[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 30 08:13:02 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9dc041d7 by security tracker role at 2025-12-30T08:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2025-69235 (Whale browser before 4.35.351.12 allows an attacker to bypass the Same ...)
+	TODO: check
+CVE-2025-69234 (Whale browser before 4.35.351.12 allows an attacker to escape the ifra ...)
+	TODO: check
+CVE-2025-69217 (coturn is a free open source implementation of TURN and STUN Server. V ...)
+	TODO: check
+CVE-2025-69205 (Micro Registration Utility (\xb5URU) is a telephone self registration  ...)
+	TODO: check
+CVE-2025-68860 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2025-68607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68562 (Unrestricted Upload of File with Dangerous Type vulnerability in Roman ...)
+	TODO: check
+CVE-2025-68504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68503 (Missing Authorization vulnerability in Crocoblock JetBlog allows Explo ...)
+	TODO: check
+CVE-2025-68502 (Authorization Bypass Through User-Controlled Key vulnerability in Croc ...)
+	TODO: check
+CVE-2025-68499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68498 (Missing Authorization vulnerability in Crocoblock JetTabs allows Explo ...)
+	TODO: check
+CVE-2025-68120 (To prevent unexpected untrusted code execution, the Visual Studio Code ...)
+	TODO: check
+CVE-2025-68040 (Insertion of Sensitive Information Into Sent Data vulnerability in weD ...)
+	TODO: check
+CVE-2025-68036 (Missing Authorization vulnerability in Emraan Cheema CubeWP allows Acc ...)
+	TODO: check
+CVE-2025-23554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23469 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23458 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-15355 (ISOinsight developed by NetVision Information has a Reflected Cross-si ...)
+	TODO: check
+CVE-2025-15284 (Improper Input Validation vulnerability in qs (parse modules) allows H ...)
+	TODO: check
+CVE-2025-15233 (A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This i ...)
+	TODO: check
+CVE-2025-15232 (A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulner ...)
+	TODO: check
+CVE-2025-15231 (A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affect ...)
+	TODO: check
+CVE-2025-15230 (A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this ...)
+	TODO: check
+CVE-2025-15229 (A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected b ...)
+	TODO: check
+CVE-2025-15222 (A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This  ...)
+	TODO: check
+CVE-2025-15221 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerabi ...)
+	TODO: check
+CVE-2025-15220 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This af ...)
+	TODO: check
+CVE-2025-15219 (A security vulnerability has been detected in SohuTV CacheCloud up to  ...)
+	TODO: check
+CVE-2025-15218 (A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. ...)
+	TODO: check
+CVE-2025-15217 (A security flaw has been discovered in Tenda AC23 16.03.07.52. Affecte ...)
+	TODO: check
+CVE-2025-15216 (A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts ...)
+	TODO: check
+CVE-2025-15215 (A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. ...)
+	TODO: check
+CVE-2025-15214 (A vulnerability was found in Campcodes Park Ticketing System 1.0. The  ...)
+	TODO: check
+CVE-2025-15213 (A vulnerability has been found in code-projects Student File Managemen ...)
+	TODO: check
+CVE-2025-15212 (A vulnerability was detected in code-projects Refugee Food Management  ...)
+	TODO: check
+CVE-2025-15211 (A flaw has been found in code-projects Refugee Food Management System  ...)
+	TODO: check
+CVE-2025-15210 (A security vulnerability has been detected in code-projects Refugee Fo ...)
+	TODO: check
+CVE-2025-15209 (A weakness has been identified in code-projects Refugee Food Managemen ...)
+	TODO: check
+CVE-2025-15208 (A security flaw has been discovered in code-projects Refugee Food Mana ...)
+	TODO: check
+CVE-2025-15207 (A vulnerability has been found in Campcodes Supplier Management System ...)
+	TODO: check
+CVE-2025-15206 (A flaw has been found in Campcodes Supplier Management System 1.0. Thi ...)
+	TODO: check
+CVE-2025-15205 (A vulnerability was identified in code-projects Student File Managemen ...)
+	TODO: check
+CVE-2025-15204 (A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affec ...)
+	TODO: check
+CVE-2025-15203 (A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impac ...)
+	TODO: check
+CVE-2025-14313 (The Advance WP Query Search Filter WordPress plugin through 1.0.10 doe ...)
+	TODO: check
+CVE-2025-14312 (The Advance WP Query Search Filter WordPress plugin through 1.0.10 doe ...)
+	TODO: check
+CVE-2024-27480 (givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.)
+	TODO: check
+CVE-2024-25183 (givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php ...)
+	TODO: check
+CVE-2024-25182 (givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save ...)
+	TODO: check
+CVE-2023-41656 (Missing Authorization vulnerability in wpdive Better Elementor Addons  ...)
+	TODO: check
+CVE-2023-32238 (Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (W ...)
+	TODO: check
 CVE-2025-69211 (Nest is a framework for building scalable Node.js server-side applicat ...)
 	NOT-FOR-US: Nest
 CVE-2025-69206 (Hemmelig is a messing app with with client-side encryption and self-de ...)
@@ -1678,7 +1784,8 @@ CVE-2018-25154 (GNU Barcode 0.99 contains a buffer overflow vulnerability in its
 	NOTE: https://lists.gnu.org/archive/html/bug-barcode/2018-05/msg00002.html
 	NOTE: https://www.exploit-db.com/exploits/44797
 	NOTE: Crash in CLI tool, negligible security impact
-CVE-2018-25153 (GNU Barcode 0.99 contains a memory leak vulnerability in the command l ...)
+CVE-2018-25153
+	REJECTED
 	- barcode <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-barcode/2018-05/msg00002.html
 	NOTE: https://www.exploit-db.com/exploits/44798
@@ -12219,6 +12326,7 @@ CVE-2025-11778 (Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0
 CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5 ...)
 	NOT-FOR-US: Eclipse Paho Go MQTT
 CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...)
+	{DLA-4425-1}
 	- python-django 3:4.2.27-1 (bug #1121788)
 	NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0 (4.2.27)
@@ -18990,6 +19098,7 @@ CVE-2025-12725 (Out of bounds read in WebGPU in Google Chrome on Android prior t
 	- chromium 142.0.7444.134-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-64459 (An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5 ...)
+	{DLA-4425-1}
 	- python-django 3:4.2.26-1 (bug #1120139)
 	NOTE: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
 	NOTE: https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb (main)
@@ -252346,7 +252455,7 @@ CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and can
 CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encryption, wh ...)
 	NOT-FOR-US: TBox
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...)
-	{DLA-3693-1}
+	{DLA-4426-1 DLA-3693-1}
 	- osslsigncode 2.3.0-1 (bug #1035875)
 	NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc041d7665afb6a7ef1f814b0b744f25500b7c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc041d7665afb6a7ef1f814b0b744f25500b7c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/112f5333/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list