[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 23 20:15:25 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21a82b7d by security tracker role at 2025-12-23T20:15:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,22 +1,144 @@
-CVE-2025-68343 [can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header]
+CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-68559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68557 (Missing Authorization vulnerability in Vikas Ratudi Chakra test allows ...)
+	TODO: check
+CVE-2025-68556 (Missing Authorization vulnerability in VillaTheme HAPPY allows Exploit ...)
+	TODO: check
+CVE-2025-68551 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+	TODO: check
+CVE-2025-68550 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-68548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68546 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-68544 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-67111 (An integer overflow in the RTPS protocol implementation of OpenDDS DDS ...)
+	TODO: check
+CVE-2025-67109 (Improper verification of the time certificate in Eclipse Cyclone DDS b ...)
+	TODO: check
+CVE-2025-67108 (eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...)
+	TODO: check
+CVE-2025-66845 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
+	TODO: check
+CVE-2025-65865 (An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...)
+	TODO: check
+CVE-2025-65713 (Home Assistant Core before v2025.8.0 is vulnerable to Directory Traver ...)
+	TODO: check
+CVE-2025-65410 (A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 all ...)
+	TODO: check
+CVE-2025-65354 (Improper input handling in /Grocery/search_products_itname.php inPunee ...)
+	TODO: check
+CVE-2025-59886 (Improper input validation at one of the endpoints of Eaton xComfort EC ...)
+	TODO: check
+CVE-2025-51511 (Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerabili ...)
+	TODO: check
+CVE-2025-50526 (Netgear EX8000 V1.0.0.126 was discovered to contain a command injectio ...)
+	TODO: check
+CVE-2025-48864
+	REJECTED
+CVE-2025-48863
+	REJECTED
+CVE-2025-45493 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the i ...)
+	TODO: check
+CVE-2025-33224 (NVIDIA Isaac Launchable contains a vulnerability where an attacker cou ...)
+	TODO: check
+CVE-2025-33223 (NVIDIA Isaac Launchable contains a vulnerability where an attacker cou ...)
+	TODO: check
+CVE-2025-33222 (NVIDIA Isaac Launchable contains a vulnerability where an attacker cou ...)
+	TODO: check
+CVE-2025-29229 (linksys E5600 V1.1.0.26 is vulnerable to command injection in the func ...)
+	TODO: check
+CVE-2025-29228 (Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runt ...)
+	TODO: check
+CVE-2025-25364 (A command injection vulnerability in the me.connectify.SMJobBlessHelpe ...)
+	TODO: check
+CVE-2025-14635 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-14548 (The Calendar plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2025-14388 (The PhastPress plugin for WordPress is vulnerable to Unauthenticated A ...)
+	TODO: check
+CVE-2025-14163 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-14155 (The Premium Addons for Elementor \u2013 Powerful Elementor Templates & ...)
+	TODO: check
+CVE-2025-14000 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
+	TODO: check
+CVE-2025-13183 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-13074
+	REJECTED
+CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2025-10863
+	REJECTED
+CVE-2024-9684 (FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers t ...)
+	TODO: check
+CVE-2024-57521 (SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remot ...)
+	TODO: check
+CVE-2024-24844 (Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro ...)
+	TODO: check
+CVE-2024-10398
+	REJECTED
+CVE-2023-5094
+	REJECTED
+CVE-2023-5093
+	REJECTED
+CVE-2023-5092
+	REJECTED
+CVE-2023-53982 (PMB 7.4.6 contains a SQL injection vulnerability in the storage parame ...)
+	TODO: check
+CVE-2023-52210 (Vulnerability in Tyche softwares Product Delivery Date for WooCommerce ...)
+	TODO: check
+CVE-2021-47739 (Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulne ...)
+	TODO: check
+CVE-2021-47738 (CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability ...)
+	TODO: check
+CVE-2021-47737 (CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows aut ...)
+	TODO: check
+CVE-2021-47736 (CMSimple_XH 1.7.4 contains an authenticated remote code execution vuln ...)
+	TODO: check
+CVE-2021-47735 (CMSimple 5.4 contains an authenticated remote code execution vulnerabi ...)
+	TODO: check
+CVE-2021-47734 (CMSimple 5.4 contains an authenticated local file inclusion vulnerabil ...)
+	TODO: check
+CVE-2021-47733 (CMSimple 5.4 contains a cross-site scripting vulnerability that allows ...)
+	TODO: check
+CVE-2021-47732 (CMSimple 5.2 contains a stored cross-site scripting vulnerability in t ...)
+	TODO: check
+CVE-2021-47722 (Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site reques ...)
+	TODO: check
+CVE-2021-47721 (Orangescrum 1.8.0 contains a privilege escalation vulnerability that a ...)
+	TODO: check
+CVE-2021-47720 (Orangescrum 1.8.0 contains an authenticated SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2021-47716 (Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabiliti ...)
+	TODO: check
+CVE-2025-68343 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.17.11-1
 	NOTE: https://git.kernel.org/linus/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf (6.18)
-CVE-2025-68342 [can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data]
+CVE-2025-68342 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.17.11-1
 	NOTE: https://git.kernel.org/linus/395d988f93861101ec89d0dd9e3b876ae9392a5b (6.18)
-CVE-2025-68341 [veth: reduce XDP no_direct return section to fix race]
+CVE-2025-68341 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
 	- linux 6.17.11-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a14602fcae17a3f1cb8a8521bedf31728f9e7e39 (6.18)
-CVE-2025-68340 [team: Move team device type change at the end of team_port_add]
+CVE-2025-68340 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 6.17.11-1
 	NOTE: https://git.kernel.org/linus/0ae9cfc454ea5ead5f3ddbdfe2e70270d8e2c8ef (6.18)
-CVE-2025-68339 [atm/fore200e: Fix possible data race in fore200e_open()]
+CVE-2025-68339 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.17.11-1
 	[bullseye] - linux 5.10.247-1
 	NOTE: https://git.kernel.org/linus/82fca3d8a4a34667f01ec2351a607135249c9cff (6.18)
-CVE-2025-68338 [net: dsa: microchip: Don't free uninitialized ksz_irq]
+CVE-2025-68338 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.17.11-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -11792,7 +11914,8 @@ CVE-2025-63888 (The read function in file thinkphp\library\think\template\driver
 	NOT-FOR-US: ThinkPHP
 CVE-2025-63848 (Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2 ...)
 	NOT-FOR-US: SWISH SWI-Prolog
-CVE-2025-63700 (An issue was discovered in clerk-js 5.88.0 allowing attackers to bypas ...)
+CVE-2025-63700
+	REJECTED
 	NOT-FOR-US: Clerk-js
 CVE-2025-62731 (SOPlanning is vulnerable to Stored XSS in /feriesendpoint. Malicious a ...)
 	NOT-FOR-US: SOPlanning



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21a82b7dd2485c735bf2162bc176f978f9e4ab89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21a82b7dd2485c735bf2162bc176f978f9e4ab89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251223/c327261c/attachment.htm>

More information about the debian-security-tracker-commits mailing list