[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 26 08:13:07 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef7ac44f by security tracker role at 2025-12-26T08:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-8075 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...)
+	TODO: check
+CVE-2025-68946 (In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can ...)
+	TODO: check
+CVE-2025-68945 (In Gitea before 1.21.2, an anonymous user can visit a private user's p ...)
+	TODO: check
+CVE-2025-68944 (Gitea before 1.22.2 sometimes mishandles the propagation of token scop ...)
+	TODO: check
+CVE-2025-68943 (Gitea before 1.21.8 inadvertently discloses users' login times by allo ...)
+	TODO: check
+CVE-2025-68942 (Gitea before 1.22.2 allows XSS because the search input box (for creat ...)
+	TODO: check
+CVE-2025-68941 (Gitea before 1.22.3 mishandles access to a private resource upon recei ...)
+	TODO: check
+CVE-2025-68940 (In Gitea before 1.22.5, branch deletion permissions are not adequately ...)
+	TODO: check
+CVE-2025-68939 (Gitea before 1.23.0 allows attackers to add attachments with forbidden ...)
+	TODO: check
+CVE-2025-68938 (Gitea before 1.25.2 mishandles authorization for deletion of releases.)
+	TODO: check
+CVE-2025-68937 (Forgejo before 13.0.2 allows attackers to write to unintended files, a ...)
+	TODO: check
+CVE-2025-67450 (Due to insecure library loading in the Eaton UPS Companion software ex ...)
+	TODO: check
+CVE-2025-62578 (DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information)
+	TODO: check
+CVE-2025-59888 (Improper quotation in search paths in the Eaton UPS Companion software ...)
+	TODO: check
+CVE-2025-59887 (Improper authentication of library files in the Eaton UPS Companion so ...)
+	TODO: check
+CVE-2025-52601 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...)
+	TODO: check
+CVE-2025-52600 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...)
+	TODO: check
+CVE-2025-52599 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...)
+	TODO: check
+CVE-2025-52598 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...)
+	TODO: check
+CVE-2025-15099 (A vulnerability was identified in simstudioai sim up to 0.5.27. This v ...)
+	TODO: check
+CVE-2025-15098 (A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. Th ...)
+	TODO: check
+CVE-2025-15097 (A vulnerability was found in Alteryx Server. Affected by this issue is ...)
+	TODO: check
+CVE-2025-15095 (A security vulnerability has been detected in postmanlabs httpbin up t ...)
+	TODO: check
+CVE-2025-15094 (A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb ...)
+	TODO: check
+CVE-2025-15093 (A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8 ...)
+	TODO: check
+CVE-2025-15092 (A vulnerability was identified in UTT \u8fdb\u53d6 512W up to 1.7.7-17 ...)
+	TODO: check
+CVE-2025-15091 (A vulnerability was determined in UTT \u8fdb\u53d6 512W up to 1.7.7-17 ...)
+	TODO: check
+CVE-2025-15090 (A vulnerability was found in UTT \u8fdb\u53d6 512W up to 1.7.7-171114. ...)
+	TODO: check
+CVE-2025-15089 (A vulnerability has been found in UTT \u8fdb\u53d6 512W up to 1.7.7-17 ...)
+	TODO: check
+CVE-2025-15088 (A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by t ...)
+	TODO: check
+CVE-2025-15087 (A security vulnerability has been detected in youlaitech youlai-mall 1 ...)
+	TODO: check
+CVE-2025-15086 (A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0.  ...)
+	TODO: check
+CVE-2025-14913 (The Frontend Post Submission Manager Lite \u2013 Frontend Posting Word ...)
+	TODO: check
+CVE-2025-14820
+	REJECTED
+CVE-2025-14715
+	REJECTED
 CVE-2025-68936 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This ...)
 	NOT-FOR-US: ONLYOFFICE Docs
 CVE-2025-68935 (ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Mul ...)
@@ -15866,6 +15936,7 @@ CVE-2025-11865 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2025-11224
 	- gitlab <unfixed>
 CVE-2025-12818 (Integer wraparound in multiple PostgreSQL libpq client library functio ...)
+	{DLA-4420-1}
 	- postgresql-18 18.1-1
 	- postgresql-17 <unfixed>
 	[trixie] - postgresql-17 <no-dsa> (Minor issue)
@@ -15879,6 +15950,7 @@ CVE-2025-12818 (Integer wraparound in multiple PostgreSQL libpq client library f
 	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=91421565febbf99c1ea2341070878dc50ab0afef (REL_15_15)
 	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d6f0c0d6d6d3f14177848e4a00df988fa2f0a09a (REL_13_23)
 CVE-2025-12817 (Missing authorization in PostgreSQL CREATE STATISTICS command allows a ...)
+	{DLA-4420-1}
 	- postgresql-18 18.1-1
 	- postgresql-17 <unfixed>
 	[trixie] - postgresql-17 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef7ac44fec269c72b70ba6bff725f70f9b372780

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef7ac44fec269c72b70ba6bff725f70f9b372780
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251226/23774b3c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list