Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c1ae530 by security tracker role at 2025-12-19T08:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2025-68491
+ REJECTED
+CVE-2025-68490
+ REJECTED
+CVE-2025-68489
+ REJECTED
+CVE-2025-68488
+ REJECTED
+CVE-2025-68487
+ REJECTED
+CVE-2025-68486
+ REJECTED
+CVE-2025-68485
+ REJECTED
+CVE-2025-68484
+ REJECTED
+CVE-2025-68483
+ REJECTED
+CVE-2025-68422 (Improper Authorization (CWE-285) in Kibana can lead to
privilege escal ...)
+ TODO: check
+CVE-2025-68398 (Weblate is a web based localization tool. In versions prior to
5.15.1, ...)
+ TODO: check
+CVE-2025-68390 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Elas ...)
+ TODO: check
+CVE-2025-68389 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Kiba ...)
+ TODO: check
+CVE-2025-68388 (Allocation of resources without limits or throttling (CWE-770)
allows ...)
+ TODO: check
+CVE-2025-68387 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68386 (Improper Authorization (CWE-285) in Kibana can lead to
privilege escal ...)
+ TODO: check
+CVE-2025-68385 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68384 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Elas ...)
+ TODO: check
+CVE-2025-68383 (Improper Validation of Specified Index, Position, or Offset in
Input ( ...)
+ TODO: check
+CVE-2025-68382 (Out-of-bounds read (CWE-125) allows an unauthenticated remote
attacker ...)
+ TODO: check
+CVE-2025-68381 (Improper Bounds Check (CWE-787) in Packetbeat can allow a
remote unaut ...)
+ TODO: check
+CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to
5.15.1, ...)
+ TODO: check
+CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9
through 2. ...)
+ TODO: check
+CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before
2025-11-15 a ...)
+ TODO: check
+CVE-2025-67845 (A Directory Traversal vulnerability in the Static Asset Proxy
Endpoint ...)
+ TODO: check
+CVE-2025-67844 (The GitHub Integration API in Mintlify Platform before
2025-11-15 allo ...)
+ TODO: check
+CVE-2025-67843 (A Server-Side Template Injection (SSTI) vulnerability in the
MDX Rende ...)
+ TODO: check
+CVE-2025-67842 (The Static Asset API in Mintlify Platform before 2025-11-15
allows rem ...)
+ TODO: check
+CVE-2025-67653 (Advantech WebAccess/SCADAis vulnerable to directory traversal,
which m ...)
+ TODO: check
+CVE-2025-67163 (A stored cross-site scripting (XSS) vulnerability in Simple
Machines F ...)
+ TODO: check
+CVE-2025-66522 (A stored cross-site scripting (XSS) vulnerability exists in
the Digita ...)
+ TODO: check
+CVE-2025-66521 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
+ TODO: check
+CVE-2025-66520 (A stored cross-site scripting (XSS) vulnerability exists in
the Portfo ...)
+ TODO: check
+CVE-2025-66519 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
+ TODO: check
+CVE-2025-66502 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
+ TODO: check
+CVE-2025-66501 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
+ TODO: check
+CVE-2025-66500 (A stored cross-site scripting (XSS) vulnerability exists in
webplugins ...)
+ TODO: check
+CVE-2025-66499 (A heap-based buffer overflow vulnerability exists in the PDF
parsing o ...)
+ TODO: check
+CVE-2025-66498 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
+ TODO: check
+CVE-2025-66497 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
+ TODO: check
+CVE-2025-66496 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
+ TODO: check
+CVE-2025-66495 (A use-after-free vulnerability exists in the annotation
handling of Fo ...)
+ TODO: check
+CVE-2025-66494 (A use-after-free vulnerability exists in the PDF file parsing
of Foxit ...)
+ TODO: check
+CVE-2025-66493 (A use-after-free vulnerability exists in the AcroForm handling
of Foxi ...)
