[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 26 09:13:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eee61395 by security tracker role at 2025-09-26T08:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2025-9985 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-9984 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-9490 (The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-9044 (The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-8906 (The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-8200 (The Mega Elements \u2013 Addons for Elementor plugin for WordPress is ...)
+ TODO: check
+CVE-2025-60251 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any hand ...)
+ TODO: check
+CVE-2025-60250 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE pac ...)
+ TODO: check
+CVE-2025-60033
+ REJECTED
+CVE-2025-60032
+ REJECTED
+CVE-2025-60031
+ REJECTED
+CVE-2025-60030
+ REJECTED
+CVE-2025-60029
+ REJECTED
+CVE-2025-60028
+ REJECTED
+CVE-2025-60027
+ REJECTED
+CVE-2025-60026
+ REJECTED
+CVE-2025-60017 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS c ...)
+ TODO: check
+CVE-2025-59408 (Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 s ...)
+ TODO: check
+CVE-2025-59404 (Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 s ...)
+ TODO: check
+CVE-2025-59402 (Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 a ...)
+ TODO: check
+CVE-2025-56769 (An issue was discovered in chinabugotech hutool before 5.8.4 allowing ...)
+ TODO: check
+CVE-2025-54831 (Apache Airflow 3 introduced a change to the handling of sensitive info ...)
+ TODO: check
+CVE-2025-43816 (A memory leak in the headless API for StructuredContents in Liferay Po ...)
+ TODO: check
+CVE-2025-35027 (Multiple robotic products by Unitree sharing a common firmware, includ ...)
+ TODO: check
+CVE-2025-26482 (Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an ...)
+ TODO: check
+CVE-2025-1396 (A username enumeration vulnerability exists in multiple WSO2 products ...)
+ TODO: check
+CVE-2025-11005 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2025-11000 (A vulnerability was determined in Open Babel up to 3.1.1. This affects ...)
+ TODO: check
+CVE-2025-10999 (A vulnerability was found in Open Babel up to 3.1.1. The impacted elem ...)
+ TODO: check
+CVE-2025-10998 (A vulnerability has been found in Open Babel up to 3.1.1. The affected ...)
+ TODO: check
+CVE-2025-10997 (A flaw has been found in Open Babel up to 3.1.1. Impacted is the funct ...)
+ TODO: check
+CVE-2025-10996 (A vulnerability was detected in Open Babel up to 3.1.1. This issue aff ...)
+ TODO: check
+CVE-2025-10995 (A security vulnerability has been detected in Open Babel up to 3.1.1. ...)
+ TODO: check
+CVE-2025-10994 (A weakness has been identified in Open Babel up to 3.1.1. This affects ...)
+ TODO: check
+CVE-2025-10993 (A security flaw has been discovered in MuYuCMS up to 2.7. Affected by ...)
+ TODO: check
+CVE-2025-10992 (A vulnerability was determined in roncoo roncoo-pay up to 9428382af21c ...)
+ TODO: check
+CVE-2025-10989 (A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1 ...)
+ TODO: check
+CVE-2025-10988 (A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. ...)
+ TODO: check
+CVE-2025-10987 (A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Af ...)
+ TODO: check
+CVE-2025-10981 (A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an ...)
+ TODO: check
+CVE-2025-10980 (A security vulnerability has been detected in JeecgBoot up to 3.8.2. T ...)
+ TODO: check
+CVE-2025-10979 (A weakness has been identified in JeecgBoot up to 3.8.2. The impacted ...)
+ TODO: check
+CVE-2025-10978 (A security flaw has been discovered in JeecgBoot up to 3.8.2. The affe ...)
+ TODO: check
+CVE-2025-10977 (A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is a ...)
+ TODO: check
+CVE-2025-10976 (A vulnerability was determined in JeecgBoot up to 3.8.2. This issue af ...)
+ TODO: check
+CVE-2025-10975 (A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db ...)
