Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85ef5949 by security tracker role at 2025-11-13T20:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,317 @@
+CVE-2025-8397 (The Save as PDF Button plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-7704 (Supermicro BMC Insyde SMASH shell program has a stacked-based
overflo ...)
+ TODO: check
+CVE-2025-64741 (Improper authorization handling in Zoom Workplace for Android
before v ...)
+ TODO: check
+CVE-2025-64740 (Improper verification of cryptographic signature in the
installer for ...)
+ TODO: check
+CVE-2025-64739 (External control of file name or path in certain Zoom Clients
may allo ...)
+ TODO: check
+CVE-2025-64738 (External control of file name or path in Zoom Workplace for
macOS befo ...)
+ TODO: check
+CVE-2025-64726 (Socket Firewall is an HTTP/HTTPS proxy server that intercepts
package ...)
+ TODO: check
+CVE-2025-64718 (js-yaml is a JavaScript YAML parser and dumper. In js-yaml
4.1.0 and b ...)
+ TODO: check
+CVE-2025-64717 (ZITADEL is an open source identity management platform.
Starting in ve ...)
+ TODO: check
+CVE-2025-64716 (Anubis is a Web AI Firewall Utility that challenges users'
connections ...)
+ TODO: check
+CVE-2025-64714 (PrivateBin is an online pastebin where the server has zero
knowledge o ...)
+ TODO: check
+CVE-2025-64711 (PrivateBin is an online pastebin where the server has zero
knowledge o ...)
+ TODO: check
+CVE-2025-64710 (Bitplatform Boilerplate is a Visual studio and .NET project
template. ...)
+ TODO: check
+CVE-2025-64709 (Typebot is an open-source chatbot builder. In versions prior
to 3.13.1 ...)
+ TODO: check
+CVE-2025-64707 (Frappe Learning is a learning system that helps users
structure their ...)
+ TODO: check
+CVE-2025-64706 (Typebot is an open-source chatbot builder. In version 3.9.0 up
to but ...)
+ TODO: check
+CVE-2025-64705 (Frappe Learning is a learning system that helps users
structure their ...)
+ TODO: check
+CVE-2025-64703 (MaxKB is an open-source AI assistant for enterprise. In
versions prior ...)
+ TODO: check
+CVE-2025-64525 (Astro is a web framework. In Astro versions 2.16.0 up to but
excluding ...)
+ TODO: check
+CVE-2025-64523 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2025-64511 (MaxKB is an open-source AI assistant for enterprise. In
versions prior ...)
+ TODO: check
+CVE-2025-64482 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-64429 (DuckDB is a SQL database management system. DuckDB implemented
block-b ...)
+ TODO: check
+CVE-2025-64384 (Missing Authorization vulnerability in jetmonsters
JetFormBuilder jetf ...)
+ TODO: check
+CVE-2025-64383 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64382 (Missing Authorization vulnerability in WebToffee Order Export
& Order ...)
+ TODO: check
+CVE-2025-64381 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64380 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64379 (Missing Authorization vulnerability in Pluggabl Booster for
WooCommerc ...)
+ TODO: check
+CVE-2025-64370 (Missing Authorization vulnerability in YOP YOP Poll yop-poll
allows Ex ...)
+ TODO: check
+CVE-2025-64369 (Missing Authorization vulnerability in codepeople Contact Form
Email c ...)
+ TODO: check
+CVE-2025-64345 (Wasmtime is a runtime for WebAssembly. Prior to version
38.0.4, 37.0.3 ...)
+ TODO: check
+CVE-2025-64292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64277 (Missing Authorization vulnerability in QuantumCloud ChatBot
chatbot al ...)
+ TODO: check
+CVE-2025-64276 (Missing Authorization vulnerability in Ays Pro Survey Maker
survey-mak ...)
+ TODO: check
+CVE-2025-64275 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64274 (Missing Authorization vulnerability in wpkoithemes WPKoi
Templates for ...)
+ TODO: check
+CVE-2025-64271 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
WP Plugin ...)
