[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 2 08:13:14 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4d84786 by security tracker role at 2025-12-02T08:13:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2025-66448 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...)
+	TODO: check
+CVE-2025-66412 (Angular is a development platform for building mobile and desktop web  ...)
+	TODO: check
+CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
+	TODO: check
+CVE-2025-66405 (Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardr ...)
+	TODO: check
+CVE-2025-66403 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
+	TODO: check
+CVE-2025-66401 (MCP Watch is a comprehensive security scanner for Model Context Protoc ...)
+	TODO: check
+CVE-2025-66400 (mdast-util-to-hast is an mdast utility to transform to hast. From 13.0 ...)
+	TODO: check
+CVE-2025-66313 (ChurchCRM is an open-source church management system. In ChurchCRM 6.2 ...)
+	TODO: check
+CVE-2025-66312 (This admin plugin for Grav is an HTML user interface that provides a c ...)
+	TODO: check
+CVE-2025-66311 (This admin plugin for Grav is an HTML user interface that provides a c ...)
+	TODO: check
+CVE-2025-66310 (This admin plugin for Grav is an HTML user interface that provides a c ...)
+	TODO: check
+CVE-2025-66309 (This admin plugin for Grav is an HTML user interface that provides a c ...)
+	TODO: check
+CVE-2025-66308 (This admin plugin for Grav is an HTML user interface that provides a c ...)
+	TODO: check
+CVE-2025-66307 (This admin plugin for Grav is an HTML user interface that provides a c ...)
+	TODO: check
+CVE-2025-66306 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an ...)
+	TODO: check
+CVE-2025-66305 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of ...)
+	TODO: check
+CVE-2025-66304 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with  ...)
+	TODO: check
+CVE-2025-66303 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of ...)
+	TODO: check
+CVE-2025-66302 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path trav ...)
+	TODO: check
+CVE-2025-66301 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to impr ...)
+	TODO: check
+CVE-2025-66300 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privi ...)
+	TODO: check
+CVE-2025-66299 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is ...)
+	TODO: check
+CVE-2025-66298 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a si ...)
+	TODO: check
+CVE-2025-66297 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with ...)
+	TODO: check
+CVE-2025-66296 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege ...)
+	TODO: check
+CVE-2025-66295 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user ...)
+	TODO: check
+CVE-2025-66294 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Si ...)
+	TODO: check
+CVE-2025-66206 (Frappe is a full-stack web application framework. Prior to 15.86.0 and ...)
+	TODO: check
+CVE-2025-66205 (Frappe is a full-stack web application framework. Prior to 15.86.0 and ...)
+	TODO: check
+CVE-2025-65840 (PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSR ...)
+	TODO: check
+CVE-2025-65622 (Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" fi ...)
+	TODO: check
+CVE-2025-65621 (Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged aut ...)
+	TODO: check
+CVE-2025-58488 (Improper verification of source of a communication channel in SmartTou ...)
+	TODO: check
+CVE-2025-58487 (Improper authorization in Samsung Account prior to version 15.5.01.1 a ...)
+	TODO: check
+CVE-2025-58486 (Improper input validation in Samsung Account prior to version 15.5.01. ...)
+	TODO: check
+CVE-2025-58485 (Improper input validation in Samsung Internet prior to version 29.0.0. ...)
+	TODO: check
+CVE-2025-58484 (Incorrect default permissions in Samsung Cloud Assistant prior to vers ...)
+	TODO: check
+CVE-2025-58483 (Improper export of android application components in Galaxy Store for  ...)
+	TODO: check
+CVE-2025-58482 (Improper access control in MPLocalService of MotionPhoto prior to vers ...)
+	TODO: check
+CVE-2025-58481 (Improper access control in MPRemoteService of MotionPhoto prior to ver ...)
+	TODO: check
+CVE-2025-58480 (Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec- ...)
+	TODO: check
+CVE-2025-58479 (Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Rel ...)
+	TODO: check
+CVE-2025-58478 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Re ...)
+	TODO: check
+CVE-2025-58477 (Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior ...)
+	TODO: check
+CVE-2025-58476 (Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 R ...)
+	TODO: check
+CVE-2025-58475 (Improper input validation in libsec-ril.so prior to SMR Dec-2025 Relea ...)
+	TODO: check
+CVE-2025-58044 (JumpServer is an open source bastion host and an operation and mainten ...)
+	TODO: check
+CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.1 ...)
+	TODO: check
+CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported that use ...)
+	TODO: check
+CVE-2025-21080 (Improper export of android application components in Dynamic Lockscree ...)
+	TODO: check
+CVE-2025-21072 (Out-of-bounds write in decoding metadata in fingerprint trustlet prior ...)
+	TODO: check
+CVE-2025-20792 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2025-20791 (In Modem, there is a possible system crash due to incorrect error hand ...)
+	TODO: check
+CVE-2025-20790 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2025-20789 (In GPU pdma, there is a possible information disclosure due to a missi ...)
+	TODO: check
+CVE-2025-20788 (In GPU pdma, there is a possible memory corruption due to a missing pe ...)
+	TODO: check
+CVE-2025-20777 (In display, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20776 (In display, there is a possible out of bounds read due to a missing bo ...)
