[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 5 20:13:33 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d7c8d2f by security tracker role at 2025-12-05T20:13:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on APT-bas ...)
+ TODO: check
+CVE-2025-66644 (Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as ...)
+ TODO: check
+CVE-2025-66624 (BACnet Protocol Stack library provides a BACnet application layer, net ...)
+ TODO: check
+CVE-2025-66623 (Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or ...)
+ TODO: check
+CVE-2025-66581 (Frappe Learning Management System (LMS) is a learning system that help ...)
+ TODO: check
+CVE-2025-66577 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2025-66570 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2025-66566 (yawkat LZ4 Java provides LZ4 compression for Java. Insufficient cleari ...)
+ TODO: check
+CVE-2025-66562 (TUUI is a desktop MCP client designed as a tool unitary utility integr ...)
+ TODO: check
+CVE-2025-66558 (Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for N ...)
+ TODO: check
+CVE-2025-66557 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...)
+ TODO: check
+CVE-2025-66556 (Nextcloud talk is a video & audio conferencing app for Nextcloud. Prio ...)
+ TODO: check
+CVE-2025-66554 (Contacts app for Nextcloud easily syncs contacts from various devices ...)
+ TODO: check
+CVE-2025-66553 (Nextcloud Tables allows you to create your own tables with individual ...)
+ TODO: check
+CVE-2025-66552 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
+ TODO: check
+CVE-2025-66551 (Nextcloud Tables allows you to create your own tables with individual ...)
+ TODO: check
+CVE-2025-66550 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 an ...)
+ TODO: check
+CVE-2025-66549 (Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3 ...)
+ TODO: check
+CVE-2025-66548 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...)
+ TODO: check
+CVE-2025-66547 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
+ TODO: check
+CVE-2025-66546 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5 ...)
+ TODO: check
+CVE-2025-66545 (Nextcloud Groupfolders provides admin-configured folders shared by eve ...)
+ TODO: check
+CVE-2025-66515 (The Nextcloud Approval app allows approval or disapproval of files in ...)
+ TODO: check
+CVE-2025-66514 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...)
+ TODO: check
+CVE-2025-66513 (Nextcloud Tables allows you to create your own tables with individual ...)
+ TODO: check
+CVE-2025-66512 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
+ TODO: check
+CVE-2025-66511 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, th ...)
+ TODO: check
+CVE-2025-66510 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
+ TODO: check
+CVE-2025-66471 (urllib3 is a user-friendly HTTP client library for Python. Starting in ...)
+ TODO: check
+CVE-2025-66418 (urllib3 is a user-friendly HTTP client library for Python. Starting in ...)
+ TODO: check
+CVE-2025-65897 (zdh_web is a data collection, processing, monitoring, scheduling, and ...)
+ TODO: check
+CVE-2025-65879 (Warehouse Management System 1.2 contains an authenticated arbitrary fi ...)
+ TODO: check
+CVE-2025-65878 (The warehouse management system version 1.2 contains an arbitrary file ...)
+ TODO: check
+CVE-2025-65730 (Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, ...)
+ TODO: check
+CVE-2025-65036 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
+ TODO: check
+CVE-2025-64057 (Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows una ...)
+ TODO: check
+CVE-2025-64056 (File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthentic ...)
+ TODO: check
+CVE-2025-64054 (A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2. ...)
+ TODO: check
+CVE-2025-64053 (A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows ...)
+ TODO: check
+CVE-2025-64052 (An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthentic ...)
+ TODO: check
+CVE-2025-46603 (Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, conta ...)
+ TODO: check
+CVE-2025-34266 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34265 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34264 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34263 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34262 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34261 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34260 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34259 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34258 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34257 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
+ TODO: check
+CVE-2025-34256 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a hard-cod ...)
+ TODO: check
+CVE-2025-14104 (A flaw was found in util-linux. This vulnerability allows a heap buffe ...)
+ TODO: check
+CVE-2025-14094 (A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected elem ...)
+ TODO: check
+CVE-2025-14093 (A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted i ...)
+ TODO: check
+CVE-2025-14092 (A security vulnerability has been detected in Edimax BR-6478AC V3 1.0. ...)
+ TODO: check
+CVE-2025-14091 (A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to ...)
+ TODO: check
+CVE-2025-14090 (A security flaw has been discovered in AMTT Hotel Broadband Operation ...)
+ TODO: check
+CVE-2025-14089 (A vulnerability was identified in Himool ERP up to 2.2. Affected by th ...)