+ TODO: check
+CVE-2025-64269 (Missing Authorization vulnerability in EDGARROJAS WooCommerce
PDF Invo ...)
+ TODO: check
+CVE-2025-64267 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-64265 (Missing Authorization vulnerability in N-Media Frontend File
Manager n ...)
+ TODO: check
+CVE-2025-64264 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64263 (Missing Authorization vulnerability in PluginEver WP Content
Pilot wp- ...)
+ TODO: check
+CVE-2025-64262 (Cross-Site Request Forgery (CSRF) vulnerability in ramon
fincken Auto ...)
+ TODO: check
+CVE-2025-64261 (Missing Authorization vulnerability in codepeople Appointment
Booking ...)
+ TODO: check
+CVE-2025-64259 (Missing Authorization vulnerability in Jeroen Schmit Theater
for WordP ...)
+ TODO: check
+CVE-2025-64186 (Evervault is a payment security solution. A vulnerability was
identifi ...)
+ TODO: check
+CVE-2025-63645 (A stored cross-site scripting (XSS) vulnerability exists in
pH7Softwar ...)
+ TODO: check
+CVE-2025-63406 (An issue in Intermesh BV GroupOffice vulnerable before
v.25.0.47 and 6 ...)
+ TODO: check
+CVE-2025-63396 (An issue was discovered in PyTorch v2.5 and v2.7.1. Omission
of profil ...)
+ TODO: check
+CVE-2025-62484 (Inefficient regular expression complexity in certain Zoom
Workplace Cl ...)
+ TODO: check
+CVE-2025-62483 (Improper removal of sensitive information in certain Zoom
Clients befo ...)
+ TODO: check
+CVE-2025-62482 (Cross-site scripting in Zoom Workplace for Windows before
version 6.5. ...)
+ TODO: check
+CVE-2025-60702 (A command injection vulnerability exists in the TOTOLINK
A950RG Router ...)
+ TODO: check
+CVE-2025-60701 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
+ TODO: check
+CVE-2025-60700 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
+ TODO: check
+CVE-2025-60699 (A buffer overflow vulnerability exists in the TOTOLINK A950RG
Router f ...)
+ TODO: check
+CVE-2025-60698 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
+ TODO: check
+CVE-2025-60697 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
+ TODO: check
+CVE-2025-60696 (A stack-based buffer overflow vulnerability exists in the
makeRequest. ...)
+ TODO: check
+CVE-2025-60695 (A stack-based buffer overflow vulnerability exists in the
mtk_dut bina ...)
+ TODO: check
+CVE-2025-60694 (A stack-based buffer overflow exists in the
validate_static_route func ...)
+ TODO: check
+CVE-2025-60693 (A stack-based buffer overflow exists in the get_merge_mac
function of ...)
+ TODO: check
+CVE-2025-60692 (A stack-based buffer overflow vulnerability exists in the
libshared.so ...)
+ TODO: check
+CVE-2025-60691 (A stack-based buffer overflow exists in the httpd binary of
Linksys E1 ...)
+ TODO: check
+CVE-2025-60690 (A stack-based buffer overflow exists in the get_merge_ipaddr
function ...)
+ TODO: check
+CVE-2025-60689 (An unauthenticated command injection vulnerability exists in
the Start ...)
+ TODO: check
+CVE-2025-60688 (A stack buffer overflow vulnerability exists in the ToToLink
LR1200GB ...)
+ TODO: check
+CVE-2025-60687 (An unauthenticated command injection vulnerability exists in
the ToToL ...)
+ TODO: check
+CVE-2025-60686 (A local stack-based buffer overflow vulnerability exists in
the infost ...)
+ TODO: check
+CVE-2025-60685 (A stack buffer overflow exists in the ToToLink A720R Router
firmware V ...)
+ TODO: check
+CVE-2025-60684 (A stack buffer overflow vulnerability exists in the ToToLink
LR1200GB ...)
