Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98d05c10 by security tracker role at 2025-07-16T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,324 @@
-CVE-2025-40777
+CVE-2025-7703 (Authentication vulnerability in the mobile
application\uff08tech.palm. ...)
+ TODO: check
+CVE-2025-7699 (An improper access control vulnerability was found in the EZ
Sync Man ...)
+ TODO: check
+CVE-2025-7357 (LITEON IC48A firmware versions prior to 01.00.19r and LITEON
IC80A fir ...)
+ TODO: check
+CVE-2025-7035 (The Media Library Assistant plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2025-6993 (The Ultimate WP Mail plugin for WordPress is vulnerable to
Privilege E ...)
+ TODO: check
+CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3( <=
180703)/V ...)
+ TODO: check
+CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday
Attack' ...)
+ TODO: check
+CVE-2025-5284 (The Master Addons \u2013 Elementor Addons with White Label,
Free Widge ...)
+ TODO: check
+CVE-2025-54051 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54050 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54047 (Missing Authorization vulnerability in QuanticaLabs Cost
Calculator al ...)
+ TODO: check
+CVE-2025-54043 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54042 (Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft
WP Post ...)
+ TODO: check
+CVE-2025-54041 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings
Wallet Sy ...)
+ TODO: check
+CVE-2025-54039 (Cross-Site Request Forgery (CSRF) vulnerability in Toast
Plugins Anima ...)
+ TODO: check
+CVE-2025-54038 (Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters
Restaur ...)
+ TODO: check
+CVE-2025-54037 (Missing Authorization vulnerability in blazethemes News Kit
Elementor ...)
+ TODO: check
+CVE-2025-54036 (Cross-Site Request Forgery (CSRF) vulnerability in Webba
Appointment B ...)
+ TODO: check
+CVE-2025-54035 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant
Software ...)
+ TODO: check
+CVE-2025-54033 (Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP
Theme Buil ...)
+ TODO: check
+CVE-2025-54030 (Cross-Site Request Forgery (CSRF) vulnerability in
GSheetConnector by ...)
+ TODO: check
+CVE-2025-54026 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-54024 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54023 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54022 (Cross-Site Request Forgery (CSRF) vulnerability in Elliot
Sowersby / R ...)
+ TODO: check
+CVE-2025-54020 (Cross-Site Request Forgery (CSRF) vulnerability in Erik
AntiSpam for C ...)
+ TODO: check
+CVE-2025-54018 (Missing Authorization vulnerability in CreativeMindsSolutions
CM Pop-U ...)
+ TODO: check
+CVE-2025-54016 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54015 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54013 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54011 (Missing Authorization vulnerability in SMTP2GO SMTP2GO allows
Exploiti ...)
+ TODO: check
+CVE-2025-54010 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan
Jewel Flu ...)
+ TODO: check
+CVE-2025-54009 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-54006 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53997 (Missing Authorization vulnerability in favethemes Houzez
allows Exploi ...)
+ TODO: check
+CVE-2025-53996 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53995 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53994 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53991 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53990 (Deserialization of Untrusted Data vulnerability in jetmonsters
JetForm ...)
+ TODO: check
+CVE-2025-53989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53986 (Missing Authorization vulnerability in ThemeIsle Hestia allows
Accessi ...)
+ TODO: check
+CVE-2025-53984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53943 (VoidBot Open-Source is a customizable Discord bot. VoidBot
Open-Source ...)
+ TODO: check
+CVE-2025-53938 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53937 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53936 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53935 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53934 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53933 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53932 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53931 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53930 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53929 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53926 (Emlog is an open source website building system. A cross-site
scriptin ...)
+ TODO: check
+CVE-2025-53925 (Emlog is an open source website building system. A cross-site
scriptin ...)
+ TODO: check
+CVE-2025-53924 (Emlog is an open source website building system. A cross-site
scriptin ...)
+ TODO: check
+CVE-2025-53923 (Emlog is an open source website building system. A cross-site
scriptin ...)
+ TODO: check
+CVE-2025-53908 (RomM is a self-hosted rom manager and player. Versions prior
to 3.10.3 ...)
