[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Nov 16 20:12:25 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31c95743 by security tracker role at 2025-11-16T20:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2025-13251 (A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is ...)
+	TODO: check
+CVE-2025-13250 (A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This ...)
+	TODO: check
+CVE-2025-13249 (A security vulnerability has been detected in Jiusi OA up to 20251102. ...)
+	TODO: check
+CVE-2025-13248 (A weakness has been identified in SourceCodester Patients Waiting Area ...)
+	TODO: check
+CVE-2025-13247 (A security flaw has been discovered in PHPGurukul Tourism Management S ...)
+	TODO: check
+CVE-2025-13246 (A vulnerability was identified in shsuishang ShopSuite ModulithShop up ...)
+	TODO: check
+CVE-2025-13245 (A vulnerability was identified in code-projects Student Information Sy ...)
+	TODO: check
+CVE-2025-13244 (A vulnerability was determined in code-projects Student Information Sy ...)
+	TODO: check
+CVE-2025-13243 (A vulnerability was found in code-projects Student Information System  ...)
+	TODO: check
 CVE-2025-2448
 	REJECTED
 CVE-2025-13242 (A vulnerability has been found in code-projects Student Information Sy ...)
@@ -324,11 +342,13 @@ CVE-2025-13131 (A vulnerability was found in Sonarr 4.0.15.2940. The impacted el
 CVE-2025-13130 (A vulnerability has been found in Radarr 5.28.0.10274. The affected el ...)
 	NOT-FOR-US: Radarr
 CVE-2025-13107 (Inappropriate implementation in Compositing in Google Chrome prior to  ...)
+	{DSA-5993-1}
 	- chromium 140.0.7339.80-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13102 (Inappropriate implementation in WebApp Installs in Google Chrome on An ...)
 	- chromium <not-affected> (Only affects Google Chrome on Android)
 CVE-2025-13097 (Inappropriate implementation in DevTools in Google Chrome prior to 136 ...)
+	{DSA-5914-1}
 	- chromium 136.0.7103.59-2
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-12904 (The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Sto ...)
@@ -1879,7 +1899,7 @@ CVE-2024-57695 (An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810)
 CVE-2017-20210 (Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerabi ...)
 	NOT-FOR-US: QNAP
 CVE-2025-13015 (Spoofing issue in Firefox. This vulnerability affects Firefox < 145, F ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1887,7 +1907,7 @@ CVE-2025-13015 (Spoofing issue in Firefox. This vulnerability affects Firefox <
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13015
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13015
 CVE-2025-13014 (Use-after-free in the Audio/Video component. This vulnerability affect ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1895,7 +1915,7 @@ CVE-2025-13014 (Use-after-free in the Audio/Video component. This vulnerability
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13014
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13014
 CVE-2025-13020 (Use-after-free in the WebRTC: Audio/Video component. This vulnerabilit ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1903,7 +1923,7 @@ CVE-2025-13020 (Use-after-free in the WebRTC: Audio/Video component. This vulner
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13020
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13020
 CVE-2025-13013 (Mitigation bypass in the DOM: Core & HTML component. This vulnerabilit ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1911,7 +1931,7 @@ CVE-2025-13013 (Mitigation bypass in the DOM: Core & HTML component. This vulner
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13013
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13013
 CVE-2025-13019 (Same-origin policy bypass in the DOM: Workers component. This vulnerab ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1919,7 +1939,7 @@ CVE-2025-13019 (Same-origin policy bypass in the DOM: Workers component. This vu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13019
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13019
 CVE-2025-13018 (Mitigation bypass in the DOM: Security component. This vulnerability a ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1927,7 +1947,7 @@ CVE-2025-13018 (Mitigation bypass in the DOM: Security component. This vulnerabi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13018
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13018
 CVE-2025-13017 (Same-origin policy bypass in the DOM: Notifications component. This vu ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1944,7 +1964,7 @@ CVE-2025-13024 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	- firefox 145.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13024
 CVE-2025-13016 (Incorrect boundary conditions in the JavaScript: WebAssembly component ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1
@@ -1955,7 +1975,7 @@ CVE-2025-13023 (Sandbox escape due to incorrect boundary conditions in the Graph
 	- firefox 145.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13023
 CVE-2025-13012 (Race condition in the Graphics component. This vulnerability affects F ...)
-	{DSA-6054-1 DLA-4370-1}
+	{DSA-6059-1 DSA-6054-1 DLA-4372-1 DLA-4370-1}
 	- firefox 145.0-1
 	- firefox-esr 140.5.0esr-1
 	- thunderbird 1:140.5.0esr-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31c957435afa9ea503d1a31e5ec1445968453032

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31c957435afa9ea503d1a31e5ec1445968453032
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251116/ee569c10/attachment.htm>

More information about the debian-security-tracker-commits mailing list