[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 18 09:12:40 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d5925153 by security tracker role at 2025-07-18T08:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,222 @@
-CVE-2025-53644
+CVE-2025-7772 (The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Re ...)
+ TODO: check
+CVE-2025-7767 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-7765 (A vulnerability classified as critical was found in code-projects Onli ...)
+ TODO: check
+CVE-2025-7764 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-7763 (A vulnerability, which was classified as problematic, was found in thi ...)
+ TODO: check
+CVE-2025-7762 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2025-7759 (A vulnerability, which was classified as critical, was found in thinkg ...)
+ TODO: check
+CVE-2025-7758 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-7757 (A vulnerability classified as critical was found in PHPGurukul Land Re ...)
+ TODO: check
+CVE-2025-7756 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2025-7755 (A vulnerability was found in code-projects Online Ordering System 1.0. ...)
+ TODO: check
+CVE-2025-7754 (A vulnerability was found in code-projects Patient Record Management S ...)
+ TODO: check
+CVE-2025-7753 (A vulnerability was found in code-projects Online Appointment Booking ...)
+ TODO: check
+CVE-2025-7752 (A vulnerability was found in code-projects Online Appointment Booking ...)
+ TODO: check
+CVE-2025-7751 (A vulnerability has been found in code-projects Online Appointment Boo ...)
+ TODO: check
+CVE-2025-7750 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-7749 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-7748 (A vulnerability classified as problematic was found in ZCMS 3.6.0. Thi ...)
+ TODO: check
+CVE-2025-7747 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
+ TODO: check
+CVE-2025-7660 (The Map My Locations plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-7648 (The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-7643 (The Attachment Manager plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2025-7638 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+ TODO: check
+CVE-2025-7472 (A local privilege escalation vulnerability in the Intercept X for Wind ...)
+ TODO: check
+CVE-2025-7438 (The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrar ...)
+ TODO: check
+CVE-2025-7433 (A local privilege escalation vulnerability in Sophos Intercept X for W ...)
+ TODO: check
+CVE-2025-7431 (The Knowledge Base plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-7398 (Brocade ASCG before 3.3.0 allows for the use of medium strength crypto ...)
+ TODO: check
+CVE-2025-7397 (A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores ...)
+ TODO: check
+CVE-2025-7339 (on-headers is a node.js middleware for listening to when a response wr ...)
+ TODO: check
+CVE-2025-7338 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
+ TODO: check
+CVE-2025-6813 (The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege ...)
+ TODO: check
+CVE-2025-6781 (The Copymatic \u2013 AI Content Writer & Generator plugin for WordPres ...)
+ TODO: check
+CVE-2025-6726 (The Block Editor Gallery Slider plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-6719 (The Terms descriptions plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-6718 (The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a ...)
+ TODO: check
+CVE-2025-6717 (The B1.lt plugin for WordPress is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2025-6391 (Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An ...)
+ TODO: check
+CVE-2025-6249 (An authentication bypass vulnerability was reported in FileZ client ap ...)
+ TODO: check
+CVE-2025-6248 (A cross-site scripting (XSS) vulnerability was reported in the Lenovo ...)
+ TODO: check
+CVE-2025-6232 (An improper validation vulnerability was reported in Lenovo Vantage th ...)
+ TODO: check
+CVE-2025-6231 (An improper validation vulnerability was reported in Lenovo Vantage th ...)
+ TODO: check
+CVE-2025-6230 (A SQL injection vulnerability was reported in Lenovo Vantage that coul ...)
+ TODO: check
+CVE-2025-6222 (The WooCommerce Refund And Exchange with RMA - Warranty Management, Re ...)
+ TODO: check
+CVE-2025-6197 (An open redirect vulnerability has been identified in Grafana OSS orga ...)
+ TODO: check
+CVE-2025-6185 (Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cro ...)
+ TODO: check
+CVE-2025-6053 (The Zuppler Online Ordering plugin for WordPress is vulnerable to Cros ...)
+ TODO: check
+CVE-2025-6023 (An open redirect vulnerability has been identified in Grafana OSS that ...)
+ TODO: check
+CVE-2025-5816 (The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo \u2013 ...)
+ TODO: check
+CVE-2025-5811 (The Listly: Listicles For WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-5800 (The Testimonial Post type plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-5767 (The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-5754 (The Useful Tab Block \u2013 Responsive & AMP-Compatible plugin for Wor ...)
+ TODO: check
+CVE-2025-5752 (The Vertical scroll image slideshow gallery plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-5346 (Bluebird devices contain a pre-loaded barcode scanner application. Thi ...)
+ TODO: check
+CVE-2025-5345 (Bluebird devices contain a pre-loaded file manager application. This a ...)
