[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 07 Sep 2025 08:55:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0a7812c3 by security tracker role at 2025-09-05T08:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2025-9990 (The WordPress Helpdesk Integration plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-8944 (The OceanWP WordPress theme before 4.1.2 is vulnerable to an 
option up ...)
+       TODO: check
+CVE-2025-8684 (The Flatsome Theme for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
+       TODO: check
+CVE-2025-7445 (Kubernetes secrets-store-sync-controller in versions before 
0.0.2 disc ...)
+       TODO: check
+CVE-2025-58401 (Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store 
Github AP ...)
+       TODO: check
+CVE-2025-58400 (RATOC RAID Monitoring Manager for Windows provided by RATOC 
Systems, I ...)
+       TODO: check
+CVE-2025-58362 (Hono is a Web application framework that provides support for 
any Java ...)
+       TODO: check
+CVE-2025-58359 (ZF FROST is a Rust implementation of FROST (Flexible 
Round-Optimised S ...)
+       TODO: check
+CVE-2025-58352 (Weblate is a web based localization tool. Versions lower than 
5.13.1 c ...)
+       TODO: check
+CVE-2025-58313 (Race condition vulnerability in the device standby module. 
Impact: Suc ...)
+       TODO: check
+CVE-2025-58296 (Race condition vulnerability in the audio module. Impact: 
Successful e ...)
+       TODO: check
+CVE-2025-58281 (Out-of-bounds read vulnerability in the runtime interpreter 
module. Im ...)
+       TODO: check
+CVE-2025-58280 (Vulnerability of exposing object heap addresses in the Ark eTS 
module. ...)
+       TODO: check
+CVE-2025-58276 (Permission verification vulnerability in the home screen 
module Impact ...)
+       TODO: check
+CVE-2025-58179 (Astro is a web framework for content-driven websites. Versions 
11.0.3  ...)
+       TODO: check
+CVE-2025-55739 (api is a module for FreePBX@, which is an open source GUI that 
control ...)
+       TODO: check
+CVE-2025-55671 (Uncontrolled search path element issue exists in TkEasyGUI 
versions pr ...)
+       TODO: check
+CVE-2025-55305 (Electron is a framework for writing cross-platform desktop 
application ...)
+       TODO: check
+CVE-2025-55244 (Azure Bot Service Elevation of Privilege Vulnerability)
+       TODO: check
+CVE-2025-55242 (Exposure of sensitive information to an unauthorized actor in 
Xbox all ...)
+       TODO: check
+CVE-2025-55241 (Azure Entra Elevation of Privilege Vulnerability)
+       TODO: check
+CVE-2025-55238 (Dynamics 365 FastTrack Implementation Assets Information 
Disclosure Vu ...)
+       TODO: check
+CVE-2025-55209 (contactmanager is a module for FreePBX@, which is an open 
source GUI t ...)
+       TODO: check
+CVE-2025-55190 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
+       TODO: check
+CVE-2025-55037 (Improper neutralization of special elements used in an OS 
command ('OS ...)
+       TODO: check
+CVE-2025-54914 (Azure Networking Elevation of Privilege Vulnerability)
+       TODO: check
+CVE-2025-48395 (An attacker with authenticated and privileged access could 
modify the  ...)
+       TODO: check
+CVE-2025-41408 (Improper authorization in handler for custom URL scheme issue 
in "Yaho ...)
+       TODO: check
 CVE-2025-9636 (pgAdmin <= 9.7 is affected by a  Cross-Origin Opener Policy 
(COOP) vul ...)
        - pgadmin4 <itp> (bug #834129)
 CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site 
Request For ...)
@@ -5245,7 +5301,8 @@ CVE-2025-38604 (In the Linux kernel, the following 
vulnerability has been resolv
        [trixie] - linux 6.12.43-1
        [bookworm] - linux 6.1.148-1
        NOTE: 
https://git.kernel.org/linus/16d8fd74dbfca0ea58645cd2fca13be10cae3cdd (6.17-rc1)
-CVE-2025-38603 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
+CVE-2025-38603
+       REJECTED
        - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/5fb90421fa0fbe0a968274912101fe917bf1c47b (6.17-rc1)
 CVE-2025-38602 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7812c32f503c03d82a4d7fd7cdd761f4d4ffc9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7812c32f503c03d82a4d7fd7cdd761f4d4ffc9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to