Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b15379c by security tracker role at 2025-12-03T20:12:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2025-7044 (An Improper Input Validation vulnerability exists in the user
websocke ...)
+ TODO: check
+CVE-2025-66489 (Cal.com is open-source scheduling software. Prior to 5.9.8, A
flaw in ...)
+ TODO: check
+CVE-2025-66478
+ REJECTED
+CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written
entirely ...)
+ TODO: check
+CVE-2025-66431 (WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on
Linux a ...)
+ TODO: check
+CVE-2025-66411 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2025-66406 (Step CA is an online certificate authority for secure,
automated certi ...)
+ TODO: check
+CVE-2025-66222 (DeepChat is a smart assistant uses artificial intelligence. In
0.5.0 a ...)
+ TODO: check
+CVE-2025-66220 (Envoy is a high-performance edge/middle/service proxy. In
1.33.12, 1.3 ...)
+ TODO: check
+CVE-2025-66208 (Collabora Online - Built-in CODE Server (richdocumentscode)
provides a ...)
+ TODO: check
+CVE-2025-66032 (Claude Code is an agentic coding tool. Prior to 1.0.93, Due to
errors ...)
+ TODO: check
+CVE-2025-65843 (Aquarius Desktop 3.0.069 for macOS contains an insecure file
handling ...)
+ TODO: check
+CVE-2025-65842 (The Aquarius HelperTool (1.0.003) privileged XPC service on
macOS cont ...)
+ TODO: check
+CVE-2025-65841 (Aquarius Desktop 3.0.069 for macOS stores user authentication
credenti ...)
+ TODO: check
+CVE-2025-65345 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable
to Direct ...)
+ TODO: check
+CVE-2025-65320 (Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are
vulnerable ...)
+ TODO: check
+CVE-2025-65267 (In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper
validation ...)
+ TODO: check
+CVE-2025-65097 (RomM (ROM Manager) allows users to scan, enrich, browse and
play their ...)
+ TODO: check
+CVE-2025-65096 (RomM (ROM Manager) allows users to scan, enrich, browse and
play their ...)
+ TODO: check
+CVE-2025-65027 (RomM (ROM Manager) allows users to scan, enrich, browse and
play their ...)
+ TODO: check
+CVE-2025-64763 (Envoy is a high-performance edge/middle/service proxy. In
1.33.12, 1.3 ...)
+ TODO: check
+CVE-2025-64527 (Envoy is a high-performance edge/middle/service proxy. In
1.33.12, 1.3 ...)
+ TODO: check
+CVE-2025-64443 (MCP Gateway allows easy and secure running and deployment of
MCP serve ...)
+ TODO: check
+CVE-2025-63402 (An issue in HCL Technologies Limited HCLTech GRAGON before
v.7.6.0 all ...)
+ TODO: check
+CVE-2025-63401 (Cross Site Scripting vulnerability in HCL Technologies Limited
HCLTech ...)
+ TODO: check
+CVE-2025-62686 (A local privilege escalation vulnerability exists in the
Plugin Allian ...)
+ TODO: check
+CVE-2025-57202 (A stored cross-site scripting (XSS) vulnerability in the
PwdGrp.cgi en ...)
+ TODO: check
+CVE-2025-57201 (AVTECH SECURITY Corporation DGM1104
FullImg-1015-1004-1006-1003 was di ...)
+ TODO: check
+CVE-2025-57200 (AVTECH SECURITY Corporation DGM1104
FullImg-1015-1004-1006-1003 was di ...)
+ TODO: check
+CVE-2025-57199 (AVTECH SECURITY Corporation DGM1104
FullImg-1015-1004-1006-1003 was di ...)
+ TODO: check
+CVE-2025-57198 (AVTECH SECURITY Corporation DGM1104
FullImg-1015-1004-1006-1003 was di ...)
+ TODO: check
+CVE-2025-55182 (A pre-authentication remote code execution vulnerability
exists in Rea ...)
+ TODO: check
+CVE-2025-55076 (A local privilege escalation vulnerability exists in the
InstallationH ...)
