Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a42c6f50 by security tracker role at 2025-11-11T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,251 @@
+CVE-2025-9524 (The VAPIX API port.cgi did not have sufficient input
validation, which ...)
+ TODO: check
+CVE-2025-9055 (The VAPIX Edge storage API that allowed a privilege escalation,
enabli ...)
+ TODO: check
+CVE-2025-8998 (It was possible to upload files with a specific name to a
temporary di ...)
+ TODO: check
+CVE-2025-8108 (An ACAP configuration file has improper permissions and lacks
input va ...)
+ TODO: check
+CVE-2025-7429 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and
below a ...)
+ TODO: check
+CVE-2025-6779 (An ACAP configuration file has improper permissions, which
could allow ...)
+ TODO: check
+CVE-2025-6571 (A 3rd-party componentexposed its password in process arguments,
allowi ...)
+ TODO: check
+CVE-2025-6298 (ACAP applications can gain elevated privileges due to improper
input v ...)
+ TODO: check
+CVE-2025-64529 (SpiceDB is an open source database system for creating and
managing se ...)
+ TODO: check
+CVE-2025-64522 (Soft Serve is a self-hostable Git server for the command line.
Version ...)
+ TODO: check
+CVE-2025-64519 (TorrentPier is an open source BitTorrent Public/Private
tracker engine ...)
+ TODO: check
+CVE-2025-64518 (The CycloneDX core module provides a model representation of
the SBOM ...)
+ TODO: check
+CVE-2025-64513 (Milvus is an open-source vector database built for generative
AI appli ...)
+ TODO: check
+CVE-2025-64512 (Pdfminer.six is a community maintained fork of the original
PDFMiner, ...)
+ TODO: check
+CVE-2025-64509 (Bugsink is a self-hosted error tracking tool. In versions
prior to 2.0 ...)
+ TODO: check
+CVE-2025-64508 (Bugsink is a self-hosted error tracking tool. In versions
prior to 2.0 ...)
+ TODO: check
+CVE-2025-64504 (Langfuse is an open source large language model engineering
platform. ...)
+ TODO: check
+CVE-2025-64502 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2025-64501 (ProsemirrorToHtml is a JSON converter which takes
ProseMirror-compatib ...)
+ TODO: check
+CVE-2025-64484 (OAuth2-Proxy is an open-source tool that can act as either a
standalon ...)
+ TODO: check
+CVE-2025-64183 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2025-64182 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2025-64181 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2025-64167 (Combodo iTop is a web based IT service management tool.
Versions prior ...)
+ TODO: check
+CVE-2025-63678 (An authenticated arbitrary file upload vulnerability in the
/uploads/ ...)
+ TODO: check
+CVE-2025-63617 (ktg-mes before commit a484f96 (2025-07-03) has a fastjson
deserializat ...)
+ TODO: check
+CVE-2025-63397 (Improper input validation in OneFlow v0.9.0 allows attackers
to cause ...)
+ TODO: check
+CVE-2025-63384 (A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and
before i ...)
+ TODO: check
+CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware
v33.53.87 c ...)
+ TODO: check
+CVE-2025-62780 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2025-5718 (The ACAP Application framework could allow privilege escalation
throug ...)
+ TODO: check
+CVE-2025-5454 (An ACAP configuration file lacked sufficient input validation,
which c ...)
+ TODO: check
+CVE-2025-5452 (A malicious ACAP application can gain access to admin-level
service ac ...)
+ TODO: check
+CVE-2025-4645 (An ACAP configuration file lacked sufficient input validation,
which c ...)
+ TODO: check
+CVE-2025-49145 (Combodo iTop is a web based IT service management tool. In
versions pr ...)
+ TODO: check
+CVE-2025-48878 (Combodo iTop is a web based IT service management tool. In
versions on ...)
+ TODO: check
+CVE-2025-48065 (Combodo iTop is a web based IT service management tool.
Versions prior ...)
+ TODO: check
+CVE-2025-48055 (Combodo iTop is a web based IT service management tool. In
versions pr ...)
+ TODO: check
+CVE-2025-42940 (SAP CommonCryptoLib does not perform necessary boundary checks
during ...)
+ TODO: check
+CVE-2025-42924 (SAP S/4HANA landscape SAP E-Recruiting BSP allows an
unauthenticated a ...)
+ TODO: check
+CVE-2025-42919 (Due to an Information Disclosure vulnerability in SAP
NetWeaver Applic ...)
+ TODO: check
+CVE-2025-42899 (SAP S4CORE (Manage journal entries) does not perform necessary
authori ...)
