Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2339d685 by security tracker role at 2025-05-09T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,229 +1,445 @@
-CVE-2025-37888 [net/mlx5: Fix null-ptr-deref in
mlx5_create_{inner_,}ttc_table()]
+CVE-2025-4488 (A vulnerability was found in itsourcecode Gym Management System
1.0. I ...)
+ TODO: check
+CVE-2025-4487 (A vulnerability was found in itsourcecode Gym Management System
1.0. I ...)
+ TODO: check
+CVE-2025-4486 (A vulnerability was found in itsourcecode Gym Management System
1.0 an ...)
+ TODO: check
+CVE-2025-4485 (A vulnerability has been found in itsourcecode Gym Management
System 1 ...)
+ TODO: check
+CVE-2025-4484 (A vulnerability, which was classified as critical, was found in
itsour ...)
+ TODO: check
+CVE-2025-4483 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2025-4482 (A vulnerability classified as critical was found in Project
Worlds Stu ...)
+ TODO: check
+CVE-2025-4481 (A vulnerability was found in SourceCodester Apartment Visitor
Manageme ...)
+ TODO: check
+CVE-2025-4480 (A vulnerability was found in code-projects Simple College
Management S ...)
+ TODO: check
+CVE-2025-4472 (A vulnerability was found in code-projects Departmental Store
Manageme ...)
+ TODO: check
+CVE-2025-4471 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-4470 (A vulnerability classified as problematic was found in
SourceCodester ...)
+ TODO: check
+CVE-2025-4469 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2025-4468 (A vulnerability was found in SourceCodester Online Student
Clearance S ...)
+ TODO: check
+CVE-2025-4467 (A vulnerability was found in SourceCodester Online Student
Clearance S ...)
+ TODO: check
+CVE-2025-4466 (A vulnerability was found in itsourcecode Gym Management System
1.0. I ...)
+ TODO: check
+CVE-2025-4465 (A vulnerability was found in itsourcecode Gym Management System
1.0 an ...)
+ TODO: check
+CVE-2025-4464 (A vulnerability has been found in itsourcecode Gym Management
System 1 ...)
+ TODO: check
+CVE-2025-4463 (A vulnerability, which was classified as critical, was found in
itsour ...)
+ TODO: check
+CVE-2025-4462 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-4461 (A vulnerability classified as problematic was found in TOTOLINK
N150RT ...)
+ TODO: check
+CVE-2025-4460 (A vulnerability classified as problematic has been found in
TOTOLINK N ...)
+ TODO: check
+CVE-2025-4459 (A vulnerability was found in code-projects Patient Record
Management S ...)
+ TODO: check
+CVE-2025-4458 (A vulnerability was found in code-projects Patient Record
Management S ...)
+ TODO: check
+CVE-2025-4457 (A vulnerability classified as critical was found in Project
Worlds Car ...)
+ TODO: check
+CVE-2025-4456 (A vulnerability classified as critical has been found in
Project World ...)
+ TODO: check
+CVE-2025-4455 (A vulnerability was found in Patch My PC Home Updater up to
5.1.3.0. I ...)
+ TODO: check
+CVE-2025-4454 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has
been decl ...)
+ TODO: check
+CVE-2025-4453 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has
been clas ...)
+ TODO: check
+CVE-2025-4452 (A vulnerability was found in D-Link DIR-619L 2.04B04 and
classified as ...)
+ TODO: check
+CVE-2025-4451 (A vulnerability has been found in D-Link DIR-619L 2.04B04 and
classifi ...)
+ TODO: check
+CVE-2025-4450 (A vulnerability, which was classified as critical, was found in
D-Link ...)
+ TODO: check
+CVE-2025-4449 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2025-4448 (A vulnerability classified as critical was found in D-Link
DIR-619L 2. ...)
+ TODO: check
+CVE-2025-4446 (A vulnerability has been found in H3C GR-5400AX up to 100R008
and clas ...)
+ TODO: check
+CVE-2025-4445 (A vulnerability classified as critical has been found in D-Link
DIR-60 ...)
+ TODO: check
+CVE-2025-4443 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has
been rate ...)
+ TODO: check
+CVE-2025-4442 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has
been decl ...)
+ TODO: check
+CVE-2025-4441 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has
been clas ...)
+ TODO: check
+CVE-2025-4440 (A vulnerability was found in H3C GR-1800AX up to 100R008 and
classifie ...)