+ TODO: check
+CVE-2025-60683 (A command injection vulnerability exists in the ToToLink A720R
Router ...)
+ TODO: check
+CVE-2025-60682 (A command injection vulnerability exists in the ToToLink A720R
Router ...)
+ TODO: check
+CVE-2025-60679 (A stack buffer overflow vulnerability exists in the D-Link
DIR-816A2 r ...)
+ TODO: check
+CVE-2025-60676 (An unauthenticated command injection vulnerability exists in
the D-Lin ...)
+ TODO: check
+CVE-2025-60675 (A command injection vulnerability exists in the D-Link
DIR-823G router ...)
+ TODO: check
+CVE-2025-60674 (A stack buffer overflow vulnerability exists in the D-Link
DIR-878A1 r ...)
+ TODO: check
+CVE-2025-60673 (An unauthenticated command injection vulnerability exists in
the D-Lin ...)
+ TODO: check
+CVE-2025-60672 (An unauthenticated command injection vulnerability exists in
the D-Lin ...)
+ TODO: check
+CVE-2025-60671 (A command injection vulnerability exists in the D-Link
DIR-823G router ...)
+ TODO: check
+CVE-2025-59840 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
+ TODO: check
+CVE-2025-59480 (Mattermost Mobile Apps versions <=2.32.0 fail to verify that
SSO redir ...)
+ TODO: check
+CVE-2025-59367 (An authentication bypass vulnerability has been identified in
certain ...)
+ TODO: check
+CVE-2025-55810 (A vulnerability was found in Alaga Home Security WiFi Camera
3K (model ...)
+ TODO: check
+CVE-2025-52186 (Lichess lila before commit
11b4c0fb00f0ffd823246f839627005459c8f05c (2 ...)
+ TODO: check
+CVE-2025-46608 (Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an
Improper ...)
+ TODO: check
+CVE-2025-46427 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,
contain an ...)
+ TODO: check
+CVE-2025-46370 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
+ TODO: check
+CVE-2025-46369 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
+ TODO: check
+CVE-2025-46368 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
+ TODO: check
+CVE-2025-46367 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
+ TODO: check
+CVE-2025-46362 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
+ TODO: check
+CVE-2025-43515 (The issue was addressed by refusing external connections by
default. T ...)
+ TODO: check
+CVE-2025-41069 (Insecure Direct Object Reference (IDOR) vulnerability in
DeporSite of ...)
+ TODO: check
+CVE-2025-40681 (Cross-site Scripting (XSS) vulnerability reflected in xCally's
Omnicha ...)
+ TODO: check
+CVE-2025-36223 (IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header
injection, caus ...)
+ TODO: check
+CVE-2025-33119 (IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials
in conf ...)
+ TODO: check
+CVE-2025-30669 (Improper certificate validation in certain Zoom Clients may
allow an u ...)
+ TODO: check
+CVE-2025-30662 (Symlink following in the installer for the Zoom Workplace VDI
Plugin m ...)
+ TODO: check
+CVE-2025-20355 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
+ TODO: check
+CVE-2025-20353 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
+ TODO: check
+CVE-2025-20349 (A vulnerability in the REST API of Cisco Catalyst Center could
allow a ...)
+ TODO: check
+CVE-2025-20346 (A vulnerability in Cisco Catalyst Center could allow an
authenticated, ...)
+ TODO: check
+CVE-2025-20341 (A vulnerability in Cisco Catalyst Center Virtual Appliance
could allow ...)
+ TODO: check
+CVE-2025-13123 (A flaw has been found in AMTT Hotel Broadband Operation System
1.0. Th ...)
+ TODO: check
+CVE-2025-13122 (A vulnerability was detected in SourceCodester Patients
Waiting Area Q ...)
+ TODO: check
+CVE-2025-13121 (A security vulnerability has been detected in cameasy Liketea
1.0.0. I ...)
+ TODO: check
+CVE-2025-13120 (A vulnerability has been found in mruby up to 3.4.0. This
vulnerabilit ...)
