Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4d84786 by security tracker role at 2025-12-02T08:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2025-66448 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current
HTTP req ...)
+ TODO: check
+CVE-2025-66412 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue
and gin. I ...)
+ TODO: check
+CVE-2025-66405 (Portkey.ai Gateway is a blazing fast AI Gateway with
integrated guardr ...)
+ TODO: check
+CVE-2025-66403 (FileRise is a self-hosted web-based file manager with
multi-file uploa ...)
+ TODO: check
+CVE-2025-66401 (MCP Watch is a comprehensive security scanner for Model
Context Protoc ...)
+ TODO: check
+CVE-2025-66400 (mdast-util-to-hast is an mdast utility to transform to hast.
From 13.0 ...)
+ TODO: check
+CVE-2025-66313 (ChurchCRM is an open-source church management system. In
ChurchCRM 6.2 ...)
+ TODO: check
+CVE-2025-66312 (This admin plugin for Grav is an HTML user interface that
provides a c ...)
+ TODO: check
+CVE-2025-66311 (This admin plugin for Grav is an HTML user interface that
provides a c ...)
+ TODO: check
+CVE-2025-66310 (This admin plugin for Grav is an HTML user interface that
provides a c ...)
+ TODO: check
+CVE-2025-66309 (This admin plugin for Grav is an HTML user interface that
provides a c ...)
+ TODO: check
+CVE-2025-66308 (This admin plugin for Grav is an HTML user interface that
provides a c ...)
+ TODO: check
+CVE-2025-66307 (This admin plugin for Grav is an HTML user interface that
provides a c ...)
+ TODO: check
+CVE-2025-66306 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27,
there is an ...)
+ TODO: check
+CVE-2025-66305 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a
Denial of ...)
+ TODO: check
+CVE-2025-66304 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27,
users with ...)
+ TODO: check
+CVE-2025-66303 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A
Denial of ...)
+ TODO: check
+CVE-2025-66302 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A
path trav ...)
+ TODO: check
+CVE-2025-66301 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due
to impr ...)
+ TODO: check
+CVE-2025-66300 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A
low privi ...)
+ TODO: check
+CVE-2025-66299 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27,
Grav CMS is ...)
+ TODO: check
+CVE-2025-66298 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27,
having a si ...)
+ TODO: check
+CVE-2025-66297 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a
user with ...)
+ TODO: check
+CVE-2025-66296 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a
privilege ...)
+ TODO: check
+CVE-2025-66295 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27,
when a user ...)
+ TODO: check
+CVE-2025-66294 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a
Server-Si ...)
+ TODO: check
+CVE-2025-66206 (Frappe is a full-stack web application framework. Prior to
15.86.0 and ...)
+ TODO: check
+CVE-2025-66205 (Frappe is a full-stack web application framework. Prior to
15.86.0 and ...)
+ TODO: check
+CVE-2025-65840 (PublicCMS V5.202506.b is vulnerable to Cross Site Request
Forgery (CSR ...)
+ TODO: check
+CVE-2025-65622 (Snipe-IT before 8.3.4 allows stored XSS via the Locations
"Country" fi ...)
+ TODO: check
+CVE-2025-65621 (Snipe-IT before 8.3.4 allows stored XSS, allowing a
low-privileged aut ...)
+ TODO: check
+CVE-2025-58488 (Improper verification of source of a communication channel in
SmartTou ...)
+ TODO: check
+CVE-2025-58487 (Improper authorization in Samsung Account prior to version
15.5.01.1 a ...)
+ TODO: check
+CVE-2025-58486 (Improper input validation in Samsung Account prior to version
15.5.01. ...)
+ TODO: check
+CVE-2025-58485 (Improper input validation in Samsung Internet prior to version
29.0.0. ...)
+ TODO: check
+CVE-2025-58484 (Incorrect default permissions in Samsung Cloud Assistant prior
to vers ...)
+ TODO: check
+CVE-2025-58483 (Improper export of android application components in Galaxy
Store for ...)
+ TODO: check
+CVE-2025-58482 (Improper access control in MPLocalService of MotionPhoto prior
to vers ...)
+ TODO: check
+CVE-2025-58481 (Improper access control in MPRemoteService of MotionPhoto
prior to ver ...)
+ TODO: check
+CVE-2025-58480 (Heap-based buffer overflow in libimagecodec.quram.so prior to
SMR Dec- ...)
