[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 9 21:12:00 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2339d685 by security tracker role at 2025-05-09T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,229 +1,445 @@
-CVE-2025-37888 [net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()]
+CVE-2025-4488 (A vulnerability was found in itsourcecode Gym Management System 1.0. I ...)
+ TODO: check
+CVE-2025-4487 (A vulnerability was found in itsourcecode Gym Management System 1.0. I ...)
+ TODO: check
+CVE-2025-4486 (A vulnerability was found in itsourcecode Gym Management System 1.0 an ...)
+ TODO: check
+CVE-2025-4485 (A vulnerability has been found in itsourcecode Gym Management System 1 ...)
+ TODO: check
+CVE-2025-4484 (A vulnerability, which was classified as critical, was found in itsour ...)
+ TODO: check
+CVE-2025-4483 (A vulnerability, which was classified as critical, has been found in i ...)
+ TODO: check
+CVE-2025-4482 (A vulnerability classified as critical was found in Project Worlds Stu ...)
+ TODO: check
+CVE-2025-4481 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...)
+ TODO: check
+CVE-2025-4480 (A vulnerability was found in code-projects Simple College Management S ...)
+ TODO: check
+CVE-2025-4472 (A vulnerability was found in code-projects Departmental Store Manageme ...)
+ TODO: check
+CVE-2025-4471 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-4470 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2025-4469 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2025-4468 (A vulnerability was found in SourceCodester Online Student Clearance S ...)
+ TODO: check
+CVE-2025-4467 (A vulnerability was found in SourceCodester Online Student Clearance S ...)
+ TODO: check
+CVE-2025-4466 (A vulnerability was found in itsourcecode Gym Management System 1.0. I ...)
+ TODO: check
+CVE-2025-4465 (A vulnerability was found in itsourcecode Gym Management System 1.0 an ...)
+ TODO: check
+CVE-2025-4464 (A vulnerability has been found in itsourcecode Gym Management System 1 ...)
+ TODO: check
+CVE-2025-4463 (A vulnerability, which was classified as critical, was found in itsour ...)
+ TODO: check
+CVE-2025-4462 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-4461 (A vulnerability classified as problematic was found in TOTOLINK N150RT ...)
+ TODO: check
+CVE-2025-4460 (A vulnerability classified as problematic has been found in TOTOLINK N ...)
+ TODO: check
+CVE-2025-4459 (A vulnerability was found in code-projects Patient Record Management S ...)
+ TODO: check
+CVE-2025-4458 (A vulnerability was found in code-projects Patient Record Management S ...)
+ TODO: check
+CVE-2025-4457 (A vulnerability classified as critical was found in Project Worlds Car ...)
+ TODO: check
+CVE-2025-4456 (A vulnerability classified as critical has been found in Project World ...)
+ TODO: check
+CVE-2025-4455 (A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. I ...)
+ TODO: check
+CVE-2025-4454 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has been decl ...)
+ TODO: check
+CVE-2025-4453 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has been clas ...)
+ TODO: check
+CVE-2025-4452 (A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as ...)
+ TODO: check
+CVE-2025-4451 (A vulnerability has been found in D-Link DIR-619L 2.04B04 and classifi ...)
+ TODO: check
+CVE-2025-4450 (A vulnerability, which was classified as critical, was found in D-Link ...)
+ TODO: check
+CVE-2025-4449 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2025-4448 (A vulnerability classified as critical was found in D-Link DIR-619L 2. ...)
+ TODO: check
+CVE-2025-4446 (A vulnerability has been found in H3C GR-5400AX up to 100R008 and clas ...)
+ TODO: check
+CVE-2025-4445 (A vulnerability classified as critical has been found in D-Link DIR-60 ...)
+ TODO: check
+CVE-2025-4443 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rate ...)
+ TODO: check
+CVE-2025-4442 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been decl ...)
+ TODO: check
+CVE-2025-4441 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been clas ...)
+ TODO: check
+CVE-2025-4440 (A vulnerability was found in H3C GR-1800AX up to 100R008 and classifie ...)
+ TODO: check
+CVE-2025-4434 (The Remote Images Grabber plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin for Word ...)
+ TODO: check
+CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...)
+ TODO: check
+CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal vulnerabilit ...)
+ TODO: check
+CVE-2025-4376 (Improper Input Validation vulnerability in Sparx Systems Pro Cloud Ser ...)
