[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 24 21:15:58 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d15c9bf3 by security tracker role at 2025-07-24T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,106 @@
+CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand Management Sys ...)
+ TODO: check
+CVE-2025-8114 (A flaw was found in libssh, a library that implements the SSH protocol ...)
+ TODO: check
+CVE-2025-8071 (Mine CloudVod plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-7966 (The Get Youtube Subs plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-7959 (The Station Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-7835 (The iThoughts Advanced Code Editor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-7822 (The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-7780 (The AI Engine plugin for WordPress is vulnerable to Sensitive Informat ...)
+ TODO: check
+CVE-2025-7695 (The Dataverse Integration plugin for WordPress is vulnerable to Privil ...)
+ TODO: check
+CVE-2025-7690 (The Affiliate Plus plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2025-7640 (The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2025-6998 (ReDoS in strip_whitespaces() function in cps/string_helper.py in janec ...)
+ TODO: check
+CVE-2025-6588 (The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2025-6539 (The Voltax Video Player plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-6441 (The Webinar Solution: Create live/evergreen/automated/instant webinars ...)
+ TODO: check
+CVE-2025-6387 (The WP Get The Table plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-6385 (The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-6382 (The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-6380 (The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Es ...)
+ TODO: check
+CVE-2025-6262 (The muse.ai video embedding plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-5243 (Unrestricted Upload of File with Dangerous Type, Improper Neutralizati ...)
+ TODO: check
+CVE-2025-5084 (The Post Grid Master plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2025-5039 (A maliciously crafted binary file, when present while loading files in ...)
+ TODO: check
+CVE-2025-53084 (A cross-site scripting (xss) vulnerability exists in the videosList pa ...)
+ TODO: check
+CVE-2025-51089 (Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at / ...)
+ TODO: check
+CVE-2025-51088 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at ...)
+ TODO: check
+CVE-2025-51087 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at ...)
+ TODO: check
+CVE-2025-51085 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at ...)
+ TODO: check
+CVE-2025-51082 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at ...)
+ TODO: check
+CVE-2025-50128 (A cross-site scripting (xss) vulnerability exists in the videoNotFound ...)
+ TODO: check
+CVE-2025-4822 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-4784 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-4608 (The Structured Content plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-48732 (An incomplete blacklist exists in the .htaccess sample of WWBN AVideo ...)
+ TODO: check
+CVE-2025-47061 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46996 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46993 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-46410 (A cross-site scripting (xss) vulnerability exists in the managerPlayli ...)
+ TODO: check
+CVE-2025-45731 (A group deletion race condition in 2FAuth v5.5.0 causes data inconsist ...)
+ TODO: check
+CVE-2025-45702 (SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to ...)
+ TODO: check
+CVE-2025-41420 (A cross-site scripting (xss) vulnerability exists in the userLogin can ...)
+ TODO: check
+CVE-2025-40680 (Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillar ...)
+ TODO: check
+CVE-2025-3669 (The Supreme Addons for Beaver Builder plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-36548 (A cross-site scripting (xss) vulnerability exists in the LoginWordPres ...)
+ TODO: check
+CVE-2025-36005 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, ...)
+ TODO: check
+CVE-2025-33109 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalat ...)
+ TODO: check
+CVE-2025-33013 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, ...)
+ TODO: check
+CVE-2025-25214 (A race condition vulnerability exists in the aVideoEncoder.json.php un ...)
+ TODO: check
CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with specific priv ...)
NOT-FOR-US: OceanBase
CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7852 (The WPBookit plugin for WordPress is vulnerable to arbitrary file uplo ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-7745 (: Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC ...)
+CVE-2025-7745 (Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC50 ...)
NOT-FOR-US: ABB group
CVE-2025-7437 (The Ebook Store plugin for WordPress is vulnerable to arbitrary file u ...)
NOT-FOR-US: WordPress plugin
@@ -594,7 +690,7 @@ CVE-2012-10020 (The FoxyPress plugin for WordPress is vulnerable to arbitrary fi
CVE-2025-38352 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/f90fff1e152dedf52b932240ebbd670d83330eca (6.16-rc2)
-CVE-2025-7962 (In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by util ...)
+CVE-2025-7962 (In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by ut ...)
- jakarta-mail <unfixed> (bug #1109804)
- javamail <unfixed> (bug #1109824)
NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/67
@@ -5390,15 +5486,15 @@ CVE-2024-37657 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a re
NOT-FOR-US: Gnuboard
CVE-2024-37656 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote a ...)
NOT-FOR-US: Gnuboard
-CVE-2024-25178 (LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow han ...)
+CVE-2024-25178 (LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an ...)
- luajit 2.1.0+openresty20240314-1
NOTE: https://github.com/LuaJIT/LuaJIT/issues/1152
NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8 (v2.1)
-CVE-2024-25177 (LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL metatable, w ...)
+CVE-2024-25177 (LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an ...)
- luajit 2.1.0+openresty20240314-1
NOTE: https://github.com/LuaJIT/LuaJIT/issues/1147
NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f (v2.1)
-CVE-2024-25176 (LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in l ...)
+CVE-2024-25176 (LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a s ...)
- luajit 2.1.0+openresty20240314-1
NOTE: https://github.com/LuaJIT/LuaJIT/issues/1149
NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc (v2.1)
@@ -37332,7 +37428,7 @@ CVE-2025-2914 (A vulnerability classified as problematic has been found in HDF5
[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5379
-CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been rated as p ...)
+CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been rated as c ...)
- hdf5 <unfixed> (bug #1103538)
[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15c9bf3438b8db1909600d53b81838e7764439b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15c9bf3438b8db1909600d53b81838e7764439b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250724/57a22ccd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list