[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 16 21:12:21 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98d05c10 by security tracker role at 2025-07-16T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,324 @@
-CVE-2025-40777
+CVE-2025-7703 (Authentication vulnerability in the mobile application\uff08tech.palm. ...)
+ TODO: check
+CVE-2025-7699 (An improper access control vulnerability was found in the EZ Sync Man ...)
+ TODO: check
+CVE-2025-7357 (LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A fir ...)
+ TODO: check
+CVE-2025-7035 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-6993 (The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege E ...)
+ TODO: check
+CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V ...)
+ TODO: check
+CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' ...)
+ TODO: check
+CVE-2025-5284 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
+ TODO: check
+CVE-2025-54051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54047 (Missing Authorization vulnerability in QuanticaLabs Cost Calculator al ...)
+ TODO: check
+CVE-2025-54043 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-54042 (Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post ...)
+ TODO: check
+CVE-2025-54041 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...)
+ TODO: check
+CVE-2025-54039 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Anima ...)
+ TODO: check
+CVE-2025-54038 (Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaur ...)
+ TODO: check
+CVE-2025-54037 (Missing Authorization vulnerability in blazethemes News Kit Elementor ...)
+ TODO: check
+CVE-2025-54036 (Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment B ...)
+ TODO: check
+CVE-2025-54035 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software ...)
+ TODO: check
+CVE-2025-54033 (Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Buil ...)
+ TODO: check
+CVE-2025-54030 (Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by ...)
+ TODO: check
+CVE-2025-54026 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-54024 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54023 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54022 (Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / R ...)
+ TODO: check
+CVE-2025-54020 (Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for C ...)
+ TODO: check
+CVE-2025-54018 (Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-U ...)
+ TODO: check
+CVE-2025-54016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54013 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54011 (Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiti ...)
+ TODO: check
+CVE-2025-54010 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Flu ...)
+ TODO: check
+CVE-2025-54009 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54006 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53997 (Missing Authorization vulnerability in favethemes Houzez allows Exploi ...)
+ TODO: check
+CVE-2025-53996 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53990 (Deserialization of Untrusted Data vulnerability in jetmonsters JetForm ...)
+ TODO: check
+CVE-2025-53989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53986 (Missing Authorization vulnerability in ThemeIsle Hestia allows Accessi ...)
+ TODO: check
+CVE-2025-53984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53943 (VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source ...)
+ TODO: check
+CVE-2025-53938 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53937 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53936 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53935 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53934 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53933 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53932 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53931 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53930 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53929 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53926 (Emlog is an open source website building system. A cross-site scriptin ...)
+ TODO: check
+CVE-2025-53925 (Emlog is an open source website building system. A cross-site scriptin ...)
+ TODO: check
+CVE-2025-53924 (Emlog is an open source website building system. A cross-site scriptin ...)
+ TODO: check
+CVE-2025-53923 (Emlog is an open source website building system. A cross-site scriptin ...)
+ TODO: check
+CVE-2025-53908 (RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 ...)
+ TODO: check
+CVE-2025-53904 (The Scratch Channel is a news website that is under development as of ...)
+ TODO: check
+CVE-2025-53892 (Vue I18n is the internationalization plugin for Vue.js. The escapePara ...)
+ TODO: check
+CVE-2025-53840 (Icinga DB Web provides a graphical interface for Icinga monitoring. St ...)
+ TODO: check
+CVE-2025-53758 (This vulnerability exists in Digisol DG-GR6821AC Router due to use of ...)
+ TODO: check
+CVE-2025-53757 (This vulnerability exists in Digisol DG-GR6821AC Router due to misconf ...)
+ TODO: check
+CVE-2025-53756 (This vulnerability exists in Digisol DG-GR6821AC Router due to clearte ...)
+ TODO: check
+CVE-2025-53755 (This vulnerability exists in Digisol DG-GR6821AC Router due to storage ...)
+ TODO: check
+CVE-2025-53754 (This vulnerability exists in Digisol DG-GR6821AC Router due to hard-co ...)
+ TODO: check
+CVE-2025-52836 (Incorrect Privilege Assignment vulnerability in Unity Business Technol ...)
+ TODO: check
+CVE-2025-52819 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-52804 (Missing Authorization vulnerability in uxper Nuss allows Accessing Fun ...)
+ TODO: check
+CVE-2025-52803 (Missing Authorization vulnerability in uxper Sala allows Accessing Fun ...)
+ TODO: check
+CVE-2025-52787 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52779 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52714 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-50028 (Missing Authorization vulnerability in CodeSolz Ultimate Push Notifica ...)
