[Git][security-tracker-team/security-tracker][master] automatic update

Wed Dec 3 20:12:42 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b15379c by security tracker role at 2025-12-03T20:12:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2025-7044 (An Improper Input Validation vulnerability exists in the user websocke ...)
+	TODO: check
+CVE-2025-66489 (Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in  ...)
+	TODO: check
+CVE-2025-66478
+	REJECTED
+CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written entirely  ...)
+	TODO: check
+CVE-2025-66431 (WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux a ...)
+	TODO: check
+CVE-2025-66411 (Coder allows organizations to provision remote development environment ...)
+	TODO: check
+CVE-2025-66406 (Step CA is an online certificate authority for secure, automated certi ...)
+	TODO: check
+CVE-2025-66222 (DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 a ...)
+	TODO: check
+CVE-2025-66220 (Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.3 ...)
+	TODO: check
+CVE-2025-66208 (Collabora Online - Built-in CODE Server (richdocumentscode) provides a ...)
+	TODO: check
+CVE-2025-66032 (Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors  ...)
+	TODO: check
+CVE-2025-65843 (Aquarius Desktop 3.0.069 for macOS contains an insecure file handling  ...)
+	TODO: check
+CVE-2025-65842 (The Aquarius HelperTool (1.0.003) privileged XPC service on macOS cont ...)
+	TODO: check
+CVE-2025-65841 (Aquarius Desktop 3.0.069 for macOS stores user authentication credenti ...)
+	TODO: check
+CVE-2025-65345 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Direct ...)
+	TODO: check
+CVE-2025-65320 (Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable ...)
+	TODO: check
+CVE-2025-65267 (In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation ...)
+	TODO: check
+CVE-2025-65097 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
+	TODO: check
+CVE-2025-65096 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
+	TODO: check
+CVE-2025-65027 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
+	TODO: check
+CVE-2025-64763 (Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.3 ...)
+	TODO: check
+CVE-2025-64527 (Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.3 ...)
+	TODO: check
+CVE-2025-64443 (MCP Gateway allows easy and secure running and deployment of MCP serve ...)
+	TODO: check
+CVE-2025-63402 (An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 all ...)
+	TODO: check
+CVE-2025-63401 (Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech ...)
+	TODO: check
+CVE-2025-62686 (A local privilege escalation vulnerability exists in the Plugin Allian ...)
+	TODO: check
+CVE-2025-57202 (A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi en ...)
+	TODO: check
+CVE-2025-57201 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
+	TODO: check
+CVE-2025-57200 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
+	TODO: check
+CVE-2025-57199 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
+	TODO: check
+CVE-2025-57198 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
+	TODO: check
+CVE-2025-55182 (A pre-authentication remote code execution vulnerability exists in Rea ...)
+	TODO: check
+CVE-2025-55076 (A local privilege escalation vulnerability exists in the InstallationH ...)
+	TODO: check
+CVE-2025-54326 (An issue was discovered in Camera in Samsung Mobile Processor Exynos 1 ...)
+	TODO: check
+CVE-2025-54065 (GZDoom is a feature centric port for all Doom engine games. GZDoom is  ...)
+	TODO: check
+CVE-2025-53965 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+	TODO: check
+CVE-2025-53841 (Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged  ...)
+	TODO: check
+CVE-2025-50361 (Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL  ...)
+	TODO: check
+CVE-2025-50360 (A heap buffer overflow in compiler.c and compiler.h in Pepper language ...)
+	TODO: check
+CVE-2025-39665 (User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.4 ...)
+	TODO: check
+CVE-2025-34319 (TOTOLINK N300RT wireless router firmware versions prior toV3.4.0-B2025 ...)
+	TODO: check
+CVE-2025-33211 (NVIDIA Triton Server for Linux contains a vulnerability where an attac ...)
+	TODO: check
+CVE-2025-33208 (NVIDIA TAO contains a vulnerability where an attacker may cause a reso ...)
+	TODO: check
+CVE-2025-33201 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+	TODO: check
+CVE-2025-29864 (Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows ...)
+	TODO: check
+CVE-2025-20389 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
+	TODO: check
+CVE-2025-20388 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10,  ...)
+	TODO: check
+CVE-2025-20387 (In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6 ...)
+	TODO: check
+CVE-2025-20386 (In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8,  ...)
+	TODO: check
+CVE-2025-20385 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
+	TODO: check
+CVE-2025-20384 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10,  ...)
+	TODO: check
+CVE-2025-20383 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
+	TODO: check
+CVE-2025-20382 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
+	TODO: check
+CVE-2025-20381 (In Splunk MCP Server app versions below 0.2.4, a user with access to t ...)
+	TODO: check
+CVE-2025-13992 (Side-channel information leakage in Navigation and Loading in Google C ...)
+	TODO: check
+CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impac ...)
+	TODO: check
+CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to 20251011.  ...)
