Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2e4ca19 by security tracker role at 2025-12-24T08:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,225 @@
+CVE-2025-68696 (httparty is an API tool. In versions 0.23.2 and prior,
httparty is vul ...)
+ TODO: check
+CVE-2025-68695
+ REJECTED
+CVE-2025-68694
+ REJECTED
+CVE-2025-68693
+ REJECTED
+CVE-2025-68692
+ REJECTED
+CVE-2025-68691
+ REJECTED
+CVE-2025-68690
+ REJECTED
+CVE-2025-68689
+ REJECTED
+CVE-2025-68688
+ REJECTED
+CVE-2025-68687
+ REJECTED
+CVE-2025-68669 (5ire is a cross-platform desktop artificial intelligence
assistant and ...)
+ TODO: check
+CVE-2025-68667 (continuwuity is a Matrix homeserver written in Rust. Prior to
version ...)
+ TODO: check
+CVE-2025-68665 (LangChain is a framework for building LLM-powered
applications. Prior ...)
+ TODO: check
+CVE-2025-68664 (LangChain is a framework for building agents and LLM-powered
applicati ...)
+ TODO: check
+CVE-2025-68617 (FluidSynth is a software synthesizer based on the SoundFont 2
specific ...)
+ TODO: check
+CVE-2025-66445 (Authorization bypass vulnerability in Hitachi Infrastructure
Analytics ...)
+ TODO: check
+CVE-2025-66444 (Cross-site Scripting vulnerability in Hitachi Infrastructure
Analytics ...)
+ TODO: check
+CVE-2025-66213 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2025-66212 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2025-66211 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2025-66210 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2025-66209 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2025-64641 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5,
10.12.x <= 10. ...)
+ TODO: check
+CVE-2025-57840 (ADB(Android Debug Bridge) is affected by type privilege
bypass, succes ...)
+ TODO: check
+CVE-2025-15053 (A flaw has been found in code-projects Student Information
System 1.0. ...)
+ TODO: check
+CVE-2025-15052 (A vulnerability was detected in code-projects Student
Information Syst ...)
+ TODO: check
+CVE-2025-15050 (A security vulnerability has been detected in code-projects
Student Fi ...)
+ TODO: check
+CVE-2025-15049 (A vulnerability was identified in code-projects Online Farm
System 1.0 ...)
+ TODO: check
+CVE-2025-15048 (A vulnerability was determined in Tenda WH450 1.0.0.18. This
impacts a ...)
+ TODO: check
+CVE-2025-15047 (A vulnerability was found in Tenda WH450 1.0.0.18. This
affects an unk ...)
+ TODO: check
+CVE-2025-15046 (A vulnerability has been found in Tenda WH450 1.0.0.18. The
impacted e ...)
+ TODO: check
+CVE-2025-15045 (A flaw has been found in Tenda WH450 1.0.0.18. The affected
element is ...)
+ TODO: check
+CVE-2025-15044 (A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted
is an u ...)
+ TODO: check
+CVE-2025-14936 (NSF Unidata NetCDF-C Attribute Name Stack-based Buffer
Overflow Remote ...)
+ TODO: check
+CVE-2025-14935 (NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow
Remote ...)
+ TODO: check
+CVE-2025-14934 (NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow
Remote ...)
+ TODO: check
+CVE-2025-14933 (NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code
Executio ...)
+ TODO: check
+CVE-2025-14932 (NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow
Remote Code ...)
+ TODO: check
+CVE-2025-14931 (Hugging Face smolagents Remote Python Executor Deserialization
of Untr ...)
+ TODO: check
+CVE-2025-14930 (Hugging Face Transformers GLM4 Deserialization of Untrusted
Data Remot ...)
+ TODO: check
+CVE-2025-14929 (Hugging Face Transformers X-CLIP Checkpoint Conversion
Deserialization ...)
+ TODO: check
+CVE-2025-14928 (Hugging Face Transformers HuBERT convert_config Code Injection
Remote ...)
+ TODO: check
+CVE-2025-14927 (Hugging Face Transformers SEW-D convert_config Code Injection
Remote C ...)
+ TODO: check
+CVE-2025-14926 (Hugging Face Transformers SEW convert_config Code Injection
Remote Cod ...)
