Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a2bcbbc by security tracker role at 2025-08-28T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,408 @@
+CVE-2025-9584 (A vulnerability was found in Comfast CF-N1 2.6.0. Affected by
this iss ...)
+ TODO: check
+CVE-2025-9583 (A vulnerability has been found in Comfast CF-N1 2.6.0. Affected
by thi ...)
+ TODO: check
+CVE-2025-9582 (A flaw has been found in Comfast CF-N1 2.6.0. Affected is the
function ...)
+ TODO: check
+CVE-2025-9581 (A vulnerability was detected in Comfast CF-N1 2.6.0. This
impacts the ...)
+ TODO: check
+CVE-2025-9580 (A security vulnerability has been detected in LB-LINK BL-X26
1.2.8. Th ...)
+ TODO: check
+CVE-2025-9579 (A weakness has been identified in LB-LINK BL-X26 1.2.8. The
impacted e ...)
+ TODO: check
+CVE-2025-9578 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
+CVE-2025-9577 (A security flaw has been discovered in TOTOLINK X2000R up to
2.0.0. Th ...)
+ TODO: check
+CVE-2025-9576 (A vulnerability was identified in seeedstudio ReSpeaker
LinkIt7688. Im ...)
+ TODO: check
+CVE-2025-9575 (A vulnerability was determined in Linksys RE6250, RE6300,
RE6350, RE65 ...)
+ TODO: check
+CVE-2025-9376 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and
Anti Spa ...)
+ TODO: check
+CVE-2025-9352 (The Pronamic Google Maps plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-9346 (The Booking Calendar plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-9345 (The File Manager, Code Editor, and Backup by Managefy plugin
for WordP ...)
+ TODO: check
+CVE-2025-9344 (The UsersWP \u2013 Front-end login form, User Registration,
User Profi ...)
+ TODO: check
+CVE-2025-9195 (Improper input validation in firmware of some Solidigm DC
Products may ...)
+ TODO: check
+CVE-2025-8977 (The Simple Download Monitor plugin for WordPress is vulnerable
to time ...)
+ TODO: check
+CVE-2025-8897 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2025-8603 (The Unlimited Elements For Elementor plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-8073 (The Dynamic AJAX Product Filters for WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2025-7956 (The Ajax Search Lite plugin for WordPress is vulnerable to
Basic Infor ...)
+ TODO: check
+CVE-2025-7955 (The RingCentral Communications plugin for WordPress is
vulnerable to A ...)
+ TODO: check
+CVE-2025-7812 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
+ TODO: check
+CVE-2025-6255 (The Dynamic AJAX Product Filters for WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2025-6203 (A malicious user may submit a specially-crafted complex payload
that o ...)
+ TODO: check
+CVE-2025-58335 (In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66,
252.284. ...)
+ TODO: check
+CVE-2025-58334 (In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164
users w ...)
+ TODO: check
+CVE-2025-58322 (NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a
local attac ...)
+ TODO: check
+CVE-2025-58127 (Improper Certificate Validation in Checkmk Exchange plugin
Dell Powers ...)
+ TODO: check
+CVE-2025-58126 (Improper Certificate Validation in Checkmk Exchange plugin
VMware vSAN ...)
+ TODO: check
+CVE-2025-58125 (Improper Certificate Validation in Checkmk Exchange plugin
Freebox v6 ...)
+ TODO: check
+CVE-2025-58124 (Improper Certificate Validation in Checkmk Exchange plugin
check-mk-ap ...)
+ TODO: check
+CVE-2025-58123 (Improper Certificate Validation in Checkmk Exchange plugin BGP
Monitor ...)
+ TODO: check
+CVE-2025-58081 (Use of hard-coded password issue/vulnerability in SS1
Ver.16.0.0.10 an ...)
+ TODO: check
+CVE-2025-58072 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2025-58059 (Valtimo is a platform for Business Process Automation. In
versions bef ...)
+ TODO: check
+CVE-2025-58049 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2025-58048 (Paymenter is a free and open-source webshop solution for
hostings. Pri ...)
+ TODO: check
+CVE-2025-58047 (Volto is a React based frontend for the Plone Content
Management Syste ...)
+ TODO: check
+CVE-2025-57845
+ REJECTED
+CVE-2025-57819 (FreePBX is an open-source web-based graphical user interface.
FreePBX ...)
+ TODO: check
+CVE-2025-57767 (Asterisk is an open source private branch exchange and
telephony toolk ...)
+ TODO: check
+CVE-2025-57759 (Contao is an Open Source CMS. In versions starting from 5.3.0
and prio ...)