+ TODO: check
+CVE-2025-58479 (Out-of-bounds read in libimagecodec.quram.so prior to SMR
Dec-2025 Rel ...)
+ TODO: check
+CVE-2025-58478 (Out-of-bounds write in libimagecodec.quram.so prior to SMR
Dec-2025 Re ...)
+ TODO: check
+CVE-2025-58477 (Out-of-bounds write in parsing IFD tag in
libimagecodec.quram.so prior ...)
+ TODO: check
+CVE-2025-58476 (Out-of-bounds read vulnerability in bootloader prior to SMR
Dec-2025 R ...)
+ TODO: check
+CVE-2025-58475 (Improper input validation in libsec-ril.so prior to SMR
Dec-2025 Relea ...)
+ TODO: check
+CVE-2025-58044 (JumpServer is an open source bastion host and an operation and
mainten ...)
+ TODO: check
+CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to
16.10.1 ...)
+ TODO: check
+CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported
that use ...)
+ TODO: check
+CVE-2025-21080 (Improper export of android application components in Dynamic
Lockscree ...)
+ TODO: check
+CVE-2025-21072 (Out-of-bounds write in decoding metadata in fingerprint
trustlet prior ...)
+ TODO: check
+CVE-2025-20792 (In Modem, there is a possible system crash due to improper
input valid ...)
+ TODO: check
+CVE-2025-20791 (In Modem, there is a possible system crash due to incorrect
error hand ...)
+ TODO: check
+CVE-2025-20790 (In Modem, there is a possible system crash due to improper
input valid ...)
+ TODO: check
+CVE-2025-20789 (In GPU pdma, there is a possible information disclosure due to
a missi ...)
+ TODO: check
+CVE-2025-20788 (In GPU pdma, there is a possible memory corruption due to a
missing pe ...)
+ TODO: check
+CVE-2025-20777 (In display, there is a possible out of bounds write due to a
missing b ...)
+ TODO: check
+CVE-2025-20776 (In display, there is a possible out of bounds read due to a
missing bo ...)
+ TODO: check
+CVE-2025-20775 (In display, there is a possible memory corruption due to use
after fre ...)
+ TODO: check
+CVE-2025-20774 (In display, there is a possible out of bounds write due to a
missing b ...)
+ TODO: check
+CVE-2025-20773 (In display, there is a possible memory corruption due to use
after fre ...)
+ TODO: check
+CVE-2025-20772 (In display, there is a possible memory corruption due to use
after fre ...)
+ TODO: check
+CVE-2025-20771 (In display, there is a possible escalation of privilege due to
imprope ...)
+ TODO: check
+CVE-2025-20770 (In display, there is a possible memory corruption due to use
after fre ...)
+ TODO: check
+CVE-2025-20769 (In display, there is a possible out of bounds write due to a
missing b ...)
+ TODO: check
+CVE-2025-20768 (In display, there is a possible out of bounds read due to a
missing bo ...)
+ TODO: check
+CVE-2025-20767 (In display, there is a possible out of bounds write due to an
integer ...)
+ TODO: check
+CVE-2025-20766 (In display, there is a possible memory corruption due to
improper inpu ...)
+ TODO: check
+CVE-2025-20765 (In aee daemon, there is a possible system crash due to a race
conditio ...)
+ TODO: check
+CVE-2025-20764 (In smi, there is a possible out of bounds write due to a
missing bound ...)
+ TODO: check
+CVE-2025-20763 (In mmdvfs, there is a possible out of bounds write due to a
missing bo ...)
+ TODO: check
+CVE-2025-20759 (In Modem, there is a possible out of bounds read due to a
missing boun ...)
+ TODO: check
+CVE-2025-20758 (In Modem, there is a possible system crash due to an uncaught
exceptio ...)
+ TODO: check
+CVE-2025-20757 (In Modem, there is a possible system crash due to improper
input valid ...)
+ TODO: check
+CVE-2025-20756 (In Modem, there is a possible system crash due to a logic
error. This ...)
+ TODO: check
+CVE-2025-20755 (In Modem, there is a possible application crash due to
improper input ...)
+ TODO: check
+CVE-2025-20754 (In Modem, there is a possible system crash due to an incorrect
bounds ...)
+ TODO: check
+CVE-2025-20753 (In Modem, there is a possible system crash due to an uncaught
exceptio ...)
+ TODO: check
+CVE-2025-20752 (In Modem, there is a possible system crash due to a missing
bounds che ...)