+ TODO: check
+CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple
E-Banking Sy ...)
+ TODO: check
+CVE-2025-13118 (A vulnerability was detected in macrozheng mall-swarm up to
1.0.3. Aff ...)
+ TODO: check
+CVE-2025-13117 (A security vulnerability has been detected in macrozheng
mall-swarm up ...)
+ TODO: check
+CVE-2025-13116 (A weakness has been identified in macrozheng mall-swarm up to
1.0.3. A ...)
+ TODO: check
+CVE-2025-13115 (A security flaw has been discovered in macrozheng mall-swarm
up to 1.0 ...)
+ TODO: check
+CVE-2025-13114 (A vulnerability was identified in macrozheng mall-swarm up to
1.0.3. T ...)
+ TODO: check
+CVE-2025-13076 (A flaw has been found in code-projects Responsive Hotel Site
1.0. The ...)
+ TODO: check
+CVE-2025-13075 (A vulnerability was detected in code-projects Responsive Hotel
Site 1. ...)
+ TODO: check
+CVE-2025-13063 (A flaw has been found in DinukaNavaratna Dee Store 1.0.
Affected is an ...)
+ TODO: check
+CVE-2025-13061 (A vulnerability was detected in itsourcecode Online Voting
System 1.0. ...)
+ TODO: check
+CVE-2025-13060 (A security vulnerability has been detected in SourceCodester
Survey Ap ...)
+ TODO: check
+CVE-2025-13059 (A weakness has been identified in SourceCodester Alumni
Management Sys ...)
+ TODO: check
+CVE-2025-12979 (The Welcart e-Commerce plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2025-12892 (The Survey Maker plugin for WordPress is vulnerable to
unauthorized mo ...)
+ TODO: check
+CVE-2025-12891 (The Survey Maker plugin for WordPress is vulnerable to
unauthorized ac ...)
+ TODO: check
+CVE-2025-12844 (The AI Engine plugin for WordPress is vulnerable to PHP Object
Injecti ...)
+ TODO: check
+CVE-2025-12785 (Certain HP LaserJet Pro printers may be vulnerable to
information disc ...)
+ TODO: check
+CVE-2025-12784 (Certain HP LaserJet Pro printers may be vulnerable to
information disc ...)
+ TODO: check
+CVE-2025-12765 (pgAdmin <= 9.9 is affected by avulnerability in the LDAP
authenticatio ...)
+ TODO: check
+CVE-2025-12764 (pgAdmin <= 9.9 is affected by an LDAP injection vulnerability
in the L ...)
+ TODO: check
+CVE-2025-12763 (pgAdmin 4 versions up to 9.9 are affected by a command
injection vulne ...)
+ TODO: check
+CVE-2025-12762 (pgAdmin versions up to 9.9 are affected by a Remote Code
Execution (RC ...)
+ TODO: check
+CVE-2025-12733 (The Import any XML, CSV or Excel File to WordPress (WP All
Import) plu ...)
+ TODO: check
+CVE-2025-12703
+ REJECTED
+CVE-2025-12681 (The Comment Edit Core \u2013 Simple Comment Editing plugin for
WordPre ...)
+ TODO: check
+CVE-2025-12620 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image
Polls plugi ...)
+ TODO: check
+CVE-2025-12536 (The SureForms plugin for WordPress is vulnerable to Sensitive
Informat ...)
+ TODO: check
+CVE-2025-12377 (The Gallery Plugin for WordPress \u2013 Envira Photo Gallery
plugin fo ...)
+ TODO: check
+CVE-2025-12366 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
+ TODO: check
+CVE-2025-12089 (The Data Tables Generator by Supsystic plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-12015 (The Convert WebP & AVIF | Quicq | Best image optimizer and
compression ...)
+ TODO: check
+CVE-2025-11923 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, &
Quizzes p ...)
+ TODO: check
+CVE-2025-11777 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail
to prop ...)
+ TODO: check
+CVE-2025-11769 (The WordPress Content Flipper plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-11538 (A vulnerability exists in Keycloak's server distribution where
enablin ...)
