[Git][security-tracker-team/security-tracker][master] automatic update

Thu Dec 25 20:13:21 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4826bf4 by security tracker role at 2025-12-25T20:13:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2025-68936 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This ...)
+	TODO: check
+CVE-2025-68935 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Mul ...)
+	TODO: check
+CVE-2025-2406 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-2405 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-2307 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-15085 (A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2. ...)
+	TODO: check
+CVE-2025-15084 (A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0.  ...)
+	TODO: check
+CVE-2025-15083 (A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affec ...)
+	TODO: check
+CVE-2025-15082 (A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an ...)
+	TODO: check
+CVE-2025-15081 (A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This is ...)
+	TODO: check
 CVE-2025-8769 (Telenium Online Web Application is vulnerable due to a Perl script tha ...)
 	NOT-FOR-US: Telenium Online Web Application
 CVE-2025-68922 (OpenOps before 0.6.11 allows remote code execution in the Terraform bl ...)
@@ -5341,7 +5361,7 @@ CVE-2025-14282 [privilege escalation via unix stream socket forwarding]
 	NOTE: https://github.com/turistu/odds-n-ends/blob/main/CVE-2025-14282.md
 CVE-2025-14439
 	NOT-FOR-US: OpenUSD
-CVE-2025-68920 [Malicious remote can overwrite and exfiltrate local files]
+CVE-2025-68920 (C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 24 ...)
 	- ckermit 416~beta12-5 (bug #1123025)
 	[trixie] - ckermit <no-dsa> (Minor issue; documented; can be fixed via point release)
 	[bookworm] - ckermit <no-dsa> (Minor issue; documented; can be fixed via point release)
@@ -50561,6 +50581,7 @@ CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's parse_subrip_
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/edca7f83d107fb6a55dbd46196fc40b99857a85e (1.27.1)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d (1.26.2)
 CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak fu ...)
+	{DLA-4419-1}
 	- gst-plugins-good1.0 1.26.2-1
 	[bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u3
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
@@ -50573,6 +50594,7 @@ CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_t
 CVE-2025-47188 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
 	NOT-FOR-US: Mitel
 CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree fu ...)
+	{DLA-4419-1}
 	- gst-plugins-good1.0 1.26.2-1
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4826bf4270c49d548b2a0113d345266491bf6c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4826bf4270c49d548b2a0113d345266491bf6c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251225/f62f6c04/attachment.htm>
