Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5925153 by security tracker role at 2025-07-18T08:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,222 @@
-CVE-2025-53644
+CVE-2025-7772 (The Malcure Malware Scanner \u2014 #1 Toolset for WordPress
Malware Re ...)
+ TODO: check
+CVE-2025-7767 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-7765 (A vulnerability classified as critical was found in
code-projects Onli ...)
+ TODO: check
+CVE-2025-7764 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-7763 (A vulnerability, which was classified as problematic, was found
in thi ...)
+ TODO: check
+CVE-2025-7762 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2025-7759 (A vulnerability, which was classified as critical, was found in
thinkg ...)
+ TODO: check
+CVE-2025-7758 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-7757 (A vulnerability classified as critical was found in PHPGurukul
Land Re ...)
+ TODO: check
+CVE-2025-7756 (A vulnerability classified as problematic has been found in
code-proje ...)
+ TODO: check
+CVE-2025-7755 (A vulnerability was found in code-projects Online Ordering
System 1.0. ...)
+ TODO: check
+CVE-2025-7754 (A vulnerability was found in code-projects Patient Record
Management S ...)
+ TODO: check
+CVE-2025-7753 (A vulnerability was found in code-projects Online Appointment
Booking ...)
+ TODO: check
+CVE-2025-7752 (A vulnerability was found in code-projects Online Appointment
Booking ...)
+ TODO: check
+CVE-2025-7751 (A vulnerability has been found in code-projects Online
Appointment Boo ...)
+ TODO: check
+CVE-2025-7750 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-7749 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-7748 (A vulnerability classified as problematic was found in ZCMS
3.6.0. Thi ...)
+ TODO: check
+CVE-2025-7747 (A vulnerability classified as critical has been found in Tenda
FH451 1 ...)
+ TODO: check
+CVE-2025-7660 (The Map My Locations plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-7648 (The Ruven Themes: Shortcodes plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2025-7643 (The Attachment Manager plugin for WordPress is vulnerable to
arbitrary ...)
+ TODO: check
+CVE-2025-7638 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
+ TODO: check
+CVE-2025-7472 (A local privilege escalation vulnerability in the Intercept X
for Wind ...)
+ TODO: check
+CVE-2025-7438 (The MasterStudy LMS Pro plugin for WordPress is vulnerable to
arbitrar ...)
+ TODO: check
+CVE-2025-7433 (A local privilege escalation vulnerability in Sophos Intercept
X for W ...)
+ TODO: check
+CVE-2025-7431 (The Knowledge Base plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2025-7398 (Brocade ASCG before 3.3.0 allows for the use of medium strength
crypto ...)
+ TODO: check
+CVE-2025-7397 (A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0
stores ...)
+ TODO: check
+CVE-2025-7339 (on-headers is a node.js middleware for listening to when a
response wr ...)
+ TODO: check
+CVE-2025-7338 (Multer is a node.js middleware for handling
`multipart/form-data`. A v ...)
+ TODO: check
+CVE-2025-6813 (The aapanel WP Toolkit plugin for WordPress is vulnerable to
Privilege ...)
+ TODO: check
+CVE-2025-6781 (The Copymatic \u2013 AI Content Writer & Generator plugin for
WordPres ...)
+ TODO: check
+CVE-2025-6726 (The Block Editor Gallery Slider plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-6719 (The Terms descriptions plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-6718 (The B1.lt plugin for WordPress is vulnerable to SQL Injection
due to a ...)
+ TODO: check
+CVE-2025-6717 (The B1.lt plugin for WordPress is vulnerable to SQL Injection
via the ...)
+ TODO: check
+CVE-2025-6391 (Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log
files. An ...)
+ TODO: check
+CVE-2025-6249 (An authentication bypass vulnerability was reported in FileZ
client ap ...)
+ TODO: check
+CVE-2025-6248 (A cross-site scripting (XSS) vulnerability was reported in the
Lenovo ...)
