[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 2 20:13:23 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d599f649 by security tracker role at 2025-12-02T20:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,216 @@
-CVE-2025-64460 [Potential denial-of-service vulnerability in XML serializer text extraction]
+CVE-2025-66468 (The Aimeos GrapesJS CMS extension provides page editor for creating co ...)
+ TODO: check
+CVE-2025-66460 (Lookyloo is a web interface that allows users to capture a website pag ...)
+ TODO: check
+CVE-2025-66459 (Lookyloo is a web interface that allows users to capture a website pag ...)
+ TODO: check
+CVE-2025-66458 (Lookyloo is a web interface that allows users to capture a website pag ...)
+ TODO: check
+CVE-2025-66454 (Arcade MCP allows you to to create, deploy, and share MCP Servers. Pri ...)
+ TODO: check
+CVE-2025-66416 (The MCP Python SDK, called `mcp` on PyPI, is a Python implementation o ...)
+ TODO: check
+CVE-2025-66414 (MCP TypeScript SDK is the official TypeScript SDK for Model Context Pr ...)
+ TODO: check
+CVE-2025-66409 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2025-66399 (Cacti is an open source performance and fault management framework. Pr ...)
+ TODO: check
+CVE-2025-65896 (SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows at ...)
+ TODO: check
+CVE-2025-65881 (Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site ...)
+ TODO: check
+CVE-2025-65877 (Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (202 ...)
+ TODO: check
+CVE-2025-65858 (A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6. ...)
+ TODO: check
+CVE-2025-65844 (EverShop 2.0.1 allows an unauthenticated user to upload files and crea ...)
+ TODO: check
+CVE-2025-65656 (dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in a ...)
+ TODO: check
+CVE-2025-65379 (PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /a ...)
+ TODO: check
+CVE-2025-65358 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl in ...)
+ TODO: check
+CVE-2025-65215 (Sourcecodester Web-based Pharmacy Product Management System v1.0 is vu ...)
+ TODO: check
+CVE-2025-65187 (A Stored Cross Site Scripting vulnerability exists in CiviCRM before v ...)
+ TODO: check
+CVE-2025-65186 (Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page ...)
+ TODO: check
+CVE-2025-65105 (Apptainer is an open source container platform. In Apptainer versions ...)
+ TODO: check
+CVE-2025-64750 (SingularityCE and SingularityPRO are open source container platforms. ...)
+ TODO: check
+CVE-2025-64070 (Sourcecodester Student Grades Management System v1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-63872 (DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which al ...)
+ TODO: check
+CVE-2025-61729 (Within HostnameError.Error(), when constructing an error string, there ...)
+ TODO: check
+CVE-2025-60854 (A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and belo ...)
+ TODO: check
+CVE-2025-60736 (code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2025-59705 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59704 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59703 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59702 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59701 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59700 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59699 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59698 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59697 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59696 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59695 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
+ TODO: check
+CVE-2025-59694 (The Chassis Management Board in Entrust nShield Connect XC, nShield 5c ...)
+ TODO: check
+CVE-2025-59693 (The Chassis Management Board in Entrust nShield Connect XC, nShield 5c ...)
+ TODO: check
+CVE-2025-58386 (In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user ...)
+ TODO: check
+CVE-2025-58113 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
+ TODO: check
+CVE-2025-57850 (A container privilege escalation flaw was found in certain CodeReady W ...)
+ TODO: check
+CVE-2025-52622 (The BigFix SaaS's HTTP responses were missing some security headers. T ...)
+ TODO: check
+CVE-2025-41744 (Sprecher Automations SPRECON-E seriesuses default cryptographic keys t ...)
+ TODO: check
+CVE-2025-41743 (Insufficient encryption strength in Sprecher Automation SPRECON-E-C, S ...)
+ TODO: check
+CVE-2025-41742 (Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3is vulnerab ...)
+ TODO: check
+CVE-2025-41086 (Vulnerability in the access control system of the GAMS licensing syste ...)
+ TODO: check
+CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability that allo ...)
+ TODO: check
+CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This ...)
+ TODO: check
+CVE-2025-41014 (User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This ...)
+ TODO: check
+CVE-2025-41013 (SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This ...)
+ TODO: check
+CVE-2025-41012 (Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. T ...)
+ TODO: check
+CVE-2025-40700 (Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vu ...)
+ TODO: check
+CVE-2025-34352 (JumpCloud Remote Assist for Windows versions prior to 0.317.0 include ...)
+ TODO: check
+CVE-2025-13879 (Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vul ...)
+ TODO: check
+CVE-2025-13877 (A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. T ...)
+ TODO: check
+CVE-2025-13876 (A security vulnerability has been detected in Rareprob HD Video Player ...)
+ TODO: check
+CVE-2025-13875 (A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. T ...)
+ TODO: check
+CVE-2025-13873 (Stored Cross-Site Scripting (XSS) in the survey-import feature of Obje ...)
+ TODO: check
+CVE-2025-13872 (Blind Server-Side Request Forgery (SSRF) in the survey-import feature ...)
+ TODO: check
+CVE-2025-13871 (Cross-Site Request Forgery (CSRF) in the resource-management feature o ...)
+ TODO: check
+CVE-2025-13870 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to vali ...)
+ TODO: check
+CVE-2025-13828 (SummaryA non privileged user can install and remove arbitrary packages ...)
+ TODO: check
+CVE-2025-13827 (Summary Arbitrary files can be uploaded via the GrapesJS Builder, as t ...)
+ TODO: check
+CVE-2025-13731 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin for WordP ...)
+ TODO: check
+CVE-2025-13724 (The VikRentCar Car Rental Management System plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-13721 (Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote at ...)
+ TODO: check
+CVE-2025-13720 (Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a r ...)
