Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15d106df by security tracker role at 2025-12-27T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2025-54322 (Xspeeder SXZOS through 2025-12-26 allows root remote code
execution vi ...)
+ TODO: check
+CVE-2025-15110 (A vulnerability has been found in jackq XCMS up to
3fab5342cc509945a7c ...)
+ TODO: check
+CVE-2025-15109 (A flaw has been found in jackq XCMS up to
3fab5342cc509945a7ce1b8ec39d ...)
+ TODO: check
+CVE-2025-15108 (A vulnerability was detected in PandaXGO PandaX up to
fb8ff40f7ce5dfeb ...)
+ TODO: check
+CVE-2025-15107 (A security vulnerability has been detected in actiontech sqle
up to 4. ...)
+ TODO: check
+CVE-2025-15106 (A weakness has been identified in getmaxun maxun up to 0.0.28.
The aff ...)
+ TODO: check
+CVE-2025-15105 (A security flaw has been discovered in getmaxun maxun up to
0.0.28. Im ...)
+ TODO: check
CVE-2025-68952 (Eigent is a multi-agent Workforce. In version 0.0.60, a
1-click Remote ...)
NOT-FOR-US: Eigent
CVE-2025-68948 (SiYuan is self-hosted, open source personal knowledge
management softw ...)
@@ -4258,21 +4272,21 @@ CVE-2025-11009 (Cleartext Storage of Sensitive
Information vulnerability in Mits
NOT-FOR-US: Mitsubishi
CVE-2025-0852
REJECTED
-CVE-2025-14180
+CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
{DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj
NOTE: Fixed by:
https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86
(php-8.4.16)
-CVE-2025-14178
+CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
{DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
NOTE: Fixed by:
https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8
(php-8.4.16)
-CVE-2025-14177
+CVE-2025-14177 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
{DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2 <removed>
@@ -11496,6 +11510,7 @@ CVE-2025-13109 (The HUSKY \u2013 Products Filter
Professional for WooCommerce pl
CVE-2025-12887 (The Post SMTP plugin for WordPress is vulnerable to
authorization bypa ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12819 (Untrusted search path in auth_query connection handler in
PgBouncer be ...)
+ {DLA-4422-1}
- pgbouncer 1.25.1-1
[trixie] - pgbouncer <no-dsa> (Minor issue)
[bookworm] - pgbouncer <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d106df0a9ebfe6b7d5b6f8b77e3a95d38871e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d106df0a9ebfe6b7d5b6f8b77e3a95d38871e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
