Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76fd4960 by security tracker role at 2025-08-20T08:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,61 +1,369 @@
+CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR
software ...)
+ TODO: check
+CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized
modific ...)
+ TODO: check
+CVE-2025-9193 (A flaw has been found in TOTVS Portal Meu RH up to 12.1.17.
Impacted i ...)
+ TODO: check
+CVE-2025-9176 (A security flaw has been discovered in neurobin shc up to
4.0.3. Impac ...)
+ TODO: check
+CVE-2025-9175 (A vulnerability was identified in neurobin shc up to 4.0.3.
This issue ...)
+ TODO: check
+CVE-2025-9174 (A vulnerability was determined in neurobin shc up to 4.0.3.
This vulne ...)
+ TODO: check
+CVE-2025-9171 (A security flaw has been discovered in SolidInvoice up to
2.4.0. The i ...)
+ TODO: check
+CVE-2025-9170 (A vulnerability was identified in SolidInvoice up to 2.4.0. The
affect ...)
+ TODO: check
+CVE-2025-9169 (A vulnerability was determined in SolidInvoice up to 2.4.0.
Impacted i ...)
+ TODO: check
+CVE-2025-9168 (A vulnerability was found in SolidInvoice up to 2.4.0. This
issue affe ...)
+ TODO: check
+CVE-2025-9167 (A vulnerability has been found in SolidInvoice up to 2.4.0.
This vulne ...)
+ TODO: check
+CVE-2025-8618 (The WPC Smart Quick View for WooCommerce plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-8364 (A crafted URL using a blob: URI could have hidden the true
origin of t ...)
+ TODO: check
+CVE-2025-8289 (The Redirection for Contact Form 7 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-8145 (The Redirection for Contact Form 7 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-8141 (The Redirection for Contact Form 7 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-57791 (An issue was discovered in Commvault before 11.36.60. A
security vulne ...)
+ TODO: check
+CVE-2025-57790 (An issue was discovered in Commvault before 11.36.60. A
security vulne ...)
+ TODO: check
+CVE-2025-57789 (An issue was discovered in Commvault before 11.36.60. During
the brief ...)
+ TODO: check
+CVE-2025-57788 (An issue was discovered in Commvault before 11.36.60. A
vulnerability ...)
+ TODO: check
+CVE-2025-57748
+ REJECTED
+CVE-2025-57747
+ REJECTED
+CVE-2025-57746
+ REJECTED
+CVE-2025-57745
+ REJECTED
+CVE-2025-57744
+ REJECTED
+CVE-2025-57743
+ REJECTED
+CVE-2025-57742
+ REJECTED
+CVE-2025-55715 (Insertion of Sensitive Information Into Sent Data
vulnerability in The ...)
+ TODO: check
+CVE-2025-55706 (URL redirection to untrusted site ('Open Redirect') issue
exists in M ...)
+ TODO: check
+CVE-2025-54750 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54735 (Incorrect Privilege Assignment vulnerability in Emraan Cheema
CubeWP F ...)
+ TODO: check
+CVE-2025-54726 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54713 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-54677 (Unrestricted Upload of File with Dangerous Type vulnerability
in vcita ...)
+ TODO: check
+CVE-2025-54670 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54551 (Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a
privilege ...)
+ TODO: check
+CVE-2025-54364 (Microsoft Knack 0.12.0 allows Regular expression Denial of
Service (Re ...)
+ TODO: check
+CVE-2025-54363 (Microsoft Knack 0.12.0 allows Regular expression Denial of
Service (Re ...)
+ TODO: check
+CVE-2025-54145 (The QR scanner could allow arbitrary websites to be opened if
a user w ...)
+ TODO: check
+CVE-2025-54144 (The URL scheme used by Firefox to facilitate searching of text
queries ...)
+ TODO: check
+CVE-2025-54143 (Sandboxed iframes on webpages could potentially allow
downloads to the ...)
+ TODO: check
+CVE-2025-54056 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54055 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54053 (Deserialization of Untrusted Data vulnerability in Adrian
Tobey Ground ...)
+ TODO: check
+CVE-2025-54052 (Cross-Site Request Forgery (CSRF) vulnerability in Realtyna
Realtyna O ...)
+ TODO: check
+CVE-2025-54049 (Incorrect Privilege Assignment vulnerability in miniOrange
Custom API ...)
+ TODO: check
+CVE-2025-54048 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54046 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54044 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54040 (Missing Authorization vulnerability in Webba Appointment
Booking Webba ...)
+ TODO: check
+CVE-2025-54034 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54032 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54031 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54028 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54027 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54025 (Missing Authorization vulnerability in Elliot Sowersby /
RelyWP Coupon ...)
+ TODO: check
+CVE-2025-54021 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54019 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-54017 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54014 (Deserialization of Untrusted Data vulnerability in
QuanticaLabs MediCe ...)
