[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 14 20:13:23 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ac5e0af by security tracker role at 2025-12-14T20:13:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-14674 (A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by ...)
+	TODO: check
+CVE-2025-14673 (A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affec ...)
+	TODO: check
+CVE-2025-14672 (A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts t ...)
+	TODO: check
+CVE-2025-14668 (A vulnerability was detected in campcodes Advanced Online Examination  ...)
+	TODO: check
+CVE-2025-14667 (A security vulnerability has been detected in itsourcecode COVID Track ...)
+	TODO: check
+CVE-2025-14666 (A weakness has been identified in itsourcecode COVID Tracking System 1 ...)
+	TODO: check
+CVE-2025-14665 (A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted  ...)
+	TODO: check
+CVE-2025-14664 (A vulnerability was identified in Campcodes Supplier Management System ...)
+	TODO: check
+CVE-2025-14663 (A vulnerability was determined in code-projects Student File Managemen ...)
+	TODO: check
+CVE-2025-14662 (A vulnerability was found in code-projects Student File Management Sys ...)
+	TODO: check
+CVE-2025-14661 (A vulnerability has been found in itsourcecode Student Managemen Syste ...)
+	TODO: check
+CVE-2025-14660 (A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected b ...)
+	TODO: check
+CVE-2025-14659 (A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b0 ...)
+	TODO: check
+CVE-2025-14656 (A weakness has been identified in Tenda AC20 16.03.08.12. This affects ...)
+	TODO: check
+CVE-2025-14655 (A security flaw has been discovered in Tenda AC20 16.03.08.12. The imp ...)
+	TODO: check
+CVE-2025-14654 (A vulnerability was identified in Tenda AC20 16.03.08.12. The affected ...)
+	TODO: check
+CVE-2025-14653 (A vulnerability was determined in itsourcecode Student Management Syst ...)
+	TODO: check
+CVE-2025-14652 (A vulnerability was found in itsourcecode Online Cake Ordering System  ...)
+	TODO: check
+CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to 0.14.27. Thi ...)
+	TODO: check
 CVE-2025-XXXX [Cross-Site-Scripting vulnerability via SVG's animate tag]
 	- roundcube 1.6.12+dfsg-1 (bug #1122899)
 	NOTE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
@@ -2743,7 +2781,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may caus
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
 	NOTE: Fixed by: https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249 (edk2-stable202511)
 CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2754,7 +2792,7 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. S
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
 CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. This vuln ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2762,7 +2800,7 @@ CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. Thi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14331
 CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2770,7 +2808,7 @@ CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14330
 CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2778,7 +2816,7 @@ CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerabi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14329
 CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2792,7 +2830,7 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerabi
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
 CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2800,7 +2838,7 @@ CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14325
 CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2808,7 +2846,7 @@ CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14324
 CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This vulnera ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2816,7 +2854,7 @@ CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This v
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14323
 CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2824,7 +2862,7 @@ CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graph
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14322
 CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This vulnerability  ...)
-	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
+	{DSA-6081-1 DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -280890,12 +280928,12 @@ CVE-2022-4769 (Hitachi Vantara Pentaho Business Analytics Server prior to versio
 CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classified as  ...)
 	NOT-FOR-US: Dropbox merou
 CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
-	{DLA-3303-1}
+	{DLA-4406-1 DLA-3303-1}
 	- ruby-git 1.13.1-1
 	NOTE: https://github.com/ruby-git/ruby-git/pull/602
 	NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0)
 CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
-	{DLA-3303-1}
+	{DLA-4406-1 DLA-3303-1}
 	- ruby-git 1.13.1-1
 	NOTE: https://github.com/ruby-git/ruby-git/pull/602
 	NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0)
@@ -348596,7 +348634,7 @@ CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remo
 CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...)
 	- node-scss-tokenizer <itp> (bug #885456)
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
-	{DLA-3303-1}
+	{DLA-4406-1 DLA-3303-1}
 	- ruby-git 1.13.1-1 (bug #1009926)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569
 	NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
@@ -355736,7 +355774,7 @@ CVE-2022-23839
 CVE-2022-23838
 	RESERVED
 CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...)
-	{DLA-3360-1 DLA-2943-1}
+	{DLA-4407-1 DLA-3360-1 DLA-2943-1}
 	- ruby-sidekiq 6.4.1+dfsg-1 (bug #1004193)
 	NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
 CVE-2022-23836
@@ -408285,7 +408323,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x t
 	NOTE: https://phabricator.wikimedia.org/T270713
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
 CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
-	{DLA-3360-1 DLA-2943-1}
+	{DLA-4407-1 DLA-3360-1 DLA-2943-1}
 	- ruby-sidekiq 6.3.1+dfsg-1 (bug #987354)
 	NOTE: https://github.com/mperham/sidekiq/issues/4852
 	NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8 (v6.2.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5e0afe8b15c7f1d480693e70dac2091eb3961

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5e0afe8b15c7f1d480693e70dac2091eb3961
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251214/558e5dd6/attachment.htm>

More information about the debian-security-tracker-commits mailing list