+ TODO: check
+CVE-2025-4434 (The Remote Images Grabber plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin
for Word ...)
+ TODO: check
+CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with
GRUB c ...)
+ TODO: check
+CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal
vulnerabilit ...)
+ TODO: check
+CVE-2025-4376 (Improper Input Validation vulnerability in Sparx Systems Pro
Cloud Ser ...)
+ TODO: check
+CVE-2025-4375 (Cross-Site Request Forgery (CSRF) vulnerability in Sparx
Systems Pro C ...)
+ TODO: check
+CVE-2025-4206 (The WordPress CRM, Email & Marketing Automation for WordPress |
Award ...)
+ TODO: check
+CVE-2025-4107
+ REJECTED
+CVE-2025-47737 (lib.rs in the trailer crate through 0.1.2 for Rust mishandles
allocati ...)
+ TODO: check
+CVE-2025-47736 (dialect/mod.rs in the libsql-sqlite3-parser crate through
0.13.0 befor ...)
+ TODO: check
+CVE-2025-47735 (inner::drop in inner.rs in the wgp crate through 0.2.0 for
Rust lacks ...)
+ TODO: check
+CVE-2025-47733 (Server-Side Request Forgery (SSRF) in Microsoft Power Apps
allows an u ...)
+ TODO: check
+CVE-2025-47732 (Microsoft Dataverse Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-46392 (Uncontrolled Resource Consumption vulnerability in Apache
Commons Conf ...)
+ TODO: check
+CVE-2025-46193 (SourceCodester Client Database Management System 1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-46192 (SourceCodester Client Database Management System 1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-46191 (Arbitrary File Upload in user_payment_update.php in
SourceCodester Cli ...)
+ TODO: check
+CVE-2025-46190 (SourceCodester Client Database Management System 1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-46189 (SourceCodester Client Database Management System 1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-46188 (SourceCodester Client Database Management System 1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2025-45887 (Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery
(SSRF) ...)
+ TODO: check
+CVE-2025-45885 (PHPGURUKUL Vehicle Parking Management System v1.13 is
vulnerable to SQ ...)
+ TODO: check
+CVE-2025-45513 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the
functio ...)
+ TODO: check
+CVE-2025-3949 (The Website Builder by SeedProd \u2014 Theme Builder, Landing
Page Bui ...)
+ TODO: check
+CVE-2025-3897 (The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary
File R ...)
+ TODO: check
+CVE-2025-3811 (The WPBookit plugin for WordPress is vulnerable to privilege
escalatio ...)
+ TODO: check
+CVE-2025-3810 (The WPBookit plugin for WordPress is vulnerable to privilege
escalatio ...)
+ TODO: check
+CVE-2025-3714 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer
Overflow ...)
+ TODO: check
+CVE-2025-3713 (The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer
Overflow v ...)
+ TODO: check
+CVE-2025-3712 (The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer
Overflow v ...)
+ TODO: check
+CVE-2025-3711 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer
Overflow ...)
+ TODO: check
+CVE-2025-3710 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer
Overflow ...)
+ TODO: check
+CVE-2025-3605 (The Frontend Login and Registration Blocks plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2025-3463 ("This issue is limited to motherboards and does not affect
laptops, de ...)
+ TODO: check
+CVE-2025-3462 ("This issue is limited to motherboards and does not affect
laptops, de ...)
+ TODO: check
+CVE-2025-3455 (The 1 Click WordPress Migration Plugin \u2013 100% FREE for a
limited ...)
+ TODO: check
+CVE-2025-37889 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
+ TODO: check
+CVE-2025-33072 (Improper access control in Azure allows an unauthorized
attacker to di ...)
+ TODO: check
+CVE-2025-31946 (Pixmeo OsiriX MD is vulnerable to a local use after free
scenario, wh ...)
+ TODO: check
+CVE-2025-2253 (The IMITHEMES Listing plugin is vulnerable to privilege
escalation via ...)
+ TODO: check
+CVE-2025-29972 (Server-Side Request Forgery (SSRF) in Azure allows an
authorized attac ...)
+ TODO: check
+CVE-2025-29827 (Improper Authorization in Azure Automation allows an
authorized attack ...)
+ TODO: check
+CVE-2025-29813 (An elevation of privilege vulnerability exists when Visual
Studio impr ...)
+ TODO: check
+CVE-2025-29509 (Jan v0.5.14 and before is vulnerable to remote code execution
(RCE) wh ...)
