[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 24 20:13:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f01933c1 by security tracker role at 2025-11-24T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,129 @@
+CVE-2025-65998 (Apache Syncope can be configured to store the user password values in ...)
+ TODO: check
+CVE-2025-65503 (Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 a ...)
+ TODO: check
+CVE-2025-65502 (Null pointer dereference in add_ca_certs() in Cesanta Mongoose before ...)
+ TODO: check
+CVE-2025-65501 (Null pointer dereference in coap_dtls_info_callback() in OISM libcoap ...)
+ TODO: check
+CVE-2025-65500 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
+ TODO: check
+CVE-2025-65499 (Array index error in tls_verify_call_back() in src/coap_openssl.c in O ...)
+ TODO: check
+CVE-2025-65498 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
+ TODO: check
+CVE-2025-65497 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
+ TODO: check
+CVE-2025-65496 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
+ TODO: check
+CVE-2025-65495 (Integer signedness error in tls_verify_call_back() in src/coap_openssl ...)
+ TODO: check
+CVE-2025-65494 (NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_open ...)
+ TODO: check
+CVE-2025-65493 (NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 a ...)
+ TODO: check
+CVE-2025-64048 (YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2025-64047 (OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) i ...)
+ TODO: check
+CVE-2025-63958 (MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive config ...)
+ TODO: check
+CVE-2025-63953 (A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user comp ...)
+ TODO: check
+CVE-2025-63952 (A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user comp ...)
+ TODO: check
+CVE-2025-63914 (An issue was discovered in Cinnamon kotaemon 0.11.0. The _may_extract_ ...)
+ TODO: check
+CVE-2025-63435 (Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authent ...)
+ TODO: check
+CVE-2025-63434 (The update mechanism in Xtooltech Xtool AnyScan Android Application 4. ...)
+ TODO: check
+CVE-2025-63433 (Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a h ...)
+ TODO: check
+CVE-2025-63432 (Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missi ...)
+ TODO: check
+CVE-2025-60917 (A reflected cross-site scripting (XSS) vulnerability in the /overview/ ...)
+ TODO: check
+CVE-2025-60916 (A reflected cross-site scripting (XSS) vulnerability in the /overview/ ...)
+ TODO: check
+CVE-2025-60915 (An issue in the size query parameter (/views/file.py) of Austrian Arch ...)
+ TODO: check
+CVE-2025-60914 (Incorrect access control in Austrian Archaeological Institute Openatla ...)
+ TODO: check
+CVE-2025-60638 (An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attac ...)
+ TODO: check
+CVE-2025-60633 (An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attac ...)
+ TODO: check
+CVE-2025-60632 (An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attac ...)
+ TODO: check
+CVE-2025-56423 (An issue in Austrian Academy of Sciences (AW) Austrian Archaeological ...)
+ TODO: check
+CVE-2025-56401 (ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookups ...)
+ TODO: check
+CVE-2025-56400 (Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implement ...)
+ TODO: check
+CVE-2025-52539 (A buffer overflow with Xilinx Run Time Environment may allow a local a ...)
+ TODO: check
+CVE-2025-44018 (A firmware downgrade vulnerability exists in the OTA Update functional ...)
+ TODO: check
+CVE-2025-41729 (An unauthenticated remote attacker can send a specially crafted Modbus ...)
+ TODO: check
+CVE-2025-41087 (Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web appl ...)
+ TODO: check
+CVE-2025-41017 (Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, ...)
+ TODO: check
+CVE-2025-41016 (Inadequate access control vulnerability in Davantis DFUSION v6.177.7, ...)
+ TODO: check
+CVE-2025-36112 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
+ TODO: check
+CVE-2025-13609 (A vulnerability has been identified in keylime where an attacker can e ...)
+ TODO: check
+CVE-2025-13598
+ REJECTED
+CVE-2025-13594
+ REJECTED
+CVE-2025-13541
+ REJECTED
+CVE-2025-13511
+ REJECTED
+CVE-2025-13466 (body-parser 2.2.0 is vulnerable to denial of service due to inefficien ...)
+ TODO: check
+CVE-2025-12978 (Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins cont ...)
