[Git][security-tracker-team/security-tracker][master] automatic update

Fri Nov 28 20:13:04 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d9f2e95 by security tracker role at 2025-11-28T20:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2025-51736 (File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.)
+	TODO: check
+CVE-2025-51735 (CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12. ...)
+	TODO: check
+CVE-2025-51734 (Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unic ...)
+	TODO: check
+CVE-2025-51733 (Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Lt ...)
+	TODO: check
+CVE-2025-13683 (Exposure of credentials in unintended requests in Devolutions Server,  ...)
+	TODO: check
+CVE-2025-12638 (Keras version 3.11.3 is affected by a path traversal vulnerability in  ...)
+	TODO: check
+CVE-2025-12183 (Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier  ...)
+	TODO: check
+CVE-2025-12143 (Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This ...)
+	TODO: check
+CVE-2025-11156 (Netskope was notified about a potential gap in its agent (NS Client) o ...)
+	TODO: check
 CVE-2025-66386 (app/Model/EventReport.php in MISP before 2.5.27 allows path traversal  ...)
 	NOT-FOR-US: MISP
 CVE-2025-66385 (UsersController::edit in Cerebrate before 1.30 allows an authenticated ...)
@@ -657,6 +675,7 @@ CVE-2025-64304 ("FOD" App uses hard-coded cryptographic keys, which may allow a
 CVE-2025-63674 (An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.2926 allo ...)
 	NOT-FOR-US: Blurams
 CVE-2025-63498 (alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
+	{DLA-4386-1}
 	- sogo 5.12.4-1
 	NOTE: https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c (SOGo-5.12.4)
 	NOTE: https://github.com/xryptoh/CVE-2025-63498
@@ -21252,9 +21271,9 @@ CVE-2025-8079 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: Smart Trade E-Commerce
 CVE-2025-59797 (Profession Fit 5.0.99 Build 44910 allows authorization bypass via a di ...)
 	NOT-FOR-US: Profession Fit
-CVE-2025-59792
+CVE-2025-59792 (Reveals plaintext credentials in the MONITOR command vulnerability in  ...)
 	NOT-FOR-US: Apache Kvrocks
-CVE-2025-59790
+CVE-2025-59790 (Improper Privilege Management vulnerability in Apache Kvrocks.  This i ...)
 	NOT-FOR-US: Apache Kvrocks
 CVE-2025-59592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9f2e95f0525a73c2a082bc21ec2033a11d5a62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9f2e95f0525a73c2a082bc21ec2033a11d5a62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251128/931b5b41/attachment-0001.htm>
