[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 23 Aug 2025 01:12:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1b56c762 by security tracker role at 2025-08-23T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2025-9358 (A security flaw has been discovered in Linksys RE6250, RE6300, 
RE6350, ...)
+       TODO: check
+CVE-2025-9357 (A vulnerability was identified in Linksys RE6250, RE6300, 
RE6350, RE65 ...)
+       TODO: check
+CVE-2025-9356 (A vulnerability was determined in Linksys RE6250, RE6300, 
RE6350, RE65 ...)
+       TODO: check
+CVE-2025-9355 (A vulnerability was found in Linksys RE6250, RE6300, RE6350, 
RE6500, R ...)
+       TODO: check
+CVE-2025-9131 (The Ogulo \u2013 360\xb0 Tour plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2025-9048 (The Wptobe-memberships plugin for WordPress is vulnerable to 
arbitrary ...)
+       TODO: check
+CVE-2025-8193
+       REJECTED
+CVE-2025-8062 (The WS Theme Addons plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2025-7957 (The ShortcodeHub plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-7842 (The Silencesoft RSS Reader plugin for WordPress is vulnerable 
to Cross ...)
+       TODO: check
+CVE-2025-7841 (The Sertifier Certificate & Badge Maker for WordPress \u2013 
Tutor LMS ...)
+       TODO: check
+CVE-2025-7839 (The Restore Permanently delete Post or Page Data plugin for 
WordPress  ...)
+       TODO: check
+CVE-2025-7828 (The WP Filter & Combine RSS Feeds plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-7827 (The Ni WooCommerce Customer Product Report plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2025-7821 (The WC Plus plugin for WordPress is vulnerable to unauthorized 
modific ...)
+       TODO: check
+CVE-2025-7813 (The Events Calendar, Event Booking, Registrations and Event 
Tickets \u ...)
+       TODO: check
+CVE-2025-7642 (The Simpler Checkout plugin for WordPress is vulnerable to 
Authenticat ...)
+       TODO: check
+CVE-2025-5821 (The Case Theme User plugin for WordPress is vulnerable to 
Authenticati ...)
+       TODO: check
+CVE-2025-5352 (A critical stored Cross-Site Scripting (XSS) vulnerability 
exists in t ...)
+       TODO: check
+CVE-2025-5060 (The Bravis User plugin for WordPress is vulnerable to 
Authentication B ...)
+       TODO: check
+CVE-2025-58043
+       REJECTED
+CVE-2025-58042
+       REJECTED
+CVE-2025-58041
+       REJECTED
+CVE-2025-58040
+       REJECTED
+CVE-2025-58039
+       REJECTED
+CVE-2025-58038
+       REJECTED
+CVE-2025-58037
+       REJECTED
+CVE-2025-58036
+       REJECTED
+CVE-2025-58035
+       REJECTED
+CVE-2025-55455 (DooTask v1.0.51 was dicovered to contain an authenticated 
arbitrary do ...)
+       TODO: check
+CVE-2025-52451 (Improper Input Validation vulnerability in Salesforce Tableau 
Server o ...)
+       TODO: check
+CVE-2025-52450 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-43770 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
+       TODO: check
+CVE-2025-43769 (Stored cross-site scripting (XSS) vulnerability in Liferay 
Portal 7.4. ...)
+       TODO: check
+CVE-2025-43768 (Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 
2024.Q4.0 thro ...)
+       TODO: check
+CVE-2025-43767 (Open Redirect vulnerability in /c/portal/edit_info_item 
parameter redi ...)
+       TODO: check
+CVE-2025-43766 (The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 
2024.Q4.0, ...)
+       TODO: check
+CVE-2025-43765 (A Stored cross-site scripting vulnerability in the Liferay 
Portal 7.4. ...)
+       TODO: check
+CVE-2025-43764 (Self-ReDoS (Regular expression Denial of Service) exists with 
Role Nam ...)
+       TODO: check
+CVE-2025-43761 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
+       TODO: check
+CVE-2025-26498 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Sales ...)
+       TODO: check
+CVE-2025-26497 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Sales ...)
+       TODO: check
+CVE-2025-26496 (Access of Resource Using Incompatible Type ('Type Confusion') 
vulnerab ...)
+       TODO: check
+CVE-2025-24469
+       REJECTED
+CVE-2025-24468
+       REJECTED
+CVE-2025-22864
+       REJECTED
+CVE-2025-22863
+       REJECTED
+CVE-2025-22861
+       REJECTED
+CVE-2025-22860
+       REJECTED
 CVE-2025-9341 (Uncontrolled Resource Consumption vulnerability in Legion of 
the Bounc ...)
        NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian 
package for Bouncycastle
 CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of the Bouncy 
Castle Inc.  ...)
@@ -30334,7 +30432,7 @@ CVE-2024-10865 (Improper Input validation leads to XSS 
or Cross-site Scripting v
        NOT-FOR-US: OpenText
 CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: OpenText
-CVE-2025-4609
+CVE-2025-4609 (Incorrect handle provided in unspecified circumstances in Mojo 
in Goog ...)
        {DSA-5920-1}
        - chromium 136.0.7103.113-1
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -251288,8 +251386,8 @@ CVE-2022-3922 (The Broken Link Checker WordPress 
plugin before 1.11.20 does not
        NOT-FOR-US: WordPress plugin
 CVE-2022-45134 (Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 
before 22 ...)
        - mahara <removed>
-CVE-2022-45133
-       RESERVED
+CVE-2022-45133 (Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 
before 22 ...)
+       TODO: check
 CVE-2022-45132 (In Linaro Automated Validation Architecture (LAVA) before 
2022.11.1, r ...)
        - lava 2023.01-1 (bug #1024428)
        [bullseye] - lava <not-affected> (Vulnerable code not present)
@@ -718178,7 +718276,7 @@ CVE-2014-0753 (Stack-based buffer overflow in the 
SCADA server in Ecava IntegraX
        NOT-FOR-US: Ecava IntegraXor
 CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows 
remote att ...)
        NOT-FOR-US: Ecava IntegraXor
-CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the 
WebView ...)
+CVE-2014-0751 (The CIMPLICITY Web-based access component, CimWebServer, does 
not chec ...)
        NOT-FOR-US: GE Intelligent Platforms Proficy
 CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView 
CimWeb  ...)
        NOT-FOR-US: GE Intelligent Platforms Proficy



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b56c762c9bb4a386f1cd710fda26c9ad3d1852f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b56c762c9bb4a386f1cd710fda26c9ad3d1852f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to