[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 9 21:12:46 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b665ca33 by security tracker role at 2025-07-09T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,97 +1,203 @@
-CVE-2025-38264 [nvme-tcp: sanitize request list handling]
+CVE-2025-7381 (ImpactThis is an information disclosure vulnerability originating from ...)
+ TODO: check
+CVE-2025-7379 (A security bypass vulnerability allows exploitation via Reverse Tabnab ...)
+ TODO: check
+CVE-2025-7204 (In ConnectWise PSA versions older than 2025.9, a vulnerability exists ...)
+ TODO: check
+CVE-2025-6514 (mcp-remote is exposed to OS command injection when connecting to untru ...)
+ TODO: check
+CVE-2025-53743 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applit ...)
+ TODO: check
+CVE-2025-53742 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools AP ...)
+ TODO: check
+CVE-2025-53678 (Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT ...)
+ TODO: check
+CVE-2025-53677 (Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deploymen ...)
+ TODO: check
+CVE-2025-53676 (Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token ...)
+ TODO: check
+CVE-2025-53675 (Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unen ...)
+ TODO: check
+CVE-2025-53674 (Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sense ...)
+ TODO: check
+CVE-2025-53673 (Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API ...)
+ TODO: check
+CVE-2025-53672 (Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API ke ...)
+ TODO: check
+CVE-2025-53671 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCl ...)
+ TODO: check
+CVE-2025-53670 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API ...)
+ TODO: check
+CVE-2025-53669 (Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Ke ...)
+ TODO: check
+CVE-2025-53668 (Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unen ...)
+ TODO: check
+CVE-2025-53667 (Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch t ...)
+ TODO: check
+CVE-2025-53666 (Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens u ...)
+ TODO: check
+CVE-2025-53665 (Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loa ...)
+ TODO: check
+CVE-2025-53664 (Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest L ...)
+ TODO: check
+CVE-2025-53663 (Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube au ...)
+ TODO: check
+CVE-2025-53662 (Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker ...)
+ TODO: check
+CVE-2025-53661 (Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask T ...)
+ TODO: check
+CVE-2025-53660 (Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Q ...)
+ TODO: check
+CVE-2025-53659 (Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry A ...)
+ TODO: check
+CVE-2025-53658 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the ...)
+ TODO: check
+CVE-2025-53657 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not m ...)
+ TODO: check
+CVE-2025-53656 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM ...)
+ TODO: check
+CVE-2025-53655 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the ...)
+ TODO: check
+CVE-2025-53654 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Se ...)
+ TODO: check
+CVE-2025-53653 (Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner ...)
+ TODO: check
+CVE-2025-53652 (Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not ...)
+ TODO: check
+CVE-2025-53651 (Jenkins HTML Publisher Plugin 425 and earlier displays log messages th ...)
+ TODO: check
+CVE-2025-53650 (Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does ...)
+ TODO: check
+CVE-2025-53645 (Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before ...)
+ TODO: check
+CVE-2025-53620 (@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Serv ...)
+ TODO: check
+CVE-2025-53548 (Clerk helps developers build user management. Applications that use th ...)
+ TODO: check
+CVE-2025-53546 (Folo organizes feeds content into one timeline. Using pull_request_tar ...)
+ TODO: check
+CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.9 ...)
+ TODO: check
+CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...)
+ TODO: check
+CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...)
+ TODO: check
+CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize i ...)
+ TODO: check
+CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41 ...)
+ TODO: check
+CVE-2025-44177 (A directory traversal vulnerability was discovered in White Star Softw ...)
+ TODO: check
+CVE-2025-3499 (The device has two web servers that expose unauthenticated REST APIs o ...)
+ TODO: check
+CVE-2025-3498 (An unauthenticated user with management network access can get and mo ...)
+ TODO: check
+CVE-2025-3497 (The Linux distribution underlying the Radiflow iSAP Smart Collector ( ...)
+ TODO: check
+CVE-2025-36599 (Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Inse ...)
+ TODO: check
+CVE-2025-2670 (IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive ...)
+ TODO: check
+CVE-2025-27028 (The Linux deprivileged user vpuserin Radiflow iSAP Smart Collector (Ce ...)
+ TODO: check
+CVE-2025-27027 (A user with vpusercredentials that opens an SSH connection to the devi ...)
+ TODO: check
+CVE-2025-1112 (IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated use ...)
