Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe7adaa6 by security tracker role at 2025-08-22T20:12:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,224 +1,400 @@
+CVE-2025-9341 (Uncontrolled Resource Consumption vulnerability in Legion of
the Bounc ...)
+ TODO: check
+CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of the Bouncy
Castle Inc. ...)
+ TODO: check
+CVE-2025-9331 (The Spacious theme for WordPress is vulnerable to unauthorized
modific ...)
+ TODO: check
+CVE-2025-9259 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
+ TODO: check
+CVE-2025-9258 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
+ TODO: check
+CVE-2025-9257 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
+ TODO: check
+CVE-2025-9256 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
+ TODO: check
+CVE-2025-9255 (WebITR developed by Uniong has a SQL Injection vulnerability,
allowing ...)
+ TODO: check
+CVE-2025-9254 (WebITR developed by Uniong has a Missing Authentication
vulnerability, ...)
+ TODO: check
+CVE-2025-6791 (On the monitoring event logs page, it is possible to alter the
http re ...)
+ TODO: check
+CVE-2025-57896 (Missing Authorization vulnerability in andy_moyle Church Admin
allows ...)
+ TODO: check
+CVE-2025-57895 (Cross-Site Request Forgery (CSRF) vulnerability in Hossni
Mubarak JobW ...)
+ TODO: check
+CVE-2025-57894 (Missing Authorization vulnerability in ollybach WPPizza allows
Exploit ...)
+ TODO: check
+CVE-2025-57893 (Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool
WP Fast ...)
+ TODO: check
+CVE-2025-57892 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr
Simple S ...)
+ TODO: check
+CVE-2025-57891 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-57890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-57888 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-57887 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-57886 (Authorization Bypass Through User-Controlled Key vulnerability
in Equa ...)
+ TODO: check
+CVE-2025-57885 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan
Jewel Flu ...)
+ TODO: check
+CVE-2025-57884 (Missing Authorization vulnerability in wpsoul Greenshift
allows Exploi ...)
+ TODO: check
+CVE-2025-57801 (gnark is a zero-knowledge proof system framework. In versions
prior to ...)
+ TODO: check
+CVE-2025-57800 (Audiobookshelf is an open-source self-hosted audiobook server.
In vers ...)
+ TODO: check
+CVE-2025-57771 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
+ TODO: check
+CVE-2025-57770 (The open-source identity infrastructure software Zitadel
allows admini ...)
+ TODO: check
+CVE-2025-57105 (The DI-7400G+ router has a command injection vulnerability,
which allo ...)
+ TODO: check
+CVE-2025-55745 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
+ TODO: check
+CVE-2025-55741 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
+ TODO: check
+CVE-2025-55637 (Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime -
firmware v ...)
+ TODO: check
+CVE-2025-55634 (Incorrect access control in the RTMP server settings of
Reolink Smart ...)
+ TODO: check
+CVE-2025-55631 (Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime -
firmware v ...)
+ TODO: check
+CVE-2025-55630 (A discrepancy in the error message returned by the login
function of R ...)
+ TODO: check
+CVE-2025-55629 (Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video
Doorbell ...)
+ TODO: check
+CVE-2025-55627 (Insufficient privilege verification in Reolink Smart 2K+
Plug-in Wi-Fi ...)
+ TODO: check
+CVE-2025-55626 (An Insecure Direct Object Reference (IDOR) vulnerability in
Reolink Sm ...)
+ TODO: check
+CVE-2025-55625 (An open redirect vulnerability in Reolink v4.54.0.4.20250526
allows at ...)
+ TODO: check
+CVE-2025-55624 (An intent redirection vulnerability in Reolink
v4.54.0.4.20250526 allo ...)
+ TODO: check
+CVE-2025-55623 (An issue in the lock screen component of Reolink
v4.54.0.4.20250526 al ...)
+ TODO: check
+CVE-2025-55622 (Reolink v4.54.0.4.20250526 was discovered to contain a task
hijacking ...)
+ TODO: check
+CVE-2025-55621 (An Insecure Direct Object Reference (IDOR) vulnerability in
Reolink v4 ...)
+ TODO: check
+CVE-2025-55620 (A cross-site scripting (XSS) vulnerability in the
valuateJavascript() ...)
