Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c4e00d06 by security tracker role at 2025-11-05T08:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,136 @@
-CVE-2025-62507 [Bug in XACKDEL may lead to stack overflow and potential RCE]
+CVE-2025-8871 (The Everest Forms (Pro) plugin for WordPress is vulnerable to
PHP Obje ...)
+ TODO: check
+CVE-2025-6027 (The Ace User Management WordPress plugin through 2.0.3 does not
proper ...)
+ TODO: check
+CVE-2025-64455
+ REJECTED
+CVE-2025-64454
+ REJECTED
+CVE-2025-64453
+ REJECTED
+CVE-2025-64452
+ REJECTED
+CVE-2025-64451
+ REJECTED
+CVE-2025-64450
+ REJECTED
+CVE-2025-64449
+ REJECTED
+CVE-2025-64448
+ REJECTED
+CVE-2025-64151 (Multiple Roboticsware products provided by Roboticsware PTE.
LTD. regi ...)
+ TODO: check
+CVE-2025-64110 (Cursor is a code editor built for programming with AI. In
versions 1.7 ...)
+ TODO: check
+CVE-2025-64109 (Cursor is a code editor built for programming with AI. In
versions and ...)
+ TODO: check
+CVE-2025-64108 (Cursor is a code editor built for programming with AI. In
versions 1.7 ...)
+ TODO: check
+CVE-2025-64107 (Cursor is a code editor built for programming with AI. In
versions 1.7 ...)
+ TODO: check
+CVE-2025-64106 (Cursor is a code editor built for programming with AI. In
versions 1.7 ...)
+ TODO: check
+CVE-2025-62722 (LinkAce is a self-hosted archive to collect website links. In
versions ...)
+ TODO: check
+CVE-2025-62721 (LinkAce is a self-hosted archive to collect website links. In
versions ...)
+ TODO: check
+CVE-2025-62720 (LinkAce is a self-hosted archive to collect website links.
Versions 2. ...)
+ TODO: check
+CVE-2025-62719 (LinkAce is a self-hosted archive to collect website links. In
versions ...)
+ TODO: check
+CVE-2025-62715 (ClipBucket v5 is an open source video sharing platform.
Versions 5.5.2 ...)
+ TODO: check
+CVE-2025-62520 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
In vers ...)
+ TODO: check
+CVE-2025-62369 (Xibo is an open source digital signage platform with a web
content man ...)
+ TODO: check
+CVE-2025-62225 (Optical Disc Archive Software provided by Sony Corporation
registers a ...)
+ TODO: check
+CVE-2025-59596 (CVE-2025-59596 is a denial-of-service vulnerability in Secure
Access ...)
+ TODO: check
+CVE-2025-59595 (CVE-2025-59595 is an internally discovered denial of service
vulnerab ...)
+ TODO: check
+CVE-2025-56230 (Tencent Docs Desktop 3.9.20 and earlier suffers from Missing
SSL Certi ...)
+ TODO: check
+CVE-2025-55155 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
In vers ...)
+ TODO: check
+CVE-2025-54526 (Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based
buffer ...)
+ TODO: check
+CVE-2025-54496 (A maliciously crafted project file may cause a heap-based
buffer over ...)
+ TODO: check
+CVE-2025-54335 (An issue was discovered in the GPU driver in Samsung Mobile
Processor ...)
+ TODO: check
+CVE-2025-52910 (An issue was discovered in the GPU in Samsung Mobile Processor
and Wea ...)
+ TODO: check
+CVE-2025-48884 (Galette is a membership management web application for non
profit orga ...)
+ TODO: check
+CVE-2025-48076 (Galette is a membership management web application for non
profit orga ...)
+ TODO: check
+CVE-2025-47776 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Due to ...)
+ TODO: check
+CVE-2025-32786 (The GLPI Inventory Plugin handles network discovery,
inventory, softwa ...)
+ TODO: check
+CVE-2025-27374 (An issue was discovered in the Secure Boot component in
Samsung Mobile ...)
+ TODO: check
+CVE-2025-21079 (Improper input validation in Samsung Members prior to version
5.5.01.3 ...)
