[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 24 09:12:23 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b8465e9 by security tracker role at 2025-07-24T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with specific priv ...)
+	TODO: check
+CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall plugin  ...)
+	TODO: check
+CVE-2025-7852 (The WPBookit plugin for WordPress is vulnerable to arbitrary file uplo ...)
+	TODO: check
+CVE-2025-7745 (: Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC ...)
+	TODO: check
+CVE-2025-7437 (The Ebook Store plugin for WordPress is vulnerable to arbitrary file u ...)
+	TODO: check
+CVE-2025-7001 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2025-54377 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
+	TODO: check
+CVE-2025-54371
+	REJECTED
+CVE-2025-54365 (fastapi-guard is a security library for FastAPI that provides middlewa ...)
+	TODO: check
+CVE-2025-53942 (authentik is an open-source Identity Provider that emphasizes flexibil ...)
+	TODO: check
+CVE-2025-53537 (LibHTP is a security-aware parser for the HTTP protocol and its relate ...)
+	TODO: check
+CVE-2025-4976 (An issue has been discovered in GitLab EE affecting all versions from  ...)
+	TODO: check
+CVE-2025-4968 (The WPBakery Page Builder for WordPress plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-4395 (Medtronic MyCareLink Patient Monitor has a built-in user account with  ...)
+	TODO: check
+CVE-2025-4394 (Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on ...)
+	TODO: check
+CVE-2025-4393 (Medtronic MyCareLink Patient Monitor has an internal service that dese ...)
+	TODO: check
+CVE-2025-47281 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+	TODO: check
+CVE-2025-41240 (Three Bitnami Helm charts mount Kubernetes Secrets under a predictable ...)
+	TODO: check
+CVE-2025-32019 (Harbor is an open source trusted cloud native registry project that st ...)
+	TODO: check
+CVE-2025-26397 (SolarWinds Observability Self-Hosted is susceptible to Deserialization ...)
+	TODO: check
+CVE-2025-1299 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+	TODO: check
+CVE-2025-0765 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2016-15044 (A remote code execution vulnerability exists in Kaltura versions prior ...)
+	TODO: check
 CVE-2025-8070 (The Windows service configuration of ABP and AES contains an unquoted  ...)
 	NOT-FOR-US: Asustor
 CVE-2025-8069 (During the AWS Client VPN client installation on Windows devices, the  ...)
@@ -10,7 +56,7 @@ CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.4
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005
 	NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
-CVE-2025-8022 (All versions of the package bun are vulnerable to Improper Neutralizat ...)
+CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to Improper Ne ...)
 	TODO: check
 CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable to Dire ...)
 	TODO: check
@@ -236,6 +282,7 @@ CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond e
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
 	NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
 CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -246,6 +293,7 @@ CVE-2025-8040 (Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
 CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12,  ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -256,6 +304,7 @@ CVE-2025-8044 (Memory safety bugs present in Firefox 140 and Thunderbird 140. So
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
 CVE-2025-8033 (The JavaScript engine did not handle closed generators correctly and i ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -269,6 +318,7 @@ CVE-2025-8038 (Thunderbird ignored paths when checking the validity of navigatio
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
 CVE-2025-8032 (XSLT document loading did not correctly propagate the source document  ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -276,6 +326,7 @@ CVE-2025-8032 (XSLT document loading did not correctly propagate the source docu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
 CVE-2025-8031 (The `username:password` part was not correctly stripped from URLs in C ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -286,6 +337,7 @@ CVE-2025-8043 (Focus incorrectly truncated URLs towards the beginning instead of
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
 CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -299,6 +351,7 @@ CVE-2025-8036 (Thunderbird cached CORS preflight responses across IP address cha
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
 CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object` and `emb ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -312,6 +365,7 @@ CVE-2025-8041
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
 CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries could le ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -319,6 +373,7 @@ CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries cou
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
 CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit ret ...)
+	{DSA-5964-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird <unfixed>
@@ -326,9 +381,11 @@ CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8027
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8027
 CVE-2025-8011 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed  ...)
+	{DSA-5965-1}
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8010 (Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed  ...)
+	{DSA-5965-1}
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 ...)
@@ -69173,7 +69230,7 @@ CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows
 	NOTE: https://github.com/radareorg/radare2/commit/c75ad89e5f4d1c53bb06f9c4dee174cc73aba30a (5.9.0)
 	NOTE: https://github.com/radareorg/radare2/commit/f368c8ccdb03af307d37f1c6899b94b25a0306c7 (5.9.0)
 	NOTE: https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690
-CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to Prototype  ...)
+CVE-2024-21548 (Versions of the package bun after 0.0.12 and before 1.1.30 are vulnera ...)
 	NOT-FOR-US: bun
 CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are vulnerable ...)
 	NOT-FOR-US: spatie/browsershot



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8465e9f8646ae5afba8e87fa54ca253c108aec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8465e9f8646ae5afba8e87fa54ca253c108aec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250724/d14e6ee1/attachment.htm>

More information about the debian-security-tracker-commits mailing list