+ TODO: check
+CVE-2025-12977 (Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail ...)
+ TODO: check
+CVE-2025-12972 (Fluent Bit out_file plugin does not properly sanitize tag values when ...)
+ TODO: check
+CVE-2025-12970 (The extract_name function in Fluent Bit in_docker input plugin copies ...)
+ TODO: check
+CVE-2025-12969 (Fluent Bit in_forward input plugin does not properly enforce the secur ...)
+ TODO: check
+CVE-2025-12741 (A Looker user with Developer role could create a database connection u ...)
+ TODO: check
+CVE-2025-12740 (A Looker user with a Developer role could create a database connection ...)
+ TODO: check
+CVE-2025-12739 (An attacker with viewer permissions in Looker could craft a malicious ...)
+ TODO: check
+CVE-2025-12628 (The WP 2FA WordPress plugin does not generate backup codes with enough ...)
+ TODO: check
+CVE-2025-11921 (iStats contains an insecure XPC service that allows local, unprivilege ...)
+ TODO: check
+CVE-2025-10555 (A stored Cross-site Scripting (XSS) vulnerability affecting Service It ...)
+ TODO: check
+CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting Requiremen ...)
+ TODO: check
+CVE-2025-0005 (Improper input validation within the XOCL driver may allow a local att ...)
+ TODO: check
CVE-2025-59820 [Heap-based buffer overflow when parsing TGA files]
- krita 1:5.2.13+dfsg-1
NOTE: https://kde.org/info/security/advisory-20250929-1.txt
NOTE: Fixed by: https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8 (v5.2.13)
-CVE-2025-40213 [Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete]
+CVE-2025-40213 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.17.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e8785404de06a69d89dcdd1e9a0b6ea42dc6d327 (6.18-rc4)
-CVE-2025-40212 [nfsd: fix refcount leak in nfsd_set_fh_dentry()]
+CVE-2025-40212 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -25507,6 +25623,7 @@ CVE-2025-58065 (Flask-AppBuilder is an application development framework. Prior
CVE-2025-56556 (An issue was discovered in Subrion CMS 4.2.1, allowing authenticated a ...)
NOT-FOR-US: Subrion CMS
CVE-2025-48041 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ {DLA-4376-1}
- erlang 1:27.3.4.3+dfsg-1 (bug #1115090)
[trixie] - erlang <no-dsa> (Minor issue)
[bookworm] - erlang <no-dsa> (Minor issue)
@@ -25524,6 +25641,7 @@ CVE-2025-48040 (Uncontrolled Resource Consumption vulnerability in Erlang OTP ss
NOTE: https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a (OTP-27.3.4.3, OTP-28.0.3)
NOTE: https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a (OTP-26.2.5.15)
CVE-2025-48039 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ {DLA-4376-1}
- erlang 1:27.3.4.3+dfsg-1 (bug #1115092)
[trixie] - erlang <no-dsa> (Minor issue)
[bookworm] - erlang <no-dsa> (Minor issue)
@@ -25532,6 +25650,7 @@ CVE-2025-48039 (Allocation of Resources Without Limits or Throttling vulnerabili
NOTE: https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac (OTP-27.3.4.3, OTP-28.0.3)
NOTE: https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0 (OTP-26.2.5.15)
CVE-2025-48038 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ {DLA-4376-1}
- erlang 1:27.3.4.3+dfsg-1 (bug #1115093)
[trixie] - erlang <no-dsa> (Minor issue)
[bookworm] - erlang <no-dsa> (Minor issue)
@@ -53222,6 +53341,7 @@ CVE-2025-5689 (A flaw was found in the temporary user record that authd uses in
CVE-2025-5309 (The chat feature within Remote Support (RS) and Privileged Remote Acce ...)
NOT-FOR-US: BeyondTrust
CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ {DLA-4376-1}
- erlang 1:27.3.4.1+dfsg-1 (bug #1107939)
[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f01933c1661d5964f492d29c1f9fff62c8338de5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f01933c1661d5964f492d29c1f9fff62c8338de5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251124/fd8c7edc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list