[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 11 08:15:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13037ca8 by security tracker role at 2025-12-11T08:13:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2025-9436 (The Widgets for Google Reviews plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-8405 (GitLab has remediated a security issue in GitLab CE/EE affecting all v ...)
+	TODO: check
+CVE-2025-67738 (squid/cachemgr.cgi in Webmin before 2.600 does not properly quote argu ...)
+	TODO: check
+CVE-2025-67720 (Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3 ...)
+	TODO: check
+CVE-2025-67719 (Ibexa is a composable end-to-end DXP (Digital Experience Platform). Ve ...)
+	TODO: check
+CVE-2025-67718 (Form.io is a combined Form and API platform for Serverless application ...)
+	TODO: check
+CVE-2025-67717 (ZITADEL is an open-source identity infrastructure tool. Versions 2.44. ...)
+	TODO: check
+CVE-2025-67716 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+	TODO: check
+CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and below tr ...)
+	TODO: check
+CVE-2025-67694
+	REJECTED
+CVE-2025-67693
+	REJECTED
+CVE-2025-67692
+	REJECTED
+CVE-2025-67691
+	REJECTED
+CVE-2025-67690
+	REJECTED
+CVE-2025-67689
+	REJECTED
+CVE-2025-67688
+	REJECTED
+CVE-2025-67687
+	REJECTED
+CVE-2025-67686
+	REJECTED
+CVE-2025-67648 (Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10 ...)
+	TODO: check
+CVE-2025-67646 (TableProgressTracking is a MediaWiki extension to track progress again ...)
+	TODO: check
+CVE-2025-67644 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
+	TODO: check
+CVE-2025-67514
+	REJECTED
+CVE-2025-67513 (FreePBX Endpoint Manager is a module for managing telephony endpoints  ...)
+	TODO: check
+CVE-2025-67512
+	REJECTED
+CVE-2025-67511 (Cybersecurity AI (CAI) is an open-source framework for building and de ...)
+	TODO: check
+CVE-2025-67510 (Neuron is a PHP framework for creating and orchestrating AI Agents. In ...)
+	TODO: check
+CVE-2025-67509 (Neuron is a PHP framework for creating and orchestrating AI Agents. Ve ...)
+	TODO: check
+CVE-2025-67505 (Okta Java Management SDK facilitates interactions with the Okta manage ...)
+	TODO: check
+CVE-2025-67490 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+	TODO: check
+CVE-2025-67461 (External control of file name or path in Zoom Rooms for macOS before v ...)
+	TODO: check
+CVE-2025-67460 (Protection Mechanism Failure of Software Downgrade in Zoom Rooms for W ...)
+	TODO: check
+CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or convert b ...)
+	TODO: check
+CVE-2025-66474 (XWiki Rendering is a generic rendering system that converts textual in ...)
+	TODO: check
+CVE-2025-66473 (XWiki is an open-source wiki software platform. Versions 16.10.10 and  ...)
+	TODO: check
+CVE-2025-66472 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-66033 (Okta Java Management SDK facilitates interactions with the Okta manage ...)
+	TODO: check
+CVE-2025-65950 (WBCE CMS is a content management system. In versions 1.6.4 and below,  ...)
+	TODO: check
+CVE-2025-65832 (The mobile application insecurely handles information stored within me ...)
+	TODO: check
+CVE-2025-65831 (The application uses an insecure hashing algorithm (MD5) to hash passw ...)
+	TODO: check
+CVE-2025-65830 (Due to a lack of certificate validation, all traffic from the mobile a ...)
+	TODO: check
+CVE-2025-65829 (The ESP32 system on a chip (SoC) that powers the Meatmeet basestation  ...)
+	TODO: check
+CVE-2025-65828 (An unauthenticated attacker within proximity of the Meatmeet device ca ...)
+	TODO: check
+CVE-2025-65827 (The mobile application is configured to allow clear text traffic to al ...)
+	TODO: check
+CVE-2025-65826 (The mobile application was found to contain stored credentials for the ...)
+	TODO: check
+CVE-2025-65825 (The firmware on the basestation of the Meatmeet is not encrypted. An a ...)
+	TODO: check
+CVE-2025-65824 (An unauthenticated attacker within proximity of the Meatmeet device ca ...)
+	TODO: check
+CVE-2025-65823 (The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credenti ...)
+	TODO: check
+CVE-2025-65822 (The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was foun ...)
+	TODO: check
+CVE-2025-65821 (As UART download mode is still enabled on the ESP32 chip on which the  ...)
+	TODO: check
+CVE-2025-65820 (An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0 ...)
+	TODO: check
+CVE-2025-65512 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in t ...)
+	TODO: check
+CVE-2025-65297 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_002 ...)
+	TODO: check
+CVE-2025-65296 (NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, H ...)
