[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 25 21:12:23 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c602647 by security tracker role at 2025-07-25T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,288 +1,514 @@
-CVE-2025-38430 [nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request]
+CVE-2025-8197 (A global buffer overflow vulnerability was found in the soup_header_na ...)
+ TODO: check
+CVE-2025-8183 (NULL Pointer Dereference in \xb5D3TN via non-singleton destination End ...)
+ TODO: check
+CVE-2025-8168 (A vulnerability was found in D-Link DIR-513 1.10. It has been rated as ...)
+ TODO: check
+CVE-2025-8167 (A vulnerability was found in code-projects Church Donation System 1.0. ...)
+ TODO: check
+CVE-2025-8166 (A vulnerability was found in code-projects Church Donation System 1.0. ...)
+ TODO: check
+CVE-2025-8165 (A vulnerability was found in code-projects Food Review System 1.0 and ...)
+ TODO: check
+CVE-2025-8164 (A vulnerability has been found in code-projects Public Chat Room 1.0 a ...)
+ TODO: check
+CVE-2025-8163 (A vulnerability, which was classified as critical, was found in deerwm ...)
+ TODO: check
+CVE-2025-8162 (A vulnerability, which was classified as critical, has been found in d ...)
+ TODO: check
+CVE-2025-8161 (A vulnerability classified as critical was found in deerwms deer-wms-2 ...)
+ TODO: check
+CVE-2025-8160 (A vulnerability classified as critical has been found in Tenda AC20 up ...)
+ TODO: check
+CVE-2025-8159 (A vulnerability was found in D-Link DIR-513 1.0. It has been rated as ...)
+ TODO: check
+CVE-2025-8158 (A vulnerability was found in PHPGurukul Login and User Management Syst ...)
+ TODO: check
+CVE-2025-8157 (A vulnerability was found in PHPGurukul User Registration & Login and ...)
+ TODO: check
+CVE-2025-8156 (A vulnerability was found in PHPGurukul User Registration & Login and ...)
+ TODO: check
+CVE-2025-8155 (A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classif ...)
+ TODO: check
+CVE-2025-8140 (A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It h ...)
+ TODO: check
+CVE-2025-8139 (A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It h ...)
+ TODO: check
+CVE-2025-8138 (A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and c ...)
+ TODO: check
+CVE-2025-5254 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-5253 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2025-54596 (Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 all ...)
+ TODO: check
+CVE-2025-52455 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
+ TODO: check
+CVE-2025-52454 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
+ TODO: check
+CVE-2025-52453 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
+ TODO: check
+CVE-2025-52452 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-52449 (Unrestricted Upload of File with Dangerous Type vulnerability in Sales ...)
+ TODO: check
+CVE-2025-52448 (Authorization Bypass Through User-Controlled Key vulnerability in Sale ...)
+ TODO: check
+CVE-2025-52447 (Authorization Bypass Through User-Controlled Key vulnerability in Sale ...)
+ TODO: check
+CVE-2025-52446 (Authorization Bypass Through User-Controlled Key vulnerability in Sale ...)
+ TODO: check
+CVE-2025-52360 (A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search f ...)
+ TODO: check
+CVE-2025-51411 (A reflected cross-site scripting (XSS) vulnerability exists in Institu ...)
+ TODO: check
+CVE-2025-46199 (Cross Site Scripting vulnerability in grav v.1.7.48 and before allows ...)
+ TODO: check
+CVE-2025-46198 (Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1. ...)
+ TODO: check
+CVE-2025-45960 (Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows ...)
+ TODO: check
+CVE-2025-45939 (Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (S ...)
+ TODO: check
+CVE-2025-45893 (OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scriptin ...)
+ TODO: check
+CVE-2025-45892 (OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scriptin ...)
+ TODO: check
+CVE-2025-45777 (An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara ...)
+ TODO: check
+CVE-2025-45467 (Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as ...)
+ TODO: check
+CVE-2025-45466 (Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control ...)
+ TODO: check
+CVE-2025-45406 (A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6 ...)
+ TODO: check
+CVE-2025-44608 (CloudClassroom-PHP Project v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2025-43712 (JHipster before v.8.9.0 allows privilege escalation via a modified aut ...)
+ TODO: check
+CVE-2025-3873 (The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 f ...)
+ TODO: check
+CVE-2025-3508 (Certain HP DesignJet products may be vulnerable to information disclos ...)
