[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 11 Dec 2025 00:16:09 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
13037ca8 by security tracker role at 2025-12-11T08:13:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2025-9436 (The Widgets for Google Reviews plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2025-8405 (GitLab has remediated a security issue in GitLab CE/EE 
affecting all v ...)
+       TODO: check
+CVE-2025-67738 (squid/cachemgr.cgi in Webmin before 2.600 does not properly 
quote argu ...)
+       TODO: check
+CVE-2025-67720 (Pyrofork is a modern, asynchronous MTProto API framework. 
Versions 2.3 ...)
+       TODO: check
+CVE-2025-67719 (Ibexa is a composable end-to-end DXP (Digital Experience 
Platform). Ve ...)
+       TODO: check
+CVE-2025-67718 (Form.io is a combined Form and API platform for Serverless 
application ...)
+       TODO: check
+CVE-2025-67717 (ZITADEL is an open-source identity infrastructure tool. 
Versions 2.44. ...)
+       TODO: check
+CVE-2025-67716 (The Auth0 Next.js SDK is a library for implementing user 
authenticatio ...)
+       TODO: check
+CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and 
below tr ...)
+       TODO: check
+CVE-2025-67694
+       REJECTED
+CVE-2025-67693
+       REJECTED
+CVE-2025-67692
+       REJECTED
+CVE-2025-67691
+       REJECTED
+CVE-2025-67690
+       REJECTED
+CVE-2025-67689
+       REJECTED
+CVE-2025-67688
+       REJECTED
+CVE-2025-67687
+       REJECTED
+CVE-2025-67686
+       REJECTED
+CVE-2025-67648 (Shopware is an open commerce platform. Versions 6.4.6.0 
through 6.6.10 ...)
+       TODO: check
+CVE-2025-67646 (TableProgressTracking is a MediaWiki extension to track 
progress again ...)
+       TODO: check
+CVE-2025-67644 (LangGraph SQLite Checkpoint is an implementation of LangGraph 
Checkpoi ...)
+       TODO: check
+CVE-2025-67514
+       REJECTED
+CVE-2025-67513 (FreePBX Endpoint Manager is a module for managing telephony 
endpoints  ...)
+       TODO: check
+CVE-2025-67512
+       REJECTED
+CVE-2025-67511 (Cybersecurity AI (CAI) is an open-source framework for 
building and de ...)
+       TODO: check
+CVE-2025-67510 (Neuron is a PHP framework for creating and orchestrating AI 
Agents. In ...)
+       TODO: check
+CVE-2025-67509 (Neuron is a PHP framework for creating and orchestrating AI 
Agents. Ve ...)
+       TODO: check
+CVE-2025-67505 (Okta Java Management SDK facilitates interactions with the 
Okta manage ...)
+       TODO: check
+CVE-2025-67490 (The Auth0 Next.js SDK is a library for implementing user 
authenticatio ...)
+       TODO: check
+CVE-2025-67461 (External control of file name or path in Zoom Rooms for macOS 
before v ...)
+       TODO: check
+CVE-2025-67460 (Protection Mechanism Failure of Software Downgrade in Zoom 
Rooms for W ...)
+       TODO: check
+CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or 
convert b ...)
+       TODO: check
+CVE-2025-66474 (XWiki Rendering is a generic rendering system that converts 
textual in ...)
+       TODO: check
+CVE-2025-66473 (XWiki is an open-source wiki software platform. Versions 
16.10.10 and  ...)
+       TODO: check
+CVE-2025-66472 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2025-66033 (Okta Java Management SDK facilitates interactions with the 
Okta manage ...)
+       TODO: check
+CVE-2025-65950 (WBCE CMS is a content management system. In versions 1.6.4 and 
below,  ...)
+       TODO: check
+CVE-2025-65832 (The mobile application insecurely handles information stored 
within me ...)
+       TODO: check
+CVE-2025-65831 (The application uses an insecure hashing algorithm (MD5) to 
hash passw ...)
+       TODO: check
+CVE-2025-65830 (Due to a lack of certificate validation, all traffic from the 
mobile a ...)
+       TODO: check
+CVE-2025-65829 (The ESP32 system on a chip (SoC) that powers the Meatmeet 
basestation  ...)
