[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 8 09:12:08 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
077fe673 by security tracker role at 2025-05-08T08:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,146 +1,198 @@
-CVE-2025-37834 [mm/vmscan: don't try to reclaim hwpoison folio]
+CVE-2025-4127 (The WP SEO Structured Data Schema plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-4043 (An admin user can gain unauthorized write access to the /etc/rc.local ...)
+ TODO: check
+CVE-2025-46826 (insa-auth is an authentication server for INSA Rouen. A minor issue al ...)
+ TODO: check
+CVE-2025-46821 (Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1 ...)
+ TODO: check
+CVE-2025-46727 (Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...)
+ TODO: check
+CVE-2025-46265 (On F5OS, an improper authorization vulnerability exists where remotely ...)
+ TODO: check
+CVE-2025-43878 (When running in Appliance mode, an authenticated attacker assigned the ...)
+ TODO: check
+CVE-2025-41433 (When a Session Initiation Protocol (SIP) message routing framework (MR ...)
+ TODO: check
+CVE-2025-41431 (When connection mirroring is configured on a virtual server, undisclos ...)
+ TODO: check
+CVE-2025-41414 (When HTTP/2 client and server profile is configured on a virtual serve ...)
+ TODO: check
+CVE-2025-41399 (When a Stream Control Transmission Protocol (SCTP) profile is configur ...)
+ TODO: check
+CVE-2025-3925 (BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 o ...)
+ TODO: check
+CVE-2025-3419 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
+ TODO: check
+CVE-2025-36557 (When an HTTP profile with the Enforce RFC Compliance option is configu ...)
+ TODO: check
+CVE-2025-36546 (On an F5OS system, if the root user had previously configured the syst ...)
+ TODO: check
+CVE-2025-36525 (When a BIG-IP APM virtual server is configured to use a PingAccess pro ...)
+ TODO: check
+CVE-2025-36504 (When a BIG-IP HTTP/2 httprouter profile is configured on a virtual ser ...)
+ TODO: check
+CVE-2025-35995 (When a BIG-IP PEM system is licensed with URL categorization, and the ...)
+ TODO: check
+CVE-2025-35939 (Craft CMS stores arbitrary content provided by unauthenticated users i ...)
+ TODO: check
+CVE-2025-32441 (Rack is a modular Ruby web server interface. Prior to version 2.2.14, ...)
+ TODO: check
+CVE-2025-31644 (When running in Appliance mode, a command injection vulnerability exis ...)
+ TODO: check
+CVE-2025-0936 (On affected platforms running Arista EOS with a gNMI transport enabled ...)
+ TODO: check
+CVE-2024-55651 (i-Educar is free, fully online school management software. Version 2.9 ...)
+ TODO: check
+CVE-2024-13793 (The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for Wor ...)
+ TODO: check
+CVE-2024-11953
+ REJECTED
+CVE-2023-7303 (A vulnerability, which was classified as problematic, was found in q2a ...)
