[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 10 21:12:49 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9fbd07f5 by security tracker role at 2025-07-10T20:12:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,96 +1,252 @@
-CVE-2025-38348 [wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()]
+CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flags are ...)
+ TODO: check
+CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field, psvi, ...)
+ TODO: check
+CVE-2025-7413 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-7412 (A vulnerability was found in code-projects Library System 1.0. It has ...)
+ TODO: check
+CVE-2025-7411 (A vulnerability was found in code-projects LifeStyle Store 1.0. It has ...)
+ TODO: check
+CVE-2025-7410 (A vulnerability was found in code-projects LifeStyle Store 1.0. It has ...)
+ TODO: check
+CVE-2025-7409 (A vulnerability was found in code-projects Mobile Shop 1.0 and classif ...)
+ TODO: check
+CVE-2025-7408 (A vulnerability has been found in SourceCodester Zoo Management System ...)
+ TODO: check
+CVE-2025-7407 (A vulnerability, which was classified as critical, was found in Netgea ...)
+ TODO: check
+CVE-2025-7021 (Fullscreen API Spoofing and UI Redressing in the handling of Fullscree ...)
+ TODO: check
+CVE-2025-6948 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-6211 (A vulnerability in the DocugamiReader class of the run-llama/llama_ind ...)
+ TODO: check
+CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all versions from ...)
+ TODO: check
+CVE-2025-5040 (A maliciously crafted RTE file, when parsed through Autodesk Revit, ca ...)
+ TODO: check
+CVE-2025-5037 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
+ TODO: check
+CVE-2025-5023 (Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Cor ...)
+ TODO: check
+CVE-2025-5022 (Weak Password Requirements vulnerability in Mitsubishi Electric Corpor ...)
+ TODO: check
+CVE-2025-53709 (Secure-upload is a data submission service that validates single-use t ...)
+ TODO: check
+CVE-2025-53634 (Chall-Manager is a platform-agnostic system able to start Challenges o ...)
+ TODO: check
+CVE-2025-53633 (Chall-Manager is a platform-agnostic system able to start Challenges o ...)
+ TODO: check
+CVE-2025-53632 (Chall-Manager is a platform-agnostic system able to start Challenges o ...)
+ TODO: check
+CVE-2025-53630 (llama.cpp is an inference of several LLM models in C/C++. Integer Over ...)
+ TODO: check
+CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI. The expr ...)
+ TODO: check
+CVE-2025-53625 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
+ TODO: check
+CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it easier t ...)
+ TODO: check
+CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection vulne ...)
+ TODO: check
+CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
+ TODO: check
+CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vu ...)
+ TODO: check
+CVE-2025-53378 (A missing authentication vulnerability in Trend Micro Worry-Free Busin ...)
+ TODO: check
+CVE-2025-53371 (DiscordNotifications is an extension for MediaWiki that sends notifica ...)
+ TODO: check
+CVE-2025-53364 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability in Apach ...)
+ TODO: check
+CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below i ...)
+ TODO: check
+CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
+ TODO: check
+CVE-2025-52520 (For some unlikely configurations of multipart upload, an Integer Overf ...)
+ TODO: check
+CVE-2025-52473 (liboqs is a C-language cryptographic library that provides implementat ...)
+ TODO: check
+CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
+ TODO: check
+CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all versions from ...)
+ TODO: check
+CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions through ...)
+ TODO: check
+CVE-2025-49630 (In certain proxy configurations, a denial of service attack againstApa ...)
+ TODO: check
+CVE-2025-49464 (Classic buffer overflow in certain Zoom Clients for Windows may allow ...)
+ TODO: check
+CVE-2025-49463 (Insufficient control flow management in certain Zoom Clients for iOS b ...)
+ TODO: check
+CVE-2025-49462 (Cross-site scripting in certain Zoom Clients before version 6.4.5 may ...)
+ TODO: check
+CVE-2025-47813 (loginok.html in Wing FTP Server before 7.4.4 discloses the full local ...)
+ TODO: check
+CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and admin web interfaces mis ...)
+ TODO: check
+CVE-2025-47811 (In Wing FTP Server through 7.4.4, the administrative web interface (li ...)
+ TODO: check
+CVE-2025-46789 (Classic buffer overflow in certain Zoom Clients for Windows may allow ...)