+ TODO: check
+CVE-2025-28203 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2025-28202 (Incorrect access control in Victure RX1800
EN_V1.0.0_r12_110933 allows ...)
+ TODO: check
+CVE-2025-28201 (An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows
physically prox ...)
+ TODO: check
+CVE-2025-28200 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize
a weak d ...)
+ TODO: check
+CVE-2025-28074 (phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting
(XSS) due ...)
+ TODO: check
+CVE-2025-27720 (The Pixmeo Osirix MD Web Portal sends credential information
without e ...)
+ TODO: check
+CVE-2025-27578 (Pixmeo OsiriX MD is vulnerable to a use after free scenario,
which cou ...)
+ TODO: check
+CVE-2025-1993 (IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0,
9.1, 9.2 ...)
+ TODO: check
+CVE-2025-1331 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and
11.1could ...)
+ TODO: check
+CVE-2025-1330 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and
11.1 could ...)
+ TODO: check
+CVE-2025-1329 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and
11.1 could ...)
+ TODO: check
+CVE-2025-1087 (Kong Insomnia Desktop Application before 11.0.2 contains a
template in ...)
+ TODO: check
+CVE-2024-9524 (Link Following Local Privilege Escalation Vulnerability in
System Spee ...)
+ TODO: check
+CVE-2024-13962 (Link Following Local Privilege Escalation Vulnerability in
TuneupSvc i ...)
+ TODO: check
+CVE-2024-13961 (Link Following Local Privilege Escalation Vulnerability in
TuneupSvc i ...)
+ TODO: check
+CVE-2024-13960 (Link Following Local Privilege Escalation Vulnerability in
TuneUp Serv ...)
+ TODO: check
+CVE-2024-13959 (Link Following Local Privilege Escalation Vulnerability in
TuneupSvc.e ...)
+ TODO: check
+CVE-2024-13944 (Link Following Local Privilege Escalation Vulnerability in
NortonUtili ...)
+ TODO: check
+CVE-2024-13759 (Local Privilege Escalation in Avira.Spotlight.Service.exe in
Avira Pri ...)
+ TODO: check
+CVE-2024-12442 (EnerSys AMPA versions 24.04 through 24.16, inclusive, are
vulnerable t ...)
+ TODO: check
+CVE-2024-11861 (EnerSys AMPA 22.09 and prior versions are vulnerable to
command inject ...)
+ TODO: check
+CVE-2024-11617 (The Envolve Plugin plugin for WordPress is vulnerable to
arbitrary fil ...)
+ TODO: check
+CVE-2023-31585 (Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload
via /adm ...)
+ TODO: check
+CVE-2025-37888 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/91037037ee3d611ce17f39d75f79c7de394b122a (6.15-rc4)
-CVE-2025-37887 [pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result]
+CVE-2025-37887 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2567daad69cd1107fc0ec29b1615f110d7cf7385 (6.15-rc4)
-CVE-2025-37886 [pds_core: make wait_context part of q_info]
+CVE-2025-37886 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3f77c3dfffc7063428b100c4945ca2a7a8680380 (6.15-rc4)
-CVE-2025-37885 [KVM: x86: Reset IRTE to host control if *new* route isn't
postable]
+CVE-2025-37885 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE:
https://git.kernel.org/linus/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 (6.15-rc4)
-CVE-2025-37884 [bpf: Fix deadlock between rcu_tasks_trace and event_mutex.]
