Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
edb081b8 by security tracker role at 2025-07-16T08:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,74 @@
-CVE-2025-53906
+CVE-2025-7673 (A buffer overflow vulnerability in the URL parser of the zhttpd
web se ...)
+ TODO: check
+CVE-2025-7359 (The Counter live visitors for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2025-6981 (An incorrect authorization vulnerability allowed unauthorized
read acc ...)
+ TODO: check
+CVE-2025-6977 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
+ TODO: check
+CVE-2025-6747 (The Avada (Fusion) Builder plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-6043 (The Malcure Malware Scanner \u2014 #1 Toolset for WordPress
Malware Re ...)
+ TODO: check
+CVE-2025-5845 (The Affiliate Reviews plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-5843 (The Brandfolder plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-53958
+ REJECTED
+CVE-2025-53957
+ REJECTED
+CVE-2025-53956
+ REJECTED
+CVE-2025-53955
+ REJECTED
+CVE-2025-53954
+ REJECTED
+CVE-2025-53953
+ REJECTED
+CVE-2025-53952
+ REJECTED
+CVE-2025-53842 (Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN
prior to ...)
+ TODO: check
+CVE-2025-52690 (Successful exploitation of the vulnerability could allow an
attacker t ...)
+ TODO: check
+CVE-2025-52689 (Successful exploitation of the vulnerability could allow an
unauthenti ...)
+ TODO: check
+CVE-2025-52688 (Successful exploitation of the vulnerability could allow an
attacker t ...)
+ TODO: check
+CVE-2025-52687 (Successful exploitation of the vulnerability could allow an
attacker w ...)
+ TODO: check
+CVE-2025-49841 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49840 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49839 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49838 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49837 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49836 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49835 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49834 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49833 (GPT-SoVITS-WebUI is a voice conversion and text-to-speech
webUI. In ve ...)
+ TODO: check
+CVE-2025-49831 (An attacker of Secrets Manager, Self-Hosted installations that
route t ...)
+ TODO: check
+CVE-2025-2800 (The WP Event Manager \u2013 Events Calendar, Registrations,
Sell Ticke ...)
+ TODO: check
+CVE-2025-2799 (The WP Event Manager \u2013 Events Calendar, Registrations,
Sell Ticke ...)
+ TODO: check
+CVE-2025-53906 (Vim is an open source, command line text editor. Prior to
version 9.1. ...)
- vim <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/2
-CVE-2025-53905
+CVE-2025-53905 (Vim is an open source, command line text editor. Prior to
version 9.1. ...)
- vim <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/1
-CVE-2025-30761
+CVE-2025-30761 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
CVE-2025-7667 (The Restrict File Access plugin for WordPress is vulnerable to
Cross-S ...)
@@ -252,7 +316,7 @@ CVE-2025-30758 (Vulnerability in the Siebel CRM End User
product of Oracle Siebe
NOT-FOR-US: Oracle
CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component:
General). The ...)
NOT-FOR-US: Oracle
-CVE-2025-30754 (Vulnerability in Oracle Java SE (component: JSSE). Supported
versions ...)
+CVE-2025-30754 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
@@ -1670,7 +1734,8 @@ CVE-2024-10391
REJECTED
CVE-2023-50458 (In Dradis before 4.11.0, the Output Console shows a job queue
that may ...)
NOT-FOR-US: Dradis
-CVE-2025-7370 (A flaw was found in libsoup. A NULL pointer dereference
vulnerability ...)
+CVE-2025-7370
+ REJECTED
- libsoup3 <unfixed> (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2378888
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edb081b84d665f37ae9e312d88113895359422a2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edb081b84d665f37ae9e312d88113895359422a2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
