[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf4e53cb by security tracker role at 2025-12-10T08:13:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2025-9571 (A remote code execution (RCE) vulnerability exists in Google Cloud Dat ...)
+	TODO: check
+CVE-2025-9056 (Unprotected service in the AudioLink component allows a local attacker ...)
+	TODO: check
+CVE-2025-67613
+	REJECTED
+CVE-2025-67612
+	REJECTED
+CVE-2025-67611
+	REJECTED
+CVE-2025-67610
+	REJECTED
+CVE-2025-67609
+	REJECTED
+CVE-2025-67608
+	REJECTED
+CVE-2025-67607
+	REJECTED
+CVE-2025-67606
+	REJECTED
+CVE-2025-67605
+	REJECTED
+CVE-2025-67507 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2025-67506 (PipesHub is a fully extensible workplace AI platform for enterprise se ...)
+	TODO: check
+CVE-2025-67503
+	REJECTED
+CVE-2025-67502 (Taguette is an open source qualitative research tool. In versions 1.5. ...)
+	TODO: check
+CVE-2025-67501 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-67500 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2025-67499 (The CNI portmap plugin allows containers to emulate opening a host por ...)
+	TODO: check
+CVE-2025-67498
+	REJECTED
+CVE-2025-67497
+	REJECTED
+CVE-2025-67496 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+	TODO: check
+CVE-2025-67495 (ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0 ...)
+	TODO: check
+CVE-2025-67494 (ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 ...)
+	TODO: check
+CVE-2025-67489 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
+	TODO: check
+CVE-2025-67488 (SiYuan is self-hosted, open source personal knowledge management softw ...)
+	TODO: check
+CVE-2025-67485 (mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and  ...)
+	TODO: check
+CVE-2025-66645 (NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are v ...)
+	TODO: check
+CVE-2025-66626 (Argo Workflows is an open source container-native workflow engine for  ...)
+	TODO: check
+CVE-2025-66625 (Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temp ...)
+	TODO: check
+CVE-2025-66457 (Elysia is a Typescript framework for request validation, type inferenc ...)
+	TODO: check
+CVE-2025-66039 (FreePBX Endpoint Manager is a module for managing telephony endpoints  ...)
+	TODO: check
+CVE-2025-65513 (fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forge ...)
+	TODO: check
+CVE-2025-64899 (Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.0 ...)
+	TODO: check
+CVE-2025-64898 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-64897 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-64896 (Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by  ...)
+	TODO: check
+CVE-2025-64787 (Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.0 ...)
+	TODO: check
+CVE-2025-64786 (Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.0 ...)
+	TODO: check
+CVE-2025-64785 (Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.0 ...)
+	TODO: check
+CVE-2025-61823 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61822 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61821 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61813 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61812 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61811 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61810 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61809 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-61808 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
+	TODO: check
+CVE-2025-36437 (IBM Planning Analytics Local2.1.0 -2.1.15 could disclose sensitive inf ...)
+	TODO: check
+CVE-2025-34425 (MailEnable versions prior to 10.54 contain a reflected cross-site scri ...)
+	TODO: check
+CVE-2025-13760
+	REJECTED
+CVE-2025-13743 (Docker Desktop diagnostics bundles were found to include expired Hub P ...)
+	TODO: check
+CVE-2025-13677 (The Simple Download Counter plugin for WordPress is vulnerable to Path ...)
+	TODO: check
+CVE-2025-13613 (The Elated Membership plugin for WordPress is vulnerable to Authentica ...)
+	TODO: check
+CVE-2025-13339 (The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-13073 (The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not ...)
+	TODO: check
+CVE-2025-13072 (The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not ...)
+	TODO: check
+CVE-2025-12952 (A privilege escalation vulnerability exists in Google Cloud's Dialogfl ...)
+	TODO: check
+CVE-2023-53774 (MiniDVBLinux 5.4 contains a remote code execution vulnerability in the ...)
+	TODO: check
+CVE-2023-53773 (MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_a ...)
+	TODO: check
+CVE-2023-53772 (MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability t ...)
+	TODO: check
+CVE-2023-53771 (MiniDVBLinux 5.4 contains an authentication bypass vulnerability that  ...)
+	TODO: check
+CVE-2023-53770 (MiniDVBLinux 5.4 contains an unauthenticated configuration download vu ...)
+	TODO: check
+CVE-2023-53739 (Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenti ...)
+	TODO: check
+CVE-2021-47731 (Selea Targa IP OCR-ANPR Camera contains a hard-coded developer passwor ...)
+	TODO: check
+CVE-2021-47730 (Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery v ...)
+	TODO: check
+CVE-2021-47729 (Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting  ...)
+	TODO: check
+CVE-2021-47728 (Selea Targa IP OCR-ANPR Camera contains an unauthenticated command inj ...)
+	TODO: check
+CVE-2021-47727 (Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerabili ...)
+	TODO: check
+CVE-2021-47724 (STVS ProVision 5.9.10 contains a path traversal vulnerability that all ...)
+	TODO: check
+CVE-2021-47723 (STVS ProVision 5.9.10 contains a cross-site request forgery vulnerabil ...)
+	TODO: check
+CVE-2021-47719 (COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vu ...)
+	TODO: check
+CVE-2021-47718 (OpenBMCS 2.4 contains an information disclosure vulnerability that all ...)
+	TODO: check
+CVE-2021-47717 (IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumerat ...)
+	TODO: check
+CVE-2021-47710 (COMMAX Smart Home System is a smart IoT home solution that allows an u ...)