+ TODO: check
+CVE-2025-38467 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2025-38466 (In the Linux kernel, the following vulnerability has been resolved: p ...)
+ TODO: check
+CVE-2025-38465 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38464 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2025-38463 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2025-38462 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2025-38461 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2025-38460 (In the Linux kernel, the following vulnerability has been resolved: a ...)
+ TODO: check
+CVE-2025-38459 (In the Linux kernel, the following vulnerability has been resolved: a ...)
+ TODO: check
+CVE-2025-38458 (In the Linux kernel, the following vulnerability has been resolved: a ...)
+ TODO: check
+CVE-2025-38457 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38456 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2025-38455 (In the Linux kernel, the following vulnerability has been resolved: K ...)
+ TODO: check
+CVE-2025-38454 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
+CVE-2025-38453 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2025-38452 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38451 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2025-38450 (In the Linux kernel, the following vulnerability has been resolved: w ...)
+ TODO: check
+CVE-2025-38449 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2025-38448 (In the Linux kernel, the following vulnerability has been resolved: u ...)
+ TODO: check
+CVE-2025-38447 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2025-38446 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2025-38445 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2025-38444 (In the Linux kernel, the following vulnerability has been resolved: r ...)
+ TODO: check
+CVE-2025-38443 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38442 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2025-38441 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38440 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38439 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2025-38438 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
+CVE-2025-38437 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2025-38436 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2025-38435 (In the Linux kernel, the following vulnerability has been resolved: r ...)
+ TODO: check
+CVE-2025-38434 (In the Linux kernel, the following vulnerability has been resolved: R ...)
+ TODO: check
+CVE-2025-38433 (In the Linux kernel, the following vulnerability has been resolved: r ...)
+ TODO: check
+CVE-2025-38432 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2025-38431 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2025-36728 (Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This iss ...)
+ TODO: check
+CVE-2025-36727 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...)
+ TODO: check
+CVE-2025-34139 (A vulnerability exists in SitecoreExperience Manager (XM),Experience P ...)
+ TODO: check
+CVE-2025-34138 (A vulnerability exists in SitecoreExperience Manager (XM),Experience P ...)
+ TODO: check
+CVE-2025-34136 (An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, ...)
+ TODO: check
+CVE-2025-34114 (A client-side security misconfiguration vulnerability exists in OpenBl ...)
+ TODO: check
+CVE-2025-30135 (An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Ov ...)
+ TODO: check
+CVE-2025-30086 (CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows infor ...)
+ TODO: check
+CVE-2025-2329 (In high traffic environments, a Silicon Labs OpenThread RCP (see impac ...)
+ TODO: check
+CVE-2025-29631 (An issue in Gardyn 4 allows a remote attacker execute arbitrary code)
+ TODO: check
+CVE-2025-29630 (An issue in Gardyn 4 allows a remote attacker with the corresponding s ...)
+ TODO: check
+CVE-2025-29629 (An issue in Gardyn 4 allows a remote attacker to obtain sensitive info ...)
+ TODO: check
+CVE-2025-29628 (An issue in Gardyn 4 allows a remote attacker to obtain sensitive info ...)
+ TODO: check
+CVE-2024-48730 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote ...)
+ TODO: check
+CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote ...)
+ TODO: check
+CVE-2024-13976 (A DLL injection vulnerability exists in Commvault for Windows 11.20.0, ...)
+ TODO: check
+CVE-2024-13975 (A local privilege escalation vulnerability exists in Commvault for Win ...)
+ TODO: check
+CVE-2023-7306 (The Frontend File Manager Plugin plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-53155 (goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the ...)
+ TODO: check
+CVE-2022-4979 (A cross-site scripting (XSS) vulnerability exists in Sitecore Experien ...)
+ TODO: check
+CVE-2020-36850 (An information disclosure vulnerability exits in Sitecore JSS React Sa ...)
+ TODO: check
+CVE-2016-15046 (A client-side remote code execution vulnerability exists in Samsung Se ...)
+ TODO: check
+CVE-2015-10142 (Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 1 ...)
+ TODO: check
+CVE-2014-125119 (A filename spoofing vulnerability exists in WinRAR when opening specia ...)
+ TODO: check
+CVE-2014-125118 (A command injection vulnerability exists in the eScan Web Management C ...)
+ TODO: check
+CVE-2014-125117 (A stack-based buffer overflow vulnerability in the my_cgi.cgi componen ...)
