[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 3 08:13:04 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b236f18d by security tracker role at 2025-12-03T08:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,42 @@
-CVE-2025-66476
+CVE-2025-65955 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2025-65657 (FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted Fi ...)
+	TODO: check
+CVE-2025-65380 (PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the ad ...)
+	TODO: check
+CVE-2025-64778 (NMIS/BioDose software V22.02 and previous versions contain executable  ...)
+	TODO: check
+CVE-2025-64642 (NMIS/BioDose V22.02 and previous versions' installation directory path ...)
+	TODO: check
+CVE-2025-64298 (NMIS/BioDose V22.02 and previous version installations where the embed ...)
+	TODO: check
+CVE-2025-62575 (NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Serv ...)
+	TODO: check
+CVE-2025-61940 (NMIS/BioDose V22.02 and previous versions rely on a common SQL Server  ...)
+	TODO: check
+CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31 bytes tri ...)
+	TODO: check
+CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...)
+	TODO: check
+CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...)
+	TODO: check
+CVE-2025-13646 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
+	TODO: check
+CVE-2025-13645 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
+	TODO: check
+CVE-2025-13495 (The FluentCart plugin for WordPress is vulnerable to SQL Injection via ...)
+	TODO: check
+CVE-2025-13486 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2025-13448 (The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2025-12954 (The Timetable and Event Schedule by MotoPress WordPress plugin before  ...)
+	TODO: check
+CVE-2025-12585 (The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-10304 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & ...)
+	TODO: check
+CVE-2025-66476 (Vim is an open source, command line text editor. Prior to version 9.1. ...)
 	- vim <not-affected> (Only affects Vim on Windows)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834
 CVE-2025-66468 (The Aimeos GrapesJS CMS extension provides page editor for creating co ...)
@@ -1020,7 +1058,8 @@ CVE-2025-62593 (Ray is an AI compute engine. Prior to version 2.52.0, developers
 	NOT-FOR-US: Ray
 CVE-2025-3784 (Cleartext Storage of Sensitive Information Vulnerability in GX Works2  ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2025-34351 (Anyscale Ray 2.52.0 contains an insecure default configuration in whic ...)
+CVE-2025-34351
+	REJECTED
 	NOT-FOR-US: Ray
 CVE-2025-13762 (Improper Input Validation vulnerability in CyberArk CyberArk Secure We ...)
 	NOT-FOR-US: CyberArk
@@ -6384,6 +6423,7 @@ CVE-2025-64338
 CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In versions 5. ...)
 	NOT-FOR-US: ClipBucket
 CVE-2025-64329 (containerd is an open-source container runtime. Versions 1.7.28 and be ...)
+	{DSA-6067-1}
 	- containerd 1.7.24~ds1-10 (bug #1120343)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2
 	NOTE: https://github.com/containerd/containerd/commit/a0d0f0ef68935338d2c710db164fa7820f692530 (v2.2.0)
@@ -6825,6 +6865,7 @@ CVE-2025-10955 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-10885 (A maliciously crafted file, when executed on the victim's machine, can ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-25621 (containerd is an open-source container runtime. Versions 0.1.0 through ...)
+	{DSA-6067-1}
 	- containerd 1.7.24~ds1-9 (bug #1120285)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w
 	NOTE: Fixed by: https://github.com/containerd/containerd/commit/910171e90ec3a402c6669333483fbec9d0b414d7 (v2.2.0)
@@ -47890,7 +47931,7 @@ CVE-2025-27613 (Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0,
 	NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
 	NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
 CVE-2024-36357 (A transient execution vulnerability in some AMD processors may allow a ...)
-	{DSA-5973-1 DLA-4328-1 DLA-4327-1}
+	{DSA-6068-1 DSA-5973-1 DLA-4328-1 DLA-4327-1}
 	- amd64-microcode <unfixed> (bug #1109035)
 	- linux 6.12.37-1
 	- xen 4.20.2+7-g1badcf5035-1
@@ -47903,7 +47944,7 @@ CVE-2024-36357 (A transient execution vulnerability in some AMD processors may a
 	NOTE: https://gitlab.com/kernel-firmware/linux-firmware/-/commit/331eac9144402d6cfa02ff3b2888a40bb9a7a01a
 	NOTE: https://gitlab.com/kernel-firmware/linux-firmware/-/commit/3768c184de68a85b9df6697e7f93a2f61de90a99
 CVE-2024-36350 (A transient execution vulnerability in some AMD processors may allow a ...)
-	{DSA-5973-1 DLA-4328-1 DLA-4327-1}
+	{DSA-6068-1 DSA-5973-1 DLA-4328-1 DLA-4327-1}
 	- amd64-microcode <unfixed> (bug #1109035)
 	- linux 6.12.37-1
 	- xen 4.20.2+7-g1badcf5035-1
@@ -48962,14 +49003,17 @@ CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Servic
 CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)
 	NOT-FOR-US: Red Hat OpenShift Jenkins
 CVE-2025-58149 (When passing through PCI devices, the detach logic in libxl won't remo ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-476.html
 CVE-2025-58148 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-475.html
 CVE-2025-58147 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-475.html
@@ -48977,26 +49021,32 @@ CVE-2025-58146
 	- xen-api <removed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-474.html
 CVE-2025-58144 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-473.html
 CVE-2025-58145 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-473.html
 CVE-2025-27466 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-472.html
 CVE-2025-58142 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-472.html
 CVE-2025-58143 ([This CNA information record relates to multiple CVEs; the text explai ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-472.html
 CVE-2025-27465 (Certain instructions need intercepting and emulating by Xen.  In some  ...)
+	{DSA-6068-1}
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-470.html
@@ -59609,7 +59659,7 @@ CVE-2025-0602 (A stored Cross-site Scripting (XSS) vulnerability affecting Compa
 	NOT-FOR-US: Dassault Systemes
 CVE-2024-7097 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
 	NOT-FOR-US: WSO2
-CVE-2024-7096 (A privilege escalation vulnerability exists in multiple [Vendor Name]  ...)
+CVE-2024-7096 (A privilege escalation vulnerability exists in multiple WSO2 products  ...)
 	NOT-FOR-US: WSO2
 CVE-2024-42191 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hija ...)
 	NOT-FOR-US: HCL
@@ -65384,7 +65434,7 @@ CVE-2025-24495 (Incorrect initialization of resource in the branch prediction un
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural Structu ...)
-	{DSA-5925-1 DSA-5924-1 DLA-4327-1 DLA-4271-1 DLA-4170-1}
+	{DSA-6068-1 DSA-5925-1 DSA-5924-1 DLA-4327-1 DLA-4271-1 DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	- linux 6.12.29-1
 	- xen 4.20.2+7-g1badcf5035-1 (bug #1105193)
@@ -302376,7 +302426,7 @@ CVE-2022-40025
 CVE-2022-40024
 	RESERVED
 CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denia ...)
-	{DLA-3116-1}
+	{DLA-4393-1 DLA-3116-1}
 	- mako 1.2.2+ds1-1
 	NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2)
 	NOTE: https://github.com/sqlalchemy/mako/issues/366



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b236f18d56cb12dc4f34f57830bc3774b6bb740e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b236f18d56cb12dc4f34f57830bc3774b6bb740e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/4d3bc987/attachment.htm>

More information about the debian-security-tracker-commits mailing list