+ TODO: check
+CVE-2025-57758 (Contao is an Open Source CMS. In versions starting from 5.0.0
and prio ...)
+ TODO: check
+CVE-2025-57757 (Contao is an Open Source CMS. In versions starting from 5.0.0
and prio ...)
+ TODO: check
+CVE-2025-57756 (Contao is an Open Source CMS. In versions starting from 4.9.14
and pri ...)
+ TODO: check
+CVE-2025-57220 (An input validation flaw in the 'ate' service of Tenda AC10
v4.0 firmw ...)
+ TODO: check
+CVE-2025-57219 (Incorrect access control in the endpoint /goform/ate of Tenda
AC10 v4. ...)
+ TODO: check
+CVE-2025-57218 (Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was
discovered to co ...)
+ TODO: check
+CVE-2025-57217 (Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was
discovered to co ...)
+ TODO: check
+CVE-2025-57215 (Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2025-56236 (FormCms v0.5.5 contains a stored cross-site scripting (XSS)
vulnerabil ...)
+ TODO: check
+CVE-2025-55583 (D-Link DIR-868L B1 router firmware version FW2.05WWB02
contains an una ...)
+ TODO: check
+CVE-2025-55175 (QuickCMS is vulnerable to Reflected XSS via sLangEditparameter
in admi ...)
+ TODO: check
+CVE-2025-54995 (Asterisk is an open source private branch exchange and
telephony toolk ...)
+ TODO: check
+CVE-2025-54819 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54762 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and
earlier) allo ...)
+ TODO: check
+CVE-2025-54742 (Deserialization of Untrusted Data vulnerability in
magepeopleteam WpEv ...)
+ TODO: check
+CVE-2025-54738 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-54734 (Missing Authorization vulnerability in bPlugins B Slider
allows Exploi ...)
+ TODO: check
+CVE-2025-54733 (Missing Authorization vulnerability in Miles All Bootstrap
Blocks allo ...)
+ TODO: check
+CVE-2025-54731 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-54725 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-54724 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54720 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54716 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54714 (Missing Authorization vulnerability in Dylan James Zephyr
Project Mana ...)
+ TODO: check
+CVE-2025-54710 (Missing Authorization vulnerability in bPlugins Tiktok Feed
allows Acc ...)
+ TODO: check
+CVE-2025-54544 (QuickCMS is vulnerable to Stored XSS
viaaDirFilesDescriptionsparameter ...)
+ TODO: check
+CVE-2025-54543 (QuickCMS is vulnerable to Stored XSS
viasDescriptionMetaparameter in p ...)
+ TODO: check
+CVE-2025-54542 (QuickCMS sends password and login via GET Request. This allows
alocal ...)
+ TODO: check
+CVE-2025-54541 (QuickCMS is vulnerable to Cross-Site Request Forgery in page
deletion ...)
+ TODO: check
+CVE-2025-54540 (QuickCMS is vulnerable to Reflected XSS viasSortparameter in
admin's p ...)
+ TODO: check
+CVE-2025-54029 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-53970 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and
earlier) allo ...)
+ TODO: check
+CVE-2025-53588 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-53584 (Deserialization of Untrusted Data vulnerability in
emarket-design WP T ...)
+ TODO: check
+CVE-2025-53583 (Deserialization of Untrusted Data vulnerability in
emarket-design Empl ...)
+ TODO: check
+CVE-2025-53579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53578 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53576 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53572 (Deserialization of Untrusted Data vulnerability in
emarket-design WP E ...)
+ TODO: check
+CVE-2025-53396 (Incorrect permission assignment for critical resource issue
exists in ...)
+ TODO: check
+CVE-2025-53337 (Missing Authorization vulnerability in Ashan Perera LifePress
allows E ...)
+ TODO: check
+CVE-2025-53334 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53328 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53326 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53250 (Server-Side Request Forgery (SSRF) vulnerability in Chartbeat
Chartbea ...)
+ TODO: check
+CVE-2025-53248 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53247 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53244 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53243 (Deserialization of Untrusted Data vulnerability in
emarket-design Empl ...)
+ TODO: check
+CVE-2025-53230 (Missing Authorization vulnerability in honzat Page Manager for
Element ...)
+ TODO: check
+CVE-2025-53227 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53225 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53224 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53223 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53220 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53216 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53215 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52761 (Deserialization of Untrusted Data vulnerability in manfcarlo
WP Funnel ...)
+ TODO: check
+CVE-2025-52460 (Files or directories accessible to external parties issue
exists in SS ...)
+ TODO: check
+CVE-2025-52054 (An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band
Gigabit Wir ...)
