Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fb22ebf by security tracker role at 2025-12-01T08:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-64772 (The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an
issue wit ...)
+ TODO: check
+CVE-2025-61619 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-61618 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-61617 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-61610 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-61609 (In modem, there is a possible system crash due to improper
input valid ...)
+ TODO: check
+CVE-2025-61608 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-61607 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-3012 (In dpc modem, there is a possible system crash due to null
pointer der ...)
+ TODO: check
+CVE-2025-35028 (By providing a command-line argument starting with a
semi-colon ; to a ...)
+ TODO: check
+CVE-2025-13814 (A security flaw has been discovered in moxi159753 Mogu Blog v2
up to 5 ...)
+ TODO: check
+CVE-2025-13813 (A vulnerability was identified in moxi159753 Mogu Blog v2 up
to 5.2. T ...)
+ TODO: check
+CVE-2025-13811 (A vulnerability was determined in jsnjfz WebStack-Guns 1.0.
This vulne ...)
+ TODO: check
+CVE-2025-13810 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. This
affects th ...)
+ TODO: check
+CVE-2025-13809 (A vulnerability has been found in orionsec orion-ops up to
5925824997a ...)
+ TODO: check
+CVE-2025-13808 (A flaw has been found in orionsec orion-ops up to
5925824997a3109651bb ...)
+ TODO: check
+CVE-2025-13807 (A vulnerability was detected in orionsec orion-ops up to
5925824997a31 ...)
+ TODO: check
+CVE-2025-13806 (A security vulnerability has been detected in nutzam NutzBoot
up to 2. ...)
+ TODO: check
+CVE-2025-13805 (A weakness has been identified in nutzam NutzBoot up to
2.6.0-SNAPSHOT ...)
+ TODO: check
+CVE-2025-13804 (A security flaw has been discovered in nutzam NutzBoot up to
2.6.0-SNA ...)
+ TODO: check
+CVE-2025-13803 (A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The
affected ...)
+ TODO: check
+CVE-2025-13802 (A vulnerability was determined in jairiidriss
RestaurantWebsite up to ...)
+ TODO: check
+CVE-2025-13800 (A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c.
This iss ...)
+ TODO: check
+CVE-2025-13799 (A vulnerability has been found in ADSLR NBR1005GPEV2
250814-r037c. Thi ...)
+ TODO: check
+CVE-2025-13798 (A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This
affects ...)
+ TODO: check
+CVE-2025-13797 (A vulnerability was detected in ADSLR B-QE2W401 250814-r037c.
Affected ...)
+ TODO: check
+CVE-2025-13796 (A security vulnerability has been detected in deco-cx apps up
to 0.120 ...)
+ TODO: check
+CVE-2025-13795 (A weakness has been identified in codingWithElias School
Management Sy ...)
+ TODO: check
+CVE-2025-11133 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-11132 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
+CVE-2025-11131 (In nr modem, there is a possible system crash due to improper
input va ...)
+ TODO: check
CVE-2025-13793 (A weakness has been identified in winston-dsouza
Ecommerce-Website up ...)
NOT-FOR-US: winston-dsouza Ecommerce-Website
CVE-2025-13792 (A security flaw has been discovered in Qualitor 8.20/8.24.
Affected by ...)
@@ -527,6 +589,7 @@ CVE-2025-12571 (GitLab has remediated an issue in GitLab
CE/EE affecting all ver
CVE-2025-11461 (Multiple SQL Injections in Frappe CRM Dashboard Controller due
to unsa ...)
NOT-FOR-US: Frappe CRM
CVE-2021-4472 (The mistral-dashboard plugin for openstack has a local file
inclusion ...)
+ {DLA-4392-1 DLA-4391-1}
- mistral-dashboard 15.0.0~rc1-1
- python-mistralclient 1:4.3.0-2
NOTE: https://review.opendev.org/c/openstack/mistral-dashboard/+/800952
@@ -4399,9 +4462,11 @@ CVE-2025-40110 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/5ac2c0279053a2c5265d46903432fb26ae2d0da2 (6.18-rc1)
CVE-2025-3717 (When using the Grafana Snowflake Datasource Plugin, if Oauth
passthrou ...)
NOT-FOR-US: Grafana Snowflake Datasource Plugin
-CVE-2025-13047 (Bacteriology Laboratory Reporting System developed by ViewLead
Technol ...)
+CVE-2025-13047
+ REJECTED
NOT-FOR-US: Bacteriology Laboratory Reporting System
-CVE-2025-13046 (Bacteriology Laboratory Reporting System developed by ViewLead
Technol ...)
+CVE-2025-13046
+ REJECTED
NOT-FOR-US: Bacteriology Laboratory Reporting System
CVE-2025-12901 (The Asgaros Forum plugin for WordPress is vulnerable to
Cross-Site Req ...)
NOT-FOR-US: WordPress plugin
@@ -10802,7 +10867,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress
is vulnerable to Stored
CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication
mechanism rev ...)
NOT-FOR-US: langgenius/dify-web
CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.2 is
vulnerable to ...)
- {DLA-4365-1}
+ {DLA-4365-2 DLA-4365-1}
- unbound 1.24.2-1
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/a33f0638e1dacf2633cf2292078a674576bca852
(release-1.24.1)
@@ -71268,6 +71333,7 @@ CVE-2025-32790 (Dify is an open-source LLM app
development platform. In versions
CVE-2025-32442 (Fastify is a fast and low overhead web framework, for Node.js.
In vers ...)
NOT-FOR-US: Fastify
CVE-2025-32434 (PyTorch is a Python package that provides tensor computation
with stro ...)
+ {DLA-4389-1}
- pytorch 2.6.0+dfsg-1
[bookworm] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-53q9-r3pm-6pq6
@@ -111118,21 +111184,25 @@ CVE-2024-9427 (A vulnerability in Koji was found.
An unsanitized input allows fo
CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected
by an Im ...)
NOT-FOR-US: Adobe
CVE-2024-4982 (A directory traversal vulnerability was discovered in Pagure
server. I ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280726
NOTE: Fixed by:
https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0 (5.14.1)
CVE-2024-4981 (A vulnerability was discovered in Pagure server. If a malicious
user w ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280723
NOTE: Fixed by:
https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4 (5.14.1)
CVE-2024-47516 (A vulnerability was found in Pagure. An argument injection in
Git duri ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315805
NOTE: Fixed by:
https://pagure.io/pagure/c/1db796dd0fa85c5f30f1e7123638e237f73bc92d (5.14.1)
CVE-2024-47515 (A vulnerability was found in Pagure. Support of symbolic links
during ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315806
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb22ebfdd1818369f6e55ec51db4892577f100e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb22ebfdd1818369f6e55ec51db4892577f100e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
