Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66eb382b by security tracker role at 2025-12-19T08:13:26+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,45 +55,45 @@ CVE-2025-67843 (A Server-Side Template Injection (SSTI)
vulnerability in the MDX
CVE-2025-67842 (The Static Asset API in Mintlify Platform before 2025-11-15
allows rem ...)
TODO: check
CVE-2025-67653 (Advantech WebAccess/SCADAis vulnerable to directory traversal,
which m ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-67163 (A stored cross-site scripting (XSS) vulnerability in Simple
Machines F ...)
TODO: check
CVE-2025-66522 (A stored cross-site scripting (XSS) vulnerability exists in
the Digita ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66521 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
TODO: check
CVE-2025-66520 (A stored cross-site scripting (XSS) vulnerability exists in
the Portfo ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66519 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
TODO: check
CVE-2025-66502 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
TODO: check
CVE-2025-66501 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66500 (A stored cross-site scripting (XSS) vulnerability exists in
webplugins ...)
TODO: check
CVE-2025-66499 (A heap-based buffer overflow vulnerability exists in the PDF
parsing o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66498 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66497 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66496 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66495 (A use-after-free vulnerability exists in the annotation
handling of Fo ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66494 (A use-after-free vulnerability exists in the PDF file parsing
of Foxit ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66493 (A use-after-free vulnerability exists in the AcroForm handling
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66174 (There is an improper authentication vulnerability in some
Hikvision DV ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2025-66173 (There is a privilege escalation vulnerability in some
Hikvision DVR pr ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2025-65046 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
TODO: check
CVE-2025-65041 (Improper authorization in Microsoft Partner Center allows an
unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-65037 (Improper control of generation of code ('code injection') in
Azure Con ...)
TODO: check
CVE-2025-64677 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -127,11 +127,11 @@ CVE-2025-62000 (BullWall Ransomware Containment does not
entirely inspect a file
CVE-2025-59529 (Avahi is a system which facilitates service discovery on a
local netwo ...)
TODO: check
CVE-2025-53710 (Due to a product misconfiguration in certain deployment types,
it was ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2025-52692 (Successful exploitation of the vulnerability could allow an
attacker w ...)
TODO: check
CVE-2025-46268 (Advantech WebAccess/SCADA is vulnerable to SQL injection,
which may al ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-34452 (Streama versions 1.10.0 through 1.10.5 and prior to commit
b7c8767 con ...)
TODO: check
CVE-2025-34451 (rofl0r/proxychains-ng versions up to and including 4.17 and
prior to c ...)
@@ -141,9 +141,9 @@ CVE-2025-34450 (merbanan/rtl_433 versions up to and
including 25.02 and prior to
CVE-2025-34449 (Genymobile/scrcpy versions up to and including 3.3.3 and prior
to comm ...)
TODO: check
CVE-2025-14940 (A vulnerability was determined in code-projects Scholars
Tracking Syst ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-14939 (A vulnerability was found in code-projects Online Appointment
Booking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-14910 (A vulnerability was detected in Edimax BR-6208AC 1.02. This
impacts th ...)
TODO: check
CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The
impacted ...)
@@ -151,43 +151,43 @@ CVE-2025-14909 (A weakness has been identified in
JeecgBoot up to 3.9.0. The imp
CVE-2025-14908 (A security flaw has been discovered in JeecgBoot up to 3.9.0.
The affe ...)
TODO: check
CVE-2025-14900 (A security vulnerability has been detected in CodeAstro Real
Estate Ma ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14899 (A weakness has been identified in CodeAstro Real Estate
Management Sys ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14898 (A security flaw has been discovered in CodeAstro Real Estate
Managemen ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14897 (A vulnerability was identified in CodeAstro Real Estate
Management Sys ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14850 (Advantech WebAccess/SCADAis vulnerable to directory traversal,
which m ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14849 (Advantech WebAccess/SCADA is vulnerable to unrestricted file
upload, w ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14848 (Advantech WebAccess/SCADA is vulnerable to absolute directory
traversa ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14733 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
may all ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-14546 (Versions of the package fastapi-sso before 0.19.0 are
vulnerable to Cr ...)
TODO: check
CVE-2025-14449 (The BA Book Everything plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14267 (Incomplete removal of sensitive information before transfer
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-13999 (The HTML5 Audio Player \u2013 The Ultimate No-Code Podcast,
MP3 & Audi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13941 (A local privilege escalation vulnerability exists in the Foxit
PDF Rea ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-13911 (The vulnerability affects Ignition SCADA applications where
Python sc ...)
TODO: check
CVE-2025-13754 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13427 (An authentication bypass vulnerability in Google Cloud
Dialogflow CX M ...)
TODO: check
CVE-2025-13307 (The Ocean Modal Window WordPress plugin before 2.3.3 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13008 (An information disclosure vulnerability in M-Files Server
before versi ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-11774 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-14876
- qemu <unfixed>
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/T/#u
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66eb382bc02fe0ad9ace904b4cbcc66c158f96e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66eb382bc02fe0ad9ace904b4cbcc66c158f96e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
