Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf4e53cb by security tracker role at 2025-12-10T08:13:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2025-9571 (A remote code execution (RCE) vulnerability exists in Google
Cloud Dat ...)
+ TODO: check
+CVE-2025-9056 (Unprotected service in the AudioLink component allows a local
attacker ...)
+ TODO: check
+CVE-2025-67613
+ REJECTED
+CVE-2025-67612
+ REJECTED
+CVE-2025-67611
+ REJECTED
+CVE-2025-67610
+ REJECTED
+CVE-2025-67609
+ REJECTED
+CVE-2025-67608
+ REJECTED
+CVE-2025-67607
+ REJECTED
+CVE-2025-67606
+ REJECTED
+CVE-2025-67605
+ REJECTED
+CVE-2025-67507 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2025-67506 (PipesHub is a fully extensible workplace AI platform for
enterprise se ...)
+ TODO: check
+CVE-2025-67503
+ REJECTED
+CVE-2025-67502 (Taguette is an open source qualitative research tool. In
versions 1.5. ...)
+ TODO: check
+CVE-2025-67501 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-67500 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2025-67499 (The CNI portmap plugin allows containers to emulate opening a
host por ...)
+ TODO: check
+CVE-2025-67498
+ REJECTED
+CVE-2025-67497
+ REJECTED
+CVE-2025-67496 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-67495 (ZITADEL is an open-source identity infrastructure tool.
Versions 4.0.0 ...)
+ TODO: check
+CVE-2025-67494 (ZITADEL is an open-source identity infrastructure tool.
Versions 4.7.0 ...)
+ TODO: check
+CVE-2025-67489 (@vitejs/plugin-rs provides React Server Components (RSC)
support for V ...)
+ TODO: check
+CVE-2025-67488 (SiYuan is self-hosted, open source personal knowledge
management softw ...)
+ TODO: check
+CVE-2025-67485 (mad-proxy is a Python-based HTTP/HTTPS proxy server for
detection and ...)
+ TODO: check
+CVE-2025-66645 (NiceGUI is a Python-based UI framework. Versions 3.3.1 and
below are v ...)
+ TODO: check
+CVE-2025-66626 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2025-66625 (Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion
of temp ...)
+ TODO: check
+CVE-2025-66457 (Elysia is a Typescript framework for request validation, type
inferenc ...)
+ TODO: check
+CVE-2025-66039 (FreePBX Endpoint Manager is a module for managing telephony
endpoints ...)
+ TODO: check
+CVE-2025-65513 (fetch-mcp v1.0.2 and before is vulnerable to Server-Side
Request Forge ...)
+ TODO: check
+CVE-2025-64899 (Acrobat Reader versions 24.001.30264, 20.005.30793,
25.001.20982, 24.0 ...)
+ TODO: check
+CVE-2025-64898 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-64897 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-64896 (Creative Cloud Desktop versions 6.4.0.361 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-64787 (Acrobat Reader versions 24.001.30264, 20.005.30793,
25.001.20982, 24.0 ...)
+ TODO: check
+CVE-2025-64786 (Acrobat Reader versions 24.001.30264, 20.005.30793,
25.001.20982, 24.0 ...)
+ TODO: check
+CVE-2025-64785 (Acrobat Reader versions 24.001.30264, 20.005.30793,
25.001.20982, 24.0 ...)
+ TODO: check
+CVE-2025-61823 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61822 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61821 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61813 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61812 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61811 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61810 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61809 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-61808 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are
affected ...)
+ TODO: check
+CVE-2025-36437 (IBM Planning Analytics Local2.1.0 -2.1.15 could disclose
sensitive inf ...)
+ TODO: check
+CVE-2025-34425 (MailEnable versions prior to 10.54 contain a reflected
cross-site scri ...)
+ TODO: check
+CVE-2025-13760
+ REJECTED
+CVE-2025-13743 (Docker Desktop diagnostics bundles were found to include
expired Hub P ...)
+ TODO: check
+CVE-2025-13677 (The Simple Download Counter plugin for WordPress is vulnerable
to Path ...)