+ TODO: check
+CVE-2025-53904 (The Scratch Channel is a news website that is under
development as of ...)
+ TODO: check
+CVE-2025-53892 (Vue I18n is the internationalization plugin for Vue.js. The
escapePara ...)
+ TODO: check
+CVE-2025-53840 (Icinga DB Web provides a graphical interface for Icinga
monitoring. St ...)
+ TODO: check
+CVE-2025-53758 (This vulnerability exists in Digisol DG-GR6821AC Router due to
use of ...)
+ TODO: check
+CVE-2025-53757 (This vulnerability exists in Digisol DG-GR6821AC Router due to
misconf ...)
+ TODO: check
+CVE-2025-53756 (This vulnerability exists in Digisol DG-GR6821AC Router due to
clearte ...)
+ TODO: check
+CVE-2025-53755 (This vulnerability exists in Digisol DG-GR6821AC Router due to
storage ...)
+ TODO: check
+CVE-2025-53754 (This vulnerability exists in Digisol DG-GR6821AC Router due to
hard-co ...)
+ TODO: check
+CVE-2025-52836 (Incorrect Privilege Assignment vulnerability in Unity Business
Technol ...)
+ TODO: check
+CVE-2025-52819 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-52804 (Missing Authorization vulnerability in uxper Nuss allows
Accessing Fun ...)
+ TODO: check
+CVE-2025-52803 (Missing Authorization vulnerability in uxper Sala allows
Accessing Fun ...)
+ TODO: check
+CVE-2025-52787 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52779 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52777 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52714 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-50028 (Missing Authorization vulnerability in CodeSolz Ultimate Push
Notifica ...)
+ TODO: check
+CVE-2025-49888 (Missing Authorization vulnerability in pimwick PW WooCommerce
On Sale! ...)
+ TODO: check
+CVE-2025-49884 (Missing Authorization vulnerability in alexvtn Internal
Linking of Rel ...)
+ TODO: check
+CVE-2025-49876 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49319 (Missing Authorization vulnerability in WPFactory Wishlist for
WooComme ...)
+ TODO: check
+CVE-2025-49034 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49031 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48345 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48339 (Missing Authorization vulnerability in activity-log.com
Profiler - Wha ...)
+ TODO: check
+CVE-2025-48301 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48300 (Unrestricted Upload of File with Dangerous Type vulnerability
in Adria ...)
+ TODO: check
+CVE-2025-48299 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48294 (Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG
Drupal ...)
+ TODO: check
+CVE-2025-48291 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48167 (Missing Authorization vulnerability in alexvtn Chatbox Manager
allows ...)
+ TODO: check
+CVE-2025-48166 (Missing Authorization vulnerability in Bill Minozzi Stop and
Block bot ...)
+ TODO: check
+CVE-2025-48161 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48156 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48155 (Missing Authorization vulnerability in enituretechnology
Residential A ...)
+ TODO: check
+CVE-2025-48153 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au
Import CD ...)
+ TODO: check
+CVE-2025-48150 (Missing Authorization vulnerability in Bill Minozzi Real
Estate Proper ...)
+ TODO: check
+CVE-2025-47652 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47645 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47053 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46959 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-46500 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-40985 (SQL injection vulnerability in SCATI Vision Web of SCATI Labs
from ver ...)
+ TODO: check
+CVE-2025-40776 (A `named` caching resolver that is configured to send ECS
(EDNS Client ...)
+ TODO: check
+CVE-2025-40724 (Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy
POS PHP Sc ...)
+ TODO: check
+CVE-2025-3871 (Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1
allows ...)
+ TODO: check
+CVE-2025-37107 (An authentication bypass vulnerability exists in HPE AutoPass
License ...)
+ TODO: check
+CVE-2025-37106 (An authentication bypass and disclosure of information
vulnerability e ...)
+ TODO: check
+CVE-2025-37105 (An hsqldb-related remote code execution vulnerability exists
in HPE Au ...)
+ TODO: check
+CVE-2025-37104 (A security vulnerability has been identified in HPE Telco
Service Orch ...)