+ TODO: check
+CVE-2025-55619 (Reolink v4.54.0.4.20250526 was discovered to contain a
hardcoded encry ...)
+ TODO: check
+CVE-2025-55613 (Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in
the from ...)
+ TODO: check
+CVE-2025-55611 (D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in
the formLa ...)
+ TODO: check
+CVE-2025-55606 (Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in
the from ...)
+ TODO: check
+CVE-2025-55605 (Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in
the save ...)
+ TODO: check
+CVE-2025-55603 (Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in
the from ...)
+ TODO: check
+CVE-2025-55602 (D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in
the formSy ...)
+ TODO: check
+CVE-2025-55599 (D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in
the formWl ...)
+ TODO: check
+CVE-2025-55581 (D-Link DCS-825L firmware version 1.08.01 and possibly prior
versions c ...)
+ TODO: check
+CVE-2025-55573 (QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site
Scripting (X ...)
+ TODO: check
+CVE-2025-55454 (An authenticated arbitrary file upload vulnerability in the
component ...)
+ TODO: check
+CVE-2025-55398 (An issue was discovered in mouse07410 asn1c thru 0.9.29
(2025-03-20) - ...)
+ TODO: check
+CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in
Apache Log4cx ...)
+ TODO: check
+CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in
Apache Log4cx ...)
+ TODO: check
+CVE-2025-53363 (dpanel is an open source server management panel written in
Go. In ver ...)
+ TODO: check
+CVE-2025-52287 (OperaMasks SDK ELite Script Engine v0.5.0 was discovered to
contain a ...)
+ TODO: check
+CVE-2025-52095 (An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to
escalate ...)
+ TODO: check
+CVE-2025-52094 (Insecure Permissions vulnerability in PDQ Smart Deploy
V.3.0.2040 allo ...)
+ TODO: check
+CVE-2025-52085 (An SQL injection vulnerability in Yoosee application v6.32.4
allows au ...)
+ TODO: check
+CVE-2025-51825 (JeecgBoot versions from 3.4.3 up to 3.8.0 were found to
contain a SQL ...)
+ TODO: check
+CVE-2025-51605 (An issue was discovered in Shopizer 3.2.7. The server's CORS
implement ...)
+ TODO: check
+CVE-2025-51092 (The LogIn-SignUp project by VishnuSivadasVS is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2025-50859 (Reflected Cross-Site Scripting in the Change Template function
in Easy ...)
+ TODO: check
+CVE-2025-50858 (Reflected Cross-Site Scripting in the List MySQL Databases
function in ...)
+ TODO: check
+CVE-2025-50733 (NextChat contains a cross-site scripting (XSS) vulnerability
in the HT ...)
+ TODO: check
+CVE-2025-50691 (MCSManager 10.5.3 daemon process runs as a root account by
default, an ...)
+ TODO: check
+CVE-2025-50674 (An issue was discovered in the changePassword method in file
/usr/shar ...)
+ TODO: check
+CVE-2025-4650 (User with high privileges is able to introduce a SQLi using the
Meta S ...)
+ TODO: check
+CVE-2025-43762 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-43760 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-43759 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0, 202 ...)
+ TODO: check
+CVE-2025-43758 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-43751 (User enumeration vulnerability in Liferay Portal 7.4.0 through
7.4.3.1 ...)
+ TODO: check
+CVE-2025-36042 (IBM QRadar SIEM 7.5 through 7.5.0Dashboard is vulnerable to
cross-site ...)
+ TODO: check
+CVE-2025-33120 (IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an
authenticated us ...)
+ TODO: check
+CVE-2025-29366 (In mupen64plus v2.6.0 there is an array overflow vulnerability
in the ...)
+ TODO: check
+CVE-2025-29365 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer
Overflow ...)
+ TODO: check
+CVE-2024-56179 (In MindManager Windows versions prior to 24.1.150, attackers
could pot ...)
+ TODO: check
+CVE-2024-53499 (Jeewms v3.7 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
+CVE-2024-53496 (Incorrect access control in the doFilter function of my-site
v1.0.2.RE ...)
+ TODO: check
+CVE-2024-53494 (Incorrect access control in the preHandle function of
SpringBootBlog v ...)
+ TODO: check
+CVE-2024-52786 (An authentication bypass vulnerability in anji-plus AJ-Report
up to v1 ...)