+ TODO: check
+CVE-2025-4375 (Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro C ...)
+ TODO: check
+CVE-2025-4206 (The WordPress CRM, Email & Marketing Automation for WordPress | Award ...)
+ TODO: check
+CVE-2025-4107
+ REJECTED
+CVE-2025-47737 (lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocati ...)
+ TODO: check
+CVE-2025-47736 (dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 befor ...)
+ TODO: check
+CVE-2025-47735 (inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks ...)
+ TODO: check
+CVE-2025-47733 (Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an u ...)
+ TODO: check
+CVE-2025-47732 (Microsoft Dataverse Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-46392 (Uncontrolled Resource Consumption vulnerability in Apache Commons Conf ...)
+ TODO: check
+CVE-2025-46193 (SourceCodester Client Database Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-46192 (SourceCodester Client Database Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-46191 (Arbitrary File Upload in user_payment_update.php in SourceCodester Cli ...)
+ TODO: check
+CVE-2025-46190 (SourceCodester Client Database Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-46189 (SourceCodester Client Database Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-46188 (SourceCodester Client Database Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-45887 (Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ TODO: check
+CVE-2025-45885 (PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQ ...)
+ TODO: check
+CVE-2025-45513 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the functio ...)
+ TODO: check
+CVE-2025-3949 (The Website Builder by SeedProd \u2014 Theme Builder, Landing Page Bui ...)
+ TODO: check
+CVE-2025-3897 (The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File R ...)
+ TODO: check
+CVE-2025-3811 (The WPBookit plugin for WordPress is vulnerable to privilege escalatio ...)
+ TODO: check
+CVE-2025-3810 (The WPBookit plugin for WordPress is vulnerable to privilege escalatio ...)
+ TODO: check
+CVE-2025-3714 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow ...)
+ TODO: check
+CVE-2025-3713 (The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow v ...)
+ TODO: check
+CVE-2025-3712 (The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow v ...)
+ TODO: check
+CVE-2025-3711 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow ...)
+ TODO: check
+CVE-2025-3710 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow ...)
+ TODO: check
+CVE-2025-3605 (The Frontend Login and Registration Blocks plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-3463 ("This issue is limited to motherboards and does not affect laptops, de ...)
+ TODO: check
+CVE-2025-3462 ("This issue is limited to motherboards and does not affect laptops, de ...)
+ TODO: check
+CVE-2025-3455 (The 1 Click WordPress Migration Plugin \u2013 100% FREE for a limited ...)
+ TODO: check
+CVE-2025-37889 (In the Linux kernel, the following vulnerability has been resolved: P ...)
+ TODO: check
+CVE-2025-33072 (Improper access control in Azure allows an unauthorized attacker to di ...)
+ TODO: check
+CVE-2025-31946 (Pixmeo OsiriX MD is vulnerable to a local use after free scenario, wh ...)
+ TODO: check
+CVE-2025-2253 (The IMITHEMES Listing plugin is vulnerable to privilege escalation via ...)
+ TODO: check
+CVE-2025-29972 (Server-Side Request Forgery (SSRF) in Azure allows an authorized attac ...)
+ TODO: check
+CVE-2025-29827 (Improper Authorization in Azure Automation allows an authorized attack ...)
+ TODO: check
+CVE-2025-29813 (An elevation of privilege vulnerability exists when Visual Studio impr ...)
+ TODO: check
+CVE-2025-29509 (Jan v0.5.14 and before is vulnerable to remote code execution (RCE) wh ...)
+ TODO: check
+CVE-2025-28203 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a comman ...)
+ TODO: check
+CVE-2025-28202 (Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows ...)
+ TODO: check
+CVE-2025-28201 (An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically prox ...)
+ TODO: check
+CVE-2025-28200 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak d ...)
+ TODO: check
+CVE-2025-28074 (phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due ...)
+ TODO: check
+CVE-2025-27720 (The Pixmeo Osirix MD Web Portal sends credential information without e ...)
+ TODO: check
+CVE-2025-27578 (Pixmeo OsiriX MD is vulnerable to a use after free scenario, which cou ...)
+ TODO: check
+CVE-2025-1993 (IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2 ...)
+ TODO: check
+CVE-2025-1331 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1could ...)
+ TODO: check
+CVE-2025-1330 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could ...)
+ TODO: check
+CVE-2025-1329 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could ...)
