Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3bcaceea by security tracker role at 2025-09-06T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,98 @@
-CVE-2025-57807 [ImageMagick BlobStream Forward-Seek Under-Allocation]
+CVE-2025-9961 (An authenticated attacker may remotely execute arbitrary code
via the ...)
+ TODO: check
+CVE-2025-9853 (The Optio Dentistry plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-9849 (The Html Social share buttons plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-9515 (The Multi Step Form plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2025-9493 (The Admin Menu Editor plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-9442 (The StreamWeasels Kick Integration plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-9126 (The Smart Table Builder plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-9085 (The User Registration & Membership plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-8722 (The Content Views plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-8564 (The SKT Addons for Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2025-8360 (The LA-Studio Element Kit for Elementor plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2025-8359 (The AdForest theme for WordPress is vulnerable to
Authentication Bypas ...)
+ TODO: check
+CVE-2025-8149 (The aThemes Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-7368 (The REHub - Price Comparison, Multi Vendor Marketplace
Wordpress Theme ...)
+ TODO: check
+CVE-2025-7366 (The The REHub - Price Comparison, Multi Vendor Marketplace
Wordpress T ...)
+ TODO: check
+CVE-2025-7045 (The Cloud SAML SSO plugin for WordPress is vulnerable to
Identity Prov ...)
+ TODO: check
+CVE-2025-7040 (The Cloud SAML SSO plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-6757 (The Recent Posts Widget Extended plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-6067 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post
Feed \u2 ...)
+ TODO: check
+CVE-2025-58912
+ REJECTED
+CVE-2025-58911
+ REJECTED
+CVE-2025-58910
+ REJECTED
+CVE-2025-58909
+ REJECTED
+CVE-2025-58908
+ REJECTED
+CVE-2025-58907
+ REJECTED
+CVE-2025-58906
+ REJECTED
+CVE-2025-58905
+ REJECTED
+CVE-2025-58904
+ REJECTED
+CVE-2025-58439 (ERP is a free and open source Enterprise Resource Planning
tool. In ve ...)
+ TODO: check
+CVE-2025-58437 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2025-58375
+ REJECTED
+CVE-2025-58374 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-58373 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-58372 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-58371 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-58370 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-58369 (fs2 is a compositional, streaming I/O library for Scala.
Versions 3.12 ...)
+ TODO: check
+CVE-2025-58367 (DeepDiff is a project focused on Deep Difference and search of
any Pyt ...)
+ TODO: check
+CVE-2025-58366 (Onyxia is a data science environment for kubernetes. In
versions 4.6.0 ...)
+ TODO: check
+CVE-2025-53791 (Improper access control in Microsoft Edge (Chromium-based)
allows an u ...)
+ TODO: check
+CVE-2025-10061 (An authorized user can cause a crash in the MongoDB Server
through a s ...)
+ TODO: check
+CVE-2025-10060 (MongoDB Server may allow upsert operations retried within a
transactio ...)
+ TODO: check
+CVE-2025-10059 (An improper setting of the lsid field on any sharded query can
cause a ...)
+ TODO: check
+CVE-2025-10046 (The ELEX WooCommerce Google Shopping (Google Product Feed)
plugin for ...)
+ TODO: check
+CVE-2025-10028 (A vulnerability was identified in itsourcecode POS Point of
Sale Syste ...)
+ TODO: check
+CVE-2025-10027 (A vulnerability was determined in itsourcecode POS Point of
Sale Syste ...)
+ TODO: check
+CVE-2025-10003 (The UsersWP \u2013 Front-end login form, User Registration,
User Profi ...)
+ TODO: check
+CVE-2025-57807 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2393590
TODO: unclear report, research official imagemagick details
@@ -382056,8 +382150,8 @@ CVE-2021-26385
REJECTED
CVE-2021-26384 (A malformed SMI (System Management Interface) command may
allow an att ...)
NOT-FOR-US: AMD
-CVE-2021-26383
- RESERVED
+CVE-2021-26383 (Insufficient bounds checking in AMD TEE (Trusted Execution
Environment ...)
+ TODO: check
CVE-2021-26382 (An attacker with root account privileges can load any
legitimately sig ...)
NOT-FOR-US: AMD
CVE-2021-26381
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bcaceeae0adbff980a9faebeff3484aedb68d5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bcaceeae0adbff980a9faebeff3484aedb68d5a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