+	TODO: check
+CVE-2025-65295 (Multiple vulnerabilities in Aqara Hub firmware update process in the C ...)
+	TODO: check
+CVE-2025-65294 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_002 ...)
+	TODO: check
+CVE-2025-65293 (Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 al ...)
+	TODO: check
+CVE-2025-65292 (Command injection vulnerability in Aqara Hub devices including Camera  ...)
+	TODO: check
+CVE-2025-65291 (Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Came ...)
+	TODO: check
+CVE-2025-65290 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_002 ...)
+	TODO: check
+CVE-2025-62181 (Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a ...)
+	TODO: check
+CVE-2025-4097 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-24857 (Improper access control for volatile memory containing boot code in Un ...)
+	TODO: check
+CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap buffer over ...)
+	TODO: check
+CVE-2025-14485 (A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vuln ...)
+	TODO: check
+CVE-2025-14157 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-13978 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-13923
+	REJECTED
+CVE-2025-13764 (The WP CarDealer plugin for WordPress is vulnerable to Privilege Escal ...)
+	TODO: check
+CVE-2025-12734 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-12731
+	REJECTED
+CVE-2025-12716 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-12562 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-12029 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-11984 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-11467 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
+	TODO: check
+CVE-2025-11247 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2025-10163 (The List category posts plugin for WordPress is vulnerable to time-bas ...)
+	TODO: check
+CVE-2024-58285 (Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that  ...)
+	TODO: check
+CVE-2024-58284 (PopojiCMS 2.0.1 contains an authenticated remote command execution vul ...)
+	TODO: check
+CVE-2024-58283 (WBCE CMS version 1.6.2 contains a remote code execution vulnerability  ...)
+	TODO: check
+CVE-2024-58282 (Serendipity 2.5.0 contains a remote code execution vulnerability that  ...)
+	TODO: check
+CVE-2024-58281 (Dotclear 2.29 contains a remote code execution vulnerability that allo ...)
+	TODO: check
+CVE-2024-58280 (CMSimple 5.15 contains a remote command execution vulnerability that a ...)
+	TODO: check
+CVE-2024-58279 (appRain CMF 4.0.5 contains an authenticated remote code execution vuln ...)
+	TODO: check
+CVE-2023-53776 (Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability t ...)
+	TODO: check
+CVE-2023-53775 (Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability t ...)
+	TODO: check
+CVE-2023-53741 (Screen SFT DAB 1.9.3 contains a weak session management vulnerability  ...)
+	TODO: check
+CVE-2023-53740 (Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability t ...)
+	TODO: check
+CVE-2020-36902 (UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypa ...)
+	TODO: check
+CVE-2020-36901 (UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request  ...)
+	TODO: check
+CVE-2020-36900 (All-Dynamics Digital Signage System 2.0.2 contains a cross-site reques ...)
+	TODO: check
+CVE-2020-36899 (QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated fil ...)
+	TODO: check
+CVE-2020-36898 (QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated fil ...)
+	TODO: check
+CVE-2020-36897 (QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated rem ...)
+	TODO: check
+CVE-2020-36896 (QiHang Media Web Digital Signage 3.0.9 contains a cleartext credential ...)
+	TODO: check
+CVE-2020-36895 (EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated ...)
+	TODO: check
+CVE-2020-36894 (Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication  ...)
+	TODO: check
+CVE-2020-36893 (Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traver ...)
+	TODO: check
+CVE-2020-36892 (Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated ...)
+	TODO: check
+CVE-2020-36888 (SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration  ...)
+	TODO: check
+CVE-2020-36887 (SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated info ...)
+	TODO: check
+CVE-2020-36886 (SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request fo ...)
+	TODO: check
+CVE-2020-36885 (Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vul ...)
+	TODO: check
+CVE-2020-36884 (BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less conta ...)
+	TODO: check
+CVE-2020-36883 (SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authentica ...)
+	TODO: check
 CVE-2025-13327
 	- uv <itp> (bug #1069776)
 CVE-2025-9315 (An unauthenticated device registration vulnerability, caused by Improp ...)
@@ -1342,6 +1552,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may caus
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
 	NOTE: Fixed by: https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249 (edk2-stable202511)
 CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14333
@@ -1350,21 +1561,25 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. S
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
 CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. This vuln ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14331
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
 CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14330
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
 CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14329
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
 CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14328
@@ -1376,26 +1591,31 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerabi
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
 CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14325
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
 CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14324
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
 CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This vulnera ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14323
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
 CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14322
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
 CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This vulnerability  ...)
+	{DSA-6078-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14321



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13037ca86e995fb571778d98279d82cc9457f41c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13037ca86e995fb571778d98279d82cc9457f41c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251211/35b10c6f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list