+ TODO: check
+CVE-2025-49888 (Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! ...)
+ TODO: check
+CVE-2025-49884 (Missing Authorization vulnerability in alexvtn Internal Linking of Rel ...)
+ TODO: check
+CVE-2025-49876 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49319 (Missing Authorization vulnerability in WPFactory Wishlist for WooComme ...)
+ TODO: check
+CVE-2025-49034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49031 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48345 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48339 (Missing Authorization vulnerability in activity-log.com Profiler - Wha ...)
+ TODO: check
+CVE-2025-48301 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-48300 (Unrestricted Upload of File with Dangerous Type vulnerability in Adria ...)
+ TODO: check
+CVE-2025-48299 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48294 (Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal ...)
+ TODO: check
+CVE-2025-48291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48167 (Missing Authorization vulnerability in alexvtn Chatbox Manager allows ...)
+ TODO: check
+CVE-2025-48166 (Missing Authorization vulnerability in Bill Minozzi Stop and Block bot ...)
+ TODO: check
+CVE-2025-48161 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-48156 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48155 (Missing Authorization vulnerability in enituretechnology Residential A ...)
+ TODO: check
+CVE-2025-48153 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CD ...)
+ TODO: check
+CVE-2025-48150 (Missing Authorization vulnerability in Bill Minozzi Real Estate Proper ...)
+ TODO: check
+CVE-2025-47652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47645 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47053 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46959 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-40985 (SQL injection vulnerability in SCATI Vision Web of SCATI Labs from ver ...)
+ TODO: check
+CVE-2025-40776 (A `named` caching resolver that is configured to send ECS (EDNS Client ...)
+ TODO: check
+CVE-2025-40724 (Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Sc ...)
+ TODO: check
+CVE-2025-3871 (Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows ...)
+ TODO: check
+CVE-2025-37107 (An authentication bypass vulnerability exists in HPE AutoPass License ...)
+ TODO: check
+CVE-2025-37106 (An authentication bypass and disclosure of information vulnerability e ...)
+ TODO: check
+CVE-2025-37105 (An hsqldb-related remote code execution vulnerability exists in HPE Au ...)
+ TODO: check
+CVE-2025-37104 (A security vulnerability has been identified in HPE Telco Service Orch ...)
+ TODO: check
+CVE-2025-36097 (IBM WebSphere Application Server 9.0 and WebSphere Application Server ...)
+ TODO: check
+CVE-2025-34300 (A template injection vulnerability exists in Sawtooth Software\u2019s ...)
+ TODO: check
+CVE-2025-32874 (An issue was discovered in Kaseya Rapid Fire Tools Network Detective t ...)
+ TODO: check
+CVE-2025-32574 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32353 (Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Cre ...)
+ TODO: check
+CVE-2025-31427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31422 (Deserialization of Untrusted Data vulnerability in designthemes Visual ...)
+ TODO: check
+CVE-2025-31072 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31070 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-31055 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30973 (Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSc ...)
+ TODO: check
+CVE-2025-30959 (Missing Authorization vulnerability in WPFactory Product XML Feed Mana ...)
+ TODO: check
+CVE-2025-30955 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30949 (Deserialization of Untrusted Data vulnerability in Guru Team Site Chat ...)
+ TODO: check
+CVE-2025-30936 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-29009 (Unrestricted Upload of File with Dangerous Type vulnerability in Webku ...)
+ TODO: check
+CVE-2025-29000 (Missing Authorization vulnerability in August Infotech Multi-language ...)
+ TODO: check
+CVE-2025-28982 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-28965 (Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shorten ...)
+ TODO: check
+CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider ...)
+ TODO: check
+CVE-2025-28959 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-28955 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-24779 (Deserialization of Untrusted Data vulnerability in NooTheme Yogi allow ...)
+ TODO: check
+CVE-2025-24777 (Deserialization of Untrusted Data vulnerability in awethemes Hillter a ...)
+ TODO: check
+CVE-2025-24759 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22227 (In some specific scenarios with chained redirects, Reactor Netty HTTP ...)
+ TODO: check
+CVE-2025-20337 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
+ TODO: check
+CVE-2025-20288 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2025-20285 (A vulnerability in the IP Access Restriction feature of Cisco ISE and ...)
+ TODO: check
+CVE-2025-20284 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
+ TODO: check
+CVE-2025-20283 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
+ TODO: check
+CVE-2025-20274 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2025-20272 (A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure ...)
