[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 30 08:13:18 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0117eda3 by security tracker role at 2025-11-30T08:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2025-66433 (HTCondor Access Point before 25.3.1 allows an authenticated user to im ...)
+ TODO: check
+CVE-2025-66432 (In Oxide control plane 15 through 17 before 17.1, API tokens can be re ...)
+ TODO: check
+CVE-2025-13785 (A security vulnerability has been detected in yungifez Skuul School Ma ...)
+ TODO: check
+CVE-2025-13784 (A weakness has been identified in yungifez Skuul School Management Sys ...)
+ TODO: check
+CVE-2025-13783 (A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc ...)
+ TODO: check
+CVE-2025-13782 (A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fddd ...)
+ TODO: check
+CVE-2025-13615 (The StreamTube Core plugin for WordPress is vulnerable to Arbitrary Us ...)
+ TODO: check
CVE-2025-6666 (A vulnerability was determined in motogadget mo.lock Ignition Lock up ...)
TODO: check
CVE-2025-13699
@@ -1188,20 +1202,24 @@ CVE-2024-21923 (Incorrect default permissions in AMD StoreMI\u2122 could allow a
NOT-FOR-US: AMD
CVE-2024-21922 (A DLL hijacking vulnerability in AMD StoreMI\u2122 could allow an atta ...)
NOT-FOR-US: AMD
-CVE-2025-66424 [Export data does not enforce access rights]
+CVE-2025-66424 (Tryton trytond 6.0 before 7.6.11 does not enforce access rights for da ...)
+ {DSA-6064-1 DLA-4388-1}
- tryton-server 7.0.40-1 (bug #1121243)
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14366
-CVE-2025-66423 [IDOR / Access Control Issue - Unauthorized Access to User Signatures]
+CVE-2025-66423 (Tryton trytond 6.0 before 7.6.11 does not enforce access rights for th ...)
+ {DSA-6064-1}
- tryton-server 7.0.40-1 (bug #1121241)
[bullseye] - tryton-server <not-affected> (Vulnerable code introduced in 5.2.0)
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14364/8952
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14364
-CVE-2025-66422 [Information disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create)]
+CVE-2025-66422 (Tryton trytond before 7.6.11 allows remote attackers to obtain sensiti ...)
+ {DSA-6064-1 DLA-4388-1}
- tryton-server 7.0.40-1 (bug #1121242)
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14354/8950
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14354
-CVE-2025-66421 [Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution]
+CVE-2025-66421 (Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does n ...)
+ {DSA-6061-1}
- tryton-sao 7.0.40+ds1-1 (bug #1121233)
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14363/8951
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14363
@@ -11430,7 +11448,8 @@ CVE-2020-36855 (A security vulnerability has been detected in DCMTK up to 3.6.5.
{DLA-4363-1}
- dcmtk 3.6.6-1
NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/0fef9f02e7c3976c36826b272ed4929f3977c3db (DCMTK-3.6.6)
-CVE-2025-66420 [Stored XSS Vulnerability]
+CVE-2025-66420 (Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attach ...)
+ {DSA-6034-1}
- tryton-sao 7.0.38+ds1-1
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14290/8895
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14290
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0117eda3a04c5071bfc4158ac5376745a557389d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0117eda3a04c5071bfc4158ac5376745a557389d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251130/9d0d410d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list