+ TODO: check
+CVE-2025-51972 (A SQL Injection vulnerability exists in the login.php of
PuneethReddyH ...)
+ TODO: check
+CVE-2025-51971 (A reflected Cross-Site Scripting (XSS) vulnerability exists in
registe ...)
+ TODO: check
+CVE-2025-51969 (A SQL Injection vulnerability exists in the product.php page
of Puneet ...)
+ TODO: check
+CVE-2025-51968 (A SQL Injection vulnerability exists in the action.php file of
Puneeth ...)
+ TODO: check
+CVE-2025-51967 (A Reflected Cross-site Scripting (XSS) vulnerability exists in
the the ...)
+ TODO: check
+CVE-2025-51643 (Meitrack T366G-L GPS Tracker devices contain an SPI flash chip
(Winbon ...)
+ TODO: check
+CVE-2025-49407 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49405 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49404 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49402 (Missing Authorization vulnerability in favethemes Houzez CRM
allows Ex ...)
+ TODO: check
+CVE-2025-49388 (Incorrect Privilege Assignment vulnerability in kamleshyadav
Miraculou ...)
+ TODO: check
+CVE-2025-49387 (Unrestricted Upload of File with Dangerous Type vulnerability
in add-o ...)
+ TODO: check
+CVE-2025-49383 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48963 (Local privilege escalation due to improper soft link handling.
The fol ...)
+ TODO: check
+CVE-2025-48365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48364 (Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X
rajce allo ...)
+ TODO: check
+CVE-2025-48363 (Cross-Site Request Forgery (CSRF) vulnerability in Metin
Sara\xe7 Popu ...)
+ TODO: check
+CVE-2025-48362 (Cross-Site Request Forgery (CSRF) vulnerability in Saeed
Sattar Beglou ...)
+ TODO: check
+CVE-2025-48361 (Insertion of Sensitive Information Into Sent Data
vulnerability in Sae ...)
+ TODO: check
+CVE-2025-48360 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48359 (Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07
ATT You ...)
+ TODO: check
+CVE-2025-48358 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48357 (Cross-Site Request Forgery (CSRF) vulnerability in Theme
Century Centu ...)
+ TODO: check
+CVE-2025-48356 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48353 (Cross-Site Request Forgery (CSRF) vulnerability in dactum
Clickbank Wo ...)
+ TODO: check
+CVE-2025-48352 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48351 (Cross-Site Request Forgery (CSRF) vulnerability in
PluginsPoint Kento ...)
+ TODO: check
+CVE-2025-48350 (Missing Authorization vulnerability in Neuralabz LTD AutoWP
allows Exp ...)
+ TODO: check
+CVE-2025-48349 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48348 (Incorrect Privilege Assignment vulnerability in
chandrashekharsahu Sit ...)
+ TODO: check
+CVE-2025-48347 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48343 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron
Axelsen WPMU ...)
+ TODO: check
+CVE-2025-48327 (Missing Authorization vulnerability in inkthemes WP Mailgun
SMTP allow ...)
+ TODO: check
+CVE-2025-48325 (Cross-Site Request Forgery (CSRF) vulnerability in shmish111
WP Admin ...)
+ TODO: check
+CVE-2025-48324 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48323 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48322 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48321 (Cross-Site Request Forgery (CSRF) vulnerability in dyiosah
Ultimate tw ...)
+ TODO: check
+CVE-2025-48320 (Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello
\u767e\ ...)
+ TODO: check
+CVE-2025-48319 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48318 (Cross-Site Request Forgery (CSRF) vulnerability in shen2
\u591a\u8bf4\ ...)
+ TODO: check
+CVE-2025-48316 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48315 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48314 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48313 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48312 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48311 (Cross-Site Request Forgery (CSRF) vulnerability in OffClicks
Invisible ...)
+ TODO: check
+CVE-2025-48310 (Cross-Site Request Forgery (CSRF) vulnerability in
wptableeditor Table ...)
+ TODO: check
+CVE-2025-48309 (Cross-Site Request Forgery (CSRF) vulnerability in web-able
BetPress a ...)
+ TODO: check
+CVE-2025-48308 (Cross-Site Request Forgery (CSRF) vulnerability in nonletter
Newslette ...)
+ TODO: check
+CVE-2025-48307 (Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao
SEO For I ...)
+ TODO: check
+CVE-2025-48306 (Cross-Site Request Forgery (CSRF) vulnerability in developers
savyour ...)
+ TODO: check
+CVE-2025-48305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48304 (Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes
Google ...)
