[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 5 08:13:08 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4e00d06 by security tracker role at 2025-11-05T08:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,136 @@
-CVE-2025-62507 [Bug in XACKDEL may lead to stack overflow and potential RCE]
+CVE-2025-8871 (The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Obje ...)
+	TODO: check
+CVE-2025-6027 (The Ace User Management WordPress plugin through 2.0.3 does not proper ...)
+	TODO: check
+CVE-2025-64455
+	REJECTED
+CVE-2025-64454
+	REJECTED
+CVE-2025-64453
+	REJECTED
+CVE-2025-64452
+	REJECTED
+CVE-2025-64451
+	REJECTED
+CVE-2025-64450
+	REJECTED
+CVE-2025-64449
+	REJECTED
+CVE-2025-64448
+	REJECTED
+CVE-2025-64151 (Multiple Roboticsware products provided by Roboticsware PTE. LTD. regi ...)
+	TODO: check
+CVE-2025-64110 (Cursor is a code editor built for programming with AI. In versions 1.7 ...)
+	TODO: check
+CVE-2025-64109 (Cursor is a code editor built for programming with AI. In versions and ...)
+	TODO: check
+CVE-2025-64108 (Cursor is a code editor built for programming with AI. In versions 1.7 ...)
+	TODO: check
+CVE-2025-64107 (Cursor is a code editor built for programming with AI. In versions 1.7 ...)
+	TODO: check
+CVE-2025-64106 (Cursor is a code editor built for programming with AI. In versions 1.7 ...)
+	TODO: check
+CVE-2025-62722 (LinkAce is a self-hosted archive to collect website links. In versions ...)
+	TODO: check
+CVE-2025-62721 (LinkAce is a self-hosted archive to collect website links. In versions ...)
+	TODO: check
+CVE-2025-62720 (LinkAce is a self-hosted archive to collect website links. Versions 2. ...)
+	TODO: check
+CVE-2025-62719 (LinkAce is a self-hosted archive to collect website links. In versions ...)
+	TODO: check
+CVE-2025-62715 (ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 ...)
+	TODO: check
+CVE-2025-62520 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
+	TODO: check
+CVE-2025-62369 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2025-62225 (Optical Disc Archive Software provided by Sony Corporation registers a ...)
+	TODO: check
+CVE-2025-59596 (CVE-2025-59596 is a denial-of-service vulnerability in Secure Access   ...)
+	TODO: check
+CVE-2025-59595 (CVE-2025-59595 is an internally discovered denial of service  vulnerab ...)
+	TODO: check
+CVE-2025-56230 (Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certi ...)
+	TODO: check
+CVE-2025-55155 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
+	TODO: check
+CVE-2025-54526 (Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer  ...)
+	TODO: check
+CVE-2025-54496 (A maliciously crafted project file may cause a heap-based buffer  over ...)
+	TODO: check
+CVE-2025-54335 (An issue was discovered in the GPU driver in Samsung Mobile Processor  ...)
+	TODO: check
+CVE-2025-52910 (An issue was discovered in the GPU in Samsung Mobile Processor and Wea ...)
+	TODO: check
+CVE-2025-48884 (Galette is a membership management web application for non profit orga ...)
+	TODO: check
+CVE-2025-48076 (Galette is a membership management web application for non profit orga ...)
+	TODO: check
+CVE-2025-47776 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to  ...)
+	TODO: check
+CVE-2025-32786 (The GLPI Inventory Plugin handles network discovery, inventory, softwa ...)
+	TODO: check
+CVE-2025-27374 (An issue was discovered in the Secure Boot component in Samsung Mobile ...)
+	TODO: check
+CVE-2025-21079 (Improper input validation in Samsung Members prior to version 5.5.01.3 ...)
+	TODO: check
+CVE-2025-21078 (Use of insufficiently random value of secretKey in Smart Switch prior  ...)
+	TODO: check
+CVE-2025-21077 (Improper input validation in Samsung Email prior to version 6.2.06.0 a ...)
+	TODO: check
+CVE-2025-21076 (Improper handling of insufficient permissions or privileges in Samsung ...)
+	TODO: check
+CVE-2025-21075 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Re ...)
+	TODO: check
+CVE-2025-21074 (Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Rel ...)
+	TODO: check
+CVE-2025-21073 (Insecure default configuration in USB connection mode prior to SMR Nov ...)
+	TODO: check
+CVE-2025-21071 (Out-of-bounds write in handling opcode in fingerprint trustlet prior t ...)
+	TODO: check
+CVE-2025-12735 (The expr-eval library is a JavaScript expression parser and evaluator  ...)
+	TODO: check
+CVE-2025-12677 (The KiotViet Sync plugin for WordPress is vulnerable to Sensitive Info ...)
+	TODO: check
+CVE-2025-12676 (The KiotViet Sync plugin for WordPress is vulnerable to authorizarion  ...)
+	TODO: check
+CVE-2025-12675 (The KiotViet Sync plugin for WordPress is vulnerable to unauthorized m ...)
+	TODO: check
+CVE-2025-12674 (The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file ...)
+	TODO: check
+CVE-2025-12582 (The Features plugin for WordPress is vulnerable to unauthorized modifi ...)
+	TODO: check
+CVE-2025-12580 (The SMS for WordPress plugin for WordPress is vulnerable to Reflected  ...)
+	TODO: check
+CVE-2025-12388 (The B Carousel Block \u2013 Responsive Image and Content Carousel plug ...)
+	TODO: check
+CVE-2025-12384 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and Other Files  ...)
+	TODO: check
+CVE-2025-12197 (The The Events Calendar plugin for WordPress is vulnerable to blind SQ ...)
+	TODO: check
+CVE-2025-12139 (The File Manager for Google Drive \u2013 Integrate Google Drive with W ...)
+	TODO: check
+CVE-2025-11917 (The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-11835 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
+	TODO: check
+CVE-2025-11749 (The AI Engine plugin for WordPress is vulnerable to Sensitive Informat ...)
+	TODO: check
+CVE-2025-11373 (The Popup and Slider Builder by Depicter \u2013 Add Email collecting P ...)
+	TODO: check
+CVE-2025-11162 (The Spectra Gutenberg Blocks \u2013 Website Builder for the Block Edit ...)
+	TODO: check
+CVE-2025-11072 (The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 ...)
+	TODO: check
+CVE-2025-10873 (The ElementInvader Addons for Elementor WordPress plugin before 1.4.1  ...)
+	TODO: check
+CVE-2025-10622 (A flaw was found in Red Hat Satellite (Foreman component). This vulner ...)
+	TODO: check
+CVE-2025-10567 (The FunnelKit  WordPress plugin before 3.12.0.1 does not sanitize user ...)
+	TODO: check
+CVE-2024-56426 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
+	TODO: check
+CVE-2025-62507 (Redis is an open source, in-memory database that persists on disk. In  ...)
 	- redis <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8
 	NOTE: Introduced with: https://github.com/redis/redis/commit/fa040a72c0720d9b0a833117b086e5bbafa6ddc8 (8.2-rc1)
@@ -1723,7 +1855,7 @@ CVE-2025-11201 (MLflow Tracking Server Model Creation Directory Traversal Remote
 CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass Vulnerability. ...)
 	NOT-FOR-US: mlflow
 CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
-	{DLA-4362-1}
+	{DSA-6049-1 DLA-4362-1}
 	- gimp 3.0.4-6.2 (bug #1119661)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-978/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e00d06b79b02e21e9e24a417f3aa17b324e330

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e00d06b79b02e21e9e24a417f3aa17b324e330
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251105/ec20e9f1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list