+ TODO: check
+CVE-2025-66174 (There is an improper authentication vulnerability in some
Hikvision DV ...)
+ TODO: check
+CVE-2025-66173 (There is a privilege escalation vulnerability in some
Hikvision DVR pr ...)
+ TODO: check
+CVE-2025-65046 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2025-65041 (Improper authorization in Microsoft Partner Center allows an
unauthori ...)
+ TODO: check
+CVE-2025-65037 (Improper control of generation of code ('code injection') in
Azure Con ...)
+ TODO: check
+CVE-2025-64677 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2025-64676 ('.../...//' in Microsoft Purview allows an authorized attacker
to exec ...)
+ TODO: check
+CVE-2025-64675 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2025-64663 (Custom Question Answering Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-63951 (An insecure deserialization vulnerability exists in the
rss-mp3.php sc ...)
+ TODO: check
+CVE-2025-63950 (An insecure deserialization vulnerability exists in the
download.php s ...)
+ TODO: check
+CVE-2025-63949 (A Reflected Cross-Site Scripting (XSS) vulnerability in
yohanawi Hotel ...)
+ TODO: check
+CVE-2025-63948 (A SQL Injection vulnerability exists in phpMsAdmin version 2.2
in the ...)
+ TODO: check
+CVE-2025-63947 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
phpMsAd ...)
+ TODO: check
+CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized
after lo ...)
+ TODO: check
+CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable delay
before the ...)
+ TODO: check
+CVE-2025-62002 (BullWall Ransomware Containment relies on the number of file
modificat ...)
+ TODO: check
+CVE-2025-62001 (BullWall Ransomware Containment contains excluded file paths,
such as ...)
+ TODO: check
+CVE-2025-62000 (BullWall Ransomware Containment does not entirely inspect a
file to de ...)
+ TODO: check
+CVE-2025-59529 (Avahi is a system which facilitates service discovery on a
local netwo ...)
+ TODO: check
+CVE-2025-53710 (Due to a product misconfiguration in certain deployment types,
it was ...)
+ TODO: check
+CVE-2025-52692 (Successful exploitation of the vulnerability could allow an
attacker w ...)
+ TODO: check
+CVE-2025-46268 (Advantech WebAccess/SCADA is vulnerable to SQL injection,
which may al ...)
+ TODO: check
+CVE-2025-34452 (Streama versions 1.10.0 through 1.10.5 and prior to commit
b7c8767 con ...)
+ TODO: check
+CVE-2025-34451 (rofl0r/proxychains-ng versions up to and including 4.17 and
prior to c ...)
+ TODO: check
+CVE-2025-34450 (merbanan/rtl_433 versions up to and including 25.02 and prior
to commi ...)
+ TODO: check
+CVE-2025-34449 (Genymobile/scrcpy versions up to and including 3.3.3 and prior
to comm ...)
+ TODO: check
+CVE-2025-14940 (A vulnerability was determined in code-projects Scholars
Tracking Syst ...)
+ TODO: check
+CVE-2025-14939 (A vulnerability was found in code-projects Online Appointment
Booking ...)
+ TODO: check
+CVE-2025-14910 (A vulnerability was detected in Edimax BR-6208AC 1.02. This
impacts th ...)
+ TODO: check
+CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The
impacted ...)
+ TODO: check
+CVE-2025-14908 (A security flaw has been discovered in JeecgBoot up to 3.9.0.
The affe ...)
+ TODO: check
+CVE-2025-14900 (A security vulnerability has been detected in CodeAstro Real
Estate Ma ...)
+ TODO: check
+CVE-2025-14899 (A weakness has been identified in CodeAstro Real Estate
Management Sys ...)
+ TODO: check
+CVE-2025-14898 (A security flaw has been discovered in CodeAstro Real Estate
Managemen ...)
+ TODO: check
+CVE-2025-14897 (A vulnerability was identified in CodeAstro Real Estate
Management Sys ...)
