[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2025-66516/tika
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 5 08:01:27 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fbcf8af by Salvatore Bonaccorso at 2025-12-05T09:00:26+01:00
Add Debian bug reference for CVE-2025-66516/tika
- - - - -
bafe381b by Salvatore Bonaccorso at 2025-12-05T09:00:29+01:00
Add Debian bug reference for CVE-2025-63499/sogo
- - - - -
8850d683 by Salvatore Bonaccorso at 2025-12-05T09:00:31+01:00
Add Debian bug reference for CVE-2025-66453/rhino
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-9127 (A vulnerability exists in PX Enterprise whereby sensitive informa
CVE-2025-8074 (Origin validation error vulnerability in BeeDrive in Synology BeeDrive ...)
NOT-FOR-US: Synology
CVE-2025-66516 (Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2 ...)
- - tika <unfixed>
+ - tika <unfixed> (bug #1121954)
NOTE: https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunke ...)
NOT-FOR-US: Akamai
@@ -31,7 +31,7 @@ CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to
CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API ...)
NOT-FOR-US: open-webui
CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
- - sogo <unfixed>
+ - sogo <unfixed> (bug #1121952)
NOTE: Fixed by: https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
@@ -431,7 +431,7 @@ CVE-2025-66489 (Cal.com is open-source scheduling software. Prior to 5.9.8, A fl
CVE-2025-66478
REJECTED
CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written entirely ...)
- - rhino <unfixed>
+ - rhino <unfixed> (bug #1121953)
NOTE: https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x
CVE-2025-66431 (WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux a ...)
NOT-FOR-US: WebPros Plesk
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/549cc40ac7038aef7f48054a2f7dfe5e4c1c3208...8850d6836363b7956d5f84229559c87fde938adb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/549cc40ac7038aef7f48054a2f7dfe5e4c1c3208...8850d6836363b7956d5f84229559c87fde938adb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/9a050fd9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list