+ TODO: check
+CVE-2025-20751 (In Modem, there is a possible system crash due to a missing
bounds che ...)
+ TODO: check
+CVE-2025-20750 (In Modem, there is a possible system crash due to improper
input valid ...)
+ TODO: check
+CVE-2025-13697 (The BlockArt Blocks \u2013 Gutenberg Blocks, Page Builder
Blocks ,Word ...)
+ TODO: check
+CVE-2025-13696 (The Zigaform plugin for WordPress is vulnerable to Sensitive
Informati ...)
+ TODO: check
+CVE-2025-13685 (The Photo Gallery by Ays plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2025-13606 (The Export All Posts, Products, Orders, Refunds & Users plugin
for Wor ...)
+ TODO: check
+CVE-2025-13387 (The Kadence WooCommerce Email Designer plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-13140 (The SurveyJS: Drag & Drop WordPress Form Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2025-13007 (The WP Social Ninja \u2013 Embed Social Feeds, Customer
Reviews, Chat ...)
+ TODO: check
+CVE-2025-13001 (The donation WordPress plugin through 1.0 does not sanitize
and escape ...)
+ TODO: check
+CVE-2025-13000 (The db-access WordPress plugin through 0.8.7 does not have
authorizati ...)
+ TODO: check
+CVE-2025-12529 (The Cost Calculator Builder plugin for WordPress is vulnerable
to arbi ...)
+ TODO: check
+CVE-2025-12483 (The Visualizer: Tables and Charts Manager for WordPress plugin
for Wor ...)
+ TODO: check
+CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in
MeetMe on i ...)
+ TODO: check
+CVE-2024-51999 (Express.js minimalist web framework for node. Prior to 5.2.0
and 4.22. ...)
+ TODO: check
+CVE-2024-45675 (IBM Informix Dynamic Server 14.10 could allow a local user on
the syst ...)
+ TODO: check
CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in
Avast ...)
NOT-FOR-US: Avast Antivirus on MacOS
CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
@@ -2028,7 +2222,7 @@ CVE-2025-60738 (An issue in Ilevia EVE X1 Server Firmware
Version v4.7.18.0.eden
NOT-FOR-US: Ilevia EVE X1 Server Firmware
CVE-2025-60737 (Cross Site Scripting vulnerability in Ilevia EVE X1 Server
Firmware Ve ...)
NOT-FOR-US: Ilevia EVE X1 Server Firmware
-CVE-2025-55128 (HackerOne community member Dao Hoang Anh (yoyomiski) has
reported an u ...)
+CVE-2025-55128 (HackerOne community member Dang Hung Vi (vidang04) has
reported an unc ...)
NOT-FOR-US: Revive Adserver
CVE-2025-55127 (HackerOne community member Dao Hoang Anh (yoyomiski) has
reported an i ...)
NOT-FOR-US: Revive Adserver
@@ -5618,7 +5812,7 @@ CVE-2025-12916 (A vulnerability was determined in Sangfor
Operation and Maintena
NOT-FOR-US: Sangfor Operation and Maintenance Security Management System
CVE-2025-12915 (A vulnerability was found in 70mai X200 up to 20251019. This
issue aff ...)
NOT-FOR-US: 70mai X200
-CVE-2025-12914 (A vulnerability has been found in aaPanel BaoTa up to 11.1.0.
This vul ...)
+CVE-2025-12914 (A vulnerability has been found in aaPanel BaoTa up to 11.2.x.
This vul ...)
NOT-FOR-US: aaPanel BaoTa
CVE-2025-40109 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
{DSA-6053-1 DLA-4379-1}
@@ -38287,7 +38481,7 @@ CVE-2025-53774 (Microsoft 365 Copilot BizChat
Information Disclosure Vulnerabili
NOT-FOR-US: Microsoft
CVE-2025-53767 (Azure OpenAI Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2025-48709 (An issue was discovered in BMC Control-M 9.0.21.300. When
Control-M Se ...)
+CVE-2025-48709 (BMC Control-M/Server 9.0.21.300 displays cleartext database
credential ...)
NOT-FOR-US: BMC
CVE-2025-45765 (ruby-jwt v3.0.0.beta1 was discovered to contain weak
encryption. NOTE: ...)
- ruby-jwt <unfixed> (unimportant)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d84786809b91cd1f04df79598bbe925ac482c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d84786809b91cd1f04df79598bbe925ac482c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
