[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 25 Jul 2025 01:12:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7066f529 by security tracker role at 2025-07-25T08:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,85 @@
-CVE-2025-54567
+CVE-2025-8137 (A vulnerability has been found in TOTOLINK A702R 
4.0.0-B20230721.1521  ...)
+       TODO: check
+CVE-2025-8136 (A vulnerability, which was classified as critical, was found in 
TOTOLI ...)
+       TODO: check
+CVE-2025-8135 (A vulnerability, which was classified as critical, has been 
found in i ...)
+       TODO: check
+CVE-2025-8134 (A vulnerability classified as critical was found in PHPGurukul 
BP Moni ...)
+       TODO: check
+CVE-2025-8133 (A vulnerability classified as critical has been found in 
yanyutao0402  ...)
+       TODO: check
+CVE-2025-8132 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. 
It has  ...)
+       TODO: check
+CVE-2025-8131 (A vulnerability was found in Tenda AC20 16.03.08.05. It has 
been decla ...)
+       TODO: check
+CVE-2025-8129 (A vulnerability, which was classified as problematic, was found 
in Koa ...)
+       TODO: check
+CVE-2025-8128 (A vulnerability, which was classified as critical, has been 
found in z ...)
+       TODO: check
+CVE-2025-8127 (A vulnerability classified as critical was found in deerwms 
deer-wms-2 ...)
+       TODO: check
+CVE-2025-8126 (A vulnerability classified as critical has been found in 
deerwms deer- ...)
+       TODO: check
+CVE-2025-8125 (A vulnerability was found in deerwms deer-wms-2 up to 3.3. It 
has been ...)
+       TODO: check
+CVE-2025-8124 (A vulnerability was found in deerwms deer-wms-2 up to 3.3. It 
has been ...)
+       TODO: check
+CVE-2025-8123 (A vulnerability was found in deerwms deer-wms-2 up to 3.3. It 
has been ...)
+       TODO: check
+CVE-2025-7742 (An authentication vulnerability exists in the LG Innotek camera 
model  ...)
+       TODO: check
+CVE-2025-7404 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
+       TODO: check
+CVE-2025-7022 (The My Reservation System WordPress plugin through 2.3 does not 
saniti ...)
+       TODO: check
+CVE-2025-6260 (The embedded web server on the thermostat listed version ranges 
contai ...)
+       TODO: check
+CVE-2025-5835 (The Droip plugin for WordPress is vulnerable to unauthorized 
modificat ...)
+       TODO: check
+CVE-2025-5831 (The Droip plugin for WordPress is vulnerable to arbitrary file 
uploads ...)
+       TODO: check
+CVE-2025-54568 (Akamai Rate Control alpha before 2025 allows attackers to send 
request ...)
+       TODO: check
+CVE-2025-54558 (OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) 
execution ...)
+       TODO: check
+CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data analytics and stream 
process ...)
+       TODO: check
+CVE-2025-54369
+       REJECTED
+CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, 
and Ele ...)
+       TODO: check
+CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for 
WordPress is ...)
+       TODO: check
+CVE-2025-32429 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2025-31955 (HCL iAutomate is affected by a sensitive data exposure 
vulnerability.  ...)
+       TODO: check
+CVE-2025-31953 (HCL iAutomate includes hardcoded credentials which may result 
in poten ...)
+       TODO: check
+CVE-2025-31952 (HCL iAutomate is affected by an insufficient session 
expiration.  This ...)
+       TODO: check
+CVE-2025-22165 (This Medium severity ACE (Arbitrary Code Execution) 
vulnerability was  ...)
+       TODO: check
+CVE-2025-0253 (HCL IEM is affected by a cookie attribute not set vulnerability 
due to ...)
+       TODO: check
+CVE-2025-0252 (HCL IEM is affected by a password in cleartext vulnerability. 
Sensitiv ...)
+       TODO: check
+CVE-2025-0251 (HCL IEM is affected by a concurrent login vulnerability. The 
applicati ...)
+       TODO: check
+CVE-2025-0250 (HCL IEM is affected by an authorization token sent in cookie 
vulnerabi ...)
+       TODO: check
+CVE-2025-0249 (HCL IEM is affected by an improper invalidation of access or 
JWT token ...)
+       TODO: check
+CVE-2019-25224 (The WP Database Backup plugin for WordPress is vulnerable to 
OS Comman ...)
+       TODO: check
+CVE-2015-10144 (The Responsive Thumbnail Slider plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2015-10143 (The Platform theme for WordPress is vulnerable to unauthorized 
modific ...)
+       TODO: check
+CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF 
Enable bi ...)
        - qemu <unfixed>
        NOTE: 
https://lore.kernel.org/qemu-devel/[email protected]/
-CVE-2025-54566
+CVE-2025-54566 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration 
state incon ...)
        - qemu <unfixed>
        NOTE: 
https://lore.kernel.org/qemu-devel/[email protected]/
 CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand 
Management Sys ...)
@@ -285,7 +363,7 @@ CVE-2025-48733 (DuraComm SPM-500 DP-10iN-100-MU   lacks 
access controls for a fu
        NOT-FOR-US: DuraComm
 CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 
6900w Serie ...)
        NOT-FOR-US: Mitel
-CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk 
command ...)
+CVE-2025-46686 (Redis through 8.0.3 allows memory consumption via a multi-bulk 
command ...)
        - redis <unfixed> (unimportant)
        NOTE: https://github.com/io-no/CVE-Reports/issues/1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
@@ -7020,7 +7098,8 @@ CVE-2025-4380 (The Ads Pro Plugin - Multi-Purpose 
WordPress Advertising Manager
        NOT-FOR-US: WordPress plugin
 CVE-2025-49741 (No cwe for this issue in Microsoft Edge (Chromium-based) 
allows an una ...)
        NOT-FOR-US: Microsoft
-CVE-2025-3848 (The Download Manager and Payment Form WordPress Plugin \u2013 
WP Smart ...)
+CVE-2025-3848
+       REJECTED
        NOT-FOR-US: WordPress plugin
 CVE-2025-36630 (In Tenable Nessus versions prior to 10.8.5 on a Windows host, 
it was f ...)
        NOT-FOR-US: Tenable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7066f52995ec337bbe4916b9263c55f2af8a289b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7066f52995ec337bbe4916b9263c55f2af8a289b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to