+ TODO: check
+CVE-2025-14925 (Hugging Face Accelerate Deserialization of Untrusted Data
Remote Code ...)
+ TODO: check
+CVE-2025-14924 (Hugging Face Transformers megatron_gpt2 Deserialization of
Untrusted D ...)
+ TODO: check
+CVE-2025-14922 (Hugging Face Diffusers CogView4 Deserialization of Untrusted
Data Remo ...)
+ TODO: check
+CVE-2025-14921 (Hugging Face Transformers Transformer-XL Model Deserialization
of Untr ...)
+ TODO: check
+CVE-2025-14920 (Hugging Face Transformers Perceiver Model Deserialization of
Untrusted ...)
+ TODO: check
+CVE-2025-14501 (Sante PACS Server HTTP Content-Length Header Handling NULL
Pointer Der ...)
+ TODO: check
+CVE-2025-14500 (IceWarp14 X-File-Operation Command Injection Remote Code
Execution Vul ...)
+ TODO: check
+CVE-2025-14499 (IceWarp gmaps Cross-Site Scripting Authentication Bypass
Vulnerability ...)
+ TODO: check
+CVE-2025-14498 (TradingView Desktop Electron Uncontrolled Search Path Local
Privilege ...)
+ TODO: check
+CVE-2025-14497 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14496 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14495 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14494 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14493 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14492 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14491 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14490 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14489 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14488 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
+ TODO: check
+CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
+ TODO: check
+CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2025-14423 (GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code
Executio ...)
+ TODO: check
+CVE-2025-14422 (GIMP PNM File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
+ TODO: check
+CVE-2025-14421 (pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read
Information ...)
+ TODO: check
+CVE-2025-14420 (pdfforge PDF Architect CBZ File Parsing Directory Traversal
Remote Cod ...)
+ TODO: check
+CVE-2025-14419 (pdfforge PDF Architect PDF File Parsing Memory Corruption
Remote Code ...)
+ TODO: check
+CVE-2025-14418 (pdfforge PDF Architect XLS File Insufficient UI Warning Remote
Code Ex ...)
+ TODO: check
+CVE-2025-14417 (pdfforge PDF Architect Launch Insufficient UI Warning Remote
Code Exec ...)
+ TODO: check
+CVE-2025-14416 (pdfforge PDF Architect DOC File Insufficient UI Warning Remote
Code Ex ...)
+ TODO: check
+CVE-2025-14415 (Soda PDF Desktop Launch Insufficient UI Warning Remote Code
Execution ...)
+ TODO: check
+CVE-2025-14414 (Soda PDF Desktop Word File Insufficient UI Warning Remote Code
Executi ...)
+ TODO: check
+CVE-2025-14413 (Soda PDF Desktop CBZ File Parsing Directory Traversal Remote
Code Exec ...)
+ TODO: check
+CVE-2025-14412 (Soda PDF Desktop XLS File Insufficient UI Warning Remote Code
Executio ...)
+ TODO: check
+CVE-2025-14411 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read
Information Discl ...)
+ TODO: check
+CVE-2025-14410 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read
Information Discl ...)
+ TODO: check
+CVE-2025-14409 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2025-14408 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read
Information Discl ...)
+ TODO: check
+CVE-2025-14407 (Soda PDF Desktop PDF File Parsing Memory Corruption
Information Disclo ...)
+ TODO: check
+CVE-2025-14406 (Soda PDF Desktop Uncontrolled Search Path Element Local
Privilege Esca ...)
+ TODO: check
+CVE-2025-14405 (PDFsam Enhanced Uncontrolled Search Path Element Local
Privilege Escal ...)
+ TODO: check
+CVE-2025-14404 (PDFsam Enhanced XLS File Insufficient UI Warning Remote Code
Execution ...)
+ TODO: check
+CVE-2025-14403 (PDFsam Enhanced Launch Insufficient UI Warning Remote Code
Execution V ...)
+ TODO: check
+CVE-2025-14402 (PDFsam Enhanced DOC File Insufficient UI Warning Remote Code
Execution ...)
+ TODO: check
+CVE-2025-14401 (PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution
Vulnerabi ...)
+ TODO: check
+CVE-2025-13773 (The Print Invoice & Delivery Notes for WooCommerce plugin for
WordPres ...)
+ TODO: check
+CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5,
10.12.x <= 10. ...)
