Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d599f649 by security tracker role at 2025-12-02T20:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,216 @@
-CVE-2025-64460 [Potential denial-of-service vulnerability in XML serializer
text extraction]
+CVE-2025-66468 (The Aimeos GrapesJS CMS extension provides page editor for
creating co ...)
+ TODO: check
+CVE-2025-66460 (Lookyloo is a web interface that allows users to capture a
website pag ...)
+ TODO: check
+CVE-2025-66459 (Lookyloo is a web interface that allows users to capture a
website pag ...)
+ TODO: check
+CVE-2025-66458 (Lookyloo is a web interface that allows users to capture a
website pag ...)
+ TODO: check
+CVE-2025-66454 (Arcade MCP allows you to to create, deploy, and share MCP
Servers. Pri ...)
+ TODO: check
+CVE-2025-66416 (The MCP Python SDK, called `mcp` on PyPI, is a Python
implementation o ...)
+ TODO: check
+CVE-2025-66414 (MCP TypeScript SDK is the official TypeScript SDK for Model
Context Pr ...)
+ TODO: check
+CVE-2025-66409 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2025-66399 (Cacti is an open source performance and fault management
framework. Pr ...)
+ TODO: check
+CVE-2025-65896 (SQL injection vulnerability in long2ice assyncmy thru 0.2.10
allows at ...)
+ TODO: check
+CVE-2025-65881 (Sourcecodester Zoo Management System v1.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2025-65877 (Lvzhou CMS before commit
c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (202 ...)
+ TODO: check
+CVE-2025-65858 (A Stored Cross-Site Scripting (XSS) vulnerability in
Calibre-Web v0.6. ...)
+ TODO: check
+CVE-2025-65844 (EverShop 2.0.1 allows an unauthenticated user to upload files
and crea ...)
+ TODO: check
+CVE-2025-65656 (dcat-admin v2.2.3-beta and before is vulnerable to file
inclusion in a ...)
+ TODO: check
+CVE-2025-65379 (PHPGurukul Billing System 1.0 is vulnerable to SQL Injection
in the /a ...)
+ TODO: check
+CVE-2025-65358 (Edoc-doctor-appointment-system v1.0.1 was discovered to
contain SQl in ...)
+ TODO: check
+CVE-2025-65215 (Sourcecodester Web-based Pharmacy Product Management System
v1.0 is vu ...)
+ TODO: check
+CVE-2025-65187 (A Stored Cross Site Scripting vulnerability exists in CiviCRM
before v ...)
+ TODO: check
+CVE-2025-65186 (Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS).
The page ...)
+ TODO: check
+CVE-2025-65105 (Apptainer is an open source container platform. In Apptainer
versions ...)
+ TODO: check
+CVE-2025-64750 (SingularityCE and SingularityPRO are open source container
platforms. ...)
+ TODO: check
+CVE-2025-64070 (Sourcecodester Student Grades Management System v1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-63872 (DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability,
which al ...)
+ TODO: check
+CVE-2025-61729 (Within HostnameError.Error(), when constructing an error
string, there ...)
+ TODO: check
+CVE-2025-60854 (A vulnerability has been found in D-Link R15 (AX1500) 1.20.01
and belo ...)
+ TODO: check
+CVE-2025-60736 (code-projects Online Medicine Guide 1.0 is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2025-59705 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59704 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59703 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59702 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59701 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59700 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59699 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59698 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59697 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59696 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59695 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
+ TODO: check
+CVE-2025-59694 (The Chassis Management Board in Entrust nShield Connect XC,
nShield 5c ...)
+ TODO: check
+CVE-2025-59693 (The Chassis Management Board in Entrust nShield Connect XC,
nShield 5c ...)
+ TODO: check
+CVE-2025-58386 (In Terminalfour 8 through 8.4.1.1, the userLevel parameter in
the user ...)
+ TODO: check
+CVE-2025-58113 (An out-of-bounds read vulnerability exists in the EMF
functionality of ...)
+ TODO: check
+CVE-2025-57850 (A container privilege escalation flaw was found in certain
CodeReady W ...)
+ TODO: check
+CVE-2025-52622 (The BigFix SaaS's HTTP responses were missing some security
headers. T ...)
+ TODO: check
+CVE-2025-41744 (Sprecher Automations SPRECON-E seriesuses default
cryptographic keys t ...)
+ TODO: check
+CVE-2025-41743 (Insufficient encryption strength in Sprecher Automation
SPRECON-E-C, S ...)
+ TODO: check
+CVE-2025-41742 (Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3is
vulnerab ...)
+ TODO: check
+CVE-2025-41086 (Vulnerability in the access control system of the GAMS
licensing syste ...)