+ TODO: check
+CVE-2025-48110 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48109 (Cross-Site Request Forgery (CSRF) vulnerability in Xavier
Media XM-Bac ...)
+ TODO: check
+CVE-2025-48100 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-46409 (Inadequate encryption strength issue exists in SS1
Ver.16.0.0.10 and e ...)
+ TODO: check
+CVE-2025-39496 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-36003 (IBM Security Verify Governance Identity Manager 10.0.2 could
allow a r ...)
+ TODO: check
+CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the
exists in the ...)
+ TODO: check
+CVE-2025-34522 (A heap-based buffer overflow vulnerability exists in the input
parsing ...)
+ TODO: check
+CVE-2025-34521 (A reflected cross-site scripting (XSS) vulnerability exists in
the web ...)
+ TODO: check
+CVE-2025-34520 (An authentication bypass vulnerability in Arcserve Unified
Data Protec ...)
+ TODO: check
+CVE-2025-34163 (Dongsheng Logistics Software exposes an unauthenticated
endpoint at /C ...)
+ TODO: check
+CVE-2025-34162 (An unauthenticated SQL injection vulnerability exists in the
GetLyfsBy ...)
+ TODO: check
+CVE-2025-34160 (AnyShare contains a critical unauthenticated remote code
execution vul ...)
+ TODO: check
+CVE-2025-31979 (A File Upload Validation Bypass vulnerability has been
identified in t ...)
+ TODO: check
+CVE-2025-31977 (HCL BigFix SM is affected by cryptographic weakness due to
weak or out ...)
+ TODO: check
+CVE-2025-31972 (HCL BigFix SM is affected by a Sensitive Information Exposure
vulnerab ...)
+ TODO: check
+CVE-2025-31971 (AIML Solutions for HCL SX is vulnerable to a URL validation
vulnerabil ...)
+ TODO: check
+CVE-2025-29364 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer
Overflow ...)
+ TODO: check
+CVE-2025-25010 (Incorrect authorization in Kibana can lead to privilege
escalation via ...)
+ TODO: check
+CVE-2025-0951 (Multiple plugins and/or themes for WordPress by LiquidThemes
are vulne ...)
+ TODO: check
+CVE-2024-9648 (The WP ULike Pro plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2024-49790 (IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is
vulnerable to c ...)
+ TODO: check
+CVE-2024-48908 (lychee link checking action checks links in Markdown, HTML,
and text f ...)
+ TODO: check
+CVE-2024-13986 (Nagios XI < 2024R1.3.2 contains a remote code execution
vulnerability ...)
+ TODO: check
+CVE-2024-13985 (A command injection vulnerability in Dahua EIMS versions prior
to 2240 ...)
+ TODO: check
+CVE-2024-13984 (QiAnXin TianQing Management Center versions up to and
including 6.7.0. ...)
+ TODO: check
+CVE-2024-13982 (SPON IP Network Broadcast System, a digital audio transmission
platfor ...)
+ TODO: check
+CVE-2024-13981 (LiveBOS, an object-oriented business architecture middleware
suite dev ...)
+ TODO: check
+CVE-2024-13980 (H3C Intelligent Management Center (IMC) versions up to and
including E ...)
+ TODO: check
+CVE-2024-13979 (A SQL injection vulnerability exists in the St. Joe ERP system
("\u572 ...)
+ TODO: check
+CVE-2024-13807 (The Xagio SEO plugin for WordPress is vulnerable to Sensitive
Informat ...)
+ TODO: check
+CVE-2023-7309 (A path traversal vulnerability exists in the Dahua Smart Park
Integrat ...)
+ TODO: check
+CVE-2023-7308 (SecGate3600, a network firewall product developed by NSFOCUS,
contains ...)
+ TODO: check
+CVE-2023-7307 (Sangfor Behavior Management System (also referred to as DC
Management ...)
+ TODO: check
+CVE-2018-25115 (Multiple D-Link DIR-series routers, including DIR-110,
DIR-412, DIR-60 ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0051]
- rust-xcb <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0051.html
NOTE: https://github.com/rust-x-bindings/rust-xcb/issues/282
NOTE: https://github.com/rust-x-bindings/rust-xcb/issues/167
NOTE: https://github.com/rust-x-bindings/rust-xcb/pull/283
-CVE-2025-8067
+CVE-2025-8067 (A flaw was found in the Udisks daemon, where it allows
unprivileged us ...)
