[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 17 Dec 2025 00:13:20 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8eaa97be by security tracker role at 2025-12-17T08:13:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,81 @@
+CVE-2025-68274 (SIPGO is a library for writing SIP services in the GO 
language. Starti ...)
+       TODO: check
+CVE-2025-64700 (Cross-site request forgery vulnerability exists in GROWI 
v7.3.3 and ea ...)
+       TODO: check
+CVE-2025-64520 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+       TODO: check
+CVE-2025-59374 ("UNSUPPORTED WHEN ASSIGNED"Certain versions of the ASUS Live 
Update cl ...)
+       TODO: check
+CVE-2025-53619 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
+       TODO: check
+CVE-2025-53618 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
+       TODO: check
+CVE-2025-53524 (Fuji Electric Monitouch V-SFT-6 is vulnerable to an 
out-of-bounds writ ...)
+       TODO: check
+CVE-2025-52582 (An out-of-bounds read vulnerability exists in the 
Overlay::GrabOverlay ...)
+       TODO: check
+CVE-2025-48429 (An out-of-bounds read vulnerability exists in the 
RLECodec::DecodeBySt ...)
+       TODO: check
+CVE-2025-34288 (Nagios XI versions prior to 2026R1.1 arevulnerable to local 
privilege  ...)
+       TODO: check
+CVE-2025-14817 (The component 
com.transsion.tranfacmode.entrance.main.MainActivity in  ...)
+       TODO: check
+CVE-2025-14801 (A security vulnerability has been detected in xiweicheng TMS 
up to 2.2 ...)
+       TODO: check
+CVE-2025-14701 (An input neutralization vulnerability in the Server MOTD 
component of  ...)
+       TODO: check
+CVE-2025-14700 (An input neutralization vulnerability in the Webhook Template 
componen ...)
+       TODO: check
+CVE-2025-14466 (A vulnerability in the web interface of the G\xfcralp Fortimus 
Series, ...)
+       TODO: check
+CVE-2025-14399 (The Download Plugins and Themes in ZIP from Dashboard plugin 
for WordP ...)
+       TODO: check
+CVE-2025-14385 (The WP Recipe Maker plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2025-14305 (ListCheck.exe developed by Acer has a Local Privilege 
Escalation vulne ...)
+       TODO: check
+CVE-2025-14304 (Certain motherboard models developed by ASRock and its 
subsidiaries, A ...)
+       TODO: check
+CVE-2025-14303 (Certain motherboard models developed by MSI has a Protection 
Mechanism ...)
+       TODO: check
+CVE-2025-14302 (Certain motherboard models developed by GIGABYTE has a 
Protection Mech ...)
+       TODO: check
+CVE-2025-14154 (The Better Messages \u2013 Live Chat for WordPress, 
BuddyPress, PeepSo ...)
+       TODO: check
+CVE-2025-14061 (The Cookie Banner, Cookie Consent, Consent Log, Cookie 
Scanner, Script ...)
+       TODO: check
+CVE-2025-13977 (The Essential Addons for Elementor \u2013 Popular Elementor 
Templates  ...)
+       TODO: check
+CVE-2025-13880 (The WP Social Ninja \u2013 Embed Social Feeds, Customer 
Reviews, Chat  ...)
+       TODO: check
+CVE-2025-13861 (The HTML Forms \u2013 Simple WordPress Forms Plugin for 
WordPress is v ...)
+       TODO: check
+CVE-2025-13750 (The Converter for Media \u2013 Optimize images | Convert WebP 
& AVIF p ...)
+       TODO: check
+CVE-2025-12496 (The Zephyr Project Manager plugin for WordPress is vulnerable 
to Direc ...)
+       TODO: check
+CVE-2025-11924 (The Ninja Forms \u2013 The Contact Form Builder That Grows 
With You pl ...)
+       TODO: check
+CVE-2025-11901 (An uncontrolled resource consumption vulnerability affects 
certain ASU ...)
+       TODO: check
+CVE-2025-11775 (An out-of-bounds read vulnerability has been identified in the 
asComSv ...)
+       TODO: check
+CVE-2025-11369 (The Gutenberg Essential Blocks \u2013 Page Builder for 
Gutenberg Block ...)
+       TODO: check
+CVE-2025-11009 (Cleartext Storage of Sensitive Information vulnerability in 
Mitsubishi ...)
+       TODO: check
+CVE-2025-0852
+       REJECTED
 CVE-2025-XXXX [backups: Set proper permissions for backups-data directory]
        - freedombox 25.17.1
        [trixie] - freedombox <no-dsa> (Minor issue)
        [bookworm] - freedombox <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229
 (v25.17.1)
        NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2554 
(not public)
-CVE-2025-14766
+CVE-2025-14766 (Out of bounds read and write in V8 in Google Chrome prior to 
143.0.749 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-14765
+CVE-2025-14765 (Use after free in WebGPU in Google Chrome prior to 
143.0.7499.147 allo ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-9460 (A maliciously crafted SLDPRT file, when parsed through certain 
Autodes ...)
@@ -35632,6 +35700,7 @@ CVE-2025-10148 (curl's websocket code did not update 
the 32 bit mask pattern for
 CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP 
admin inter ...)
        NOT-FOR-US: Amped RF
 CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which 
allows ...)
+       {DSA-6007-1 DSA-5985-1}
        - ffmpeg 7:7.1.2-1
        [bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 4.3 branch)
        NOTE: 
https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg
@@ -101452,7 +101521,7 @@ CVE-2025-1596 (A vulnerability was found in 
SourceCodester Best Church Managemen
 CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information 
Technology E ...)
        NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in 
FFmpeg ...)
-       {DSA-6007-1}
+       {DSA-6079-1 DSA-6007-1}
        - ffmpeg 7:7.1.2-1
        [bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed 
upstream)
        NOTE: 
https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
@@ -125365,7 +125434,7 @@ CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in 
the WAVARC decoder of the l
        [bullseye] - ffmpeg <not-affected> (Vulnerable decoder added in 6.0)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4
 (n7.1)
 CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the 
libavforma ...)
-       {DLA-4039-1}
+       {DSA-6079-1 DLA-4039-1}
        - ffmpeg 7:7.0.1-3
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857
 (n7.0)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/b7263cc4d434d10a557491bd5f05e8478ec0a497
 (n5.1.8)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eaa97be19e001aca6f04cb9178f42930f5c5857

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eaa97be19e001aca6f04cb9178f42930f5c5857
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to