+ TODO: check
+CVE-2025-36097 (IBM WebSphere Application Server 9.0 and WebSphere Application
Server ...)
+ TODO: check
+CVE-2025-34300 (A template injection vulnerability exists in Sawtooth
Software\u2019s ...)
+ TODO: check
+CVE-2025-32874 (An issue was discovered in Kaseya Rapid Fire Tools Network
Detective t ...)
+ TODO: check
+CVE-2025-32574 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32353 (Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has
Unencrypted Cre ...)
+ TODO: check
+CVE-2025-31427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31422 (Deserialization of Untrusted Data vulnerability in
designthemes Visual ...)
+ TODO: check
+CVE-2025-31072 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31070 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31055 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30973 (Deserialization of Untrusted Data vulnerability in Codexpert,
Inc CoSc ...)
+ TODO: check
+CVE-2025-30959 (Missing Authorization vulnerability in WPFactory Product XML
Feed Mana ...)
+ TODO: check
+CVE-2025-30955 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30949 (Deserialization of Untrusted Data vulnerability in Guru Team
Site Chat ...)
+ TODO: check
+CVE-2025-30936 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-29009 (Unrestricted Upload of File with Dangerous Type vulnerability
in Webku ...)
+ TODO: check
+CVE-2025-29000 (Missing Authorization vulnerability in August Infotech
Multi-language ...)
+ TODO: check
+CVE-2025-28982 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-28965 (Missing Authorization vulnerability in Md Yeasin Ul Haider URL
Shorten ...)
+ TODO: check
+CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin
Ul Haider ...)
+ TODO: check
+CVE-2025-28959 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-28955 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-24779 (Deserialization of Untrusted Data vulnerability in NooTheme
Yogi allow ...)
+ TODO: check
+CVE-2025-24777 (Deserialization of Untrusted Data vulnerability in awethemes
Hillter a ...)
+ TODO: check
+CVE-2025-24759 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22227 (In some specific scenarios with chained redirects, Reactor
Netty HTTP ...)
+ TODO: check
+CVE-2025-20337 (A vulnerability in a specific API of Cisco ISE and Cisco
ISE-PIC could ...)
+ TODO: check
+CVE-2025-20288 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2025-20285 (A vulnerability in the IP Access Restriction feature of Cisco
ISE and ...)
+ TODO: check
+CVE-2025-20284 (A vulnerability in a specific API of Cisco ISE and Cisco
ISE-PIC could ...)
+ TODO: check
+CVE-2025-20283 (A vulnerability in a specific API of Cisco ISE and Cisco
ISE-PIC could ...)
+ TODO: check
+CVE-2025-20274 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2025-20272 (A vulnerability in a subset of REST APIs of Cisco Prime
Infrastructure ...)
+ TODO: check
+CVE-2024-9408 (In Eclipse GlassFish since version 6.2.5 it is possible to
perform a S ...)
+ TODO: check
+CVE-2024-9343 (In Eclipse GlassFish version 7.0.15 is possible to perform
Stored Cros ...)
+ TODO: check
+CVE-2024-9342 (In Eclipse GlassFish version 7.0.16 or earlier it is possible
to perfo ...)
+ TODO: check
+CVE-2024-42912 (A cross-site scripting (XSS) vulnerability in META-INF Kft.
Email This ...)
+ TODO: check
+CVE-2024-10032 (In Eclipse GlassFish version 7.0.15 is possible to perform
Stored Cros ...)
+ TODO: check
+CVE-2024-10031 (In Eclipse GlassFish version 7.0.15 is possible to perform
Stored Cros ...)
+ TODO: check
+CVE-2024-10029 (In Eclipse GlassFish version 7.0.15 is possible to perform
Reflected C ...)
+ TODO: check
+CVE-2025-40777 (If a `named` caching resolver is configured with
`serve-stale-enable` ...)
- bind9 1:9.20.11-1
NOTE: https://kb.isc.org/docs/cve-2025-40777
-CVE-2025-40918
+CVE-2025-40918 (Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800
for Perl g ...)