+ TODO: check
+CVE-2025-46788 (Improper certificate validation in Zoom Workplace for Linux before ver ...)
+ TODO: check
+CVE-2025-45662 (A cross-site scripting (XSS) vulnerability in the component /master/lo ...)
+ TODO: check
+CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext duri ...)
+ TODO: check
+CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all versions from ...)
+ TODO: check
+CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote ...)
+ TODO: check
+CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP version ...)
+ TODO: check
+CVE-2025-34101 (An unauthenticated command injection vulnerability exists in Serviio M ...)
+ TODO: check
+CVE-2025-34100 (An unrestricted file upload vulnerability exists in BuilderEngine 3.5. ...)
+ TODO: check
+CVE-2025-34099 (An unauthenticated command injection vulnerability exists in VICIdial ...)
+ TODO: check
+CVE-2025-34098 (A path traversal vulnerability exists in Riverbed SteelHead VCXapplian ...)
+ TODO: check
+CVE-2025-34097 (An unrestricted file upload vulnerability exists in ProcessMaker versi ...)
+ TODO: check
+CVE-2025-34096 (A stack-based buffer overflow vulnerability exists in Easy File Sharin ...)
+ TODO: check
+CVE-2025-34095 (An OS command injection vulnerability exists in Mako Server versions 2 ...)
+ TODO: check
+CVE-2025-34093 (An authenticated command injection vulnerability exists in the Polycom ...)
+ TODO: check
+CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable in the c ...)
+ TODO: check
+CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.46 ...)
+ TODO: check
+CVE-2025-28244 (Insecure Permissions vulnerability in the Local Storage in Alteryx Ser ...)
+ TODO: check
+CVE-2025-28243 (An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a ...)
+ TODO: check
+CVE-2025-27889 (Wing FTP Server before 7.4.4 does not properly validate and sanitize t ...)
+ TODO: check
+CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...)
+ TODO: check
+CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP ...)
+ TODO: check
+CVE-2024-43394 (Server-Side Request Forgery (SSRF)in Apache HTTP Server on Windows all ...)
+ TODO: check
+CVE-2024-43204 (SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to ...)
+ TODO: check
+CVE-2024-42516 (HTTP response splitting in the core of Apache HTTP Server allows an at ...)
+ TODO: check
+CVE-2024-39752 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable t ...)
+ TODO: check
+CVE-2024-38327 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to info ...)
+ TODO: check
+CVE-2024-37524 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote ...)
+ TODO: check
+CVE-2024-36697 (A cross-site scripting (XSS) vulnerability in the Admin Login page of ...)
+ TODO: check
+CVE-2025-38348 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/da1b9a55ff116cb040528ef664c70a4eec03ae99 (6.16-rc1)
-CVE-2025-38347 [f2fs: fix to do sanity check on ino and xnid]
+CVE-2025-38347 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/061cf3a84bde038708eb0f1d065b31b7c2456533 (6.16-rc1)
-CVE-2025-38346 [ftrace: Fix UAF when lookup kallsym after ftrace disabled]
+CVE-2025-38346 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/f914b52c379c12288b7623bb814d0508dbe7481d (6.16-rc1)
-CVE-2025-38345 [ACPICA: fix acpi operand cache leak in dswstate.c]
+CVE-2025-38345 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/156fd20a41e776bbf334bd5e45c4f78dfc90ce1c (6.16-rc1)
-CVE-2025-38344 [ACPICA: fix acpi parse and parseext cache leaks]
+CVE-2025-38344 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/bed18f0bdcd6737a938264a59d67923688696fc4 (6.16-rc1)
-CVE-2025-38343 [wifi: mt76: mt7996: drop fragments with multicast or broadcast RA]
+CVE-2025-38343 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/80fda1cd7b0a1edd0849dc71403a070d0922118d (6.16-rc1)
-CVE-2025-38342 [software node: Correct a OOB check in software_node_get_reference_args()]
+CVE-2025-38342 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/31e4e12e0e9609850cefd4b2e1adf782f56337d6 (6.16-rc1)
-CVE-2025-38341 [eth: fbnic: avoid double free when failing to DMA-map FW msg]
+CVE-2025-38341 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5bd1bafd4474ee26f504b41aba11f3e2a1175b88 (6.16-rc3)