+ TODO: check
+CVE-2025-42897 (Due to information disclosure vulnerability in anonymous API
provided ...)
+ TODO: check
+CVE-2025-42895 (Due to insufficient validation of connection property values,
the SAP ...)
+ TODO: check
+CVE-2025-42894 (Due to a Path Traversal vulnerability in SAP Business
Connector, an at ...)
+ TODO: check
+CVE-2025-42893 (Due to an Open Redirect vulnerability in SAP Business
Connector, an un ...)
+ TODO: check
+CVE-2025-42892 (Due to an OS Command Injection vulnerability in SAP Business
Connector ...)
+ TODO: check
+CVE-2025-42890 (SQL Anywhere Monitor (Non-GUI) baked credentials into the
code,exposin ...)
+ TODO: check
+CVE-2025-42889 (SAP Starter Solution allows an authenticated attacker to
execute craft ...)
+ TODO: check
+CVE-2025-42888 (SAP GUI for Windows may allow a highly privileged user on the
affected ...)
+ TODO: check
+CVE-2025-42887 (Due to missing input sanitation, SAP Solution Manager allows
an authen ...)
+ TODO: check
+CVE-2025-42886 (Due to a Reflected Cross-Site Scripting (XSS) vulnerability in
SAP Bus ...)
+ TODO: check
+CVE-2025-42885 (Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an
unauthe ...)
+ TODO: check
+CVE-2025-42884 (SAP NetWeaver Enterprise Portal allows an unauthenticated
attacker to ...)
+ TODO: check
+CVE-2025-42883 (Migration Workbench (DX Workbench) in SAP NetWeaver
Application Server ...)
+ TODO: check
+CVE-2025-42882 (Due to a missing authorization check in SAP NetWeaver
Application Serv ...)
+ TODO: check
+CVE-2025-31719 (In TEE EcDSA algorithm, there is a possible memory consistency
issue. ...)
+ TODO: check
+CVE-2025-12880 (The Progress Bar Blocks for Gutenberg plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-12813 (The Holiday class post calendar plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-12754 (The Geopost plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-12753 (The Chart Expert plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-12711 (The Share to Google Classroom plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-12672 (The Flickr Show plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-12671 (The WP-Iconics plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-12668 (The WP Count Down Timer plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-12667 (The GitHub Gist Shortcode Plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2025-12665 (The Ninja Countdown | Fastest Countdown Builder plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-12663 (The Jeba Cute forkit plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-12662 (The Coon Google Maps plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-12658 (The Preload Current Images plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-12652 (The Ungapped Widgets plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-12651 (The Live Photos on WordPress plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12644 (The Nonaki \u2013 Drag and Drop Email Template builder and
Newsletter ...)
+ TODO: check
+CVE-2025-12637 (The Elastic Theme Editor plugin for WordPress is vulnerable to
arbitra ...)
+ TODO: check
+CVE-2025-12632 (The RandomQuotr plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-12631 (The Squirrels Auto Inventory plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12590 (The YSlider plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2025-12589 (The WP-Walla plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-12588 (The USB Qr Code Scanner For Woocommerce plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-12542
+ REJECTED
+CVE-2025-12538 (The Fleet Manager plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-12526 (The Private Google Calendars plugin for WordPress is
vulnerable to una ...)
+ TODO: check
+CVE-2025-12132 (The WP Custom Admin Login Page Logo plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-12126 (The The Total Book Project plugin for WordPress is vulnerable
to Insec ...)
+ TODO: check
+CVE-2025-12021 (The WP-OAuth plugin for WordPress is vulnerable to Reflected
Cross-Sit ...)
+ TODO: check
+CVE-2025-12020 (The Double the Donation \u2013 A workplace giving tool to help
your fu ...)
+ TODO: check
+CVE-2025-12019 (The Featured Image plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-12010 (The Authors List plugin for WordPress is vulnerable to
Sensitive Infor ...)
+ TODO: check
+CVE-2025-11999 (The Add Multiple Marker plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2025-11997 (The Document Pro Elementor \u2013 Documentation & Knowledge
Base plugi ...)
+ TODO: check
+CVE-2025-11996 (The Find Unused Images plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2025-11988 (The Crypto plugin for WordPress is vulnerable to unauthorized
manipula ...)
+ TODO: check
+CVE-2025-11986 (The Crypto plugin for WordPress is vulnerable to Information
exposure ...)
+ TODO: check
+CVE-2025-11894 (The Shelf Planner plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2025-11892 (An improper neutralization of input vulnerability was
identified in Gi ...)