+ TODO: check
+CVE-2014-125116 (A remote code execution vulnerability exists in HybridAuth versions 2. ...)
+ TODO: check
+CVE-2014-125115 (An unauthenticated SQL injection vulnerability exists in Pandora FMS v ...)
+ TODO: check
+CVE-2014-125114 (A stack-based buffer overflow vulnerability exists in i-Ftp version 2. ...)
+ TODO: check
+CVE-2013-10032 (An authenticated remote code execution vulnerability exists in GetSimp ...)
+ TODO: check
+CVE-2025-38430 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/1244f0b2c3cecd3f349a877006e67c9492b41807 (6.16-rc1)
-CVE-2025-38429 [bus: mhi: ep: Update read pointer only after buffer is written]
+CVE-2025-38429 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.35-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6f18d174b73d0ceeaa341f46c0986436b3aefc9a (6.16-rc1)
-CVE-2025-38428 [Input: ims-pcu - check record size in ims_pcu_flash_firmware()]
+CVE-2025-38428 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/a95ef0199e80f3384eb992889322957d26c00102 (6.16-rc1)
-CVE-2025-38427 [video: screen_info: Relocate framebuffers behind PCI bridges]
+CVE-2025-38427 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2f29b5c231011b94007d2c8a6d793992f2275db1 (6.16-rc1)
-CVE-2025-38426 [drm/amdgpu: Add basic validation for RAS header]
+CVE-2025-38426 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5df0d6addb7e9b6f71f7162d1253762a5be9138e (6.16-rc1)
-CVE-2025-38425 [i2c: tegra: check msg length in SMBUS block read]
+CVE-2025-38425 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/a6e04f05ce0b070ab39d5775580e65c7d943da0b (6.16-rc1)
-CVE-2025-38424 [perf: Fix sample vs do_exit()]
+CVE-2025-38424 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/4f6fc782128355931527cefe3eb45338abd8ab39 (6.16-rc3)
-CVE-2025-38423 [ASoC: codecs: wcd9375: Fix double free of regulator supplies]
+CVE-2025-38423 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/63fe298652d4eda07d738bfcbbc59d1343a675ef (6.16-rc1)
-CVE-2025-38422 [net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices]
+CVE-2025-38422 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/3b9935586a9b54d2da27901b830d3cf46ad66a1e (6.16-rc1)
-CVE-2025-38421 [platform/x86/amd: pmf: Use device managed allocations]
+CVE-2025-38421 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d9db3a941270d92bbd1a6a6b54a10324484f2f2d (6.16-rc3)
-CVE-2025-38420 [wifi: carl9170: do not ping device which has failed to load firmware]
+CVE-2025-38420 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/15d25307692312cec4b57052da73387f91a2e870 (6.16-rc3)
-CVE-2025-38419 [remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()]
+CVE-2025-38419 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.35-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7692c9fbedd9087dc9050903f58095915458d9b1 (6.16-rc1)
-CVE-2025-38418 [remoteproc: core: Release rproc->clean_table after rproc_attach() fails]
+CVE-2025-38418 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.35-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bcd241230fdbc6005230f80a4f8646ff5a84f15b (6.16-rc1)
-CVE-2025-38417 [ice: fix eswitch code memory leak in reset scenario]
+CVE-2025-38417 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/48c8b214974dc55283bd5f12e3a483b27c403bbc (6.16-rc3)
-CVE-2025-38416 [NFC: nci: uart: Set tty->disc_data only in success path]
+CVE-2025-38416 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/fc27ab48904ceb7e4792f0c400f1ef175edf16fe (6.16-rc3)
-CVE-2025-38415 [Squashfs: check return result of sb_min_blocksize]
+CVE-2025-38415 (In the Linux kernel, the following vulnerability has been resolved: S ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/734aa85390ea693bb7eaf2240623d41b03705c84 (6.16-rc1)
-CVE-2025-38414 [wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850]
+CVE-2025-38414 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.35-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7588a893cde5385ad308400ff167d29a29913b3a (6.16-rc2)
-CVE-2025-38413 [virtio-net: xsk: rx: fix the frame's length check]
+CVE-2025-38413 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5177373c31318c3c6a190383bfd232e6cf565c36 (6.16-rc5)
-CVE-2025-38412 [platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks]
+CVE-2025-38412 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb617dd25ca176f3fee24f873f0fd60010773d67 (6.16-rc5)
