[Git][security-tracker-team/security-tracker][master] Add CVE-2025-63499/sogo
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 4 20:46:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca6f9049 by Salvatore Bonaccorso at 2025-12-04T21:45:35+01:00
Add CVE-2025-63499/sogo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,7 +24,9 @@ CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to
CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API ...)
NOT-FOR-US: open-webui
CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
- TODO: check
+ - sogo <unfixed>
+ NOTE: Fixed by: https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
+ NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware
CVE-2025-63363 (A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI E ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6f904900266bcffd267d0ad2bd868ef6ac94a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6f904900266bcffd267d0ad2bd868ef6ac94a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/f1f3644a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list