+ TODO: check
+CVE-2025-13716 (Tencent MimicMotion create_pipeline Deserialization of
Untrusted Data ...)
+ TODO: check
+CVE-2025-13715 (Tencent FaceDetection-DSFD resnet Deserialization of Untrusted
Data Re ...)
+ TODO: check
+CVE-2025-13714 (Tencent MedicalNet generate_model Deserialization of Untrusted
Data Re ...)
+ TODO: check
+CVE-2025-13713 (Tencent Hunyuan3D-1 load_pretrained Deserialization of
Untrusted Data ...)
+ TODO: check
+CVE-2025-13712 (Tencent HunyuanDiT merge Deserialization of Untrusted Data
Remote Code ...)
+ TODO: check
+CVE-2025-13711 (Tencent TFace eval Deserialization of Untrusted Data Remote
Code Execu ...)
+ TODO: check
+CVE-2025-13710 (Tencent HunyuanVideo load_vae Deserialization of Untrusted
Data Remote ...)
+ TODO: check
+CVE-2025-13709 (Tencent TFace restore_checkpoint Deserialization of Untrusted
Data Rem ...)
+ TODO: check
+CVE-2025-13708 (Tencent NeuralNLP-NeuralClassifier _load_checkpoint
Deserialization of ...)
+ TODO: check
+CVE-2025-13707 (Tencent HunyuanDiT model_resume Deserialization of Untrusted
Data Remo ...)
+ TODO: check
+CVE-2025-13706 (Tencent PatrickStar merge_checkpoint Deserialization of
Untrusted Data ...)
+ TODO: check
+CVE-2025-13703 (VIPRE Advanced Security Incorrect Permission Assignment Local
Privileg ...)
+ TODO: check
+CVE-2025-13700 (DreamFactory saveZipFile Command Injection Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2025-13698 (Deciso OPNsense diag_backup.php filename Directory Traversal
Arbitrary ...)
+ TODO: check
+CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not
properly p ...)
+ TODO: check
+CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
+ TODO: check
+CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
+ TODO: check
+CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation
Vulnerabi ...)
+ TODO: check
+CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
+ TODO: check
+CVE-2025-12491 (Senstar Symphony FetchStoredLicense Information Disclosure
Vulnerabili ...)
+ TODO: check
+CVE-2024-58335 (OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89
allows XX ...)
+ TODO: check
CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -10153,7 +10375,7 @@ CVE-2025-13615 (The StreamTube Core plugin for
WordPress is vulnerable to Arbitr
NOT-FOR-US: WordPress plugin
CVE-2025-6666 (A vulnerability was determined in motogadget mo.lock Ignition
Lock up ...)
NOT-FOR-US: motogadget mo.lock
-CVE-2025-13699
+CVE-2025-13699 (MariaDB mariadb-dump Utility Directory Traversal Remote Code
Execution ...)
- mariadb 1:11.8.5-1
[trixie] - mariadb <no-dsa> (Minor issue; requires attacker to already
have access to the database)
[bookworm] - mariadb <no-dsa> (Minor issue; requires attacker to
already have access to the database)
@@ -25978,7 +26200,7 @@ CVE-2025-58712 (A container privilege escalation flaw
was found in certain AMQ B
NOT-FOR-US: Red Hat AMQ
CVE-2025-25009 (Improper Neutralization of Input During Web Page Generation in
Kibana ...)
- kibana <itp> (bug #700337)
-CVE-2025-11419
+CVE-2025-11419 (A flaw was found in Keycloak. This vulnerability allows an
unauthentic ...)
- keycloak <itp> (bug #1088287)
CVE-2025-11429 (A flaw was found in Keycloak. Keycloak does not immediately
enforce th ...)
- keycloak <itp> (bug #1088287)
@@ -312039,7 +312261,7 @@ CVE-2022-40013
RESERVED
CVE-2022-40012
RESERVED
-CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through
1.38 allows ...)
+CVE-2022-40011 (Typora through 1.3.8 allows XSS if a document containing an
SVG elemen ...)
NOT-FOR-US: typora
CVE-2022-40010 (Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi
was dis ...)
NOT-FOR-US: Tenda
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2e4ca1936257fa067bbfc25fdd3143724125fd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2e4ca1936257fa067bbfc25fdd3143724125fd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