+ TODO: check
+CVE-2025-1087 (Kong Insomnia Desktop Application before 11.0.2 contains a template in ...)
+ TODO: check
+CVE-2024-9524 (Link Following Local Privilege Escalation Vulnerability in System Spee ...)
+ TODO: check
+CVE-2024-13962 (Link Following Local Privilege Escalation Vulnerability in TuneupSvc i ...)
+ TODO: check
+CVE-2024-13961 (Link Following Local Privilege Escalation Vulnerability in TuneupSvc i ...)
+ TODO: check
+CVE-2024-13960 (Link Following Local Privilege Escalation Vulnerability in TuneUp Serv ...)
+ TODO: check
+CVE-2024-13959 (Link Following Local Privilege Escalation Vulnerability in TuneupSvc.e ...)
+ TODO: check
+CVE-2024-13944 (Link Following Local Privilege Escalation Vulnerability in NortonUtili ...)
+ TODO: check
+CVE-2024-13759 (Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Pri ...)
+ TODO: check
+CVE-2024-12442 (EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable t ...)
+ TODO: check
+CVE-2024-11861 (EnerSys AMPA 22.09 and prior versions are vulnerable to command inject ...)
+ TODO: check
+CVE-2024-11617 (The Envolve Plugin plugin for WordPress is vulnerable to arbitrary fil ...)
+ TODO: check
+CVE-2023-31585 (Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /adm ...)
+ TODO: check
+CVE-2025-37888 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/91037037ee3d611ce17f39d75f79c7de394b122a (6.15-rc4)
-CVE-2025-37887 [pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result]
+CVE-2025-37887 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2567daad69cd1107fc0ec29b1615f110d7cf7385 (6.15-rc4)
-CVE-2025-37886 [pds_core: make wait_context part of q_info]
+CVE-2025-37886 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f77c3dfffc7063428b100c4945ca2a7a8680380 (6.15-rc4)
-CVE-2025-37885 [KVM: x86: Reset IRTE to host control if *new* route isn't postable]
+CVE-2025-37885 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 (6.15-rc4)
-CVE-2025-37884 [bpf: Fix deadlock between rcu_tasks_trace and event_mutex.]
+CVE-2025-37884 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1 (6.15-rc1)
-CVE-2025-37883 [s390/sclp: Add check for get_zeroed_page()]
+CVE-2025-37883 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/3db42c75a921854a99db0a2775814fef97415bac (6.15-rc1)
-CVE-2025-37882 [usb: xhci: Fix isochronous Ring Underrun/Overrun event handling]
+CVE-2025-37882 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/906dec15b9b321b546fd31a3c99ffc13724c7af4 (6.15-rc1)
-CVE-2025-37881 [usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()]
+CVE-2025-37881 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/8c75f3e6a433d92084ad4e78b029ae680865420f (6.15-rc1)
-CVE-2025-37880 [um: work around sched_yield not yielding in time-travel mode]
+CVE-2025-37880 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/887c5c12e80c8424bd471122d2e8b6b462e12874 (6.15-rc1)
-CVE-2025-37879 [9p/net: fix improper handling of bogus negative read/write replies]
+CVE-2025-37879 (In the Linux kernel, the following vulnerability has been resolved: 9 ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/d0259a856afca31d699b706ed5e2adf11086c73b (6.15-rc1)
-CVE-2025-37878 [perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init]
+CVE-2025-37878 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/0ba3a4ab76fd3367b9cb680cad70182c896c795c (6.15-rc2)
-CVE-2025-37877 [iommu: Clear iommu-dma ops on cleanup]
+CVE-2025-37877 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/280e5a30100578106a4305ce0118e0aa9b866f12 (6.15-rc2)
-CVE-2025-37876 [netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS]
+CVE-2025-37876 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/40cb48eba3b4b79e110c1a35d33a48cac54507a2 (6.15-rc3)
-CVE-2025-37875 [igc: fix PTM cycle trigger logic]
+CVE-2025-37875 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8e404ad95d2c10c261e2ef6992c7c12dde03df0e (6.15-rc3)
-CVE-2025-37874 [net: ngbe: fix memory leak in ngbe_probe() error path]
+CVE-2025-37874 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/88fa80021b77732bc98f73fb69d69c7cc37b9f0d (6.15-rc3)