+ TODO: check
+CVE-2025-6232 (An improper validation vulnerability was reported in Lenovo
Vantage th ...)
+ TODO: check
+CVE-2025-6231 (An improper validation vulnerability was reported in Lenovo
Vantage th ...)
+ TODO: check
+CVE-2025-6230 (A SQL injection vulnerability was reported in Lenovo Vantage
that coul ...)
+ TODO: check
+CVE-2025-6222 (The WooCommerce Refund And Exchange with RMA - Warranty
Management, Re ...)
+ TODO: check
+CVE-2025-6197 (An open redirect vulnerability has been identified in Grafana
OSS orga ...)
+ TODO: check
+CVE-2025-6185 (Leviton AcquiSuite and Energy Monitoring Hub are susceptible
to a cro ...)
+ TODO: check
+CVE-2025-6053 (The Zuppler Online Ordering plugin for WordPress is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-6023 (An open redirect vulnerability has been identified in Grafana
OSS that ...)
+ TODO: check
+CVE-2025-5816 (The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo
\u2013 ...)
+ TODO: check
+CVE-2025-5811 (The Listly: Listicles For WordPress plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-5800 (The Testimonial Post type plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-5767 (The Crowdfunding for WooCommerce plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-5754 (The Useful Tab Block \u2013 Responsive & AMP-Compatible plugin
for Wor ...)
+ TODO: check
+CVE-2025-5752 (The Vertical scroll image slideshow gallery plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2025-5346 (Bluebird devices contain a pre-loaded barcode scanner
application. Thi ...)
+ TODO: check
+CVE-2025-5345 (Bluebird devices contain a pre-loaded file manager application.
This a ...)
+ TODO: check
+CVE-2025-5344 (Bluebird devices contain a pre-loaded kiosk application. This
applicat ...)
+ TODO: check
+CVE-2025-54070 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
+ TODO: check
+CVE-2025-54068 (Livewire is a full-stack framework for Laravel. In Livewire v3
up to a ...)
+ TODO: check
+CVE-2025-54066 (DiracX-Web is a web application that provides an interface to
interact ...)
+ TODO: check
+CVE-2025-54064 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2025-54062 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54061 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54060 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-54058 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53964 (GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method
that allows ...)
+ TODO: check
+CVE-2025-53946 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
+ TODO: check
+CVE-2025-53941 (Hollo is a federated single-user microblogging software
designed to be ...)
+ TODO: check
+CVE-2025-53928 (MaxKB is an open-source AI assistant for enterprise. Prior to
versions ...)
+ TODO: check
+CVE-2025-53927 (MaxKB is an open-source AI assistant for enterprise. Prior to
version ...)
+ TODO: check
+CVE-2025-53909 (mailcow: dockerized is an open source groupware/email suite
based on d ...)
+ TODO: check
+CVE-2025-53867 (Island Lake WebBatch before 2025C allows Remote Code Execution
via a c ...)
+ TODO: check
+CVE-2025-53817 (7-Zip is a file archiver with a high compression ratio. 7-Zip
supports ...)
+ TODO: check
+CVE-2025-53816 (7-Zip is a file archiver with a high compression ratio. Zeroes
written ...)
+ TODO: check
+CVE-2025-53638 (Solady is software that provides Solidity snippets with APIs.
Starting ...)
+ TODO: check
+CVE-2025-52933
+ REJECTED
+CVE-2025-52046 (Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a
command ...)
+ TODO: check
+CVE-2025-51630 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to
contain a buf ...)
+ TODO: check
+CVE-2025-51497 (An issue was discovered in AdGuard plugin before 1.11.22 for
Safari on ...)
+ TODO: check
+CVE-2025-50240 (nbcio-boot v1.0.3 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2025-4657 (A buffer overflow vulnerability was reported in the Lenovo
Protection ...)
+ TODO: check
+CVE-2025-47189 (Netwrix Directory Manager through 2025-05-01 allows XSS.)
