Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
624e4b6a by security tracker role at 2025-12-01T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in
Avast ...)
+ TODO: check
+CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2025-7007 (NULL Pointer Dereference vulnerability in Avast Antivirus on
MacOS, Av ...)
+ TODO: check
+CVE-2025-6349 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2025-65838 (PublicCMS V5.202506.b is vulnerable to path traversal via the
doUpload ...)
+ TODO: check
+CVE-2025-65836 (PublicCMS V5.202506.b is vulnerable to SSRF. in the chat
interface of ...)
+ TODO: check
+CVE-2025-65794
+ REJECTED
+CVE-2025-65793
+ REJECTED
+CVE-2025-65408 (A NULL pointer dereference in the
ADTSAudioFileServerMediaSubsession:: ...)
+ TODO: check
+CVE-2025-65407 (A use-after-free in the MPEG1or2Demux::newElementaryStream()
function ...)
+ TODO: check
+CVE-2025-65406 (A heap overflow in the
MatroskaFile::createRTPSinkForTrackNumber() fun ...)
+ TODO: check
+CVE-2025-65405 (A use-after-free in the
ADTSAudioFileSource::samplingFrequency() funct ...)
+ TODO: check
+CVE-2025-65404 (A buffer overflow in the getSideInfo2() function of Live555
Streaming ...)
+ TODO: check
+CVE-2025-65403 (A buffer overflow in the g_cfg.MaxUsers component of LightFTP
v2.0 all ...)
+ TODO: check
+CVE-2025-64775 (Denial of Service vulnerability in Apache Struts, file leak in
multipa ...)
+ TODO: check
+CVE-2025-64030 (Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable
to auth ...)
+ TODO: check
+CVE-2025-63535 (A SQL injection vulnerability exists in the Blood Bank
Management Syst ...)
+ TODO: check
+CVE-2025-63534 (A cross-site scripting (XSS) vulnerability exists in the Blood
Bank Ma ...)
+ TODO: check
+CVE-2025-63533 (A cross-site scripting (XSS) vulnerability exists in the Blood
Bank Ma ...)
+ TODO: check
+CVE-2025-63532 (A SQL injection vulnerability exists in the Blood Bank
Management Syst ...)
+ TODO: check
+CVE-2025-63531 (A SQL injection vulnerability exists in the Blood Bank
Management Syst ...)
+ TODO: check
+CVE-2025-63529 (A session fixation vulnerability exists in Blood Bank
Management Syste ...)
+ TODO: check
+CVE-2025-63528 (A cross-site scripting (XSS) vulnerability exists in the Blood
Bank Ma ...)
+ TODO: check
+CVE-2025-63527 (A cross-site scripting (XSS) vulnerability exists in the Blood
Bank Ma ...)
+ TODO: check
+CVE-2025-63526 (A cross-site scripting (XSS) vulnerability exists in the Blood
Bank Ma ...)
+ TODO: check
+CVE-2025-63525 (An issue was discovered in Blood Bank Management System 1.0
allowing a ...)
+ TODO: check
+CVE-2025-63523 (FeehiCMS version 2.1.1 fails to enforce server-side
immutability for p ...)
+ TODO: check
+CVE-2025-63522 (Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the
Comments Man ...)
+ TODO: check
+CVE-2025-63520 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via
the id ...)
+ TODO: check
+CVE-2025-63365 (SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory
Traversal. ...)
+ TODO: check
+CVE-2025-63317 (Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in
/api/v1/u ...)
+ TODO: check
+CVE-2025-63095 (Improper input validation in the BitstreamWriter::write_bits()
functio ...)
+ TODO: check
+CVE-2025-61229 (An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow
a local ...)
+ TODO: check
+CVE-2025-61228 (An issue in Shirt Pocket SuperDuper! V.3.10 and before allows
a local ...)
+ TODO: check
+CVE-2025-59789 (Uncontrolled recursion in the json2pb component in Apache bRPC
(versio ...)
+ TODO: check
+CVE-2025-58408 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt
Pocket Supe ...)
+ TODO: check
+CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
+ TODO: check
+CVE-2025-55221 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
+ TODO: check
+CVE-2025-54851 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
+ TODO: check
+CVE-2025-54850 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
+ TODO: check
+CVE-2025-54849 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
+ TODO: check
+CVE-2025-54848 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
+ TODO: check
+CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2
allows ...)
+ TODO: check
+CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side,
which allows ...)
+ TODO: check
+CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to
cause dispro ...)
+ TODO: check
+CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by
local us ...)
+ TODO: check
+CVE-2025-41739 (An unauthenticated remote attacker, who beats a race
condition, can ex ...)
+ TODO: check
+CVE-2025-41738 (An unauthenticated remote attacker may cause the visualisation
server ...)
+ TODO: check
+CVE-2025-41700 (An unauthenticated attacker can trick a local user into
executing arbi ...)
+ TODO: check
+CVE-2025-41070 (Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's
Clicked ...)
+ TODO: check
+CVE-2025-3500 (Integer Overflow or Wraparound vulnerability in Avast Antivirus
(25.1. ...)
+ TODO: check
+CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an
integer o ...)
+ TODO: check
+CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the
oauth.authorize ac ...)
+ TODO: check
+CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP
functionality ...)
+ TODO: check
+CVE-2025-23417 (A denial of service vulnerability exists in the Modbus RTU
over TCP fu ...)