+ TODO: check
+CVE-2025-54326 (An issue was discovered in Camera in Samsung Mobile Processor
Exynos 1 ...)
+ TODO: check
+CVE-2025-54065 (GZDoom is a feature centric port for all Doom engine games.
GZDoom is ...)
+ TODO: check
+CVE-2025-53965 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
+ TODO: check
+CVE-2025-53841 (Akamai Guardicore Platform Agent before 52.1.1 allows an
unprivileged ...)
+ TODO: check
+CVE-2025-50361 (Buffer Overflow was found in SmallBASIC community SmallBASIC
with SDL ...)
+ TODO: check
+CVE-2025-50360 (A heap buffer overflow in compiler.c and compiler.h in Pepper
language ...)
+ TODO: check
+CVE-2025-39665 (User enumeration in Nagvis' Checkmk MultisiteAuth before
version 1.9.4 ...)
+ TODO: check
+CVE-2025-34319 (TOTOLINK N300RT wireless router firmware versions prior
toV3.4.0-B2025 ...)
+ TODO: check
+CVE-2025-33211 (NVIDIA Triton Server for Linux contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2025-33208 (NVIDIA TAO contains a vulnerability where an attacker may
cause a reso ...)
+ TODO: check
+CVE-2025-33201 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2025-29864 (Protection Mechanism Failure vulnerability in ESTsoft ALZip on
Windows ...)
+ TODO: check
+CVE-2025-20389 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and
9.2.10, ...)
+ TODO: check
+CVE-2025-20388 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and
9.2.10, ...)
+ TODO: check
+CVE-2025-20387 (In Splunk Universal Forwarder for Windows versions below
10.0.2, 9.4.6 ...)
+ TODO: check
+CVE-2025-20386 (In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6,
9.3.8, ...)
+ TODO: check
+CVE-2025-20385 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and
9.2.10, ...)
+ TODO: check
+CVE-2025-20384 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and
9.2.10, ...)
+ TODO: check
+CVE-2025-20383 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and
9.2.10, ...)
+ TODO: check
+CVE-2025-20382 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and
9.2.10, ...)
+ TODO: check
+CVE-2025-20381 (In Splunk MCP Server app versions below 0.2.4, a user with
access to t ...)
+ TODO: check
+CVE-2025-13992 (Side-channel information leakage in Navigation and Loading in
Google C ...)
+ TODO: check
+CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm
1.0.0/1.0.1. Impac ...)
+ TODO: check
+CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to
20251011. ...)
+ TODO: check
+CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows
remote, user- ...)
+ TODO: check
+CVE-2025-13756 (The Fluent Booking plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-13751 (Interactive service agent in OpenVPN version 2.5.0 through
2.7_rc2 on ...)
+ TODO: check
+CVE-2025-13492 (A potential security vulnerability has been identified in HP
Image Ass ...)
+ TODO: check
+CVE-2025-13472 (A fix was made in BlazeMeter Jenkins Plugin version 4.27 to
allow user ...)
+ TODO: check
+CVE-2025-13401 (The Autoptimize plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-13390 (The WP Directory Kit plugin for WordPress is vulnerable to
authenticat ...)
+ TODO: check
+CVE-2025-13359 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger
with Open ...)
+ TODO: check
+CVE-2025-13354 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger
with Open ...)
+ TODO: check
+CVE-2025-13342 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13109 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
+ TODO: check
+CVE-2025-12887 (The Post SMTP plugin for WordPress is vulnerable to
authorization bypa ...)
+ TODO: check
+CVE-2025-12819 (Untrusted search path in auth_query connection handler in
PgBouncer be ...)
+ TODO: check
+CVE-2025-12744 (A flaw was found in the ABRT daemon\u2019s handling of
user-supplied m ...)
+ TODO: check
+CVE-2025-12385 (Allocation of Resources Without Limits or Throttling, Improper
Validat ...)
+ TODO: check
+CVE-2025-12358 (The ShopEngine Elementor WooCommerce Builder Addon plugin for
WordPres ...)
+ TODO: check
+CVE-2025-12084 (When building nested elements using xml.dom.minidom methods
such as ap ...)