-CVE-2025-38340 [firmware: cs_dsp: Fix OOB memory read access in KUnit test]
+CVE-2025-38340 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/fe6446215bfad11cf3b446f38b28dc7708973c25 (6.16-rc1)
-CVE-2025-38339 [powerpc/bpf: fix JIT code size calculation of bpf trampoline]
+CVE-2025-38339 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/59ba025948be2a92e8bc9ae1cbdaf197660bd508 (6.16-rc1)
-CVE-2025-38338 [fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()]
+CVE-2025-38338 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4c10fa44bc5f700e2ea21de2fbae520ba21f19d9 (6.16-rc1)
-CVE-2025-38337 [jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()]
+CVE-2025-38337 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/af98b0157adf6504fade79b3e6cb260c4ff68e37 (6.16-rc1)
-CVE-2025-38336 [ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330]
+CVE-2025-38336 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/d29fc02caad7f94b62d56ee1b01c954f9c961ba7 (6.16-rc3)
-CVE-2025-38335 [Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT]
+CVE-2025-38335 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f4a8f561d08e39f7833d4a278ebfb12a41eef15f (6.16-rc1)
-CVE-2025-38334 [x86/sgx: Prevent attempts to reclaim poisoned pages]
+CVE-2025-38334 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/ed16618c380c32c68c06186d0ccbb0d5e0586e59 (6.16-rc1)
-CVE-2025-38333 [f2fs: fix to bail out in get_new_segment()]
+CVE-2025-38333 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/bb5eb8a5b222fa5092f60d5555867a05ebc3bdf2 (6.16-rc1)
-CVE-2025-38332 [scsi: lpfc: Use memcpy() for BIOS version]
+CVE-2025-38332 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/ae82eaf4aeea060bb736c3e20c0568b67c701d7d (6.16-rc1)
-CVE-2025-38331 [net: ethernet: cortina: Use TOE/TSO on all TCP]
+CVE-2025-38331 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/6a07e3af4973402fa199a80036c10060b922c92c (6.16-rc1)
-CVE-2025-38330 [firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)]
+CVE-2025-38330 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f4ba2ea57da51d616b689c4b8826c517ff5a8523 (6.16-rc1)
-CVE-2025-38329 [firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)]
+CVE-2025-38329 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/d979b783d61f7f1f95664031b71a33afc74627b2 (6.16-rc1)
-CVE-2025-38328 [jffs2: check jffs2_prealloc_raw_node_refs() result in few other places]
+CVE-2025-38328 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/2b6d96503255a3ed676cd70f8368870c6d6a25c6 (6.16-rc1)
-CVE-2025-38327 [fgraph: Do not enable function_graph tracer when setting funcgraph-args]
+CVE-2025-38327 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/327e28664307d49ce3fa71ba30dcc0007c270974 (6.16-rc3)
-CVE-2025-38326 [aoe: clean device rq_list in aoedev_downdev()]
+CVE-2025-38326 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/7f90d45e57cb2ef1f0adcaf925ddffdfc5e680ca (6.16-rc3)
-CVE-2025-38325 [ksmbd: add free_transport ops in ksmbd connection]
+CVE-2025-38325 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a89f5fae998bdc4d0505306f93844c9ae059d50c (6.16-rc3)
-CVE-2025-38324 [mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().]
+CVE-2025-38324 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/6dbb0d97c5096072c78a6abffe393584e57ae945 (6.16-rc3)
-CVE-2025-38323 [net: atm: add lec_mutex]
+CVE-2025-38323 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/d13a3824bfd2b4774b671a75cf766a16637a0e67 (6.16-rc3)
-CVE-2025-38322 [perf/x86/intel: Fix crash in icl_update_topdown_event()]
+CVE-2025-38322 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed (6.16-rc3)
-CVE-2025-38321 [smb: Log an error when close_all_cached_dirs fails]
+CVE-2025-38321 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/a2182743a8b4969481f64aec4908ff162e8a206c (6.16-rc3)
-CVE-2025-38320 [arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()]
+CVE-2025-38320 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/39dfc971e42d886e7df01371cd1bef505076d84c (6.16-rc3)
CVE-2025-7387 (The Lana Downloads Manager plugin for WordPress is vulnerable to Store ...)
@@ -366,26 +522,26 @@ CVE-2024-10391
REJECTED
CVE-2023-50458 (In Dradis before 4.11.0, the Output Console shows a job queue that may ...)