+ TODO: check
+CVE-2025-37834 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/1b0449544c6482179ac84530b61fc192a6527bfd (6.15-rc1)
-CVE-2025-37833 [net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads]
+CVE-2025-37833 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/fbb429ddff5c8e479edcc7dde5a542c9295944e6 (6.15-rc3)
-CVE-2025-37832 [cpufreq: sun50i: prevent out-of-bounds access]
+CVE-2025-37832 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/14c8a418159e541d70dbf8fc71225d1623beaf0f (6.15-rc4)
-CVE-2025-37831 [cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()]
+CVE-2025-37831 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9992649f6786921873a9b89dafa5e04d8c5fef2b (6.15-rc4)
-CVE-2025-37830 [cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()]
+CVE-2025-37830 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/484d3f15cc6cbaa52541d6259778e715b2c83c54 (6.15-rc4)
-CVE-2025-37829 [cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()]
+CVE-2025-37829 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/73b24dc731731edf762f9454552cb3a5b7224949 (6.15-rc4)
-CVE-2025-37828 [scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()]
+CVE-2025-37828 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4c324085062919d4e21c69e5e78456dcec0052fe (6.15-rc4)
-CVE-2025-37827 [btrfs: zoned: return EIO on RAID1 block group write pointer mismatch]
+CVE-2025-37827 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b0c26f47992672661340dd6ea931240213016609 (6.15-rc4)
-CVE-2025-37826 [scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()]
+CVE-2025-37826 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/08a966a917fe3d92150fa3cc15793ad5e57051eb (6.15-rc4)
-CVE-2025-37825 [nvmet: fix out-of-bounds access in nvmet_enable_port]
+CVE-2025-37825 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3d7aa0c7b4e96cd460826d932e44710cdeb3378b (6.15-rc4)
-CVE-2025-37824 [tipc: fix NULL pointer dereference in tipc_mon_reinit_self()]
+CVE-2025-37824 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/d63527e109e811ef11abb1c2985048fdb528b4cb (6.15-rc4)
-CVE-2025-37823 [net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too]
+CVE-2025-37823 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/6ccbda44e2cc3d26fd22af54c650d6d5d801addf (6.15-rc4)
-CVE-2025-37822 [riscv: uprobes: Add missing fence.i after building the XOL buffer]
+CVE-2025-37822 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.27-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48 (6.15-rc4)
-CVE-2025-37821 [sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash]
+CVE-2025-37821 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bbce3de72be56e4b5f68924b7da9630cc89aa1a8 (6.15-rc4)
-CVE-2025-37820 [xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()]
+CVE-2025-37820 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/cc3628dcd851ddd8d418bf0c897024b4621ddc92 (6.15-rc4)
-CVE-2025-37819 [irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()]
+CVE-2025-37819 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/3318dc299b072a0511d6dfd8367f3304fb6d9827 (6.15-rc4)
-CVE-2025-37818 [LoongArch: Return NULL from huge_pte_offset() for invalid PMD]
+CVE-2025-37818 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/bd51834d1cf65a2c801295d230c220aeebf87a73 (6.15-rc4)
-CVE-2025-37817 [mcb: fix a double free bug in chameleon_parse_gdd()]
+CVE-2025-37817 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/7c7f1bfdb2249f854a736d9b79778c7e5a29a150 (6.15-rc4)
-CVE-2025-37816 [mei: vsc: Fix fortify-panic caused by invalid counted_by() use]
+CVE-2025-37816 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/00f1cc14da0f06d2897b8c528df7c7dcf1b8da50 (6.15-rc4)
-CVE-2025-37815 [misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration]
+CVE-2025-37815 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/18eb77c75ed01439f96ae5c0f33461eb5134b907 (6.15-rc4)
-CVE-2025-37814 [tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT]
+CVE-2025-37814 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ee6a44da3c87cf64d67dd02be8c0127a5bf56175 (6.15-rc4)
-CVE-2025-37813 [usb: xhci: Fix invalid pointer dereference in Etron workaround]
+CVE-2025-37813 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1ea050da5562af9b930d17cbbe9632d30f5df43a (6.15-rc4)
-CVE-2025-37812 [usb: cdns3: Fix deadlock when using NCM gadget]
+CVE-2025-37812 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/a1059896f2bfdcebcdc7153c3be2307ea319501f (6.15-rc4)