+ TODO: check
+CVE-2025-54012 (Deserialization of Untrusted Data vulnerability in nanbu
Welcart e-Com ...)
+ TODO: check
+CVE-2025-54008 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-54007 (Deserialization of Untrusted Data vulnerability in PickPlugins
Post Gr ...)
+ TODO: check
+CVE-2025-53998 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53993 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53992 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53988 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53987 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53985 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53983 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53580 (Incorrect Privilege Assignment vulnerability in quantumcloud
Simple Bu ...)
+ TODO: check
+CVE-2025-53577 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-53567 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53565 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53564 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53563 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53561 (Path Traversal vulnerability in miniOrange Prevent files /
folders acc ...)
+ TODO: check
+CVE-2025-53560 (Deserialization of Untrusted Data vulnerability in rascals
Noisa allow ...)
+ TODO: check
+CVE-2025-53559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53522 (Movable Type contains an issue with use of less trusted
source. If exp ...)
+ TODO: check
+CVE-2025-53319 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53299 (Deserialization of Untrusted Data vulnerability in ThemeMakers
ThemeMa ...)
+ TODO: check
+CVE-2025-53226 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53213 (Unrestricted Upload of File with Dangerous Type vulnerability
in ELEXt ...)
+ TODO: check
+CVE-2025-53212 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53210 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53208 (Authorization Bypass Through User-Controlled Key vulnerability
in paym ...)
+ TODO: check
+CVE-2025-53207 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53205 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53204 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53201 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53198 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53196 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53194 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2025-49896 (Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP
Discord ...)
+ TODO: check
+CVE-2025-49894 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49893 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49892 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49891 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49889 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49438 (Deserialization of Untrusted Data vulnerability in Max Chirkov
Simple ...)
+ TODO: check
+CVE-2025-49436 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49434 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49428 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49426 (Cross-Site Request Forgery (CSRF) vulnerability in Dourou
Cookie Warni ...)
+ TODO: check
+CVE-2025-49424 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49422 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49420 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49413 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49412 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49411 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49410 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49409 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49408 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPD ...)
+ TODO: check
+CVE-2025-49406 (Missing Authorization vulnerability in favethemes Houzez
allows Access ...)
+ TODO: check
+CVE-2025-49400 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49399 (Cross-Site Request Forgery (CSRF) vulnerability in Basix
NEX-Forms all ...)
+ TODO: check
+CVE-2025-49397 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49396 (Missing Authorization vulnerability in themifyme Themify
Builder allow ...)
+ TODO: check
+CVE-2025-49395 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49391 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch
Designs Sign- ...)
+ TODO: check
+CVE-2025-49389 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49382 (Cross-Site Request Forgery (CSRF) vulnerability in DexignZone
JobZilla ...)
+ TODO: check
+CVE-2025-49381 (Cross-Site Request Forgery (CSRF) vulnerability in ads.txt
Guru ads.tx ...)
+ TODO: check
+CVE-2025-48302 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48298 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48297 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48296 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48171 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48170 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48169 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-48168 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48165 (Incorrect Privilege Assignment vulnerability in DELUCKS
DELUCKS SEO al ...)
+ TODO: check
+CVE-2025-48164 (Incorrect Privilege Assignment vulnerability in Brainstorm
Force SureD ...)
+ TODO: check
+CVE-2025-48163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48162 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48160 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48158 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-48157 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48154 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48152 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48151 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48149 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48148 (Unrestricted Upload of File with Dangerous Type vulnerability
in Store ...)
+ TODO: check
+CVE-2025-48142 (Incorrect Privilege Assignment vulnerability in Saad Iqbal
Bookify all ...)
+ TODO: check
+CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-30975 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a
stored cr ...)
+ TODO: check
CVE-2025-9162
- keycloak <itp> (bug #1088287)
-CVE-2025-55033
+CVE-2025-55033 (Dragging JavaScript links to the URL bar in Focus for iOS
could be uti ...)
NOT-FOR-US: Firefox Focus for iOS
-CVE-2025-55032
+CVE-2025-55032 (Focus for iOS would not respect a Content-Disposition header
of type A ...)
NOT-FOR-US: Firefox Focus for iOS
-CVE-2025-55031
+CVE-2025-55031 (Malicious pages could use Firefox for iOS to pass FIDO: links
to the O ...)
NOT-FOR-US: Firefox Focus for iOS and Firefox for iOS
-CVE-2025-55030
+CVE-2025-55030 (Firefox for iOS would not respect a Content-Disposition header
of type ...)
NOT-FOR-US: Firefox for iOS
-CVE-2025-55029
+CVE-2025-55029 (Malicious scripts could bypass the popup blocker to spam new
tabs, pot ...)
