[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 15 20:13:29 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
963ad31c by security tracker role at 2025-12-15T20:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-67809 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
+ TODO: check
+CVE-2025-66963 (An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obt ...)
+ TODO: check
+CVE-2025-66844 (In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be ...)
+ TODO: check
+CVE-2025-66843 (grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) v ...)
+ TODO: check
+CVE-2025-66440 (An issue was discovered in Frappe ERPNext through 15.89.0. Function ge ...)
+ TODO: check
+CVE-2025-66439 (An issue was discovered in Frappe ERPNext through 15.89.0. Function ge ...)
+ TODO: check
+CVE-2025-66438 (A Server-Side Template Injection (SSTI) vulnerability exists in the Fr ...)
+ TODO: check
+CVE-2025-66437 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
+ TODO: check
+CVE-2025-66436 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
+ TODO: check
+CVE-2025-66435 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
+ TODO: check
+CVE-2025-66434 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
+ TODO: check
+CVE-2025-65835 (The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-Phone ...)
+ TODO: check
+CVE-2025-65782 (An issue was discovered in Wekan The Open Source kanban board system u ...)
+ TODO: check
+CVE-2025-65781 (An issue was discovered in Wekan The Open Source kanban board system u ...)
+ TODO: check
+CVE-2025-65780 (An issue was discovered in Wekan The Open Source kanban board system u ...)
+ TODO: check
+CVE-2025-65779 (An issue was discovered in Wekan The Open Source kanban board system u ...)
+ TODO: check
+CVE-2025-65778 (An issue was discovered in Wekan The Open Source kanban board system u ...)
+ TODO: check
+CVE-2025-65742 (An unauthenticated Broken Function Level Authorization (BFLA) vulnerab ...)
+ TODO: check
+CVE-2025-65431 (An issue was discovered in allauth-django before 65.13.0. Both Okta an ...)
+ TODO: check
+CVE-2025-65430 (An issue was discovered in allauth-django before 65.13.0. IdP: marking ...)
+ TODO: check
+CVE-2025-65213 (MooreThreads torch_musa through all versions contains an unsafe deseri ...)
+ TODO: check
+CVE-2025-65176 (An issue was discovered in Dynatrace OneAgent before 1.325.47. When at ...)
+ TODO: check
+CVE-2025-60786 (A Zip Slip vulnerability in the import a Project component of iceScrum ...)
+ TODO: check
+CVE-2025-55901 (TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injec ...)
+ TODO: check
+CVE-2025-55893 (TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Inject ...)
+ TODO: check
+CVE-2025-55703 (An error-based SQL injection vulnerability exists in the Sunbird Power ...)
+ TODO: check
+CVE-2025-51962 (A HTML Injection vulnerability in the comment section of the project p ...)
+ TODO: check
+CVE-2025-37732 (Improper neutralization of input during web page generation ('Cross-si ...)
+ TODO: check
+CVE-2025-37731 (Improper Authentication in Elasticsearch PKI realm can lead to user im ...)
+ TODO: check
+CVE-2025-36360 (IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3 ...)
+ TODO: check
+CVE-2025-34412 (The Convercent Whistleblowing Platform operated by EQS Group contains ...)
+ TODO: check
+CVE-2025-34411 (The Convercent Whistleblowing Platform operated by EQS Group exposes a ...)
+ TODO: check
+CVE-2025-34181 (NetSupport Manager< 14.12.0001 contains an arbitrary file write vulner ...)
+ TODO: check
+CVE-2025-34180 (NetSupport Manager< 14.12.0001 relies on a shared Gateway Key for aut ...)
+ TODO: check
+CVE-2025-34179 (NetSupport Manager <14.12.0001contains an unauthenticated SQL injectio ...)
+ TODO: check
+CVE-2025-14714 (An Authentication Bypass vulnerability existed where the application b ...)
+ TODO: check
+CVE-2025-14711 (A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fa ...)
+ TODO: check
+CVE-2025-14503 (An overly-permissive IAM trust policy in the Harmonix on AWS framework ...)