+ TODO: check
+CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability
that allo ...)
+ TODO: check
+CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version
20250304. This ...)
+ TODO: check
+CVE-2025-41014 (User Enumeration Vulnerability in TCMAN GIM v11 version
20250304. This ...)
+ TODO: check
+CVE-2025-41013 (SQL injection vulnerability in TCMAN GIM v11 in version
20250304. This ...)
+ TODO: check
+CVE-2025-41012 (Unauthorized access vulnerability in TCMAN GIM v11 version
20250304. T ...)
+ TODO: check
+CVE-2025-40700 (Reflected Cross-Site Scripting (XSS) in IDI Eikon's
Governalia. The vu ...)
+ TODO: check
+CVE-2025-34352 (JumpCloud Remote Assist for Windows versions prior to 0.317.0
include ...)
+ TODO: check
+CVE-2025-13879 (Directory traversal vulnerability in SOLIDserver IPAM v8.2.3.
This vul ...)
+ TODO: check
+CVE-2025-13877 (A vulnerability was detected in nocobase up to
1.9.4/2.0.0-alpha.37. T ...)
+ TODO: check
+CVE-2025-13876 (A security vulnerability has been detected in Rareprob HD
Video Player ...)
+ TODO: check
+CVE-2025-13875 (A weakness has been identified in Yohann0617 oci-helper up to
3.2.4. T ...)
+ TODO: check
+CVE-2025-13873 (Stored Cross-Site Scripting (XSS) in the survey-import feature
of Obje ...)
+ TODO: check
+CVE-2025-13872 (Blind Server-Side Request Forgery (SSRF) in the survey-import
feature ...)
+ TODO: check
+CVE-2025-13871 (Cross-Site Request Forgery (CSRF) in the resource-management
feature o ...)
+ TODO: check
+CVE-2025-13870 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail
to vali ...)
+ TODO: check
+CVE-2025-13828 (SummaryA non privileged user can install and remove arbitrary
packages ...)
+ TODO: check
+CVE-2025-13827 (Summary Arbitrary files can be uploaded via the GrapesJS
Builder, as t ...)
+ TODO: check
+CVE-2025-13731 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin
for WordP ...)
+ TODO: check
+CVE-2025-13724 (The VikRentCar Car Rental Management System plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2025-13721 (Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a
remote at ...)
+ TODO: check
+CVE-2025-13720 (Bad cast in Loader in Google Chrome prior to 143.0.7499.41
allowed a r ...)
+ TODO: check
+CVE-2025-13658 (A vulnerability in Longwatch devices allows unauthenticated
HTTP GET r ...)
+ TODO: check
+CVE-2025-13640 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
+ TODO: check
+CVE-2025-13639 (Inappropriate implementation in WebRTC in Google Chrome prior
to 143.0 ...)
+ TODO: check
+CVE-2025-13638 (Use after free in Media Stream in Google Chrome prior to
143.0.7499.41 ...)
+ TODO: check
+CVE-2025-13637 (Inappropriate implementation in Downloads in Google Chrome
prior to 14 ...)
+ TODO: check
+CVE-2025-13636 (Inappropriate implementation in Split View in Google Chrome
prior to 1 ...)
+ TODO: check
+CVE-2025-13635 (Inappropriate implementation in Downloads in Google Chrome
prior to 14 ...)
+ TODO: check
+CVE-2025-13634 (Inappropriate implementation in Downloads in Google Chrome on
Windows ...)
+ TODO: check
+CVE-2025-13633 (Use after free in Digital Credentials in Google Chrome prior
to 143.0. ...)
+ TODO: check
+CVE-2025-13632 (Inappropriate implementation in DevTools in Google Chrome
prior to 143 ...)
+ TODO: check
+CVE-2025-13631 (Inappropriate implementation in Google Updater in Google
Chrome on Mac ...)
+ TODO: check
+CVE-2025-13630 (Type Confusion in V8 in Google Chrome prior to 143.0.7499.41
allowed a ...)
+ TODO: check
+CVE-2025-13542 (The DesignThemes LMS plugin for WordPress is vulnerable to
Privilege E ...)
+ TODO: check
+CVE-2025-13534 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin
for Wor ...)
+ TODO: check
+CVE-2025-13516 (The SureMail \u2013 SMTP and Email Logs Plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-13510 (The Iskra iHUB and iHUB Lite smart metering gateway exposes
its web ma ...)
+ TODO: check
+CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-13353 (In gokey versions <0.2.0, a flaw in the seed decryption logic
resulte ...)
+ TODO: check
+CVE-2025-13295 (Insertion of Sensitive Information Into Sent Data
vulnerability in Arg ...)
