Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c97662fb by security tracker role at 2025-12-08T20:12:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,247 @@
+CVE-2025-66461 (FULLBACK Manager Pro provided by GS Yuasa International Ltd.
registers ...)
+ TODO: check
+CVE-2025-66334 (Denial of service (DoS) vulnerability in the office service.
Impact: S ...)
+ TODO: check
+CVE-2025-66333 (Denial of service (DoS) vulnerability in the office service.
Impact: S ...)
+ TODO: check
+CVE-2025-66332 (Denial of service (DoS) vulnerability in the office service.
Impact: S ...)
+ TODO: check
+CVE-2025-66331 (Denial of service (DoS) vulnerability in the office service.
Impact: S ...)
+ TODO: check
+CVE-2025-66330 (App lock verification bypass vulnerability in the file
management app. ...)
+ TODO: check
+CVE-2025-66329 (Permission control vulnerability in the window management
module. Impa ...)
+ TODO: check
+CVE-2025-66328 (Multi-thread race condition vulnerability in the network
management mo ...)
+ TODO: check
+CVE-2025-66327 (Race condition vulnerability in the network module.Impact:
Successful ...)
+ TODO: check
+CVE-2025-66326 (Race condition vulnerability in the audio module. Impact:
Successful e ...)
+ TODO: check
+CVE-2025-66325 (Permission control vulnerability in the package management
module. Imp ...)
+ TODO: check
+CVE-2025-66324 (Input verification vulnerability in the compression and
decompression ...)
+ TODO: check
+CVE-2025-66323 (Vulnerability of improper criterion security check in the card
module. ...)
+ TODO: check
+CVE-2025-66322 (Multi-thread race condition vulnerability in the camera
framework modu ...)
+ TODO: check
+CVE-2025-65849 (A cryptanalytic break in Altcha Proof-of-Work obfuscation mode
version ...)
+ TODO: check
+CVE-2025-65804 (Tenda AX3 v16.03.12.11 contains a stack overflow in
formSetIptv via th ...)
+ TODO: check
+CVE-2025-65799 (A lack of file name validation or verification in the
Attachment servi ...)
+ TODO: check
+CVE-2025-65798 (Incorrect access control in usememos memos v0.25.2 allows
attackers wi ...)
+ TODO: check
+CVE-2025-65797 (Incorrect access control in the Identity Provider service of
usememos ...)
+ TODO: check
+CVE-2025-65796 (Incorrect access control in usememos memos v0.25.2 allows
attackers wi ...)
+ TODO: check
+CVE-2025-65795 (Incorrect access control in the /api/v1/user endpoint of
usememos memo ...)
+ TODO: check
+CVE-2025-65548 (NUT-14 allows cashu tokens to be created with a preimage hash.
However ...)
+ TODO: check
+CVE-2025-65363 (Authenticated append-style command-injection Ruijie APs
(AP_RGOS 11.1. ...)
+ TODO: check
+CVE-2025-65271 (Client-side template injection (CSTI) in Azuriom CMS admin
dashboard a ...)
+ TODO: check
+CVE-2025-65231 (Barix Instreamer v04.06 and earlier is vulnerable to Cross
Site Script ...)
+ TODO: check
+CVE-2025-65230 (Barix Instreamer v04.06 and v04.05 contains a stored
cross-site script ...)
+ TODO: check
+CVE-2025-64081 (SQL injection vulnerability in /php/api_patient_schedule.php
in Source ...)
+ TODO: check
+CVE-2025-63721 (HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml
component allow ...)
+ TODO: check
+CVE-2025-61318 (Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability.
This vu ...)
+ TODO: check
+CVE-2025-60912 (phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF)
vulnerabil ...)
+ TODO: check
+CVE-2025-59391 (A memory disclosure vulnerability exists in libcoap's OSCORE
configura ...)
+ TODO: check
+CVE-2025-58279 (Permission control vulnerability in the media library module.
Impact: ...)
+ TODO: check
+CVE-2025-48639 (In DefaultTransitionHandler.java, there is a possible way to
unknowing ...)