+CVE-2025-37884 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE:
https://git.kernel.org/linus/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1 (6.15-rc1)
-CVE-2025-37883 [s390/sclp: Add check for get_zeroed_page()]
+CVE-2025-37883 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE:
https://git.kernel.org/linus/3db42c75a921854a99db0a2775814fef97415bac (6.15-rc1)
-CVE-2025-37882 [usb: xhci: Fix isochronous Ring Underrun/Overrun event
handling]
+CVE-2025-37882 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.27-1
NOTE:
https://git.kernel.org/linus/906dec15b9b321b546fd31a3c99ffc13724c7af4 (6.15-rc1)
-CVE-2025-37881 [usb: gadget: aspeed: Add NULL pointer check in
ast_vhub_init_dev()]
+CVE-2025-37881 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE:
https://git.kernel.org/linus/8c75f3e6a433d92084ad4e78b029ae680865420f (6.15-rc1)
-CVE-2025-37880 [um: work around sched_yield not yielding in time-travel mode]
+CVE-2025-37880 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.27-1
NOTE:
https://git.kernel.org/linus/887c5c12e80c8424bd471122d2e8b6b462e12874 (6.15-rc1)
-CVE-2025-37879 [9p/net: fix improper handling of bogus negative read/write
replies]
+CVE-2025-37879 (In the Linux kernel, the following vulnerability has been
resolved: 9 ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE:
https://git.kernel.org/linus/d0259a856afca31d699b706ed5e2adf11086c73b (6.15-rc1)
-CVE-2025-37878 [perf/core: Fix WARN_ON(!ctx) in __free_event() for partial
init]
+CVE-2025-37878 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.27-1
NOTE:
https://git.kernel.org/linus/0ba3a4ab76fd3367b9cb680cad70182c896c795c (6.15-rc2)
-CVE-2025-37877 [iommu: Clear iommu-dma ops on cleanup]
+CVE-2025-37877 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.27-1
NOTE:
https://git.kernel.org/linus/280e5a30100578106a4305ce0118e0aa9b866f12 (6.15-rc2)
-CVE-2025-37876 [netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS]
+CVE-2025-37876 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.27-1
NOTE:
https://git.kernel.org/linus/40cb48eba3b4b79e110c1a35d33a48cac54507a2 (6.15-rc3)
-CVE-2025-37875 [igc: fix PTM cycle trigger logic]
+CVE-2025-37875 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8e404ad95d2c10c261e2ef6992c7c12dde03df0e (6.15-rc3)
-CVE-2025-37874 [net: ngbe: fix memory leak in ngbe_probe() error path]
+CVE-2025-37874 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/88fa80021b77732bc98f73fb69d69c7cc37b9f0d (6.15-rc3)
-CVE-2025-37873 [eth: bnxt: fix missing ring index trim on error path]
+CVE-2025-37873 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/12f2d033fae957d84c2c0ce604d2a077e61fa2c0 (6.15-rc3)
-CVE-2025-37872 [net: txgbe: fix memory leak in txgbe_probe() error path]
+CVE-2025-37872 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b2727326d0a53709380aa147018085d71a6d4843 (6.15-rc3)
-CVE-2025-37871 [nfsd: decrease sc_count directly if fail to queue dl_recall]
+CVE-2025-37871 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/a1d14d931bf700c1025db8c46d6731aa5cf440f9 (6.15-rc3)
-CVE-2025-37870 [drm/amd/display: prevent hang on link training fail]
+CVE-2025-37870 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.25-1
NOTE:
https://git.kernel.org/linus/8058061ed9d6bc259d1e678607b07d259342c08f (6.15-rc1)
-CVE-2025-37869 [drm/xe: Use local fence in error path of xe_migrate_clear]
+CVE-2025-37869 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/20659d3150f1a2a258a173fe011013178ff2a197 (6.15-rc2)
-CVE-2025-37868 [drm/xe/userptr: fix notifier vs folio deadlock]
+CVE-2025-37868 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2577b202458cddff85cc154b1fe7f313e0d1f418 (6.15-rc3)
-CVE-2025-37867 [RDMA/core: Silence oversized kvmalloc() warning]
+CVE-2025-37867 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/9a0e6f15029e1a8a21e40f06fd05aa52b7f063de (6.15-rc3)
-CVE-2025-37866 [mlxbf-bootctl: use sysfs_emit_at() in
secure_boot_fuse_state_show()]
+CVE-2025-37866 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b129005ddfc0e6daf04a6d3b928a9e474f9b3918 (6.15-rc3)
-CVE-2025-37865 [net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST
is unsupported]
+CVE-2025-37865 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ea08dfc35f83cfc73493c52f63ae4f2e29edfe8d (6.15-rc3)
