[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 13 Jun 2025 01:12:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9ea0fab7 by security tracker role at 2025-06-13T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-6012 (The Auto Attachments plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2025-5950 (The IndieBlocks plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-5939 (The Telegram for WP plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2025-5938 (The Digital Marketing and Agency Templates Addons for Elementor 
plugin ...)
+       TODO: check
+CVE-2025-5930 (The WP2HTML plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
+       TODO: check
+CVE-2025-5928 (The WP Sliding Login/Dashboard Panel plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2025-5926 (The Link Shield plugin for WordPress is vulnerable to 
Cross-Site Reque ...)
+       TODO: check
+CVE-2025-5923 (The Game Review Block plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-5841 (The ACF Onyx Poll plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2025-5815 (The Traffic Monitor plugin for WordPress is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2025-5491 (Acer ControlCenter contains Remote Code Execution 
vulnerability. The p ...)
+       TODO: check
+CVE-2025-5288 (The REST API | Custom API Generator For Cross Platform And 
Import Expo ...)
+       TODO: check
+CVE-2025-5282 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour 
Operator S ...)
+       TODO: check
+CVE-2025-5233 (The Color Palette plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2025-5123 (The Contact Us Page \u2013 Contact People plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2025-4586 (The IRM Newsroom plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-4585 (The IRM Newsroom plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-4584 (The IRM Newsroom plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-4233 (An insufficient implementation of cache vulnerability in Palo 
Alto Net ...)
+       TODO: check
+CVE-2025-4232 (An improper neutralization of wildcards vulnerability in the 
log colle ...)
+       TODO: check
+CVE-2025-4231 (A command injection vulnerability in Palo Alto Networks 
PAN-OS\xae ena ...)
+       TODO: check
+CVE-2025-4230 (A command injection vulnerability in Palo Alto Networks 
PAN-OS\xae sof ...)
+       TODO: check
+CVE-2025-4229 (An information disclosure vulnerability in the SD-WAN feature 
of Palo  ...)
+       TODO: check
+CVE-2025-4228 (An incorrect privilege assignment vulnerability in Palo Alto 
Networks  ...)
+       TODO: check
+CVE-2025-4227 (An improper access control vulnerability in the  Endpoint 
Traffic Poli ...)
+       TODO: check
+CVE-2025-49589 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. 
A stack- ...)
+       TODO: check
+CVE-2025-47959 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2025-44091 (yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting 
(XSS) vi ...)
+       TODO: check
+CVE-2025-41234 (Description  In Spring Framework, versions 6.0.x as of 6.0.5, 
versions ...)
+       TODO: check
+CVE-2025-41233 (Description:  VMware AVI Load Balancer contains an 
authenticated blind ...)
+       TODO: check
+CVE-2025-39240 (Some Hikvision Wireless Access Point are vulnerable to 
authenticated r ...)
+       TODO: check
+CVE-2025-27689 (Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an 
Improper ...)
+       TODO: check
+CVE-2025-22242 (Worker process denial of service through file read operation. 
.A vulne ...)
+       TODO: check
+CVE-2025-22241 (File contents overwrite the VirtKey class is called when 
\u201con-dema ...)
+       TODO: check
+CVE-2025-22240 (Arbitrary directory creation or file deletion. In the 
find_file method ...)
+       TODO: check
+CVE-2025-22239 (Arbitrary event injection on Salt Master. The master's 
"_minion_event" ...)
+       TODO: check
+CVE-2025-22238 (Directory traversal attack in minion file cache creation. The 
master's ...)
+       TODO: check
+CVE-2025-22237 (An attacker with access to a minion key can exploit the 'on 
demand' pi ...)
+       TODO: check
+CVE-2025-22236 (Minion event bus authorization bypass. An attacker with access 
to a mi ...)
+       TODO: check
+CVE-2024-38825 (The salt.auth.pki module does not properly authenticate 
callers. The " ...)
+       TODO: check
+CVE-2024-38824 (Directory traversal vulnerability in recv_file method allows 
arbitrary ...)
+       TODO: check
+CVE-2024-38823 (Salt's request server is vulnerable to replay attacks when not 
using a ...)
+       TODO: check
+CVE-2024-38822 (Multiple methods in the salt master skip minion token 
validation. Ther ...)
+       TODO: check
 CVE-2025-49794
        - libxml2 <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2372373
@@ -134,7 +220,7 @@ CVE-2024-44905 (go-pg pg v10.13.0 was discovered to contain 
a SQL injection vuln
        TODO: check details
 CVE-2023-45256 (Multiple SQL injection vulnerabilities in the EuroInformation 
Monetico ...)
        NOT-FOR-US: PrestaShop module
-CVE-2025-30399
+CVE-2025-30399 (Untrusted search path in .NET and Visual Studio allows an 
unauthorized ...)
        NOT-FOR-US: Microsoft .NET
 CVE-2025-6009 (A vulnerability was found in kiCode111 like-girl 5.2.0 and 
classified  ...)
        NOT-FOR-US: kiCode111 like-girl
@@ -371276,7 +371362,7 @@ CVE-2021-20590 (Improper authentication vulnerability 
in GOT2000 series GT27 mod
        NOT-FOR-US: Mitsubishi
 CVE-2021-20589 (Buffer access with incorrect length value vulnerability in 
GOT2000 ser ...)
        NOT-FOR-US: Mitsubishi
-CVE-2021-20588 (Improper handling of length parameter inconsistency 
vulnerability in M ...)
+CVE-2021-20588 (Improper Handling of Length Parameter Inconsistency 
vulnerability in M ...)
        NOT-FOR-US: Mitsubishi
 CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi 
Electric FA Eng ...)
        NOT-FOR-US: Mitsubishi



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ea0fab79117776dbbad087a3c42d989fd9aa40e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ea0fab79117776dbbad087a3c42d989fd9aa40e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to