- libauthen-sasl-perl <unfixed> (bug #1109406)
[bookworm] - libauthen-sasl-perl <no-dsa> (Minor issue)
[bullseye] - libauthen-sasl-perl <postponed> (Minor issue, weak entropy
for historic DIGEST-MD5 mech)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31224910/
NOTE:
https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch
NOTE: https://github.com/gbarr/perl-authen-sasl/pull/22
-CVE-2025-40913
+CVE-2025-40913 (Net::Dropbear versions through 0.16 for Perl contains a
dependency tha ...)
NOT-FOR-US: Net::Dropbear CPAN module
-CVE-2025-40919
+CVE-2025-40919 (Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate
the cno ...)
NOT-FOR-US: Authen::DigestMD5 CPAN module
-CVE-2025-40923
+CVE-2025-40923 (Plack-Middleware-Session before version 0.35 for Perl
generates sessio ...)
- libplack-middleware-session-perl <unfixed> (bug #1109405)
[bookworm] - libplack-middleware-session-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31223483/
@@ -276,7 +582,7 @@ CVE-2025-50065 (Vulnerability in the Oracle GraalVM for JDK
product of Oracle Ja
NOT-FOR-US: Oracle
CVE-2025-50064 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
-CVE-2025-50063 (Vulnerability in Oracle Java SE (component: Install).
Supported versi ...)
+CVE-2025-50063 (Vulnerability in Oracle Java SE (component: Install). The
supported ...)
- openjdk-8 <not-affected> (Specific to installer, not applicable to
debs)
CVE-2025-50062 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll
Core pro ...)
NOT-FOR-US: Oracle
@@ -1779,18 +2085,22 @@ CVE-2025-7370
CVE-2025-7365 (A flaw was found in Keycloak. When an authenticated attacker
attempts ...)
- keycloak <itp> (bug #1088287)
CVE-2025-32990 (A heap-buffer-overflow (off-by-one) flaw was found in the
GnuTLS softw ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/408bed40c36a4cc98f0c94a818f682810f731f32
(3.8.10)
CVE-2025-32989 (A heap-buffer-overread vulnerability was found in GnuTLS in
how it han ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2
(3.8.10)
CVE-2025-32988 (A flaw was found in GnuTLS. A double-free vulnerability exists
in GnuT ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573
(3.8.10)
CVE-2025-6395 (A NULL pointer dereference flaw was found in the GnuTLS
software in _g ...)
+ {DSA-5962-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad
(3.8.10)
@@ -2183,11 +2493,14 @@ CVE-2025-43582 (Substance3D - Viewer versions 0.22 and
earlier are affected by a
NOT-FOR-US: Adobe
CVE-2025-3780 (The WCFM \u2013 Frontend Manager for WooCommerce along with
Bookings S ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-34085 (An unrestricted file upload vulnerability in the WordPress
Simple File ...)
+CVE-2025-34085
+ REJECTED
NOT-FOR-US: WordPress plugin
-CVE-2025-34084 (An unauthenticated information disclosure vulnerability exists
in the ...)
+CVE-2025-34084
+ REJECTED
NOT-FOR-US: WordPress plugin
-CVE-2025-34083 (An unrestricted file upload vulnerability exists in the
WordPress AIT ...)
+CVE-2025-34083
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2025-34077 (An authentication bypass vulnerability exists in the WordPress
Pie Reg ...)
NOT-FOR-US: WordPress plugin
@@ -3861,7 +4174,7 @@ CVE-2025-23970 (Incorrect Privilege Assignment
vulnerability in aonetheme Servic
NOT-FOR-US: WordPress plugin
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The
bearer tok ...)
NOT-FOR-US: Red Hat OpenShift Jenkins
-CVE-2025-27465 [x86: Incorrect stubs exception handling for flags recovery]
+CVE-2025-27465 (Certain instructions need intercepting and emulating by Xen.
In some ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-470.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d05c10a845722bce656497bddcbd5781fa1633
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d05c10a845722bce656497bddcbd5781fa1633
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