+ TODO: check
+CVE-2025-5344 (Bluebird devices contain a pre-loaded kiosk application. This applicat ...)
+ TODO: check
+CVE-2025-54070 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+ TODO: check
+CVE-2025-54068 (Livewire is a full-stack framework for Laravel. In Livewire v3 up to a ...)
+ TODO: check
+CVE-2025-54066 (DiracX-Web is a web application that provides an interface to interact ...)
+ TODO: check
+CVE-2025-54064 (Rucio is a software framework that provides functionality to organize, ...)
+ TODO: check
+CVE-2025-54062 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-54061 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-54060 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-54058 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53964 (GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows ...)
+ TODO: check
+CVE-2025-53946 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+ TODO: check
+CVE-2025-53941 (Hollo is a federated single-user microblogging software designed to be ...)
+ TODO: check
+CVE-2025-53928 (MaxKB is an open-source AI assistant for enterprise. Prior to versions ...)
+ TODO: check
+CVE-2025-53927 (MaxKB is an open-source AI assistant for enterprise. Prior to version ...)
+ TODO: check
+CVE-2025-53909 (mailcow: dockerized is an open source groupware/email suite based on d ...)
+ TODO: check
+CVE-2025-53867 (Island Lake WebBatch before 2025C allows Remote Code Execution via a c ...)
+ TODO: check
+CVE-2025-53817 (7-Zip is a file archiver with a high compression ratio. 7-Zip supports ...)
+ TODO: check
+CVE-2025-53816 (7-Zip is a file archiver with a high compression ratio. Zeroes written ...)
+ TODO: check
+CVE-2025-53638 (Solady is software that provides Solidity snippets with APIs. Starting ...)
+ TODO: check
+CVE-2025-52933
+ REJECTED
+CVE-2025-52046 (Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command ...)
+ TODO: check
+CVE-2025-51630 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buf ...)
+ TODO: check
+CVE-2025-51497 (An issue was discovered in AdGuard plugin before 1.11.22 for Safari on ...)
+ TODO: check
+CVE-2025-50240 (nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2025-4657 (A buffer overflow vulnerability was reported in the Lenovo Protection ...)
+ TODO: check
+CVE-2025-47189 (Netwrix Directory Manager through 2025-05-01 allows XSS.)
+ TODO: check
+CVE-2025-46102 (Cross Site Scripting vulnerability in Beakon Software Beakon Learning ...)
+ TODO: check
+CVE-2025-3753 (A code execution vulnerability has been identified in the Robot Operat ...)
+ TODO: check
+CVE-2025-3740 (The School Management System for Wordpress plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-38349 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2025-2818 (A vulnerability was reported in version 1.0 of the Bluetooth Transmiss ...)
+ TODO: check
+CVE-2025-29572
+ REJECTED
+CVE-2025-26855 (A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for ...)
+ TODO: check
+CVE-2025-26854 (A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 f ...)
+ TODO: check
+CVE-2025-25257 (An improper neutralization of special elements used in an SQL command ...)
+ TODO: check
+CVE-2025-23270 (NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, ...)
+ TODO: check
+CVE-2025-23269 (NVIDIA Jetson Linux contains a vulnerability in the kernel where an at ...)
+ TODO: check
+CVE-2025-23266 (NVIDIA Container Toolkit for all platforms contains a vulnerability in ...)
+ TODO: check
+CVE-2025-23263 (NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ ...)
+ TODO: check
+CVE-2025-1729 (A DLL hijacking vulnerability was reported in TrackPoint Quick Menu so ...)
+ TODO: check
+CVE-2025-1700 (A DLL hijacking vulnerability was reported in the Motorola Software Fi ...)
+ TODO: check
+CVE-2025-0886 (An incorrect permissions vulnerability was reported in Elliptic Labs V ...)
+ TODO: check
+CVE-2024-42209 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
+ TODO: check
+CVE-2024-41921 (A code injection vulnerability has been discovered in the Robot Operat ...)
+ TODO: check
+CVE-2024-41148 (A code injection vulnerability has been discovered in the Robot Operat ...)
+ TODO: check
+CVE-2024-39835 (A code injection vulnerability has been identified in the Robot Operat ...)
+ TODO: check
+CVE-2024-39289 (A code execution vulnerability has been discovered in the Robot Operat ...)
+ TODO: check
+CVE-2024-32323 (SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a ...)
+ TODO: check
+CVE-2024-32124 (An improper access control vulnerability [CWE-284] in FortiIsolator ve ...)
+ TODO: check
+CVE-2024-27779 (An insufficient session expiration vulnerability [CWE-613] in FortiSan ...)
+ TODO: check
+CVE-2024-13972 (A vulnerability related to registry permissions in the Intercept X for ...)
