Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
963ad31c by security tracker role at 2025-12-15T20:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-67809 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
+ TODO: check
+CVE-2025-66963 (An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local
attacker to obt ...)
+ TODO: check
+CVE-2025-66844 (In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector
may be ...)
+ TODO: check
+CVE-2025-66843 (grav before v1.7.49.5 has a Stored Cross-Site Scripting
(Stored XSS) v ...)
+ TODO: check
+CVE-2025-66440 (An issue was discovered in Frappe ERPNext through 15.89.0.
Function ge ...)
+ TODO: check
+CVE-2025-66439 (An issue was discovered in Frappe ERPNext through 15.89.0.
Function ge ...)
+ TODO: check
+CVE-2025-66438 (A Server-Side Template Injection (SSTI) vulnerability exists
in the Fr ...)
+ TODO: check
+CVE-2025-66437 (An SSTI (Server-Side Template Injection) vulnerability exists
in the g ...)
+ TODO: check
+CVE-2025-66436 (An SSTI (Server-Side Template Injection) vulnerability exists
in the g ...)
+ TODO: check
+CVE-2025-66435 (An SSTI (Server-Side Template Injection) vulnerability exists
in the g ...)
+ TODO: check
+CVE-2025-66434 (An SSTI (Server-Side Template Injection) vulnerability exists
in the g ...)
+ TODO: check
+CVE-2025-65835 (The Cordova plugin cordova-plugin-x-socialsharing
(SocialSharing-Phone ...)
+ TODO: check
+CVE-2025-65782 (An issue was discovered in Wekan The Open Source kanban board
system u ...)
+ TODO: check
+CVE-2025-65781 (An issue was discovered in Wekan The Open Source kanban board
system u ...)
+ TODO: check
+CVE-2025-65780 (An issue was discovered in Wekan The Open Source kanban board
system u ...)
+ TODO: check
+CVE-2025-65779 (An issue was discovered in Wekan The Open Source kanban board
system u ...)
+ TODO: check
+CVE-2025-65778 (An issue was discovered in Wekan The Open Source kanban board
system u ...)
+ TODO: check
+CVE-2025-65742 (An unauthenticated Broken Function Level Authorization (BFLA)
vulnerab ...)
+ TODO: check
+CVE-2025-65431 (An issue was discovered in allauth-django before 65.13.0. Both
Okta an ...)
+ TODO: check
+CVE-2025-65430 (An issue was discovered in allauth-django before 65.13.0. IdP:
marking ...)
+ TODO: check
+CVE-2025-65213 (MooreThreads torch_musa through all versions contains an
unsafe deseri ...)
+ TODO: check
+CVE-2025-65176 (An issue was discovered in Dynatrace OneAgent before 1.325.47.
When at ...)
+ TODO: check
+CVE-2025-60786 (A Zip Slip vulnerability in the import a Project component of
iceScrum ...)
+ TODO: check
+CVE-2025-55901 (TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to
command injec ...)
+ TODO: check
+CVE-2025-55893 (TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to
command Inject ...)
+ TODO: check
+CVE-2025-55703 (An error-based SQL injection vulnerability exists in the
Sunbird Power ...)
+ TODO: check
+CVE-2025-51962 (A HTML Injection vulnerability in the comment section of the
project p ...)
+ TODO: check
+CVE-2025-37732 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2025-37731 (Improper Authentication in Elasticsearch PKI realm can lead to
user im ...)
+ TODO: check
+CVE-2025-36360 (IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2
through 7.2.3 ...)
+ TODO: check
+CVE-2025-34412 (The Convercent Whistleblowing Platform operated by EQS Group
contains ...)
+ TODO: check
+CVE-2025-34411 (The Convercent Whistleblowing Platform operated by EQS Group
exposes a ...)
+ TODO: check
+CVE-2025-34181 (NetSupport Manager< 14.12.0001 contains an arbitrary file
write vulner ...)
+ TODO: check
+CVE-2025-34180 (NetSupport Manager< 14.12.0001 relies on a shared Gateway Key
for aut ...)
+ TODO: check
+CVE-2025-34179 (NetSupport Manager <14.12.0001contains an unauthenticated SQL
injectio ...)
+ TODO: check
+CVE-2025-14714 (An Authentication Bypass vulnerability existed where the
application b ...)
+ TODO: check
+CVE-2025-14711 (A flaw has been found in FantasticLBP Hotels Server up to
67b44df162fa ...)
