Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b665ca33 by security tracker role at 2025-07-09T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,97 +1,203 @@
-CVE-2025-38264 [nvme-tcp: sanitize request list handling]
+CVE-2025-7381 (ImpactThis is an information disclosure vulnerability
originating from ...)
+ TODO: check
+CVE-2025-7379 (A security bypass vulnerability allows exploitation via Reverse
Tabnab ...)
+ TODO: check
+CVE-2025-7204 (In ConnectWise PSA versions older than 2025.9, a vulnerability
exists ...)
+ TODO: check
+CVE-2025-6514 (mcp-remote is exposed to OS command injection when connecting
to untru ...)
+ TODO: check
+CVE-2025-53743 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not
mask Applit ...)
+ TODO: check
+CVE-2025-53742 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores
Applitools AP ...)
+ TODO: check
+CVE-2025-53678 (Jenkins User1st uTester Plugin 1.1 and earlier stores the
uTester JWT ...)
+ TODO: check
+CVE-2025-53677 (Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa
Deploymen ...)
+ TODO: check
+CVE-2025-53676 (Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa
Deployment Token ...)
+ TODO: check
+CVE-2025-53675 (Jenkins Warrior Framework Plugin 1.2 and earlier stores
passwords unen ...)
+ TODO: check
+CVE-2025-53674 (Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask
the Sense ...)
+ TODO: check
+CVE-2025-53673 (Jenkins Sensedia Api Platform tools Plugin 1.0 stores the
Sensedia API ...)
+ TODO: check
+CVE-2025-53672 (Jenkins Kryptowire Plugin 0.2 and earlier stores the
Kryptowire API ke ...)
+ TODO: check
+CVE-2025-53671 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not
mask DiveCl ...)
+ TODO: check
+CVE-2025-53670 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores
DiveCloud API ...)
+ TODO: check
+CVE-2025-53669 (Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API
Auth Ke ...)
+ TODO: check
+CVE-2025-53668 (Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth
Keys unen ...)
+ TODO: check
+CVE-2025-53667 (Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's
Snitch t ...)
+ TODO: check
+CVE-2025-53666 (Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch
tokens u ...)
+ TODO: check
+CVE-2025-53665 (Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask
Apica Loa ...)
+ TODO: check
+CVE-2025-53664 (Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica
Loadtest L ...)
+ TODO: check
+CVE-2025-53663 (Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores
SonarQube au ...)
+ TODO: check
+CVE-2025-53662 (Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores
IFTTT Maker ...)
+ TODO: check
+CVE-2025-53661 (Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does
not mask T ...)
+ TODO: check
+CVE-2025-53660 (Jenkins QMetry Test Management Plugin 1.13 and earlier does
not mask Q ...)
+ TODO: check
+CVE-2025-53659 (Jenkins QMetry Test Management Plugin 1.13 and earlier stores
Qmetry A ...)
+ TODO: check
+CVE-2025-53658 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not
escape the ...)
+ TODO: check
+CVE-2025-53657 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier
does not m ...)
+ TODO: check
+CVE-2025-53656 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier
stores SLM ...)
+ TODO: check
+CVE-2025-53655 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not
mask the ...)
+ TODO: check
+CVE-2025-53654 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores
the AWS Se ...)
+ TODO: check
+CVE-2025-53653 (Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores
Scanner ...)
+ TODO: check
+CVE-2025-53652 (Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier
does not ...)
+ TODO: check
+CVE-2025-53651 (Jenkins HTML Publisher Plugin 425 and earlier displays log
messages th ...)
+ TODO: check
+CVE-2025-53650 (Jenkins Credentials Binding Plugin 687.v619cb_15e923f and
earlier does ...)
+ TODO: check
+CVE-2025-53645 (Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x
before ...)
+ TODO: check
+CVE-2025-53620 (@builder.io/qwik-city is the meta-framework for Qwik. When a
Qwik Serv ...)
+ TODO: check
+CVE-2025-53548 (Clerk helps developers build user management. Applications
that use th ...)
+ TODO: check
+CVE-2025-53546 (Folo organizes feeds content into one timeline. Using
pull_request_tar ...)
+ TODO: check
+CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware
V22.5.4.9 ...)
