[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 30 09:12:10 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1630fe1e by security tracker role at 2025-07-30T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,211 @@
+CVE-2025-8323 (The e-School from Ventem has a Arbitrary File Upload vulnerability, al ...)
+	TODO: check
+CVE-2025-8322 (The e-School from Ventem has a Missing Authorization vulnerability, al ...)
+	TODO: check
+CVE-2025-8321 (Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerabil ...)
+	TODO: check
+CVE-2025-8320 (Tesla Wall Connector Content-Length Header Improper Input Validation R ...)
+	TODO: check
+CVE-2025-8319 (the BMA login interface allows arbitrary JavaScript or HTML to be writ ...)
+	TODO: check
+CVE-2025-8217 (The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0  ...)
+	TODO: check
+CVE-2025-7849 (A memory corruption vulnerability due to improper error handling when  ...)
+	TODO: check
+CVE-2025-7848 (A memory corruption vulnerability due to improper input validation in  ...)
+	TODO: check
+CVE-2025-7361 (A code injection vulnerability due to an improper initialization check ...)
+	TODO: check
+CVE-2025-54381 (BentoML is a Python library for building online serving systems optimi ...)
+	TODO: check
+CVE-2025-54126 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable ...)
+	TODO: check
+CVE-2025-4426 (The vulnerability was identified in the code developed specifically fo ...)
+	TODO: check
+CVE-2025-4425 (The vulnerability was identified in the code developed specifically fo ...)
+	TODO: check
+CVE-2025-4424 (The vulnerability was identified in the code developed specifically fo ...)
+	TODO: check
+CVE-2025-4423 (The vulnerability was identified in the code developed specifically fo ...)
+	TODO: check
+CVE-2025-4422 (The vulnerability was identified in the code developed specifically fo ...)
+	TODO: check
+CVE-2025-4421 (The vulnerability was identified in the code developed specifically fo ...)
+	TODO: check
+CVE-2025-43277 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43276 (A logic error was addressed with improved error handling. This issue i ...)
+	TODO: check
+CVE-2025-43275 (A race condition was addressed with additional validation. This issue  ...)
+	TODO: check
+CVE-2025-43274 (A privacy issue was addressed by removing the vulnerable code. This is ...)
+	TODO: check
+CVE-2025-43273 (A permissions issue was addressed with additional sandbox restrictions ...)
+	TODO: check
+CVE-2025-43270 (An access issue was addressed with additional sandbox restrictions. Th ...)
+	TODO: check
+CVE-2025-43267 (An injection issue was addressed with improved validation. This issue  ...)
+	TODO: check
+CVE-2025-43266 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43265 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2025-43261 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43260 (This issue was addressed with improved data protection. This issue is  ...)
+	TODO: check
+CVE-2025-43259 (This issue was addressed with improved redaction of sensitive informat ...)
+	TODO: check
+CVE-2025-43256 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-43254 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2025-43253 (This issue was addressed with improved input validation. This issue is ...)
+	TODO: check
+CVE-2025-43252 (This issue was addressed by adding an additional prompt for user conse ...)
+	TODO: check
+CVE-2025-43251 (An authorization issue was addressed with improved state management. T ...)
+	TODO: check
+CVE-2025-43250 (A path handling issue was addressed with improved validation. This iss ...)
+	TODO: check
+CVE-2025-43249 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43248 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2025-43247 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43246 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-43245 (A downgrade issue was addressed with additional code-signing restricti ...)
+	TODO: check
+CVE-2025-43244 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2025-43243 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43241 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43240 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-43239 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2025-43237 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2025-43235 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43234 (Multiple memory corruption issues were addressed with improved input v ...)
+	TODO: check
+CVE-2025-43233 (This issue was addressed with improved access restrictions. This issue ...)
+	TODO: check
+CVE-2025-43232 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43230 (The issue was addressed with additional permissions checks. This issue ...)
+	TODO: check
+CVE-2025-43229 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed in iOS 1 ...)
+	TODO: check
+CVE-2025-43227 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-43226 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2025-43225 (A logging issue was addressed with improved data redaction. This issue ...)
+	TODO: check
+CVE-2025-43224 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2025-43223 (A denial-of-service issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2025-43222 (A use-after-free issue was addressed by removing the vulnerable code.  ...)
