[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 12 09:12:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd508590 by security tracker role at 2025-08-12T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,102 @@
-CVE-2025-40920
+CVE-2025-8874 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
+	TODO: check
+CVE-2025-8767 (The AnWP Football Leagues plugin for WordPress is vulnerable to CSV In ...)
+	TODO: check
+CVE-2025-8690 (The Simple Responsive Slider plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2025-8688 (The Inline Stock Quotes plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2025-8685 (The Wp chart generator plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2025-8621 (The Mosaic Generator plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-8568 (The GMap Generator plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2025-8482 (The Simple Local Avatars plugin for WordPress is vulnerable to unautho ...)
+	TODO: check
+CVE-2025-8462 (The RT Easy Builder \u2013 Advanced addons for Elementor plugin for Wo ...)
+	TODO: check
+CVE-2025-8418 (The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vu ...)
+	TODO: check
+CVE-2025-8314 (The Software Issue Manager plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2025-8081 (The Elementor plugin for WordPress is vulnerable to Arbitrary File Rea ...)
+	TODO: check
+CVE-2025-8059 (The B Blocks plugin for WordPress is vulnerable to Privilege Escalatio ...)
+	TODO: check
+CVE-2025-7622 (During an internal security assessment, a Server-Side Request Forgery  ...)
+	TODO: check
+CVE-2025-6253 (The UiCore Elements \u2013 Free Elementor widgets and templates plugin ...)
+	TODO: check
+CVE-2025-5391 (The WooCommerce Purchase Orders plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-55161 (Stirling-PDF is a locally hosted web application that performs various ...)
+	TODO: check
+CVE-2025-55159 (slab is a pre-allocated storage for a uniform data type. In version 0. ...)
+	TODO: check
+CVE-2025-55158 (Vim is an open source, command line text editor. In versions from 9.1. ...)
+	TODO: check
+CVE-2025-55157 (Vim is an open source, command line text editor. In versions from 9.1. ...)
+	TODO: check
+CVE-2025-55156 (pyLoad is the free and open-source Download Manager written in pure Py ...)
+	TODO: check
+CVE-2025-55151 (Stirling-PDF is a locally hosted web application that performs various ...)
+	TODO: check
+CVE-2025-55150 (Stirling-PDF is a locally hosted web application that performs various ...)
+	TODO: check
+CVE-2025-55012 (Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed ...)
+	TODO: check
+CVE-2025-54992 (OpenKilda is an open-source OpenFlow controller. Prior to version 1.16 ...)
+	TODO: check
+CVE-2025-54878 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2025-4390 (The WP Private Content Plus plugin for WordPress is vulnerable to Sens ...)
+	TODO: check
+CVE-2025-47444 (Insertion of Sensitive Information Into Sent Data vulnerability in Liq ...)
+	TODO: check
+CVE-2025-42976 (SAP NetWeaver Application Server ABAP (BIC Document) allows an authent ...)
+	TODO: check
+CVE-2025-42975 (SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthe ...)
+	TODO: check
+CVE-2025-42957 (SAP S/4HANA allows an attacker with user privileges to exploit a vulne ...)
+	TODO: check
+CVE-2025-42955 (Due to a missing authorization check in SAP Cloud Connector, an attack ...)
+	TODO: check
+CVE-2025-42951 (Due to broken authorization, SAP Business One (SLD) allows an authenti ...)
+	TODO: check
+CVE-2025-42950 (SAP Landscape Transformation (SLT) allows an attacker with user privil ...)
+	TODO: check
+CVE-2025-42949 (Due to a missing authorization check in the ABAP Platform, an authenti ...)
+	TODO: check
+CVE-2025-42948 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABA ...)
+	TODO: check
+CVE-2025-42946 (Due to directory traversal vulnerability in SAP S/4HANA (Bank Communic ...)
+	TODO: check
+CVE-2025-42945 (SAP NetWeaver Application Server ABAP has HTML injection vulnerability ...)
+	TODO: check
+CVE-2025-42943 (SAP GUI for Windows may allow the leak of NTML hashes when specific AB ...)
+	TODO: check
+CVE-2025-42942 (SAP NetWeaver Application Server for ABAP has cross-site scripting vul ...)
+	TODO: check
+CVE-2025-42941 (SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerabilit ...)
+	TODO: check
+CVE-2025-42936 (The SAP NetWeaver Application Server for ABAP does not enable an admin ...)
+	TODO: check
+CVE-2025-42935 (The SAP NetWeaver Application Server ABAP and ABAP Platform Internet C ...)
+	TODO: check
+CVE-2025-42934 (SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attac ...)
+	TODO: check
+CVE-2025-41686 (A low-privileged local attacker can exploit improper permissions on ns ...)
+	TODO: check
+CVE-2025-3892 (ACAP applications can be executed with elevated privileges, potentiall ...)
+	TODO: check
+CVE-2025-30027 (An ACAP configuration file lacked sufficient input validation, which c ...)
+	TODO: check
+CVE-2025-25235 (Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SE ...)
+	TODO: check
+CVE-2024-32640 (MASA CMS is an Enterprise Content Management platform based on open so ...)
+	TODO: check
+CVE-2025-40920 (Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier  ...)
 	- libcatalyst-authentication-credential-http-perl <unfixed> (bug #1110887)
 	[trixie] - libcatalyst-authentication-credential-http-perl <no-dsa> (Minor issue)
 	[bookworm] - libcatalyst-authentication-credential-http-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd508590bac688a0db5d8734ca9fc783ed5c3e87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd508590bac688a0db5d8734ca9fc783ed5c3e87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/d5d50884/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list