[Git][security-tracker-team/security-tracker][master] Add new mongodb issues

Tue Nov 25 09:48:14 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e26f3b3 by Salvatore Bonaccorso at 2025-11-25T10:47:50+01:00
Add new mongodb issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,15 +75,18 @@ CVE-2025-52538 (Improper input validation within the XOCL driver may allow a loc
 CVE-2025-36150 (IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographi ...)
 	NOT-FOR-US: IBM
 CVE-2025-13644 (MongoDB Server may experience an invariant failure during batched dele ...)
-	TODO: check
+	- mongodb <removed>
+	NOTE: https://jira.mongodb.org/browse/SERVER-101180
 CVE-2025-13643 (A user with access to the cluster with a limited set of privilege acti ...)
-	TODO: check
+	- mongodb <removed>
+	NOTE: https://jira.mongodb.org/browse/SERVER-103582
 CVE-2025-13559 (The EduKart Pro plugin for WordPress is vulnerable to Privilege Escala ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13558 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13507 (Inconsistent object size validation in time series processing logic ma ...)
-	TODO: check
+	- mongodb <removed>
+	NOTE: https://jira.mongodb.org/browse/SERVER-108565
 CVE-2025-13452 (The Admin and Customer Messages After Order for WooCommerce: OrderConv ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13414 (The Chamber Dashboard Business Directory plugin for WordPress is vulne ...)
@@ -113,7 +116,8 @@ CVE-2025-13311 (The Just Highlight plugin for WordPress is vulnerable to Stored
 CVE-2025-13068 (The Telegram Bot & Channel plugin for WordPress is vulnerable to Store ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12893 (Clients may successfully perform a TLS handshake with a MongoDB server ...)
-	TODO: check
+	- mongodb <removed>
+	NOTE: https://jira.mongodb.org/browse/SERVER-105783
 CVE-2025-12742 (A Looker user with a Developer role could cause Looker to execute a ma ...)
 	NOT-FOR-US: Looker
 CVE-2025-12645 (The Inline frame \u2013 Iframe plugin for WordPress is vulnerable to S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e26f3b384735b14fe02a7737e7fac63d7934ea5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e26f3b384735b14fe02a7737e7fac63d7934ea5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251125/ad94666a/attachment-0001.htm>