+ TODO: check
+CVE-2025-46102 (Cross Site Scripting vulnerability in Beakon Software Beakon
Learning ...)
+ TODO: check
+CVE-2025-3753 (A code execution vulnerability has been identified in the Robot
Operat ...)
+ TODO: check
+CVE-2025-3740 (The School Management System for Wordpress plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2025-38349 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
+ TODO: check
+CVE-2025-2818 (A vulnerability was reported in version 1.0 of the Bluetooth
Transmiss ...)
+ TODO: check
+CVE-2025-29572
+ REJECTED
+CVE-2025-26855 (A SQL injection in Articles Calendar extension 1.0.0 -
1.0.1.0007 for ...)
+ TODO: check
+CVE-2025-26854 (A SQL injection in Articles Good Search extension 1.0.0 -
1.2.4.0011 f ...)
+ TODO: check
+CVE-2025-25257 (An improper neutralization of special elements used in an SQL
command ...)
+ TODO: check
+CVE-2025-23270 (NVIDIA Jetson Linux contains a vulnerability in UEFI
Management mode, ...)
+ TODO: check
+CVE-2025-23269 (NVIDIA Jetson Linux contains a vulnerability in the kernel
where an at ...)
+ TODO: check
+CVE-2025-23266 (NVIDIA Container Toolkit for all platforms contains a
vulnerability in ...)
+ TODO: check
+CVE-2025-23263 (NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in
the VGT+ ...)
+ TODO: check
+CVE-2025-1729 (A DLL hijacking vulnerability was reported in TrackPoint Quick
Menu so ...)
+ TODO: check
+CVE-2025-1700 (A DLL hijacking vulnerability was reported in the Motorola
Software Fi ...)
+ TODO: check
+CVE-2025-0886 (An incorrect permissions vulnerability was reported in Elliptic
Labs V ...)
+ TODO: check
+CVE-2024-42209 (HCL Connections is vulnerable to an information disclosure
vulnerabili ...)
+ TODO: check
+CVE-2024-41921 (A code injection vulnerability has been discovered in the
Robot Operat ...)
+ TODO: check
+CVE-2024-41148 (A code injection vulnerability has been discovered in the
Robot Operat ...)
+ TODO: check
+CVE-2024-39835 (A code injection vulnerability has been identified in the
Robot Operat ...)
+ TODO: check
+CVE-2024-39289 (A code execution vulnerability has been discovered in the
Robot Operat ...)
+ TODO: check
+CVE-2024-32323 (SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0
allows a ...)
+ TODO: check
+CVE-2024-32124 (An improper access control vulnerability [CWE-284] in
FortiIsolator ve ...)
+ TODO: check
+CVE-2024-27779 (An insufficient session expiration vulnerability [CWE-613] in
FortiSan ...)
+ TODO: check
+CVE-2024-13972 (A vulnerability related to registry permissions in the
Intercept X for ...)
+ TODO: check
+CVE-2023-47356 (Mingyu Security Gateway before v3.0-5.3p was discovered to
contain a r ...)
+ TODO: check
+CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download
vulnerabili ...)
+ TODO: check
+CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions
prior to 4. ...)
- opencv <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2381763
TODO: check upstream report
@@ -10,7 +228,7 @@ CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS
Decoder (libavcodec/alsdec
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: Introduced with:
https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
-CVE-2025-40924 [generates session ids insecurely]
+CVE-2025-40924 (Catalyst::Plugin::Session before version 0.44 for Perl
generates sessi ...)
- libcatalyst-plugin-session-perl <unfixed> (bug #1109439)
[bookworm] - libcatalyst-plugin-session-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31252285/
@@ -34,7 +252,7 @@ CVE-2025-34132 (A command injection vulnerability exists in
LILIN Digital Video
NOT-FOR-US: LILIN Digital Video Recorder (DVR) devices
CVE-2025-34130 (An unauthenticated arbitrary file read exists in LILIN Digital
Video R ...)
