[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 30 09:12:59 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6210c3bd by security tracker role at 2025-09-30T08:12:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,186 @@
-CVE-2024-58040 [Crypt::RandomEncryption for Perl uses insecure rand() function during encryption]
+CVE-2025-9993 (The Bei Fen \u2013 WordPress Backup Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-9991 (The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-9948 (The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2025-9946 (The LockerPress \u2013 WordPress Security Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2025-9852 (The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-9762 (The Post By Email plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2025-8777 (The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-8625 (The Copypress Rest API plugin for WordPress is vulnerable to Remote Co ...)
+ TODO: check
+CVE-2025-8624 (The Nexa Blocks plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-8623 (The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-8608 (The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-8566 (The GutenBee \u2013 Gutenberg Blocks plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-8560 (The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-8559 (The All in One Music Player plugin for WordPress is vulnerable to Path ...)
+ TODO: check
+CVE-2025-8214 (The The Pack Elementor addon plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-7052 (The LatePoint plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-7038 (The LatePoint plugin for WordPress is vulnerable to Authentication Byp ...)
+ TODO: check
+CVE-2025-6941 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2025-6815 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2025-61633
+ REJECTED
+CVE-2025-61632
+ REJECTED
+CVE-2025-61631
+ REJECTED
+CVE-2025-61630
+ REJECTED
+CVE-2025-61629
+ REJECTED
+CVE-2025-61628
+ REJECTED
+CVE-2025-61627
+ REJECTED
+CVE-2025-61626
+ REJECTED
+CVE-2025-61586 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and ...)
+ TODO: check
+CVE-2025-61584 (serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Wor ...)
+ TODO: check
+CVE-2025-59956 (AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, an ...)
+ TODO: check
+CVE-2025-59954 (Knowage is an open source analytics and business intelligence suite. V ...)
+ TODO: check
+CVE-2025-59952 (MinIO Java SDK is a Simple Storage Service (aka S3) client to perform ...)
+ TODO: check
+CVE-2025-59950 (FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 a ...)
+ TODO: check
+CVE-2025-59948 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and ...)
+ TODO: check
+CVE-2025-59942 (go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). I ...)
+ TODO: check
+CVE-2025-59941 (go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). I ...)
+ TODO: check
+CVE-2025-59940 (mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. ...)
+ TODO: check
+CVE-2025-59937 (go-mail is a comprehensive library for sending mails with Go. In versi ...)
+ TODO: check
+CVE-2025-59933 (libvips is a demand-driven, horizontally threaded image processing lib ...)
+ TODO: check
+CVE-2025-59668 (Multiple versions of Central Monitor CNS-6201 contain a NULL pointer d ...)
+ TODO: check
+CVE-2025-59163 (vet is an open source software supply chain security tool. Versions 1. ...)
+ TODO: check
+CVE-2025-57769 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and ...)
+ TODO: check
+CVE-2025-57266 (An issue was discovered in file AssistantController.java in ThriveX Bl ...)
+ TODO: check
+CVE-2025-54875 (FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 a ...)
+ TODO: check
+CVE-2025-54592 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and ...)
+ TODO: check
+CVE-2025-54591 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and ...)
+ TODO: check
+CVE-2025-45376 (Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an I ...)
+ TODO: check
+CVE-2025-43820 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar wi ...)
+ TODO: check
+CVE-2025-43818 (Cross-site scripting (XSS) vulnerability in the Calendar widget in Lif ...)
+ TODO: check
+CVE-2025-43817 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Lifer ...)
+ TODO: check
+CVE-2025-43815 (Reflected cross-site scripting (XSS) vulnerability on the page configu ...)
+ TODO: check
+CVE-2025-43813 (Possible path traversal vulnerability and denial-of-service in the Com ...)
+ TODO: check
+CVE-2025-43812 (Cross-site scripting (XSS) vulnerability in web content template in Li ...)
+ TODO: check
+CVE-2025-43811 (Multiple stored cross-site scripting (XSS) vulnerability in the relate ...)
+ TODO: check
+CVE-2025-36245 (IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allo ...)
+ TODO: check
+CVE-2025-34235 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34234 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34233 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34232 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34231 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34230 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34229 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34228 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34225 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34224 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34223 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34222 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34221 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34220 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34218 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34216 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34215 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34212 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34211 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to v ...)
+ TODO: check
+CVE-2025-34209 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 2 ...)
+ TODO: check
+CVE-2025-34207 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 2 ...)
+ TODO: check
+CVE-2025-30247 (An OS command injection vulnerability in user interface in Western Dig ...)
+ TODO: check
+CVE-2025-11163 (The SmartCrawl SEO checker, analyzer & optimizer plugin for WordPress ...)
+ TODO: check
+CVE-2025-11149 (This affects all versions of the package node-static; all versions of ...)
+ TODO: check
+CVE-2025-11148 (All versions of the package check-branches are vulnerable to Command I ...)
+ TODO: check
+CVE-2025-10991 (The attacker may obtain root access by connecting to the UART port and ...)
+ TODO: check
+CVE-2025-10196 (The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-10191 (The Big Post Shipping for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-10189 (The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-10182 (The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-10179 (The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-10168 (The Any News Ticker plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-10131 (The All Social Share Options plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-10130 (The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-10128 (The Eulerpool Research Systems plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-10000 (The Qyrr \u2013 simply and modern QR-Code creation plugin for WordPres ...)
+ TODO: check
+CVE-2024-58040 (Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() fun ...)
NOT-FOR-US: Crypt::RandomEncryption Perl module
CVE-2025-9648 (A vulnerability in the CivetWeb library's function mg_handle_form_requ ...)
- civetweb <unfixed>
@@ -1607,6 +1789,7 @@ CVE-2025-60020 (nncp before 8.12.0 allows path traversal (for reading or writing
NOTE: http://www.nncpgo.org/Release-8_005f12_005f0.html
NOTE: http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scWD1A@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7
CVE-2025-9900 (A flaw was found in Libtiff. This vulnerability is a "write-what-where ...)
+ {DLA-4315-1}
- tiff 4.7.1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/704
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/732
@@ -8782,6 +8965,7 @@ CVE-2025-58445 (Atlantis is a self-hosted golang application that listens for Te
CVE-2025-58443 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
NOT-FOR-US: FOG
CVE-2025-58438 (internetarchive is a Python and Command-Line Interface to Archive.org ...)
+ {DLA-4314-1}
- python-internetarchive 5.5.1-1 (bug #1114635)
NOTE: https://github.com/jjjake/internetarchive/security/advisories/GHSA-wx3r-v6h7-frjp
NOTE: Merge commit: https://github.com/jjjake/internetarchive/commit/cba2d459e10a9489fb35caeba0b03e80f5f5d7c2 (v5.5.1)
@@ -19777,6 +19961,7 @@ CVE-2025-54131 (Cursor is a code editor built for programming with AI. In versio
CVE-2025-4588 (The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13978 (A vulnerability was found in LibTIFF up to 4.7.0. It has been declared ...)
+ {DLA-4315-1}
- tiff 4.7.0-4 (bug #1111323)
[trixie] - tiff <no-dsa> (Minor issue)
[bookworm] - tiff <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6210c3bda569a8c987998ce1fced8f5a740c9da3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6210c3bda569a8c987998ce1fced8f5a740c9da3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250930/26a74f64/attachment.htm>
More information about the debian-security-tracker-commits
mailing list