[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e03c861c by security tracker role at 2025-12-31T08:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2025-69277 (libsodium before ad3004e, in atypical use cases involving certain cust ...)
+	TODO: check
+CVE-2025-68885 (Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custo ...)
+	TODO: check
+CVE-2025-68131 (cbor2 provides encoding and decoding for the Concise Binary Object Rep ...)
+	TODO: check
+CVE-2025-66723 (inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions due t ...)
+	TODO: check
+CVE-2025-62753 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-61594 (URI is a module providing classes to handle Uniform Resource Identifie ...)
+	TODO: check
+CVE-2025-59137 (Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Po ...)
+	TODO: check
+CVE-2025-59131 (Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-Cal ...)
+	TODO: check
+CVE-2025-49354 (Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technolog ...)
+	TODO: check
+CVE-2025-49353 (Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noinde ...)
+	TODO: check
+CVE-2025-49346 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simp ...)
+	TODO: check
+CVE-2025-49345 (Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchive ...)
+	TODO: check
+CVE-2025-49344 (Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveT ...)
+	TODO: check
+CVE-2025-49343 (Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Socia ...)
+	TODO: check
+CVE-2025-49342 (Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang H\xe4felin ...)
+	TODO: check
+CVE-2025-2026 (The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulner ...)
+	TODO: check
+CVE-2025-1977 (The NPort 6100-G2/6200-G2 Series is affected by an execution with unne ...)
+	TODO: check
+CVE-2025-15375 (A flaw has been found in EyouCMS up to 1.7.7. The impacted element is  ...)
+	TODO: check
+CVE-2025-15374 (A vulnerability was detected in EyouCMS up to 1.7.7. The affected elem ...)
+	TODO: check
+CVE-2025-15373 (A security vulnerability has been detected in EyouCMS up to 1.7.7. Imp ...)
+	TODO: check
+CVE-2025-15372 (A weakness has been identified in youlaitech vue3-element-admin up to  ...)
+	TODO: check
+CVE-2025-15371 (A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0- ...)
+	TODO: check
+CVE-2025-15360 (A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts ...)
+	TODO: check
+CVE-2025-15357 (A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects ...)
+	TODO: check
+CVE-2025-15356 (A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The im ...)
+	TODO: check
+CVE-2025-15354 (A flaw has been found in itsourcecode Society Management System 1.0. T ...)
+	TODO: check
+CVE-2025-15280 (FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulner ...)
+	TODO: check
+CVE-2025-15279 (FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Co ...)
+	TODO: check
+CVE-2025-15278 (FontForge GUtils XBM File Parsing Integer Overflow Remote Code Executi ...)
+	TODO: check
+CVE-2025-15277 (FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Co ...)
+	TODO: check
+CVE-2025-15276 (FontForge SFD File Parsing Deserialization of Untrusted Data Remote Co ...)
+	TODO: check
+CVE-2025-15275 (FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
+	TODO: check
+CVE-2025-15274 (FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
+	TODO: check
+CVE-2025-15273 (FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Exe ...)
+	TODO: check
+CVE-2025-15272 (FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
+	TODO: check
+CVE-2025-15271 (FontForge SFD File Parsing Improper Validation of Array Index Remote C ...)
+	TODO: check
+CVE-2025-15270 (FontForge SFD File Parsing Improper Validation of Array Index Remote C ...)
+	TODO: check
+CVE-2025-15269 (FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulner ...)
+	TODO: check
+CVE-2025-15223 (A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e5 ...)
+	TODO: check
+CVE-2025-15114 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains a criti ...)
+	TODO: check
+CVE-2025-15113 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unpr ...)
+	TODO: check
+CVE-2025-15112 (Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulne ...)
+	TODO: check
+CVE-2025-15111 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains a defau ...)
+	TODO: check
+CVE-2025-15017 (A vulnerability exists in serial device servers where active debug cod ...)
+	TODO: check
+CVE-2025-14987 (When system.enableCrossNamespaceCommands is enabled (on by default), t ...)