+ TODO: check
+CVE-2025-11260 (The WP Headless CMS Framework plugin for WordPress is
vulnerable to pr ...)
+ TODO: check
+CVE-2025-10295 (The Angel \u2013 Fashion Model Agency WordPress CMS Theme
theme for Wo ...)
+ TODO: check
+CVE-2023-7329 (Tinycontrol LAN Controller v3 (LK3) firmware versions up to
1.58a (har ...)
+ TODO: check
+CVE-2023-7327 (Ozeki SMS Gateway versions up to and including 10.3.208 contain
a path ...)
+ TODO: check
+CVE-2023-7326 (The Epson Stylus SX510W embedded web management service fails
to prope ...)
+ TODO: check
+CVE-2022-4984 (ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition
< 16.5, ...)
+ TODO: check
+CVE-2022-4983 (TEC-IT TBarCode version 11.15 contains a vulnerability in the
TBarCode ...)
+ TODO: check
+CVE-2022-4982 (DBLTek GoIP-1 firmware versions up to and including
GHSFVT-1.1-67-5 co ...)
+ TODO: check
+CVE-2021-4464 (FiberHome AN5506-04-FA firmware versions up to and including
RP2631 an ...)
+ TODO: check
+CVE-2021-4463 (Longjing Technology BEMS API versions up to and including 1.21
contain ...)
+ TODO: check
+CVE-2017-20211 (UCanCode E-XD++ Visualization Enterprise Suite contains an
untrusted p ...)
+ TODO: check
+CVE-2016-15055 (JVC VN-T IP-camera models firmware versions up to 2016-08-22
(confirme ...)
+ TODO: check
+CVE-2011-10034 (AUTOMGEN versions up to and including 8.0.0.7 (also referenced
as 8.02 ...)
+ TODO: check
CVE-2025-12983
- gitlab <unfixed>
CVE-2025-7736
@@ -16,7 +330,7 @@ CVE-2025-11865
- gitlab <not-affected> (Specific to EE)
CVE-2025-11224
- gitlab <unfixed>
-CVE-2025-12818 [Avoid integer overflow in allocation-size calculations within
libpq]
+CVE-2025-12818 (Integer wraparound in multiple PostgreSQL libpq client library
functio ...)
- postgresql-18 18.1-1
- postgresql-17 <unfixed>
- postgresql-15 <removed>
@@ -27,7 +341,7 @@ CVE-2025-12818 [Avoid integer overflow in allocation-size
calculations within li
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f5999f01815969dfe8df33bac9c0f1aa38dd6cd5
(REL_17_7)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=91421565febbf99c1ea2341070878dc50ab0afef
(REL_15_15)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d6f0c0d6d6d3f14177848e4a00df988fa2f0a09a
(REL_13_23)
-CVE-2025-12817 [Check for CREATE privileges on the schema in CREATE STATISTICS]
+CVE-2025-12817 (Missing authorization in PostgreSQL CREATE STATISTICS command
allows a ...)
- postgresql-18 18.1-1
- postgresql-17 <unfixed>
- postgresql-15 <removed>
@@ -38,174 +352,174 @@ CVE-2025-12817 [Check for CREATE privileges on the
schema in CREATE STATISTICS]
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=e2fb3dfa817fbe89494a62c100e9cb442f4d6b15
(REL_17_7)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=2393d374ae9c0bc8327adc80fe4490edb05be167
(REL_15_15)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=8a2530ebcdef1aafa08ad1d019aec298dcebb952
(REL_13_23)
-CVE-2025-64500
+CVE-2025-64500 (Symfony is a PHP framework for web and console applications
and a set ...)