+ {DSA-5989-1 DLA-4284-1}
- udisks2 2.10.90-3.1
NOTE: https://www.openwall.com/lists/oss-security/2025/08/28/1
NOTE:
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
NOTE:
https://github.com/storaged-project/udisks/commit/280b127124332c6436bc8273ef677f218b435593
(master)
NOTE:
https://github.com/storaged-project/udisks/commit/9ed2186f668c76aeb472de170d62b499d85a1915
(udisks-2.10.2)
-CVE-2024-58240 [tls: separate no-async decryption request handling from async]
+CVE-2024-58240 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.7.9-1
NOTE:
https://git.kernel.org/linus/41532b785e9d79636b3815a64ddf6a096647d011 (6.8-rc7)
-CVE-2025-40779 [Kea crash upon interaction between specific client options and
subnet selection]
+CVE-2025-40779 (If a DHCPv4 client sends a request with some specific options,
and Kea ...)
- isc-kea <not-affected> (Vulnerable code introduced later, bug
#1112247)
NOTE: https://kb.isc.org/docs/cve-2025-40779
NOTE: Backport: https://gitlab.isc.org/isc-projects/kea/-/issues/4055
@@ -333,6 +722,7 @@ CVE-2025-9482 (A vulnerability was detected in Linksys
RE6250, RE6300, RE6350, R
CVE-2025-9481 (A security vulnerability has been detected in Linksys RE6250,
RE6300, ...)
NOT-FOR-US: Linksys
CVE-2025-9478 (Use after free in ANGLE in Google Chrome prior to
139.0.7258.154 allow ...)
+ {DSA-5988-1}
- chromium 139.0.7258.154-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9190 (The configuration of Cursor on macOS, specifically the
"RunAsNode" fus ...)
@@ -1682,7 +2072,7 @@ CVE-2025-38743 (Dell iDRAC Service Module (iSM), versions
prior to 6.0.3.0, cont
NOT-FOR-US: Dell / EMC
CVE-2025-38742 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0,
contains a ...)
NOT-FOR-US: Dell / EMC
-CVE-2025-34158 (Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are
affecte ...)
+CVE-2025-34158 (Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before
1.42.1 is aff ...)
NOT-FOR-US: Plex Media Server (PMS)
CVE-2025-27721 (Unauthorized users can access INFINITT PACS System
Managerwithout prop ...)
NOT-FOR-US: INFINITT Healthcare
@@ -11837,7 +12227,7 @@ CVE-2025-6993 (The Ultimate WP Mail plugin for
WordPress is vulnerable to Privil
CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3( <=
180703)/V ...)
NOT-FOR-US: TP-Link
CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday
Attack' ...)
- {DLA-4280-1}
+ {DSA-5987-1 DLA-4280-1}
- unbound 1.22.0-2 (bug #1109427)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/5bf82f246481098a6473f296b21fc1229d276c0f
(release-1.23.1)
@@ -102664,7 +103054,7 @@ CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and
Linux contains a vulnerabilit
CVE-2023-37822 (The Eufy Homebase 2 before firmware version 3.3.4.1h creates a
dedicat ...)
NOT-FOR-US: Eufy HomeBase 2 model T8010X
CVE-2024-8508 (NLnet Labs Unbound up to and including version 1.21.0 contains
a vulne ...)
- {DLA-3952-1}
+ {DSA-5987-1 DLA-3952-1}
- unbound 1.21.1-1 (bug #1083282)
NOTE: Advisory: https://nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt
NOTE: Patch:
https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-8508.diff
@@ -124943,6 +125333,7 @@ CVE-2024-38525 (dd-trace-cpp is the Datadog
distributed tracing for C++. When th
CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to
help tea ...)
NOT-FOR-US: BigBlueButton
CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0
mishandle ...)
+ {DLA-4285-1}
- golang-github-gin-contrib-cors 1.7.6-1 (bug #1075962)
[trixie] - golang-github-gin-contrib-cors <no-dsa> (Minor issue)
[bookworm] - golang-github-gin-contrib-cors <no-dsa> (Minor issue)
@@ -142316,7 +142707,7 @@ CVE-2024-0445 (The The Plus Addons for Elementor
plugin for WordPress is vulnera
CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote
attackers to ca ...)
- {DLA-4280-1}
+ {DSA-5987-1 DLA-4280-1}
- unbound 1.20.0-1
[buster] - unbound <ignored> (Not affected by DoS, intrusive changes)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
@@ -338957,7 +339348,8 @@ CVE-2021-41876
RESERVED
CVE-2021-41875
RESERVED
-CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of
Portain ...)
+CVE-2021-41874
+ REJECTED
NOT-FOR-US: Portainer
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top
box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2bcbbcedd6ebd9b73f7803d7fec5f71d65860f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2bcbbcedd6ebd9b73f7803d7fec5f71d65860f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
