[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80d04c15 by security tracker role at 2025-12-13T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,247 @@
+CVE-2025-9873 (The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2025-9488 (The Redux Framework plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2025-9218 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...)
+	TODO: check
+CVE-2025-9207 (The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML ...)
+	TODO: check
+CVE-2025-9116 (The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not ...)
+	TODO: check
+CVE-2025-8779 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...)
+	TODO: check
+CVE-2025-8617 (The YITH WooCommerce Quick View plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-7058 (The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2025-67871
+	REJECTED
+CVE-2025-67870
+	REJECTED
+CVE-2025-67869
+	REJECTED
+CVE-2025-67868
+	REJECTED
+CVE-2025-67867
+	REJECTED
+CVE-2025-67866
+	REJECTED
+CVE-2025-67865
+	REJECTED
+CVE-2025-67864
+	REJECTED
+CVE-2025-67863
+	REJECTED
+CVE-2025-67750 (Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and  ...)
+	TODO: check
+CVE-2025-67749 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versi ...)
+	TODO: check
+CVE-2025-67721 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...)
+	TODO: check
+CVE-2025-67634 (The CISA Software Acquisition Guide Supplier Response Web Tool before  ...)
+	TODO: check
+CVE-2025-46289 (A logic issue was addressed with improved file handling. This issue is ...)
+	TODO: check
+CVE-2025-46287 (An inconsistent user interface issue was addressed with improved state ...)
+	TODO: check
+CVE-2025-46285 (An integer overflow was addressed by adopting 64-bit timestamps. This  ...)
+	TODO: check
+CVE-2025-46276 (An information disclosure issue was addressed with improved privacy co ...)
+	TODO: check
+CVE-2025-43542 (This issue was addressed with improved state management. This issue is ...)
+	TODO: check
+CVE-2025-43539 (The issue was addressed with improved bounds checks. This issue is fix ...)
+	TODO: check
+CVE-2025-43538 (A logging issue was addressed with improved data redaction. This issue ...)
+	TODO: check
+CVE-2025-43532 (A memory corruption issue was addressed with improved bounds checking. ...)
+	TODO: check
+CVE-2025-43530 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-43527 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43523 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43522 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+	TODO: check
+CVE-2025-43521 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+	TODO: check
+CVE-2025-43520 (A memory corruption issue was addressed with improved memory handling. ...)
+	TODO: check
+CVE-2025-43519 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43518 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43517 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2025-43516 (A session management issue was addressed with improved checks. This is ...)
+	TODO: check
+CVE-2025-43513 (A permissions issue was addressed by removing the vulnerable code. Thi ...)
+	TODO: check
+CVE-2025-43512 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43511 (A use-after-free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2025-43510 (A memory corruption issue was addressed with improved lock state check ...)
+	TODO: check
+CVE-2025-43509 (This issue was addressed with improved data protection. This issue is  ...)
+	TODO: check
+CVE-2025-43506 (A logic error was addressed with improved error handling. This issue i ...)
+	TODO: check
+CVE-2025-43497 (An access issue was addressed with additional sandbox restrictions. Th ...)
+	TODO: check
+CVE-2025-43494 (A mail header parsing issue was addressed with improved checks. This i ...)
+	TODO: check
+CVE-2025-43482 (The issue was addressed with improved input validation. This issue is  ...)
+	TODO: check
+CVE-2025-43473 (This issue was addressed with improved state management. This issue is ...)
+	TODO: check
+CVE-2025-43471 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2025-43470 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43467 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-43466 (An injection issue was addressed with improved validation. This issue  ...)
+	TODO: check
+CVE-2025-43465 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-43464 (A denial-of-service issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2025-43463 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-43461 (This issue was addressed with improved validation of symlinks. This is ...)
+	TODO: check
+CVE-2025-43437 (An information disclosure issue was addressed with improved privacy co ...)
+	TODO: check
+CVE-2025-43416 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2025-43410 (The issue was addressed with improved handling of caches. This issue i ...)
+	TODO: check
+CVE-2025-43406 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2025-43404 (A permissions issue was addressed with additional sandbox restrictions ...)
+	TODO: check
+CVE-2025-43402 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43393 (A permissions issue was addressed with additional sandbox restrictions ...)
