Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e865c715 by security tracker role at 2025-12-17T20:13:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2025-67895 (Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache
Airflow ...)
+ TODO: check
+CVE-2025-67285 (A SQL injection vulnerability was found in the
'/cts/admin/?page=zone' ...)
+ TODO: check
+CVE-2025-67174 (A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0
allows at ...)
+ TODO: check
+CVE-2025-67173 (A Cross-Site Request Forgery (CSRF) in the page
creation/editing funct ...)
+ TODO: check
+CVE-2025-67172 (RiteCMS v3.1.0 was discovered to contain an authenticated
remote code ...)
+ TODO: check
+CVE-2025-67171 (Incorrect access control in the /templates/ component of
RiteCMS v3.1. ...)
+ TODO: check
+CVE-2025-67170 (A reflected cross-site scripting (XSS) vulnerability in
RiteCMS v3.1.0 ...)
+ TODO: check
+CVE-2025-67168 (RiteCMS v3.1.0 was discovered to use insecure encryption to
store pass ...)
+ TODO: check
+CVE-2025-67165 (An Insecure Direct Object Reference (IDOR) in Pagekit CMS
v1.0.18 allo ...)
+ TODO: check
+CVE-2025-67164 (An authenticated arbitrary file upload vulnerability in the
/storage/p ...)
+ TODO: check
+CVE-2025-67074 (A Buffer overflow vulnerability in function
fromAdvSetMacMtuWan of bin ...)
+ TODO: check
+CVE-2025-67073 (A Buffer overflow vulnerability in function
fromAdvSetMacMtuWan of bin ...)
+ TODO: check
+CVE-2025-66953 (CSRF vulnerability in narda miteq Uplink Power Contril Unit
UPC2 v.1.1 ...)
+ TODO: check
+CVE-2025-66924 (A Cross-site scripting (XSS) vulnerability in Create/Update
Item Kit(s ...)
+ TODO: check
+CVE-2025-66923 (A Cross-site scripting (XSS) vulnerability in Create/Update
Customer(s ...)
+ TODO: check
+CVE-2025-66921 (A Cross-site scripting (XSS) vulnerability in Create/Update
Item(s) Mo ...)
+ TODO: check
+CVE-2025-66646 (RIOT is an open-source microcontroller operating system,
designed to m ...)
+ TODO: check
+CVE-2025-66397 (ChurchCRM is an open-source church management system. Prior to
version ...)
+ TODO: check
+CVE-2025-66396 (ChurchCRM is an open-source church management system. Prior to
version ...)
+ TODO: check
+CVE-2025-66395 (ChurchCRM is an open-source church management system. Prior to
version ...)
+ TODO: check
+CVE-2025-65855 (The OTA firmware update mechanism in Netun Solutions HelpFlash
IoT (fi ...)
+ TODO: check
+CVE-2025-65233 (Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian)
before 9 ...)
+ TODO: check
+CVE-2025-65203 (KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill
stored cre ...)
+ TODO: check
+CVE-2025-65185 (There is a username enumeration via local user login in
Entrinsik Info ...)
+ TODO: check
+CVE-2025-62690 (Mattermost versions 10.11.x <= 10.11.4 fail to validate
redirect URLs ...)
+ TODO: check
+CVE-2025-62521 (ChurchCRM is an open-source church management system. Prior to
version ...)
+ TODO: check
+CVE-2025-62190 (Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2,
10.11.x <= 1 ...)
+ TODO: check
+CVE-2025-61736 (Successful exploitation of this vulnerability could result in
the prod ...)
+ TODO: check
+CVE-2025-53919 (An issue was discovered in the Portrait Dell Color Management
applicat ...)
+ TODO: check
+CVE-2025-53398 (The Portrait Dell Color Management application 3.3.8 for Dell
monitors ...)
+ TODO: check
+CVE-2025-44005 (An attacker can bypass authorization checks and force a Step
CA ACME o ...)
+ TODO: check
+CVE-2025-43873 (Successful exploitation of these vulnerabilities could allow
an attack ...)
+ TODO: check
+CVE-2025-34442 (AVideo versions prior to 20.0 disclose absolute filesystem
paths via m ...)
+ TODO: check
+CVE-2025-34441 (AVideo versions prior to 20.0 expose sensitive user
information throug ...)
+ TODO: check
+CVE-2025-34440 (AVideo versions prior to 20.0 contain an open redirect
vulnerability c ...)
+ TODO: check
+CVE-2025-34439 (AVideo versions prior to 20.0 arevulnerable to an open
redirect flaw d ...)
+ TODO: check
+CVE-2025-34438 (AVideo versions prior to 20.0 contain an insecure direct
object refere ...)
+ TODO: check
+CVE-2025-34437 (AVideo versions prior to 20.0 permit any authenticated user to
upload ...)
+ TODO: check
+CVE-2025-34436 (AVideo versions prior to 20.0 allow any authenticated user to
upload f ...)
+ TODO: check
+CVE-2025-34435 (AVideo versions prior to 20.0 arevulnerable to an insecure
direct obje ...)
