Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d7c8d2f by security tracker role at 2025-12-05T20:13:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on
APT-bas ...)
+ TODO: check
+CVE-2025-66644 (Array Networks ArrayOS AG before 9.4.5.9 allows command
injection, as ...)
+ TODO: check
+CVE-2025-66624 (BACnet Protocol Stack library provides a BACnet application
layer, net ...)
+ TODO: check
+CVE-2025-66623 (Strimzi provides a way to run an Apache Kafka cluster on
Kubernetes or ...)
+ TODO: check
+CVE-2025-66581 (Frappe Learning Management System (LMS) is a learning system
that help ...)
+ TODO: check
+CVE-2025-66577 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
+ TODO: check
+CVE-2025-66570 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
+ TODO: check
+CVE-2025-66566 (yawkat LZ4 Java provides LZ4 compression for Java.
Insufficient cleari ...)
+ TODO: check
+CVE-2025-66562 (TUUI is a desktop MCP client designed as a tool unitary
utility integr ...)
+ TODO: check
+CVE-2025-66558 (Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor
Provider for N ...)
+ TODO: check
+CVE-2025-66557 (Nextcloud Deck is a kanban style organization tool aimed at
personal p ...)
+ TODO: check
+CVE-2025-66556 (Nextcloud talk is a video & audio conferencing app for
Nextcloud. Prio ...)
+ TODO: check
+CVE-2025-66554 (Contacts app for Nextcloud easily syncs contacts from various
devices ...)
+ TODO: check
+CVE-2025-66553 (Nextcloud Tables allows you to create your own tables with
individual ...)
+ TODO: check
+CVE-2025-66552 (Nextcloud Server is a self hosted personal cloud system. In
Nextcloud ...)
+ TODO: check
+CVE-2025-66551 (Nextcloud Tables allows you to create your own tables with
individual ...)
+ TODO: check
+CVE-2025-66550 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to
4.7.17 an ...)
+ TODO: check
+CVE-2025-66549 (Nextcloud Desktop is the desktop sync client for Nextcloud.
Prior to 3 ...)
+ TODO: check
+CVE-2025-66548 (Nextcloud Deck is a kanban style organization tool aimed at
personal p ...)
+ TODO: check
+CVE-2025-66547 (Nextcloud Server is a self hosted personal cloud system. In
Nextcloud ...)
+ TODO: check
+CVE-2025-66546 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to
4.7.19, 5 ...)
+ TODO: check
+CVE-2025-66545 (Nextcloud Groupfolders provides admin-configured folders
shared by eve ...)
+ TODO: check
+CVE-2025-66515 (The Nextcloud Approval app allows approval or disapproval of
files in ...)
+ TODO: check
+CVE-2025-66514 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted
productivi ...)
+ TODO: check
+CVE-2025-66513 (Nextcloud Tables allows you to create your own tables with
individual ...)
+ TODO: check
+CVE-2025-66512 (Nextcloud Server is a self hosted personal cloud system. In
Nextcloud ...)
+ TODO: check
+CVE-2025-66511 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to
6.0.3, th ...)
+ TODO: check
+CVE-2025-66510 (Nextcloud Server is a self hosted personal cloud system. In
Nextcloud ...)
+ TODO: check
+CVE-2025-66471 (urllib3 is a user-friendly HTTP client library for Python.
Starting in ...)
+ TODO: check
+CVE-2025-66418 (urllib3 is a user-friendly HTTP client library for Python.
Starting in ...)
+ TODO: check
+CVE-2025-65897 (zdh_web is a data collection, processing, monitoring,
scheduling, and ...)
+ TODO: check
+CVE-2025-65879 (Warehouse Management System 1.2 contains an authenticated
arbitrary fi ...)
+ TODO: check
+CVE-2025-65878 (The warehouse management system version 1.2 contains an
arbitrary file ...)
+ TODO: check
+CVE-2025-65730 (Authentication Bypass via Hardcoded Credentials GoAway up to
v0.62.18, ...)
+ TODO: check
+CVE-2025-65036 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
+ TODO: check
+CVE-2025-64057 (Directory traversal vulnerability in Fanvil x210 V2 2.12.20
allows una ...)
+ TODO: check
+CVE-2025-64056 (File upload vulnerability in Fanvil x210 V2 2.12.20 allows
unauthentic ...)
+ TODO: check
+CVE-2025-64054 (A reflected Cross Site Scripting (XSS) vulnerability on Fanvil
x210 2. ...)
+ TODO: check
+CVE-2025-64053 (A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices
allows ...)
+ TODO: check
+CVE-2025-64052 (An issue was discovered in Fanvil x210 V2 2.12.20 allowing
unauthentic ...)
+ TODO: check
+CVE-2025-46603 (Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and
prior, conta ...)
+ TODO: check
+CVE-2025-34266 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34265 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34264 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34263 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34262 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34261 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34260 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34259 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34258 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34257 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
+ TODO: check
+CVE-2025-34256 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
hard-cod ...)
+ TODO: check
+CVE-2025-14104 (A flaw was found in util-linux. This vulnerability allows a
heap buffe ...)
+ TODO: check
+CVE-2025-14094 (A flaw has been found in Edimax BR-6478AC V3 1.0.15. The
affected elem ...)
+ TODO: check
+CVE-2025-14093 (A vulnerability was detected in Edimax BR-6478AC V3 1.0.15.
Impacted i ...)
+ TODO: check
+CVE-2025-14092 (A security vulnerability has been detected in Edimax BR-6478AC
V3 1.0. ...)