+ TODO: check
+CVE-2025-14088 (A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by ...)
+ TODO: check
+CVE-2025-14086 (A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affec ...)
+ TODO: check
+CVE-2025-14085 (A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. ...)
+ TODO: check
+CVE-2025-13739 (The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-13682 (The Trail Manager plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-13678 (The Thai Lottery Widget plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-13654 (A stack buffer overflow vulnerability exists in the buffer_get functio ...)
+ TODO: check
+CVE-2025-13620 (The Wp Social Login and Register Social Counter plugin for WordPress i ...)
+ TODO: check
+CVE-2025-13614 (The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-12879 (The User Generator and Importer plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-12876 (The Projectopia \u2013 WordPress Project Management plugin for WordPre ...)
+ TODO: check
+CVE-2025-12851 (The My auctions allegro plugin for WordPress is vulnerable to Local Fi ...)
+ TODO: check
+CVE-2020-36882 (Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload a ...)
+ TODO: check
+CVE-2020-36881 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerabili ...)
+ TODO: check
+CVE-2020-36880 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerabili ...)
+ TODO: check
+CVE-2020-36879 (Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate ...)
+ TODO: check
+CVE-2020-36878 (ReQuest Serious Play Media Player 3.0 contains an unauthenticated file ...)
+ TODO: check
+CVE-2020-36877 (ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated ...)
+ TODO: check
+CVE-2020-36876 (ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2. ...)
+ TODO: check
CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WatchGuard
CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to execute syst ...)
@@ -594,19 +750,19 @@ CVE-2025-40216 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b (6.16-rc4)
-CVE-2025-66200 [mod_userdir+suexec bypass via AllowOverride FileInfo]
+CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
-CVE-2025-65082 [CGI environment variable override]
+CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
-CVE-2025-59775 [NTLM Leakage on Windows through UNC SSRF]
+CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Serv ...)
- apache2 <not-affected> (Only affects Apache on Windows)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-59775
-CVE-2025-58098 [Server Side Includes adds query string to #exec cmd=...]
+CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
-CVE-2025-55753 [mod_md (ACME), unintended retry intervals]
+CVE-2025-55753 (An integer overflow in the case of failed ACME certificate renewal lea ...)
- apache2 2.4.66-1 (bug #1121926)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
CVE-2025-40215 (In the Linux kernel, the following vulnerability has been resolved: x ...)
@@ -719,7 +875,7 @@ CVE-2025-54065 (GZDoom is a feature centric port for all Doom engine games. GZDo
- gzdoom <itp> (bug #609352)
CVE-2025-53965 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
NOT-FOR-US: Samsung
-CVE-2025-53841 (Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged ...)
+CVE-2025-53841 (The GC-AGENTS-SERVICE running as part of Akamai\xb4s Guardicore Platfo ...)
NOT-FOR-US: Akamai Guardicore Platform Agent
CVE-2025-50361 (Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL ...)
- smallbasic <itp> (bug #844314)
@@ -1691,7 +1847,7 @@ CVE-2025-53897 (Kiteworks MFT orchestrates end-to-end file transfer workflows. P
NOT-FOR-US: Kiteworks
CVE-2025-53896 (Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior t ...)
NOT-FOR-US: Kiteworks
-CVE-2024-9183
+CVE-2024-9183 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-51736 (File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.)
NOT-FOR-US: HCL
@@ -2717,7 +2873,7 @@ CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting Requ
CVE-2025-0005 (Improper input validation within the XOCL driver may allow a local att ...)
NOT-FOR-US: AMD
CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file could resul ...)
- {DSA-6065-1}
+ {DSA-6065-1 DLA-4395-1}
- krita 1:5.2.13+dfsg-1
NOTE: https://kde.org/info/security/advisory-20250929-1.txt
NOTE: Fixed by: https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8 (v5.2.13)
@@ -12506,7 +12662,7 @@ CVE-2025-11804 (The JB News Ticker plugin for WordPress is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechanism rev ...)
NOT-FOR-US: langgenius/dify-web
-CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to ...)
+CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to ...)
{DSA-6071-1 DLA-4365-2 DLA-4365-1}
- unbound 1.24.2-1
[bookworm] - unbound <no-dsa> (Minor issue; will be fixed via point release for more exposure before release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7c8d2fed7567f2e7388b91960555795f314814
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7c8d2fed7567f2e7388b91960555795f314814
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/9fee0f46/attachment.htm>
More information about the debian-security-tracker-commits
mailing list