[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 9 21:12:50 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09daa0a7 by security tracker role at 2025-08-09T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,97 @@
-CVE-2024-58238 [Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test]
+CVE-2025-8773 (A vulnerability, which was classified as critical, was found in Dinsta ...)
+ TODO: check
+CVE-2025-8772 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-8771
+ REJECTED
+CVE-2025-8765 (A vulnerability classified as problematic was found in Datacom DM955 5 ...)
+ TODO: check
+CVE-2025-8764 (A vulnerability classified as critical has been found in linlinjava li ...)
+ TODO: check
+CVE-2025-8763 (A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been ...)
+ TODO: check
+CVE-2025-8759 (A vulnerability was found in TRENDnet TN-200 1.02b02. It has been decl ...)
+ TODO: check
+CVE-2025-8758 (A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been ...)
+ TODO: check
+CVE-2025-8757 (A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified ...)
+ TODO: check
+CVE-2025-8756 (A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 ...)
+ TODO: check
+CVE-2025-8755 (A vulnerability was found in macrozheng mall up to 1.0.3 and classifie ...)
+ TODO: check
+CVE-2025-8753 (A vulnerability, which was classified as critical, has been found in l ...)
+ TODO: check
+CVE-2025-8752 (A vulnerability was found in wangzhixuan spring-shiro-training up to 9 ...)
+ TODO: check
+CVE-2025-8751 (A vulnerability was found in Protected Total WebShield Extension up to ...)
+ TODO: check
+CVE-2025-8750 (A vulnerability has been found in macrozheng mall up to 1.0.3 and clas ...)
+ TODO: check
+CVE-2025-8746 (A vulnerability, which was classified as problematic, was found in GNU ...)
+ TODO: check
+CVE-2025-8745 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-8744 (A vulnerability classified as critical was found in CesiumLab Web up t ...)
+ TODO: check
+CVE-2025-8743 (A vulnerability classified as problematic has been found in Scada-LTS ...)
+ TODO: check
+CVE-2025-8742 (A vulnerability was found in macrozheng mall 1.0.3. It has been rated ...)
+ TODO: check
+CVE-2025-8741 (A vulnerability was found in macrozheng mall up to 1.0.3. It has been ...)
+ TODO: check
+CVE-2025-8740 (A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has be ...)
+ TODO: check
+CVE-2025-8739 (A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classi ...)
+ TODO: check
+CVE-2025-7726 (The The7 theme for WordPress is vulnerable to Stored Cross-Site Script ...)
+ TODO: check
+CVE-2025-7020 (An incorrect encryption implementation vulnerability exists in the sys ...)
+ TODO: check
+CVE-2025-6573 (Kernel software installed and running inside an untrusted/rich executi ...)
+ TODO: check
+CVE-2025-55188 (7-Zip before 25.01 does not always properly handle symbolic links duri ...)
+ TODO: check
+CVE-2025-55152 (oak is a middleware framework for Deno's native HTTP server, Deno Depl ...)
+ TODO: check
+CVE-2025-55149 (Tiny-Scientist is a lightweight framework for automating the entire li ...)
+ TODO: check
+CVE-2025-55013 (The Assemblyline 4 Service Client interfaces with the API to fetch tas ...)
+ TODO: check
+CVE-2025-55009 (The AuthKit library for Remix provides convenient helpers for authenti ...)
+ TODO: check
+CVE-2025-55008 (The AuthKit library for React Router 7+ provides helpers for authentic ...)
+ TODO: check
+CVE-2025-55006 (Frappe Learning is a learning system that helps users structure their ...)
+ TODO: check
+CVE-2025-55003 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-55001 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-55000 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-54999 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-54998 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-54997 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-54996 (OpenBao exists to provide a software solution to manage, store, and di ...)
+ TODO: check
+CVE-2025-54888 (Fedify is a TypeScript library for building federated server apps powe ...)
+ TODO: check
+CVE-2025-54417 (Craft is a platform for creating digital experiences. Versions 4.13.8 ...)
+ TODO: check
+CVE-2025-4655 (SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 thr ...)
+ TODO: check
+CVE-2025-4581 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
+ TODO: check
+CVE-2025-46709 (Possible memory leak or kernel exceptions caused by reading kernel hea ...)
+ TODO: check
+CVE-2024-58238 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/e4db90e4eb8d5487098712ffb1048f3fa6d25e98 (6.9-rc1)
-CVE-2022-50233 [Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}]
+CVE-2022-50233 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 (6.0-rc1)
CVE-2025-7039 [buffer underrun in get_tmp_file()]
@@ -7868,7 +7958,7 @@ CVE-2025-7370
CVE-2025-7365 (A flaw was found in Keycloak. When an authenticated attacker attempts ...)
- keycloak <itp> (bug #1088287)
CVE-2025-32990 (A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softw ...)
- {DSA-5962-1}
+ {DSA-5962-1 DLA-4267-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1696
@@ -7882,13 +7972,13 @@ CVE-2025-32989 (A heap-buffer-overread vulnerability was found in GnuTLS in how
NOTE: Introduced by: https://gitlab.com/gnutls/gnutls/-/commit/242abb6945cbb56c4a41c393d0253ea5b9d3a36a (3.7.3)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2 (3.8.10)
CVE-2025-32988 (A flaw was found in GnuTLS. A double-free vulnerability exists in GnuT ...)
- {DSA-5962-1}
+ {DSA-5962-1 DLA-4267-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1694
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573 (3.8.10)
CVE-2025-6395 (A NULL pointer dereference flaw was found in the GnuTLS software in _g ...)
- {DSA-5962-1}
+ {DSA-5962-1 DLA-4267-1}
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1718
@@ -262846,21 +262936,21 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.)
CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...)
NOT-FOR-US: Panini Everest Engine
CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf.
NOTE: https://bugs.debian.org/1020303
CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
@@ -412817,7 +412907,7 @@ CVE-2020-22671
CVE-2020-22670
RESERVED
CVE-2020-22669 (Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a ...)
- {DLA-3293-1}
+ {DLA-4265-1 DLA-3293-1}
- modsecurity-crs 3.3.2-1
NOTE: https://github.com/coreruleset/coreruleset/pull/1793
NOTE: https://github.com/coreruleset/coreruleset/commit/1a6e9e097587cecc038f1a1a76fc067c7797bbcd (v3.3.1-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09daa0a7268fa4d57d18d980cb904304768373bd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09daa0a7268fa4d57d18d980cb904304768373bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250809/fac5a00b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list