NOT-FOR-US: Dradis
-CVE-2025-7370 [Null Pointer Dereference on libsoup through function "soup_cookie_jar_add_cookie" in soup-cookie-jar.c]
+CVE-2025-7370 (A flaw was found in libsoup. A NULL pointer dereference vulnerability ...)
- libsoup3 <unfixed> (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2378888
NOTE: Not considered a security issue, and CVE might be retracted/rejected
-CVE-2025-7365
+CVE-2025-7365 (A flaw was found in Keycloak. When an authenticated attacker attempts ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-32990
+CVE-2025-32990 (A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softw ...)
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/408bed40c36a4cc98f0c94a818f682810f731f32 (3.8.10)
-CVE-2025-32989
+CVE-2025-32989 (A heap-buffer-overread vulnerability was found in GnuTLS in how it han ...)
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2 (3.8.10)
-CVE-2025-32988
+CVE-2025-32988 (A flaw was found in GnuTLS. A double-free vulnerability exists in GnuT ...)
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573 (3.8.10)
-CVE-2025-6395
+CVE-2025-6395 (A NULL pointer dereference flaw was found in the GnuTLS software in _g ...)
- gnutls28 3.8.9-3
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad (3.8.10)
@@ -1389,19 +1545,19 @@ CVE-2025-48384 (Git is a fast, scalable, distributed revision control system wit
NOTE: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Fixed by: https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 (2.43.7)
-CVE-2025-46835
+CVE-2025-46835 (Git GUI allows you to use the Git source control management tools via ...)
- git <unfixed> (bug #1108983)
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
-CVE-2025-46334
+CVE-2025-46334 (Git GUI allows you to use the Git source control management tools via ...)
- git <not-affected> (Only affects Git GUI on Windows)
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
-CVE-2025-27614
+CVE-2025-27614 (Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Gi ...)
- git <unfixed> (bug #1108983)
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
-CVE-2025-27613
+CVE-2025-27613 (Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when ...)
- git <unfixed> (bug #1108983)
NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
@@ -5636,13 +5792,13 @@ CVE-2025-6418 (A vulnerability was found in code-projects Simple Online Hotel Re
NOT-FOR-US: code-projects
CVE-2025-52923 (Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre ...)
NOT-FOR-US: Sangfor aTrust
-CVE-2025-52919 (In Yealink YMCS RPS before 2025-05-26, the certificate upload function ...)
+CVE-2025-52919 (In Yealink RPS before 2025-05-26, the certificate upload function does ...)
NOT-FOR-US: Yealink YMCS RPS
-CVE-2025-52918 (Yealink YMCS before 2025-05-26 does not prevent OpenAPI access by froz ...)
+CVE-2025-52918 (Yealink RPS before 2025-05-26 does not prevent OpenAPI access by froze ...)
NOT-FOR-US: Yealink YMCS RPS
-CVE-2025-52917 (The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potent ...)
+CVE-2025-52917 (The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially ...)
NOT-FOR-US: Yealink YMCS RPS
-CVE-2025-52916 (Yealink YMCS RPS before 2025-06-04 lacks SN verification attempt limit ...)
+CVE-2025-52916 (Yealink RPS before 2025-06-04 lacks SN verification attempt limits, en ...)
NOT-FOR-US: Yealink YMCS RPS
CVE-2025-1987 (A Cross-Site Scripting (XSS)vulnerability has been identified in Psono ...)
NOT-FOR-US: Bitdefender
@@ -101006,7 +101162,7 @@ CVE-2024-38202 (Summary Microsoft was notified that an elevation of privilege vu
NOT-FOR-US: Microsoft
CVE-2024-22069 (There is a permission and access control vulnerability of ZTE's ZXV10 ...)
NOT-FOR-US: ZTE
-CVE-2024-21302 (Summary: Microsoft was notified that an elevation of privilege vulnera ...)
+CVE-2024-21302 (Summary: As of July 8, 2025 Microsoft has completed mitigations to add ...)
NOT-FOR-US: Microsoft
CVE-2024-43168 (DISPUTE NOTE: this issue does not pose a security risk as it (accordin ...)
{DLA-3903-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fbd07f584fec8130d8fdc3d923a2284d24573c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fbd07f584fec8130d8fdc3d923a2284d24573c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250710/e94b8c73/attachment.htm>
More information about the debian-security-tracker-commits
mailing list