+ TODO: check
+CVE-2025-13658 (A vulnerability in Longwatch devices allows unauthenticated HTTP GET r ...)
+ TODO: check
+CVE-2025-13640 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
+ TODO: check
+CVE-2025-13639 (Inappropriate implementation in WebRTC in Google Chrome prior to 143.0 ...)
+ TODO: check
+CVE-2025-13638 (Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 ...)
+ TODO: check
+CVE-2025-13637 (Inappropriate implementation in Downloads in Google Chrome prior to 14 ...)
+ TODO: check
+CVE-2025-13636 (Inappropriate implementation in Split View in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2025-13635 (Inappropriate implementation in Downloads in Google Chrome prior to 14 ...)
+ TODO: check
+CVE-2025-13634 (Inappropriate implementation in Downloads in Google Chrome on Windows ...)
+ TODO: check
+CVE-2025-13633 (Use after free in Digital Credentials in Google Chrome prior to 143.0. ...)
+ TODO: check
+CVE-2025-13632 (Inappropriate implementation in DevTools in Google Chrome prior to 143 ...)
+ TODO: check
+CVE-2025-13631 (Inappropriate implementation in Google Updater in Google Chrome on Mac ...)
+ TODO: check
+CVE-2025-13630 (Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a ...)
+ TODO: check
+CVE-2025-13542 (The DesignThemes LMS plugin for WordPress is vulnerable to Privilege E ...)
+ TODO: check
+CVE-2025-13534 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+ TODO: check
+CVE-2025-13516 (The SureMail \u2013 SMTP and Email Logs Plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-13510 (The Iskra iHUB and iHUB Lite smart metering gateway exposes its web ma ...)
+ TODO: check
+CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-13353 (In gokey versions <0.2.0, a flaw in the seed decryption logic resulte ...)
+ TODO: check
+CVE-2025-13295 (Insertion of Sensitive Information Into Sent Data vulnerability in Arg ...)
+ TODO: check
+CVE-2025-13090 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2025-12630 (The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrar ...)
+ TODO: check
+CVE-2025-12465 (A Blind SQL injection vulnerability has been identified in QuickCMS. I ...)
+ TODO: check
+CVE-2025-11789 (Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9. ...)
+ TODO: check
+CVE-2025-11788 (Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-P ...)
+ TODO: check
+CVE-2025-11787 (Command injection vulnerability in the operating system in Circutor SG ...)
+ TODO: check
+CVE-2025-11786 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11785 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11784 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11783 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11782 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11781 (Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 ...)
+ TODO: check
+CVE-2025-11780 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
+ TODO: check
+CVE-2025-11779 (Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-P ...)
+ TODO: check
+CVE-2025-11778 (Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. ...)
+ TODO: check
+CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5 ...)
+ TODO: check
+CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...)
- python-django <unfixed> (bug #1121788)
NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0 (4.2.27)
-CVE-2025-13372 [Potential SQL injection in FilteredRelation column aliases on PostgreSQL]
+CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...)
- python-django <unfixed> (bug #1121788)
NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d (4.2.27)
@@ -196,7 +404,8 @@ CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page Builder plugin for Word
NOT-FOR-US: WordPress plugin
CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in MeetMe on i ...)
TODO: check
-CVE-2024-51999 (Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22. ...)
+CVE-2024-51999
+ REJECTED
TODO: check
CVE-2024-45675 (IBM Informix Dynamic Server 14.10 could allow a local user on the syst ...)
NOT-FOR-US: IBM
@@ -5643,15 +5852,20 @@ CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely affected
NOT-FOR-US: PacsOne Server
CVE-2025-8768
REJECTED
-CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie configuratio ...)
+CVE-2025-64690
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64689 (In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Jun ...)
+CVE-2025-64689
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64688 (In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation ...)
+CVE-2025-64688
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64687 (In JetBrains YouTrack before 2025.3.104432 improper access control all ...)
+CVE-2025-64687
+ REJECTED
NOT-FOR-US: JetBrains
-CVE-2025-64686 (In JetBrains YouTrack before 2025.3.104432 missing user principal clea ...)
+CVE-2025-64686
+ REJECTED
NOT-FOR-US: JetBrains
CVE-2025-64685 (In JetBrains YouTrack before 2025.3.104432 missing TLS certificate val ...)
NOT-FOR-US: JetBrains
@@ -6817,6 +7031,7 @@ CVE-2025-10853 (A reflected cross-site scripting (XSS) vulnerability exists in t
CVE-2025-10713 (An XML External Entity (XXE) vulnerability exists in multiple WSO2 pro ...)
NOT-FOR-US: WSO2
CVE-2023-43000 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7144,6 +7359,7 @@ CVE-2025-43493 (The issue was addressed with improved checks. This issue is fixe
CVE-2025-43481 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2025-43480 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ {DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7285,6 +7501,7 @@ CVE-2025-43421 (Multiple issues were addressed by disabling array allocation sin
CVE-2025-43420 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2025-43419 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-6042-1}
- webkit2gtk 2.50.0-1
- wpewebkit 2.50.0-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -15070,7 +15287,7 @@ CVE-2025-11581 (A security vulnerability has been detected in PowerJob up to 5.1
NOT-FOR-US: PowerJob
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This affects t ...)
NOT-FOR-US: PowerJob
-CVE-2025-11579 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to vali ...)
+CVE-2025-11579 (github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dic ...)
- golang-github-nwaples-rardecode 2.2.1-1 (bug #1117936)
NOTE: https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 (v2.2.0)
CVE-2025-11190 (The Kiwire Captive Portal contains an open redirection issue via the l ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d599f649a887daa5c2a979a3045a9a0b68896572
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d599f649a887daa5c2a979a3045a9a0b68896572
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/3fd85818/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list