+ TODO: check
+CVE-2025-14850 (Advantech WebAccess/SCADAis vulnerable to directory traversal,
which m ...)
+ TODO: check
+CVE-2025-14849 (Advantech WebAccess/SCADA is vulnerable to unrestricted file
upload, w ...)
+ TODO: check
+CVE-2025-14848 (Advantech WebAccess/SCADA is vulnerable to absolute directory
traversa ...)
+ TODO: check
+CVE-2025-14733 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
may all ...)
+ TODO: check
+CVE-2025-14546 (Versions of the package fastapi-sso before 0.19.0 are
vulnerable to Cr ...)
+ TODO: check
+CVE-2025-14449 (The BA Book Everything plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-14267 (Incomplete removal of sensitive information before transfer
vulnerabil ...)
+ TODO: check
+CVE-2025-13999 (The HTML5 Audio Player \u2013 The Ultimate No-Code Podcast,
MP3 & Audi ...)
+ TODO: check
+CVE-2025-13941 (A local privilege escalation vulnerability exists in the Foxit
PDF Rea ...)
+ TODO: check
+CVE-2025-13911 (The vulnerability affects Ignition SCADA applications where
Python sc ...)
+ TODO: check
+CVE-2025-13754 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
+CVE-2025-13427 (An authentication bypass vulnerability in Google Cloud
Dialogflow CX M ...)
+ TODO: check
+CVE-2025-13307 (The Ocean Modal Window WordPress plugin before 2.3.3 is
vulnerable to ...)
+ TODO: check
+CVE-2025-13008 (An information disclosure vulnerability in M-Files Server
before versi ...)
+ TODO: check
+CVE-2025-11774 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
CVE-2025-14876
- qemu <unfixed>
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/T/#u
@@ -83,6 +273,7 @@ CVE-2025-64236 (Authentication Bypass Using an Alternate
Path or Channel vulnera
CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template
function i ...)
+ {DSA-6079-1 DSA-6073-1}
- ffmpeg 7:7.1.3-1
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698
NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/0c6b7f9483a38657c9be824572b4c0c45d4d9fef
(master)
@@ -844,7 +1035,7 @@ CVE-2025-14759 (Missing cryptographic key commitment in
the Amazon S3 Encryption
NOT-FOR-US: Amazon
CVE-2025-14319
REJECTED
-CVE-2025-14318 (Improper access checks in M-Files Server before 25.12 allows
users to ...)
+CVE-2025-14318 (Improper access checks in M-Files Server before 25.12.15491.7
allows u ...)
NOT-FOR-US: M-Files
CVE-2025-14314 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
@@ -10385,7 +10576,7 @@ CVE-2025-12394 (The Backup Migration WordPress plugin
before 2.0.0 does not prop
NOT-FOR-US: WordPress plugin
CVE-2024-14015 (The WordPress eCommerce Plugin WordPress plugin through 2.9.0
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-54515 (The Secure Flag passed to Versal\u2122 Adaptive SoC\u2019s
Arm\xae Tru ...)
+CVE-2025-54515 (The Secure Flag passed to Versal\u2122Adaptive SoC\u2019s
Trusted Firm ...)
NOT-FOR-US: AMD
CVE-2025-48507 (The security state of the calling processor into Arm\xae
Trusted Firmw ...)
NOT-FOR-US: AMD
@@ -564513,7 +564704,7 @@ CVE-2019-3865 (A vulnerability was found in quay-2,
where a stored XSS vulnerabi
NOT-FOR-US: Quay
CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before
quay-3.0. ...)
NOT-FOR-US: Quay
-CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a
multip ...)
+CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1 creating a
vulnerability on t ...)
{DSA-4431-1 DLA-1730-1}
- libssh2 1.8.0-2.1 (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3863.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c1ae530eddb0419566ac6c6654ee6f6756dfbc2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c1ae530eddb0419566ac6c6654ee6f6756dfbc2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
