[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 29 09:12:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
babc2074 by security tracker role at 2025-07-29T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-8264 (Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable ...)
+ TODO: check
+CVE-2025-7811 (The StreamWeasels YouTube Integration plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-7810 (The StreamWeasels Kick Integration plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-7809 (The StreamWeasels Twitch Integration plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-6495 (The Bricks theme for WordPress is vulnerable to blind SQL Injection vi ...)
+ TODO: check
+CVE-2025-54769 (An authenticated, read-only user can upload a file and perform a direc ...)
+ TODO: check
+CVE-2025-54768 (An API endpoint that should be limited to web application administrato ...)
+ TODO: check
+CVE-2025-54767 (An authenticated, read-only user can kill any processes running on the ...)
+ TODO: check
+CVE-2025-54766 (An API endpoint that should be limited to web application administrato ...)
+ TODO: check
+CVE-2025-54765 (An API endpoint that should be limited to web application administrato ...)
+ TODO: check
+CVE-2025-54666
+ REJECTED
+CVE-2025-54665
+ REJECTED
+CVE-2025-54664
+ REJECTED
+CVE-2025-54663
+ REJECTED
+CVE-2025-54662
+ REJECTED
+CVE-2025-54661
+ REJECTED
+CVE-2025-54429 (Polkadot Frontier is an Ethereum and EVM compatibility layer for Polka ...)
+ TODO: check
+CVE-2025-54428 (RevelaCode is an AI-powered faith-tech project that decodes biblical v ...)
+ TODO: check
+CVE-2025-54427 (Polkadot Frontier is an Ethereum and EVM compatibility layer for Polka ...)
+ TODO: check
+CVE-2025-54426 (Polkadot Frontier is an Ethereum and EVM compatibility layer for Polka ...)
+ TODO: check
+CVE-2025-53649 ("SwitchBot" App for iOS/Android contains an insertion of sensitive inf ...)
+ TODO: check
+CVE-2025-53082 (An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) al ...)
+ TODO: check
+CVE-2025-53081 (An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) al ...)
+ TODO: check
+CVE-2025-53080 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-53079 (Absolute Path Traversal in Samsung DMS(Data Management Server) allows ...)
+ TODO: check
+CVE-2025-53078 (Deserialization of Untrusted Data in Samsung DMS(Data Management Serve ...)
+ TODO: check
+CVE-2025-53077 (An execution after redirect in Samsung DMS(Data Management Server) all ...)
+ TODO: check
+CVE-2025-4566 (The Elementor Website Builder \u2013 More Than Just a Page Builder plu ...)
+ TODO: check
+CVE-2025-4370 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to li ...)
+ TODO: check
+CVE-2025-3075 (The Elementor Website Builder \u2013 More Than Just a Page Builder plu ...)
+ TODO: check
CVE-2025-8283 (A vulnerability was found in the netavark package, a network stack for ...)
- netavark <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383941
@@ -116235,7 +116295,7 @@ CVE-2024-1493 (An issue was discovered in GitLab CE/EE affecting all versions st
- gitlab 17.3.5-2
CVE-2024-1330 (The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-58261 [RUSTSEC-2024-0345]
+CVE-2024-58261 (The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infi ...)
- rust-sequoia-openpgp 1.21.0-1 (bug #1074352)
[bookworm] - rust-sequoia-openpgp <not-affected> (Vulnerable code not present)
[bullseye] - rust-sequoia-openpgp <not-affected> (Vulnerable code not present)
@@ -118049,7 +118109,7 @@ CVE-2024-38619 (In the Linux kernel, the following vulnerability has been resolv
{DSA-5731-1 DSA-5730-1 DLA-4008-1}
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/16637fea001ab3c8df528a8995b3211906165a30 (6.10-rc4)
-CVE-2024-58262 [RUSTSEC-2024-0344]
+CVE-2024-58262 (The curve25519-dalek crate before 4.1.3 for Rust has a constant-time o ...)
- rust-curve25519-dalek 4.1.3+20240618+dfsg-1 (bug #1074351)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0344.html
NOTE: https://github.com/dalek-cryptography/curve25519-dalek/pull/659
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babc2074201f29b06973b0f96589937afef81c0a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babc2074201f29b06973b0f96589937afef81c0a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250729/f235b1ac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list