-CVE-2025-37864 [net: dsa: clean up FDB, MDB, VLAN entries on unbind]
+CVE-2025-37864 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7afb5fb42d4950f33af2732b8147c552659f79b7 (6.15-rc3)
-CVE-2025-37863 [ovl: don't allow datadir only]
+CVE-2025-37863 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/eb3a04a8516ee9b5174379306f94279fc90424c4 (6.15-rc3)
-CVE-2025-37862 [HID: pidff: Fix null pointer dereference in pidff_find_fields]
+CVE-2025-37862 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/22a05462c3d0eee15154faf8d13c49e6295270a5 (6.15-rc1)
-CVE-2025-37861 [scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue]
+CVE-2025-37861 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.25-1
NOTE:
https://git.kernel.org/linus/f195fc060c738d303a21fae146dbf85e1595fb4c (6.15-rc1)
-CVE-2025-37859 [page_pool: avoid infinite loop to schedule delayed worker]
+CVE-2025-37859 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/43130d02baa137033c25297aaae95fd0edc41654 (6.15-rc1)
-CVE-2025-37858 [fs/jfs: Prevent integer overflow in AG size calculation]
+CVE-2025-37858 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e (6.15-rc1)
-CVE-2025-37857 [scsi: st: Fix array overflow in st_setup()]
+CVE-2025-37857 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/a018d1cf990d0c339fe0e29b762ea5dc10567d67 (6.15-rc1)
-CVE-2025-37856 [btrfs: harden block_group::bg_list against list_del() races]
+CVE-2025-37856 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.25-1
NOTE:
https://git.kernel.org/linus/7511e29cf1355b2c47d0effb39e463119913e2f6 (6.15-rc1)
-CVE-2025-37855 [drm/amd/display: Guard Possible Null Pointer Dereference]
+CVE-2025-37855 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c87d202692de34ee71d1fd4679a549a29095658a (6.15-rc1)
-CVE-2025-37854 [drm/amdkfd: Fix mode1 reset crash issue]
+CVE-2025-37854 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/f0b4440cdc1807bb6ec3dce0d6de81170803569b (6.15-rc1)
-CVE-2025-37853 [drm/amdkfd: debugfs hang_hws skip GPU with MES]
+CVE-2025-37853 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.25-1
NOTE:
https://git.kernel.org/linus/fe9d0061c413f8fb8c529b18b592b04170850ded (6.15-rc1)
-CVE-2025-37852 [drm/amdgpu: handle amdgpu_cgs_create_device() errors in
amd_powerplay_create()]
+CVE-2025-37852 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/1435e895d4fc967d64e9f5bf81e992ac32f5ac76 (6.15-rc1)
-CVE-2025-37851 [fbdev: omapfb: Add 'plane' value check]
+CVE-2025-37851 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/3e411827f31db7f938a30a3c7a7599839401ec30 (6.15-rc1)
-CVE-2025-37850 [pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()]
+CVE-2025-37850 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/7ca59947b5fcf94e7ea4029d1bd0f7c41500a161 (6.15-rc2)
-CVE-2025-37849 [KVM: arm64: Tear down vGIC on failed vCPU creation]
+CVE-2025-37849 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/250f25367b58d8c65a1b060a2dda037eea09a672 (6.15-rc1)
-CVE-2025-37848 [accel/ivpu: Fix PM related deadlocks in MS IOCTLs]
+CVE-2025-37848 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d893da85e06edf54737bb80648bb58ba8fd56d9f (6.15-rc2)
-CVE-2025-37847 [accel/ivpu: Fix deadlock in ivpu_ms_cleanup()]
+CVE-2025-37847 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9a6f56762d23a1f3af15e67901493c927caaf882 (6.15-rc2)
-CVE-2025-37846 [arm64: mops: Do not dereference src reg for a set operation]
+CVE-2025-37846 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a13bfa4fe0d6949cea14718df2d1fe84c38cd113 (6.15-rc1)
-CVE-2025-37845 [tracing: fprobe events: Fix possible UAF on modules]
+CVE-2025-37845 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/dd941507a9486252d6fcf11814387666792020f3 (6.15-rc2)
-CVE-2025-37844 [cifs: avoid NULL pointer dereference in dbg call]
+CVE-2025-37844 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/b4885bd5935bb26f0a414ad55679a372e53f9b9b (6.15-rc1)
-CVE-2025-37843 [PCI: pciehp: Avoid unnecessary device replacement check]
+CVE-2025-37843 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e3260237aaadc9799107ccb940c6688195c4518d (6.15-rc1)
-CVE-2025-37842 [spi: fsl-qspi: use devm function instead of driver remove]
+CVE-2025-37842 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/40369bfe717e96e26650eeecfa5a6363563df6e4 (6.15-rc1)