+ TODO: check
+CVE-2025-48638 (In __pkvm_load_tracing of trace.c, there is a possible
out-of-bounds w ...)
+ TODO: check
+CVE-2025-48637 (In multiple functions of mem_protect.c, there is a possible
out of bou ...)
+ TODO: check
+CVE-2025-48633 (In hasAccountsOnAnyUser of DevicePolicyManagerService.java,
there is a ...)
+ TODO: check
+CVE-2025-48632 (In setDisplayName of AssociationRequest.java, there is a
possible way ...)
+ TODO: check
+CVE-2025-48631 (In onHeaderDecoded of LocalImageResolver.java, there is a
possible per ...)
+ TODO: check
+CVE-2025-48629 (In findAvailRecognizer of VoiceInteractionManagerService.java,
there i ...)
+ TODO: check
+CVE-2025-48628 (In validateIconUserBoundary of PrintManagerService.java, there
is a po ...)
+ TODO: check
+CVE-2025-48627 (In startNextMatchingActivity of
ActivityTaskManagerService.java, there ...)
+ TODO: check
+CVE-2025-48626 (In multiple locations, there is a possible way to launch an
applicatio ...)
+ TODO: check
+CVE-2025-48625 (In multiple locations of UsbDataAdvancedProtectionHook.java,
there is ...)
+ TODO: check
+CVE-2025-48624 (In multiple functions of arm-smmu-v3.c, there is a possible
out-of-bou ...)
+ TODO: check
+CVE-2025-48623 (In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of
bounds wri ...)
+ TODO: check
+CVE-2025-48622 (In ProcessArea of dng_misc_opcodes.cpp, there is a possible
out of bou ...)
+ TODO: check
+CVE-2025-48621 (In DefaultTransitionHandler.java, there is a possible way to
enable a ...)
+ TODO: check
+CVE-2025-48620 (In onSomePackagesChanged of
VoiceInteractionManagerService.java, there ...)
+ TODO: check
+CVE-2025-48618 (In processLaunchBrowser of CommandParamsFactory.java, there is
a possi ...)
+ TODO: check
+CVE-2025-48615 (In getComponentName of MediaButtonReceiverHolder.java, there
is a poss ...)
+ TODO: check
+CVE-2025-48614 (In rebootWipeUserData of RecoverySystem.java, there is a
possible way ...)
+ TODO: check
+CVE-2025-48612 (In multiple locations, there is a possible way for an
application on a ...)
+ TODO: check
+CVE-2025-48610 (In __pkvm_guest_relinquish_to_host of mem_protect.c, there is
a possib ...)
+ TODO: check
+CVE-2025-48608 (In isValidMediaUri of SettingsProvider.java, there is a
possible cross ...)
+ TODO: check
+CVE-2025-48607 (In multiple locations, there is a possible way to create a
large amoun ...)
+ TODO: check
+CVE-2025-48606 (In preparePackage of InstallPackageHelper.java, there is a
possible wa ...)
+ TODO: check
+CVE-2025-48604 (In multiple locations, there is a possible way to read files
from anot ...)
+ TODO: check
+CVE-2025-48603 (In InputMethodInfo of InputMethodInfo.java, there is a
possible perman ...)
+ TODO: check
+CVE-2025-48601 (In multiple locations, there is a possible permanent denial of
service ...)
+ TODO: check
+CVE-2025-48600 (In multiple files, there is a possible way to reveal
information acros ...)
+ TODO: check
+CVE-2025-48599 (In multiple functions of WifiScanModeActivity.java, there is a
possibl ...)
+ TODO: check
+CVE-2025-48598 (In multiple locations, there is a possible way to alter the
primary us ...)
+ TODO: check
+CVE-2025-48597 (In multiple locations, there is a possible way to trick a user
into ac ...)
+ TODO: check
+CVE-2025-48596 (In appendFrom of Parcel.cpp, there is a possible out of bounds
read du ...)
+ TODO: check
+CVE-2025-48594 (In onUidImportance of DisassociationProcessor.java, there is a
possibl ...)
+ TODO: check
+CVE-2025-48592 (In initDecoder of C2SoftDav1dDec.cpp, there is a possible out
of bound ...)