-CVE-2025-38411 [netfs: Fix double put of request]
+CVE-2025-38411 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9df7b5ebead649b00bf9a53a798e4bf83a1318fd (6.16-rc5)
-CVE-2025-38410 [drm/msm: Fix a fence leak in submit error path]
+CVE-2025-38410 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/5d319f75ccf7f0927425a7545aa1a22b3eedc189 (6.16-rc3)
-CVE-2025-38409 [drm/msm: Fix another leak in the submit error path]
+CVE-2025-38409 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/f681c2aa8676a890eacc84044717ab0fd26e058f (6.16-rc3)
-CVE-2025-38408 [genirq/irq_sim: Initialize work context pointers properly]
+CVE-2025-38408 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/8a2277a3c9e4cc5398f80821afe7ecbe9bdf2819 (6.16-rc3)
-CVE-2025-38407 [riscv: cpu_ops_sbi: Use static array for boot_data]
+CVE-2025-38407 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2b29be967ae456fc09c320d91d52278cf721be1e (6.16-rc5)
-CVE-2025-38406 [wifi: ath6kl: remove WARN on bad firmware input]
+CVE-2025-38406 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/e7417421d89358da071fd2930f91e67c7128fbff (6.16-rc3)
-CVE-2025-38405 [nvmet: fix memory leak of bio integrity]
+CVE-2025-38405 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/190f4c2c863af7cc5bb354b70e0805f06419c038 (6.16-rc5)
-CVE-2025-38404 [usb: typec: displayport: Fix potential deadlock]
+CVE-2025-38404 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/099cf1fbb8afc3771f408109f62bdec66f85160e (6.16-rc5)
-CVE-2025-38403 [vsock/vmci: Clear the vmci transport packet properly when initializing it]
+CVE-2025-38403 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/223e2288f4b8c262a864e2c03964ffac91744cd5 (6.16-rc5)
-CVE-2025-38402 [idpf: return 0 size for RSS key if not supported]
+CVE-2025-38402 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f77bf1ebf8ff6301ccdbc346f7b52db928f9cbf8 (6.16-rc5)
-CVE-2025-38401 [mtk-sd: Prevent memory corruption from DMA map failure]
+CVE-2025-38401 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/f5de469990f19569627ea0dd56536ff5a13beaa3 (6.16-rc5)
-CVE-2025-38400 [nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.]
+CVE-2025-38400 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/e8d6f3ab59468e230f3253efe5cb63efa35289f7 (6.16-rc5)
-CVE-2025-38399 [scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()]
+CVE-2025-38399 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/d8ab68bdb294b09a761e967dad374f2965e1913f (6.16-rc3)
-CVE-2025-38398 [spi: spi-qpic-snand: reallocate BAM transactions]
+CVE-2025-38398 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d85d0380292a7e618915069c3579ae23c7c80339 (6.16-rc5)
-CVE-2025-38397 [nvme-multipath: fix suspicious RCU usage warning]
+CVE-2025-38397 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d6811074203b13f715ce2480ac64c5b1c773f2a5 (6.16-rc5)
-CVE-2025-38396 [fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass]
+CVE-2025-38396 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cbe4134ea4bc493239786220bd69cb8a13493190 (6.16-rc5)
-CVE-2025-38395 [regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods]
+CVE-2025-38395 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/c9764fd88bc744592b0604ccb6b6fc1a5f76b4e3 (6.16-rc5)
-CVE-2025-38394 [HID: appletb-kbd: fix memory corruption of input_handler_list]
+CVE-2025-38394 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c80f2b047d5cc42fbd2dff9d1942d4ba7545100f (6.16-rc5)
-CVE-2025-38393 [NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN]
+CVE-2025-38393 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/c01776287414ca43412d1319d2877cbad65444ac (6.16-rc5)
-CVE-2025-38392 [idpf: convert control queue mutex to a spinlock]
+CVE-2025-38392 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b2beb5bb2cd90d7939e470ed4da468683f41baa3 (6.16-rc5)
-CVE-2025-38391 [usb: typec: altmodes/displayport: do not index invalid pin_assignments]
+CVE-2025-38391 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/af4db5a35a4ef7a68046883bfd12468007db38f1 (6.16-rc5)
-CVE-2025-38390 [firmware: arm_ffa: Fix memory leak by freeing notifier callback node]
+CVE-2025-38390 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a833d31ad867103ba72a0b73f3606f4ab8601719 (6.16-rc5)
-CVE-2025-38389 [drm/i915/gt: Fix timeline left held on VMA alloc error]