+       TODO: check
+CVE-2025-65828 (An unauthenticated attacker within proximity of the Meatmeet 
device ca ...)
+       TODO: check
+CVE-2025-65827 (The mobile application is configured to allow clear text 
traffic to al ...)
+       TODO: check
+CVE-2025-65826 (The mobile application was found to contain stored credentials 
for the ...)
+       TODO: check
+CVE-2025-65825 (The firmware on the basestation of the Meatmeet is not 
encrypted. An a ...)
+       TODO: check
+CVE-2025-65824 (An unauthenticated attacker within proximity of the Meatmeet 
device ca ...)
+       TODO: check
+CVE-2025-65823 (The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi 
credenti ...)
+       TODO: check
+CVE-2025-65822 (The ESP32 system on a chip (SoC) that powers the Meatmeet Pro 
was foun ...)
+       TODO: check
+CVE-2025-65821 (As UART download mode is still enabled on the ESP32 chip on 
which the  ...)
+       TODO: check
+CVE-2025-65820 (An issue was discovered in Meatmeet Android Mobile Application 
1.1.2.0 ...)
+       TODO: check
+CVE-2025-65512 (A Server-Side Request Forgery (SSRF) vulnerability was 
discovered in t ...)
+       TODO: check
+CVE-2025-65297 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 
4.3.6_002 ...)
+       TODO: check
+CVE-2025-65296 (NULL-pointer dereference vulnerabilities in Aqara Hub M2 
4.3.6_0027, H ...)
+       TODO: check
+CVE-2025-65295 (Multiple vulnerabilities in Aqara Hub firmware update process 
in the C ...)
+       TODO: check
+CVE-2025-65294 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 
4.3.6_002 ...)
+       TODO: check
+CVE-2025-65293 (Command injection vulnerabilities in Aqara Camera Hub G3 
4.1.9_0027 al ...)
+       TODO: check
+CVE-2025-65292 (Command injection vulnerability in Aqara Hub devices including 
Camera  ...)
+       TODO: check
+CVE-2025-65291 (Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 
4.3.6_0025, Came ...)
+       TODO: check
+CVE-2025-65290 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 
4.3.6_002 ...)
+       TODO: check
+CVE-2025-62181 (Pega Platform versions 7.1.0 through Infinity 25.1.0 are 
affected by a ...)
+       TODO: check
+CVE-2025-4097 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-24857 (Improper access control for volatile memory containing boot 
code in Un ...)
+       TODO: check
+CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap 
buffer over ...)
+       TODO: check
+CVE-2025-14485 (A weakness has been identified in EFM ipTIME A3004T 14.19.0. 
This vuln ...)
+       TODO: check
+CVE-2025-14157 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-13978 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-13923
+       REJECTED
+CVE-2025-13764 (The WP CarDealer plugin for WordPress is vulnerable to 
Privilege Escal ...)
+       TODO: check
+CVE-2025-12734 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-12731
+       REJECTED
+CVE-2025-12716 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-12562 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-12029 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-11984 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2025-11467 (The RSS Aggregator by Feedzy \u2013 Feed to Post, 
Autoblogging, News & ...)
+       TODO: check
+CVE-2025-11247 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2025-10163 (The List category posts plugin for WordPress is vulnerable to 
time-bas ...)
+       TODO: check
+CVE-2024-58285 (Chyrp 2.5.2 contains a stored cross-site scripting 
vulnerability that  ...)
+       TODO: check
+CVE-2024-58284 (PopojiCMS 2.0.1 contains an authenticated remote command 
execution vul ...)
+       TODO: check
+CVE-2024-58283 (WBCE CMS version 1.6.2 contains a remote code execution 
vulnerability  ...)
+       TODO: check
+CVE-2024-58282 (Serendipity 2.5.0 contains a remote code execution 
vulnerability that  ...)
+       TODO: check
+CVE-2024-58281 (Dotclear 2.29 contains a remote code execution vulnerability 
that allo ...)
+       TODO: check
+CVE-2024-58280 (CMSimple 5.15 contains a remote command execution 
vulnerability that a ...)
+       TODO: check
+CVE-2024-58279 (appRain CMF 4.0.5 contains an authenticated remote code 
execution vuln ...)
+       TODO: check
+CVE-2023-53776 (Screen SFT DAB 1.9.3 contains an authentication bypass 
vulnerability t ...)