-CVE-2025-37811 [usb: chipidea: ci_hdrc_imx: fix usbmisc handling]
+CVE-2025-37811 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4e28f79e3dffa52d327b46d1a78dac16efb5810b (6.15-rc4)
-CVE-2025-37810 [usb: dwc3: gadget: check that event count does not exceed event buffer length]
+CVE-2025-37810 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/63ccd26cd1f6600421795f6ca3e625076be06c9f (6.15-rc4)
-CVE-2025-37809 [usb: typec: class: Fix NULL pointer access]
+CVE-2025-37809 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ec27386de23a511008c53aa2f3434ad180a3ca9a (6.15-rc4)
-CVE-2025-37808 [crypto: null - Use spin lock instead of mutex]
+CVE-2025-37808 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/dcc47a028c24e793ce6d6efebfef1a1e92f80297 (6.15-rc1)
-CVE-2025-37807 [bpf: Fix kmemleak warning for percpu hashmap]
+CVE-2025-37807 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/11ba7ce076e5903e7bdc1fd1498979c331b3c286 (6.15-rc1)
-CVE-2025-37806 [fs/ntfs3: Keep write operations atomic]
+CVE-2025-37806 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/285cec318bf5a7a6c8ba999b2b6ec96f9a20590f (6.15-rc1)
-CVE-2025-37805 [sound/virtio: Fix cancel_sync warnings on uninitialized work_structs]
+CVE-2025-37805 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/3c7df2e27346eb40a0e86230db1ccab195c97cfe (6.15-rc1)
-CVE-2025-37804 [io_uring: always do atomic put from iowq]
+CVE-2025-37804 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/390513642ee6763c7ada07f0a1470474986e6c1c (6.15-rc1)
-CVE-2025-37803 [udmabuf: fix a buf size overflow issue during udmabuf creation]
+CVE-2025-37803 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.7.7-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/021ba7f1babd029e714d13a6bf2571b08af96d0f (6.15-rc2)
-CVE-2025-37802 [ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"]
+CVE-2025-37802 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/1df0d4c616138784e033ad337961b6e1a6bcd999 (6.15-rc3)
-CVE-2025-37801 [spi: spi-imx: Add check for spi_imx_setupxfer()]
+CVE-2025-37801 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/951a04ab3a2db4029debfa48d380ef834b93207e (6.15-rc3)
-CVE-2025-37800 [driver core: fix potential NULL pointer dereference in dev_uevent()]
+CVE-2025-37800 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/18daa52418e7e4629ed1703b64777294209d2622 (6.15-rc4)
CVE-2025-XXXX [ZDI-CAN-26752]
@@ -661,7 +713,7 @@ CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls
CVE-2020-36791 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.5.17-1
NOTE: https://git.kernel.org/linus/0d1c3530e1bd38382edef72591b78e877e0edcd3 (5.6)
-CVE-2025-32873
+CVE-2025-32873 (An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, ...)
- python-django <unfixed> (bug #1104872)
NOTE: https://www.djangoproject.com/weblog/2025/may/07/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c (4.2.21)
@@ -3632,6 +3684,7 @@ CVE-2025-3911 (Recording of environment variables, configured for running contai
CVE-2025-3910 (A flaw was found in Keycloak. The org.keycloak.authorization package m ...)
- keycloak <itp> (bug #1088287)
CVE-2025-3891 (A flaw was found in the mod_auth_openidc module for Apache httpd. This ...)
+ {DLA-4155-1}
- libapache2-mod-auth-openidc 2.4.14.2-1 (bug #1104484)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2361633
NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-x7cf-8wgv-5j86
@@ -5085,7 +5138,7 @@ CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cros
NOT-FOR-US: WordPress plugin
CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center Innovation ...)
+CVE-2025-34028 (The Commvault Command Center Innovation Release allows an unauthentica ...)
NOT-FOR-US: Commvault
CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Pr ...)
NOT-FOR-US: ManageWiki MediaWiki extension
@@ -13732,7 +13785,7 @@ CVE-2025-21893 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/75845c6c1a64483e9985302793dbf0dfa5f71e32 (6.14)
-CVE-2025-31177
+CVE-2025-31177 (gnuplot is affected by a heap buffer overflow at function utf8_copy_on ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355342
NOTE: No security impact, gnuplot can execute arbitrary commands and need to
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/077fe673783d9e2ccc0d2bd4a9406a0bf250dd89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/077fe673783d9e2ccc0d2bd4a9406a0bf250dd89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/7f5508dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list