+CVE-2025-38389 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/a5aa7bc1fca78c7fa127d9e33aa94a0c9066c1d6 (6.16-rc5)
-CVE-2025-38388 [firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context]
+CVE-2025-38388 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9ca7a421229bbdfbe2e1e628cff5cfa782720a10 (6.16-rc5)
-CVE-2025-38387 [RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert]
+CVE-2025-38387 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/8edab8a72d67742f87e9dc2e2b0cdfddda5dc29a (6.16-rc5)
-CVE-2025-38386 [ACPICA: Refuse to evaluate a method if arguments are missing]
+CVE-2025-38386 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/6fcab2791543924d438e7fa49276d0998b0a069f (6.16-rc3)
-CVE-2025-38385 [net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect]
+CVE-2025-38385 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6c7ffc9af7186ed79403a3ffee9a1e5199fc7450 (6.16-rc5)
-CVE-2025-38384 [mtd: spinand: fix memory leak of ECC engine conf]
+CVE-2025-38384 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/6463cbe08b0cbf9bba8763306764f5fd643023e1 (6.16-rc3)
-CVE-2025-38383 [mm/vmalloc: fix data race in show_numa_info()]
+CVE-2025-38383 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5c5f0468d172ddec2e333d738d2a1f85402cf0bc (6.16-rc1)
-CVE-2025-38382 [btrfs: fix iteration of extrefs during log replay]
+CVE-2025-38382 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/54a7081ed168b72a8a2d6ef4ba3a1259705a2926 (6.16-rc5)
-CVE-2025-38381 [Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()]
+CVE-2025-38381 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4cf65845fdd09d711fc7546d60c9abe010956922 (6.16-rc5)
-CVE-2025-38380 [i2c/designware: Fix an initialization issue]
+CVE-2025-38380 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3d30048958e0d43425f6d4e76565e6249fa71050 (6.16-rc5)
-CVE-2025-38379 [smb: client: fix warning when reconnecting channel]
+CVE-2025-38379 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3bbe46716092d8ef6b0df4b956f585c5cd0fc78e (6.16-rc5)
-CVE-2025-38378 [HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe]
+CVE-2025-38378 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/38224c472a038fa9ccd4085511dd9f3d6119dbf9 (6.16-rc5)
-CVE-2025-38377 [rose: fix dangling neighbour pointers in rose_rt_device_down()]
+CVE-2025-38377 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/34a500caf48c47d5171f4aa1f237da39b07c6157 (6.16-rc5)
-CVE-2025-38376 [usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume]
+CVE-2025-38376 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/31a6afbe86e8e9deba9ab53876ec49eafc7fd901 (6.16-rc5)
-CVE-2025-38375 [virtio-net: ensure the received length does not exceed allocated size]
+CVE-2025-38375 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/315dbdd7cdf6aa533829774caaf4d25f1fd20e73 (6.16-rc5)
-CVE-2025-38374 [optee: ffa: fix sleep in atomic context]
+CVE-2025-38374 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/312d02adb959ea199372f375ada06e0186f651e4 (6.16-rc5)
-CVE-2025-38373 [IB/mlx5: Fix potential deadlock in MR deregistration]
+CVE-2025-38373 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2ed25aa7f7711f508b6120e336f05cd9d49943c0 (6.16-rc5)
-CVE-2025-38372 [RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling]
+CVE-2025-38372 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2c6b640ea08bff1a192bf87fa45246ff1e40767c (6.16-rc5)
-CVE-2025-38371 [drm/v3d: Disable interrupts before resetting the GPU]
+CVE-2025-38371 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/226862f50a7a88e4e4de9abbf36c64d19acd6fd0 (6.16-rc5)
-CVE-2025-38370 [btrfs: fix failure to rebuild free space tree using multiple transactions]
+CVE-2025-38370 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1e6ed33cabba8f06f532f2e5851a102602823734 (6.16-rc5)
-CVE-2025-38369 [dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using]
+CVE-2025-38369 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/17502e7d7b7113346296f6758324798d536c31fd (6.16-rc1)
-CVE-2025-38368 [misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()]
+CVE-2025-38368 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/a99b598d836c9c6411110c70a2da134c78d96e67 (6.16-rc1)
-CVE-2025-38367 [LoongArch: KVM: Avoid overflow with array index]
