[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 30 Dec 2025 00:13:16 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9dc041d7 by security tracker role at 2025-12-30T08:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2025-69235 (Whale browser before 4.35.351.12 allows an attacker to bypass 
the Same ...)
+       TODO: check
+CVE-2025-69234 (Whale browser before 4.35.351.12 allows an attacker to escape 
the ifra ...)
+       TODO: check
+CVE-2025-69217 (coturn is a free open source implementation of TURN and STUN 
Server. V ...)
+       TODO: check
+CVE-2025-69205 (Micro Registration Utility (\xb5URU) is a telephone self 
registration  ...)
+       TODO: check
+CVE-2025-68860 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+       TODO: check
+CVE-2025-68607 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68562 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Roman ...)
+       TODO: check
+CVE-2025-68504 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68503 (Missing Authorization vulnerability in Crocoblock JetBlog 
allows Explo ...)
+       TODO: check
+CVE-2025-68502 (Authorization Bypass Through User-Controlled Key vulnerability 
in Croc ...)
+       TODO: check
+CVE-2025-68499 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68498 (Missing Authorization vulnerability in Crocoblock JetTabs 
allows Explo ...)
+       TODO: check
+CVE-2025-68120 (To prevent unexpected untrusted code execution, the Visual 
Studio Code ...)
+       TODO: check
+CVE-2025-68040 (Insertion of Sensitive Information Into Sent Data 
vulnerability in weD ...)
+       TODO: check
+CVE-2025-68036 (Missing Authorization vulnerability in Emraan Cheema CubeWP 
allows Acc ...)
+       TODO: check
+CVE-2025-23554 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23550 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23469 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23458 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-15355 (ISOinsight developed by NetVision Information has a Reflected 
Cross-si ...)
+       TODO: check
+CVE-2025-15284 (Improper Input Validation vulnerability in qs (parse modules) 
allows H ...)
+       TODO: check
+CVE-2025-15233 (A security flaw has been discovered in Tenda M3 
1.0.0.13(4903). This i ...)
+       TODO: check
+CVE-2025-15232 (A vulnerability was identified in Tenda M3 1.0.0.13(4903). 
This vulner ...)
+       TODO: check
+CVE-2025-15231 (A vulnerability was determined in Tenda M3 1.0.0.13(4903). 
This affect ...)
+       TODO: check
+CVE-2025-15230 (A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected 
by this ...)
+       TODO: check
+CVE-2025-15229 (A vulnerability has been found in Tenda CH22 up to 1.0.0.1. 
Affected b ...)
+       TODO: check
+CVE-2025-15222 (A vulnerability has been found in Dromara Sa-Token up to 
1.44.0. This  ...)
+       TODO: check
+CVE-2025-15221 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. This 
vulnerabi ...)
+       TODO: check
+CVE-2025-15220 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. 
This af ...)
+       TODO: check
+CVE-2025-15219 (A security vulnerability has been detected in SohuTV 
CacheCloud up to  ...)
+       TODO: check
+CVE-2025-15218 (A weakness has been identified in Tenda AC10U 
15.03.06.48/15.03.06.49. ...)
+       TODO: check
+CVE-2025-15217 (A security flaw has been discovered in Tenda AC23 16.03.07.52. 
Affecte ...)
+       TODO: check
+CVE-2025-15216 (A vulnerability was identified in Tenda AC23 16.03.07.52. This 
impacts ...)
+       TODO: check
+CVE-2025-15215 (A vulnerability was determined in Tenda AC10U 
15.03.06.48/15.03.06.49. ...)
+       TODO: check
+CVE-2025-15214 (A vulnerability was found in Campcodes Park Ticketing System 
1.0. The  ...)
+       TODO: check
+CVE-2025-15213 (A vulnerability has been found in code-projects Student File 
Managemen ...)
+       TODO: check
+CVE-2025-15212 (A vulnerability was detected in code-projects Refugee Food 
Management  ...)
+       TODO: check
+CVE-2025-15211 (A flaw has been found in code-projects Refugee Food Management 
System  ...)
+       TODO: check
+CVE-2025-15210 (A security vulnerability has been detected in code-projects 
Refugee Fo ...)
