[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 1 20:12:56 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
624e4b6a by security tracker role at 2025-12-01T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast  ...)
+	TODO: check
+CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
+	TODO: check
+CVE-2025-7007 (NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Av ...)
+	TODO: check
+CVE-2025-6349 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
+	TODO: check
+CVE-2025-65838 (PublicCMS V5.202506.b is vulnerable to path traversal via the doUpload ...)
+	TODO: check
+CVE-2025-65836 (PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of  ...)
+	TODO: check
+CVE-2025-65794
+	REJECTED
+CVE-2025-65793
+	REJECTED
+CVE-2025-65408 (A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession:: ...)
+	TODO: check
+CVE-2025-65407 (A use-after-free in the MPEG1or2Demux::newElementaryStream() function  ...)
+	TODO: check
+CVE-2025-65406 (A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() fun ...)
+	TODO: check
+CVE-2025-65405 (A use-after-free in the ADTSAudioFileSource::samplingFrequency() funct ...)
+	TODO: check
+CVE-2025-65404 (A buffer overflow in the getSideInfo2() function of Live555 Streaming  ...)
+	TODO: check
+CVE-2025-65403 (A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 all ...)
+	TODO: check
+CVE-2025-64775 (Denial of Service vulnerability in Apache Struts, file leak in multipa ...)
+	TODO: check
+CVE-2025-64030 (Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to auth ...)
+	TODO: check
+CVE-2025-63535 (A SQL injection vulnerability exists in the Blood Bank Management Syst ...)
+	TODO: check
+CVE-2025-63534 (A cross-site scripting (XSS) vulnerability exists in the Blood Bank Ma ...)
+	TODO: check
+CVE-2025-63533 (A cross-site scripting (XSS) vulnerability exists in the Blood Bank Ma ...)
+	TODO: check
+CVE-2025-63532 (A SQL injection vulnerability exists in the Blood Bank Management Syst ...)
+	TODO: check
+CVE-2025-63531 (A SQL injection vulnerability exists in the Blood Bank Management Syst ...)
+	TODO: check
+CVE-2025-63529 (A session fixation vulnerability exists in Blood Bank Management Syste ...)
+	TODO: check
+CVE-2025-63528 (A cross-site scripting (XSS) vulnerability exists in the Blood Bank Ma ...)
+	TODO: check
+CVE-2025-63527 (A cross-site scripting (XSS) vulnerability exists in the Blood Bank Ma ...)
+	TODO: check
+CVE-2025-63526 (A cross-site scripting (XSS) vulnerability exists in the Blood Bank Ma ...)
+	TODO: check
+CVE-2025-63525 (An issue was discovered in Blood Bank Management System 1.0 allowing a ...)
+	TODO: check
+CVE-2025-63523 (FeehiCMS version 2.1.1 fails to enforce server-side immutability for p ...)
+	TODO: check
+CVE-2025-63522 (Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Man ...)
+	TODO: check
+CVE-2025-63520 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id  ...)
+	TODO: check
+CVE-2025-63365 (SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. ...)
+	TODO: check
+CVE-2025-63317 (Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/u ...)
+	TODO: check
+CVE-2025-63095 (Improper input validation in the BitstreamWriter::write_bits() functio ...)
+	TODO: check
+CVE-2025-61229 (An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local  ...)
+	TODO: check
+CVE-2025-61228 (An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local  ...)
+	TODO: check
+CVE-2025-59789 (Uncontrolled recursion in the json2pb component in Apache bRPC (versio ...)
+	TODO: check
+CVE-2025-58408 (Software installed and run as a non-privileged user may conduct improp ...)
+	TODO: check
+CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt Pocket Supe ...)
+	TODO: check
+CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
+	TODO: check
+CVE-2025-55221 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
+	TODO: check
+CVE-2025-54851 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
+	TODO: check
+CVE-2025-54850 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
+	TODO: check
+CVE-2025-54849 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
+	TODO: check
+CVE-2025-54848 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
+	TODO: check
+CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows  ...)
+	TODO: check
+CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side, which allows ...)
+	TODO: check
+CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to cause dispro ...)
+	TODO: check
+CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by local us ...)
+	TODO: check
+CVE-2025-41739 (An unauthenticated remote attacker, who beats a race condition, can ex ...)
+	TODO: check
+CVE-2025-41738 (An unauthenticated remote attacker may cause the visualisation server  ...)
+	TODO: check
+CVE-2025-41700 (An unauthenticated attacker can trick a local user into executing arbi ...)
+	TODO: check
+CVE-2025-41070 (Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clicked ...)
+	TODO: check
+CVE-2025-3500 (Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1. ...)
+	TODO: check
+CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an integer o ...)
+	TODO: check
+CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the oauth.authorize ac ...)