+ TODO: check
+CVE-2025-48591 (In multiple locations, there is a possible way to read files
from anot ...)
+ TODO: check
+CVE-2025-48590 (In verifyAndGetBypass of AppOpsService.java, there is a
possible metho ...)
+ TODO: check
+CVE-2025-48589 (In multiple functions of HeaderPrivacyIconsController.kt,
there is a p ...)
+ TODO: check
+CVE-2025-48588 (In startAlwaysOnVpn of Vpn.java, there is a possible way to
disable al ...)
+ TODO: check
+CVE-2025-48586 (In onActivityResult of EditFdnContactScreen.java, there is a
possible ...)
+ TODO: check
+CVE-2025-48584 (In multiple functions of NotificationManagerService.java,
there is a p ...)
+ TODO: check
+CVE-2025-48583 (In multiple functions of BaseBundle.java, there is a possible
way to e ...)
+ TODO: check
+CVE-2025-48580 (In connectInternal of MediaBrowser.java, there is a possible
way to ac ...)
+ TODO: check
+CVE-2025-48576 (In updateNotificationChannelGroupFromPrivilegedListener of
Notificatio ...)
+ TODO: check
+CVE-2025-48575 (In multiple functions of CertInstaller.java, there is a
possible way t ...)
+ TODO: check
+CVE-2025-48573 (In sendCommand of MediaSessionRecord.java, there is a possible
way to ...)
+ TODO: check
+CVE-2025-48572 (In multiple locations, there is a possible way to launch
activities fr ...)
+ TODO: check
+CVE-2025-48569 (In multiple locations, there is a possible permanent denial of
service ...)
+ TODO: check
+CVE-2025-48566 (In multiple locations, there is a possible bypass of user
profile boun ...)
+ TODO: check
+CVE-2025-48565 (In multiple locations, there is a possible way to bypass the
cross pro ...)
+ TODO: check
+CVE-2025-48564 (In multiple locations, there is a possible intent filter
bypass due to ...)
+ TODO: check
+CVE-2025-48555 (In multiple functions of NotificationStation.java, there is a
possible ...)
+ TODO: check
+CVE-2025-48536 (In grantAllowlistedPackagePermissions of
SettingsSliceProvider.java, t ...)
+ TODO: check
+CVE-2025-48525 (In disassociate of DisassociationProcessor.java, there is a
possible w ...)
+ TODO: check
+CVE-2025-42620 (In affected versions, vulnerability-lookup handled
user-controlled co ...)
+ TODO: check
+CVE-2025-42616 (Some endpoints in vulnerability-lookup that modified
application stat ...)
+ TODO: check
+CVE-2025-42615 (In affected versions, vulnerability-lookup did not track or
limit fail ...)
+ TODO: check
+CVE-2025-32329 (In multiple functions of Session.java, there is a possible way
to view ...)
+ TODO: check
+CVE-2025-32328 (In multiple functions of Session.java, there is a possible way
to view ...)
+ TODO: check
+CVE-2025-32319 (In ensureBound of RemotePrintService.java, there is a possible
way for ...)
+ TODO: check
+CVE-2025-27020 (Improper configuration of the SSH service in Infinera MTC-9
allows an ...)
+ TODO: check
+CVE-2025-27019 (Remote shell service (RSH) in Infinera MTC-9 version
R22.1.1.0275 allo ...)
+ TODO: check
+CVE-2025-26489 (Improper input validation in the Netconf service in Infinera
MTC-9 all ...)
+ TODO: check
+CVE-2025-26488 (Improper Input Validation vulnerability in Infinera MTC-9
allows remot ...)
+ TODO: check
+CVE-2025-26487 (Server-Side Request Forgery (SSRF) vulnerability in Infinera
MTC-9 ver ...)
+ TODO: check
+CVE-2025-22432 (In notifyTimeout of CallRedirectionProcessor.java, there is a
possible ...)
+ TODO: check
+CVE-2025-22420 (In multiple locations, there is a possible way to leak audio
files acr ...)
+ TODO: check
+CVE-2025-14271
+ REJECTED
+CVE-2025-14262 (A wrong permission check in KNIME Business Hub before version
1.17.0 a ...)
