Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 80d04c15 by security tracker role at 2025-12-13T08:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,247 @@ +CVE-2025-9873 (The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2025-9488 (The Redux Framework plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2025-9218 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...) + TODO: check +CVE-2025-9207 (The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML ...) + TODO: check +CVE-2025-9116 (The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not ...) + TODO: check +CVE-2025-8779 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...) + TODO: check +CVE-2025-8617 (The YITH WooCommerce Quick View plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2025-7058 (The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2025-67871 + REJECTED +CVE-2025-67870 + REJECTED +CVE-2025-67869 + REJECTED +CVE-2025-67868 + REJECTED +CVE-2025-67867 + REJECTED +CVE-2025-67866 + REJECTED +CVE-2025-67865 + REJECTED +CVE-2025-67864 + REJECTED +CVE-2025-67863 + REJECTED +CVE-2025-67750 (Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and ...) + TODO: check +CVE-2025-67749 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versi ...) + TODO: check +CVE-2025-67721 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...) + TODO: check +CVE-2025-67634 (The CISA Software Acquisition Guide Supplier Response Web Tool before ...) + TODO: check +CVE-2025-46289 (A logic issue was addressed with improved file handling. This issue is ...) + TODO: check +CVE-2025-46287 (An inconsistent user interface issue was addressed with improved state ...) + TODO: check +CVE-2025-46285 (An integer overflow was addressed by adopting 64-bit timestamps. This ...) + TODO: check +CVE-2025-46276 (An information disclosure issue was addressed with improved privacy co ...) + TODO: check +CVE-2025-43542 (This issue was addressed with improved state management. This issue is ...) + TODO: check +CVE-2025-43539 (The issue was addressed with improved bounds checks. This issue is fix ...) + TODO: check +CVE-2025-43538 (A logging issue was addressed with improved data redaction. This issue ...) + TODO: check +CVE-2025-43532 (A memory corruption issue was addressed with improved bounds checking. ...) + TODO: check +CVE-2025-43530 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2025-43527 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2025-43523 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2025-43522 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) + TODO: check +CVE-2025-43521 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) + TODO: check +CVE-2025-43520 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2025-43519 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2025-43518 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2025-43517 (A privacy issue was addressed with improved private data redaction for ...) + TODO: check +CVE-2025-43516 (A session management issue was addressed with improved checks. This is ...) + TODO: check +CVE-2025-43513 (A permissions issue was addressed by removing the vulnerable code. Thi ...) + TODO: check +CVE-2025-43512 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2025-43511 (A use-after-free issue was addressed with improved memory management. ...) + TODO: check +CVE-2025-43510 (A memory corruption issue was addressed with improved lock state check ...) + TODO: check +CVE-2025-43509 (This issue was addressed with improved data protection. This issue is ...) + TODO: check +CVE-2025-43506 (A logic error was addressed with improved error handling. This issue i ...) + TODO: check +CVE-2025-43497 (An access issue was addressed with additional sandbox restrictions. Th ...) + TODO: check +CVE-2025-43494 (A mail header parsing issue was addressed with improved checks. This i ...) + TODO: check +CVE-2025-43482 (The issue was addressed with improved input validation. This issue is ...) + TODO: check +CVE-2025-43473 (This issue was addressed with improved state management. This issue is ...) + TODO: check +CVE-2025-43471 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2025-43470 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2025-43467 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2025-43466 (An injection issue was addressed with improved validation. This issue ...) + TODO: check +CVE-2025-43465 (A parsing issue in the handling of directory paths was addressed with ...) + TODO: check +CVE-2025-43464 (A denial-of-service issue was addressed with improved input validation ...) + TODO: check +CVE-2025-43463 (A parsing issue in the handling of directory paths was addressed with ...) + TODO: check +CVE-2025-43461 (This issue was addressed with improved validation of symlinks. This is ...) + TODO: check +CVE-2025-43437 (An information disclosure issue was addressed with improved privacy co ...) + TODO: check +CVE-2025-43416 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2025-43410 (The issue was addressed with improved handling of caches. This issue i ...) + TODO: check +CVE-2025-43406 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2025-43404 (A permissions issue was addressed with additional sandbox restrictions ...) + TODO: check +CVE-2025-43402 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2025-43393 (A permissions issue was addressed with additional sandbox restrictions ...) + TODO: check +CVE-2025-43388 (An injection issue was addressed with improved validation. This issue ...) + TODO: check +CVE-2025-43381 (This issue was addressed with improved handling of symlinks. This issu ...) + TODO: check +CVE-2025-43351 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2025-43320 (The issue was addressed by adding additional logic. This issue is fixe ...) + TODO: check +CVE-2025-14611 (Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 us ...) + TODO: check +CVE-2025-14586 (A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B202112 ...) + TODO: check +CVE-2025-14585 (A vulnerability was found in itsourcecode COVID Tracking System 1.0. A ...) + TODO: check +CVE-2025-14584 (A vulnerability has been found in itsourcecode COVID Tracking System 1 ...) + TODO: check +CVE-2025-14583 (A flaw has been found in campcodes Online Student Enrollment System 1. ...) + TODO: check +CVE-2025-14582 (A vulnerability was detected in campcodes Online Student Enrollment Sy ...) + TODO: check +CVE-2025-14581 (The HAPPY \u2013 Helpdesk Support Ticket System plugin for WordPress i ...) + TODO: check +CVE-2025-14580 (A security vulnerability has been detected in Qualitor up to 8.24.73. ...) + TODO: check +CVE-2025-14540 (The Userback plugin for WordPress is vulnerable to unauthorized access ...) + TODO: check +CVE-2025-14539 (The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary ...) + TODO: check +CVE-2025-14508 (The MediaCommander \u2013 Bring Folders to Media, Posts, and Pages plu ...) + TODO: check +CVE-2025-14477 (The 404 Solution plugin for WordPress is vulnerable to SQL Injection i ...) + TODO: check +CVE-2025-14476 (The Doubly \u2013 Cross Domain Copy Paste for WordPress plugin for Wor ...) + TODO: check +CVE-2025-14475 (The Extensive VC Addons for WPBakery page builder plugin for WordPress ...) + TODO: check +CVE-2025-14462 (The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Si ...) + TODO: check +CVE-2025-14454 (The Image Slider by Ays- Responsive Slider and Carousel plugin for Wor ...) + TODO: check +CVE-2025-14451 (The Solutions Ad Manager plugin for WordPress is vulnerable to Open Re ...) + TODO: check +CVE-2025-14447 (The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2025-14446 (The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2025-14440 (The JAY Login & Register plugin for WordPress is vulnerable to authent ...) + TODO: check +CVE-2025-14397 (The Postem Ipsum plugin for WordPress is vulnerable to unauthorized mo ...) + TODO: check +CVE-2025-14395 (The Popover Windows plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2025-14394 (The Popover Windows plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2025-14378 (The Quick Testimonials plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2025-14367 (The Easy Theme Options plugin for WordPress is vulnerable to Missing A ...) + TODO: check +CVE-2025-14366 (The Eyewear prescription form plugin for WordPress is vulnerable to Mi ...) + TODO: check +CVE-2025-14365 (The Eyewear prescription form plugin for WordPress is vulnerable to Mi ...) + TODO: check +CVE-2025-14288 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...) + TODO: check +CVE-2025-14278 (The HT Slider for Elementor plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2025-14066 + REJECTED +CVE-2025-14056 (The Custom Post Type UI plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2025-14050 (The Design Import/Export plugin for WordPress is vulnerable to SQL Inj ...) + TODO: check +CVE-2025-13970 (OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack ...) + TODO: check +CVE-2025-13705 (The Custom Frames plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2025-13403 (The Employee Spotlight \u2013 Team Member Showcase & Meet the Team Plu ...) + TODO: check +CVE-2025-13094 (The WP3D Model Import Viewer plugin for WordPress is vulnerable to arb ...) + TODO: check +CVE-2025-13093 (The Devs CRM \u2013 Manage tasks, attendance and teams all together pl ...) + TODO: check +CVE-2025-13092 (The Devs CRM \u2013 Manage tasks, attendance and teams all together pl ...) + TODO: check +CVE-2025-13089 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) + TODO: check +CVE-2025-13077 (The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a ...) + TODO: check +CVE-2025-12512 (The GenerateBlocks plugin for WordPress is vulnerable to information e ...) + TODO: check +CVE-2025-12362 (The myCred \u2013 Points Management