+	TODO: check
+CVE-2025-14986 (When frontend.enableExecuteMultiOperation is enabled, the server can a ...)
+	TODO: check
+CVE-2025-14783 (The Easy Digital Downloads plugin for WordPress is vulnerable to Unval ...)
+	TODO: check
+CVE-2025-14434 (The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0 ...)
+	TODO: check
+CVE-2025-13029 (The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not ...)
+	TODO: check
+CVE-2025-11964 (On Windows only, if libpcap needs to convert a Windows error message t ...)
+	TODO: check
+CVE-2025-11961 (pcap_ether_aton() is an auxiliary function in libpcap, it takes a stri ...)
+	TODO: check
+CVE-2024-58338 (Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability tha ...)
+	TODO: check
+CVE-2024-58337 (Akuvox Smart Intercom S539 contains an improper access control vulnera ...)
+	TODO: check
+CVE-2024-58336 (Akuvox Smart Intercom S539 contains an unauthenticated vulnerability t ...)
+	TODO: check
+CVE-2024-58315 (Tosibox Key Service 3.3.0 contains an unquoted service path vulnerabil ...)
+	TODO: check
+CVE-2023-54327 (Tinycontrol LAN Controller 1.58a contains an authentication bypass vul ...)
+	TODO: check
+CVE-2023-54163 (NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in i ...)
+	TODO: check
+CVE-2023-53983 (Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with we ...)
+	TODO: check
+CVE-2022-50804 (JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site reques ...)
+	TODO: check
+CVE-2022-50803 (JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allo ...)
+	TODO: check
+CVE-2022-50802 (ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerabi ...)
+	TODO: check
+CVE-2022-50801 (JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated sto ...)
+	TODO: check
+CVE-2022-50800 (H3C SSL VPN contains a user enumeration vulnerability that allows atta ...)
+	TODO: check
+CVE-2022-50799 (Fetch FTP Client 5.8.2 contains a denial of service vulnerability that ...)
+	TODO: check
+CVE-2022-50798 (SoX 14.4.2 contains a division by zero vulnerability when handling WAV ...)
+	TODO: check
+CVE-2022-50796 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote ...)
+	TODO: check
+CVE-2022-50795 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command inj ...)
+	TODO: check
+CVE-2022-50794 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauth ...)
+	TODO: check
+CVE-2022-50793 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command  ...)
+	TODO: check
+CVE-2022-50792 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauth ...)
+	TODO: check
+CVE-2022-50791 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command inj ...)
+	TODO: check
+CVE-2022-50790 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauth ...)
+	TODO: check
+CVE-2022-50789 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulne ...)
+	TODO: check
+CVE-2022-50788 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure ...)
+	TODO: check
+CVE-2022-50787 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated ...)
+	TODO: check
+CVE-2022-50696 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded ...)
+	TODO: check
+CVE-2022-50695 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerab ...)
+	TODO: check
+CVE-2022-50694 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerab ...)
+	TODO: check
+CVE-2022-50692 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insuff ...)
+	TODO: check
+CVE-2022-50691 (MiniDVBLinux 5.4 contains a remote command execution vulnerability tha ...)
+	TODO: check
 CVE-2025-69195
 	- wget2 <unfixed>
 	NOTE: Fixed by: https://gitlab.com/gnuwget/wget2/-/commit/fc7fcbc00e0a2c8606d44ab216195afb3f08cc98 (v2.2.1)
@@ -1686,7 +1846,7 @@ CVE-2025-13417 (The Plugin Organizer WordPress plugin before 10.2.4 does not san
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14269
 	NOT-FOR-US: Headlamp
-CVE-2025-68973 (In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments ...)
+CVE-2025-68973 (In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments  ...)
 	- gnupg2 2.4.8-5 (bug #1124221)
 	NOTE: https://gpg.fail/memcpy
 	NOTE: https://www.openwall.com/lists/oss-security/2025/12/28/5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e03c861c4f52ac53fb74e87187f646e1717b8dcd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e03c861c4f52ac53fb74e87187f646e1717b8dcd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251231/560e516c/attachment-0001.htm>