Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef7ac44f by security tracker role at 2025-12-26T08:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-8075 (Cybersecurity Nozomi Networks Labs, a specialized security
company foc ...)
+ TODO: check
+CVE-2025-68946 (In Gitea before 1.20.1, a forbidden URL scheme such as
javascript: can ...)
+ TODO: check
+CVE-2025-68945 (In Gitea before 1.21.2, an anonymous user can visit a private
user's p ...)
+ TODO: check
+CVE-2025-68944 (Gitea before 1.22.2 sometimes mishandles the propagation of
token scop ...)
+ TODO: check
+CVE-2025-68943 (Gitea before 1.21.8 inadvertently discloses users' login times
by allo ...)
+ TODO: check
+CVE-2025-68942 (Gitea before 1.22.2 allows XSS because the search input box
(for creat ...)
+ TODO: check
+CVE-2025-68941 (Gitea before 1.22.3 mishandles access to a private resource
upon recei ...)
+ TODO: check
+CVE-2025-68940 (In Gitea before 1.22.5, branch deletion permissions are not
adequately ...)
+ TODO: check
+CVE-2025-68939 (Gitea before 1.23.0 allows attackers to add attachments with
forbidden ...)
+ TODO: check
+CVE-2025-68938 (Gitea before 1.25.2 mishandles authorization for deletion of
releases.)
+ TODO: check
+CVE-2025-68937 (Forgejo before 13.0.2 allows attackers to write to unintended
files, a ...)
+ TODO: check
+CVE-2025-67450 (Due to insecure library loading in the Eaton UPS Companion
software ex ...)
+ TODO: check
+CVE-2025-62578 (DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive
Information)
+ TODO: check
+CVE-2025-59888 (Improper quotation in search paths in the Eaton UPS Companion
software ...)
+ TODO: check
+CVE-2025-59887 (Improper authentication of library files in the Eaton UPS
Companion so ...)
+ TODO: check
+CVE-2025-52601 (Cybersecurity Nozomi Networks Labs, a specialized security
company foc ...)
+ TODO: check
+CVE-2025-52600 (Cybersecurity Nozomi Networks Labs, a specialized security
company foc ...)
+ TODO: check
+CVE-2025-52599 (Cybersecurity Nozomi Networks Labs, a specialized security
company foc ...)
+ TODO: check
+CVE-2025-52598 (Cybersecurity Nozomi Networks Labs, a specialized security
company foc ...)
+ TODO: check
+CVE-2025-15099 (A vulnerability was identified in simstudioai sim up to
0.5.27. This v ...)
+ TODO: check
+CVE-2025-15098 (A vulnerability was determined in YunaiV yudao-cloud up to
2025.11. Th ...)
+ TODO: check
+CVE-2025-15097 (A vulnerability was found in Alteryx Server. Affected by this
issue is ...)
+ TODO: check
+CVE-2025-15095 (A security vulnerability has been detected in postmanlabs
httpbin up t ...)
+ TODO: check
+CVE-2025-15094 (A weakness has been identified in sunkaifei FlyCMS up to
abbaa5a8daefb ...)
+ TODO: check
+CVE-2025-15093 (A security flaw has been discovered in sunkaifei FlyCMS up to
abbaa5a8 ...)
+ TODO: check
+CVE-2025-15092 (A vulnerability was identified in UTT \u8fdb\u53d6 512W up to
1.7.7-17 ...)
+ TODO: check
+CVE-2025-15091 (A vulnerability was determined in UTT \u8fdb\u53d6 512W up to
1.7.7-17 ...)
+ TODO: check
+CVE-2025-15090 (A vulnerability was found in UTT \u8fdb\u53d6 512W up to
1.7.7-171114. ...)
+ TODO: check
+CVE-2025-15089 (A vulnerability has been found in UTT \u8fdb\u53d6 512W up to
1.7.7-17 ...)
+ TODO: check
+CVE-2025-15088 (A vulnerability was detected in ketr JEPaaS up to 7.2.8.
Affected by t ...)
+ TODO: check
+CVE-2025-15087 (A security vulnerability has been detected in youlaitech
youlai-mall 1 ...)
+ TODO: check
+CVE-2025-15086 (A weakness has been identified in youlaitech youlai-mall
1.0.0/2.0.0. ...)
+ TODO: check
+CVE-2025-14913 (The Frontend Post Submission Manager Lite \u2013 Frontend
Posting Word ...)
+ TODO: check
+CVE-2025-14820
+ REJECTED
+CVE-2025-14715
+ REJECTED
CVE-2025-68936 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme
name. This ...)
NOT-FOR-US: ONLYOFFICE Docs
CVE-2025-68935 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for
the Mul ...)
@@ -15866,6 +15936,7 @@ CVE-2025-11865 (An issue has been discovered in GitLab
EE affecting all versions
CVE-2025-11224
- gitlab <unfixed>
CVE-2025-12818 (Integer wraparound in multiple PostgreSQL libpq client library
functio ...)
+ {DLA-4420-1}
- postgresql-18 18.1-1
- postgresql-17 <unfixed>
[trixie] - postgresql-17 <no-dsa> (Minor issue)
@@ -15879,6 +15950,7 @@ CVE-2025-12818 (Integer wraparound in multiple
PostgreSQL libpq client library f
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=91421565febbf99c1ea2341070878dc50ab0afef
(REL_15_15)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d6f0c0d6d6d3f14177848e4a00df988fa2f0a09a
(REL_13_23)
CVE-2025-12817 (Missing authorization in PostgreSQL CREATE STATISTICS command
allows a ...)
+ {DLA-4420-1}
- postgresql-18 18.1-1
- postgresql-17 <unfixed>
[trixie] - postgresql-17 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef7ac44fec269c72b70ba6bff725f70f9b372780
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef7ac44fec269c72b70ba6bff725f70f9b372780
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
