[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 24 08:13:08 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2e4ca19 by security tracker role at 2025-12-24T08:12:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,225 @@
+CVE-2025-68696 (httparty is an API tool. In versions 0.23.2 and prior, httparty is vul ...)
+	TODO: check
+CVE-2025-68695
+	REJECTED
+CVE-2025-68694
+	REJECTED
+CVE-2025-68693
+	REJECTED
+CVE-2025-68692
+	REJECTED
+CVE-2025-68691
+	REJECTED
+CVE-2025-68690
+	REJECTED
+CVE-2025-68689
+	REJECTED
+CVE-2025-68688
+	REJECTED
+CVE-2025-68687
+	REJECTED
+CVE-2025-68669 (5ire is a cross-platform desktop artificial intelligence assistant and ...)
+	TODO: check
+CVE-2025-68667 (continuwuity is a Matrix homeserver written in Rust. Prior to version  ...)
+	TODO: check
+CVE-2025-68665 (LangChain is a framework for building LLM-powered applications. Prior  ...)
+	TODO: check
+CVE-2025-68664 (LangChain is a framework for building agents and LLM-powered applicati ...)
+	TODO: check
+CVE-2025-68617 (FluidSynth is a software synthesizer based on the SoundFont 2 specific ...)
+	TODO: check
+CVE-2025-66445 (Authorization bypass vulnerability in Hitachi Infrastructure Analytics ...)
+	TODO: check
+CVE-2025-66444 (Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics ...)
+	TODO: check
+CVE-2025-66213 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-66212 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-66211 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-66210 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-66209 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-64641 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10. ...)
+	TODO: check
+CVE-2025-57840 (ADB(Android Debug Bridge) is affected by type privilege bypass, succes ...)
+	TODO: check
+CVE-2025-15053 (A flaw has been found in code-projects Student Information System 1.0. ...)
+	TODO: check
+CVE-2025-15052 (A vulnerability was detected in code-projects Student Information Syst ...)
+	TODO: check
+CVE-2025-15050 (A security vulnerability has been detected in code-projects Student Fi ...)
+	TODO: check
+CVE-2025-15049 (A vulnerability was identified in code-projects Online Farm System 1.0 ...)
+	TODO: check
+CVE-2025-15048 (A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts a ...)
+	TODO: check
+CVE-2025-15047 (A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unk ...)
+	TODO: check
+CVE-2025-15046 (A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted e ...)
+	TODO: check
+CVE-2025-15045 (A flaw has been found in Tenda WH450 1.0.0.18. The affected element is ...)
+	TODO: check
+CVE-2025-15044 (A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an u ...)
+	TODO: check
+CVE-2025-14936 (NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote ...)
+	TODO: check
+CVE-2025-14935 (NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote  ...)
+	TODO: check
+CVE-2025-14934 (NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote  ...)
+	TODO: check
+CVE-2025-14933 (NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Executio ...)
+	TODO: check
+CVE-2025-14932 (NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code ...)
+	TODO: check
+CVE-2025-14931 (Hugging Face smolagents Remote Python Executor Deserialization of Untr ...)
+	TODO: check
+CVE-2025-14930 (Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remot ...)
+	TODO: check
+CVE-2025-14929 (Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization ...)
+	TODO: check
+CVE-2025-14928 (Hugging Face Transformers HuBERT convert_config Code Injection Remote  ...)
+	TODO: check
+CVE-2025-14927 (Hugging Face Transformers SEW-D convert_config Code Injection Remote C ...)
+	TODO: check
+CVE-2025-14926 (Hugging Face Transformers SEW convert_config Code Injection Remote Cod ...)
+	TODO: check
+CVE-2025-14925 (Hugging Face Accelerate Deserialization of Untrusted Data Remote Code  ...)
+	TODO: check
+CVE-2025-14924 (Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted D ...)
+	TODO: check
+CVE-2025-14922 (Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remo ...)
+	TODO: check
+CVE-2025-14921 (Hugging Face Transformers Transformer-XL Model Deserialization of Untr ...)
+	TODO: check
+CVE-2025-14920 (Hugging Face Transformers Perceiver Model Deserialization of Untrusted ...)
+	TODO: check
+CVE-2025-14501 (Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Der ...)
+	TODO: check
+CVE-2025-14500 (IceWarp14 X-File-Operation Command Injection Remote Code Execution Vul ...)
+	TODO: check
+CVE-2025-14499 (IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability ...)
+	TODO: check
+CVE-2025-14498 (TradingView Desktop Electron Uncontrolled Search Path Local Privilege  ...)
+	TODO: check
+CVE-2025-14497 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14496 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14495 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14494 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14493 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14492 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14491 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14490 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14489 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14488 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
+	TODO: check
+CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
+	TODO: check
+CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerabili ...)
+	TODO: check
+CVE-2025-14423 (GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Executio ...)
+	TODO: check
+CVE-2025-14422 (GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
+	TODO: check
+CVE-2025-14421 (pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information ...)
+	TODO: check
+CVE-2025-14420 (pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Cod ...)
+	TODO: check
+CVE-2025-14419 (pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code  ...)
+	TODO: check
+CVE-2025-14418 (pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Ex ...)
