[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 28 08:13:08 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a3377dc by security tracker role at 2025-11-28T08:12:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-66386 (app/Model/EventReport.php in MISP before 2.5.27 allows path traversal  ...)
+	TODO: check
+CVE-2025-66385 (UsersController::edit in Cerebrate before 1.30 allows an authenticated ...)
+	TODO: check
+CVE-2025-66384 (app/Controller/EventsController.php in MISP before 2.5.24 has invalid  ...)
+	TODO: check
+CVE-2025-66382 (In libexpat through 2.7.3, a crafted file with an approximate size of  ...)
+	TODO: check
+CVE-2025-66372 (Mustang before 2.16.3 allows exfiltrating files via XXE attacks.)
+	TODO: check
+CVE-2025-66371 (Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configu ...)
+	TODO: check
+CVE-2025-66370 (Kivitendo before 3.9.2 allows XXE injection. By uploading an electroni ...)
+	TODO: check
+CVE-2025-66361 (An issue was discovered in Logpoint before 7.7.0. Sensitive informatio ...)
+	TODO: check
+CVE-2025-66360 (An issue was discovered in Logpoint before 7.7.0. An improperly config ...)
+	TODO: check
+CVE-2025-66359 (An issue was discovered in Logpoint before 7.7.0. Insufficient input v ...)
+	TODO: check
+CVE-2025-64315 (Configuration defect vulnerability in the file management module. Impa ...)
+	TODO: check
+CVE-2025-64314 (Permission control vulnerability in the memory management module. Impa ...)
+	TODO: check
+CVE-2025-64313 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
+	TODO: check
+CVE-2025-64312 (Permission control vulnerability in the file management module. Impact ...)
+	TODO: check
+CVE-2025-64311 (Permission control vulnerability in the Notepad module. Impact: Succes ...)
+	TODO: check
+CVE-2025-58316 (DoS vulnerability in the video-related system service module. Impact:  ...)
+	TODO: check
+CVE-2025-58315 (Permission control vulnerability in the Wi-Fi module. Impact: Successf ...)
+	TODO: check
+CVE-2025-58314 (Vulnerability of accessing invalid memory in the component driver modu ...)
+	TODO: check
+CVE-2025-58312 (Permission control vulnerability in the App Lock module. Impact: Succe ...)
+	TODO: check
+CVE-2025-58311 (UAF vulnerability in the USB driver module. Impact: Successful exploit ...)
+	TODO: check
+CVE-2025-58310 (Permission control vulnerability in the distributed component. Impact: ...)
+	TODO: check
+CVE-2025-58309 (Permission control vulnerability in the startup recovery module. Impac ...)
+	TODO: check
+CVE-2025-58308 (Vulnerability of improper criterion security check in the call module. ...)
+	TODO: check
+CVE-2025-58307 (UAF vulnerability in the screen recording framework module. Impact: Su ...)
+	TODO: check
+CVE-2025-58305 (Identity authentication bypass vulnerability in the Gallery app. Impac ...)
+	TODO: check
+CVE-2025-58304 (Permission control vulnerability in the file management module. Impact ...)
+	TODO: check
+CVE-2025-58303 (UAF vulnerability in the screen recording framework module. Impact: Su ...)
+	TODO: check
+CVE-2025-58302 (Permission control vulnerability in the Settings module. Impact: Succe ...)
+	TODO: check
+CVE-2025-58294 (Permission control vulnerability in the print module. Impact: Successf ...)
+	TODO: check
+CVE-2025-13771 (WebITR developed by Uniong has an Arbitrary File Read vulnerability, a ...)
+	TODO: check
+CVE-2025-13770 (WebITR developed by Uniong has a SQL Injection vulnerability, allowing ...)
+	TODO: check
+CVE-2025-13769 (WebITR developed by Uniong has a SQL Injection vulnerability, allowing ...)
+	TODO: check
+CVE-2025-13768 (WebITR developed by Uniong has an Authentication Bypass vulnerability, ...)
+	TODO: check
+CVE-2025-13737 (The Nextend Social Login and Register plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-13338
+	REJECTED
 CVE-2025-58436
 	- cups 2.4.15-1
 	[trixie] - cups <no-dsa> (Minor issue)
@@ -861,6 +931,7 @@ CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting Requ
 CVE-2025-0005 (Improper input validation within the XOCL driver may allow a local att ...)
 	NOT-FOR-US: AMD
 CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file could resul ...)
+	{DSA-6065-1}
 	- krita 1:5.2.13+dfsg-1
 	NOTE: https://kde.org/info/security/advisory-20250929-1.txt
 	NOTE: Fixed by: https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8 (v5.2.13)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3377dc089de18d0b01f3706a08232c0095cc21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3377dc089de18d0b01f3706a08232c0095cc21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251128/0450e57e/attachment.htm>

More information about the debian-security-tracker-commits mailing list