+ TODO: check
+CVE-2024-9408 (In Eclipse GlassFish since version 6.2.5 it is possible to perform a S ...)
+ TODO: check
+CVE-2024-9343 (In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cros ...)
+ TODO: check
+CVE-2024-9342 (In Eclipse GlassFish version 7.0.16 or earlier it is possible to perfo ...)
+ TODO: check
+CVE-2024-42912 (A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This ...)
+ TODO: check
+CVE-2024-10032 (In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cros ...)
+ TODO: check
+CVE-2024-10031 (In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cros ...)
+ TODO: check
+CVE-2024-10029 (In Eclipse GlassFish version 7.0.15 is possible to perform Reflected C ...)
+ TODO: check
+CVE-2025-40777 (If a `named` caching resolver is configured with `serve-stale-enable` ...)
- bind9 1:9.20.11-1
NOTE: https://kb.isc.org/docs/cve-2025-40777
-CVE-2025-40918
+CVE-2025-40918 (Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl g ...)
- libauthen-sasl-perl <unfixed> (bug #1109406)
[bookworm] - libauthen-sasl-perl <no-dsa> (Minor issue)
[bullseye] - libauthen-sasl-perl <postponed> (Minor issue, weak entropy for historic DIGEST-MD5 mech)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31224910/
NOTE: https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch
NOTE: https://github.com/gbarr/perl-authen-sasl/pull/22
-CVE-2025-40913
+CVE-2025-40913 (Net::Dropbear versions through 0.16 for Perl contains a dependency tha ...)
NOT-FOR-US: Net::Dropbear CPAN module
-CVE-2025-40919
+CVE-2025-40919 (Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cno ...)
NOT-FOR-US: Authen::DigestMD5 CPAN module
-CVE-2025-40923
+CVE-2025-40923 (Plack-Middleware-Session before version 0.35 for Perl generates sessio ...)
- libplack-middleware-session-perl <unfixed> (bug #1109405)
[bookworm] - libplack-middleware-session-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31223483/
@@ -276,7 +582,7 @@ CVE-2025-50065 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Ja
NOT-FOR-US: Oracle
CVE-2025-50064 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
-CVE-2025-50063 (Vulnerability in Oracle Java SE (component: Install). Supported versi ...)
+CVE-2025-50063 (Vulnerability in Oracle Java SE (component: Install). The supported ...)
- openjdk-8 <not-affected> (Specific to installer, not applicable to debs)
CVE-2025-50062 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...)
NOT-FOR-US: Oracle
@@ -1779,18 +2085,22 @@ CVE-2025-7370
CVE-2025-7365 (A flaw was found in Keycloak. When an authenticated attacker attempts ...)
- keycloak <itp> (bug #1088287)
CVE-2025-32990 (A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softw ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/408bed40c36a4cc98f0c94a818f682810f731f32 (3.8.10)
CVE-2025-32989 (A heap-buffer-overread vulnerability was found in GnuTLS in how it han ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2 (3.8.10)
CVE-2025-32988 (A flaw was found in GnuTLS. A double-free vulnerability exists in GnuT ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573 (3.8.10)
CVE-2025-6395 (A NULL pointer dereference flaw was found in the GnuTLS software in _g ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad (3.8.10)
@@ -2183,11 +2493,14 @@ CVE-2025-43582 (Substance3D - Viewer versions 0.22 and earlier are affected by a
NOT-FOR-US: Adobe
CVE-2025-3780 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-34085 (An unrestricted file upload vulnerability in the WordPress Simple File ...)
+CVE-2025-34085
+ REJECTED
NOT-FOR-US: WordPress plugin
-CVE-2025-34084 (An unauthenticated information disclosure vulnerability exists in the ...)
+CVE-2025-34084
+ REJECTED
NOT-FOR-US: WordPress plugin
-CVE-2025-34083 (An unrestricted file upload vulnerability exists in the WordPress AIT ...)
+CVE-2025-34083
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2025-34077 (An authentication bypass vulnerability exists in the WordPress Pie Reg ...)
NOT-FOR-US: WordPress plugin
@@ -3861,7 +4174,7 @@ CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Servic
NOT-FOR-US: WordPress plugin
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)
NOT-FOR-US: Red Hat OpenShift Jenkins
-CVE-2025-27465 [x86: Incorrect stubs exception handling for flags recovery]
+CVE-2025-27465 (Certain instructions need intercepting and emulating by Xen. In some ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-470.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d05c10a845722bce656497bddcbd5781fa1633
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d05c10a845722bce656497bddcbd5781fa1633
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250716/29e9e348/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list