Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4826bf4 by security tracker role at 2025-12-25T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2025-68936 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme
name. This ...)
+ TODO: check
+CVE-2025-68935 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for
the Mul ...)
+ TODO: check
+CVE-2025-2406 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-2405 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-2307 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-15085 (A security flaw has been discovered in youlaitech youlai-mall
1.0.0/2. ...)
+ TODO: check
+CVE-2025-15084 (A vulnerability was identified in youlaitech youlai-mall
1.0.0/2.0.0. ...)
+ TODO: check
+CVE-2025-15083 (A vulnerability was determined in TOZED ZLT M30s up to 1.47.
The affec ...)
+ TODO: check
+CVE-2025-15082 (A vulnerability was found in TOZED ZLT M30s up to 1.47.
Impacted is an ...)
+ TODO: check
+CVE-2025-15081 (A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308.
This is ...)
+ TODO: check
CVE-2025-8769 (Telenium Online Web Application is vulnerable due to a Perl
script tha ...)
NOT-FOR-US: Telenium Online Web Application
CVE-2025-68922 (OpenOps before 0.6.11 allows remote code execution in the
Terraform bl ...)
@@ -5341,7 +5361,7 @@ CVE-2025-14282 [privilege escalation via unix stream
socket forwarding]
NOTE: https://github.com/turistu/odds-n-ends/blob/main/CVE-2025-14282.md
CVE-2025-14439
NOT-FOR-US: OpenUSD
-CVE-2025-68920 [Malicious remote can overwrite and exfiltrate local files]
+CVE-2025-68920 (C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12)
before 24 ...)
- ckermit 416~beta12-5 (bug #1123025)
[trixie] - ckermit <no-dsa> (Minor issue; documented; can be fixed via
point release)
[bookworm] - ckermit <no-dsa> (Minor issue; documented; can be fixed
via point release)
@@ -50561,6 +50581,7 @@ CVE-2025-47806 (In GStreamer through 1.26.1, the
subparse plugin's parse_subrip_
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/edca7f83d107fb6a55dbd46196fc40b99857a85e
(1.27.1)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d
(1.26.2)
CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's
qtdemux_parse_trak fu ...)
+ {DLA-4419-1}
- gst-plugins-good1.0 1.26.2-1
[bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u3
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
@@ -50573,6 +50594,7 @@ CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4
plugin's qtdemux_parse_t
CVE-2025-47188 (A vulnerability in the Mitel 6800 Series, 6900 Series, and
6900w Serie ...)
NOT-FOR-US: Mitel
CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's
qtdemux_parse_tree fu ...)
+ {DLA-4419-1}
- gst-plugins-good1.0 1.26.2-1
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4826bf4270c49d548b2a0113d345266491bf6c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4826bf4270c49d548b2a0113d345266491bf6c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
