Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ac5e0af by security tracker role at 2025-12-14T20:13:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-14674 (A vulnerability was found in aizuda snail-job up to 1.6.0.
Affected by ...)
+ TODO: check
+CVE-2025-14673 (A vulnerability has been found in gmg137 snap7-rs up to
1.142.1. Affec ...)
+ TODO: check
+CVE-2025-14672 (A flaw has been found in gmg137 snap7-rs up to 1.142.1. This
impacts t ...)
+ TODO: check
+CVE-2025-14668 (A vulnerability was detected in campcodes Advanced Online
Examination ...)
+ TODO: check
+CVE-2025-14667 (A security vulnerability has been detected in itsourcecode
COVID Track ...)
+ TODO: check
+CVE-2025-14666 (A weakness has been identified in itsourcecode COVID Tracking
System 1 ...)
+ TODO: check
+CVE-2025-14665 (A security flaw has been discovered in Tenda WH450 1.0.0.18.
Impacted ...)
+ TODO: check
+CVE-2025-14664 (A vulnerability was identified in Campcodes Supplier
Management System ...)
+ TODO: check
+CVE-2025-14663 (A vulnerability was determined in code-projects Student File
Managemen ...)
+ TODO: check
+CVE-2025-14662 (A vulnerability was found in code-projects Student File
Management Sys ...)
+ TODO: check
+CVE-2025-14661 (A vulnerability has been found in itsourcecode Student
Managemen Syste ...)
+ TODO: check
+CVE-2025-14660 (A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31.
Affected b ...)
+ TODO: check
+CVE-2025-14659 (A vulnerability was detected in D-Link DIR-860LB1 and
DIR-868LB1 203b0 ...)
+ TODO: check
+CVE-2025-14656 (A weakness has been identified in Tenda AC20 16.03.08.12. This
affects ...)
+ TODO: check
+CVE-2025-14655 (A security flaw has been discovered in Tenda AC20 16.03.08.12.
The imp ...)
+ TODO: check
+CVE-2025-14654 (A vulnerability was identified in Tenda AC20 16.03.08.12. The
affected ...)
+ TODO: check
+CVE-2025-14653 (A vulnerability was determined in itsourcecode Student
Management Syst ...)
+ TODO: check
+CVE-2025-14652 (A vulnerability was found in itsourcecode Online Cake Ordering
System ...)
+ TODO: check
+CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to
0.14.27. Thi ...)
+ TODO: check
CVE-2025-XXXX [Cross-Site-Scripting vulnerability via SVG's animate tag]
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE:
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
@@ -2743,7 +2781,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS
where an attacker may caus
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
NOTE: Fixed by:
https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249
(edk2-stable202511)
CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird
ESR 140.5 ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2754,7 +2792,7 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 145
and Thunderbird 145. S
- firefox 146.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
CVE-2025-14331 (Same-origin policy bypass in the Request Handling component.
This vuln ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2762,7 +2800,7 @@ CVE-2025-14331 (Same-origin policy bypass in the Request
Handling component. Thi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14331
CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2770,7 +2808,7 @@ CVE-2025-14330 (JIT miscompilation in the JavaScript
Engine: JIT component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14330
CVE-2025-14329 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2778,7 +2816,7 @@ CVE-2025-14329 (Privilege escalation in the Netmonitor
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14329
CVE-2025-14328 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2792,7 +2830,7 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP
component. This vulnerabi
- firefox 146.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2800,7 +2838,7 @@ CVE-2025-14325 (JIT miscompilation in the JavaScript
Engine: JIT component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14325
CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2808,7 +2846,7 @@ CVE-2025-14324 (JIT miscompilation in the JavaScript
Engine: JIT component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14324
CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This
vulnera ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2816,7 +2854,7 @@ CVE-2025-14323 (Privilege escalation in the DOM:
Notifications component. This v
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14323
CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the
Graphics: C ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -2824,7 +2862,7 @@ CVE-2025-14322 (Sandbox escape due to incorrect boundary
conditions in the Graph
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14322
CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This
vulnerability ...)
- {DSA-6078-1 DLA-4405-1 DLA-4401-1}
+ {DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
- firefox 146.0-1
- firefox-esr 140.6.0esr-1
- thunderbird 1:140.6.0esr-1
@@ -280890,12 +280928,12 @@ CVE-2022-4769 (Hitachi Vantara Pentaho Business
Analytics Server prior to versio
CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been
classified as ...)
NOT-FOR-US: Dropbox merou
CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote
authenticated attac ...)
- {DLA-3303-1}
+ {DLA-4406-1 DLA-3303-1}
- ruby-git 1.13.1-1
NOTE: https://github.com/ruby-git/ruby-git/pull/602
NOTE:
https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d
(v1.13.0)
CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote
authenticated attac ...)
- {DLA-3303-1}
+ {DLA-4406-1 DLA-3303-1}
- ruby-git 1.13.1-1
NOTE: https://github.com/ruby-git/ruby-git/pull/602
NOTE:
https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d
(v1.13.0)
@@ -348596,7 +348634,7 @@ CVE-2022-25759 (The package convert-svg-core before
0.6.2 are vulnerable to Remo
CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to
Regular Expre ...)
- node-scss-tokenizer <itp> (bug #885456)
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command
Injection via ...)
- {DLA-3303-1}
+ {DLA-4406-1 DLA-3303-1}
- ruby-git 1.13.1-1 (bug #1009926)
NOTE: https://github.com/ruby-git/ruby-git/pull/569
NOTE: Fixed by:
https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
(v1.11.0)
@@ -355736,7 +355774,7 @@ CVE-2022-23839
CVE-2022-23838
RESERVED
CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no
limit on the ...)
- {DLA-3360-1 DLA-2943-1}
+ {DLA-4407-1 DLA-3360-1 DLA-2943-1}
- ruby-sidekiq 6.4.1+dfsg-1 (bug #1004193)
NOTE:
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
(v6.4.0)
CVE-2022-23836
@@ -408285,7 +408323,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki
before 1.31.13 and 1.32.x t
NOTE: https://phabricator.wikimedia.org/T270713
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the
queue n ...)
- {DLA-3360-1 DLA-2943-1}
+ {DLA-4407-1 DLA-3360-1 DLA-2943-1}
- ruby-sidekiq 6.3.1+dfsg-1 (bug #987354)
NOTE: https://github.com/mperham/sidekiq/issues/4852
NOTE:
https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
(v6.2.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5e0afe8b15c7f1d480693e70dac2091eb3961
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5e0afe8b15c7f1d480693e70dac2091eb3961
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