-CVE-2025-37873 [eth: bnxt: fix missing ring index trim on error path]
+CVE-2025-37873 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/12f2d033fae957d84c2c0ce604d2a077e61fa2c0 (6.15-rc3)
-CVE-2025-37872 [net: txgbe: fix memory leak in txgbe_probe() error path]
+CVE-2025-37872 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b2727326d0a53709380aa147018085d71a6d4843 (6.15-rc3)
-CVE-2025-37871 [nfsd: decrease sc_count directly if fail to queue dl_recall]
+CVE-2025-37871 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/a1d14d931bf700c1025db8c46d6731aa5cf440f9 (6.15-rc3)
-CVE-2025-37870 [drm/amd/display: prevent hang on link training fail]
+CVE-2025-37870 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/8058061ed9d6bc259d1e678607b07d259342c08f (6.15-rc1)
-CVE-2025-37869 [drm/xe: Use local fence in error path of xe_migrate_clear]
+CVE-2025-37869 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/20659d3150f1a2a258a173fe011013178ff2a197 (6.15-rc2)
-CVE-2025-37868 [drm/xe/userptr: fix notifier vs folio deadlock]
+CVE-2025-37868 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2577b202458cddff85cc154b1fe7f313e0d1f418 (6.15-rc3)
-CVE-2025-37867 [RDMA/core: Silence oversized kvmalloc() warning]
+CVE-2025-37867 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/9a0e6f15029e1a8a21e40f06fd05aa52b7f063de (6.15-rc3)
-CVE-2025-37866 [mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()]
+CVE-2025-37866 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b129005ddfc0e6daf04a6d3b928a9e474f9b3918 (6.15-rc3)
-CVE-2025-37865 [net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported]
+CVE-2025-37865 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ea08dfc35f83cfc73493c52f63ae4f2e29edfe8d (6.15-rc3)
-CVE-2025-37864 [net: dsa: clean up FDB, MDB, VLAN entries on unbind]
+CVE-2025-37864 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7afb5fb42d4950f33af2732b8147c552659f79b7 (6.15-rc3)
-CVE-2025-37863 [ovl: don't allow datadir only]
+CVE-2025-37863 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb3a04a8516ee9b5174379306f94279fc90424c4 (6.15-rc3)
-CVE-2025-37862 [HID: pidff: Fix null pointer dereference in pidff_find_fields]
+CVE-2025-37862 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/22a05462c3d0eee15154faf8d13c49e6295270a5 (6.15-rc1)
-CVE-2025-37861 [scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue]
+CVE-2025-37861 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/f195fc060c738d303a21fae146dbf85e1595fb4c (6.15-rc1)
-CVE-2025-37859 [page_pool: avoid infinite loop to schedule delayed worker]
+CVE-2025-37859 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/43130d02baa137033c25297aaae95fd0edc41654 (6.15-rc1)
-CVE-2025-37858 [fs/jfs: Prevent integer overflow in AG size calculation]
+CVE-2025-37858 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e (6.15-rc1)
-CVE-2025-37857 [scsi: st: Fix array overflow in st_setup()]
+CVE-2025-37857 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/a018d1cf990d0c339fe0e29b762ea5dc10567d67 (6.15-rc1)
-CVE-2025-37856 [btrfs: harden block_group::bg_list against list_del() races]
+CVE-2025-37856 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/7511e29cf1355b2c47d0effb39e463119913e2f6 (6.15-rc1)
-CVE-2025-37855 [drm/amd/display: Guard Possible Null Pointer Dereference]
+CVE-2025-37855 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c87d202692de34ee71d1fd4679a549a29095658a (6.15-rc1)
-CVE-2025-37854 [drm/amdkfd: Fix mode1 reset crash issue]
+CVE-2025-37854 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/f0b4440cdc1807bb6ec3dce0d6de81170803569b (6.15-rc1)
-CVE-2025-37853 [drm/amdkfd: debugfs hang_hws skip GPU with MES]
+CVE-2025-37853 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/fe9d0061c413f8fb8c529b18b592b04170850ded (6.15-rc1)
-CVE-2025-37852 [drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()]
+CVE-2025-37852 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/1435e895d4fc967d64e9f5bf81e992ac32f5ac76 (6.15-rc1)
-CVE-2025-37851 [fbdev: omapfb: Add 'plane' value check]