[experimental] - symfony 8.0.0~beta2+dfsg-2
- symfony <unfixed>
[trixie] - symfony <no-dsa> (Minor issue)
[bookworm] - symfony <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-3rg7-wf37-54rm
NOTE:
https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
(v5.4.50, v6.4.29, v7.3.7)
-CVE-2025-40208 [media: iris: fix module removal if firmware download failed]
+CVE-2025-40208 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fde38008fc4f43db8c17869491870df24b501543 (6.18-rc1)
-CVE-2025-40207 [media: v4l2-subdev: Fix alloc failure check in
v4l2_subdev_call_state_try()]
+CVE-2025-40207 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f37df9a0eb5e43fcfe02cbaef076123dc0d79c7e (6.18-rc1)
-CVE-2025-40206 [netfilter: nft_objref: validate objref and objrefmap
expressions]
+CVE-2025-40206 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE:
https://git.kernel.org/linus/f359b809d54c6e3dd1d039b97e0b68390b0e53e4 (6.18-rc1)
-CVE-2025-40205 [btrfs: avoid potential out-of-bounds in btrfs_encode_fh()]
+CVE-2025-40205 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/dff4f9ff5d7f289e4545cc936362e01ed3252742 (6.18-rc1)
-CVE-2025-40204 [sctp: Fix MAC comparison to be constant-time]
+CVE-2025-40204 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/dd91c79e4f58fbe2898dac84858033700e0e99fb (6.18-rc1)
-CVE-2025-40203 [listmount: don't call path_put() under namespace semaphore]
+CVE-2025-40203 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0 (6.18-rc1)
-CVE-2025-40202 [ipmi: Rework user message limit handling]
+CVE-2025-40202 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b52da4054ee0bf9ecb44996f2c83236ff50b3812 (6.18-rc1)
-CVE-2025-40201 [kernel/sys.c: fix the racy usage of
task_lock(tsk->group_leader) in sys_prlimit64() paths]
+CVE-2025-40201 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a15f37a40145c986cdf289a4b88390f35efdecc4 (6.18-rc1)
-CVE-2025-40200 [Squashfs: reject negative file sizes in squashfs_read_inode()]
+CVE-2025-40200 (In the Linux kernel, the following vulnerability has been
resolved: S ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b (6.18-rc1)
-CVE-2025-40199 [page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit
arches]
+CVE-2025-40199 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/95920c2ed02bde551ab654e9749c2ca7bc3100e0 (6.18-rc1)
-CVE-2025-40198 [ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options()]
+CVE-2025-40198 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 (6.18-rc1)
-CVE-2025-40197 [media: mc: Clear minor number before put device]
+CVE-2025-40197 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/8cfc8cec1b4da88a47c243a11f384baefd092a50 (6.18-rc1)
-CVE-2025-40196 [fs: quota: create dedicated workqueue for quota_release_work]
+CVE-2025-40196 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE:
https://git.kernel.org/linus/72b7ceca857f38a8ca7c5629feffc63769638974 (6.18-rc1)
-CVE-2025-40195 [mount: handle NULL values in mnt_ns_release()]
+CVE-2025-40195 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE:
https://git.kernel.org/linus/6c7ca6a02f8f9549a438a08a23c6327580ecf3d6 (6.18-rc1)
-CVE-2025-40194 [cpufreq: intel_pstate: Fix object lifecycle issue in
update_qos_request()]
+CVE-2025-40194 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467 (6.18-rc1)
-CVE-2025-40193 [xtensa: simdisk: add input size check in proc_write_simdisk]
+CVE-2025-40193 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/5d5f08fd0cd970184376bee07d59f635c8403f63 (6.18-rc1)
-CVE-2025-40192 [Revert "ipmi: fix msg stack when IPMI is disconnected"]
+CVE-2025-40192 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5d09ee1bec870263f4ace439402ea840503b503b (6.18-rc1)
-CVE-2025-40191 [drm/amdkfd: Fix kfd process ref leaking when userptr unmapping]
+CVE-2025-40191 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/58e6fc2fb94f0f409447e5d46cf6a417b6397fbc (6.18-rc1)
-CVE-2025-40190 [ext4: guard against EA inode refcount underflow in xattr
update]
+CVE-2025-40190 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/57295e835408d8d425bef58da5253465db3d6888 (6.18-rc1)
-CVE-2025-40189 [net: usb: lan78xx: Fix lost EEPROM read timeout
error(-ETIMEDOUT) in lan78xx_read_raw_eeprom]
+CVE-2025-40189 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/49bdb63ff64469a6de8ea901aef123c75be9bbe7 (6.18-rc1)
-CVE-2025-40188 [pwm: berlin: Fix wrong register in suspend/resume]
+CVE-2025-40188 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/3a4b9d027e4061766f618292df91760ea64a1fcc (6.18-rc1)
-CVE-2025-40187 [net/sctp: fix a null dereference in sctp_disposition
sctp_sf_do_5_1D_ce()]
+CVE-2025-40187 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/2f3119686ef50319490ccaec81a575973da98815 (6.18-rc1)
-CVE-2025-40186 [tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().]
