[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 26 08:12:53 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ceb0066 by security tracker role at 2025-11-26T08:12:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-9558 (There is a potential OOB Write vulnerability in the gen_prov_start fun ...)
+	TODO: check
+CVE-2025-9557 (An out-of-bound write can lead to an arbitrary code execution. Even on ...)
+	TODO: check
+CVE-2025-66269 (The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privi ...)
+	TODO: check
+CVE-2025-66266 (The RupsMon.exe service executable in UPSilon 2000 has insecure permis ...)
+	TODO: check
+CVE-2025-66265 (CMService.exe creates the C:\\usr directory and subdirectories with in ...)
+	TODO: check
+CVE-2025-66264 (The CMService.exe service runs with SYSTEM privileges and contains an  ...)
+	TODO: check
+CVE-2025-66263 (Unauthenticated Arbitrary File Read via Null Byte Injection in DB Elec ...)
+	TODO: check
+CVE-2025-66262 (Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Elect ...)
+	TODO: check
+CVE-2025-66261 (Unauthenticated OS Command Injection (restore_settings.php) in DB Elec ...)
+	TODO: check
+CVE-2025-66260 (PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomuni ...)
+	TODO: check
+CVE-2025-66259 (Authenticated Root Remote Code Execution via improrer user input filte ...)
+	TODO: check
+CVE-2025-66258 (Stored Cross-Site Scripting via XML Injection in DB Electronica Teleco ...)
+	TODO: check
+CVE-2025-66257 (Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Ele ...)
+	TODO: check
+CVE-2025-66256 (Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Elect ...)
+	TODO: check
+CVE-2025-66255 (Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Ele ...)
+	TODO: check
+CVE-2025-66254 (Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB E ...)
+	TODO: check
+CVE-2025-66253 (Unauthenticated OS Command Injection (start_upgrade.php) in DB Electro ...)
+	TODO: check
+CVE-2025-66252 (Infinite Loop Denial of Service via Failed File Deletion in DB Electro ...)
+	TODO: check
+CVE-2025-66251 (Unauthenticated Path Traversal with Arbitrary File Deletion in DB Elec ...)
+	TODO: check
+CVE-2025-66250 (Unauthenticated Arbitrary File Upload (status_contents.php) in DB Elec ...)
+	TODO: check
+CVE-2025-66235
+	REJECTED
+CVE-2025-66234
+	REJECTED
+CVE-2025-66233
+	REJECTED
+CVE-2025-66232
+	REJECTED
+CVE-2025-66231
+	REJECTED
+CVE-2025-66230
+	REJECTED
+CVE-2025-66229
+	REJECTED
+CVE-2025-66228
+	REJECTED
+CVE-2025-66026 (REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross- ...)
+	TODO: check
+CVE-2025-66025 (Caido is a web security auditing toolkit. Prior to version 0.53.0, the ...)
+	TODO: check
+CVE-2025-66022 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
+	TODO: check
+CVE-2025-66021 (OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in ...)
+	TODO: check
+CVE-2025-66020 (Valibot helps validate data using a schema. In versions from 0.31.0 to ...)
+	TODO: check
+CVE-2025-66019 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
+	TODO: check
+CVE-2025-65963 (Files is a module for managing files inside spaces and user profiles.  ...)
+	TODO: check
+CVE-2025-65957 (Core Bot Is an Open Source discord bot made for maple hospital servers ...)
+	TODO: check
+CVE-2025-65956 (Formwork is a flat file-based Content Management System (CMS). Prior t ...)
+	TODO: check
+CVE-2025-65953 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
+	TODO: check
+CVE-2025-65952 (Console is a network used to control Gorilla Tag mods' users and other ...)
+	TODO: check
+CVE-2025-65942 (VictoriaMetrics is a scalable solution for monitoring and managing tim ...)
+	TODO: check
+CVE-2025-64983 (Smart Video Doorbell firmware versions prior to 2.01.078 contain an ac ...)
+	TODO: check
+CVE-2025-64713 (WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssemb ...)
+	TODO: check
+CVE-2025-64704 (WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssemb ...)
+	TODO: check
+CVE-2025-64657 (Stack-based buffer overflow in Azure Application Gateway allows an una ...)
+	TODO: check
+CVE-2025-64656 (Out-of-bounds read in Application Gateway allows an unauthorized attac ...)
+	TODO: check
+CVE-2025-63735 (A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleash ...)
+	TODO: check
+CVE-2025-62703 (Fugue is a unified interface for distributed computing that lets users ...)
+	TODO: check
+CVE-2025-58360 (GeoServer is an open source server that allows users to share and edit ...)
+	TODO: check
+CVE-2025-55174 (In KDE Skanpage before 25.08.0, an attempt at file overwrite can resul ...)
+	TODO: check
+CVE-2025-51746 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber ...)
+	TODO: check
+CVE-2025-51745 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan  ...)
+	TODO: check
+CVE-2025-51744 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser ...)
+	TODO: check
+CVE-2025-51743 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCate ...)
+	TODO: check
+CVE-2025-51741 (An issue was discovered in Veal98 Echo Open-Source Community System 2. ...)
+	TODO: check
+CVE-2025-21621 (GeoServer is an open source server that allows users to share and edit ...)
+	TODO: check
+CVE-2025-13735 (Out-of-bounds Read vulnerability in ASR1903\u3001ASR3901 in ASR Lapwin ...)
+	TODO: check
+CVE-2025-13597 (The AI Feeds plugin for WordPress is vulnerable to arbitrary file uplo ...)
+	TODO: check
+CVE-2025-13595 (The CIBELES AI plugin for WordPress is vulnerable to arbitrary file up ...)
+	TODO: check
+CVE-2025-12848 (Webform Multiple File Upload module for Drupal 7.x contains a cross-si ...)
+	TODO: check
+CVE-2025-12061 (The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not  ...)
+	TODO: check
 CVE-2025-9624 (A vulnerability in OpenSearch allows attackers to cause Denial of Serv ...)
 	- opensearch <unfixed> (bug #1121416)
 CVE-2025-66017 (CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round sig ...)
@@ -417,7 +537,7 @@ CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting Requ
 	NOT-FOR-US: Dassault Systemes
 CVE-2025-0005 (Improper input validation within the XOCL driver may allow a local att ...)
 	TODO: check
-CVE-2025-59820 [Heap-based buffer overflow when parsing TGA files]
+CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file could resul ...)
 	- krita 1:5.2.13+dfsg-1
 	NOTE: https://kde.org/info/security/advisory-20250929-1.txt
 	NOTE: Fixed by: https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8 (v5.2.13)
@@ -4231,7 +4351,7 @@ CVE-2025-64518 (The CycloneDX core module provides a model representation of the
 CVE-2025-64513 (Milvus is an open-source vector database built for generative AI appli ...)
 	NOT-FOR-US: Milvus
 CVE-2025-64512 (Pdfminer.six is a community maintained fork of the original PDFMiner,  ...)
-	{DLA-4374-1}
+	{DSA-6062-1 DLA-4374-1}
 	- pdfminer 20221105+dfsg-1.1 (bug #1120642)
 	NOTE: https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp
 	NOTE: Fixed by: https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086 (20251107)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ceb00667ccfe8c13f4c14b85a7a0eebcf01c421

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ceb00667ccfe8c13f4c14b85a7a0eebcf01c421
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251126/649266a7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list