+ TODO: check
+CVE-2025-14261 (The Litmus platform uses JWT for authentication and
authorization, but ...)
+ TODO: check
+CVE-2025-14259 (A vulnerability was found in Jihai Jshop MiniProgram Mall
System 2.9.0 ...)
+ TODO: check
+CVE-2025-14258 (A vulnerability has been found in itsourcecode Student
Management Syst ...)
+ TODO: check
+CVE-2025-14257 (A flaw has been found in itsourcecode Student Management
System 1.0. A ...)
+ TODO: check
+CVE-2025-14256 (A vulnerability was detected in itsourcecode Student
Management System ...)
+ TODO: check
+CVE-2025-14251 (A security vulnerability has been detected in code-projects
Online Ord ...)
+ TODO: check
+CVE-2025-14250 (A weakness has been identified in code-projects Online
Ordering System ...)
+ TODO: check
+CVE-2025-14249 (A security flaw has been discovered in code-projects Online
Ordering S ...)
+ TODO: check
+CVE-2025-14248 (A vulnerability was identified in code-projects Simple
Shopping Cart 1 ...)
+ TODO: check
+CVE-2025-14247 (A vulnerability was determined in code-projects Simple
Shopping Cart 1 ...)
+ TODO: check
+CVE-2025-14246 (A vulnerability was found in code-projects Simple Shopping
Cart 1.0. T ...)
+ TODO: check
+CVE-2025-14245 (A vulnerability has been found in IdeaCMS up to 1.8. This
affects the ...)
+ TODO: check
+CVE-2025-14244 (A flaw has been found in GreenCMS 2.3.0603. Affected by this
issue is ...)
+ TODO: check
+CVE-2025-14230 (A vulnerability was detected in code-projects Daily Time
Recording Sys ...)
+ TODO: check
+CVE-2025-14229 (A security vulnerability has been detected in SourceCodester
Inventory ...)
+ TODO: check
+CVE-2025-14228 (A weakness has been identified in Yealink SIP-T21P E2
52.84.0.15. Impa ...)
+ TODO: check
+CVE-2025-14227 (A security flaw has been discovered in Philipinho
Simple-PHP-Blog up t ...)
+ TODO: check
+CVE-2025-14226 (A vulnerability was identified in itsourcecode Student
Management Syst ...)
+ TODO: check
+CVE-2025-14225 (A vulnerability was determined in D-Link DCS-930L 1.15.04.
This affect ...)
+ TODO: check
+CVE-2025-14224 (A vulnerability was found in Yottamaster DM2, DM3 and DM200 up
to 1.2. ...)
+ TODO: check
+CVE-2025-14223 (A vulnerability has been found in code-projects Simple Leave
Manager 1 ...)
+ TODO: check
+CVE-2025-12956 (A reflected Cross-site Scripting (XSS) vulnerability affecting
ENOVIA ...)
+ TODO: check
CVE-2025-59030 [Insufficient validation of incoming notifies over TCP can lead
to a denial of service in Recursor]
- pdns-recursor <unfixed> (bug #1122197)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html
@@ -8594,11 +8838,11 @@ CVE-2025-28953 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27919 (An issue was discovered in AnyDesk through 9.0.4. A remotely
connected ...)
NOT-FOR-US: AnyDesk
-CVE-2025-27918 (An issue was discovered in AnyDesk before 9.0.0. It has an
integer ove ...)
+CVE-2025-27918 (An issue was discovered in AnyDesk for Windows before 9.0.5,
AnyDesk f ...)
NOT-FOR-US: AnyDesk
-CVE-2025-27917 (An issue was discovered in AnyDesk through 9.0.4. Remote
Denial of Ser ...)
+CVE-2025-27917 (An issue was discovered in AnyDesk for Windows before 9.0.5,
AnyDesk f ...)
NOT-FOR-US: AnyDesk
-CVE-2025-27916 (An issue was discovered in AnyDesk through 9.0.4. When the
connection ...)
+CVE-2025-27916 (An issue was discovered in AnyDesk for Windows before 9.0.6
and AnyDes ...)
