[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 29 Jul 2025 01:12:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
babc2074 by security tracker role at 2025-07-29T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-8264 (Versions of the package z-push/z-push-dev before 2.7.6 are 
vulnerable  ...)
+       TODO: check
+CVE-2025-7811 (The StreamWeasels YouTube Integration plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-7810 (The StreamWeasels Kick Integration plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-7809 (The StreamWeasels Twitch Integration plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2025-6495 (The Bricks theme for WordPress is vulnerable to blind SQL 
Injection vi ...)
+       TODO: check
+CVE-2025-54769 (An authenticated, read-only user can upload a file and perform 
a direc ...)
+       TODO: check
+CVE-2025-54768 (An API endpoint that should be limited to web application 
administrato ...)
+       TODO: check
+CVE-2025-54767 (An authenticated, read-only user can kill any processes 
running on the ...)
+       TODO: check
+CVE-2025-54766 (An API endpoint that should be limited to web application 
administrato ...)
+       TODO: check
+CVE-2025-54765 (An API endpoint that should be limited to web application 
administrato ...)
+       TODO: check
+CVE-2025-54666
+       REJECTED
+CVE-2025-54665
+       REJECTED
+CVE-2025-54664
+       REJECTED
+CVE-2025-54663
+       REJECTED
+CVE-2025-54662
+       REJECTED
+CVE-2025-54661
+       REJECTED
+CVE-2025-54429 (Polkadot Frontier is an Ethereum and EVM compatibility layer 
for Polka ...)
+       TODO: check
+CVE-2025-54428 (RevelaCode is an AI-powered faith-tech project that decodes 
biblical v ...)
+       TODO: check
+CVE-2025-54427 (Polkadot Frontier is an Ethereum and EVM compatibility layer 
for Polka ...)
+       TODO: check
+CVE-2025-54426 (Polkadot Frontier is an Ethereum and EVM compatibility layer 
for Polka ...)
+       TODO: check
+CVE-2025-53649 ("SwitchBot" App for iOS/Android contains an insertion of 
sensitive inf ...)
+       TODO: check
+CVE-2025-53082 (An 'Arbitrary File Deletion' in Samsung DMS(Data Management 
Server) al ...)
+       TODO: check
+CVE-2025-53081 (An 'Arbitrary File Creation' in Samsung DMS(Data Management 
Server) al ...)
+       TODO: check
+CVE-2025-53080 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-53079 (Absolute Path Traversal in Samsung DMS(Data Management Server) 
allows  ...)
+       TODO: check
+CVE-2025-53078 (Deserialization of Untrusted Data in Samsung DMS(Data 
Management Serve ...)
+       TODO: check
+CVE-2025-53077 (An execution after redirect in Samsung DMS(Data Management 
Server) all ...)
+       TODO: check
+CVE-2025-4566 (The Elementor Website Builder \u2013 More Than Just a Page 
Builder plu ...)
+       TODO: check
+CVE-2025-4370 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to li ...)
+       TODO: check
+CVE-2025-3075 (The Elementor Website Builder \u2013 More Than Just a Page 
Builder plu ...)
+       TODO: check
 CVE-2025-8283 (A vulnerability was found in the netavark package, a network 
stack for ...)
        - netavark <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383941
@@ -116235,7 +116295,7 @@ CVE-2024-1493 (An issue was discovered in GitLab 
CE/EE affecting all versions st
        - gitlab 17.3.5-2
 CVE-2024-1330 (The kadence-blocks-pro WordPress plugin before 2.3.8 does not 
prevent  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-58261 [RUSTSEC-2024-0345]
+CVE-2024-58261 (The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows 
an infi ...)
        - rust-sequoia-openpgp 1.21.0-1 (bug #1074352)
        [bookworm] - rust-sequoia-openpgp <not-affected> (Vulnerable code not 
present)
        [bullseye] - rust-sequoia-openpgp <not-affected> (Vulnerable code not 
present)
@@ -118049,7 +118109,7 @@ CVE-2024-38619 (In the Linux kernel, the following 
vulnerability has been resolv
        {DSA-5731-1 DSA-5730-1 DLA-4008-1}
        - linux 6.9.7-1
        NOTE: 
https://git.kernel.org/linus/16637fea001ab3c8df528a8995b3211906165a30 (6.10-rc4)
-CVE-2024-58262 [RUSTSEC-2024-0344]
+CVE-2024-58262 (The curve25519-dalek crate before 4.1.3 for Rust has a 
constant-time o ...)
        - rust-curve25519-dalek 4.1.3+20240618+dfsg-1 (bug #1074351)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0344.html
        NOTE: https://github.com/dalek-cryptography/curve25519-dalek/pull/659



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babc2074201f29b06973b0f96589937afef81c0a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babc2074201f29b06973b0f96589937afef81c0a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to