[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 3 08:12:59 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9c50e8e by security tracker role at 2025-11-03T08:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-48396 (Arbitrary code executionis possible due to improper validation of the ...)
+ TODO: check
+CVE-2025-12623 (A vulnerability was identified in fushengqian fuint up to 41e26be8a2c6 ...)
+ TODO: check
+CVE-2025-12622 (A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by ...)
+ TODO: check
+CVE-2025-12619 (A vulnerability was found in Tenda A15 15.13.07.13. Affected is the fu ...)
+ TODO: check
+CVE-2025-12618 (A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts ...)
+ TODO: check
+CVE-2025-12617 (A flaw has been found in itsourcecode Billing System 1.0. This affects ...)
+ TODO: check
+CVE-2025-12616 (A vulnerability was detected in PHPGurukul News Portal 1.0. The impact ...)
+ TODO: check
+CVE-2025-12615 (A security vulnerability has been detected in PHPGurukul News Portal 1 ...)
+ TODO: check
+CVE-2025-12614 (A weakness has been identified in SourceCodester Best House Rental Man ...)
+ TODO: check
+CVE-2025-12612 (A security flaw has been discovered in Campcodes School Fees Payment M ...)
+ TODO: check
+CVE-2025-12611 (A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnera ...)
+ TODO: check
+CVE-2025-12610 (A vulnerability was determined in CodeAstro Gym Management System 1.0. ...)
+ TODO: check
+CVE-2025-12609 (A vulnerability was found in CodeAstro Gym Management System 1.0. Affe ...)
+ TODO: check
+CVE-2025-12608 (A security flaw has been discovered in itsourcecode Online Loan Manage ...)
+ TODO: check
+CVE-2025-12607 (A vulnerability was identified in itsourcecode Online Loan Management ...)
+ TODO: check
+CVE-2025-12606 (A vulnerability was determined in itsourcecode Online Loan Management ...)
+ TODO: check
+CVE-2025-12605 (A vulnerability was found in itsourcecode Online Loan Management Syste ...)
+ TODO: check
+CVE-2025-12604 (A vulnerability has been found in itsourcecode Online Loan Management ...)
+ TODO: check
+CVE-2025-12503 (EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Inject ...)
+ TODO: check
CVE-2025-12598 (A flaw has been found in SourceCodester Best House Rental Management S ...)
NOT-FOR-US: SourceCodester
CVE-2025-12597 (A vulnerability was detected in SourceCodester Best House Rental Manag ...)
@@ -13539,6 +13577,7 @@ CVE-2025-59534 (CryptoLib provides a software-only solution using the CCSDS Spac
CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was discovered in ...)
NOT-FOR-US: Click Plus PLC
CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ {DLA-4358-1}
- wordpress 6.8.3+dfsg1-1 (bug #1117047)
NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
CVE-2025-58473 (An improper resource shutdown or release vulnerability has been identi ...)
@@ -13550,6 +13589,7 @@ CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the user-
CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
NOT-FOR-US: Delta Electronics
CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data vulnerability in Wor ...)
+ {DLA-4358-1}
- wordpress 6.8.3+dfsg1-1 (bug #1117047)
NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in firmware v ...)
@@ -23738,7 +23778,7 @@ CVE-2024-13342 (The Booster for WooCommerce plugin for WordPress is vulnerable t
NOT-FOR-US: WordPress plugin
CVE-2024-12923 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
NOT-FOR-US: QNAP
-CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local ...)
+CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a ...)
NOT-FOR-US: copyparty
CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulne ...)
NOT-FOR-US: Ai3 QbiCRMGateway
@@ -31650,7 +31690,7 @@ CVE-2025-8518 (A vulnerability was found in givanz Vvveb 1.0.5. It has been rate
NOT-FOR-US: givanz Vvveb
CVE-2025-8517 (A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an u ...)
NOT-FOR-US: givanz Vvveb
-CVE-2025-8516 (A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Editi ...)
+CVE-2025-8516 (A security vulnerability has been detected in Kingdee Cloud-Starry-Sky ...)
NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
CVE-2025-8515 (A weakness has been identified in Intelbras InControl 2.21.60.9. This ...)
NOT-FOR-US: Intelbras
@@ -150387,6 +150427,7 @@ CVE-2024-21520 (Versions of the package djangorestframework before 3.15.2 are vu
CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel Reservat ...)
NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via the HT ...)
+ {DLA-4358-1}
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
NOTE: https://core.trac.wordpress.org/changeset/58473
@@ -150495,6 +150536,7 @@ CVE-2024-32111 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
- wordpress <not-affected> (Only affects Windows systems)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ {DLA-4358-1}
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7 ...)
@@ -393237,7 +393279,7 @@ CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a cra
NOT-FOR-US: isomorphic-git
CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...)
NOT-FOR-US: JetBrains
-CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...)
+CVE-2021-30481 (Valve Steam before 2021-04-17, when a Source engine game is installed, ...)
NOT-FOR-US: Valve Steam
NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
NOTE: is started, so nothing really to be updated there
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9c50e8e171b6986ab2437a3823cf99b6597a776
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9c50e8e171b6986ab2437a3823cf99b6597a776
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251103/1430faec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list