NOT-FOR-US: Firefox for iOS
-CVE-2025-55028
+CVE-2025-55028 (Malicious scripts utilizing repetitive JavaScript alerts could
prevent ...)
NOT-FOR-US: Firefox for iOS
-CVE-2025-9187
+CVE-2025-9187 (Memory safety bugs present in Firefox 141 and Thunderbird 141.
Some of ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9187
-CVE-2025-9186
+CVE-2025-9186 (Spoofing issue in the Address Bar component of Firefox Focus
for Andro ...)
- firefox <not-affected> (Specific to Firefox Focus on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
-CVE-2025-9185
+CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR
128.13, ...)
- firefox-esr 128.14.0esr-1
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9185
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9185
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9185
-CVE-2025-9184
+CVE-2025-9184 (Memory safety bugs present in Firefox ESR 140.1, Thunderbird
ESR 140.1 ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9184
-CVE-2025-9183
+CVE-2025-9183 (Spoofing issue in the Address Bar component. This vulnerability
affect ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9183
-CVE-2025-9182
+CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics:
WebRender com ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
-CVE-2025-9181
+CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This
vulnerab ...)
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9181
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
-CVE-2025-9180
+CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D
component.' This ...)
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9180
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
-CVE-2025-9179
+CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP
process w ...)
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9179
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9179
-CVE-2025-9132
+CVE-2025-9132 (Out of bounds write in V8 in Google Chrome prior to
139.0.7258.138 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9165 (A flaw has been found in LibTIFF 4.7.0. This affects the
function _TIF ...)
@@ -5682,7 +5990,7 @@ CVE-2025-43267 (An injection issue was addressed with
improved validation. This
CVE-2025-43266 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43265 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5724,7 +6032,7 @@ CVE-2025-43243 (A permissions issue was addressed with
additional restrictions.
CVE-2025-43241 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43240 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5748,7 +6056,7 @@ CVE-2025-43230 (The issue was addressed with additional
permissions checks. This
CVE-2025-43229 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed
in iOS 1 ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5756,7 +6064,7 @@ CVE-2025-43228 (The issue was addressed with improved UI.
This issue is fixed in
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43227 (This issue was addressed through improved state management.
This issue ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5782,7 +6090,7 @@ CVE-2025-43218 (An out-of-bounds read was addressed with
improved input validati
CVE-2025-43217 (The issue was addressed by adding additional logic. This issue
is fixe ...)
NOT-FOR-US: Apple
CVE-2025-43216 (A use-after-free issue was addressed with improved memory
management. ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5796,7 +6104,7 @@ CVE-2025-43214 (The issue was addressed with improved
memory handling. This issu
CVE-2025-43213 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43212 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5804,7 +6112,7 @@ CVE-2025-43212 (The issue was addressed with improved
memory handling. This issu
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43211 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5852,7 +6160,7 @@ CVE-2025-31280 (A memory corruption issue was addressed
with improved validation
CVE-2025-31279 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31278 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -5866,7 +6174,7 @@ CVE-2025-31276 (This issue was addressed through improved
state management. This
CVE-2025-31275 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31273 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in trixie)
@@ -7884,10 +8192,10 @@ CVE-2025-8029 (Firefox executed `javascript:` URLs when
used in `object` and `em
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8029
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8029
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8029
-CVE-2025-8042
+CVE-2025-8042 (Firefox for Android allowed a sandboxed iframe without the
`allow-down ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8042
-CVE-2025-8041
+CVE-2025-8041 (In the address bar, Firefox for Android truncated the display
of URLs ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries
could le ...)
@@ -9762,7 +10070,7 @@ CVE-2025-6965 (There exists a vulnerability in SQLite
versions before 3.50.2 whe
[bullseye] - sqlite3 <postponed> (Minor issue)
NOTE:
https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
CVE-2025-6558 (Insufficient validation of untrusted input in ANGLE and GPU in
Google ...)
- {DSA-5978-1 DSA-5963-1}
+ {DSA-5978-1 DSA-5963-1 DLA-4276-1}
- chromium 138.0.7204.157-1
[bullseye] - chromium <end-of-life> (see #1061268)
- webkit2gtk 2.48.5-1
@@ -24936,8 +25244,8 @@ CVE-2025-5263 (Error handling for script execution was
incorrectly isolated from
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5263
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5263
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5263
-CVE-2025-5262
- REJECTED
+CVE-2025-5262 (A double-free could have occurred in `vpx_codec_enc_init_multi`
after ...)
+ TODO: check
CVE-2025-5232 (A vulnerability, which was classified as critical, has been
found in P ...)
NOT-FOR-US: PHPGurukul
CVE-2025-5231 (A vulnerability classified as critical was found in PHPGurukul
Company ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76fd4960fac27965c1517d92fa04094da7fb42df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76fd4960fac27965c1517d92fa04094da7fb42df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
