[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 17 08:13:10 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8eaa97be by security tracker role at 2025-12-17T08:13:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,81 @@
+CVE-2025-68274 (SIPGO is a library for writing SIP services in the GO language. Starti ...)
+	TODO: check
+CVE-2025-64700 (Cross-site request forgery vulnerability exists in GROWI v7.3.3 and ea ...)
+	TODO: check
+CVE-2025-64520 (GLPI is a free asset and IT management software package. Starting in v ...)
+	TODO: check
+CVE-2025-59374 ("UNSUPPORTED WHEN ASSIGNED"Certain versions of the ASUS Live Update cl ...)
+	TODO: check
+CVE-2025-53619 (An out-of-bounds read vulnerability exists in the JPEGBITSCodec::Inter ...)
+	TODO: check
+CVE-2025-53618 (An out-of-bounds read vulnerability exists in the JPEGBITSCodec::Inter ...)
+	TODO: check
+CVE-2025-53524 (Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds writ ...)
+	TODO: check
+CVE-2025-52582 (An out-of-bounds read vulnerability exists in the Overlay::GrabOverlay ...)
+	TODO: check
+CVE-2025-48429 (An out-of-bounds read vulnerability exists in the RLECodec::DecodeBySt ...)
+	TODO: check
+CVE-2025-34288 (Nagios XI versions prior to 2026R1.1 arevulnerable to local privilege  ...)
+	TODO: check
+CVE-2025-14817 (The component com.transsion.tranfacmode.entrance.main.MainActivity in  ...)
+	TODO: check
+CVE-2025-14801 (A security vulnerability has been detected in xiweicheng TMS up to 2.2 ...)
+	TODO: check
+CVE-2025-14701 (An input neutralization vulnerability in the Server MOTD component of  ...)
+	TODO: check
+CVE-2025-14700 (An input neutralization vulnerability in the Webhook Template componen ...)
+	TODO: check
+CVE-2025-14466 (A vulnerability in the web interface of the G\xfcralp Fortimus Series, ...)
+	TODO: check
+CVE-2025-14399 (The Download Plugins and Themes in ZIP from Dashboard plugin for WordP ...)
+	TODO: check
+CVE-2025-14385 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2025-14305 (ListCheck.exe developed by Acer has a Local Privilege Escalation vulne ...)
+	TODO: check
+CVE-2025-14304 (Certain motherboard models developed by ASRock and its subsidiaries, A ...)
+	TODO: check
+CVE-2025-14303 (Certain motherboard models developed by MSI has a Protection Mechanism ...)
+	TODO: check
+CVE-2025-14302 (Certain motherboard models developed by GIGABYTE has a Protection Mech ...)
+	TODO: check
+CVE-2025-14154 (The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo ...)
+	TODO: check
+CVE-2025-14061 (The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script ...)
+	TODO: check
+CVE-2025-13977 (The Essential Addons for Elementor \u2013 Popular Elementor Templates  ...)
+	TODO: check
+CVE-2025-13880 (The WP Social Ninja \u2013 Embed Social Feeds, Customer Reviews, Chat  ...)
+	TODO: check
+CVE-2025-13861 (The HTML Forms \u2013 Simple WordPress Forms Plugin for WordPress is v ...)
+	TODO: check
+CVE-2025-13750 (The Converter for Media \u2013 Optimize images | Convert WebP & AVIF p ...)
+	TODO: check
+CVE-2025-12496 (The Zephyr Project Manager plugin for WordPress is vulnerable to Direc ...)
+	TODO: check
+CVE-2025-11924 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
+	TODO: check
+CVE-2025-11901 (An uncontrolled resource consumption vulnerability affects certain ASU ...)
+	TODO: check
+CVE-2025-11775 (An out-of-bounds read vulnerability has been identified in the asComSv ...)
+	TODO: check
+CVE-2025-11369 (The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Block ...)
+	TODO: check
+CVE-2025-11009 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
+	TODO: check
+CVE-2025-0852
+	REJECTED
 CVE-2025-XXXX [backups: Set proper permissions for backups-data directory]
 	- freedombox 25.17.1
 	[trixie] - freedombox <no-dsa> (Minor issue)
 	[bookworm] - freedombox <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229 (v25.17.1)
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2554 (not public)
-CVE-2025-14766
+CVE-2025-14766 (Out of bounds read and write in V8 in Google Chrome prior to 143.0.749 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-14765
+CVE-2025-14765 (Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allo ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-9460 (A maliciously crafted SLDPRT file, when parsed through certain Autodes ...)
@@ -35632,6 +35700,7 @@ CVE-2025-10148 (curl's websocket code did not update the 32 bit mask pattern for
 CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP admin inter ...)
 	NOT-FOR-US: Amped RF
 CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows ...)
+	{DSA-6007-1 DSA-5985-1}
 	- ffmpeg 7:7.1.2-1
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 4.3 branch)
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg
@@ -101452,7 +101521,7 @@ CVE-2025-1596 (A vulnerability was found in SourceCodester Best Church Managemen
 CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information Technology E ...)
 	NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in FFmpeg ...)
-	{DSA-6007-1}
+	{DSA-6079-1 DSA-6007-1}
 	- ffmpeg 7:7.1.2-1
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
@@ -125365,7 +125434,7 @@ CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the l
 	[bullseye] - ffmpeg <not-affected> (Vulnerable decoder added in 6.0)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4 (n7.1)
 CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavforma ...)
-	{DLA-4039-1}
+	{DSA-6079-1 DLA-4039-1}
 	- ffmpeg 7:7.0.1-3
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857 (n7.0)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/b7263cc4d434d10a557491bd5f05e8478ec0a497 (n5.1.8)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eaa97be19e001aca6f04cb9178f42930f5c5857

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eaa97be19e001aca6f04cb9178f42930f5c5857
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/1fcec0a8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list