+CVE-2025-40186 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/2e7cbbbe3d61c63606994b7ff73c72537afe2e1c (6.18-rc1)
-CVE-2025-40185 [ice: ice_adapter: release xa entry on adapter allocation
failure]
+CVE-2025-40185 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2db687f3469dbc5c59bc53d55acafd75d530b497 (6.18-rc1)
-CVE-2025-40184 [KVM: arm64: Fix debug checking for np-guests using huge
mappings]
+CVE-2025-40184 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2ba972bf71cb71d2127ec6c3db1ceb6dd0c73173 (6.18-rc1)
-CVE-2025-40183 [bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}]
+CVE-2025-40183 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/23f3770e1a53e6c7a553135011f547209e141e72 (6.18-rc1)
-CVE-2025-40182 [crypto: skcipher - Fix reqsize handling]
+CVE-2025-40182 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/229c586b5e86979badb7cb0d38717b88a9e95ddd (6.18-rc1)
-CVE-2025-40181 [x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for
TDX/SNP]
+CVE-2025-40181 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0dccbc75e18df85399a71933d60b97494110f559 (6.18-rc1)
-CVE-2025-40180 [mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox
cleanup loop]
+CVE-2025-40180 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE:
https://git.kernel.org/linus/0aead8197fc1a85b0a89646e418feb49a564b029 (6.18-rc1)
-CVE-2025-40179 [ext4: verify orphan file size is not too big]
+CVE-2025-40179 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3 (6.18-rc1)
-CVE-2025-40178 [pid: Add a judgment for ns null in pid_nr_ns]
+CVE-2025-40178 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
@@ -283,7 +597,7 @@ CVE-2025-59089 (If an attacker causes kdcproxy to connect
to an attacker-control
CVE-2025-59088 (If kdcproxy receives a request for a realm which does not have
server ...)
- python-kdcproxy <unfixed>
NOTE: https://github.com/latchset/kdcproxy/pull/68
-CVE-2025-64503
+CVE-2025-64503 (cups-filters contains backends, filters, and other software
required t ...)
- libcupsfilters <unfixed>
- cups-filters <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/11/12/2
@@ -331,7 +645,7 @@ CVE-2025-12903 (The Payment Plugins Braintree For
WooCommerce plugin for WordPre
NOT-FOR-US: WordPress plugin
CVE-2025-12732 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress
plugin fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-12382 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+CVE-2025-12382 (Improper Limitation of a Pathname 'Path Traversal')
vulnerability in A ...)
TODO: check
CVE-2025-12152
REJECTED
@@ -692,6 +1006,7 @@ CVE-2025-40112 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.158-1
NOTE:
https://git.kernel.org/linus/0b67c8fc10b13a9090340c5f8a37d308f4e1571c (6.18-rc1)
CVE-2025-13042 (Inappropriate implementation in V8 in Google Chrome prior to
142.0.744 ...)
+ {DSA-6055-1}
- chromium 142.0.7444.162-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-64531 (Substance3D - Stager versions 3.1.5 and earlier are affected
by a Use ...)