+ TODO: check
+CVE-2025-21078 (Use of insufficiently random value of secretKey in Smart
Switch prior ...)
+ TODO: check
+CVE-2025-21077 (Improper input validation in Samsung Email prior to version
6.2.06.0 a ...)
+ TODO: check
+CVE-2025-21076 (Improper handling of insufficient permissions or privileges in
Samsung ...)
+ TODO: check
+CVE-2025-21075 (Out-of-bounds write in libimagecodec.quram.so prior to SMR
Nov-2025 Re ...)
+ TODO: check
+CVE-2025-21074 (Out-of-bounds read in libimagecodec.quram.so prior to SMR
Nov-2025 Rel ...)
+ TODO: check
+CVE-2025-21073 (Insecure default configuration in USB connection mode prior to
SMR Nov ...)
+ TODO: check
+CVE-2025-21071 (Out-of-bounds write in handling opcode in fingerprint trustlet
prior t ...)
+ TODO: check
+CVE-2025-12735 (The expr-eval library is a JavaScript expression parser and
evaluator ...)
+ TODO: check
+CVE-2025-12677 (The KiotViet Sync plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2025-12676 (The KiotViet Sync plugin for WordPress is vulnerable to
authorizarion ...)
+ TODO: check
+CVE-2025-12675 (The KiotViet Sync plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2025-12674 (The KiotViet Sync plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2025-12582 (The Features plugin for WordPress is vulnerable to
unauthorized modifi ...)
+ TODO: check
+CVE-2025-12580 (The SMS for WordPress plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2025-12388 (The B Carousel Block \u2013 Responsive Image and Content
Carousel plug ...)
+ TODO: check
+CVE-2025-12384 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and
Other Files ...)
+ TODO: check
+CVE-2025-12197 (The The Events Calendar plugin for WordPress is vulnerable to
blind SQ ...)
+ TODO: check
+CVE-2025-12139 (The File Manager for Google Drive \u2013 Integrate Google
Drive with W ...)
+ TODO: check
+CVE-2025-11917 (The WPeMatico RSS Feed Fetcher plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-11835 (The Paid Membership Subscriptions \u2013 Effortless
Memberships, Recur ...)
+ TODO: check
+CVE-2025-11749 (The AI Engine plugin for WordPress is vulnerable to Sensitive
Informat ...)
+ TODO: check
+CVE-2025-11373 (The Popup and Slider Builder by Depicter \u2013 Add Email
collecting P ...)
+ TODO: check
+CVE-2025-11162 (The Spectra Gutenberg Blocks \u2013 Website Builder for the
Block Edit ...)
+ TODO: check
+CVE-2025-11072 (The MelAbu WP Download Counter Button WordPress plugin through
1.8.6.7 ...)
+ TODO: check
+CVE-2025-10873 (The ElementInvader Addons for Elementor WordPress plugin
before 1.4.1 ...)
+ TODO: check
+CVE-2025-10622 (A flaw was found in Red Hat Satellite (Foreman component).
This vulner ...)
+ TODO: check
+CVE-2025-10567 (The FunnelKit WordPress plugin before 3.12.0.1 does not
sanitize user ...)
+ TODO: check
+CVE-2024-56426 (An issue was discovered in Samsung Mobile Processor and
Wearable Proce ...)
+ TODO: check
+CVE-2025-62507 (Redis is an open source, in-memory database that persists on
disk. In ...)
- redis <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8
NOTE: Introduced with:
https://github.com/redis/redis/commit/fa040a72c0720d9b0a833117b086e5bbafa6ddc8
(8.2-rc1)
@@ -1723,7 +1855,7 @@ CVE-2025-11201 (MLflow Tracking Server Model Creation
Directory Traversal Remote
CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass
Vulnerability. ...)
NOT-FOR-US: mlflow
CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
- {DLA-4362-1}
+ {DSA-6049-1 DLA-4362-1}
- gimp 3.0.4-6.2 (bug #1119661)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-978/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e00d06b79b02e21e9e24a417f3aa17b324e330
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e00d06b79b02e21e9e24a417f3aa17b324e330
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