+ TODO: check
+CVE-2025-13613 (The Elated Membership plugin for WordPress is vulnerable to
Authentica ...)
+ TODO: check
+CVE-2025-13339 (The Hippoo Mobile App for WooCommerce plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-13073 (The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1
does not ...)
+ TODO: check
+CVE-2025-13072 (The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1
does not ...)
+ TODO: check
+CVE-2025-12952 (A privilege escalation vulnerability exists in Google Cloud's
Dialogfl ...)
+ TODO: check
+CVE-2023-53774 (MiniDVBLinux 5.4 contains a remote code execution
vulnerability in the ...)
+ TODO: check
+CVE-2023-53773 (MiniDVBLinux 5.4 contains an unauthenticated vulnerability in
the tv_a ...)
+ TODO: check
+CVE-2023-53772 (MiniDVBLinux 5.4 contains an arbitrary file disclosure
vulnerability t ...)
+ TODO: check
+CVE-2023-53771 (MiniDVBLinux 5.4 contains an authentication bypass
vulnerability that ...)
+ TODO: check
+CVE-2023-53770 (MiniDVBLinux 5.4 contains an unauthenticated configuration
download vu ...)
+ TODO: check
+CVE-2023-53739 (Tinycontrol LAN Controller v3 LK3 version 1.58a contains an
unauthenti ...)
+ TODO: check
+CVE-2021-47731 (Selea Targa IP OCR-ANPR Camera contains a hard-coded developer
passwor ...)
+ TODO: check
+CVE-2021-47730 (Selea Targa IP OCR-ANPR Camera contains a cross-site request
forgery v ...)
+ TODO: check
+CVE-2021-47729 (Selea Targa IP OCR-ANPR Camera contains a stored cross-site
scripting ...)
+ TODO: check
+CVE-2021-47728 (Selea Targa IP OCR-ANPR Camera contains an unauthenticated
command inj ...)
+ TODO: check
+CVE-2021-47727 (Selea Targa IP OCR-ANPR Camera contains an unauthenticated
vulnerabili ...)
+ TODO: check
+CVE-2021-47724 (STVS ProVision 5.9.10 contains a path traversal vulnerability
that all ...)
+ TODO: check
+CVE-2021-47723 (STVS ProVision 5.9.10 contains a cross-site request forgery
vulnerabil ...)
+ TODO: check
+CVE-2021-47719 (COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer
overflow vu ...)
+ TODO: check
+CVE-2021-47718 (OpenBMCS 2.4 contains an information disclosure vulnerability
that all ...)
+ TODO: check
+CVE-2021-47717 (IntelliChoice eFORCE Software Suite 2.5.9 contains a username
enumerat ...)
+ TODO: check
+CVE-2021-47710 (COMMAX Smart Home System is a smart IoT home solution that
allows an u ...)
+ TODO: check
+CVE-2021-47709 (COMMAX Smart Home System allows an unauthenticated attacker to
change ...)
+ TODO: check
+CVE-2021-47708 (COMMAX Smart Home System CDP-1020n contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2021-47707 (COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative
credenti ...)
+ TODO: check
+CVE-2021-47706 (COMMAX Biometric Access Control System 1.0.0 contains an
authenticatio ...)
+ TODO: check
+CVE-2021-47705 (COMMAX UMS Client ActiveX Control 1.7.0.2 contains a
heap-based buffer ...)
+ TODO: check
+CVE-2021-47704 (OpenBMCS 2.4 contains an SQL injection vulnerability that
allows authe ...)
+ TODO: check
+CVE-2021-47703 (OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability
that allow ...)
+ TODO: check
+CVE-2021-47702 (OpenBMCS 2.4 contains a CSRF vulnerability that allows
attackers to pe ...)
+ TODO: check
+CVE-2021-47701 (OpenBMCS 2.4 allows an attacker to escalate privileges from a
read use ...)
+ TODO: check
CVE-2025-9638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Portabilis
CVE-2025-9614 (An issue was discovered in the PCI Express (PCIe) Integrity and
Data E ...)
