[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 25 09:12:35 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7066f529 by security tracker role at 2025-07-25T08:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,85 @@
-CVE-2025-54567
+CVE-2025-8137 (A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521  ...)
+	TODO: check
+CVE-2025-8136 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2025-8135 (A vulnerability, which was classified as critical, has been found in i ...)
+	TODO: check
+CVE-2025-8134 (A vulnerability classified as critical was found in PHPGurukul BP Moni ...)
+	TODO: check
+CVE-2025-8133 (A vulnerability classified as critical has been found in yanyutao0402  ...)
+	TODO: check
+CVE-2025-8132 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has  ...)
+	TODO: check
+CVE-2025-8131 (A vulnerability was found in Tenda AC20 16.03.08.05. It has been decla ...)
+	TODO: check
+CVE-2025-8129 (A vulnerability, which was classified as problematic, was found in Koa ...)
+	TODO: check
+CVE-2025-8128 (A vulnerability, which was classified as critical, has been found in z ...)
+	TODO: check
+CVE-2025-8127 (A vulnerability classified as critical was found in deerwms deer-wms-2 ...)
+	TODO: check
+CVE-2025-8126 (A vulnerability classified as critical has been found in deerwms deer- ...)
+	TODO: check
+CVE-2025-8125 (A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been ...)
+	TODO: check
+CVE-2025-8124 (A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been ...)
+	TODO: check
+CVE-2025-8123 (A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been ...)
+	TODO: check
+CVE-2025-7742 (An authentication vulnerability exists in the LG Innotek camera model  ...)
+	TODO: check
+CVE-2025-7404 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+	TODO: check
+CVE-2025-7022 (The My Reservation System WordPress plugin through 2.3 does not saniti ...)
+	TODO: check
+CVE-2025-6260 (The embedded web server on the thermostat listed version ranges contai ...)
+	TODO: check
+CVE-2025-5835 (The Droip plugin for WordPress is vulnerable to unauthorized modificat ...)
+	TODO: check
+CVE-2025-5831 (The Droip plugin for WordPress is vulnerable to arbitrary file uploads ...)
+	TODO: check
+CVE-2025-54568 (Akamai Rate Control alpha before 2025 allows attackers to send request ...)
+	TODO: check
+CVE-2025-54558 (OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution ...)
+	TODO: check
+CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data analytics and stream process ...)
+	TODO: check
+CVE-2025-54369
+	REJECTED
+CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, and Ele ...)
+	TODO: check
+CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...)
+	TODO: check
+CVE-2025-32429 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-31955 (HCL iAutomate is affected by a sensitive data exposure vulnerability.  ...)
+	TODO: check
+CVE-2025-31953 (HCL iAutomate includes hardcoded credentials which may result in poten ...)
+	TODO: check
+CVE-2025-31952 (HCL iAutomate is affected by an insufficient session expiration.  This ...)
+	TODO: check
+CVE-2025-22165 (This Medium severity ACE (Arbitrary Code Execution) vulnerability was  ...)
+	TODO: check
+CVE-2025-0253 (HCL IEM is affected by a cookie attribute not set vulnerability due to ...)
+	TODO: check
+CVE-2025-0252 (HCL IEM is affected by a password in cleartext vulnerability. Sensitiv ...)
+	TODO: check
+CVE-2025-0251 (HCL IEM is affected by a concurrent login vulnerability. The applicati ...)
+	TODO: check
+CVE-2025-0250 (HCL IEM is affected by an authorization token sent in cookie vulnerabi ...)
+	TODO: check
+CVE-2025-0249 (HCL IEM is affected by an improper invalidation of access or JWT token ...)
+	TODO: check
+CVE-2019-25224 (The WP Database Backup plugin for WordPress is vulnerable to OS Comman ...)
+	TODO: check
+CVE-2015-10144 (The Responsive Thumbnail Slider plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2015-10143 (The Platform theme for WordPress is vulnerable to unauthorized modific ...)
+	TODO: check
+CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bi ...)
 	- qemu <unfixed>
 	NOTE: https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/
-CVE-2025-54566
+CVE-2025-54566 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state incon ...)
 	- qemu <unfixed>
 	NOTE: https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/
 CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand Management Sys ...)
@@ -285,7 +363,7 @@ CVE-2025-48733 (DuraComm SPM-500 DP-10iN-100-MU   lacks access controls for a fu
 	NOT-FOR-US: DuraComm
 CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
 	NOT-FOR-US: Mitel
-CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk command ...)
+CVE-2025-46686 (Redis through 8.0.3 allows memory consumption via a multi-bulk command ...)
 	- redis <unfixed> (unimportant)
 	NOTE: https://github.com/io-no/CVE-Reports/issues/1
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
@@ -7020,7 +7098,8 @@ CVE-2025-4380 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager
 	NOT-FOR-US: WordPress plugin
 CVE-2025-49741 (No cwe for this issue in Microsoft Edge (Chromium-based) allows an una ...)
 	NOT-FOR-US: Microsoft
-CVE-2025-3848 (The Download Manager and Payment Form WordPress Plugin \u2013 WP Smart ...)
+CVE-2025-3848
+	REJECTED
 	NOT-FOR-US: WordPress plugin
 CVE-2025-36630 (In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was f ...)
 	NOT-FOR-US: Tenable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7066f52995ec337bbe4916b9263c55f2af8a289b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7066f52995ec337bbe4916b9263c55f2af8a289b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/a7390fc8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list