[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 20 08:13:07 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d37f088 by security tracker role at 2025-12-20T08:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-8065 (A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo ...)
+ TODO: check
+CVE-2025-68613 (n8n is an open source workflow automation platform. Versions starting ...)
+ TODO: check
+CVE-2025-68481 (FastAPI Users allows users to quickly add a registration and authentic ...)
+ TODO: check
+CVE-2025-67712 (There is an HTML injection issue in Esri ArcGIS Web AppBuilder develop ...)
+ TODO: check
+CVE-2025-14968 (A security flaw has been discovered in code-projects Simple Stock Syst ...)
+ TODO: check
+CVE-2025-14735 (The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-14734 (The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14721 (The Responsive and Swipe slider plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14633 (The F70 Lead Document Download plugin for WordPress is vulnerable to u ...)
+ TODO: check
+CVE-2025-14591 (After a recent bug fix to correctly handle CR+LF (Windows and DOS) End ...)
+ TODO: check
+CVE-2025-14300 (The HTTPS service on Tapo C200 V3 exposes a connectAP interface withou ...)
+ TODO: check
+CVE-2025-14299 (The HTTPS server on Tapo C200 V3 does not properly validate the Conten ...)
+ TODO: check
+CVE-2025-14168 (The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-14164 (The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-13624 (The Overstock Affiliate Links plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2025-13619 (The Flex Store Users plugin for WordPress is vulnerable to Privilege E ...)
+ TODO: check
+CVE-2025-13365 (The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-13329 (The File Uploader for WooCommerce plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-12898 (The Pretty Google Calendar plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2025-12820 (The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not ...)
+ TODO: check
+CVE-2025-12581 (The Attachments Handler plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2023-53959 (FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that al ...)
+ TODO: check
+CVE-2023-53958 (LDAP Tool Box Self Service Password 1.5.2 contains a password reset vu ...)
+ TODO: check
+CVE-2023-53957 (Kimai 1.30.10 contains a SameSite cookie vulnerability that allows att ...)
+ TODO: check
+CVE-2023-53956 (Flatnux 2021-03.25 contains an authenticated file upload vulnerability ...)
+ TODO: check
+CVE-2023-53954 (ActFax 10.10 contains an unquoted service path vulnerability that allo ...)
+ TODO: check
+CVE-2023-53953 (WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2023-53952 (Dotclear 2.25.3 contains a remote code execution vulnerability that al ...)
+ TODO: check
+CVE-2023-53951 (Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that a ...)
+ TODO: check
+CVE-2023-53950 (InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload v ...)
+ TODO: check
+CVE-2023-53949 (AspEmail 5.6.0.2 contains a binary permission vulnerability that allow ...)
+ TODO: check
+CVE-2023-53948 (Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulne ...)
+ TODO: check
+CVE-2023-53947 (OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerabili ...)
+ TODO: check
+CVE-2023-53946 (Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2023-53945 (BrainyCP 1.0 contains an authenticated remote code execution vulnerabi ...)
+ TODO: check
CVE-2025-68478 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
NOT-FOR-US: Langflow
CVE-2025-68477 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
@@ -2975,12 +3045,12 @@ CVE-2025-14652 (A vulnerability was found in itsourcecode Online Cake Ordering S
CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to 0.14.27. Thi ...)
NOT-FOR-US: MartialBE one-hub
CVE-2025-68461 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cr ...)
- {DLA-4415-1}
+ {DSA-6087-1 DLA-4415-1}
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb (1.6.12)
CVE-2025-68460 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a in ...)
- {DLA-4415-1}
+ {DSA-6087-1 DLA-4415-1}
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571 (1.6.12)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d37f088aed03173731bd36a14416c19ddbc91ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d37f088aed03173731bd36a14416c19ddbc91ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251220/f02e366d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list