+	TODO: check
+CVE-2021-47709 (COMMAX Smart Home System allows an unauthenticated attacker to change  ...)
+	TODO: check
+CVE-2021-47708 (COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerabi ...)
+	TODO: check
+CVE-2021-47707 (COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credenti ...)
+	TODO: check
+CVE-2021-47706 (COMMAX Biometric Access Control System 1.0.0 contains an authenticatio ...)
+	TODO: check
+CVE-2021-47705 (COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer ...)
+	TODO: check
+CVE-2021-47704 (OpenBMCS 2.4 contains an SQL injection vulnerability that allows authe ...)
+	TODO: check
+CVE-2021-47703 (OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allow ...)
+	TODO: check
+CVE-2021-47702 (OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to pe ...)
+	TODO: check
+CVE-2021-47701 (OpenBMCS 2.4 allows an attacker to escalate privileges from a read use ...)
+	TODO: check
 CVE-2025-9638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Portabilis
 CVE-2025-9614 (An issue was discovered in the PCI Express (PCIe) Integrity and Data E ...)
@@ -3362,7 +3530,7 @@ CVE-2025-40214 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-66404 (MCP Server Kubernetes is an MCP Server that can connect to a Kubernete ...)
 	NOT-FOR-US: MCP Server Kubernetes
 CVE-2025-66287 (A flaw was found in WebKitGTK. Processing malicious web content can ca ...)
-	{DSA-6074-1}
+	{DSA-6074-1 DLA-4399-1}
 	- webkit2gtk 2.50.3-1
 	- wpewebkit 2.50.3-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -3517,7 +3685,7 @@ CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1.
 CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to 20251011.  ...)
 	NOT-FOR-US: opsre go-ldap-admin
 CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows remote, user- ...)
-	{DSA-6074-1}
+	{DSA-6074-1 DLA-4399-1}
 	- webkit2gtk 2.50.3-1
 	- wpewebkit 2.50.3-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -11155,7 +11323,7 @@ CVE-2025-43460 (A logic issue was addressed with improved checks. This issue is
 CVE-2025-43459 (An authentication issue was addressed with improved state management.  ...)
 	NOT-FOR-US: Apple
 CVE-2025-43458 (This issue was addressed through improved state management. This issue ...)
-	{DSA-6074-1}
+	{DSA-6074-1 DLA-4399-1}
 	- webkit2gtk 2.50.3-1
 	- wpewebkit 2.50.3-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -11279,7 +11447,7 @@ CVE-2025-43423 (A logging issue was addressed with improved data redaction. This
 CVE-2025-43422 (The issue was addressed by adding additional logic. This issue is fixe ...)
 	NOT-FOR-US: Apple
 CVE-2025-43421 (Multiple issues were addressed by disabling array allocation sinking.  ...)
-	{DSA-6074-1}
+	{DSA-6074-1 DLA-4399-1}
 	- webkit2gtk 2.50.3-1
 	- wpewebkit 2.50.3-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -14583,7 +14751,7 @@ CVE-2025-62236 (The Frontier Airlines website has a publicly available endpoint
 	NOT-FOR-US: Frontier Airlines website
 CVE-2025-62169 (OctoPrint-SpoolManager is a plugin for managing spools and all their u ...)
 	NOT-FOR-US: OctoPrint-SpoolManager
-CVE-2025-61865 (NarSuS App registers a Windows service with an unquoted file path. A u ...)
+CVE-2025-61865 (Multiple NAS management applications provided by I-O DATA DEVICE, INC. ...)
 	NOT-FOR-US: NarSuS App
 CVE-2025-61464 (gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order S ...)
 	NOT-FOR-US: Gnuboard
@@ -25511,7 +25679,7 @@ CVE-2025-59534 (CryptoLib provides a software-only solution using the CCSDS Spac
 CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was discovered in ...)
 	NOT-FOR-US: Click Plus PLC
 CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	{DLA-4358-1}
+	{DSA-6075-1 DLA-4358-1}
 	- wordpress 6.8.3+dfsg1-1 (bug #1117047)
 	NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -25524,7 +25692,7 @@ CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the user-
 CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data vulnerability in Wor ...)
-	{DLA-4358-1}
+	{DSA-6075-1 DLA-4358-1}
 	- wordpress 6.8.3+dfsg1-1 (bug #1117047)
 	NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -162464,7 +162632,7 @@ CVE-2024-21520 (Versions of the package djangorestframework before 3.15.2 are vu
 CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel Reservat ...)
 	NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via the HT ...)
-	{DLA-4358-1}
+	{DSA-6075-1 DLA-4358-1}
 	- wordpress 6.5.5+dfsg1-1 (bug #1074486)
 	NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-7/
@@ -162574,7 +162742,7 @@ CVE-2024-32111 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
 	- wordpress <not-affected> (Only affects Windows systems)
 	NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
 CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	{DLA-4358-1}
+	{DSA-6075-1 DLA-4358-1}
 	- wordpress 6.5.5+dfsg1-1 (bug #1074486)
 	NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-7/
@@ -187600,6 +187768,7 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 a
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via user d ...)
+	{DSA-6075-1}
 	- wordpress 6.5.2+dfsg1-1 (bug #1069091)
 	[bullseye] - wordpress <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4e53cb9ca3dda8af9a1fa7a6969a522b51124b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4e53cb9ca3dda8af9a1fa7a6969a522b51124b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251210/ebda0f24/attachment-0001.htm>