+	TODO: check
+CVE-2025-43388 (An injection issue was addressed with improved validation. This issue  ...)
+	TODO: check
+CVE-2025-43381 (This issue was addressed with improved handling of symlinks. This issu ...)
+	TODO: check
+CVE-2025-43351 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43320 (The issue was addressed by adding additional logic. This issue is fixe ...)
+	TODO: check
+CVE-2025-14611 (Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 us ...)
+	TODO: check
+CVE-2025-14586 (A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B202112 ...)
+	TODO: check
+CVE-2025-14585 (A vulnerability was found in itsourcecode COVID Tracking System 1.0. A ...)
+	TODO: check
+CVE-2025-14584 (A vulnerability has been found in itsourcecode COVID Tracking System 1 ...)
+	TODO: check
+CVE-2025-14583 (A flaw has been found in campcodes Online Student Enrollment System 1. ...)
+	TODO: check
+CVE-2025-14582 (A vulnerability was detected in campcodes Online Student Enrollment Sy ...)
+	TODO: check
+CVE-2025-14581 (The HAPPY \u2013 Helpdesk Support Ticket System plugin for WordPress i ...)
+	TODO: check
+CVE-2025-14580 (A security vulnerability has been detected in Qualitor up to 8.24.73.  ...)
+	TODO: check
+CVE-2025-14540 (The Userback plugin for WordPress is vulnerable to unauthorized access ...)
+	TODO: check
+CVE-2025-14539 (The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary ...)
+	TODO: check
+CVE-2025-14508 (The MediaCommander \u2013 Bring Folders to Media, Posts, and Pages plu ...)
+	TODO: check
+CVE-2025-14477 (The 404 Solution plugin for WordPress is vulnerable to SQL Injection i ...)
+	TODO: check
+CVE-2025-14476 (The Doubly \u2013 Cross Domain Copy Paste for WordPress plugin for Wor ...)
+	TODO: check
+CVE-2025-14475 (The Extensive VC Addons for WPBakery page builder plugin for WordPress ...)
+	TODO: check
+CVE-2025-14462 (The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Si ...)
+	TODO: check
+CVE-2025-14454 (The Image Slider by Ays- Responsive Slider and Carousel plugin for Wor ...)
+	TODO: check
+CVE-2025-14451 (The Solutions Ad Manager plugin for WordPress is vulnerable to Open Re ...)
+	TODO: check
+CVE-2025-14447 (The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unaut ...)
+	TODO: check
+CVE-2025-14446 (The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2025-14440 (The JAY Login & Register plugin for WordPress is vulnerable to authent ...)
+	TODO: check
+CVE-2025-14397 (The Postem Ipsum plugin for WordPress is vulnerable to unauthorized mo ...)
+	TODO: check
+CVE-2025-14395 (The Popover Windows plugin for WordPress is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2025-14394 (The Popover Windows plugin for WordPress is vulnerable to Cross-Site R ...)
+	TODO: check
+CVE-2025-14378 (The Quick Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2025-14367 (The Easy Theme Options plugin for WordPress is vulnerable to Missing A ...)
+	TODO: check
+CVE-2025-14366 (The Eyewear prescription form plugin for WordPress is vulnerable to Mi ...)
+	TODO: check
+CVE-2025-14365 (The Eyewear prescription form plugin for WordPress is vulnerable to Mi ...)
+	TODO: check
+CVE-2025-14288 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...)
+	TODO: check
+CVE-2025-14278 (The HT Slider for Elementor plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2025-14066
+	REJECTED
+CVE-2025-14056 (The Custom Post Type UI plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2025-14050 (The Design Import/Export plugin for WordPress is vulnerable to SQL Inj ...)
+	TODO: check
+CVE-2025-13970 (OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack ...)
+	TODO: check
+CVE-2025-13705 (The Custom Frames plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2025-13403 (The Employee Spotlight \u2013 Team Member Showcase & Meet the Team Plu ...)
+	TODO: check
+CVE-2025-13094 (The WP3D Model Import Viewer plugin for WordPress is vulnerable to arb ...)
+	TODO: check
+CVE-2025-13093 (The Devs CRM \u2013 Manage tasks, attendance and teams all together pl ...)
