Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b8465e9 by security tracker role at 2025-07-24T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with
specific priv ...)
+ TODO: check
+CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall
plugin ...)
+ TODO: check
+CVE-2025-7852 (The WPBookit plugin for WordPress is vulnerable to arbitrary
file uplo ...)
+ TODO: check
+CVE-2025-7745 (: Buffer Over-read vulnerability in ABB AC500 V2.This issue
affects AC ...)
+ TODO: check
+CVE-2025-7437 (The Ebook Store plugin for WordPress is vulnerable to arbitrary
file u ...)
+ TODO: check
+CVE-2025-7001 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-54377 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-54371
+ REJECTED
+CVE-2025-54365 (fastapi-guard is a security library for FastAPI that provides
middlewa ...)
+ TODO: check
+CVE-2025-53942 (authentik is an open-source Identity Provider that emphasizes
flexibil ...)
+ TODO: check
+CVE-2025-53537 (LibHTP is a security-aware parser for the HTTP protocol and
its relate ...)
+ TODO: check
+CVE-2025-4976 (An issue has been discovered in GitLab EE affecting all
versions from ...)
+ TODO: check
+CVE-2025-4968 (The WPBakery Page Builder for WordPress plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2025-4395 (Medtronic MyCareLink Patient Monitor has a built-in user
account with ...)
+ TODO: check
+CVE-2025-4394 (Medtronic MyCareLink Patient Monitor uses an unencrypted
filesystem on ...)
+ TODO: check
+CVE-2025-4393 (Medtronic MyCareLink Patient Monitor has an internal service
that dese ...)
+ TODO: check
+CVE-2025-47281 (Kyverno is a policy engine designed for cloud native platform
engineer ...)
+ TODO: check
+CVE-2025-41240 (Three Bitnami Helm charts mount Kubernetes Secrets under a
predictable ...)
+ TODO: check
+CVE-2025-32019 (Harbor is an open source trusted cloud native registry project
that st ...)
+ TODO: check
+CVE-2025-26397 (SolarWinds Observability Self-Hosted is susceptible to
Deserialization ...)
+ TODO: check
+CVE-2025-1299 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2025-0765 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2016-15044 (A remote code execution vulnerability exists in Kaltura
versions prior ...)
+ TODO: check
CVE-2025-8070 (The Windows service configuration of ABP and AES contains an
unquoted ...)
NOT-FOR-US: Asustor
CVE-2025-8069 (During the AWS Client VPN client installation on Windows
devices, the ...)
@@ -10,7 +56,7 @@ CVE-2025-8058 (The regcomp function in the GNU C library
version from 2.4 to 2.4
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005
NOTE: Inroduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
-CVE-2025-8022 (All versions of the package bun are vulnerable to Improper
Neutralizat ...)
+CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to
Improper Ne ...)
TODO: check
CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable
to Dire ...)
TODO: check
@@ -236,6 +282,7 @@ CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results
in all "RewriteCond e
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by:
https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird
ESR 128. ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -246,6 +293,7 @@ CVE-2025-8040 (Memory safety bugs present in Firefox ESR
140.0, Thunderbird ESR
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR
128.12, ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -256,6 +304,7 @@ CVE-2025-8044 (Memory safety bugs present in Firefox 140
and Thunderbird 140. So
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
CVE-2025-8033 (The JavaScript engine did not handle closed generators
correctly and i ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -269,6 +318,7 @@ CVE-2025-8038 (Thunderbird ignored paths when checking the
validity of navigatio
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
CVE-2025-8032 (XSLT document loading did not correctly propagate the source
document ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -276,6 +326,7 @@ CVE-2025-8032 (XSLT document loading did not correctly
propagate the source docu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
CVE-2025-8031 (The `username:password` part was not correctly stripped from
URLs in C ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -286,6 +337,7 @@ CVE-2025-8043 (Focus incorrectly truncated URLs towards the
beginning instead of
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature
could po ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -299,6 +351,7 @@ CVE-2025-8036 (Thunderbird cached CORS preflight responses
across IP address cha
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object`
and `emb ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -312,6 +365,7 @@ CVE-2025-8041
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries
could le ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -319,6 +373,7 @@ CVE-2025-8028 (On arm64, a WASM `br_table` instruction with
a lot of entries cou
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the
64-bit ret ...)
+ {DSA-5964-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird <unfixed>
@@ -326,9 +381,11 @@ CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only
wrote 32 bits of the 64-bi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8027
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8027
CVE-2025-8011 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168
allowed ...)
+ {DSA-5965-1}
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8010 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168
allowed ...)
+ {DSA-5965-1}
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology
LBT-T300-T310 ...)
@@ -69173,7 +69230,7 @@ CVE-2024-29646 (Buffer Overflow vulnerability in
radarorg radare2 v.5.8.8 allows
NOTE:
https://github.com/radareorg/radare2/commit/c75ad89e5f4d1c53bb06f9c4dee174cc73aba30a
(5.9.0)
NOTE:
https://github.com/radareorg/radare2/commit/f368c8ccdb03af307d37f1c6899b94b25a0306c7
(5.9.0)
NOTE:
https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690
-CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to
Prototype ...)
+CVE-2024-21548 (Versions of the package bun after 0.0.12 and before 1.1.30 are
vulnera ...)
NOT-FOR-US: bun
CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are
vulnerable ...)
NOT-FOR-US: spatie/browsershot
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8465e9f8646ae5afba8e87fa54ca253c108aec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8465e9f8646ae5afba8e87fa54ca253c108aec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