+ TODO: check
+CVE-2024-50645 (MallChat v1.0-SNAPSHOT has an authentication bypass
vulnerability. An ...)
+ TODO: check
+CVE-2024-50644 (zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass
vulnerabil ...)
+ TODO: check
+CVE-2024-48988 (SQL Injection vulnerability in Apache StreamPark. This issue
affects ...)
+ TODO: check
+CVE-2009-10006 (UFO: Alien Invasion versions up to and including 2.2.1 contain
a buffe ...)
+ TODO: check
CVE-2025-XXXX [qemu: stop using C (Credentials) flag for binfmt_misc
registration]
- qemu 1:10.0.3+ds-3 (bug #1111844)
[trixie] - qemu 1:10.0.2+ds-2+deb13u1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u15
-CVE-2025-38675 [xfrm: state: initialize state_ptrs earlier in xfrm_state_find]
+CVE-2025-38675 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/94d077c331730510d5611b438640a292097341f0 (6.16)
-CVE-2025-38674 [Revert "drm/prime: Use dma_buf from GEM object instance"]
+CVE-2025-38674 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fb4ef4a52b79a22ad382bfe77332642d02aef773 (6.16)
-CVE-2025-38673 [Revert "drm/gem-framebuffer: Use dma_buf from GEM object
instance"]
+CVE-2025-38673 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2712ca878b688682ac2ce02aefc413fc76019cd9 (6.16)
-CVE-2025-38672 [Revert "drm/gem-dma: Use dma_buf from GEM object instance"]
+CVE-2025-38672 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1918e79be908b8a2c8757640289bc196c14d928a (6.16)
-CVE-2025-38671 [i2c: qup: jump out of the loop in case of timeout]
+CVE-2025-38671 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
NOTE:
https://git.kernel.org/linus/a7982a14b3012527a9583d12525cd0dc9f8d8934 (6.16)
-CVE-2025-38670 [arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()]
+CVE-2025-38670 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d42e6c20de6192f8e4ab4cf10be8c694ef27e8cb (6.16)
-CVE-2025-38669 [Revert "drm/gem-shmem: Use dma_buf from GEM object instance"]
+CVE-2025-38669 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6d496e9569983a0d7a05be6661126d0702cf94f7 (6.16)
-CVE-2025-38668 [regulator: core: fix NULL dereference on unbind due to stale
coupling data]
+CVE-2025-38668 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
NOTE:
https://git.kernel.org/linus/ca46946a482238b0cdea459fb82fc837fb36260e (6.16-rc5)
-CVE-2025-38667 [iio: fix potential out-of-bound write]
+CVE-2025-38667 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/16285a0931869baa618b1f5d304e1e9d090470a8 (6.16-rc7)
-CVE-2025-38666 [net: appletalk: Fix use-after-free in AARP proxy probe]
+CVE-2025-38666 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
NOTE:
https://git.kernel.org/linus/6c4a92d07b0850342d3becf2e608f805e972467c (6.16)
-CVE-2025-38665 [can: netlink: can_changelink(): fix NULL pointer deref of
struct can_priv::do_set_mode]
+CVE-2025-38665 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
NOTE:
https://git.kernel.org/linus/c1f3f9797c1f44a762e6f5f72520b2e520537b52 (6.16)
-CVE-2025-38664 [ice: Fix a null pointer dereference in ice_copy_and_init_pkg()]
+CVE-2025-38664 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
NOTE:
https://git.kernel.org/linus/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36 (6.16)
-CVE-2025-38663 [nilfs2: reject invalid file types when reading inodes]
+CVE-2025-38663 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
NOTE:
https://git.kernel.org/linus/4aead50caf67e01020c8be1945c3201e8a972a27 (6.16)
-CVE-2025-38662 [ASoC: mediatek: mt8365-dai-i2s: pass correct size to
mt8365_dai_set_priv]
+CVE-2025-38662 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
[trixie] - linux 6.12.41-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6bea85979d05470e6416a2bb504a9bcd9178304c (6.16)
-CVE-2025-38661 [platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array]
+CVE-2025-38661 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8346c6af27f1c1410eb314f4be5875fdf1579a10 (6.16)
-CVE-2025-38660 [[ceph] parse_longname(): strrchr() expects NUL-terminated
string]