+ TODO: check
+CVE-2025-14503 (An overly-permissive IAM trust policy in the Harmonix on AWS
framework ...)
+ TODO: check
+CVE-2025-14387 (The LearnPress \u2013 WordPress LMS Plugin plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2025-14383 (The Booking Calendar plugin for WordPress is vulnerable to
time-based ...)
+ TODO: check
+CVE-2025-14156 (The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-14148 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an
authent ...)
+ TODO: check
+CVE-2025-14038 (EDB Hybrid Manager contains a flaw that allows an
unauthenticated atta ...)
+ TODO: check
+CVE-2025-14003 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for
WordPre ...)
+ TODO: check
+CVE-2025-13950 (The OneSignal \u2013 Web Push Notifications plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2025-13888 (A flaw was found in OpenShift GitOps. Namespace admins can
create Argo ...)
+ TODO: check
+CVE-2025-13824 (A security issue exists due to improper handling of malformed
CIP pack ...)
+ TODO: check
+CVE-2025-13823 (A security issue was found in the IPv6 stack in the Micro850
and Micro ...)
+ TODO: check
+CVE-2025-13728 (The FluentAuth \u2013 The Ultimate Authorization & Security
Plugin for ...)
+ TODO: check
+CVE-2025-13610 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
+ TODO: check
+CVE-2025-13608 (The CC Child Pages plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-13489 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 Deploy
transmits data ...)
+ TODO: check
+CVE-2025-13367 (The User Registration & Membership \u2013 Custom Registration
Form Bui ...)
+ TODO: check
+CVE-2025-12900 (The FileBird \u2013 WordPress Media Library Folders & File
Manager plu ...)
+ TODO: check
+CVE-2025-12035 (An integer overflow condition exists in Bluetooth Host stack,
within t ...)
+ TODO: check
+CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are
vulnerab ...)
+ TODO: check
+CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An
internal pro ...)
+ TODO: check
+CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2024-44598 (FNT Command 13.4.0 is vulnerable to Code Execution via the C
Base Modu ...)
+ TODO: check
+CVE-2023-36337 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
CVE-2025-67907
REJECTED
CVE-2025-67906 (In MISP before 2.5.28,
app/View/Elements/Workflows/executionPath.ctp a ...)
@@ -589,7 +709,7 @@ CVE-2025-40345 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.17.11-1
[bullseye] - linux 5.10.247-1
NOTE:
https://git.kernel.org/linus/b59d4fda7e7d0aff1043a7f742487cb829f5aac1 (6.18)
-CVE-2025-66388
+CVE-2025-66388 (A vulnerability in Apache Airflow allowed authenticated UI
users to vi ...)
- airflow <itp> (bug #819700)
CVE-2025-65995
- airflow <itp> (bug #819700)
@@ -4692,6 +4812,7 @@ CVE-2025-12091 (The Search, Filters & Merchandising for
WooCommerce plugin for W
CVE-2025-11263 (The Link Whisper Free plugin for WordPress is vulnerable to
Reflected ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on
APT-bas ...)
+ {DLA-4408-1}
- python-apt 3.1.0 (bug #1122291)
[trixie] - python-apt <no-dsa> (Minor issue)
[bookworm] - python-apt <no-dsa> (Minor issue)
@@ -10639,7 +10760,7 @@ CVE-2025-11797 (A maliciously crafted DWG file, when
parsed through Autodesk 3ds
NOT-FOR-US: Autodesk
CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk
3ds Max, ...)
NOT-FOR-US: Autodesk
-CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External
Entities ...)
+CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to multiple XML
External En ...)
NOT-FOR-US: N-central
CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
NOT-FOR-US: Schneider Electric
@@ -284689,7 +284810,7 @@ CVE-2022-4457 (Due to a misconfiguration in the
manifest file of the WARP client
NOT-FOR-US: Cloudflare Warp
CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified
as prob ...)
NOT-FOR-US: falling-fruit
-CVE-2022-4455 (A vulnerability, which was classified as problematic, was found
in spr ...)
+CVE-2022-4455 (A vulnerability was identified in sproctor php-calendar up to
2.0.13. ...)
NOT-FOR-US: sproctor php-calendar
CVE-2022-4454 (A vulnerability, which was classified as critical, has been
found in m ...)
NOT-FOR-US: m0ver bible-online
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ad31c24d41b3e7268133ca0f98bc1731da165
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ad31c24d41b3e7268133ca0f98bc1731da165
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