+	TODO: check
+CVE-2025-13092 (The Devs CRM \u2013 Manage tasks, attendance and teams all together pl ...)
+	TODO: check
+CVE-2025-13089 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
+	TODO: check
+CVE-2025-13077 (The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a ...)
+	TODO: check
+CVE-2025-12512 (The GenerateBlocks plugin for WordPress is vulnerable to information e ...)
+	TODO: check
+CVE-2025-12362 (The myCred \u2013 Points Management System For Gamification, Ranks, Ba ...)
+	TODO: check
+CVE-2025-12109 (The Header Footer Script Adder \u2013 Insert Code in Header, Body & Fo ...)
+	TODO: check
+CVE-2025-12077 (The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-12076 (The Social Media Auto Publish plugin for WordPress is vulnerable to Re ...)
+	TODO: check
+CVE-2025-11970 (The Emplibot \u2013 AI Content Writer with Keyword Research, Infograph ...)
+	TODO: check
+CVE-2025-11707 (The Login Lockdown & Protection plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-11693 (The Export WP Page to Static HTML & PDF plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-11376 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2025-11266 (An out-of-bounds write vulnerability exists in the Grassroots DICOM li ...)
+	TODO: check
+CVE-2025-11164 (The Mavix Education theme for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2025-10738 (The URL Shortener Plugin For WordPress plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-10289 (The Filter & Grids plugin for WordPress is vulnerable to SQL Injection ...)
+	TODO: check
+CVE-2024-58316 (Online Shopping System Advanced 1.0 contains a SQL injection vulnerabi ...)
+	TODO: check
 CVE-2025-8083 (The  Preset configuration https://v2.vuetifyjs.com/en/features/presets ...)
 	NOT-FOR-US: Vuetify
 CVE-2025-8082 (Improper neutralization of the title date in the 'VDatePicker' compone ...)
@@ -426,7 +670,7 @@ CVE-2024-58307 (CSZCMS 1.3.0 contains an authenticated SQL injection vulnerabili
 	NOT-FOR-US: CSZCMS
 CVE-2024-58306 (minaliC 2.0.0 contains a denial of service vulnerability that allows r ...)
 	NOT-FOR-US: MinaliC
-CVE-2024-58304 (Online Shopping System Advanced 1.0 contains a SQL injection vulnerabi ...)
+CVE-2024-58304 (SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerabil ...)
 	NOT-FOR-US: SPA-CART CMS
 CVE-2024-58303 (FoF Pretty Mail 1.1.2 contains a server-side template injection vulner ...)
 	NOT-FOR-US: FoF Pretty Mail
@@ -2377,7 +2621,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may caus
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
 	NOTE: Fixed by: https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249 (edk2-stable202511)
 CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2388,7 +2632,7 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. S
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
 CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. This vuln ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2396,7 +2640,7 @@ CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. Thi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14331
 CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2404,7 +2648,7 @@ CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14330
 CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2412,7 +2656,7 @@ CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerabi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14329
 CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2426,7 +2670,7 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerabi
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
 CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2434,7 +2678,7 @@ CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14325
 CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2442,7 +2686,7 @@ CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14324
 CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This vulnera ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2450,7 +2694,7 @@ CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This v
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14323
 CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -2458,7 +2702,7 @@ CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graph
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14322
 CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This vulnerability  ...)
-	{DSA-6078-1 DLA-4401-1}
+	{DSA-6078-1 DLA-4405-1 DLA-4401-1}
 	- firefox 146.0-1
 	- firefox-esr 140.6.0esr-1
 	- thunderbird 1:140.6.0esr-1
@@ -48092,8 +48336,8 @@ CVE-2025-54558 (OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) exe
 	NOT-FOR-US: OpenAI Codex CLI
 CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data analytics and stream process ...)
 	NOT-FOR-US: LF Edge eKuiper
-CVE-2025-54369
-	REJECTED
+CVE-2025-54369 (Node-SAML is a SAML library not dependent on any frameworks that runs  ...)
+	TODO: check
 CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, and Ele ...)
 	NOT-FOR-US: Quiet
 CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d04c15878a831091ae3b764770aa66dac0e4a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d04c15878a831091ae3b764770aa66dac0e4a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251213/6b85372d/attachment.htm>