+ TODO: check
+CVE-2025-13090 (The WP Directory Kit plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2025-12630 (The Upload.am WordPress plugin before 1.0.1 is vulnerable to
arbitrar ...)
+ TODO: check
+CVE-2025-12465 (A Blind SQL injection vulnerability has been identified in
QuickCMS. I ...)
+ TODO: check
+CVE-2025-11789 (Out-of-bounds read vulnerability in Circutor
SGE-PLC1000/SGE-PLC50 v9. ...)
+ TODO: check
+CVE-2025-11788 (Heap-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE-P ...)
+ TODO: check
+CVE-2025-11787 (Command injection vulnerability in the operating system in
Circutor SG ...)
+ TODO: check
+CVE-2025-11786 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11785 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11784 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11783 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11782 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11781 (Use of hardcoded cryptographic keys in Circutor
SGE-PLC1000/SGE-PLC50 ...)
+ TODO: check
+CVE-2025-11780 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11779 (Stack-based buffer overflow vulnerability in
CircutorSGE-PLC1000/SGE-P ...)
+ TODO: check
+CVE-2025-11778 (Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50
v0.9.2. ...)
+ TODO: check
+CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang)
versions <=1.5 ...)
+ TODO: check
+CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- python-django <unfixed> (bug #1121788)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
(4.2.27)
-CVE-2025-13372 [Potential SQL injection in FilteredRelation column aliases on
PostgreSQL]
+CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- python-django <unfixed> (bug #1121788)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
(4.2.27)
@@ -196,7 +404,8 @@ CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page
Builder plugin for Word
NOT-FOR-US: WordPress plugin
CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in
MeetMe on i ...)
TODO: check
-CVE-2024-51999 (Express.js minimalist web framework for node. Prior to 5.2.0
and 4.22. ...)
+CVE-2024-51999
+ REJECTED
TODO: check
CVE-2024-45675 (IBM Informix Dynamic Server 14.10 could allow a local user on
the syst ...)
NOT-FOR-US: IBM
@@ -5643,15 +5852,20 @@ CVE-2018-25124 (PacsOne Server version 6.6.2 (prior
versions are likely affected
NOT-FOR-US: PacsOne Server
CVE-2025-8768
REJECTED
-CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie
configuratio ...)
+CVE-2025-64690
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64689 (In JetBrains YouTrack before 2025.3.104432 misconfiguration in
the Jun ...)
+CVE-2025-64689
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64688 (In JetBrains YouTrack before 2025.3.104432 missing VCS URL
validation ...)
+CVE-2025-64688
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64687 (In JetBrains YouTrack before 2025.3.104432 improper access
control all ...)
+CVE-2025-64687
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64686 (In JetBrains YouTrack before 2025.3.104432 missing user
principal clea ...)
+CVE-2025-64686
+ REJECTED
NOT-FOR-US: JetBrains
CVE-2025-64685 (In JetBrains YouTrack before 2025.3.104432 missing TLS
certificate val ...)
NOT-FOR-US: JetBrains
@@ -6817,6 +7031,7 @@ CVE-2025-10853 (A reflected cross-site scripting (XSS)
vulnerability exists in t
CVE-2025-10713 (An XML External Entity (XXE) vulnerability exists in multiple
WSO2 pro ...)
NOT-FOR-US: WSO2
CVE-2023-43000 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -7144,6 +7359,7 @@ CVE-2025-43493 (The issue was addressed with improved
checks. This issue is fixe
CVE-2025-43481 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2025-43480 (The issue was addressed with improved checks. This issue is
fixed in S ...)
+ {DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -7285,6 +7501,7 @@ CVE-2025-43421 (Multiple issues were addressed by
disabling array allocation sin
CVE-2025-43420 (A race condition was addressed with improved state handling.
This issu ...)
NOT-FOR-US: Apple
CVE-2025-43419 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6042-1}
- webkit2gtk 2.50.0-1
- wpewebkit 2.50.0-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -15070,7 +15287,7 @@ CVE-2025-11581 (A security vulnerability has been
detected in PowerJob up to 5.1
NOT-FOR-US: PowerJob
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This
affects t ...)
NOT-FOR-US: PowerJob
-CVE-2025-11579 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail
to vali ...)
+CVE-2025-11579 (github.com/nwaples/rardecode versions <=2.1.1 fail to restrict
the dic ...)
- golang-github-nwaples-rardecode 2.2.1-1 (bug #1117936)
NOTE:
https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9
(v2.2.0)
CVE-2025-11190 (The Kiwire Captive Portal contains an open redirection issue
via the l ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d599f649a887daa5c2a979a3045a9a0b68896572
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d599f649a887daa5c2a979a3045a9a0b68896572
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