+ TODO: check
+CVE-2025-10974 (A vulnerability has been found in giantspatula SewKinect up to 7fd963c ...)
+ TODO: check
+CVE-2025-10973 (A flaw has been found in JackieDYH Resume-management-system up to fb6b ...)
+ TODO: check
+CVE-2025-10967 (A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51 ...)
+ TODO: check
+CVE-2025-10965 (A security vulnerability has been detected in LazyAGI LazyLLM up to 0. ...)
+ TODO: check
+CVE-2025-10752 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
+ TODO: check
+CVE-2025-10747 (The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2025-10745 (The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots pl ...)
+ TODO: check
+CVE-2025-10490 (The Zephyr Project Manager plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-10377 (The System Dashboard plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2025-10307 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
+ TODO: check
+CVE-2025-10180 (The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-10178 (The CM Business Directory plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-10173 (The ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One W ...)
+ TODO: check
+CVE-2025-10137 (The Snow Monkey theme for WordPress is vulnerable to Server-Side Reque ...)
+ TODO: check
+CVE-2025-10136 (The TweetThis Shortcode plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-10037 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-10036 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2025-60249 (vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and u ...)
NOT-FOR-US: vulnerability-lookup
CVE-2025-60019 (glib-networking's OpenSSL backend fails to properly check the return v ...)
@@ -4205,7 +4331,7 @@ CVE-2022-50339 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f74ca25d6d6629ffd4fd80a1a73037253b57d06b (6.1-rc1)
CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2 ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -4213,7 +4339,7 @@ CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10537
CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -4227,7 +4353,7 @@ CVE-2025-10534 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
- firefox 143.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10534
CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefo ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -4235,7 +4361,7 @@ CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28,
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10533
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10533
CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -4249,7 +4375,7 @@ CVE-2025-10530 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10530
CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -4257,7 +4383,7 @@ CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10529
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10529
CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -4265,7 +4391,7 @@ CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10528
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10528
CVE-2025-10527 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+ {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird 1:140.3.0esr-1
@@ -29701,6 +29827,7 @@ CVE-2025-36529 (An OS command injection issue exists in multiple versions of TB-
CVE-2025-5731 (A flaw was found in Infinispan CLI. A sensitive password, decoded from ...)
NOT-FOR-US: Infinispan
CVE-2025-52555 (Ceph is a distributed object, block, and file storage platform. In ver ...)
+ {DLA-4310-1}
- ceph 18.2.6-1 (bug #1108410)
[bookworm] - ceph <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2374412
@@ -206848,7 +206975,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versio
CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...)
NOT-FOR-US: Apple
CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to ...)
- {DSA-5825-1 DLA-3629-1}
+ {DSA-5825-1 DLA-4310-1 DLA-3629-1}
- ceph 16.2.11+ds-5 (bug #1053690)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
NOTE: https://tracker.ceph.com/issues/63004
@@ -270954,6 +271081,7 @@ CVE-2022-3652 (Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allo
CVE-2022-3651
RESERVED
CVE-2022-3650 (A privilege escalation flaw was found in Ceph. Ceph-crash.service allo ...)
+ {DLA-4310-1}
- ceph 16.2.10+ds-4 (bug #1024932)
[buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
@@ -341264,7 +341392,7 @@ CVE-2021-3981 (A flaw in grub2 was found where its configuration file, known as
CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...)
- elgg <itp> (bug #526197)
CVE-2021-3979 (A key length flaw was found in Red Hat Ceph Storage. An attacker can e ...)
- {DLA-3629-1}
+ {DLA-4310-1 DLA-3629-1}
- ceph 16.2.9+ds-1
[stretch] - ceph <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eee61395c9a3cd5dae28aaad01ffac29f529a3e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eee61395c9a3cd5dae28aaad01ffac29f529a3e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/cfdffc99/attachment.htm>
More information about the debian-security-tracker-commits
mailing list