[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 4 09:12:40 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f21537a5 by security tracker role at 2025-07-04T08:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,58 @@
-CVE-2025-53367
+CVE-2025-7053 (A vulnerability was found in Cockpit up to 2.11.3. It has been rated a ...)
+ TODO: check
+CVE-2025-7046 (The Portfolio for Elementor & Image Gallery | PowerFolio plugin for Wo ...)
+ TODO: check
+CVE-2025-6944 (The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-6814 (The Booking X plugin for WordPress is vulnerable to unauthorized acces ...)
+ TODO: check
+CVE-2025-6787 (The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-6786 (The DocCheck Login plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-6783 (The GoZen Forms plugin for WordPress is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2025-6782 (The GoZen Forms plugin for WordPress is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2025-6739 (The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2025-6729 (The PayMaster for WooCommerce plugin for WordPress is vulnerable to Se ...)
+ TODO: check
+CVE-2025-6673 (The Easy restaurant menu manager plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-6586 (The Download Plugin plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2025-6238 (The AI Engine plugin for WordPress is vulnerable to open redirect in v ...)
+ TODO: check
+CVE-2025-6041 (The yContributors plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-6039 (The ProcessingJS for WordPress plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-5956 (The WP Human Resource Management plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-5953 (The WP Human Resource Management plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-5933 (The RD Contacto plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2025-5924 (The WP Firebase Push Notification plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-5567 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2025-5322 (The VikRentCar Car Rental Management System plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-53600 (Whale browser before 4.32.315.22 allow an attacker to bypass the Same- ...)
+ TODO: check
+CVE-2025-53599 (Whale browser for iOS before 3.9.1.4206 allow an attacker to execute m ...)
+ TODO: check
+CVE-2025-52554 (n8n is a workflow automation platform. Prior to version 1.99.1, an aut ...)
+ TODO: check
+CVE-2025-49826 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2025-49005 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2024-11937 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-53367 (DjVuLibre is a GPL implementation of DjVu, a web-centric format for di ...)
- djvulibre <unfixed> (bug #1108729)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/03/1
NOTE: Fixed by: https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
@@ -2347,7 +2401,7 @@ CVE-2025-5449
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496 (libssh-0.11.2)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2)
-CVE-2025-5372
+CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions older ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
@@ -69089,11 +69143,13 @@ CVE-2024-11647 (A vulnerability, which was classified as critical, has been foun
CVE-2024-11646 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A specifically-crafted ...)
+ {DSA-5958-1}
[experimental] - jpeg-xl 0.10.4-1
- jpeg-xl 0.10.4-2 (bug #1088818)
NOTE: https://github.com/libjxl/libjxl/pull/3943
NOTE: https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9
CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions prior to c ...)
+ {DSA-5958-1}
[experimental] - jpeg-xl 0.10.4-1
- jpeg-xl 0.10.4-2 (bug #1088818)
NOTE: https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99
@@ -191776,6 +191832,7 @@ CVE-2023-3297 (In Ubuntu's accountsservice an unprivileged local attacker can tr
CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...)
+ {DSA-5958-1}
[experimental] - jpeg-xl 0.8.2-1
- jpeg-xl 0.8.2-4 (bug #1055306)
NOTE: https://github.com/libjxl/libjxl/pull/2551
@@ -215711,6 +215768,7 @@ CVE-2023-0647 (A vulnerability, which was classified as critical, has been found
CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5.0. A ...)
NOT-FOR-US: dst-admin
CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...)
+ {DSA-5958-1}
[experimental] - jpeg-xl 0.8.2-1
- jpeg-xl 0.8.2-4 (bug #1034722)
NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21537a5517d3cf700478c80f561444986a65e4b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21537a5517d3cf700478c80f561444986a65e4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250704/1250e052/attachment.htm>
More information about the debian-security-tracker-commits
mailing list