+ TODO: check
+CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping
diagnostic ...)
+ TODO: check
+CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was
discovere ...)
+ TODO: check
+CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to
utilize i ...)
+ TODO: check
+CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX
SDK 7.41 ...)
+ TODO: check
+CVE-2025-44177 (A directory traversal vulnerability was discovered in White
Star Softw ...)
+ TODO: check
+CVE-2025-3499 (The device has two web servers that expose unauthenticated REST
APIs o ...)
+ TODO: check
+CVE-2025-3498 (An unauthenticated user with management network access can get
and mo ...)
+ TODO: check
+CVE-2025-3497 (The Linux distribution underlying the Radiflow iSAP Smart
Collector ( ...)
+ TODO: check
+CVE-2025-36599 (Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains
an Inse ...)
+ TODO: check
+CVE-2025-2670 (IBM OpenPages 9.0 is vulnerable to information disclosure of
sensitive ...)
+ TODO: check
+CVE-2025-27028 (The Linux deprivileged user vpuserin Radiflow iSAP Smart
Collector (Ce ...)
+ TODO: check
+CVE-2025-27027 (A user with vpusercredentials that opens an SSH connection to
the devi ...)
+ TODO: check
+CVE-2025-1112 (IBM OpenPages with Watson 8.3 and 9.0 could allow an
authenticated use ...)
+ TODO: check
+CVE-2025-38264 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/0bf04c874fcb1ae46a863034296e4b33d8fbd66c (6.16-rc1)
-CVE-2025-38263 [bcache: fix NULL pointer in cache_set_flush()]
+CVE-2025-38263 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/1e46ed947ec658f89f1a910d880cd05e42d3763e (6.16-rc1)
-CVE-2025-38262 [tty: serial: uartlite: register uart driver in init]
+CVE-2025-38262 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/6bd697b5fc39fd24e2aa418c7b7d14469f550a93 (6.16-rc1)
-CVE-2025-38261 [riscv: save the SR_SUM status over switches]
+CVE-2025-38261 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/788aa64c01f1262310b4c1fb827a36df170d86ea (6.16-rc1)
-CVE-2025-38260 [btrfs: handle csum tree error with rescue=ibadroots correctly]
+CVE-2025-38260 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/547e836661554dcfa15c212a3821664e85b4191a (6.16-rc4)
-CVE-2025-38259 [ASoC: codecs: wcd9335: Fix missing free of regulator supplies]
+CVE-2025-38259 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/9079db287fc3e38e040b0edeb0a25770bb679c8e (6.16-rc1)
-CVE-2025-38258 [mm/damon/sysfs-schemes: free old
damon_sysfs_scheme_filter->memcg_path on write]
+CVE-2025-38258 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4f489fe6afb395dbc79840efa3c05440b760d883 (6.16-rc4)
-CVE-2025-38257 [s390/pkey: Prevent overflow in size calculation for
memdup_user()]
+CVE-2025-38257 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/7360ee47599af91a1d5f4e74d635d9408a54e489 (6.16-rc4)
-CVE-2025-38256 [io_uring/rsrc: fix folio unpinning]
+CVE-2025-38256 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5afb4bf9fc62d828647647ec31745083637132e4 (6.16-rc4)
-CVE-2025-38255 [lib/group_cpus: fix NULL pointer dereference from
group_cpus_evenly()]
+CVE-2025-38255 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/df831e97739405ecbaddb85516bc7d4d1c933d6b (6.16-rc4)
-CVE-2025-38254 [drm/amd/display: Add sanity checks for drm_edid_raw()]
+CVE-2025-38254 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6847b3b6e84ef37451c074e6a8db3fbd250c8dbf (6.16-rc4)
-CVE-2025-38253 [HID: wacom: fix crash in wacom_aes_battery_handler()]
+CVE-2025-38253 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f3054152c12e2eed1e72704aff47b0ea58229584 (6.16-rc4)
-CVE-2025-38252 [cxl/ras: Fix CPER handler device confusion]
+CVE-2025-38252 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8 (6.16-rc4)
-CVE-2025-38251 [atm: clip: prevent NULL deref in clip_push()]
+CVE-2025-38251 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/b993ea46b3b601915ceaaf3c802adf11e7d6bac6 (6.16-rc4)
-CVE-2025-38250 [Bluetooth: hci_core: Fix use-after-free in vhci_flush()]
+CVE-2025-38250 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/1d6123102e9fbedc8d25bf4731da6d513173e49e (6.16-rc4)
-CVE-2025-38249 [ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3()]
+CVE-2025-38249 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a (6.16-rc4)
-CVE-2025-38248 [bridge: mcast: Fix use-after-free during router port
configuration]
+CVE-2025-38248 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7544f3f5b0b58c396f374d060898b5939da31709 (6.16-rc4)
-CVE-2025-38247 [userns and mnt_idmap leak in open_tree_attr(2)]
+CVE-2025-38247 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0748e553df0225754c316a92af3a77fdc057b358 (6.16-rc4)
-CVE-2025-38246 [bnxt: properly flush XDP redirect lists]
+CVE-2025-38246 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9caca6ac0e26cd20efd490d8b3b2ffb1c7c00f6f (6.16-rc4)
-CVE-2025-38245 [atm: Release atm_dev_mutex after removing procfs in
atm_dev_deregister().]