NOT-FOR-US: LILIN Digital Video Recorder (DVR) devices
-CVE-2025-34129 (A command injection vulnerability exists in LILIN LILIN
Digital Video ...)
+CVE-2025-34129 (A command injection vulnerability exists in LILIN Digital
Video Record ...)
NOT-FOR-US: LILIN Digital Video Recorder (DVR) devices
CVE-2025-34128 (A buffer overflow vulnerability exists in the X360 VideoPlayer
ActiveX ...)
NOT-FOR-US: X360 VideoPlayer ActiveX control (VideoPlayer.ocx)
@@ -6686,11 +6904,11 @@ CVE-2025-49550 (Adobe Commerce versions 2.4.8,
2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2
NOT-FOR-US: Adobe
CVE-2025-49549 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
NOT-FOR-US: Adobe
-CVE-2025-49153 (MICROSENS NMP Web+ could allow an unauthenticated attacker to
overwri ...)
+CVE-2025-49153 (The affected products could allow an unauthenticated attacker
to overw ...)
NOT-FOR-US: MICROSENS NMP Web+
-CVE-2025-49152 (MICROSENS NMP Web+contain JSON Web Tokens (JWT) that do not
expire, wh ...)
+CVE-2025-49152 (The affected products contain JSON Web Tokens (JWT) that do
not expire ...)
NOT-FOR-US: MICROSENS NMP Web+
-CVE-2025-49151 (MICROSENS NMP Web+could allow an unauthenticated attacker to
generate ...)
+CVE-2025-49151 (The affected products could allow an unauthenticated attacker
to gener ...)
NOT-FOR-US: MICROSENS NMP Web+
CVE-2025-49135 (CVAT is an open source interactive video and image annotation
tool for ...)
NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
@@ -6779,7 +6997,7 @@ CVE-2024-51978 (An unauthenticated attacker who knows the
target device's serial
NOT-FOR-US: Brother
CVE-2024-51977 (An unauthenticated attacker who can access either the HTTP
service (TC ...)
NOT-FOR-US: Brother
-CVE-2025-3415
+CVE-2025-3415 (Grafana is an open-source platform for monitoring and
observability. T ...)
- grafana <removed>
CVE-2025-52993 (A race condition in the Nix, Lix, and Guix package managers
enables ch ...)
- guix <unfixed> (bug #1108318)
@@ -6984,7 +7202,7 @@ CVE-2025-27828 (A vulnerability in the legacy chat
component of Mitel MiContact
NOT-FOR-US: Mitel
CVE-2025-27827 (A vulnerability in the legacy chat component of Mitel
MiContact Center ...)
NOT-FOR-US: Mitel
-CVE-2025-23267
+CVE-2025-23267 (NVIDIA Container Toolkit for all platforms contains a
vulnerability in ...)
NOT-FOR-US: NVIDIA Container Toolkit
CVE-2025-23265 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in a pyt ...)
NOT-FOR-US: NVIDIA
@@ -67711,7 +67929,7 @@ CVE-2024-53144 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
NOTE:
https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc2)
-CVE-2025-1713 [deadlock potential with VT-d and legacy PCI device pass-through]
+CVE-2025-1713 (When setting up interrupt remapping for legacy PCI(-X) devices,
includ ...)
- xen 4.20.0-1
[bookworm] - xen <postponed> (Minor issue, can be fixed along with next
update)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -257027,7 +257245,7 @@ CVE-2022-39985
RESERVED
CVE-2022-39984
RESERVED
-CVE-2022-39983 (File upload vulnerability in Instantdeveloper RD3 22.0.8500,
allows at ...)
+CVE-2022-39983 (File upload vulnerability in Pro Gamma Instant Developer RD3
22.5 r23, ...)
NOT-FOR-US: Instantdeveloper RD3
CVE-2022-39982
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d592515335673e3737cd1c285db58b6c24e618be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d592515335673e3737cd1c285db58b6c24e618be
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