+	TODO: check
+CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows remote, user- ...)
+	TODO: check
+CVE-2025-13756 (The Fluent Booking plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2025-13751 (Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on  ...)
+	TODO: check
+CVE-2025-13492 (A potential security vulnerability has been identified in HP Image Ass ...)
+	TODO: check
+CVE-2025-13472 (A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow user ...)
+	TODO: check
+CVE-2025-13401 (The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-13390 (The WP Directory Kit plugin for WordPress is vulnerable to authenticat ...)
+	TODO: check
+CVE-2025-13359 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
+	TODO: check
+CVE-2025-13354 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
+	TODO: check
+CVE-2025-13342 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-13109 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
+	TODO: check
+CVE-2025-12887 (The Post SMTP plugin for WordPress is vulnerable to authorization bypa ...)
+	TODO: check
+CVE-2025-12819 (Untrusted search path in auth_query connection handler in PgBouncer be ...)
+	TODO: check
+CVE-2025-12744 (A flaw was found in the ABRT daemon\u2019s handling of user-supplied m ...)
+	TODO: check
+CVE-2025-12385 (Allocation of Resources Without Limits or Throttling, Improper Validat ...)
+	TODO: check
+CVE-2025-12358 (The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPres ...)
+	TODO: check
+CVE-2025-12084 (When building nested elements using xml.dom.minidom methods such as ap ...)
+	TODO: check
+CVE-2024-3884 (A flaw was found in Undertow that can cause remote denial of service a ...)
+	TODO: check
+CVE-2024-32643 (Masa CMS is an open source Enterprise Content Management platform. Pri ...)
+	TODO: check
+CVE-2024-32642 (Masa CMS is an open source Enterprise Content Management platform. Pri ...)
+	TODO: check
+CVE-2024-32641 (Masa CMS is an open source Enterprise Content Management platform. Mas ...)
+	TODO: check
 CVE-2025-12548
 	NOT-FOR-US: Eclipse Che
 CVE-2025-65955 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -104,7 +260,7 @@ CVE-2025-64070 (Sourcecodester Student Grades Management System v1.0 is vulnerab
 	NOT-FOR-US: SourceCodester
 CVE-2025-63872 (DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which al ...)
 	NOT-FOR-US: DeepSeek
-CVE-2025-61727 [crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN]
+CVE-2025-61727 (An excluded subdomain constraint in a certificate chain does not restr ...)
 	- golang-1.25 <unfixed> (bug #1121847)
 	- golang-1.24 <unfixed> (bug #1121848)
 	- golang-1.19 <removed>
@@ -2489,7 +2645,7 @@ CVE-2025-63888 (The read function in file thinkphp\library\think\template\driver
 	NOT-FOR-US: ThinkPHP
 CVE-2025-63848 (Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2 ...)
 	NOT-FOR-US: SWISH SWI-Prolog
-CVE-2025-63700 (An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypas ...)
+CVE-2025-63700 (An issue was discovered in clerk-js 5.88.0 allowing attackers to bypas ...)
 	NOT-FOR-US: Clerk-js
 CVE-2025-62731 (SOPlanning is vulnerable to Stored XSS in /feriesendpoint. Malicious a ...)
 	NOT-FOR-US: SOPlanning
@@ -2958,7 +3114,7 @@ CVE-2025-11243 (Allocation of Resources Without Limits or Throttling vulnerabili
 CVE-2025-12106 (Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 ...)
 	- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
 	NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
-CVE-2025-13086 [HMAC verification check: fix incorrect memcmp() call]
+CVE-2025-13086 (Improper validation of source IP addresses in OpenVPN version 2.6.0 th ...)
 	[experimental] - openvpn 2.7.0~rc2-1
 	- openvpn 2.7.0~rc2-2 (bug #1121086)
 	[bullseye] - openvpn <not-affected> (Vulnerable code not present)
@@ -10529,7 +10685,8 @@ CVE-2025-10579 (The BackWPup \u2013 WordPress Backup & Restore Plugin plugin for
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10488 (The Directorist: AI-Powered Business Directory Plugin with Classified  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-52099 (Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a rem ...)
+CVE-2025-52099
+	REJECTED
 	- sqlite3 3.46.1-4 (unimportant)
 	NOTE: https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2406257
@@ -35316,7 +35473,7 @@ CVE-2025-2988 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0
 CVE-2024-45062 (A stack based buffer overflow vulnerability is present in OpenPrinting ...)
 	- ippusbxd <removed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071
-CVE-2024-44373 (A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unau ...)
+CVE-2024-44373 (A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12. ...)
 	NOT-FOR-US: AllSky
 CVE-2025-38615 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.16.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b15379cf225f9e31d9731aa875e16c72af0458d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b15379cf225f9e31d9731aa875e16c72af0458d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/afe0486c/attachment-0001.htm>