-CVE-2025-37841 [pm: cpupower: bench: Prevent NULL dereference on malloc
failure]
+CVE-2025-37841 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/208baa3ec9043a664d9acfb8174b332e6b17fb69 (6.15-rc1)
-CVE-2025-37840 [mtd: rawnand: brcmnand: fix PM resume warning]
+CVE-2025-37840 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/ddc210cf8b8a8be68051ad958bf3e2cef6b681c2 (6.15-rc1)
-CVE-2025-37839 [jbd2: remove wrong sb->s_sequence check]
+CVE-2025-37839 (In the Linux kernel, the following vulnerability has been
resolved: j ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE:
https://git.kernel.org/linus/e6eff39dd0fe4190c6146069cc16d160e71d1148 (6.15-rc1)
-CVE-2025-37837 [iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()]
+CVE-2025-37837 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/767e22001dfce64cc03b7def1562338591ab6031 (6.15-rc2)
-CVE-2025-37836 [PCI: Fix reference leak in pci_register_host_bridge()]
+CVE-2025-37836 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.137-1
NOTE:
https://git.kernel.org/linus/804443c1f27883926de94c849d91f5b7d7d696e9 (6.15-rc1)
-CVE-2025-37835 [smb: client: Fix netns refcount imbalance causing leaks and
use-after-free]
+CVE-2025-37835 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4e7f1644f2ac6d01dc584f6301c3b1d5aac4eaef (6.15-rc1)
-CVE-2025-4432
+CVE-2025-4432 (A flaw was found in Rust's Ring package. A panic may be
triggered when ...)
- rust-ring 0.17.14-1
[bookworm] - rust-ring <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2350655
NOTE: Fixed by:
https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38
NOTE: https://github.com/briansmith/ring/pull/2447
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
-CVE-2025-4475 (Issue in my product in blah version x on y allows bad person to
break)
+CVE-2025-4475
+ REJECTED
TODO: check
CVE-2025-4208 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms
and mu ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4207 (Buffer over-read in PostgreSQL GB18030 encoding validation
allows a da ...)
+ {DLA-4159-1}
- postgresql-17 17.5-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue)
@@ -339,6 +555,7 @@ CVE-2024-8100 (On affected versions of the Arista
CloudVision Portal (CVP on-pre
CVE-2024-6648 (Absolute Path Traversal vulnerability in AP Page Builder
versions prio ...)
NOT-FOR-US: AP Page Builder
CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be
incorrectly ...)
+ {DSA-5894-1 DLA-4106-1}
- jetty12 <not-affected> (Only affects 9.x)
- jetty9 9.4.57-1
- jetty <not-affected> (Only affects 9.x)
@@ -565,11 +782,11 @@ CVE-2025-XXXX [ZDI-CAN-26752]
- gimp <unfixed> (bug #1105005)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
-CVE-2025-1278
+CVE-2025-1278 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
-CVE-2024-8973
+CVE-2024-8973 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2025-0549
+CVE-2025-0549 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2025-4390
- slurm-wlm <unfixed> (bug #1104929)
@@ -2620,7 +2837,8 @@ CVE-2025-32885 (An issue was discovered on goTenna v1
devices with app 5.5.3 and
NOT-FOR-US: goTenna v1 devices
CVE-2025-32884 (An issue was discovered on goTenna Mesh devices with app 5.5.3
and fir ...)
NOT-FOR-US: goTenna Mesh devices
-CVE-2025-32883 (An issue was discovered on goTenna Mesh devices with app 5.5.3
and fir ...)
+CVE-2025-32883
+ REJECTED
NOT-FOR-US: goTenna Mesh devices
CVE-2025-32882 (An issue was discovered on goTenna v1 devices with app 5.5.3
and firmw ...)
NOT-FOR-US: goTenna v1 devices
@@ -4049,7 +4267,7 @@ CVE-2025-3911 (Recording of environment variables,
configured for running contai
CVE-2025-3910 (A flaw was found in Keycloak. The org.keycloak.authorization
package m ...)
- keycloak <itp> (bug #1088287)
CVE-2025-3891 (A flaw was found in the mod_auth_openidc module for Apache
httpd. This ...)
- {DLA-4155-1}
+ {DSA-5917-1 DLA-4155-1}
- libapache2-mod-auth-openidc 2.4.14.2-1 (bug #1104484)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2361633
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-x7cf-8wgv-5j86
@@ -4654,7 +4872,8 @@ CVE-2025-32982 (NETSCOUT nGeniusONE before 6.4.0 b2350
has a Broken Authorizatio
NOT-FOR-US: NETSCOUT
CVE-2025-32981 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to
leverage ...)
