[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 26 09:12:42 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66d75fdf by security tracker role at 2025-06-26T08:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2025-6669 (A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has be ...)
+ TODO: check
+CVE-2025-6668 (A vulnerability was found in code-projects Inventory Management System ...)
+ TODO: check
+CVE-2025-6667 (A vulnerability was found in code-projects Car Rental System 1.0 and c ...)
+ TODO: check
+CVE-2025-6665 (A vulnerability has been found in code-projects Inventory Management S ...)
+ TODO: check
+CVE-2025-6664 (A vulnerability, which was classified as problematic, was found in Cod ...)
+ TODO: check
+CVE-2025-6662 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6661 (PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vul ...)
+ TODO: check
+CVE-2025-6660 (PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote ...)
+ TODO: check
+CVE-2025-6659 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Ex ...)
+ TODO: check
+CVE-2025-6658 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6657 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6656 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6655 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6654 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Ex ...)
+ TODO: check
+CVE-2025-6653 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6652 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6651 (PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Ex ...)
+ TODO: check
+CVE-2025-6650 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6649 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6648 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6647 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Ex ...)
+ TODO: check
+CVE-2025-6646 (PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclos ...)
+ TODO: check
+CVE-2025-6645 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Executi ...)
+ TODO: check
+CVE-2025-6644 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Executi ...)
+ TODO: check
+CVE-2025-6643 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6642 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...)
+ TODO: check
+CVE-2025-6641 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-6640 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Executi ...)
+ TODO: check
+CVE-2025-6624 (Versions of the package snyk before 1.1297.3 are vulnerable to Inserti ...)
+ TODO: check
+CVE-2025-6546 (The Drive Folder Embedder plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-6540 (The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-6538 (The Post Rating and Review plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-6537 (The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-6443 (Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerabilit ...)
+ TODO: check
+CVE-2025-6383 (The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-6378 (The Responsive Food and Drink Menu plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-6290 (The Tournament Bracket Generator plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-6258 (The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-5932 (The Homerunner plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2025-5929 (The The Countdown plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-5813 (The Amazon Products to WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-5812 (The VG WORT METIS plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2025-5590 (The Owl carousel responsive plugin for WordPress is vulnerable to time ...)
+ TODO: check
+CVE-2025-5588 (The Image Editor by Pixo plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-5564 (The GC Social Wall plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-5559 (The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-5540 (The Event RSVP and Simple Event Management Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2025-5535 (The e.nigma buttons plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-5488 (The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-5459 (A user with specific node group editing permissions and a specially cr ...)
+ TODO: check
+CVE-2025-5275 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
+ TODO: check
+CVE-2025-52934
+ REJECTED
+CVE-2025-4334 (The Simple User Registration plugin for WordPress is vulnerable to Pri ...)
+ TODO: check
+CVE-2025-48497 (Cross-site request forgery vulnerability exists in iroha Board version ...)
+ TODO: check
+CVE-2025-41404 (Direct request ('Forced Browsing') issue exists in iroha Board version ...)
+ TODO: check
+CVE-2025-3863 (The Post Carousel Slider for Elementor plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-37101 (A potential security vulnerability has been identified in HPE OneView ...)
+ TODO: check
+CVE-2025-36038 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
+ TODO: check
CVE-2025-6678 (Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Inf ...)
NOT-FOR-US: Autel
CVE-2025-6627 (A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 ...)
@@ -165,15 +281,15 @@ CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component /Log
TODO: check
CVE-2021-4457 (The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthe ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-5846
+CVE-2025-5846 (An issue has been discovered in GitLab EE affecting all versions from ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-2938
+CVE-2025-2938 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
-CVE-2025-5315
+CVE-2025-5315 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
-CVE-2025-1754
+CVE-2025-1754 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
-CVE-2025-3279
+CVE-2025-3279 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
CVE-2025-6583 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester
@@ -435,11 +551,13 @@ CVE-2025-6431 (When a link can be opened in an external application, Firefox for
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6431
CVE-2025-6430 (When a file download is specified via the `Content-Disposition` header ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6430
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6430
CVE-2025-6429 (Firefox could have incorrectly parsed a URL and rewritten it to the yo ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6429
@@ -456,11 +574,13 @@ CVE-2025-6426 (The executable file warning did not warn users before opening fil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6426
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6426
CVE-2025-6425 (An attacker who enumerated resources from the WebCompat extension coul ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6425
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6425
CVE-2025-6424 (A use-after-free in FontFaceSet resulted in a potentially exploitable ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6424
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66d75fdf1fbefa68760933b58c49a67673de167c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66d75fdf1fbefa68760933b58c49a67673de167c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/48a5af94/attachment.htm>
More information about the debian-security-tracker-commits
mailing list