@@ -3362,7 +3530,7 @@ CVE-2025-40214 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-66404 (MCP Server Kubernetes is an MCP Server that can connect to a
Kubernete ...)
NOT-FOR-US: MCP Server Kubernetes
CVE-2025-66287 (A flaw was found in WebKitGTK. Processing malicious web
content can ca ...)
- {DSA-6074-1}
+ {DSA-6074-1 DLA-4399-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -3517,7 +3685,7 @@ CVE-2025-13949 (A vulnerability was identified in
ProudMuBai GoFilm 1.0.0/1.0.1.
CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to
20251011. ...)
NOT-FOR-US: opsre go-ldap-admin
CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows
remote, user- ...)
- {DSA-6074-1}
+ {DSA-6074-1 DLA-4399-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -11155,7 +11323,7 @@ CVE-2025-43460 (A logic issue was addressed with
improved checks. This issue is
CVE-2025-43459 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
CVE-2025-43458 (This issue was addressed through improved state management.
This issue ...)
- {DSA-6074-1}
+ {DSA-6074-1 DLA-4399-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -11279,7 +11447,7 @@ CVE-2025-43423 (A logging issue was addressed with
improved data redaction. This
CVE-2025-43422 (The issue was addressed by adding additional logic. This issue
is fixe ...)
NOT-FOR-US: Apple
CVE-2025-43421 (Multiple issues were addressed by disabling array allocation
sinking. ...)
- {DSA-6074-1}
+ {DSA-6074-1 DLA-4399-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -14583,7 +14751,7 @@ CVE-2025-62236 (The Frontier Airlines website has a
publicly available endpoint
NOT-FOR-US: Frontier Airlines website
CVE-2025-62169 (OctoPrint-SpoolManager is a plugin for managing spools and all
their u ...)
NOT-FOR-US: OctoPrint-SpoolManager
-CVE-2025-61865 (NarSuS App registers a Windows service with an unquoted file
path. A u ...)
+CVE-2025-61865 (Multiple NAS management applications provided by I-O DATA
DEVICE, INC. ...)
NOT-FOR-US: NarSuS App
CVE-2025-61464 (gnuboard gnuboard4 v4.36.04 and before is vulnerable to
Second-order S ...)
NOT-FOR-US: Gnuboard
@@ -25511,7 +25679,7 @@ CVE-2025-59534 (CryptoLib provides a software-only
solution using the CCSDS Spac
CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was
discovered in ...)
NOT-FOR-US: Click Plus PLC
CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- {DLA-4358-1}
+ {DSA-6075-1 DLA-4358-1}
- wordpress 6.8.3+dfsg1-1 (bug #1117047)
NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -25524,7 +25692,7 @@ CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks
proper validation of the user-
CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the
user-suppli ...)
NOT-FOR-US: Delta Electronics
CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data
vulnerability in Wor ...)
- {DLA-4358-1}
+ {DSA-6075-1 DLA-4358-1}
- wordpress 6.8.3+dfsg1-1 (bug #1117047)
NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -162464,7 +162632,7 @@ CVE-2024-21520 (Versions of the package
djangorestframework before 3.15.2 are vu
CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel
Reservat ...)
NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
the HT ...)
- {DLA-4358-1}
+ {DSA-6075-1 DLA-4358-1}
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-1-7/
@@ -162574,7 +162742,7 @@ CVE-2024-32111 (Improper Limitation of a Pathname to
a Restricted Directory ('Pa
- wordpress <not-affected> (Only affects Windows systems)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- {DLA-4358-1}
+ {DSA-6075-1 DLA-4358-1}
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-1-7/
@@ -187600,6 +187768,7 @@ CVE-2024-3832 (Object corruption in V8 in Google
Chrome prior to 124.0.6367.60 a
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
user d ...)
+ {DSA-6075-1}
- wordpress 6.5.2+dfsg1-1 (bug #1069091)
[bullseye] - wordpress <not-affected> (The vulnerable code was
introduced later)
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4e53cb9ca3dda8af9a1fa7a6969a522b51124b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4e53cb9ca3dda8af9a1fa7a6969a522b51124b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
