[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 19 09:12:31 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e468c42c by security tracker role at 2025-08-19T08:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,65 @@
-CVE-2025-38553 [net/sched: Restrict conditions for adding duplicating netems to qdisc tree]
+CVE-2025-9119 (A vulnerability was determined in Netis WF2419 1.2.29433. This vulnera ...)
+ TODO: check
+CVE-2025-8723 (The Cloudflare Image Resizing plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2025-8622 (The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-8357 (The Media Library Assistant plugin for WordPress is vulnerable to arbi ...)
+ TODO: check
+CVE-2025-8218 (The Real Spaces - WordPress Properties Directory Theme theme for WordP ...)
+ TODO: check
+CVE-2025-8098 (An improper permission vulnerability was reported in Lenovo PC Manager ...)
+ TODO: check
+CVE-2025-7670 (The JS Archive List plugin for WordPress is vulnerable to time-based S ...)
+ TODO: check
+CVE-2025-7654 (Multiple FunnelKit plugins are vulnerable to Sensitive Information Exp ...)
+ TODO: check
+CVE-2025-7496 (The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-6758 (The Real Spaces - WordPress Properties Directory Theme theme for WordP ...)
+ TODO: check
+CVE-2025-5417 (An insufficient access control vulnerability was found in the Red Hat ...)
+ TODO: check
+CVE-2025-57725
+ REJECTED
+CVE-2025-57724
+ REJECTED
+CVE-2025-57723
+ REJECTED
+CVE-2025-57722
+ REJECTED
+CVE-2025-57721
+ REJECTED
+CVE-2025-57720
+ REJECTED
+CVE-2025-57719
+ REJECTED
+CVE-2025-57718
+ REJECTED
+CVE-2025-57717
+ REJECTED
+CVE-2025-54862 (Sante PACS Server web portal is vulnerable to stored cross-site script ...)
+ TODO: check
+CVE-2025-54759 (Sante PACS Server is vulnerable to stored cross-site scripting. An att ...)
+ TODO: check
+CVE-2025-54156 (The Sante PACS Server Web Portal sends credential information without ...)
+ TODO: check
+CVE-2025-53948 (The Sante PACS Server allows a remote attacker to crash the main threa ...)
+ TODO: check
+CVE-2025-53705 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versi ...)
+ TODO: check
+CVE-2025-52584 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versi ...)
+ TODO: check
+CVE-2025-4371 (A potential vulnerability was reported in the Lenovo 510 FHD and Perfo ...)
+ TODO: check
+CVE-2025-46269 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versi ...)
+ TODO: check
+CVE-2025-41392 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versi ...)
+ TODO: check
+CVE-2025-38553 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ec8e0e3d7adef940cdf9475e2352c0680189d14e (6.17-rc1)
-CVE-2025-53192
+CVE-2025-53192 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/ ...)
- ognl <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/08/18/4
CVE-2025-7693 (A security issue exists due to improper handling of malformed CIP Forw ...)
@@ -2912,13 +2970,13 @@ CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow
- cflow <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
NOTE: Crash in CLI tool, no security impact
-CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU Bison ...)
+CVE-2025-8734 (A vulnerability has been found in GNU Bison up to 3.8.2. This impacts ...)
- bison <unfixed> (bug #1110611)
[trixie] - bison <no-dsa> (Minor issue)
[bookworm] - bison <no-dsa> (Minor issue)
[bullseye] - bison <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/akimd/bison/issues/115
-CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been rated ...)
+CVE-2025-8733 (A flaw has been found in GNU Bison up to 3.8.2. This affects the funct ...)
- bison <unfixed> (unimportant; bug #1110610)
NOTE: https://github.com/akimd/bison/issues/113
NOTE: https://github.com/akimd/bison/issues/114
@@ -8149,7 +8207,7 @@ CVE-2025-7869 (A vulnerability, which was classified as problematic, has been fo
NOT-FOR-US: Portabilis i-Educar
CVE-2025-7868 (A vulnerability classified as problematic was found in Portabilis i-Ed ...)
NOT-FOR-US: Portabilis i-Educar
-CVE-2025-7867 (A vulnerability classified as problematic has been found in Portabilis ...)
+CVE-2025-7867 (A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. Th ...)
NOT-FOR-US: Portabilis i-Educar
CVE-2025-7866 (A vulnerability was found in Portabilis i-Educar 2.9.0. It has been ra ...)
NOT-FOR-US: Portabilis i-Educar
@@ -9304,7 +9362,7 @@ CVE-2025-50108 (Vulnerability in the Oracle Hyperion Financial Reporting product
CVE-2025-50107 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2025-50106 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 8u462-ga-1
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -9399,7 +9457,7 @@ CVE-2025-50061 (Vulnerability in the Primavera P6 Enterprise Project Portfolio M
CVE-2025-50060 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2025-50059 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 <not-affected> (Specific to Oracle Java 8 perf)
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -9466,7 +9524,7 @@ CVE-2025-30758 (Vulnerability in the Siebel CRM End User product of Oracle Siebe
CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component: General). The ...)
NOT-FOR-US: Oracle
CVE-2025-30754 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 8u462-ga-1
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -9481,7 +9539,7 @@ CVE-2025-30751 (Vulnerability in the Oracle Database component of Oracle Databas
CVE-2025-30750 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
NOT-FOR-US: Oracle
CVE-2025-30749 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 8u462-ga-1
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -10354,6 +10412,7 @@ CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flag
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f1e1f13b766eb580a8dcc0c4e7a447346dfd862e (master)
NOTE: Mitigation landed in sid in 2.14.5+dfsg-0.1
CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field, psvi, ...)
+ {DSA-5979-1}
- libxslt 1.1.35-2 (bug #1109123)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379228
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
@@ -192116,6 +192175,7 @@ CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue
CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5979-1}
- libxslt 1.1.35-2 (bug #1108074; unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d (v1.1.38)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e468c42c51acde5df192de50b3807808c89718d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e468c42c51acde5df192de50b3807808c89718d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250819/cb62fc6d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list