NOT-FOR-US: AnyDesk
CVE-2025-22397 (Dell Integrated Dell Remote Access Controller 9, 14G versions
prior to ...)
NOT-FOR-US: Dell / EMC
@@ -8777,25 +9021,26 @@ CVE-2025-55108 (The Control-M/Agent is vulnerable to
unauthenticated remote code
CVE-2025-52602 (HCL BigFix Query is affected by a sensitive information
disclosure in ...)
NOT-FOR-US: HCL
CVE-2025-47151 (A type confusion vulnerability exists in the
lasso_node_impl_init_from ...)
- {DSA-6058-1}
+ {DSA-6058-1 DLA-4397-1}
- lasso 2.9.0-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193
NOTE:
https://git.entrouvert.org/lasso.git/commit/?id=8d12e6263fd6add923469bd5704e05a1ccfa8c69
(v2.9.0)
NOTE:
https://git.entrouvert.org/lasso.git/commit/?id=ebf3dd68910492ab18e9b8b319386f6495c96b01
(v2.9.0) (test)
CVE-2025-46784 (A denial of service vulnerability exists in the
lasso_node_init_from_m ...)
+ {DLA-4397-1}
- lasso 2.8.1-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2195
NOTE:
https://git.entrouvert.org/lasso.git/commit/?id=1aa6271f93e48b24f42991aba8906dfd073a1fe3
(v2.8.1)
NOTE:
https://git.entrouvert.org/lasso.git/commit/?id=8a588a8acb4a9cb7c7cb4dfd91a8278264a6d15a
(v2.8.1)
CVE-2025-46705 (A denial of service vulnerability exists in the
g_assert_not_reached f ...)
- {DSA-6058-1}
+ {DSA-6058-1 DLA-4397-1}
- lasso 2.9.0-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196
NOTE:
https://git.entrouvert.org/lasso.git/commit/?id=37836a9cf14234ce720edb5c43f6ed0491f72cf6
(v2.9.0)
CVE-2025-46424 (Dell CloudLink, versions prior to 8.2, contain use of a
Cryptographic ...)
NOT-FOR-US: Dell / EMC
CVE-2025-46404 (A denial of service vulnerability exists in the
lasso_provider_verify_ ...)
- {DSA-6058-1}
+ {DSA-6058-1 DLA-4397-1}
- lasso 2.9.0-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194
NOTE:
https://git.entrouvert.org/lasso.git/commit/?id=c880cad13732bcb50cbd9fa376ea39edb53e7d68
(v2.9.0)
@@ -12050,7 +12295,8 @@ CVE-2025-62895 (Insertion of Sensitive Information Into
Sent Data vulnerability
NOT-FOR-US: WordPress plugin or theme
CVE-2025-62894 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-62893 (Authorization Bypass Through User-Controlled Key vulnerability
in medi ...)
+CVE-2025-62893
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-62892 (Missing Authorization vulnerability in sunshinephotocart
Sunshine Phot ...)
NOT-FOR-US: WordPress plugin or theme
@@ -224018,7 +224264,7 @@ CVE-2023-40133 (In multiple locations of
DialogFillUi.java, there is a possible
NOT-FOR-US: Android
CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after
free du ...)
NOT-FOR-US: Android
-CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a
possible ...)
+CVE-2023-40130 (In notifyTimeout of CallRedirectionProcessor, there is a
possible perm ...)
NOT-FOR-US: Android
CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out
of boun ...)
NOT-FOR-US: Android
@@ -345303,7 +345549,7 @@ CVE-2022-0720 (The Amelia WordPress plugin before
1.0.47 does not have proper au
CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
NOT-FOR-US: microweber
CVE-2022-0718 (A flaw was found in python-oslo-utils. Due to improper parsing,
passwo ...)
- {DLA-3106-1 DLA-3870-1}
+ {DLA-3870-1 DLA-3106-1}
- python-oslo.utils 4.10.1-1
[bullseye] - python-oslo.utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c97662fb00a2ca81be970ea36c17c8c5125fdb7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c97662fb00a2ca81be970ea36c17c8c5125fdb7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