+ TODO: check
+CVE-2025-14387 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-14383 (The Booking Calendar plugin for WordPress is vulnerable to time-based ...)
+ TODO: check
+CVE-2025-14156 (The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-14148 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authent ...)
+ TODO: check
+CVE-2025-14038 (EDB Hybrid Manager contains a flaw that allows an unauthenticated atta ...)
+ TODO: check
+CVE-2025-14003 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPre ...)
+ TODO: check
+CVE-2025-13950 (The OneSignal \u2013 Web Push Notifications plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-13888 (A flaw was found in OpenShift GitOps. Namespace admins can create Argo ...)
+ TODO: check
+CVE-2025-13824 (A security issue exists due to improper handling of malformed CIP pack ...)
+ TODO: check
+CVE-2025-13823 (A security issue was found in the IPv6 stack in the Micro850 and Micro ...)
+ TODO: check
+CVE-2025-13728 (The FluentAuth \u2013 The Ultimate Authorization & Security Plugin for ...)
+ TODO: check
+CVE-2025-13610 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
+ TODO: check
+CVE-2025-13608 (The CC Child Pages plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-13489 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 Deploy transmits data ...)
+ TODO: check
+CVE-2025-13367 (The User Registration & Membership \u2013 Custom Registration Form Bui ...)
+ TODO: check
+CVE-2025-12900 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...)
+ TODO: check
+CVE-2025-12035 (An integer overflow condition exists in Bluetooth Host stack, within t ...)
+ TODO: check
+CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerab ...)
+ TODO: check
+CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An internal pro ...)
+ TODO: check
+CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2024-44598 (FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Modu ...)
+ TODO: check
+CVE-2023-36337 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
CVE-2025-67907
REJECTED
CVE-2025-67906 (In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp a ...)
@@ -589,7 +709,7 @@ CVE-2025-40345 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.17.11-1
[bullseye] - linux 5.10.247-1
NOTE: https://git.kernel.org/linus/b59d4fda7e7d0aff1043a7f742487cb829f5aac1 (6.18)
-CVE-2025-66388
+CVE-2025-66388 (A vulnerability in Apache Airflow allowed authenticated UI users to vi ...)
- airflow <itp> (bug #819700)
CVE-2025-65995
- airflow <itp> (bug #819700)
@@ -4692,6 +4812,7 @@ CVE-2025-12091 (The Search, Filters & Merchandising for WooCommerce plugin for W
CVE-2025-11263 (The Link Whisper Free plugin for WordPress is vulnerable to Reflected ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on APT-bas ...)
+ {DLA-4408-1}
- python-apt 3.1.0 (bug #1122291)
[trixie] - python-apt <no-dsa> (Minor issue)
[bookworm] - python-apt <no-dsa> (Minor issue)
@@ -10639,7 +10760,7 @@ CVE-2025-11797 (A maliciously crafted DWG file, when parsed through Autodesk 3ds
NOT-FOR-US: Autodesk
CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, ...)
NOT-FOR-US: Autodesk
-CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External Entities ...)
+CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to multiple XML External En ...)
NOT-FOR-US: N-central
CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
NOT-FOR-US: Schneider Electric
@@ -284689,7 +284810,7 @@ CVE-2022-4457 (Due to a misconfiguration in the manifest file of the WARP client
NOT-FOR-US: Cloudflare Warp
CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...)
NOT-FOR-US: falling-fruit
-CVE-2022-4455 (A vulnerability, which was classified as problematic, was found in spr ...)
+CVE-2022-4455 (A vulnerability was identified in sproctor php-calendar up to 2.0.13. ...)
NOT-FOR-US: sproctor php-calendar
CVE-2022-4454 (A vulnerability, which was classified as critical, has been found in m ...)
NOT-FOR-US: m0ver bible-online
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ad31c24d41b3e7268133ca0f98bc1731da165
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ad31c24d41b3e7268133ca0f98bc1731da165
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251215/a607a3f0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list