+ TODO: check
+CVE-2025-34434 (AVideo versions prior to 20.0 with the ImageGallery plugin
enabled is ...)
+ TODO: check
+CVE-2025-26381 (Successful exploitation of this vulnerability could allow an
attacker ...)
+ TODO: check
+CVE-2025-20393 (Cisco is aware of a potential vulnerability. Cisco is
currently ...)
+ TODO: check
+CVE-2025-14828
+ REJECTED
+CVE-2025-14727 (A vulnerability exists in NGINX Ingress Controller's
nginx.org/rewrite ...)
+ TODO: check
+CVE-2025-14347 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-14266 (CSRF in Ercom Cryptobox administration console allows attacker
to trig ...)
+ TODO: check
+CVE-2025-14101 (Authorization Bypass Through User-Controlled Key vulnerability
in GG S ...)
+ TODO: check
+CVE-2025-14097 (A vulnerability in the application software of multiple
Radiometer pro ...)
+ TODO: check
+CVE-2025-14096 (A vulnerability exists in multiple Radiometer products that
allow an a ...)
+ TODO: check
+CVE-2025-14095 (A "Privilege boundary violation" vulnerability is identified
affecting ...)
+ TODO: check
+CVE-2025-14081 (The Ultimate Member plugin for WordPress is vulnerable to
Profile Priv ...)
+ TODO: check
+CVE-2025-13537 (The Live Composer \u2013 Free WordPress Website Builder plugin
for Wor ...)
+ TODO: check
+CVE-2025-13352 (Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub
plugin ve ...)
+ TODO: check
+CVE-2025-13326 (Mattermost Desktop App versions <6.0.0 fail to enable the
Hardened Run ...)
+ TODO: check
+CVE-2025-13324 (Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4,
10.12.x <= 1 ...)
+ TODO: check
+CVE-2025-13321 (Mattermost Desktop App versions <6.0.0 fail to sanitize
sensitive info ...)
+ TODO: check
+CVE-2025-13217 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
+ TODO: check
+CVE-2025-12689 (Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2,
10.11.x <= 1 ...)
+ TODO: check
+CVE-2024-46062 (Miniconda3 macOS installers before 23.11.0-1 contain a local
privilege ...)
+ TODO: check
+CVE-2024-46060 (Anaconda3 macOS installers before 2024.06-1 contain a local
privilege ...)
+ TODO: check
+CVE-2024-29371 (In jose4j before 0.9.5, an attacker can cause a
Denial-of-Service (DoS ...)
+ TODO: check
+CVE-2024-29370 (In python-jose 3.3.0 (specifically jwe.decrypt), a
vulnerability allow ...)
+ TODO: check
CVE-2025-68274 (SIPGO is a library for writing SIP services in the GO
language. Starti ...)
NOT-FOR-US: SIPGO
CVE-2025-64700 (Cross-site request forgery vulnerability exists in GROWI
v7.3.3 and ea ...)
@@ -11369,11 +11495,11 @@ CVE-2025-47913 (SSH clients receiving
SSH_AGENT_SUCCESS when expecting a typed r
[bullseye] - golang-go.crypto <postponed> (Limited support, minor
issue, follow bookworm DSAs/point-releases)
NOTE: https://github.com/advisories/GHSA-hcg3-q754-cr77
NOTE: Fixed by:
https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
(v0.35.0)
-CVE-2025-47222 (A class name enumeration issue was found in Keyfactor
SignServer versi ...)
+CVE-2025-47222 (A class name enumeration was found in Keyfactor SignServer
versions pr ...)
NOT-FOR-US: Keyfactor SignServer
-CVE-2025-47221 (A file write issue was found in Keyfactor SignServer versions
prior to ...)
+CVE-2025-47221 (An arbitrary file write was found in Keyfactor SignServer
versions pri ...)
NOT-FOR-US: Keyfactor SignServer
-CVE-2025-47220 (A file enumeration issue was found in Keyfactor SignServer
versions pr ...)
+CVE-2025-47220 (A local file enumeration was found in Keyfactor SignServer
versions pr ...)
NOT-FOR-US: Keyfactor SignServer
CVE-2025-41436 (Mattermost versions <11.0 fail to properly enforce the "Allow
users to ...)
- mattermost-server <itp> (bug #823556)
@@ -357380,8 +357506,8 @@ CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has
a signed integer overflow
NOTE: https://github.com/libexpat/libexpat/pull/550
NOTE: Fixed by:
https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40
(R_2_4_4)
NOTE: Tests:
https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44
-CVE-2022-23851
- RESERVED
+CVE-2022-23851 (Netaxis API Orchestrator (APIO) before 0.19.3 allows server
side templ ...)
+ TODO: check
CVE-2022-0341 (Cross-site Scripting (XSS) - Stored in GitHub repository
vanessa219/vd ...)
NOT-FOR-US: vditor
CVE-2022-0340
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e865c715c7979098e20b2102821a4d2ed9dc6c51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e865c715c7979098e20b2102821a4d2ed9dc6c51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
