[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 22 08:12:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
853ba7c7 by security tracker role at 2025-11-22T08:12:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-65947 (thread-amount is a tool that gets the amount of threads in the current ...)
+	TODO: check
+CVE-2025-65946 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
+	TODO: check
+CVE-2025-65111 (SpiceDB is an open source database system for creating and managing se ...)
+	TODO: check
+CVE-2025-65109 (Minder is an open source software supply chain security platform. In M ...)
+	TODO: check
+CVE-2025-65108 (md-to-pdf is a CLI tool for converting Markdown files to PDF using Nod ...)
+	TODO: check
+CVE-2025-65107 (Langfuse is an open source large language model engineering platform.  ...)
+	TODO: check
+CVE-2025-65106 (LangChain is a framework for building agents and LLM-powered applicati ...)
+	TODO: check
+CVE-2025-65102 (PJSIP is a free and open source multimedia communication library. Prio ...)
+	TODO: check
+CVE-2025-65092 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+	TODO: check
+CVE-2025-43374 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2025-31266 (A spoofing issue was addressed with improved truncation when displayin ...)
+	TODO: check
+CVE-2025-31248 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-31216 (The issue was addressed with improved checks. This issue is fixed in i ...)
+	TODO: check
+CVE-2025-13384 (The CP Contact Form with PayPal plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-13317 (The Appointment Booking Calendar plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-12889 (With TLS 1.2 connections a client can use any digest, specifically a w ...)
+	TODO: check
+CVE-2025-12888 (Vulnerability in X25519 constant-time cryptographic implementations du ...)
+	TODO: check
+CVE-2025-12877 (The IDonate \u2013 Blood Donation, Request And Donor Management System ...)
+	TODO: check
+CVE-2025-12752 (The Subscriptions & Memberships for PayPal plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-12678
+	REJECTED
+CVE-2025-11936 (Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolf ...)
+	TODO: check
+CVE-2025-11935 (With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could i ...)
+	TODO: check
+CVE-2025-11934 (Improper input validation in the TLS 1.3 CertificateVerify signature a ...)
+	TODO: check
+CVE-2025-11933 (Improper Input Validation in the TLS 1.3 CKS extension parsing in wolf ...)
+	TODO: check
+CVE-2025-11932 (The server previously verified the TLS 1.3 PSK binder using a non-cons ...)
+	TODO: check
+CVE-2025-11931 (Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305  ...)
+	TODO: check
+CVE-2025-11186 (The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is ...)
+	TODO: check
+CVE-2025-11087 (The Zegen Core plugin for WordPress is vulnerable to Cross-Site Reques ...)
+	TODO: check
+CVE-2025-0504 (Black Duck SCA versions prior to 2025.10.0 had user role permissions c ...)
+	TODO: check
 CVE-2025-66115 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66114 (Missing Authorization vulnerability in theme funda Show Variations as  ...)
@@ -464,7 +522,7 @@ CVE-2025-0643 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: Pyxis Signage
 CVE-2024-31405
 	REJECTED
-CVE-2025-13470 [RNP PKESK Session Keys Generated as All-Zero]
+CVE-2025-13470 (In RNP version 0.18.0 a refactoring regression causes the symmetric  s ...)
 	- rnp 0.18.1-1 (bug #1121081)
 	[trixie] - rnp <not-affected> (Vulnerable code introduced later)
 	[bookworm] - rnp <not-affected> (Vulnerable code introduced later)
@@ -13140,13 +13198,13 @@ CVE-2025-61601 (BigBlueButton is an open-source virtual classroom. A Denial of S
 	NOT-FOR-US: BigBlueButton
 CVE-2025-60375 (The authentication mechanism in Perfex CRM before 3.3.1 allows attacke ...)
 	NOT-FOR-US: Perfex CRM
-CVE-2025-59286 (Copilot Spoofing Vulnerability)
+CVE-2025-59286 (Improper neutralization of special elements used in a command ('comman ...)
 	NOT-FOR-US: Microsoft
-CVE-2025-59272 (Copilot Spoofing Vulnerability)
+CVE-2025-59272 (Improper neutralization of special elements used in a command ('comman ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-59271 (Redis Enterprise Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2025-59252 (M365 Copilot Spoofing Vulnerability)
+CVE-2025-59252 (Improper neutralization of special elements used in a command ('comman ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-59247 (Azure PlayFab Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/853ba7c70728c897077908c0a6b4e17a5bd4f20f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/853ba7c70728c897077908c0a6b4e17a5bd4f20f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251122/92a1e17b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list