System For Gamification, Ranks, Ba ...) + TODO: check +CVE-2025-12109 (The Header Footer Script Adder \u2013 Insert Code in Header, Body & Fo ...) + TODO: check +CVE-2025-12077 (The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2025-12076 (The Social Media Auto Publish plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2025-11970 (The Emplibot \u2013 AI Content Writer with Keyword Research, Infograph ...) + TODO: check +CVE-2025-11707 (The Login Lockdown & Protection plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2025-11693 (The Export WP Page to Static HTML & PDF plugin for WordPress is vulner ...) + TODO: check +CVE-2025-11376 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2025-11266 (An out-of-bounds write vulnerability exists in the Grassroots DICOM li ...) + TODO: check +CVE-2025-11164 (The Mavix Education theme for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2025-10738 (The URL Shortener Plugin For WordPress plugin for WordPress is vulnera ...) + TODO: check +CVE-2025-10289 (The Filter & Grids plugin for WordPress is vulnerable to SQL Injection ...) + TODO: check +CVE-2024-58316 (Online Shopping System Advanced 1.0 contains a SQL injection vulnerabi ...) + TODO: check CVE-2025-8083 (The Preset configuration https://v2.vuetifyjs.com/en/features/presets ...) NOT-FOR-US: Vuetify CVE-2025-8082 (Improper neutralization of the title date in the 'VDatePicker' compone ...) @@ -426,7 +670,7 @@ CVE-2024-58307 (CSZCMS 1.3.0 contains an authenticated SQL injection vulnerabili NOT-FOR-US: CSZCMS CVE-2024-58306 (minaliC 2.0.0 contains a denial of service vulnerability that allows r ...) NOT-FOR-US: MinaliC -CVE-2024-58304 (Online Shopping System Advanced 1.0 contains a SQL injection vulnerabi ...) +CVE-2024-58304 (SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerabil ...) NOT-FOR-US: SPA-CART CMS CVE-2024-58303 (FoF Pretty Mail 1.1.2 contains a server-side template injection vulner ...) NOT-FOR-US: FoF Pretty Mail @@ -2377,7 +2621,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may caus NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf NOTE: Fixed by: https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249 (edk2-stable202511) CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2388,7 +2632,7 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. S - firefox 146.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332 CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. This vuln ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2396,7 +2640,7 @@ CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. Thi NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14331 CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2404,7 +2648,7 @@ CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14330 CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerability a ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2412,7 +2656,7 @@ CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerabi NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14329 CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerability a ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2426,7 +2670,7 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerabi - firefox 146.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326 CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2434,7 +2678,7 @@ CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14325 CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2442,7 +2686,7 @@ CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14324 CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This vulnera ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2450,7 +2694,7 @@ CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This v NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14323 CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -2458,7 +2702,7 @@ CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graph NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14322 CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This vulnerability ...) - {DSA-6078-1 DLA-4401-1} + {DSA-6078-1 DLA-4405-1 DLA-4401-1} - firefox 146.0-1 - firefox-esr 140.6.0esr-1 - thunderbird 1:140.6.0esr-1 @@ -48092,8 +48336,8 @@ CVE-2025-54558 (OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) exe NOT-FOR-US: OpenAI Codex CLI CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data analytics and stream process ...) NOT-FOR-US: LF Edge eKuiper -CVE-2025-54369 - REJECTED +CVE-2025-54369 (Node-SAML is a SAML library not dependent on any frameworks that runs ...) + TODO: check CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, and Ele ...) NOT-FOR-US: Quiet CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d04c15878a831091ae3b764770aa66dac0e4a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d04c15878a831091ae3b764770aa66dac0e4a8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