@@ -1167,36 +1482,43 @@ CVE-2024-57695 (An issue in Agnitum Outpost Security
Suite 7.5.3 (3942.608.1810)
CVE-2017-20210 (Photo Station 5.4.1 & 5.2.7 include the security fix for the
vulnerabi ...)
NOT-FOR-US: QNAP
CVE-2025-13015 (Spoofing issue in Firefox. This vulnerability affects Firefox
< 145, F ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13015
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13015
CVE-2025-13014 (Use-after-free in the Audio/Video component. This
vulnerability affect ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13014
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13014
CVE-2025-13020 (Use-after-free in the WebRTC: Audio/Video component. This
vulnerabilit ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13020
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13020
CVE-2025-13013 (Mitigation bypass in the DOM: Core & HTML component. This
vulnerabilit ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13013
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13013
CVE-2025-13019 (Same-origin policy bypass in the DOM: Workers component. This
vulnerab ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13019
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13019
CVE-2025-13018 (Mitigation bypass in the DOM: Security component. This
vulnerability a ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13018
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13018
CVE-2025-13017 (Same-origin policy bypass in the DOM: Notifications component.
This vu ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13017
@@ -1211,6 +1533,7 @@ CVE-2025-13024 (JIT miscompilation in the JavaScript
Engine: JIT component. This
- firefox 145.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13024
CVE-2025-13016 (Incorrect boundary conditions in the JavaScript: WebAssembly
component ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13016
@@ -1219,6 +1542,7 @@ CVE-2025-13023 (Sandbox escape due to incorrect boundary
conditions in the Graph
- firefox 145.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13023
CVE-2025-13012 (Race condition in the Graphics component. This vulnerability
affects F ...)
+ {DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13012
@@ -1583,12 +1907,12 @@ CVE-2025-12397 (A SQL injection vulnerability was found
in Looker Studio. A Loo
NOT-FOR-US: Looker Studio
CVE-2025-12155 (A Command Injection vulnerability, resulting from improper
file path s ...)
NOT-FOR-US: Looker
-CVE-2025-64170 [GHSA-c978-wq47-pvvw]
+CVE-2025-64170 (sudo-rs is a memory safe implementation of sudo and su written
in Rust ...)
{DSA-6052-1}
- rust-sudo-rs 0.2.10-1
NOTE:
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw
NOTE: Fixed by:
https://github.com/trifectatechfoundation/sudo-rs/commit/0926e85913f45937a32b282c0757bc902dbb1e0c
(v0.2.10)
-CVE-2025-64517 [GHSA-q428-6v73-fc4q]
+CVE-2025-64517 (sudo-rs is a memory safe implementation of sudo and su written
in Rust ...)
{DSA-6052-1}
- rust-sudo-rs 0.2.10-1
NOTE:
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-q428-6v73-fc4q
@@ -1644,7 +1968,7 @@ CVE-2025-12864 (U-Office Force developed by e-Excellence
has a SQL Injection vul
CVE-2025-12613 (Versions of the package cloudinary before 2.7.0 are vulnerable
to Arbi ...)
NOT-FOR-US: cloudinary Node.js module
CVE-2025-64507 (Incus is a system container and virtual machine manager. An
issue in v ...)
- {DSA-6051-1}
+ {DSA-6057-1 DSA-6051-1}
- incus 6.0.5-4
- lxd <removed>
[trixie] - lxd <ignored> (File system ID mapping is broken with Kernel
6.9+ making CVE-2025-64507 unexploitable)
@@ -26430,7 +26754,8 @@ CVE-2025-9865 (Inappropriate implementation in Toolbar
in Google Chrome on Andro
{DSA-5993-1}
- chromium 140.0.7339.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-9864 (Use after free in V8 in Google Chrome prior to 140.0.7339.80
allowed a ...)
+CVE-2025-9864
+ REJECTED
{DSA-5993-1}
- chromium 140.0.7339.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85ef59494e971a279fc21b9de9f519fe097e4fcb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85ef59494e971a279fc21b9de9f519fe097e4fcb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
