Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09daa0a7 by security tracker role at 2025-08-09T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,97 @@
-CVE-2024-58238 [Bluetooth: btnxpuart: Resolve TX timeout error in power save
stress test]
+CVE-2025-8773 (A vulnerability, which was classified as critical, was found in
Dinsta ...)
+ TODO: check
+CVE-2025-8772 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-8771
+ REJECTED
+CVE-2025-8765 (A vulnerability classified as problematic was found in Datacom
DM955 5 ...)
+ TODO: check
+CVE-2025-8764 (A vulnerability classified as critical has been found in
linlinjava li ...)
+ TODO: check
+CVE-2025-8763 (A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It
has been ...)
+ TODO: check
+CVE-2025-8759 (A vulnerability was found in TRENDnet TN-200 1.02b02. It has
been decl ...)
+ TODO: check
+CVE-2025-8758 (A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It
has been ...)
+ TODO: check
+CVE-2025-8757 (A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and
classified ...)
+ TODO: check
+CVE-2025-8756 (A vulnerability has been found in TDuckCloud tduck-platform up
to 5.1 ...)
+ TODO: check
+CVE-2025-8755 (A vulnerability was found in macrozheng mall up to 1.0.3 and
classifie ...)
+ TODO: check
+CVE-2025-8753 (A vulnerability, which was classified as critical, has been
found in l ...)
+ TODO: check
+CVE-2025-8752 (A vulnerability was found in wangzhixuan spring-shiro-training
up to 9 ...)
+ TODO: check
+CVE-2025-8751 (A vulnerability was found in Protected Total WebShield
Extension up to ...)
+ TODO: check
+CVE-2025-8750 (A vulnerability has been found in macrozheng mall up to 1.0.3
and clas ...)
+ TODO: check
+CVE-2025-8746 (A vulnerability, which was classified as problematic, was found
in GNU ...)
+ TODO: check
+CVE-2025-8745 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-8744 (A vulnerability classified as critical was found in CesiumLab
Web up t ...)
+ TODO: check
+CVE-2025-8743 (A vulnerability classified as problematic has been found in
Scada-LTS ...)
+ TODO: check
+CVE-2025-8742 (A vulnerability was found in macrozheng mall 1.0.3. It has been
rated ...)
+ TODO: check
+CVE-2025-8741 (A vulnerability was found in macrozheng mall up to 1.0.3. It
has been ...)
+ TODO: check
+CVE-2025-8740 (A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It
has be ...)
+ TODO: check
+CVE-2025-8739 (A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and
classi ...)
+ TODO: check
+CVE-2025-7726 (The The7 theme for WordPress is vulnerable to Stored Cross-Site
Script ...)
+ TODO: check
+CVE-2025-7020 (An incorrect encryption implementation vulnerability exists in
the sys ...)
+ TODO: check
+CVE-2025-6573 (Kernel software installed and running inside an untrusted/rich
executi ...)
+ TODO: check
+CVE-2025-55188 (7-Zip before 25.01 does not always properly handle symbolic
links duri ...)
+ TODO: check
+CVE-2025-55152 (oak is a middleware framework for Deno's native HTTP server,
Deno Depl ...)
+ TODO: check
+CVE-2025-55149 (Tiny-Scientist is a lightweight framework for automating the
entire li ...)
+ TODO: check
+CVE-2025-55013 (The Assemblyline 4 Service Client interfaces with the API to
fetch tas ...)
+ TODO: check
+CVE-2025-55009 (The AuthKit library for Remix provides convenient helpers for
authenti ...)
+ TODO: check
+CVE-2025-55008 (The AuthKit library for React Router 7+ provides helpers for
authentic ...)
+ TODO: check
+CVE-2025-55006 (Frappe Learning is a learning system that helps users
structure their ...)
+ TODO: check
+CVE-2025-55003 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-55001 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-55000 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-54999 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-54998 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-54997 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-54996 (OpenBao exists to provide a software solution to manage,
store, and di ...)
+ TODO: check
+CVE-2025-54888 (Fedify is a TypeScript library for building federated server
apps powe ...)
+ TODO: check
+CVE-2025-54417 (Craft is a platform for creating digital experiences. Versions
4.13.8 ...)
+ TODO: check
+CVE-2025-4655 (SSRF vulnerability in FreeMarker templates in Liferay Portal
7.4.0 thr ...)
+ TODO: check
+CVE-2025-4581 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-46709 (Possible memory leak or kernel exceptions caused by reading
kernel hea ...)
+ TODO: check
+CVE-2024-58238 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.9.7-1
NOTE:
https://git.kernel.org/linus/e4db90e4eb8d5487098712ffb1048f3fa6d25e98 (6.9-rc1)
-CVE-2022-50233 [Bluetooth: eir: Fix using strlen with
hdev->{dev_name,short_name}]
+CVE-2022-50233 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.0.2-1
NOTE:
https://git.kernel.org/linus/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 (6.0-rc1)
CVE-2025-7039 [buffer underrun in get_tmp_file()]
@@ -7868,7 +7958,7 @@ CVE-2025-7370
CVE-2025-7365 (A flaw was found in Keycloak. When an authenticated attacker
attempts ...)
- keycloak <itp> (bug #1088287)
CVE-2025-32990 (A heap-buffer-overflow (off-by-one) flaw was found in the
GnuTLS softw ...)
- {DSA-5962-1}
+ {DSA-5962-1 DLA-4267-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1696
@@ -7882,13 +7972,13 @@ CVE-2025-32989 (A heap-buffer-overread vulnerability
was found in GnuTLS in how
NOTE: Introduced by:
https://gitlab.com/gnutls/gnutls/-/commit/242abb6945cbb56c4a41c393d0253ea5b9d3a36a
(3.7.3)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2
(3.8.10)
CVE-2025-32988 (A flaw was found in GnuTLS. A double-free vulnerability exists
in GnuT ...)
- {DSA-5962-1}
+ {DSA-5962-1 DLA-4267-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1694
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573
(3.8.10)
CVE-2025-6395 (A NULL pointer dereference flaw was found in the GnuTLS
software in _g ...)
- {DSA-5962-1}
+ {DSA-5962-1 DLA-4267-1}
- gnutls28 3.8.9-3
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1718
@@ -262846,21 +262936,21 @@ CVE-2022-3134 (Use After Free in GitHub repository
vim/vim prior to 9.0.0389.)
CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to
create a file ...)
NOT-FOR-US: Panini Everest Engine
CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a
response bo ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE:
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a
response bo ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE:
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a
partial rul ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE:
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
NOTE: Depends on changes to be done in src:libmodsecurity3 /
src:modsecurity-apache, cf.
NOTE: https://bugs.debian.org/1020303
CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a
partial rul ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE:
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39954 (An improper restriction of xml external entity reference in
Fortinet F ...)
@@ -412817,7 +412907,7 @@ CVE-2020-22671
CVE-2020-22670
RESERVED
CVE-2020-22669 (Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at
PL1) has a ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.2-1
NOTE: https://github.com/coreruleset/coreruleset/pull/1793
NOTE:
https://github.com/coreruleset/coreruleset/commit/1a6e9e097587cecc038f1a1a76fc067c7797bbcd
(v3.3.1-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09daa0a7268fa4d57d18d980cb904304768373bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09daa0a7268fa4d57d18d980cb904304768373bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
