[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 03 Nov 2025 00:13:10 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e9c50e8e by security tracker role at 2025-11-03T08:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-48396 (Arbitrary code executionis possible due to improper validation 
of the  ...)
+       TODO: check
+CVE-2025-12623 (A vulnerability was identified in fushengqian fuint up to 
41e26be8a2c6 ...)
+       TODO: check
+CVE-2025-12622 (A vulnerability was determined in Tenda AC10 16.03.10.13. 
Affected by  ...)
+       TODO: check
+CVE-2025-12619 (A vulnerability was found in Tenda A15 15.13.07.13. Affected 
is the fu ...)
+       TODO: check
+CVE-2025-12618 (A vulnerability has been found in Tenda AC8 16.03.34.06. This 
impacts  ...)
+       TODO: check
+CVE-2025-12617 (A flaw has been found in itsourcecode Billing System 1.0. This 
affects ...)
+       TODO: check
+CVE-2025-12616 (A vulnerability was detected in PHPGurukul News Portal 1.0. 
The impact ...)
+       TODO: check
+CVE-2025-12615 (A security vulnerability has been detected in PHPGurukul News 
Portal 1 ...)
+       TODO: check
+CVE-2025-12614 (A weakness has been identified in SourceCodester Best House 
Rental Man ...)
+       TODO: check
+CVE-2025-12612 (A security flaw has been discovered in Campcodes School Fees 
Payment M ...)
+       TODO: check
+CVE-2025-12611 (A vulnerability was identified in Tenda AC21 16.03.08.16. This 
vulnera ...)
+       TODO: check
+CVE-2025-12610 (A vulnerability was determined in CodeAstro Gym Management 
System 1.0. ...)
+       TODO: check
+CVE-2025-12609 (A vulnerability was found in CodeAstro Gym Management System 
1.0. Affe ...)
+       TODO: check
+CVE-2025-12608 (A security flaw has been discovered in itsourcecode Online 
Loan Manage ...)
+       TODO: check
+CVE-2025-12607 (A vulnerability was identified in itsourcecode Online Loan 
Management  ...)
+       TODO: check
+CVE-2025-12606 (A vulnerability was determined in itsourcecode Online Loan 
Management  ...)
+       TODO: check
+CVE-2025-12605 (A vulnerability was found in itsourcecode Online Loan 
Management Syste ...)
+       TODO: check
+CVE-2025-12604 (A vulnerability has been found in itsourcecode Online Loan 
Management  ...)
+       TODO: check
+CVE-2025-12503 (EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a 
SQL Inject ...)
+       TODO: check
 CVE-2025-12598 (A flaw has been found in SourceCodester Best House Rental 
Management S ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-12597 (A vulnerability was detected in SourceCodester Best House 
Rental Manag ...)
@@ -13539,6 +13577,7 @@ CVE-2025-59534 (CryptoLib provides a software-only 
solution using the CCSDS Spac
 CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was 
discovered in ...)
        NOT-FOR-US: Click Plus PLC
 CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       {DLA-4358-1}
        - wordpress 6.8.3+dfsg1-1 (bug #1117047)
        NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 CVE-2025-58473 (An improper resource shutdown or release vulnerability has 
been identi ...)
@@ -13550,6 +13589,7 @@ CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks 
proper validation of the user-
 CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
        NOT-FOR-US: Delta Electronics
 CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Wor ...)
+       {DLA-4358-1}
        - wordpress 6.8.3+dfsg1-1 (bug #1117047)
        NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in 
firmware v ...)
@@ -23738,7 +23778,7 @@ CVE-2024-13342 (The Booster for WooCommerce plugin for 
WordPress is vulnerable t
        NOT-FOR-US: WordPress plugin
 CVE-2024-12923 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
        NOT-FOR-US: QNAP
-CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty v.1.9.1 allows 
a local ...)
+CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty before 1.9.2 
allows a  ...)
        NOT-FOR-US: copyparty
 CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File 
Reading vulne ...)
        NOT-FOR-US: Ai3 QbiCRMGateway
@@ -31650,7 +31690,7 @@ CVE-2025-8518 (A vulnerability was found in givanz 
Vvveb 1.0.5. It has been rate
        NOT-FOR-US: givanz Vvveb
 CVE-2025-8517 (A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted 
is an u ...)
        NOT-FOR-US: givanz Vvveb
-CVE-2025-8516 (A vulnerability was found in Kingdee Cloud-Starry-Sky 
Enterprise Editi ...)
+CVE-2025-8516 (A security vulnerability has been detected in Kingdee 
Cloud-Starry-Sky ...)
        NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
 CVE-2025-8515 (A weakness has been identified in Intelbras InControl 
2.21.60.9. This  ...)
        NOT-FOR-US: Intelbras
@@ -150387,6 +150427,7 @@ CVE-2024-21520 (Versions of the package 
djangorestframework before 3.15.2 are vu
 CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel 
Reservat ...)
        NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via 
the HT ...)
+       {DLA-4358-1}
        - wordpress 6.5.5+dfsg1-1 (bug #1074486)
        NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
        NOTE: https://core.trac.wordpress.org/changeset/58473
@@ -150495,6 +150536,7 @@ CVE-2024-32111 (Improper Limitation of a Pathname to 
a Restricted Directory ('Pa
        - wordpress <not-affected> (Only affects Windows systems)
        NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
 CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       {DLA-4358-1}
        - wordpress 6.5.5+dfsg1-1 (bug #1074486)
        NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
 CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions 
2.3.0p7 ...)
@@ -393237,7 +393279,7 @@ CVE-2021-30483 (isomorphic-git before 1.8.2 allows 
Directory Traversal via a cra
        NOT-FOR-US: isomorphic-git
 CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application 
passwords were n ...)
        NOT-FOR-US: JetBrains
-CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is 
installed ...)
+CVE-2021-30481 (Valve Steam before 2021-04-17, when a Source engine game is 
installed, ...)
        NOT-FOR-US: Valve Steam
        NOTE: Debian ships an installer as src:steam, but it auto-updates 
whenever Steam
        NOTE: is started, so nothing really to be updated there



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9c50e8e171b6986ab2437a3823cf99b6597a776

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9c50e8e171b6986ab2437a3823cf99b6597a776
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to