+ TODO: check
+CVE-2024-3884 (A flaw was found in Undertow that can cause remote denial of
service a ...)
+ TODO: check
+CVE-2024-32643 (Masa CMS is an open source Enterprise Content Management
platform. Pri ...)
+ TODO: check
+CVE-2024-32642 (Masa CMS is an open source Enterprise Content Management
platform. Pri ...)
+ TODO: check
+CVE-2024-32641 (Masa CMS is an open source Enterprise Content Management
platform. Mas ...)
+ TODO: check
CVE-2025-12548
NOT-FOR-US: Eclipse Che
CVE-2025-65955 (ImageMagick is free and open-source software used for editing
and mani ...)
@@ -104,7 +260,7 @@ CVE-2025-64070 (Sourcecodester Student Grades Management
System v1.0 is vulnerab
NOT-FOR-US: SourceCodester
CVE-2025-63872 (DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability,
which al ...)
NOT-FOR-US: DeepSeek
-CVE-2025-61727 [crypto/x509: excluded subdomain constraint doesn't preclude
wildcard SAN]
+CVE-2025-61727 (An excluded subdomain constraint in a certificate chain does
not restr ...)
- golang-1.25 <unfixed> (bug #1121847)
- golang-1.24 <unfixed> (bug #1121848)
- golang-1.19 <removed>
@@ -2489,7 +2645,7 @@ CVE-2025-63888 (The read function in file
thinkphp\library\think\template\driver
NOT-FOR-US: ThinkPHP
CVE-2025-63848 (Stored cross site scripting (xss) vulnerability in SWISH
prolog thru 2 ...)
NOT-FOR-US: SWISH SWI-Prolog
-CVE-2025-63700 (An issue was discovered in Clerk-js 5.88.0 allowing attackers
to bypas ...)
+CVE-2025-63700 (An issue was discovered in clerk-js 5.88.0 allowing attackers
to bypas ...)
NOT-FOR-US: Clerk-js
CVE-2025-62731 (SOPlanning is vulnerable to Stored XSS in /feriesendpoint.
Malicious a ...)
NOT-FOR-US: SOPlanning
@@ -2958,7 +3114,7 @@ CVE-2025-11243 (Allocation of Resources Without Limits or
Throttling vulnerabili
CVE-2025-12106 (Insufficient argument validation in OpenVPN 2.7_alpha1 through
2.7_rc1 ...)
- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
-CVE-2025-13086 [HMAC verification check: fix incorrect memcmp() call]
+CVE-2025-13086 (Improper validation of source IP addresses in OpenVPN version
2.6.0 th ...)
[experimental] - openvpn 2.7.0~rc2-1
- openvpn 2.7.0~rc2-2 (bug #1121086)
[bullseye] - openvpn <not-affected> (Vulnerable code not present)
@@ -10529,7 +10685,8 @@ CVE-2025-10579 (The BackWPup \u2013 WordPress Backup &
Restore Plugin plugin for
NOT-FOR-US: WordPress plugin
CVE-2025-10488 (The Directorist: AI-Powered Business Directory Plugin with
Classified ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-52099 (Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0
allows a rem ...)
+CVE-2025-52099
+ REJECTED
- sqlite3 3.46.1-4 (unimportant)
NOTE:
https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2406257
@@ -35316,7 +35473,7 @@ CVE-2025-2988 (IBM Sterling B2B Integrator and IBM
Sterling File Gateway 6.0.0.0
CVE-2024-45062 (A stack based buffer overflow vulnerability is present in
OpenPrinting ...)
- ippusbxd <removed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071
-CVE-2024-44373 (A Path Traversal vulnerability in AllSky v2023.05.01_04 allows
an unau ...)
+CVE-2024-44373 (A Path Traversal vulnerability in AllSky v2023.05.01 through
v2024.12. ...)
NOT-FOR-US: AllSky
CVE-2025-38615 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.16.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b15379cf225f9e31d9731aa875e16c72af0458d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b15379cf225f9e31d9731aa875e16c72af0458d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