+       TODO: check
+CVE-2023-53775 (Screen SFT DAB 1.9.3 contains an authentication bypass 
vulnerability t ...)
+       TODO: check
+CVE-2023-53741 (Screen SFT DAB 1.9.3 contains a weak session management 
vulnerability  ...)
+       TODO: check
+CVE-2023-53740 (Screen SFT DAB 1.9.3 contains an authentication bypass 
vulnerability t ...)
+       TODO: check
+CVE-2020-36902 (UBICOD Medivision Digital Signage 1.5.1 contains an 
authorization bypa ...)
+       TODO: check
+CVE-2020-36901 (UBICOD Medivision Digital Signage 1.5.1 contains a cross-site 
request  ...)
+       TODO: check
+CVE-2020-36900 (All-Dynamics Digital Signage System 2.0.2 contains a 
cross-site reques ...)
+       TODO: check
+CVE-2020-36899 (QiHang Media Web Digital Signage 3.0.9 contains an 
unauthenticated fil ...)
+       TODO: check
+CVE-2020-36898 (QiHang Media Web Digital Signage 3.0.9 contains an 
unauthenticated fil ...)
+       TODO: check
+CVE-2020-36897 (QiHang Media Web Digital Signage 3.0.9 contains an 
unauthenticated rem ...)
+       TODO: check
+CVE-2020-36896 (QiHang Media Web Digital Signage 3.0.9 contains a cleartext 
credential ...)
+       TODO: check
+CVE-2020-36895 (EIBIZ i-Media Server Digital Signage 3.8.0 contains an 
unauthenticated ...)
+       TODO: check
+CVE-2020-36894 (Eibiz i-Media Server Digital Signage 3.8.0 contains an 
authentication  ...)
+       TODO: check
+CVE-2020-36893 (Eibiz i-Media Server Digital Signage 3.8.0 contains a 
directory traver ...)
+       TODO: check
+CVE-2020-36892 (Eibiz i-Media Server Digital Signage 3.8.0 contains an 
unauthenticated ...)
+       TODO: check
+CVE-2020-36888 (SpinetiX Fusion Digital Signage 3.4.8 contains a username 
enumeration  ...)
+       TODO: check
+CVE-2020-36887 (SpinetiX Fusion Digital Signage 3.4.8 contains an 
unauthenticated info ...)
+       TODO: check
+CVE-2020-36886 (SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site 
request fo ...)
+       TODO: check
+CVE-2020-36885 (Sony IPELA Network Camera 1.82.01 contains a stack buffer 
overflow vul ...)
+       TODO: check
+CVE-2020-36884 (BrightSign Digital Signage Diagnostic Web Server 8.2.26 and 
less conta ...)
+       TODO: check
+CVE-2020-36883 (SpinetiX Fusion Digital Signage 3.4.8 and lower contains an 
authentica ...)
+       TODO: check
 CVE-2025-13327
        - uv <itp> (bug #1069776)
 CVE-2025-9315 (An unauthenticated device registration vulnerability, caused by 
Improp ...)
@@ -1342,6 +1552,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS 
where an attacker may caus
        NOTE: 
https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
        NOTE: Fixed by: 
https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249
 (edk2-stable202511)
 CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird 
ESR 140.5 ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14333
@@ -1350,21 +1561,25 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 
145 and Thunderbird 145. S
        - firefox 146.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
 CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. 
This vuln ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14331
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
 CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. 
This vulne ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14330
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
 CVE-2025-14329 (Privilege escalation in the Netmonitor component. This 
vulnerability a ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14329
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
 CVE-2025-14328 (Privilege escalation in the Netmonitor component. This 
vulnerability a ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14328
@@ -1376,26 +1591,31 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP 
component. This vulnerabi
        - firefox 146.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
 CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. 
This vulne ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14325
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
 CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. 
This vulne ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14324
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
 CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This 
vulnera ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14323
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
 CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the 
Graphics: C ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14322
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
 CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This 
vulnerability  ...)
+       {DSA-6078-1}
        - firefox 146.0-1
        - firefox-esr 140.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14321



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13037ca86e995fb571778d98279d82cc9457f41c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13037ca86e995fb571778d98279d82cc9457f41c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to