+ TODO: check
+CVE-2025-14091 (A weakness has been identified in TrippWasTaken
PHP-Guitar-Shop up to ...)
+ TODO: check
+CVE-2025-14090 (A security flaw has been discovered in AMTT Hotel Broadband
Operation ...)
+ TODO: check
+CVE-2025-14089 (A vulnerability was identified in Himool ERP up to 2.2.
Affected by th ...)
+ TODO: check
+CVE-2025-14088 (A vulnerability was determined in ketr JEPaaS up to 7.2.8.
Affected by ...)
+ TODO: check
+CVE-2025-14086 (A vulnerability was found in youlaitech youlai-mall
1.0.0/2.0.0. Affec ...)
+ TODO: check
+CVE-2025-14085 (A vulnerability has been found in youlaitech youlai-mall
1.0.0/2.0.0. ...)
+ TODO: check
+CVE-2025-13739 (The CryptX plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2025-13682 (The Trail Manager plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-13678 (The Thai Lottery Widget plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-13654 (A stack buffer overflow vulnerability exists in the buffer_get
functio ...)
+ TODO: check
+CVE-2025-13620 (The Wp Social Login and Register Social Counter plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-13614 (The Cool Tag Cloud plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-12879 (The User Generator and Importer plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-12876 (The Projectopia \u2013 WordPress Project Management plugin for
WordPre ...)
+ TODO: check
+CVE-2025-12851 (The My auctions allegro plugin for WordPress is vulnerable to
Local Fi ...)
+ TODO: check
+CVE-2020-36882 (Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to
upload a ...)
+ TODO: check
+CVE-2020-36881 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow
vulnerabili ...)
+ TODO: check
+CVE-2020-36880 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow
vulnerabili ...)
+ TODO: check
+CVE-2020-36879 (Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to
elevate ...)
+ TODO: check
+CVE-2020-36878 (ReQuest Serious Play Media Player 3.0 contains an
unauthenticated file ...)
+ TODO: check
+CVE-2020-36877 (ReQuest Serious Play F3 Media Server 7.0.3 contains an
unauthenticated ...)
+ TODO: check
+CVE-2020-36876 (ReQuest Serious Play F3 Media Server versions 7.0.3.4968
(Pro), 7.0.2. ...)
+ TODO: check
CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WatchGuard
CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to
execute syst ...)
@@ -594,19 +750,19 @@ CVE-2025-40216 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b (6.16-rc4)
-CVE-2025-66200 [mod_userdir+suexec bypass via AllowOverride FileInfo]
+CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo
vulnerability in ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
-CVE-2025-65082 [CGI environment variable override]
+CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
-CVE-2025-59775 [NTLM Leakage on Windows through UNC SSRF]
+CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache
HTTP Serv ...)
- apache2 <not-affected> (Only affects Apache on Windows)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-59775
-CVE-2025-58098 [Server Side Includes adds query string to #exec cmd=...]
+CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side
Includes (SSI) ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
-CVE-2025-55753 [mod_md (ACME), unintended retry intervals]
+CVE-2025-55753 (An integer overflow in the case of failed ACME certificate
renewal lea ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
CVE-2025-40215 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
@@ -719,7 +875,7 @@ CVE-2025-54065 (GZDoom is a feature centric port for all
Doom engine games. GZDo
- gzdoom <itp> (bug #609352)
CVE-2025-53965 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
NOT-FOR-US: Samsung
-CVE-2025-53841 (Akamai Guardicore Platform Agent before 52.1.1 allows an
unprivileged ...)
+CVE-2025-53841 (The GC-AGENTS-SERVICE running as part of Akamai\xb4s
Guardicore Platfo ...)
NOT-FOR-US: Akamai Guardicore Platform Agent
CVE-2025-50361 (Buffer Overflow was found in SmallBASIC community SmallBASIC
with SDL ...)
- smallbasic <itp> (bug #844314)
@@ -1691,7 +1847,7 @@ CVE-2025-53897 (Kiteworks MFT orchestrates end-to-end
file transfer workflows. P
NOT-FOR-US: Kiteworks
CVE-2025-53896 (Kiteworks MFT orchestrates end-to-end file transfer workflows.
Prior t ...)
NOT-FOR-US: Kiteworks
-CVE-2024-9183
+CVE-2024-9183 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-51736 (File upload vulnerability in HCL Technologies Ltd. Unica
12.0.0.)
NOT-FOR-US: HCL
@@ -2717,7 +2873,7 @@ CVE-2025-10554 (A stored Cross-site Scripting (XSS)
vulnerability affecting Requ
CVE-2025-0005 (Improper input validation within the XOCL driver may allow a
local att ...)
NOT-FOR-US: AMD
CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file
could resul ...)
- {DSA-6065-1}
+ {DSA-6065-1 DLA-4395-1}
- krita 1:5.2.13+dfsg-1
NOTE: https://kde.org/info/security/advisory-20250929-1.txt
NOTE: Fixed by:
https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8 (v5.2.13)
@@ -12506,7 +12662,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress
is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication
mechanism rev ...)
NOT-FOR-US: langgenius/dify-web
-CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.2 is
vulnerable to ...)
+CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.1 is
vulnerable to ...)
{DSA-6071-1 DLA-4365-2 DLA-4365-1}
- unbound 1.24.2-1
[bookworm] - unbound <no-dsa> (Minor issue; will be fixed via point
release for more exposure before release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7c8d2fed7567f2e7388b91960555795f314814
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7c8d2fed7567f2e7388b91960555795f314814
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