NOT-FOR-US: NETSCOUT
-CVE-2025-32980 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo
Configuration.)
+CVE-2025-32980
+ REJECTED
NOT-FOR-US: NETSCOUT
CVE-2025-32979 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File
Creation ...)
NOT-FOR-US: NETSCOUT
@@ -8814,7 +9033,7 @@ CVE-2024-13338 (The Clearfy Cache \u2013 WordPress
optimization plugin, Minify H
NOT-FOR-US: WordPress plugin
CVE-2024-13337 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify
HTML, C ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-3528
+CVE-2025-3528 (A flaw was found in the Mirror Registry. The quay-app container
shippe ...)
NOT-FOR-US: quay-app container for the Mirror Registry application (Red
Hat)
CVE-2025-3439 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter
& Paym ...)
NOT-FOR-US: WordPress plugin
@@ -18290,6 +18509,7 @@ CVE-2024-21760 (An improper control of generation of
code ('Code Injection') vul
CVE-2023-47539 (An improper access control vulnerability in FortiMail version
7.4.0 co ...)
NOT-FOR-US: Fortinet
CVE-2025-0755 (The various bson_appendfunctions in the MongoDB C driver
library may b ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.27.5-1
@@ -18833,7 +19053,8 @@ CVE-2025-1657 (The Directory Listings WordPress plugin
\u2013 uListing plugin fo
NOT-FOR-US: WordPress plugin
CVE-2025-1653 (The Directory Listings WordPress plugin \u2013 uListing plugin
for Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-13847 (The Portfolio and Projects plugin for WordPress is vulnerable
to Store ...)
+CVE-2024-13847
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-13497 (The WordPress form builder plugin for contact forms, surveys
and quizz ...)
NOT-FOR-US: WordPress plugin
@@ -19752,6 +19973,7 @@ CVE-2025-27789 (Babel is a compiler for writing next
generation JavaScript. When
NOTE: https://github.com/babel/babel/pull/17173
NOTE:
https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8
CVE-2025-27773 (The SimpleSAMLphp SAML2 library is a PHP library for SAML2
related fun ...)
+ {DLA-4161-1}
- simplesamlphp <unfixed> (bug #1100595)
NOTE:
https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
NOTE:
https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
@@ -90489,6 +90711,7 @@ CVE-2024-6463
CVE-2024-6461
REJECTED
CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be
vulnerable ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.27.1-1
@@ -90733,6 +90956,7 @@ CVE-2024-6438 (A vulnerability has been found in Hitout
Carsale 1.0 and classifi
CVE-2024-6382 (Incorrect handling of certain string inputs may result in
MongoDB Rust ...)
NOT-FOR-US: MongoDB rust driver
CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may
be susc ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.26.2-1
@@ -201181,6 +201405,7 @@ CVE-2023-0439 (The NEX-Forms WordPress plugin before
8.4.4 does not escape its f
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an
exit cond ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.25.0-1
@@ -297250,7 +297475,7 @@ CVE-2022-21548 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
NOT-FOR-US: Oracle
CVE-2022-21547 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.30-1 (bug #1015789)
-CVE-2022-21546 (In newer version of the SBC specs, we have a NDOB bit that
indicates t ...)
+CVE-2022-21546 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.19.6-1
NOTE:
https://git.kernel.org/linus/ccd3f449052449a917a3e577d8ba0368f43b8f29 (5.19-rc7)
CVE-2022-21545 (Vulnerability in the Oracle iRecruitment product of Oracle
E-Business ...)
@@ -508321,6 +508546,7 @@ CVE-2018-16792 (SolarWinds SFTP/SCP server through
2018-09-10 is vulnerable to X
CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the
configuration fi ...)
NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as
used in ...)
+ {DLA-4160-1}
- libbson <removed> (bug #913896)
[stretch] - libbson <no-dsa> (Minor issue)
- libbson-xs-perl <removed>
@@ -564442,6 +564668,7 @@ CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0,
there is an illegal address
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423
NOTE: Crash in CLI tool, no securiy impact
CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in
bson-it ...)
+ {DLA-4160-1}
- libbson 1.8.0-1 (bug #874754)
[stretch] - libbson <no-dsa> (Minor issue)
- libbson-xs-perl <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2339d68548c73c167b8d4ab105d862ef491c1faf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2339d68548c73c167b8d4ab105d862ef491c1faf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