+CVE-2025-38367 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/080e8d2ecdfde588897aa8a87a8884061f4dbbbb (6.16-rc4)
-CVE-2025-38366 [LoongArch: KVM: Check validity of "num_cpu" from user space]
+CVE-2025-38366 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cc8d5b209e09d3b52bca1ffe00045876842d96ae (6.16-rc4)
-CVE-2025-38365 [btrfs: fix a race between renames and directory logging]
+CVE-2025-38365 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3ca864de852bc91007b32d2a0d48993724f4abad (6.16-rc4)
-CVE-2025-38364 [maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()]
+CVE-2025-38364 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fba46a5d83ca8decb338722fb4899026d8d9ead2 (6.16-rc4)
-CVE-2025-38363 [drm/tegra: Fix a possible null pointer dereference]
+CVE-2025-38363 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/780351a5f61416ed2ba1199cc57e4a076fca644d (6.16-rc1)
-CVE-2025-38362 [drm/amd/display: Add null pointer check for get_first_active_display()]
+CVE-2025-38362 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/c3e9826a22027a21d998d3e64882fa377b613006 (6.16-rc1)
-CVE-2025-38361 [drm/amd/display: Check dce_hwseq before dereferencing it]
+CVE-2025-38361 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/b669507b637eb6b1aaecf347f193efccc65d756e (6.16-rc3)
-CVE-2025-38360 [drm/amd/display: Add more checks for DSC / HUBP ONO guarantees]
+CVE-2025-38360 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/0d57dd1765d311111d9885346108c4deeae1deb4 (6.16-rc3)
-CVE-2025-38359 [s390/mm: Fix in_atomic() handling in do_secure_storage_access()]
+CVE-2025-38359 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/11709abccf93b08adde95ef313c300b0d4bc28f1 (6.16-rc1)
-CVE-2025-38358 [btrfs: fix race between async reclaim worker and close_ctree()]
+CVE-2025-38358 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a26bf338cdad3643a6e7c3d78a172baadba15c1a (6.16-rc4)
-CVE-2025-38357 [fuse: fix runtime warning on truncate_folio_batch_exceptionals()]
+CVE-2025-38357 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/befd9a71d859ea625eaa84dae1b243efb3df3eca (6.16-rc4)
-CVE-2025-38356 [drm/xe/guc: Explicitly exit CT safe mode on unwind]
+CVE-2025-38356 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ad40098da5c3b43114d860a5b5740e7204158534 (6.16-rc4)
-CVE-2025-38355 [drm/xe: Process deferred GGTT node removals on device unwind]
+CVE-2025-38355 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/af2b588abe006bd55ddd358c4c3b87523349c475 (6.16-rc4)
-CVE-2025-38354 [drm/msm/gpu: Fix crash when throttling GPU immediately during boot]
+CVE-2025-38354 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b71717735be48d7743a34897e9e44a0b53e30c0e (6.16-rc1)
-CVE-2025-38353 [drm/xe: Fix taking invalid lock on wedge]
+CVE-2025-38353 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.37-1
NOTE: https://git.kernel.org/linus/1e1981b16bb1bbe2fafa57ed439b45cb5b34e32d (6.16-rc1)
CVE-2025-8137 (A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 ...)
@@ -401,7 +627,7 @@ CVE-2025-7690 (The Affiliate Plus plugin for WordPress is vulnerable to Cross-Si
NOT-FOR-US: WordPress plugin
CVE-2025-7640 (The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Sit ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-6998 (ReDoS in strip_whitespaces() function in cps/string_helper.py in janec ...)
+CVE-2025-6998 (ReDoS in strip_whitespaces() function in cps/string_helper.py in Calib ...)
- calibre-web <itp> (bug #982690)
CVE-2025-6588 (The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cros ...)
NOT-FOR-US: WordPress plugin
@@ -9068,7 +9294,7 @@ CVE-2025-5987 (A flaw was found in libssh when using the ChaCha20 cipher with th
[bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5987.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57 (libssh-0.11.2)
-CVE-2025-5449
+CVE-2025-5449 (A flaw was found in the SFTP server message decoding logic of libssh. ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <not-affected> (Vulnerable code not present)
[bullseye] - libssh <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c602647f471ff91a094f914c986eb5ece3bc6e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c602647f471ff91a094f914c986eb5ece3bc6e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/1efce117/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list