+       TODO: check
+CVE-2025-15209 (A weakness has been identified in code-projects Refugee Food 
Managemen ...)
+       TODO: check
+CVE-2025-15208 (A security flaw has been discovered in code-projects Refugee 
Food Mana ...)
+       TODO: check
+CVE-2025-15207 (A vulnerability has been found in Campcodes Supplier 
Management System ...)
+       TODO: check
+CVE-2025-15206 (A flaw has been found in Campcodes Supplier Management System 
1.0. Thi ...)
+       TODO: check
+CVE-2025-15205 (A vulnerability was identified in code-projects Student File 
Managemen ...)
+       TODO: check
+CVE-2025-15204 (A vulnerability was determined in SohuTV CacheCloud up to 
3.2.0. Affec ...)
+       TODO: check
+CVE-2025-15203 (A vulnerability was found in SohuTV CacheCloud up to 3.2.0. 
This impac ...)
+       TODO: check
+CVE-2025-14313 (The Advance WP Query Search Filter WordPress plugin through 
1.0.10 doe ...)
+       TODO: check
+CVE-2025-14312 (The Advance WP Query Search Filter WordPress plugin through 
1.0.10 doe ...)
+       TODO: check
+CVE-2024-27480 (givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.)
+       TODO: check
+CVE-2024-25183 (givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via 
scan.php ...)
+       TODO: check
+CVE-2024-25182 (givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability 
via save ...)
+       TODO: check
+CVE-2023-41656 (Missing Authorization vulnerability in wpdive Better Elementor 
Addons  ...)
+       TODO: check
+CVE-2023-32238 (Vulnerability in CodexThemes TheGem (Elementor), CodexThemes 
TheGem (W ...)
+       TODO: check
 CVE-2025-69211 (Nest is a framework for building scalable Node.js server-side 
applicat ...)
        NOT-FOR-US: Nest
 CVE-2025-69206 (Hemmelig is a messing app with with client-side encryption and 
self-de ...)
@@ -1678,7 +1784,8 @@ CVE-2018-25154 (GNU Barcode 0.99 contains a buffer 
overflow vulnerability in its
        NOTE: 
https://lists.gnu.org/archive/html/bug-barcode/2018-05/msg00002.html
        NOTE: https://www.exploit-db.com/exploits/44797
        NOTE: Crash in CLI tool, negligible security impact
-CVE-2018-25153 (GNU Barcode 0.99 contains a memory leak vulnerability in the 
command l ...)
+CVE-2018-25153
+       REJECTED
        - barcode <unfixed> (unimportant)
        NOTE: 
https://lists.gnu.org/archive/html/bug-barcode/2018-05/msg00002.html
        NOTE: https://www.exploit-db.com/exploits/44798
@@ -12219,6 +12326,7 @@ CVE-2025-11778 (Stack-based buffer overflow in Circutor 
SGE-PLC1000/SGE-PLC50 v0
 CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) 
versions <=1.5 ...)
        NOT-FOR-US: Eclipse Paho Go MQTT
 CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 
5.1.15, and 4. ...)
+       {DLA-4425-1}
        - python-django 3:4.2.27-1 (bug #1121788)
        NOTE: 
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
 (4.2.27)
@@ -18990,6 +19098,7 @@ CVE-2025-12725 (Out of bounds read in WebGPU in Google 
Chrome on Android prior t
        - chromium 142.0.7444.134-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-64459 (An issue was discovered in 5.1 before 5.1.14, 4.2 before 
4.2.26, and 5 ...)
+       {DLA-4425-1}
        - python-django 3:4.2.26-1 (bug #1120139)
        NOTE: 
https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
        NOTE: 
https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb
 (main)
@@ -252346,7 +252455,7 @@ CVE-2023-36609 (The affected TBox RTUs run OpenVPN 
with root privileges and can
 CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 
encryption, wh ...)
        NOT-FOR-US: TBox
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 
and befor ...)
-       {DLA-3693-1}
+       {DLA-4426-1 DLA-3693-1}
        - osslsigncode 2.3.0-1 (bug #1035875)
        NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 
allows a rem ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc041d7665afb6a7ef1f814b0b744f25500b7c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc041d7665afb6a7ef1f814b0b744f25500b7c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to