+ TODO: check
+CVE-2025-20085 (A denial of service vulnerability exists in the Modbus RTU
over TCP fu ...)
+ TODO: check
+CVE-2025-13837 (When loading a plist file, the plistlib module reads data in
size spec ...)
+ TODO: check
+CVE-2025-13836 (When reading an HTTP response from a server, if no read amount
is spec ...)
+ TODO: check
+CVE-2025-13835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-13829 (Incorrect Authorization vulnerability in Data Illusion
Zumbrunn NGSurv ...)
+ TODO: check
+CVE-2025-13819 (Open redirect in the web server component of MiR Robot and
Fleet softw ...)
+ TODO: check
+CVE-2025-13816 (A security vulnerability has been detected in moxi159753 Mogu
Blog v2 ...)
+ TODO: check
+CVE-2025-13815 (A weakness has been identified in moxi159753 Mogu Blog v2 up
to 5.2. T ...)
+ TODO: check
+CVE-2025-13653 (In Search Guard FLX versions from 3.1.0 up to 4.0.0 with
enterprise mo ...)
+ TODO: check
+CVE-2025-13296 (Cross-Site Request Forgery (CSRF) vulnerability in Tekrom
Technology I ...)
+ TODO: check
+CVE-2025-13129 (Improper Enforcement of Behavioral Workflow vulnerability in
Seneka So ...)
+ TODO: check
+CVE-2025-12756 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1,
10.11.x <= 1 ...)
+ TODO: check
+CVE-2025-11772 (A carefully crafted DLL, copied to C:\ProgramData\Synaptics
folder ...)
+ TODO: check
+CVE-2025-11699 (nopCommerce v4.70 and prior, and version 4.80.3, does not
invalidate s ...)
+ TODO: check
+CVE-2025-10101 (Heap-based Buffer Overflow, Out-of-bounds Write vulnerability
in Avast ...)
+ TODO: check
+CVE-2024-56089 (An issue in Technitium through v13.2.2 enables attackers to
conduct a ...)
+ TODO: check
+CVE-2024-53684 (A cross-site request forgery (csrf) vulnerability exists in
the WEBVIE ...)
+ TODO: check
+CVE-2024-49572 (A denial of service vulnerability exists in the Modbus TCP
functionali ...)
+ TODO: check
+CVE-2024-48894 (A cleartext transmission vulnerability exists in the WEBVIEW-M
functio ...)
+ TODO: check
+CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP
functionali ...)
+ TODO: check
+CVE-2024-45370 (An authentication bypass vulnerability exists in the User
profile mana ...)
+ TODO: check
+CVE-2024-39148 (The service wmp-agent of KerOS prior 5.12 does not properly
validate s ...)
+ TODO: check
+CVE-2024-32388 (Due to a firewall misconfiguration, Kerlink devices running
KerOS prio ...)
+ TODO: check
+CVE-2024-32384 (Kerlink gateways running KerOS prior to version 5.10 expose
their web ...)
+ TODO: check
CVE-2025-64772 (The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an
issue wit ...)
NOT-FOR-US: INZONE Hub
CVE-2025-61619 (In nr modem, there is a possible system crash due to improper
input va ...)
@@ -62,7 +224,7 @@ CVE-2025-11131 (In nr modem, there is a possible system
crash due to improper in
NOT-FOR-US: Unisoc
CVE-2025-13793 (A weakness has been identified in winston-dsouza
Ecommerce-Website up ...)
NOT-FOR-US: winston-dsouza Ecommerce-Website
-CVE-2025-13792 (A security flaw has been discovered in Qualitor 8.20/8.24.
Affected by ...)
+CVE-2025-13792 (A security flaw has been discovered in Qualitor up to
8.20.104/8.24.97 ...)
NOT-FOR-US: Qualitor
CVE-2025-13791 (A vulnerability was identified in Scada-LTS up to 2.7.8.1.
Affected is ...)
NOT-FOR-US: Scada-LTS
@@ -2268,7 +2430,7 @@ CVE-2025-12056 (Out-of-bounds Read in Shelly Pro
3EM(before v1.4.4) allows Overr
NOT-FOR-US: Shelly Pro 3EM
CVE-2025-11243 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
NOT-FOR-US: Shelly Pro 4PM
-CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
+CVE-2025-12106 (Insufficient argument validation in OpenVPN 2.7_alpha1 through
2.7_rc1 ...)
- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
CVE-2025-13086 [HMAC verification check: fix incorrect memcmp() call]
@@ -618384,7 +618546,7 @@ CVE-2018-1111 (DHCP packages in Red Hat Enterprise
Linux 6 and 7, Fedora 28, and
CVE-2018-1110 (A flaw was found in knot-resolver before version 2.3.0.
Malformed DNS ...)
- knot-resolver 2.3.0-1 (bug #896681)
NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2
-CVE-2018-1109 (A vulnerability was found in Braces versions prior to 2.3.1.
Affected ...)
+CVE-2018-1109 (A vulnerability was found in Braces versions 2.2.0 and above,
prior to ...)
- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
NOTE: https://snyk.io/vuln/npm:braces:20180219
NOTE: Introduced by:
https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113
(2.2.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/624e4b6a094fc315b12fe9379efd5491f9ff0208
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/624e4b6a094fc315b12fe9379efd5491f9ff0208
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