+CVE-2025-37851 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/3e411827f31db7f938a30a3c7a7599839401ec30 (6.15-rc1)
-CVE-2025-37850 [pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()]
+CVE-2025-37850 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/7ca59947b5fcf94e7ea4029d1bd0f7c41500a161 (6.15-rc2)
-CVE-2025-37849 [KVM: arm64: Tear down vGIC on failed vCPU creation]
+CVE-2025-37849 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/250f25367b58d8c65a1b060a2dda037eea09a672 (6.15-rc1)
-CVE-2025-37848 [accel/ivpu: Fix PM related deadlocks in MS IOCTLs]
+CVE-2025-37848 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d893da85e06edf54737bb80648bb58ba8fd56d9f (6.15-rc2)
-CVE-2025-37847 [accel/ivpu: Fix deadlock in ivpu_ms_cleanup()]
+CVE-2025-37847 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9a6f56762d23a1f3af15e67901493c927caaf882 (6.15-rc2)
-CVE-2025-37846 [arm64: mops: Do not dereference src reg for a set operation]
+CVE-2025-37846 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a13bfa4fe0d6949cea14718df2d1fe84c38cd113 (6.15-rc1)
-CVE-2025-37845 [tracing: fprobe events: Fix possible UAF on modules]
+CVE-2025-37845 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dd941507a9486252d6fcf11814387666792020f3 (6.15-rc2)
-CVE-2025-37844 [cifs: avoid NULL pointer dereference in dbg call]
+CVE-2025-37844 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/b4885bd5935bb26f0a414ad55679a372e53f9b9b (6.15-rc1)
-CVE-2025-37843 [PCI: pciehp: Avoid unnecessary device replacement check]
+CVE-2025-37843 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e3260237aaadc9799107ccb940c6688195c4518d (6.15-rc1)
-CVE-2025-37842 [spi: fsl-qspi: use devm function instead of driver remove]
+CVE-2025-37842 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/40369bfe717e96e26650eeecfa5a6363563df6e4 (6.15-rc1)
-CVE-2025-37841 [pm: cpupower: bench: Prevent NULL dereference on malloc failure]
+CVE-2025-37841 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/208baa3ec9043a664d9acfb8174b332e6b17fb69 (6.15-rc1)
-CVE-2025-37840 [mtd: rawnand: brcmnand: fix PM resume warning]
+CVE-2025-37840 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/ddc210cf8b8a8be68051ad958bf3e2cef6b681c2 (6.15-rc1)
-CVE-2025-37839 [jbd2: remove wrong sb->s_sequence check]
+CVE-2025-37839 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
NOTE: https://git.kernel.org/linus/e6eff39dd0fe4190c6146069cc16d160e71d1148 (6.15-rc1)
-CVE-2025-37837 [iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()]
+CVE-2025-37837 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/767e22001dfce64cc03b7def1562338591ab6031 (6.15-rc2)
-CVE-2025-37836 [PCI: Fix reference leak in pci_register_host_bridge()]
+CVE-2025-37836 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.137-1
NOTE: https://git.kernel.org/linus/804443c1f27883926de94c849d91f5b7d7d696e9 (6.15-rc1)
-CVE-2025-37835 [smb: client: Fix netns refcount imbalance causing leaks and use-after-free]
+CVE-2025-37835 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4e7f1644f2ac6d01dc584f6301c3b1d5aac4eaef (6.15-rc1)
-CVE-2025-4432
+CVE-2025-4432 (A flaw was found in Rust's Ring package. A panic may be triggered when ...)
- rust-ring 0.17.14-1
[bookworm] - rust-ring <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2350655
NOTE: Fixed by: https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38
NOTE: https://github.com/briansmith/ring/pull/2447
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
-CVE-2025-4475 (Issue in my product in blah version x on y allows bad person to break)
+CVE-2025-4475
+ REJECTED
TODO: check
CVE-2025-4208 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4207 (Buffer over-read in PostgreSQL GB18030 encoding validation allows a da ...)
+ {DLA-4159-1}
- postgresql-17 17.5-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue)
@@ -339,6 +555,7 @@ CVE-2024-8100 (On affected versions of the Arista CloudVision Portal (CVP on-pre
CVE-2024-6648 (Absolute Path Traversal vulnerability in AP Page Builder versions prio ...)
NOT-FOR-US: AP Page Builder
CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly ...)