+CVE-2025-38660 (In the Linux kernel, the following vulnerability has been
resolved: [ ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/101841c38346f4ca41dc1802c867da990ffb32eb (6.17-rc1)
-CVE-2025-38659 [gfs2: No more self recovery]
+CVE-2025-38659 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/deb016c1669002e48c431d6fd32ea1c20ef41756 (6.17-rc1)
-CVE-2025-38658 [nvmet: pci-epf: Do not complete commands twice if
nvmet_req_init() fails]
+CVE-2025-38658 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/746d0ac5a07d5da952ef258dd4d75f0b26c96476 (6.17-rc1)
-CVE-2025-38657 [wifi: rtw89: mcc: prevent shift wrapping in
rtw89_core_mlsr_switch()]
+CVE-2025-38657 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/53cf488927a0f79968f9c03c4d1e00d2a79731c3 (6.17-rc1)
-CVE-2025-38656 [wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()]
+CVE-2025-38656 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cf80c02a9fdb6c5bc8508beb6a0f6a1294fc32f6 (6.17-rc1)
-CVE-2025-38655 [pinctrl: canaan: k230: add NULL check in DT parse]
+CVE-2025-38655 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/65bd0be486390fc12a84eafaad78758c5e5a55e6 (6.17-rc1)
-CVE-2025-38654 [pinctrl: canaan: k230: Fix order of DT parse and pinctrl
register]
+CVE-2025-38654 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d94a32ac688f953dc9a9f12b5b4139ecad841bbb (6.17-rc1)
-CVE-2025-38653 [proc: use the same treatment to check proc_lseek as ones for
proc_read_iter et.al]
+CVE-2025-38653 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ff7ec8dc1b646296f8d94c39339e8d3833d16c05 (6.17-rc1)
-CVE-2025-38652 [f2fs: fix to avoid out-of-boundary access in devs.path]
+CVE-2025-38652 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/5661998536af52848cc4d52a377e90368196edea (6.17-rc1)
-CVE-2025-38651 [landlock: Fix warning from KUnit tests]
+CVE-2025-38651 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e0a69cf2c03e61bd8069becb97f66c173d0d1fa1 (6.17-rc1)
-CVE-2025-38650 [hfsplus: remove mutex_lock check in hfsplus_free_extents]
+CVE-2025-38650 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fcb96956c921f1aae7e7b477f2435c56f77a31b4 (6.17-rc1)
-CVE-2025-38649 [arm64: dts: qcom: qcs615: fix a crash issue caused by infinite
loop for Coresight]
+CVE-2025-38649 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f (6.17-rc1)
-CVE-2025-38648 [spi: stm32: Check for cfg availability in stm32_spi_probe]
+CVE-2025-38648 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/21f1c800f6620e43f31dfd76709dbac8ebaa5a16 (6.17-rc1)
-CVE-2025-38647 [wifi: rtw89: sar: drop lockdep assertion in
rtw89_set_sar_from_acpi]
+CVE-2025-38647 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6fe21445f7e801de5527d420f8e25e97b0cdd7e2 (6.17-rc1)
-CVE-2025-38646 [wifi: rtw89: avoid NULL dereference when RX problematic packet
on unsupported 6 GHz band]
+CVE-2025-38646 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7e04f01bb94fe61c73cc59f0495c3b6c16a83231 (6.17-rc1)
-CVE-2025-38645 [net/mlx5: Check device memory pointer before usage]
+CVE-2025-38645 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/70f238c902b8c0461ae6fbb8d1a0bbddc4350eea (6.17-rc1)
-CVE-2025-38644 [wifi: mac80211: reject TDLS operations when station is not
associated]
+CVE-2025-38644 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/16ecdab5446f15a61ec88eb0d23d25d009821db0 (6.17-rc1)
-CVE-2025-38643 [wifi: cfg80211: Add missing lock in
cfg80211_check_and_end_cac()]
+CVE-2025-38643 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/2c5dee15239f3f3e31aa5c8808f18996c039e2c1 (6.17-rc1)
-CVE-2025-38642 [wifi: mac80211: fix WARN_ON for monitor mode on some devices]
+CVE-2025-38642 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c57e5b9819dfd16d709bcd6cb633301ed0829a66 (6.17-rc1)
-CVE-2025-38641 [Bluetooth: btusb: Fix potential NULL dereference on kmalloc
failure]
+CVE-2025-38641 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b505902c66a282dcb01bcdc015aa1fdfaaa075db (6.17-rc1)
-CVE-2025-38640 [bpf: Disable migration in nf_hook_run_bpf().]