+CVE-2025-38245 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a433791aeaea6e84df709e0b9584b9bbe040cd1c (6.16-rc4)
-CVE-2025-38244 [smb: client: fix potential deadlock when reconnecting channels]
+CVE-2025-38244 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/711741f94ac3cf9f4e3aa73aa171e76d188c0819 (6.16-rc4)
-CVE-2025-38243 [btrfs: fix invalid inode pointer dereferences during log
replay]
+CVE-2025-38243 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2dcf838cf5c2f0f4501edaa1680fcad03618d760 (6.16-rc4)
-CVE-2025-38242 [mm: userfaultfd: fix race of userfaultfd_move and swap cache]
+CVE-2025-38242 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0ea148a799198518d8ebab63ddd0bb6114a103bc (6.16-rc4)
-CVE-2025-38241 [mm/shmem, swap: fix softlockup with mTHP swapin]
+CVE-2025-38241 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a05dd8ae5cbb1cb45f349922cfea4f548a5e5d6f (6.16-rc4)
-CVE-2025-38239 [scsi: megaraid_sas: Fix invalid node index]
+CVE-2025-38239 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/752eb816b55adb0673727ba0ed96609a17895654 (6.16-rc4)
-CVE-2025-38238 [scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times
out]
+CVE-2025-38238 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2 (6.16-rc4)
-CVE-2025-7378 (Improper Input Validation vulnerability allows injecting
arbitrary v ...)
+CVE-2025-7378 (An improper Input Validation vulnerability allows injecting
arbitrary ...)
NOT-FOR-US: Asustor
CVE-2025-7220 (A vulnerability was found in Campcodes Payroll Management
System 1.0. ...)
NOT-FOR-US: Campcodes
@@ -118200,7 +118306,7 @@ CVE-2024-35432 (ZKTeco ZKBio CVSecurity 6.1.1 is
vulnerable to Cross Site Script
NOT-FOR-US: ZKTeco ZKBio CVSecurity
CVE-2024-35431 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory
Traversal via ...)
NOT-FOR-US: ZKTeco ZKBio CVSecurity
-CVE-2024-35430 (In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can
bypass pas ...)
+CVE-2024-35430 (In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in
6.1.3_R) an ...)
NOT-FOR-US: ZKTeco ZKBio CVSecurity
CVE-2024-35429 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory
Traversal via ...)
NOT-FOR-US: ZKTeco ZKBio CVSecurity
@@ -360218,8 +360324,8 @@ CVE-2021-27963 (SonLogger before 6.4.1 is affected by
user creation with any use
NOT-FOR-US: SonLogger
CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x
before 7.4. ...)
- grafana <removed>
-CVE-2021-27961
- RESERVED
+CVE-2021-27961 (evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via
the inde ...)
+ TODO: check
CVE-2021-27960
RESERVED
CVE-2021-27959
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b665ca3316ba5aaad02ceb81088e59d64e23dfce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b665ca3316ba5aaad02ceb81088e59d64e23dfce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
