Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66d75fdf by security tracker role at 2025-06-26T08:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2025-6669 (A vulnerability was found in gooaclok819 sublinkX up to 1.8. It
has be ...)
+ TODO: check
+CVE-2025-6668 (A vulnerability was found in code-projects Inventory Management
System ...)
+ TODO: check
+CVE-2025-6667 (A vulnerability was found in code-projects Car Rental System
1.0 and c ...)
+ TODO: check
+CVE-2025-6665 (A vulnerability has been found in code-projects Inventory
Management S ...)
+ TODO: check
+CVE-2025-6664 (A vulnerability, which was classified as problematic, was found
in Cod ...)
+ TODO: check
+CVE-2025-6662 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6661 (PDF-XChange Editor App Object Use-After-Free Remote Code
Execution Vul ...)
+ TODO: check
+CVE-2025-6660 (PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow
Remote ...)
+ TODO: check
+CVE-2025-6659 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote
Code Ex ...)
+ TODO: check
+CVE-2025-6658 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6657 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6656 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6655 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6654 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote
Code Ex ...)
+ TODO: check
+CVE-2025-6653 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6652 (PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6651 (PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote
Code Ex ...)
+ TODO: check
+CVE-2025-6650 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6649 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6648 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6647 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote
Code Ex ...)
+ TODO: check
+CVE-2025-6646 (PDF-XChange Editor U3D File Parsing Use-After-Free Information
Disclos ...)
+ TODO: check
+CVE-2025-6645 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code
Executi ...)
+ TODO: check
+CVE-2025-6644 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code
Executi ...)
+ TODO: check
+CVE-2025-6643 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6642 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote
Code Exe ...)
+ TODO: check
+CVE-2025-6641 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2025-6640 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code
Executi ...)
+ TODO: check
+CVE-2025-6624 (Versions of the package snyk before 1.1297.3 are vulnerable to
Inserti ...)
+ TODO: check
+CVE-2025-6546 (The Drive Folder Embedder plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-6540 (The web-cam plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-6538 (The Post Rating and Review plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-6537 (The Namasha By Mdesign plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-6443 (Mikrotik RouterOS VXLAN Source IP Improper Access Control
Vulnerabilit ...)
+ TODO: check
+CVE-2025-6383 (The WP-PhotoNav plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-6378 (The Responsive Food and Drink Menu plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-6290 (The Tournament Bracket Generator plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-6258 (The WP SoundSystem plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2025-5932 (The Homerunner plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2025-5929 (The The Countdown plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-5813 (The Amazon Products to WooCommerce plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-5812 (The VG WORT METIS plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2025-5590 (The Owl carousel responsive plugin for WordPress is vulnerable
to time ...)
+ TODO: check
+CVE-2025-5588 (The Image Editor by Pixo plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-5564 (The GC Social Wall plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2025-5559 (The TimeZoneCalculator plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-5540 (The Event RSVP and Simple Event Management Plugin plugin for
WordPress ...)
+ TODO: check
+CVE-2025-5535 (The e.nigma buttons plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-5488 (The WP Masonry & Infinite Scroll plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-5459 (A user with specific node group editing permissions and a
specially cr ...)
+ TODO: check
+CVE-2025-5275 (The Charitable \u2013 Donation Plugin for WordPress \u2013
Fundraising ...)
+ TODO: check
+CVE-2025-52934
+ REJECTED
+CVE-2025-4334 (The Simple User Registration plugin for WordPress is vulnerable
to Pri ...)
+ TODO: check
+CVE-2025-48497 (Cross-site request forgery vulnerability exists in iroha Board
version ...)
+ TODO: check
+CVE-2025-41404 (Direct request ('Forced Browsing') issue exists in iroha Board
version ...)
+ TODO: check
+CVE-2025-3863 (The Post Carousel Slider for Elementor plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-37101 (A potential security vulnerability has been identified in HPE
OneView ...)
+ TODO: check
+CVE-2025-36038 (IBM WebSphere Application Server 8.5 and 9.0 could allow a
remote atta ...)
+ TODO: check
CVE-2025-6678 (Autel MaxiCharger AC Wallbox Commercial PIN Missing
Authentication Inf ...)
NOT-FOR-US: Autel
CVE-2025-6627 (A vulnerability has been found in TOTOLINK A702R
4.0.0-B20230721.1521 ...)
@@ -165,15 +281,15 @@ CVE-2023-44915 (A cross-site scripting (XSS)
vulnerability in the component /Log
TODO: check
CVE-2021-4457 (The ZoomSounds plugin before 6.05 contains a PHP file allowing
unauthe ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-5846
+CVE-2025-5846 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-2938
+CVE-2025-2938 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
-CVE-2025-5315
+CVE-2025-5315 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
-CVE-2025-1754
+CVE-2025-1754 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
-CVE-2025-3279
+CVE-2025-3279 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-6583 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester
@@ -435,11 +551,13 @@ CVE-2025-6431 (When a link can be opened in an external
application, Firefox for
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6431
CVE-2025-6430 (When a file download is specified via the `Content-Disposition`
header ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6430
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6430
CVE-2025-6429 (Firefox could have incorrectly parsed a URL and rewritten it to
the yo ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6429
@@ -456,11 +574,13 @@ CVE-2025-6426 (The executable file warning did not warn
users before opening fil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6426
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6426
CVE-2025-6425 (An attacker who enumerated resources from the WebCompat
extension coul ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6425
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6425
CVE-2025-6424 (A use-after-free in FontFaceSet resulted in a potentially
exploitable ...)
+ {DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6424
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66d75fdf1fbefa68760933b58c49a67673de167c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66d75fdf1fbefa68760933b58c49a67673de167c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