+CVE-2025-38640 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/17ce3e5949bc37557305ad46316f41c7875d6366 (6.17-rc1)
-CVE-2025-38639 [netfilter: xt_nfacct: don't assume acct name is
null-terminated]
+CVE-2025-38639 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/bf58e667af7d96c8eb9411f926a0a0955f41ce21 (6.17-rc1)
-CVE-2025-38638 [ipv6: add a retry logic in net6_rt_notify()]
+CVE-2025-38638 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ea2f921db7a483a526058c5b5b8162edd88dabe5 (6.17-rc1)
-CVE-2025-38636 [rv: Use strings in da monitors tracepoints]
+CVE-2025-38636 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7f904ff6e58d398c4336f3c19c42b338324451f7 (6.17-rc1)
-CVE-2025-38635 [clk: davinci: Add NULL check in davinci_lpsc_clk_register()]
+CVE-2025-38635 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/13de464f445d42738fe18c9a28bab056ba3a290a (6.17-rc1)
-CVE-2025-38634 [power: supply: cpcap-charger: Fix null check for
power_supply_get_by_name]
+CVE-2025-38634 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d9fa3aae08f99493e67fb79413c0e95d30fca5e9 (6.17-rc1)
-CVE-2025-38633 [clk: spacemit: mark K1 pll1_d8 as critical]
+CVE-2025-38633 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7554729de27daf6d54bcf8689d863bbe267828bf (6.17-rc1)
-CVE-2025-38632 [pinmux: fix race causing mux_owner NULL with active
mux_usecount]
+CVE-2025-38632 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0b075c011032f88d1cfde3b45d6dcf08b44140eb (6.17-rc1)
-CVE-2025-38631 [clk: imx95-blk-ctl: Fix synchronous abort]
+CVE-2025-38631 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b08217a257215ed9130fce93d35feba66b49bf0a (6.17-rc1)
-CVE-2025-38630 [fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref]
+CVE-2025-38630 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7 (6.17-rc1)
-CVE-2025-38629 [ALSA: usb: scarlett2: Fix missing NULL check]
+CVE-2025-38629 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/df485a4b2b3ee5b35c80f990beb554e38a8a5fb1 (6.17-rc1)
-CVE-2025-38628 [vdpa/mlx5: Fix release of uninitialized resources on error
path]
+CVE-2025-38628 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cc51a66815999afb7e9cd845968de4fdf07567b7 (6.17-rc1)
-CVE-2025-38627 [f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic]
+CVE-2025-38627 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/39868685c2a94a70762bc6d77dc81d781d05bff5 (6.17-rc1)
-CVE-2025-38626 [f2fs: fix to trigger foreground gc during f2fs_map_blocks() in
lfs mode]
+CVE-2025-38626 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/1005a3ca28e90c7a64fa43023f866b960a60f791 (6.17-rc1)
-CVE-2025-38625 [vfio/pds: Fix missing detach_ioas op]
+CVE-2025-38625 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fe24d5bc635e103a517ec201c3cb571eeab8be2f (6.17-rc1)
-CVE-2025-38624 [PCI: pnv_php: Clean up allocated IRQs on unplug]
+CVE-2025-38624 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/4668619092554e1b95c9a5ac2941ca47ba6d548a (6.17-rc1)
-CVE-2025-38623 [PCI: pnv_php: Fix surprise plug detection and recovery]
+CVE-2025-38623 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a2a2a6fc2469524caa713036297c542746d148dc (6.17-rc1)
-CVE-2025-38622 [net: drop UFO packets in udp_rcv_segment()]
+CVE-2025-38622 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/d46e51f1c78b9ab9323610feb14238d06d46d519 (6.17-rc1)
-CVE-2025-38621 [md: make rdev_addable usable for rcu mode]
+CVE-2025-38621 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/13017b427118f4311471ee47df74872372ca8482 (6.17-rc1)
-CVE-2025-38620 [zloop: fix KASAN use-after-free of tag set]
+CVE-2025-38620 (In the Linux kernel, the following vulnerability has been
resolved: z ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/765761851d89c772f482494d452e266795460278 (6.17-rc1)
-CVE-2025-38619 [media: ti: j721e-csi2rx: fix list_del corruption]
