c274a01
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27dd3e617fd07d5c7fa8a788442370021c274a01
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
