[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 04 Jul 2025 01:17:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f21537a5 by security tracker role at 2025-07-04T08:12:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,58 @@
-CVE-2025-53367
+CVE-2025-7053 (A vulnerability was found in Cockpit up to 2.11.3. It has been 
rated a ...)
+       TODO: check
+CVE-2025-7046 (The Portfolio for Elementor & Image Gallery | PowerFolio plugin 
for Wo ...)
+       TODO: check
+CVE-2025-6944 (The Uncode Core plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-6814 (The Booking X plugin for WordPress is vulnerable to 
unauthorized acces ...)
+       TODO: check
+CVE-2025-6787 (The Smart Docs plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2025-6786 (The DocCheck Login plugin for WordPress is vulnerable to 
unauthorized  ...)
+       TODO: check
+CVE-2025-6783 (The GoZen Forms plugin for WordPress is vulnerable to SQL 
Injection vi ...)
+       TODO: check
+CVE-2025-6782 (The GoZen Forms plugin for WordPress is vulnerable to SQL 
Injection vi ...)
+       TODO: check
+CVE-2025-6739 (The WPQuiz plugin for WordPress is vulnerable to SQL Injection 
via the ...)
+       TODO: check
+CVE-2025-6729 (The PayMaster for WooCommerce plugin for WordPress is 
vulnerable to Se ...)
+       TODO: check
+CVE-2025-6673 (The Easy restaurant menu manager plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-6586 (The Download Plugin plugin for WordPress is vulnerable to 
arbitrary fi ...)
+       TODO: check
+CVE-2025-6238 (The AI Engine plugin for WordPress is vulnerable to open 
redirect in v ...)
+       TODO: check
+CVE-2025-6041 (The yContributors plugin for WordPress is vulnerable to 
Cross-Site Req ...)
+       TODO: check
+CVE-2025-6039 (The ProcessingJS for WordPress plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2025-5956 (The WP Human Resource Management plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-5953 (The WP Human Resource Management plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-5933 (The RD Contacto plugin for WordPress is vulnerable to 
Cross-Site Reque ...)
+       TODO: check
+CVE-2025-5924 (The WP Firebase Push Notification plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-5567 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
+       TODO: check
+CVE-2025-5322 (The VikRentCar Car Rental Management System plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2025-53600 (Whale browser before 4.32.315.22 allow an attacker to bypass 
the Same- ...)
+       TODO: check
+CVE-2025-53599 (Whale browser for iOS before 3.9.1.4206 allow an attacker to 
execute m ...)
+       TODO: check
+CVE-2025-52554 (n8n is a workflow automation platform. Prior to version 
1.99.1, an aut ...)
+       TODO: check
+CVE-2025-49826 (Next.js is a React framework for building full-stack web 
applications. ...)
+       TODO: check
+CVE-2025-49005 (Next.js is a React framework for building full-stack web 
applications. ...)
+       TODO: check
+CVE-2024-11937 (The Premium Addons for Elementor plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-53367 (DjVuLibre is a GPL implementation of DjVu, a web-centric 
format for di ...)
        - djvulibre <unfixed> (bug #1108729)
        NOTE: https://www.openwall.com/lists/oss-security/2025/07/03/1
        NOTE: Fixed by: 
https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
@@ -2347,7 +2401,7 @@ CVE-2025-5449
        NOTE: Fixed by: 
https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496
 (libssh-0.11.2)
        NOTE: Fixed by: 
https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb
 (libssh-0.11.2)
        NOTE: Fixed by: 
https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7
 (libssh-0.11.2)
-CVE-2025-5372
+CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions 
older  ...)
        - libssh 0.11.2-1 (bug #1108407)
        [bookworm] - libssh <no-dsa> (Minor issue)
        NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
@@ -69089,11 +69143,13 @@ CVE-2024-11647 (A vulnerability, which was classified 
as critical, has been foun
 CVE-2024-11646 (A vulnerability classified as critical was found in 1000 
Projects Beau ...)
        NOT-FOR-US: 1000 Projects Beauty Parlour Management System
 CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A 
specifically-crafted  ...)
+       {DSA-5958-1}
        [experimental] - jpeg-xl 0.10.4-1
        - jpeg-xl 0.10.4-2 (bug #1088818)
        NOTE: https://github.com/libjxl/libjxl/pull/3943
        NOTE: 
https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9
 CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions 
prior to c ...)
+       {DSA-5958-1}
        [experimental] - jpeg-xl 0.10.4-1
        - jpeg-xl 0.10.4-2 (bug #1088818)
        NOTE: 
https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99
@@ -191776,6 +191832,7 @@ CVE-2023-3297 (In Ubuntu's accountsservice an 
unprivileged local attacker can tr
 CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, 
Templates) ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl 
before 0. ...)
+       {DSA-5958-1}
        [experimental] - jpeg-xl 0.8.2-1
        - jpeg-xl 0.8.2-4 (bug #1055306)
        NOTE: https://github.com/libjxl/libjxl/pull/2551
@@ -215711,6 +215768,7 @@ CVE-2023-0647 (A vulnerability, which was classified 
as critical, has been found
 CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 
1.5.0. A ...)
        NOT-FOR-US: dst-admin
 CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a 
specifical ...)
+       {DSA-5958-1}
        [experimental] - jpeg-xl 0.8.2-1
        - jpeg-xl 0.8.2-4 (bug #1034722)
        NOTE: 
https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21537a5517d3cf700478c80f561444986a65e4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21537a5517d3cf700478c80f561444986a65e4b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to