+CVE-2025-38619 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ae42c6fe531425ef2f47e82f96851427d24bbf6b (6.17-rc1)
-CVE-2025-38618 [vsock: Do not allow binding to VMADDR_PORT_ANY]
+CVE-2025-38618 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4 (6.17-rc2)
-CVE-2025-38617 [net/packet: fix a race in packet_set_ring() and
packet_notifier()]
+CVE-2025-38617 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/01d3c8417b9c1b884a8a981a3b886da556512f36 (6.17-rc1)
-CVE-2025-38616 [tls: handle data disappearing from under the TLS ULP]
+CVE-2025-38616 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6db015fc4b5d5f63a64a193f65d98da3a7fc811d (6.17-rc2)
-CVE-2024-58239 [tls: stop recv() if initial process_rx_list gave us non-DATA]
+CVE-2024-58239 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.7.7-1
[bookworm] - linux 6.1.82-1
[bullseye] - linux 5.10.216-1
@@ -105146,7 +105322,7 @@ CVE-2024-7863 (The Favicon Generator (CLOSED)
WordPress plugin before 2.1 does n
NOT-FOR-US: WordPress plugin
CVE-2024-7133 (The Floating Notification Bar, Sticky Menu on Scroll,
Announcement Ban ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-7129 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+CVE-2024-7129 (The Appointment Booking Calendar WordPress plugin before
1.6.7.43 does ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6850 (The Carousel Slider WordPress plugin before 2.2.4 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
@@ -114853,7 +115029,7 @@ CVE-2024-7319 (An incomplete fix for CVE-2023-1625
was found in openstack-heat.
NOTE: Negligible security impact
CVE-2024-7291 (The JetFormBuilder plugin for WordPress is vulnerable to
privilege esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6477 (The UsersWP WordPress plugin before 1.2.12 uses predictable
filenames ...)
+CVE-2024-6477 (The UsersWP WordPress plugin before 1.2.12 uses predictable
filenames ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6390 (The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0
does n ...)
NOT-FOR-US: WordPress plugin
@@ -251092,8 +251268,8 @@ CVE-2022-3923 (The ActiveCampaign for WooCommerce
WordPress plugin before 1.9.8
NOT-FOR-US: WordPress plugin
CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does
not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45134
- RESERVED
+CVE-2022-45134 (Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10
before 22 ...)
+ TODO: check
CVE-2022-45133
RESERVED
CVE-2022-45132 (In Linaro Automated Validation Architecture (LAVA) before
2022.11.1, r ...)
@@ -259415,8 +259591,8 @@ CVE-2022-43112
RESERVED
CVE-2022-43111
RESERVED
-CVE-2022-43110
- RESERVED
+CVE-2022-43110 (Voltronic Power ViewPower through 1.04-21353 and PowerShield
Netguard ...)
+ TODO: check
CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command
injection vulner ...)
NOT-FOR-US: D-Link
CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack
overflow ...)
@@ -291706,8 +291882,8 @@ CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows
gacl/admin/acl_admin.php acl_i
NOT-FOR-US: LibreHealth EHR Base
CVE-2022-31492 (Cross Site scripting (XSS) vulnerability inLibreHealth EHR
Base 2.0.0 ...)
NOT-FOR-US: LibreHealth EHR Base
-CVE-2022-31491
- RESERVED
+CVE-2022-31491 (Voltronic Power ViewPower through 1.04-24215, ViewPower Pro
through 2. ...)
+ TODO: check
CVE-2022-31490
RESERVED
CVE-2022-31489 (Inout Blockchain AltExchanger 1.2.1 allows
index.php/home/about inouti ...)
@@ -419714,6 +419890,7 @@ CVE-2020-21898
CVE-2020-21897
RESERVED
CVE-2020-21896 (A Use After Free vulnerability in
svg_dev_text_span_as_paths_defs func ...)
+ {DLA-4278-1}
- mupdf 1.19.0+ds1-1
[buster] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701294
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe7adaa6d927112663463bd74c8d39e87d5bef04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe7adaa6d927112663463bd74c8d39e87d5bef04
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