+	TODO: check
+CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP functionality ...)
+	TODO: check
+CVE-2025-23417 (A denial of service vulnerability exists in the Modbus RTU over TCP fu ...)
+	TODO: check
+CVE-2025-20085 (A denial of service vulnerability exists in the Modbus RTU over TCP fu ...)
+	TODO: check
+CVE-2025-13837 (When loading a plist file, the plistlib module reads data in size spec ...)
+	TODO: check
+CVE-2025-13836 (When reading an HTTP response from a server, if no read amount is spec ...)
+	TODO: check
+CVE-2025-13835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-13829 (Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurv ...)
+	TODO: check
+CVE-2025-13819 (Open redirect in the web server component of MiR Robot and Fleet softw ...)
+	TODO: check
+CVE-2025-13816 (A security vulnerability has been detected in moxi159753 Mogu Blog v2  ...)
+	TODO: check
+CVE-2025-13815 (A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. T ...)
+	TODO: check
+CVE-2025-13653 (In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise mo ...)
+	TODO: check
+CVE-2025-13296 (Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology I ...)
+	TODO: check
+CVE-2025-13129 (Improper Enforcement of Behavioral Workflow vulnerability in Seneka So ...)
+	TODO: check
+CVE-2025-12756 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 1 ...)
+	TODO: check
+CVE-2025-11772 (A carefully crafted DLL, copied to   C:\ProgramData\Synaptics   folder ...)
+	TODO: check
+CVE-2025-11699 (nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate s ...)
+	TODO: check
+CVE-2025-10101 (Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast ...)
+	TODO: check
+CVE-2024-56089 (An issue in Technitium through v13.2.2 enables attackers to conduct a  ...)
+	TODO: check
+CVE-2024-53684 (A cross-site request forgery (csrf) vulnerability exists in the WEBVIE ...)
+	TODO: check
+CVE-2024-49572 (A denial of service vulnerability exists in the Modbus TCP functionali ...)
+	TODO: check
+CVE-2024-48894 (A cleartext transmission vulnerability exists in the WEBVIEW-M functio ...)
+	TODO: check
+CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP functionali ...)
+	TODO: check
+CVE-2024-45370 (An authentication bypass vulnerability exists in the User profile mana ...)
+	TODO: check
+CVE-2024-39148 (The service wmp-agent of KerOS prior 5.12 does not properly validate s ...)
+	TODO: check
+CVE-2024-32388 (Due to a firewall misconfiguration, Kerlink devices running KerOS prio ...)
+	TODO: check
+CVE-2024-32384 (Kerlink gateways running KerOS prior to version 5.10 expose their web  ...)
+	TODO: check
 CVE-2025-64772 (The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue wit ...)
 	NOT-FOR-US: INZONE Hub
 CVE-2025-61619 (In nr modem, there is a possible system crash due to improper input va ...)
@@ -62,7 +224,7 @@ CVE-2025-11131 (In nr modem, there is a possible system crash due to improper in
 	NOT-FOR-US: Unisoc
 CVE-2025-13793 (A weakness has been identified in winston-dsouza Ecommerce-Website up  ...)
 	NOT-FOR-US: winston-dsouza Ecommerce-Website
-CVE-2025-13792 (A security flaw has been discovered in Qualitor 8.20/8.24. Affected by ...)
+CVE-2025-13792 (A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97 ...)
 	NOT-FOR-US: Qualitor
 CVE-2025-13791 (A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is ...)
 	NOT-FOR-US: Scada-LTS
@@ -2268,7 +2430,7 @@ CVE-2025-12056 (Out-of-bounds Read in Shelly Pro 3EM(before v1.4.4) allows Overr
 	NOT-FOR-US: Shelly Pro 3EM
 CVE-2025-11243 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	NOT-FOR-US: Shelly Pro 4PM
-CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
+CVE-2025-12106 (Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 ...)
 	- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
 	NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
 CVE-2025-13086 [HMAC verification check: fix incorrect memcmp() call]
@@ -618384,7 +618546,7 @@ CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and
 CVE-2018-1110 (A flaw was found in knot-resolver before version 2.3.0. Malformed DNS  ...)
 	- knot-resolver 2.3.0-1 (bug #896681)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2
-CVE-2018-1109 (A vulnerability was found in Braces versions prior to 2.3.1. Affected  ...)
+CVE-2018-1109 (A vulnerability was found in Braces versions 2.2.0 and above, prior to ...)
 	- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
 	NOTE: https://snyk.io/vuln/npm:braces:20180219
 	NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/624e4b6a094fc315b12fe9379efd5491f9ff0208

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/624e4b6a094fc315b12fe9379efd5491f9ff0208
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251201/e379645c/attachment.htm>

More information about the debian-security-tracker-commits mailing list