Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e468c42c by security tracker role at 2025-08-19T08:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,65 @@
-CVE-2025-38553 [net/sched: Restrict conditions for adding duplicating netems
to qdisc tree]
+CVE-2025-9119 (A vulnerability was determined in Netis WF2419 1.2.29433. This
vulnera ...)
+ TODO: check
+CVE-2025-8723 (The Cloudflare Image Resizing plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2025-8622 (The Flexible Map plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-8357 (The Media Library Assistant plugin for WordPress is vulnerable
to arbi ...)
+ TODO: check
+CVE-2025-8218 (The Real Spaces - WordPress Properties Directory Theme theme
for WordP ...)
+ TODO: check
+CVE-2025-8098 (An improper permission vulnerability was reported in Lenovo PC
Manager ...)
+ TODO: check
+CVE-2025-7670 (The JS Archive List plugin for WordPress is vulnerable to
time-based S ...)
+ TODO: check
+CVE-2025-7654 (Multiple FunnelKit plugins are vulnerable to Sensitive
Information Exp ...)
+ TODO: check
+CVE-2025-7496 (The WPC Smart Compare for WooCommerce plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-6758 (The Real Spaces - WordPress Properties Directory Theme theme
for WordP ...)
+ TODO: check
+CVE-2025-5417 (An insufficient access control vulnerability was found in the
Red Hat ...)
+ TODO: check
+CVE-2025-57725
+ REJECTED
+CVE-2025-57724
+ REJECTED
+CVE-2025-57723
+ REJECTED
+CVE-2025-57722
+ REJECTED
+CVE-2025-57721
+ REJECTED
+CVE-2025-57720
+ REJECTED
+CVE-2025-57719
+ REJECTED
+CVE-2025-57718
+ REJECTED
+CVE-2025-57717
+ REJECTED
+CVE-2025-54862 (Sante PACS Server web portal is vulnerable to stored
cross-site script ...)
+ TODO: check
+CVE-2025-54759 (Sante PACS Server is vulnerable to stored cross-site
scripting. An att ...)
+ TODO: check
+CVE-2025-54156 (The Sante PACS Server Web Portal sends credential information
without ...)
+ TODO: check
+CVE-2025-53948 (The Sante PACS Server allows a remote attacker to crash the
main threa ...)
+ TODO: check
+CVE-2025-53705 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt
Share versi ...)
+ TODO: check
+CVE-2025-52584 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt
Share versi ...)
+ TODO: check
+CVE-2025-4371 (A potential vulnerability was reported in the Lenovo 510 FHD
and Perfo ...)
+ TODO: check
+CVE-2025-46269 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt
Share versi ...)
+ TODO: check
+CVE-2025-41392 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt
Share versi ...)
+ TODO: check
+CVE-2025-38553 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/ec8e0e3d7adef940cdf9475e2352c0680189d14e (6.17-rc1)
-CVE-2025-53192
+CVE-2025-53192 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Expression/ ...)
- ognl <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/08/18/4
CVE-2025-7693 (A security issue exists due to improper handling of malformed
CIP Forw ...)
@@ -2912,13 +2970,13 @@ CVE-2025-8735 (A vulnerability classified as
problematic was found in GNU cflow
- cflow <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
NOTE: Crash in CLI tool, no security impact
-CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU
Bison ...)
+CVE-2025-8734 (A vulnerability has been found in GNU Bison up to 3.8.2. This
impacts ...)
- bison <unfixed> (bug #1110611)
[trixie] - bison <no-dsa> (Minor issue)
[bookworm] - bison <no-dsa> (Minor issue)
[bullseye] - bison <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/akimd/bison/issues/115
-CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been
rated ...)
+CVE-2025-8733 (A flaw has been found in GNU Bison up to 3.8.2. This affects
the funct ...)
- bison <unfixed> (unimportant; bug #1110610)
NOTE: https://github.com/akimd/bison/issues/113
NOTE: https://github.com/akimd/bison/issues/114
@@ -8149,7 +8207,7 @@ CVE-2025-7869 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: Portabilis i-Educar
CVE-2025-7868 (A vulnerability classified as problematic was found in
Portabilis i-Ed ...)
NOT-FOR-US: Portabilis i-Educar
-CVE-2025-7867 (A vulnerability classified as problematic has been found in
Portabilis ...)
+CVE-2025-7867 (A vulnerability has been found in Portabilis i-Educar
2.9.0/2.10.0. Th ...)
NOT-FOR-US: Portabilis i-Educar
CVE-2025-7866 (A vulnerability was found in Portabilis i-Educar 2.9.0. It has
been ra ...)
NOT-FOR-US: Portabilis i-Educar
@@ -9304,7 +9362,7 @@ CVE-2025-50108 (Vulnerability in the Oracle Hyperion
Financial Reporting product
CVE-2025-50107 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2025-50106 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 8u462-ga-1
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -9399,7 +9457,7 @@ CVE-2025-50061 (Vulnerability in the Primavera P6
Enterprise Project Portfolio M
CVE-2025-50060 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2025-50059 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 <not-affected> (Specific to Oracle Java 8 perf)
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -9466,7 +9524,7 @@ CVE-2025-30758 (Vulnerability in the Siebel CRM End User
product of Oracle Siebe
CVE-2025-30756 (Vulnerability in Oracle REST Data Services (component:
General). The ...)
NOT-FOR-US: Oracle
CVE-2025-30754 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 8u462-ga-1
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -9481,7 +9539,7 @@ CVE-2025-30751 (Vulnerability in the Oracle Database
component of Oracle Databas
CVE-2025-30750 (Vulnerability in the Unified Audit component of Oracle
Database Server ...)
NOT-FOR-US: Oracle
CVE-2025-30749 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5972-1 DLA-4248-1}
+ {DSA-5972-1 DLA-4275-1 DLA-4248-1}
- openjdk-8 8u462-ga-1
- openjdk-11 11.0.28+6-1
- openjdk-17 17.0.16+8-1
@@ -10354,6 +10412,7 @@ CVE-2025-7425 (A flaw was found in libxslt where the
attribute type, atype, flag
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f1e1f13b766eb580a8dcc0c4e7a447346dfd862e
(master)
NOTE: Mitigation landed in sid in 2.14.5+dfsg-0.1
CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field,
psvi, ...)
+ {DSA-5979-1}
- libxslt 1.1.35-2 (bug #1109123)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379228
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
@@ -192116,6 +192175,7 @@ CVE-2023-40407 (The issue was addressed with improved
bounds checks. This issue
CVE-2023-40406 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-40403 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5979-1}
- libxslt 1.1.35-2 (bug #1108074; unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d
(v1.1.38)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e468c42c51acde5df192de50b3807808c89718d2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e468c42c51acde5df192de50b3807808c89718d2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
