[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 12 09:12:01 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2d8ec18 by security tracker role at 2025-09-12T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-9881 (The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site ...)
+	TODO: check
+CVE-2025-9880 (The Side Slide Responsive Menu plugin for WordPress is vulnerable to C ...)
+	TODO: check
+CVE-2025-9879 (The Spotify Embed Creator plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2025-9877 (The Embed Google Datastudio plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2025-9807 (The The Events Calendar plugin for WordPress is vulnerable to time-bas ...)
+	TODO: check
+CVE-2025-8575 (The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file d ...)
+	TODO: check
+CVE-2025-8280 (The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not e ...)
+	TODO: check
+CVE-2025-58781 (WTW-EAGLE App does not properly validate server certificates, which ma ...)
+	TODO: check
+CVE-2025-58754 (Axios is a promise based HTTP client for the browser and Node.js. When ...)
+	TODO: check
+CVE-2025-55319 (Ai command injection in Agentic AI and Visual Studio Code allows an un ...)
+	TODO: check
+CVE-2025-4974
+	REJECTED
+CVE-2025-43789 (JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Lifer ...)
+	TODO: check
+CVE-2025-43788 (The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, a ...)
+	TODO: check
+CVE-2025-3650 (The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox l ...)
+	TODO: check
+CVE-2025-36222 (IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0,  ...)
+	TODO: check
+CVE-2025-21043 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Re ...)
+	TODO: check
+CVE-2025-21042 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Re ...)
+	TODO: check
+CVE-2025-10298
+	REJECTED
+CVE-2025-10291 (A weakness has been identified in linlinjava litemall up to 1.8.0. Thi ...)
+	TODO: check
+CVE-2025-10288 (A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568 ...)
+	TODO: check
+CVE-2025-10287 (A vulnerability has been found in roncoo roncoo-pay up to 9428382af21c ...)
+	TODO: check
+CVE-2025-10278 (A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted  ...)
+	TODO: check
+CVE-2025-10277 (A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This ...)
+	TODO: check
+CVE-2025-10276 (A security vulnerability has been detected in YunaiV ruoyi-vue-pro up  ...)
+	TODO: check
+CVE-2025-10275 (A weakness has been identified in YunaiV yudao-cloud up to 2025.09. Th ...)
+	TODO: check
+CVE-2025-10274 (A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by  ...)
+	TODO: check
+CVE-2025-10273 (A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this  ...)
+	TODO: check
+CVE-2025-10272 (A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an un ...)
+	TODO: check
+CVE-2025-10271 (A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknow ...)
+	TODO: check
+CVE-2025-10269 (The Spirit Framework plugin for WordPress is vulnerable to Local File  ...)
+	TODO: check
 CVE-2025-9319 (A potential vulnerability was reported in the Lenovo Wallpaper Client  ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-9214 (A missing authentication vulnerability was reported in some Lenovo pri ...)
@@ -321,12 +381,12 @@ CVE-2025-40300 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/2f8f173413f1cbf52660d04df92d0069c4306d25
 	NOTE: https://git.kernel.org/linus/556c1ad666ad90c50ec8fccb930dd5046cfbecfb
 CVE-2025-58364 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
-	{DSA-5998-1}
+	{DSA-5998-1 DLA-4298-1}
 	- cups 2.4.10-4
 	NOTE: https://www.openwall.com/lists/oss-security/2025/09/11/2
 	NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d (v2.4.13)
 CVE-2025-58060 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
-	{DSA-5998-1}
+	{DSA-5998-1 DLA-4298-1}
 	- cups 2.4.10-4
 	NOTE: https://www.openwall.com/lists/oss-security/2025/09/11/1
 	NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221 (v2.4.13)
@@ -722,17 +782,17 @@ CVE-2024-45671 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, an
 	NOT-FOR-US: IBM
 CVE-2024-45669 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
 	NOT-FOR-US: IBM
-CVE-2025-6769
+CVE-2025-6769 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
-CVE-2025-10094
+CVE-2025-10094 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
-CVE-2025-7337
+CVE-2025-7337 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
-CVE-2025-1250
+CVE-2025-1250 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
-CVE-2025-6454
+CVE-2025-6454 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
-CVE-2025-2256
+CVE-2025-2256 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-10201 (Inappropriate implementation in Mojo in Google Chrome on Android, Linu ...)
 	{DSA-5996-1}
@@ -742,7 +802,7 @@ CVE-2025-10200 (Use after free in Serviceworker in Google Chrome on Desktop prio
 	{DSA-5996-1}
 	- chromium 140.0.7339.127-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-9086 [Out of bounds read for cookie path]
+CVE-2025-9086 (1. A cookie is set using the `secure` keyword for `https://target` 2.  ...)
 	- curl 8.16.0~rc2-1
 	[trixie] - curl <no-dsa> (Minor issue)
 	[bookworm] - curl <no-dsa> (Minor issue)
@@ -750,7 +810,7 @@ CVE-2025-9086 [Out of bounds read for cookie path]
 	NOTE: https://curl.se/docs/CVE-2025-9086.html
 	NOTE: Introduced with: https://github.com/curl/curl/commit/f24dc09d209a2f91ca38d854f0c15ad93f3d7e2d (curl-7_31_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd37711300 (rc-8_16_0-1)
-CVE-2025-10148 [predictable WebSocket mask]
+CVE-2025-10148 (curl's websocket code did not update the 32 bit mask pattern for each  ...)
 	- curl 8.16.0-1
 	[trixie] - curl <no-dsa> (Minor issue)
 	[bookworm] - curl <ignored> (Minor issue; WebSocket support considered experimental feature, only enabled in builds since 8.8.0-2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d8ec18bc8f7715a2e3c4a0df1a13b077729145

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d8ec18bc8f7715a2e3c4a0df1a13b077729145
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250912/c1fa412f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list