[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 5 09:12:51 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a7812c3 by security tracker role at 2025-09-05T08:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2025-9990 (The WordPress Helpdesk Integration plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-8944 (The OceanWP WordPress theme before 4.1.2 is vulnerable to an option up ...)
+	TODO: check
+CVE-2025-8684 (The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2025-7445 (Kubernetes secrets-store-sync-controller in versions before 0.0.2 disc ...)
+	TODO: check
+CVE-2025-58401 (Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github AP ...)
+	TODO: check
+CVE-2025-58400 (RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, I ...)
+	TODO: check
+CVE-2025-58362 (Hono is a Web application framework that provides support for any Java ...)
+	TODO: check
+CVE-2025-58359 (ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised S ...)
+	TODO: check
+CVE-2025-58352 (Weblate is a web based localization tool. Versions lower than 5.13.1 c ...)
+	TODO: check
+CVE-2025-58313 (Race condition vulnerability in the device standby module. Impact: Suc ...)
+	TODO: check
+CVE-2025-58296 (Race condition vulnerability in the audio module. Impact: Successful e ...)
+	TODO: check
+CVE-2025-58281 (Out-of-bounds read vulnerability in the runtime interpreter module. Im ...)
+	TODO: check
+CVE-2025-58280 (Vulnerability of exposing object heap addresses in the Ark eTS module. ...)
+	TODO: check
+CVE-2025-58276 (Permission verification vulnerability in the home screen module Impact ...)
+	TODO: check
+CVE-2025-58179 (Astro is a web framework for content-driven websites. Versions 11.0.3  ...)
+	TODO: check
+CVE-2025-55739 (api is a module for FreePBX@, which is an open source GUI that control ...)
+	TODO: check
+CVE-2025-55671 (Uncontrolled search path element issue exists in TkEasyGUI versions pr ...)
+	TODO: check
+CVE-2025-55305 (Electron is a framework for writing cross-platform desktop application ...)
+	TODO: check
+CVE-2025-55244 (Azure Bot Service Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2025-55242 (Exposure of sensitive information to an unauthorized actor in Xbox all ...)
+	TODO: check
+CVE-2025-55241 (Azure Entra Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2025-55238 (Dynamics 365 FastTrack Implementation Assets Information Disclosure Vu ...)
+	TODO: check
+CVE-2025-55209 (contactmanager is a module for FreePBX@, which is an open source GUI t ...)
+	TODO: check
+CVE-2025-55190 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+	TODO: check
+CVE-2025-55037 (Improper neutralization of special elements used in an OS command ('OS ...)
+	TODO: check
+CVE-2025-54914 (Azure Networking Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2025-48395 (An attacker with authenticated and privileged access could modify the  ...)
+	TODO: check
+CVE-2025-41408 (Improper authorization in handler for custom URL scheme issue in "Yaho ...)
+	TODO: check
 CVE-2025-9636 (pgAdmin <= 9.7 is affected by a  Cross-Origin Opener Policy (COOP) vul ...)
 	- pgadmin4 <itp> (bug #834129)
 CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site Request For ...)
@@ -5245,7 +5301,8 @@ CVE-2025-38604 (In the Linux kernel, the following vulnerability has been resolv
 	[trixie] - linux 6.12.43-1
 	[bookworm] - linux 6.1.148-1
 	NOTE: https://git.kernel.org/linus/16d8fd74dbfca0ea58645cd2fca13be10cae3cdd (6.17-rc1)
-CVE-2025-38603 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+CVE-2025-38603
+	REJECTED
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5fb90421fa0fbe0a968274912101fe917bf1c47b (6.17-rc1)
 CVE-2025-38602 (In the Linux kernel, the following vulnerability has been resolved:  i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7812c32f503c03d82a4d7fd7cdd761f4d4ffc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7812c32f503c03d82a4d7fd7cdd761f4d4ffc9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250905/48961ca6/attachment.htm>

More information about the debian-security-tracker-commits mailing list