+	TODO: check
+CVE-2025-43221 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2025-43220 (This issue was addressed with improved validation of symlinks. This is ...)
+	TODO: check
+CVE-2025-43218 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2025-43217 (The issue was addressed by adding additional logic. This issue is fixe ...)
+	TODO: check
+CVE-2025-43216 (A use-after-free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2025-43215 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2025-43214 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43213 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43212 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43211 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43209 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2025-43206 (A parsing issue in the handling of directory paths was addressed with  ...)
+	TODO: check
+CVE-2025-43199 (A permissions issue was addressed by removing the vulnerable code. Thi ...)
+	TODO: check
+CVE-2025-43198 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-43197 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2025-43196 (A path handling issue was addressed with improved validation. This iss ...)
+	TODO: check
+CVE-2025-43195 (An issue existed in the handling of environment variables. This issue  ...)
+	TODO: check
+CVE-2025-43194 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2025-43193 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43192 (A configuration issue was addressed with additional restrictions. This ...)
+	TODO: check
+CVE-2025-43191 (A path handling issue was addressed with improved validation. This iss ...)
+	TODO: check
+CVE-2025-43189 (This issue was addressed with improved memory handling. This issue is  ...)
+	TODO: check
+CVE-2025-43188 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-43186 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-43185 (A downgrade issue was addressed with additional code-signing restricti ...)
+	TODO: check
+CVE-2025-43184 (This issue was addressed by adding an additional prompt for user conse ...)
+	TODO: check
+CVE-2025-40600 (Use of Externally-Controlled Format String vulnerability in the SonicO ...)
+	TODO: check
+CVE-2025-31281 (An input validation issue was addressed with improved memory handling. ...)
+	TODO: check
+CVE-2025-31280 (A memory corruption issue was addressed with improved validation. This ...)
+	TODO: check
+CVE-2025-31279 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31278 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-31277 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-31276 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-31275 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31273 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-31243 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31229 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-25011 (An uncontrolled search path element vulnerability can lead to local pr ...)
+	TODO: check
+CVE-2025-24224 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	TODO: check
+CVE-2025-24188 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-24119 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-0712 (An uncontrolled search path element vulnerability can lead to local pr ...)
+	TODO: check
 CVE-2025-7777
 	NOT-FOR-US: mirror-registry for Quay
-CVE-2025-8292
+CVE-2025-8292 (Use after free in Media Stream in Google Chrome prior to 138.0.7204.18 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-38498 [do_change_type(): refuse to operate on unmounted/not ours mounts]
+CVE-2025-38498 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.12.35-1
 	NOTE: https://git.kernel.org/linus/12f147ddd6de7382dad54812e65f3f08d05809fc (6.16-rc1)
 CVE-2025-8216 (The Sky Addons for Elementor plugin for WordPress is vulnerable to Sto ...)
@@ -5826,7 +6028,7 @@ CVE-2025-27165 (Substance3D - Stager versions 3.1.2 and earlier are affected by
 	NOT-FOR-US: Adobe
 CVE-2024-56468 (IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could ...)
 	NOT-FOR-US: IBM
-CVE-2025-4674
+CVE-2025-4674 (The go command may execute unexpected commands when operating in untru ...)
 	- golang-1.24 <unfixed> (bug #1109109)
 	- golang-1.23 <unfixed> (bug #1109110)
 	- golang-1.19 <removed>
@@ -13215,7 +13417,7 @@ CVE-2025-33122 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain ele
 	NOT-FOR-US: IBM
 CVE-2025-32549 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2025-32510 (Unrestricted Upload of File with Dangerous Type vulnerability in ovath ...)
+CVE-2025-32510 (Unrestricted Upload of File with Dangerous Type vulnerability in Ovath ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31919 (Deserialization of Untrusted Data vulnerability in themeton Spare allo ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -14249,7 +14451,7 @@ CVE-2025-4798 (The WP-DownloadManager plugin for WordPress is vulnerable to arbi
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4666 (The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-4275 (Running the provided utility changes the certificate on any Insyde BIO ...)
+CVE-2025-4275 (A vulnerability in the digital signature verification process does not ...)
 	NOT-FOR-US: Insyde
 CVE-2025-49793
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1630fe1e937cbf994ed90faacdf60d20ec0b6ec6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1630fe1e937cbf994ed90faacdf60d20ec0b6ec6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250730/69a2d91b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list