+ TODO: check
+CVE-2025-11891 (The Shelf Planner plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2025-11886 (The CTL Arcade Lite plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2025-11882 (The Simple Donate plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-11874 (The Slippy Slider \u2013 Responsive Touch Navigation Slider
plugin for ...)
+ TODO: check
+CVE-2025-11873 (The WP BBCode plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-11869 (The Precise Columns plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-11863 (The My Geo Posts Free plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-11860 (The Twitter Feed plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-11859 (The Paypal Donation Shortcode plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-11856 (The Eventbee Ticketing Widget plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-11855 (The age-restriction WordPress plugin through 3.0.2 does not
have autho ...)
+ TODO: check
+CVE-2025-11829 (The Five9 Live Chat plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-11828 (The Magazine Companion plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-11822 (The WP Bootstrap Tabs plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-11821 (The Woocommerce \u2013 Products By Custom Tax plugin for
WordPress is ...)
+ TODO: check
+CVE-2025-11805 (The Skip to Timestamp plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-11578 (A privilege escalation vulnerability was identified in GitHub
Enterpri ...)
+ TODO: check
+CVE-2025-11532 (The Wisly plugin for WordPress is vulnerable to Insecure
Direct Object ...)
+ TODO: check
+CVE-2025-11521 (The Astra Security Suite \u2013 Firewall & Malware Scan plugin
for Wor ...)
+ TODO: check
+CVE-2025-11457 (The EasyCommerce \u2013 AI-Powered, Fast & Beautiful WordPress
Ecommer ...)
+ TODO: check
+CVE-2025-11451 (The Auto Amazon Links \u2013 Amazon Associates Affiliate
Plugin plugin ...)
+ TODO: check
+CVE-2025-11307 (The WP Go Maps (formerly WP Google Maps) WordPress plugin
before 9.0.4 ...)
+ TODO: check
+CVE-2025-11237 (The Make Email Customizer for WooCommerce WordPress plugin
through 1.0 ...)
+ TODO: check
+CVE-2025-11170 (The WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3
for CPI p ...)
+ TODO: check
+CVE-2025-11168 (The Mementor Core plugin for WordPress is vulnerable to
Privilege Esca ...)
+ TODO: check
+CVE-2025-11129 (The Include Fussball.de Widgets plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-10714 (AXIS Optimizer was vulnerable to an unquoted search path
vulnerability ...)
+ TODO: check
+CVE-2021-4462 (Employee Records System version 1.0 contains an unrestricted
file uplo ...)
+ TODO: check
+CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely
affected) cont ...)
+ TODO: check
CVE-2025-8768
REJECTED
CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie
configuratio ...)
@@ -152,7 +400,7 @@ CVE-2025-12864 (U-Office Force developed by e-Excellence
has a SQL Injection vul
NOT-FOR-US: U-Office Force
CVE-2025-12613 (Versions of the package cloudinary before 2.7.0 are vulnerable
to Arbi ...)
NOT-FOR-US: cloudinary Node.js module
-CVE-2025-64507 [GHSA-56mx-8g9f-5crf]
+CVE-2025-64507 (Incus is a system container and virtual machine manager. An
issue in v ...)
{DSA-6051-1}
- incus 6.0.5-4
- lxd <removed>
@@ -252,7 +500,7 @@ CVE-2025-63544 (TechStore 1.0 is vulnerable to Cross Site
Scripting (XSS) in /or
NOT-FOR-US: TechStore
CVE-2025-63543 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in
the /sear ...)
NOT-FOR-US: TechStore
-CVE-2025-63420 (A stored cross-site scripting (XSS) vulnerability in the
CrushFTP 11.3 ...)
+CVE-2025-63420 (CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML
injection in ...)
NOT-FOR-US: CrushFTP
CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability has been identified
in tQua ...)
NOT-FOR-US: tQuadra CMS
@@ -727,7 +975,8 @@ CVE-2025-5803 (Missing Authorization vulnerability in
e4jvikwp VikBooking Hotel
NOT-FOR-US: WordPress plugin or theme
CVE-2025-59556 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-59396 (The default configuration of WatchGuard Firebox devices
through 2025-0 ...)
+CVE-2025-59396
+ REJECTED
NOT-FOR-US: WatchGuard
CVE-2025-59392 (On Elspec G5 devices through 1.2.2.19, a person with physical
access t ...)
NOT-FOR-US: Elspec G5 devices
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42c6f5044c2b3f9b2d30d0f6d69cfa906159dd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42c6f5044c2b3f9b2d30d0f6d69cfa906159dd8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
