[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 23 09:12:06 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b56c762 by security tracker role at 2025-08-23T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2025-9358 (A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, ...)
+ TODO: check
+CVE-2025-9357 (A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE65 ...)
+ TODO: check
+CVE-2025-9356 (A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE65 ...)
+ TODO: check
+CVE-2025-9355 (A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, R ...)
+ TODO: check
+CVE-2025-9131 (The Ogulo \u2013 360\xb0 Tour plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-9048 (The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2025-8193
+ REJECTED
+CVE-2025-8062 (The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-7957 (The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-7842 (The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-7841 (The Sertifier Certificate & Badge Maker for WordPress \u2013 Tutor LMS ...)
+ TODO: check
+CVE-2025-7839 (The Restore Permanently delete Post or Page Data plugin for WordPress ...)
+ TODO: check
+CVE-2025-7828 (The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-7827 (The Ni WooCommerce Customer Product Report plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-7821 (The WC Plus plugin for WordPress is vulnerable to unauthorized modific ...)
+ TODO: check
+CVE-2025-7813 (The Events Calendar, Event Booking, Registrations and Event Tickets \u ...)
+ TODO: check
+CVE-2025-7642 (The Simpler Checkout plugin for WordPress is vulnerable to Authenticat ...)
+ TODO: check
+CVE-2025-5821 (The Case Theme User plugin for WordPress is vulnerable to Authenticati ...)
+ TODO: check
+CVE-2025-5352 (A critical stored Cross-Site Scripting (XSS) vulnerability exists in t ...)
+ TODO: check
+CVE-2025-5060 (The Bravis User plugin for WordPress is vulnerable to Authentication B ...)
+ TODO: check
+CVE-2025-58043
+ REJECTED
+CVE-2025-58042
+ REJECTED
+CVE-2025-58041
+ REJECTED
+CVE-2025-58040
+ REJECTED
+CVE-2025-58039
+ REJECTED
+CVE-2025-58038
+ REJECTED
+CVE-2025-58037
+ REJECTED
+CVE-2025-58036
+ REJECTED
+CVE-2025-58035
+ REJECTED
+CVE-2025-55455 (DooTask v1.0.51 was dicovered to contain an authenticated arbitrary do ...)
+ TODO: check
+CVE-2025-52451 (Improper Input Validation vulnerability in Salesforce Tableau Server o ...)
+ TODO: check
+CVE-2025-52450 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-43770 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-43769 (Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4. ...)
+ TODO: check
+CVE-2025-43768 (Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 thro ...)
+ TODO: check
+CVE-2025-43767 (Open Redirect vulnerability in /c/portal/edit_info_item parameter redi ...)
+ TODO: check
+CVE-2025-43766 (The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, ...)
+ TODO: check
+CVE-2025-43765 (A Stored cross-site scripting vulnerability in the Liferay Portal 7.4. ...)
+ TODO: check
+CVE-2025-43764 (Self-ReDoS (Regular expression Denial of Service) exists with Role Nam ...)
+ TODO: check
+CVE-2025-43761 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+ TODO: check
+CVE-2025-26498 (Unrestricted Upload of File with Dangerous Type vulnerability in Sales ...)
+ TODO: check
+CVE-2025-26497 (Unrestricted Upload of File with Dangerous Type vulnerability in Sales ...)
+ TODO: check
+CVE-2025-26496 (Access of Resource Using Incompatible Type ('Type Confusion') vulnerab ...)
+ TODO: check
+CVE-2025-24469
+ REJECTED
+CVE-2025-24468
+ REJECTED
+CVE-2025-22864
+ REJECTED
+CVE-2025-22863
+ REJECTED
+CVE-2025-22861
+ REJECTED
+CVE-2025-22860
+ REJECTED
CVE-2025-9341 (Uncontrolled Resource Consumption vulnerability in Legion of the Bounc ...)
NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle
CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. ...)
@@ -30334,7 +30432,7 @@ CVE-2024-10865 (Improper Input validation leads to XSS or Cross-site Scripting v
NOT-FOR-US: OpenText
CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: OpenText
-CVE-2025-4609
+CVE-2025-4609 (Incorrect handle provided in unspecified circumstances in Mojo in Goog ...)
{DSA-5920-1}
- chromium 136.0.7103.113-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -251288,8 +251386,8 @@ CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not
NOT-FOR-US: WordPress plugin
CVE-2022-45134 (Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22 ...)
- mahara <removed>
-CVE-2022-45133
- RESERVED
+CVE-2022-45133 (Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22 ...)
+ TODO: check
CVE-2022-45132 (In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, r ...)
- lava 2023.01-1 (bug #1024428)
[bullseye] - lava <not-affected> (Vulnerable code not present)
@@ -718178,7 +718276,7 @@ CVE-2014-0753 (Stack-based buffer overflow in the SCADA server in Ecava IntegraX
NOT-FOR-US: Ecava IntegraXor
CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote att ...)
NOT-FOR-US: Ecava IntegraXor
-CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the WebView ...)
+CVE-2014-0751 (The CIMPLICITY Web-based access component, CimWebServer, does not chec ...)
NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb ...)
NOT-FOR-US: GE Intelligent Platforms Proficy
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b56c762c9bb4a386f1cd710fda26c9ad3d1852f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b56c762c9bb4a386f1cd710fda26c9ad3d1852f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250823/3f0ab31e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list