[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 28 Nov 2025 00:13:18 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0a3377dc by security tracker role at 2025-11-28T08:12:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-66386 (app/Model/EventReport.php in MISP before 2.5.27 allows path 
traversal  ...)
+       TODO: check
+CVE-2025-66385 (UsersController::edit in Cerebrate before 1.30 allows an 
authenticated ...)
+       TODO: check
+CVE-2025-66384 (app/Controller/EventsController.php in MISP before 2.5.24 has 
invalid  ...)
+       TODO: check
+CVE-2025-66382 (In libexpat through 2.7.3, a crafted file with an approximate 
size of  ...)
+       TODO: check
+CVE-2025-66372 (Mustang before 2.16.3 allows exfiltrating files via XXE 
attacks.)
+       TODO: check
+CVE-2025-66371 (Peppol-py before 1.1.1 allows XXE attacks because of the Saxon 
configu ...)
+       TODO: check
+CVE-2025-66370 (Kivitendo before 3.9.2 allows XXE injection. By uploading an 
electroni ...)
+       TODO: check
+CVE-2025-66361 (An issue was discovered in Logpoint before 7.7.0. Sensitive 
informatio ...)
+       TODO: check
+CVE-2025-66360 (An issue was discovered in Logpoint before 7.7.0. An 
improperly config ...)
+       TODO: check
+CVE-2025-66359 (An issue was discovered in Logpoint before 7.7.0. Insufficient 
input v ...)
+       TODO: check
+CVE-2025-64315 (Configuration defect vulnerability in the file management 
module. Impa ...)
+       TODO: check
+CVE-2025-64314 (Permission control vulnerability in the memory management 
module. Impa ...)
+       TODO: check
+CVE-2025-64313 (Denial of service (DoS) vulnerability in the office service. 
Impact: S ...)
+       TODO: check
+CVE-2025-64312 (Permission control vulnerability in the file management 
module. Impact ...)
+       TODO: check
+CVE-2025-64311 (Permission control vulnerability in the Notepad module. 
Impact: Succes ...)
+       TODO: check
+CVE-2025-58316 (DoS vulnerability in the video-related system service module. 
Impact:  ...)
+       TODO: check
+CVE-2025-58315 (Permission control vulnerability in the Wi-Fi module. Impact: 
Successf ...)
+       TODO: check
+CVE-2025-58314 (Vulnerability of accessing invalid memory in the component 
driver modu ...)
+       TODO: check
+CVE-2025-58312 (Permission control vulnerability in the App Lock module. 
Impact: Succe ...)
+       TODO: check
+CVE-2025-58311 (UAF vulnerability in the USB driver module. Impact: Successful 
exploit ...)
+       TODO: check
+CVE-2025-58310 (Permission control vulnerability in the distributed component. 
Impact: ...)
+       TODO: check
+CVE-2025-58309 (Permission control vulnerability in the startup recovery 
module. Impac ...)
+       TODO: check
+CVE-2025-58308 (Vulnerability of improper criterion security check in the call 
module. ...)
+       TODO: check
+CVE-2025-58307 (UAF vulnerability in the screen recording framework module. 
Impact: Su ...)
+       TODO: check
+CVE-2025-58305 (Identity authentication bypass vulnerability in the Gallery 
app. Impac ...)
+       TODO: check
+CVE-2025-58304 (Permission control vulnerability in the file management 
module. Impact ...)
+       TODO: check
+CVE-2025-58303 (UAF vulnerability in the screen recording framework module. 
Impact: Su ...)
+       TODO: check
+CVE-2025-58302 (Permission control vulnerability in the Settings module. 
Impact: Succe ...)
+       TODO: check
+CVE-2025-58294 (Permission control vulnerability in the print module. Impact: 
Successf ...)
+       TODO: check
+CVE-2025-13771 (WebITR developed by Uniong has an Arbitrary File Read 
vulnerability, a ...)
+       TODO: check
+CVE-2025-13770 (WebITR developed by Uniong has a SQL Injection vulnerability, 
allowing ...)
+       TODO: check
+CVE-2025-13769 (WebITR developed by Uniong has a SQL Injection vulnerability, 
allowing ...)
+       TODO: check
+CVE-2025-13768 (WebITR developed by Uniong has an Authentication Bypass 
vulnerability, ...)
+       TODO: check
+CVE-2025-13737 (The Nextend Social Login and Register plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-13338
+       REJECTED
 CVE-2025-58436
        - cups 2.4.15-1
        [trixie] - cups <no-dsa> (Minor issue)
@@ -861,6 +931,7 @@ CVE-2025-10554 (A stored Cross-site Scripting (XSS) 
vulnerability affecting Requ
 CVE-2025-0005 (Improper input validation within the XOCL driver may allow a 
local att ...)
        NOT-FOR-US: AMD
 CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file 
could resul ...)
+       {DSA-6065-1}
        - krita 1:5.2.13+dfsg-1
        NOTE: https://kde.org/info/security/advisory-20250929-1.txt
        NOTE: Fixed by: 
https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8 (v5.2.13)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3377dc089de18d0b01f3706a08232c0095cc21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3377dc089de18d0b01f3706a08232c0095cc21
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to