[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 1 08:12:45 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fb22ebf by security tracker role at 2025-12-01T08:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-64772 (The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue wit ...)
+ TODO: check
+CVE-2025-61619 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-61618 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-61617 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-61610 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-61609 (In modem, there is a possible system crash due to improper input valid ...)
+ TODO: check
+CVE-2025-61608 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-61607 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-3012 (In dpc modem, there is a possible system crash due to null pointer der ...)
+ TODO: check
+CVE-2025-35028 (By providing a command-line argument starting with a semi-colon ; to a ...)
+ TODO: check
+CVE-2025-13814 (A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5 ...)
+ TODO: check
+CVE-2025-13813 (A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. T ...)
+ TODO: check
+CVE-2025-13811 (A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulne ...)
+ TODO: check
+CVE-2025-13810 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects th ...)
+ TODO: check
+CVE-2025-13809 (A vulnerability has been found in orionsec orion-ops up to 5925824997a ...)
+ TODO: check
+CVE-2025-13808 (A flaw has been found in orionsec orion-ops up to 5925824997a3109651bb ...)
+ TODO: check
+CVE-2025-13807 (A vulnerability was detected in orionsec orion-ops up to 5925824997a31 ...)
+ TODO: check
+CVE-2025-13806 (A security vulnerability has been detected in nutzam NutzBoot up to 2. ...)
+ TODO: check
+CVE-2025-13805 (A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT ...)
+ TODO: check
+CVE-2025-13804 (A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNA ...)
+ TODO: check
+CVE-2025-13803 (A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected ...)
+ TODO: check
+CVE-2025-13802 (A vulnerability was determined in jairiidriss RestaurantWebsite up to ...)
+ TODO: check
+CVE-2025-13800 (A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This iss ...)
+ TODO: check
+CVE-2025-13799 (A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. Thi ...)
+ TODO: check
+CVE-2025-13798 (A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects ...)
+ TODO: check
+CVE-2025-13797 (A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected ...)
+ TODO: check
+CVE-2025-13796 (A security vulnerability has been detected in deco-cx apps up to 0.120 ...)
+ TODO: check
+CVE-2025-13795 (A weakness has been identified in codingWithElias School Management Sy ...)
+ TODO: check
+CVE-2025-11133 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-11132 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
+CVE-2025-11131 (In nr modem, there is a possible system crash due to improper input va ...)
+ TODO: check
CVE-2025-13793 (A weakness has been identified in winston-dsouza Ecommerce-Website up ...)
NOT-FOR-US: winston-dsouza Ecommerce-Website
CVE-2025-13792 (A security flaw has been discovered in Qualitor 8.20/8.24. Affected by ...)
@@ -527,6 +589,7 @@ CVE-2025-12571 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-11461 (Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsa ...)
NOT-FOR-US: Frappe CRM
CVE-2021-4472 (The mistral-dashboard plugin for openstack has a local file inclusion ...)
+ {DLA-4392-1 DLA-4391-1}
- mistral-dashboard 15.0.0~rc1-1
- python-mistralclient 1:4.3.0-2
NOTE: https://review.opendev.org/c/openstack/mistral-dashboard/+/800952
@@ -4399,9 +4462,11 @@ CVE-2025-40110 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/5ac2c0279053a2c5265d46903432fb26ae2d0da2 (6.18-rc1)
CVE-2025-3717 (When using the Grafana Snowflake Datasource Plugin, if Oauth passthrou ...)
NOT-FOR-US: Grafana Snowflake Datasource Plugin
-CVE-2025-13047 (Bacteriology Laboratory Reporting System developed by ViewLead Technol ...)
+CVE-2025-13047
+ REJECTED
NOT-FOR-US: Bacteriology Laboratory Reporting System
-CVE-2025-13046 (Bacteriology Laboratory Reporting System developed by ViewLead Technol ...)
+CVE-2025-13046
+ REJECTED
NOT-FOR-US: Bacteriology Laboratory Reporting System
CVE-2025-12901 (The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Req ...)
NOT-FOR-US: WordPress plugin
@@ -10802,7 +10867,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress is vulnerable to Stored
CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechanism rev ...)
NOT-FOR-US: langgenius/dify-web
CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to ...)
- {DLA-4365-1}
+ {DLA-4365-2 DLA-4365-1}
- unbound 1.24.2-1
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/a33f0638e1dacf2633cf2292078a674576bca852 (release-1.24.1)
@@ -71268,6 +71333,7 @@ CVE-2025-32790 (Dify is an open-source LLM app development platform. In versions
CVE-2025-32442 (Fastify is a fast and low overhead web framework, for Node.js. In vers ...)
NOT-FOR-US: Fastify
CVE-2025-32434 (PyTorch is a Python package that provides tensor computation with stro ...)
+ {DLA-4389-1}
- pytorch 2.6.0+dfsg-1
[bookworm] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-53q9-r3pm-6pq6
@@ -111118,21 +111184,25 @@ CVE-2024-9427 (A vulnerability in Koji was found. An unsanitized input allows fo
CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Im ...)
NOT-FOR-US: Adobe
CVE-2024-4982 (A directory traversal vulnerability was discovered in Pagure server. I ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280726
NOTE: Fixed by: https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0 (5.14.1)
CVE-2024-4981 (A vulnerability was discovered in Pagure server. If a malicious user w ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280723
NOTE: Fixed by: https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4 (5.14.1)
CVE-2024-47516 (A vulnerability was found in Pagure. An argument injection in Git duri ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315805
NOTE: Fixed by: https://pagure.io/pagure/c/1db796dd0fa85c5f30f1e7123638e237f73bc92d (5.14.1)
CVE-2024-47515 (A vulnerability was found in Pagure. Support of symbolic links during ...)
+ {DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
[bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315806
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb22ebfdd1818369f6e55ec51db4892577f100e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb22ebfdd1818369f6e55ec51db4892577f100e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251201/8297acbe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list