[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 20 21:12:20 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0becd4e by security tracker role at 2025-07-20T20:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2025-7906 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and class ...)
+	TODO: check
+CVE-2025-7905 (A vulnerability has been found in itsourcecode Insurance Management Sy ...)
+	TODO: check
+CVE-2025-7904 (A vulnerability, which was classified as critical, was found in itsour ...)
+	TODO: check
+CVE-2025-7903 (A vulnerability classified as problematic was found in yangzongzhuan R ...)
+	TODO: check
+CVE-2025-7902 (A vulnerability classified as problematic has been found in yangzongzh ...)
+	TODO: check
+CVE-2025-7901 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has b ...)
+	TODO: check
+CVE-2025-7898 (A vulnerability was found in Codecanyon iDentSoft 2.0. It has been cla ...)
+	TODO: check
+CVE-2025-7897 (A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 a ...)
+	TODO: check
+CVE-2025-7896 (A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1. ...)
+	TODO: check
+CVE-2025-7895 (A vulnerability, which was classified as critical, was found in harry0 ...)
+	TODO: check
+CVE-2025-7894 (A vulnerability, which was classified as critical, has been found in O ...)
+	TODO: check
+CVE-2025-7893 (A vulnerability classified as problematic was found in Foresight News  ...)
+	TODO: check
+CVE-2025-7892 (A vulnerability classified as problematic has been found in IDnow App  ...)
+	TODO: check
+CVE-2025-7891 (A vulnerability was found in InstantBits Web Video Cast App up to 5.12 ...)
+	TODO: check
+CVE-2025-7890 (A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on And ...)
+	TODO: check
+CVE-2025-7889 (A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Andr ...)
+	TODO: check
+CVE-2025-7888 (A vulnerability was found in TDuckCloud tduck-platform 5.1 and classif ...)
+	TODO: check
+CVE-2025-7887 (A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and cla ...)
+	TODO: check
+CVE-2025-7886 (A vulnerability, which was classified as critical, was found in pmTick ...)
+	TODO: check
+CVE-2025-7885 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-7884 (A vulnerability classified as problematic was found in Eluktronics Con ...)
+	TODO: check
+CVE-2025-7883 (A vulnerability classified as critical has been found in Eluktronics C ...)
+	TODO: check
+CVE-2025-7882 (A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59 ...)
+	TODO: check
+CVE-2025-7881 (A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59 ...)
+	TODO: check
+CVE-2025-7880 (A vulnerability was found in Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM ...)
+	TODO: check
+CVE-2025-7879 (A vulnerability has been found in Metasoft \u7f8e\u7279\u8f6f\u4ef6 Me ...)
+	TODO: check
+CVE-2025-7878 (A vulnerability, which was classified as critical, was found in Metaso ...)
+	TODO: check
+CVE-2025-54317 (An issue was discovered in Logpoint before 7.6.0. An attacker with ope ...)
+	TODO: check
+CVE-2025-54316 (An issue was discovered in Logpoint before 7.6.0. When creating report ...)
+	TODO: check
+CVE-2025-46385 (CWE-918 Server-Side Request Forgery (SSRF))
+	TODO: check
+CVE-2025-46384 (CWE-434 Unrestricted Upload of File with Dangerous Type)
+	TODO: check
+CVE-2025-46383 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
+	TODO: check
+CVE-2025-46382 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
+	TODO: check
 CVE-2025-7877 (A vulnerability, which was classified as critical, has been found in M ...)
 	NOT-FOR-US: Metasoft
 CVE-2025-7876 (A vulnerability classified as critical was found in Metasoft \u7f8e\u7 ...)
@@ -4572,13 +4638,13 @@ CVE-2024-58254
 	REJECTED
 CVE-2023-50786 (Dradis through 4.16.0 allows referencing external images (resources) o ...)
 	NOT-FOR-US: Dradis
-CVE-2025-47917
+CVE-2025-47917 (Mbed TLS before 3.6.4 allows a use-after-free in certain situations of ...)
 	- mbedtls 3.6.4-1 (bug #1108791)
 	NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md
-CVE-2025-48965
+CVE-2025-48965 (Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_a ...)
 	- mbedtls 3.6.4-1 (bug #1108790)
 	NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md
-CVE-2025-49087
+CVE-2025-49087 (In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in  ...)
 	- mbedtls 3.6.4-1 (bug #1108789)
 	[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
 	[bullseye] - mbedtls <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0becd4e1e9e8328cc1031b44eafe43793786321

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0becd4e1e9e8328cc1031b44eafe43793786321
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250720/18a023c2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list