+	TODO: check
+CVE-2025-20775 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20774 (In display, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20773 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20772 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20771 (In display, there is a possible escalation of privilege due to imprope ...)
+	TODO: check
+CVE-2025-20770 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20769 (In display, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20768 (In display, there is a possible out of bounds read due to a missing bo ...)
+	TODO: check
+CVE-2025-20767 (In display, there is a possible out of bounds write due to an integer  ...)
+	TODO: check
+CVE-2025-20766 (In display, there is a possible memory corruption due to improper inpu ...)
+	TODO: check
+CVE-2025-20765 (In aee daemon, there is a possible system crash due to a race conditio ...)
+	TODO: check
+CVE-2025-20764 (In smi, there is a possible out of bounds write due to a missing bound ...)
+	TODO: check
+CVE-2025-20763 (In mmdvfs, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2025-20759 (In Modem, there is a possible out of bounds read due to a missing boun ...)
+	TODO: check
+CVE-2025-20758 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
+	TODO: check
+CVE-2025-20757 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2025-20756 (In Modem, there is a possible system crash due to a logic error. This  ...)
+	TODO: check
+CVE-2025-20755 (In Modem, there is a possible application crash due to improper input  ...)
+	TODO: check
+CVE-2025-20754 (In Modem, there is a possible system crash due to an incorrect bounds  ...)
+	TODO: check
+CVE-2025-20753 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
+	TODO: check
+CVE-2025-20752 (In Modem, there is a possible system crash due to a missing bounds che ...)
+	TODO: check
+CVE-2025-20751 (In Modem, there is a possible system crash due to a missing bounds che ...)
+	TODO: check
+CVE-2025-20750 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2025-13697 (The BlockArt Blocks \u2013 Gutenberg Blocks, Page Builder Blocks ,Word ...)
+	TODO: check
+CVE-2025-13696 (The Zigaform plugin for WordPress is vulnerable to Sensitive Informati ...)
+	TODO: check
+CVE-2025-13685 (The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-S ...)
+	TODO: check
+CVE-2025-13606 (The Export All Posts, Products, Orders, Refunds & Users plugin for Wor ...)
+	TODO: check
+CVE-2025-13387 (The Kadence WooCommerce Email Designer plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-13140 (The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2025-13007 (The WP Social Ninja \u2013 Embed Social Feeds, Customer Reviews, Chat  ...)
+	TODO: check
+CVE-2025-13001 (The donation WordPress plugin through 1.0 does not sanitize and escape ...)
+	TODO: check
+CVE-2025-13000 (The db-access WordPress plugin through 0.8.7 does not have authorizati ...)
+	TODO: check
+CVE-2025-12529 (The Cost Calculator Builder plugin for WordPress is vulnerable to arbi ...)
+	TODO: check
+CVE-2025-12483 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
+	TODO: check
+CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in MeetMe on i ...)
+	TODO: check
+CVE-2024-51999 (Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22. ...)
+	TODO: check
+CVE-2024-45675 (IBM Informix Dynamic Server 14.10 could allow a local user on the syst ...)
+	TODO: check
 CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast  ...)
 	NOT-FOR-US: Avast Antivirus on MacOS
 CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
@@ -2028,7 +2222,7 @@ CVE-2025-60738 (An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden
 	NOT-FOR-US: Ilevia EVE X1 Server Firmware
 CVE-2025-60737 (Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Ve ...)
 	NOT-FOR-US: Ilevia EVE X1 Server Firmware
-CVE-2025-55128 (HackerOne community member Dao Hoang Anh (yoyomiski) has reported an u ...)
+CVE-2025-55128 (HackerOne community member Dang Hung Vi (vidang04) has reported an unc ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2025-55127 (HackerOne community member Dao Hoang Anh (yoyomiski) has reported an i ...)
 	NOT-FOR-US: Revive Adserver
@@ -5618,7 +5812,7 @@ CVE-2025-12916 (A vulnerability was determined in Sangfor Operation and Maintena
 	NOT-FOR-US: Sangfor Operation and Maintenance Security Management System
 CVE-2025-12915 (A vulnerability was found in 70mai X200 up to 20251019. This issue aff ...)
 	NOT-FOR-US: 70mai X200
-CVE-2025-12914 (A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vul ...)
+CVE-2025-12914 (A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vul ...)
 	NOT-FOR-US: aaPanel BaoTa
 CVE-2025-40109 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	{DSA-6053-1 DLA-4379-1}
@@ -38287,7 +38481,7 @@ CVE-2025-53774 (Microsoft 365 Copilot BizChat Information Disclosure Vulnerabili
 	NOT-FOR-US: Microsoft
 CVE-2025-53767 (Azure OpenAI Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2025-48709 (An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Se ...)
+CVE-2025-48709 (BMC Control-M/Server 9.0.21.300 displays cleartext database credential ...)
 	NOT-FOR-US: BMC
 CVE-2025-45765 (ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: ...)
 	- ruby-jwt <unfixed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d84786809b91cd1f04df79598bbe925ac482c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d84786809b91cd1f04df79598bbe925ac482c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/9a47ac25/attachment.htm>

More information about the debian-security-tracker-commits mailing list