[Git][security-tracker-team/security-tracker][master] automatic update

Wed Jul 16 09:12:29 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
edb081b8 by security tracker role at 2025-07-16T08:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,74 @@
-CVE-2025-53906
+CVE-2025-7673 (A buffer overflow vulnerability in the URL parser of the zhttpd web se ...)
+	TODO: check
+CVE-2025-7359 (The Counter live visitors for WooCommerce plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2025-6981 (An incorrect authorization vulnerability allowed unauthorized read acc ...)
+	TODO: check
+CVE-2025-6977 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+	TODO: check
+CVE-2025-6747 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2025-6043 (The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Re ...)
+	TODO: check
+CVE-2025-5845 (The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-5843 (The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-53958
+	REJECTED
+CVE-2025-53957
+	REJECTED
+CVE-2025-53956
+	REJECTED
+CVE-2025-53955
+	REJECTED
+CVE-2025-53954
+	REJECTED
+CVE-2025-53953
+	REJECTED
+CVE-2025-53952
+	REJECTED
+CVE-2025-53842 (Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to ...)
+	TODO: check
+CVE-2025-52690 (Successful exploitation of the vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2025-52689 (Successful exploitation of the vulnerability could allow an unauthenti ...)
+	TODO: check
+CVE-2025-52688 (Successful exploitation of the vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2025-52687 (Successful exploitation of the vulnerability could allow an attacker w ...)
+	TODO: check
+CVE-2025-49841 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49840 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49839 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49838 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49837 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49836 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49835 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49834 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49833 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In ve ...)
+	TODO: check
+CVE-2025-49831 (An attacker of Secrets Manager, Self-Hosted installations that route t ...)
+	TODO: check
+CVE-2025-2800 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
+	TODO: check
+CVE-2025-2799 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
+	TODO: check
+CVE-2025-53906 (Vim is an open source, command line text editor. Prior to version 9.1. ...)
 	- vim <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/2
-CVE-2025-53905
+CVE-2025-53905 (Vim is an open source, command line text editor. Prior to version 9.1. ...)
 	- vim <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/1
-CVE-2025-30761
+CVE-2025-30761 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 <unfixed>
 	- openjdk-11 <unfixed>
 CVE-2025-7667 (The Restrict File Access plugin for WordPress is vulnerable to Cross-S ...)
@@ -252,7 +316,7 @@ CVE-2025-30758 (Vulnerability in the Siebel CRM End User product of Oracle Siebe
 	NOT-FOR-US: Oracle
 CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component: General).   The ...)
 	NOT-FOR-US: Oracle
-CVE-2025-30754 (Vulnerability in Oracle Java SE (component: JSSE).  Supported versions ...)
+CVE-2025-30754 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
 	- openjdk-8 <unfixed>
 	- openjdk-11 <unfixed>
 	- openjdk-17 <unfixed>
@@ -1670,7 +1734,8 @@ CVE-2024-10391
 	REJECTED
 CVE-2023-50458 (In Dradis before 4.11.0, the Output Console shows a job queue that may ...)
 	NOT-FOR-US: Dradis
-CVE-2025-7370 (A flaw was found in libsoup. A NULL pointer dereference vulnerability  ...)
+CVE-2025-7370
+	REJECTED
 	- libsoup3 <unfixed> (unimportant)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2378888



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edb081b84d665f37ae9e312d88113895359422a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edb081b84d665f37ae9e312d88113895359422a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250716/ec85fd02/attachment-0001.htm>