+	TODO: check
+CVE-2025-14417 (pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Exec ...)
+	TODO: check
+CVE-2025-14416 (pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Ex ...)
+	TODO: check
+CVE-2025-14415 (Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution  ...)
+	TODO: check
+CVE-2025-14414 (Soda PDF Desktop Word File Insufficient UI Warning Remote Code Executi ...)
+	TODO: check
+CVE-2025-14413 (Soda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Exec ...)
+	TODO: check
+CVE-2025-14412 (Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Executio ...)
+	TODO: check
+CVE-2025-14411 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Discl ...)
+	TODO: check
+CVE-2025-14410 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Discl ...)
+	TODO: check
+CVE-2025-14409 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+	TODO: check
+CVE-2025-14408 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Discl ...)
+	TODO: check
+CVE-2025-14407 (Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclo ...)
+	TODO: check
+CVE-2025-14406 (Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Esca ...)
+	TODO: check
+CVE-2025-14405 (PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escal ...)
+	TODO: check
+CVE-2025-14404 (PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution ...)
+	TODO: check
+CVE-2025-14403 (PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution V ...)
+	TODO: check
+CVE-2025-14402 (PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution ...)
+	TODO: check
+CVE-2025-14401 (PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerabi ...)
+	TODO: check
+CVE-2025-13773 (The Print Invoice & Delivery Notes for WooCommerce plugin for WordPres ...)
+	TODO: check
+CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10. ...)
+	TODO: check
+CVE-2025-13716 (Tencent MimicMotion create_pipeline Deserialization of Untrusted Data  ...)
+	TODO: check
+CVE-2025-13715 (Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Re ...)
+	TODO: check
+CVE-2025-13714 (Tencent MedicalNet generate_model Deserialization of Untrusted Data Re ...)
+	TODO: check
+CVE-2025-13713 (Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data  ...)
+	TODO: check
+CVE-2025-13712 (Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code ...)
+	TODO: check
+CVE-2025-13711 (Tencent TFace eval Deserialization of Untrusted Data Remote Code Execu ...)
+	TODO: check
+CVE-2025-13710 (Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote ...)
+	TODO: check
+CVE-2025-13709 (Tencent TFace restore_checkpoint Deserialization of Untrusted Data Rem ...)
+	TODO: check
+CVE-2025-13708 (Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of ...)
+	TODO: check
+CVE-2025-13707 (Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remo ...)
+	TODO: check
+CVE-2025-13706 (Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data ...)
+	TODO: check
+CVE-2025-13703 (VIPRE Advanced Security Incorrect Permission Assignment Local Privileg ...)
+	TODO: check
+CVE-2025-13700 (DreamFactory saveZipFile Command Injection Remote Code Execution Vulne ...)
+	TODO: check
+CVE-2025-13698 (Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary ...)
+	TODO: check
+CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not properly p ...)
+	TODO: check
+CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
+	TODO: check
+CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
+	TODO: check
+CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation Vulnerabi ...)
+	TODO: check
+CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
+	TODO: check
+CVE-2025-12491 (Senstar Symphony FetchStoredLicense Information Disclosure Vulnerabili ...)
+	TODO: check
+CVE-2024-58335 (OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XX ...)
+	TODO: check
 CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -10153,7 +10375,7 @@ CVE-2025-13615 (The StreamTube Core plugin for WordPress is vulnerable to Arbitr
 	NOT-FOR-US: WordPress plugin
 CVE-2025-6666 (A vulnerability was determined in motogadget mo.lock Ignition Lock up  ...)
 	NOT-FOR-US: motogadget mo.lock
-CVE-2025-13699
+CVE-2025-13699 (MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution ...)
 	- mariadb 1:11.8.5-1
 	[trixie] - mariadb <no-dsa> (Minor issue; requires attacker to already have access to the database)
 	[bookworm] - mariadb <no-dsa> (Minor issue; requires attacker to already have access to the database)
@@ -25978,7 +26200,7 @@ CVE-2025-58712 (A container privilege escalation flaw was found in certain AMQ B
 	NOT-FOR-US: Red Hat AMQ
 CVE-2025-25009 (Improper Neutralization of Input During Web Page Generation in Kibana  ...)
 	- kibana <itp> (bug #700337)
-CVE-2025-11419
+CVE-2025-11419 (A flaw was found in Keycloak. This vulnerability allows an unauthentic ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2025-11429 (A flaw was found in Keycloak. Keycloak does not immediately enforce th ...)
 	- keycloak <itp> (bug #1088287)
@@ -312039,7 +312261,7 @@ CVE-2022-40013
 	RESERVED
 CVE-2022-40012
 	RESERVED
-CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows ...)
+CVE-2022-40011 (Typora through 1.3.8 allows XSS if a document containing an SVG elemen ...)
 	NOT-FOR-US: typora
 CVE-2022-40010 (Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was dis ...)
 	NOT-FOR-US: Tenda



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2e4ca1936257fa067bbfc25fdd3143724125fd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2e4ca1936257fa067bbfc25fdd3143724125fd4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251224/738390b6/attachment.htm>

More information about the debian-security-tracker-commits mailing list