+ TODO: check
+CVE-2023-47356 (Mingyu Security Gateway before v3.0-5.3p was discovered to contain a r ...)
+ TODO: check
+CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download vulnerabili ...)
+ TODO: check
+CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions prior to 4. ...)
- opencv <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2381763
TODO: check upstream report
@@ -10,7 +228,7 @@ CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
-CVE-2025-40924 [generates session ids insecurely]
+CVE-2025-40924 (Catalyst::Plugin::Session before version 0.44 for Perl generates sessi ...)
- libcatalyst-plugin-session-perl <unfixed> (bug #1109439)
[bookworm] - libcatalyst-plugin-session-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31252285/
@@ -34,7 +252,7 @@ CVE-2025-34132 (A command injection vulnerability exists in LILIN Digital Video
NOT-FOR-US: LILIN Digital Video Recorder (DVR) devices
CVE-2025-34130 (An unauthenticated arbitrary file read exists in LILIN Digital Video R ...)
NOT-FOR-US: LILIN Digital Video Recorder (DVR) devices
-CVE-2025-34129 (A command injection vulnerability exists in LILIN LILIN Digital Video ...)
+CVE-2025-34129 (A command injection vulnerability exists in LILIN Digital Video Record ...)
NOT-FOR-US: LILIN Digital Video Recorder (DVR) devices
CVE-2025-34128 (A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX ...)
NOT-FOR-US: X360 VideoPlayer ActiveX control (VideoPlayer.ocx)
@@ -6686,11 +6904,11 @@ CVE-2025-49550 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2
NOT-FOR-US: Adobe
CVE-2025-49549 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
NOT-FOR-US: Adobe
-CVE-2025-49153 (MICROSENS NMP Web+ could allow an unauthenticated attacker to overwri ...)
+CVE-2025-49153 (The affected products could allow an unauthenticated attacker to overw ...)
NOT-FOR-US: MICROSENS NMP Web+
-CVE-2025-49152 (MICROSENS NMP Web+contain JSON Web Tokens (JWT) that do not expire, wh ...)
+CVE-2025-49152 (The affected products contain JSON Web Tokens (JWT) that do not expire ...)
NOT-FOR-US: MICROSENS NMP Web+
-CVE-2025-49151 (MICROSENS NMP Web+could allow an unauthenticated attacker to generate ...)
+CVE-2025-49151 (The affected products could allow an unauthenticated attacker to gener ...)
NOT-FOR-US: MICROSENS NMP Web+
CVE-2025-49135 (CVAT is an open source interactive video and image annotation tool for ...)
NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
@@ -6779,7 +6997,7 @@ CVE-2024-51978 (An unauthenticated attacker who knows the target device's serial
NOT-FOR-US: Brother
CVE-2024-51977 (An unauthenticated attacker who can access either the HTTP service (TC ...)
NOT-FOR-US: Brother
-CVE-2025-3415
+CVE-2025-3415 (Grafana is an open-source platform for monitoring and observability. T ...)
- grafana <removed>
CVE-2025-52993 (A race condition in the Nix, Lix, and Guix package managers enables ch ...)
- guix <unfixed> (bug #1108318)
@@ -6984,7 +7202,7 @@ CVE-2025-27828 (A vulnerability in the legacy chat component of Mitel MiContact
NOT-FOR-US: Mitel
CVE-2025-27827 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
NOT-FOR-US: Mitel
-CVE-2025-23267
+CVE-2025-23267 (NVIDIA Container Toolkit for all platforms contains a vulnerability in ...)
NOT-FOR-US: NVIDIA Container Toolkit
CVE-2025-23265 (NVIDIA Megatron-LM for all platforms contains a vulnerability in a pyt ...)
NOT-FOR-US: NVIDIA
@@ -67711,7 +67929,7 @@ CVE-2024-53144 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc2)
-CVE-2025-1713 [deadlock potential with VT-d and legacy PCI device pass-through]
+CVE-2025-1713 (When setting up interrupt remapping for legacy PCI(-X) devices, includ ...)
- xen 4.20.0-1
[bookworm] - xen <postponed> (Minor issue, can be fixed along with next update)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -257027,7 +257245,7 @@ CVE-2022-39985
RESERVED
CVE-2022-39984
RESERVED
-CVE-2022-39983 (File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows at ...)
+CVE-2022-39983 (File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, ...)
NOT-FOR-US: Instantdeveloper RD3
CVE-2022-39982
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d592515335673e3737cd1c285db58b6c24e618be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d592515335673e3737cd1c285db58b6c24e618be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250718/6fbe6719/attachment.htm>
More information about the debian-security-tracker-commits
mailing list