+ TODO: check
+CVE-2025-38264 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0bf04c874fcb1ae46a863034296e4b33d8fbd66c (6.16-rc1)
-CVE-2025-38263 [bcache: fix NULL pointer in cache_set_flush()]
+CVE-2025-38263 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/1e46ed947ec658f89f1a910d880cd05e42d3763e (6.16-rc1)
-CVE-2025-38262 [tty: serial: uartlite: register uart driver in init]
+CVE-2025-38262 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/6bd697b5fc39fd24e2aa418c7b7d14469f550a93 (6.16-rc1)
-CVE-2025-38261 [riscv: save the SR_SUM status over switches]
+CVE-2025-38261 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/788aa64c01f1262310b4c1fb827a36df170d86ea (6.16-rc1)
-CVE-2025-38260 [btrfs: handle csum tree error with rescue=ibadroots correctly]
+CVE-2025-38260 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/547e836661554dcfa15c212a3821664e85b4191a (6.16-rc4)
-CVE-2025-38259 [ASoC: codecs: wcd9335: Fix missing free of regulator supplies]
+CVE-2025-38259 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/9079db287fc3e38e040b0edeb0a25770bb679c8e (6.16-rc1)
-CVE-2025-38258 [mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write]
+CVE-2025-38258 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4f489fe6afb395dbc79840efa3c05440b760d883 (6.16-rc4)
-CVE-2025-38257 [s390/pkey: Prevent overflow in size calculation for memdup_user()]
+CVE-2025-38257 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/7360ee47599af91a1d5f4e74d635d9408a54e489 (6.16-rc4)
-CVE-2025-38256 [io_uring/rsrc: fix folio unpinning]
+CVE-2025-38256 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5afb4bf9fc62d828647647ec31745083637132e4 (6.16-rc4)
-CVE-2025-38255 [lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()]
+CVE-2025-38255 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/df831e97739405ecbaddb85516bc7d4d1c933d6b (6.16-rc4)
-CVE-2025-38254 [drm/amd/display: Add sanity checks for drm_edid_raw()]
+CVE-2025-38254 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6847b3b6e84ef37451c074e6a8db3fbd250c8dbf (6.16-rc4)
-CVE-2025-38253 [HID: wacom: fix crash in wacom_aes_battery_handler()]
+CVE-2025-38253 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f3054152c12e2eed1e72704aff47b0ea58229584 (6.16-rc4)
-CVE-2025-38252 [cxl/ras: Fix CPER handler device confusion]
+CVE-2025-38252 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8 (6.16-rc4)
-CVE-2025-38251 [atm: clip: prevent NULL deref in clip_push()]
+CVE-2025-38251 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b993ea46b3b601915ceaaf3c802adf11e7d6bac6 (6.16-rc4)
-CVE-2025-38250 [Bluetooth: hci_core: Fix use-after-free in vhci_flush()]
+CVE-2025-38250 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/1d6123102e9fbedc8d25bf4731da6d513173e49e (6.16-rc4)
-CVE-2025-38249 [ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()]
+CVE-2025-38249 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a (6.16-rc4)
-CVE-2025-38248 [bridge: mcast: Fix use-after-free during router port configuration]
+CVE-2025-38248 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7544f3f5b0b58c396f374d060898b5939da31709 (6.16-rc4)
-CVE-2025-38247 [userns and mnt_idmap leak in open_tree_attr(2)]
+CVE-2025-38247 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0748e553df0225754c316a92af3a77fdc057b358 (6.16-rc4)
-CVE-2025-38246 [bnxt: properly flush XDP redirect lists]
+CVE-2025-38246 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9caca6ac0e26cd20efd490d8b3b2ffb1c7c00f6f (6.16-rc4)
-CVE-2025-38245 [atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().]
+CVE-2025-38245 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a433791aeaea6e84df709e0b9584b9bbe040cd1c (6.16-rc4)
-CVE-2025-38244 [smb: client: fix potential deadlock when reconnecting channels]
+CVE-2025-38244 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/711741f94ac3cf9f4e3aa73aa171e76d188c0819 (6.16-rc4)
-CVE-2025-38243 [btrfs: fix invalid inode pointer dereferences during log replay]
+CVE-2025-38243 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2dcf838cf5c2f0f4501edaa1680fcad03618d760 (6.16-rc4)
-CVE-2025-38242 [mm: userfaultfd: fix race of userfaultfd_move and swap cache]
+CVE-2025-38242 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0ea148a799198518d8ebab63ddd0bb6114a103bc (6.16-rc4)
-CVE-2025-38241 [mm/shmem, swap: fix softlockup with mTHP swapin]
+CVE-2025-38241 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a05dd8ae5cbb1cb45f349922cfea4f548a5e5d6f (6.16-rc4)
-CVE-2025-38239 [scsi: megaraid_sas: Fix invalid node index]
+CVE-2025-38239 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/752eb816b55adb0673727ba0ed96609a17895654 (6.16-rc4)
-CVE-2025-38238 [scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out]
+CVE-2025-38238 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2 (6.16-rc4)
-CVE-2025-7378 (Improper Input Validation vulnerability allows injecting arbitrary v ...)
+CVE-2025-7378 (An improper Input Validation vulnerability allows injecting arbitrary ...)
NOT-FOR-US: Asustor
CVE-2025-7220 (A vulnerability was found in Campcodes Payroll Management System 1.0. ...)
NOT-FOR-US: Campcodes
@@ -118200,7 +118306,7 @@ CVE-2024-35432 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Script
NOT-FOR-US: ZKTeco ZKBio CVSecurity
CVE-2024-35431 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via ...)
NOT-FOR-US: ZKTeco ZKBio CVSecurity
-CVE-2024-35430 (In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass pas ...)
+CVE-2024-35430 (In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an ...)
NOT-FOR-US: ZKTeco ZKBio CVSecurity
CVE-2024-35429 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via ...)
NOT-FOR-US: ZKTeco ZKBio CVSecurity
@@ -360218,8 +360324,8 @@ CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any use
NOT-FOR-US: SonLogger
CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...)
- grafana <removed>
-CVE-2021-27961
- RESERVED
+CVE-2021-27961 (evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the inde ...)
+ TODO: check
CVE-2021-27960
RESERVED
CVE-2021-27959
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b665ca3316ba5aaad02ceb81088e59d64e23dfce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b665ca3316ba5aaad02ceb81088e59d64e23dfce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250709/c22bbc46/attachment.htm>
More information about the debian-security-tracker-commits
mailing list