+ {DSA-5894-1 DLA-4106-1}
- jetty12 <not-affected> (Only affects 9.x)
- jetty9 9.4.57-1
- jetty <not-affected> (Only affects 9.x)
@@ -565,11 +782,11 @@ CVE-2025-XXXX [ZDI-CAN-26752]
- gimp <unfixed> (bug #1105005)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
-CVE-2025-1278
+CVE-2025-1278 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
-CVE-2024-8973
+CVE-2024-8973 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2025-0549
+CVE-2025-0549 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2025-4390
- slurm-wlm <unfixed> (bug #1104929)
@@ -2620,7 +2837,8 @@ CVE-2025-32885 (An issue was discovered on goTenna v1 devices with app 5.5.3 and
NOT-FOR-US: goTenna v1 devices
CVE-2025-32884 (An issue was discovered on goTenna Mesh devices with app 5.5.3 and fir ...)
NOT-FOR-US: goTenna Mesh devices
-CVE-2025-32883 (An issue was discovered on goTenna Mesh devices with app 5.5.3 and fir ...)
+CVE-2025-32883
+ REJECTED
NOT-FOR-US: goTenna Mesh devices
CVE-2025-32882 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
NOT-FOR-US: goTenna v1 devices
@@ -4049,7 +4267,7 @@ CVE-2025-3911 (Recording of environment variables, configured for running contai
CVE-2025-3910 (A flaw was found in Keycloak. The org.keycloak.authorization package m ...)
- keycloak <itp> (bug #1088287)
CVE-2025-3891 (A flaw was found in the mod_auth_openidc module for Apache httpd. This ...)
- {DLA-4155-1}
+ {DSA-5917-1 DLA-4155-1}
- libapache2-mod-auth-openidc 2.4.14.2-1 (bug #1104484)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2361633
NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-x7cf-8wgv-5j86
@@ -4654,7 +4872,8 @@ CVE-2025-32982 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorizatio
NOT-FOR-US: NETSCOUT
CVE-2025-32981 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage ...)
NOT-FOR-US: NETSCOUT
-CVE-2025-32980 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.)
+CVE-2025-32980
+ REJECTED
NOT-FOR-US: NETSCOUT
CVE-2025-32979 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation ...)
NOT-FOR-US: NETSCOUT
@@ -8814,7 +9033,7 @@ CVE-2024-13338 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify H
NOT-FOR-US: WordPress plugin
CVE-2024-13337 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, C ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-3528
+CVE-2025-3528 (A flaw was found in the Mirror Registry. The quay-app container shippe ...)
NOT-FOR-US: quay-app container for the Mirror Registry application (Red Hat)
CVE-2025-3439 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Paym ...)
NOT-FOR-US: WordPress plugin
@@ -18290,6 +18509,7 @@ CVE-2024-21760 (An improper control of generation of code ('Code Injection') vul
CVE-2023-47539 (An improper access control vulnerability in FortiMail version 7.4.0 co ...)
NOT-FOR-US: Fortinet
CVE-2025-0755 (The various bson_appendfunctions in the MongoDB C driver library may b ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.27.5-1
@@ -18833,7 +19053,8 @@ CVE-2025-1657 (The Directory Listings WordPress plugin \u2013 uListing plugin fo
NOT-FOR-US: WordPress plugin
CVE-2025-1653 (The Directory Listings WordPress plugin \u2013 uListing plugin for Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-13847 (The Portfolio and Projects plugin for WordPress is vulnerable to Store ...)
+CVE-2024-13847
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-13497 (The WordPress form builder plugin for contact forms, surveys and quizz ...)
NOT-FOR-US: WordPress plugin
@@ -19752,6 +19973,7 @@ CVE-2025-27789 (Babel is a compiler for writing next generation JavaScript. When
NOTE: https://github.com/babel/babel/pull/17173
NOTE: https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8
CVE-2025-27773 (The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related fun ...)
+ {DLA-4161-1}
- simplesamlphp <unfixed> (bug #1100595)
NOTE: https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
NOTE: https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
@@ -90489,6 +90711,7 @@ CVE-2024-6463
CVE-2024-6461
REJECTED
CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulnerable ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.27.1-1
@@ -90733,6 +90956,7 @@ CVE-2024-6438 (A vulnerability has been found in Hitout Carsale 1.0 and classifi
CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB Rust ...)
NOT-FOR-US: MongoDB rust driver
CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.26.2-1
@@ -201181,6 +201405,7 @@ CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its f
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit cond ...)
+ {DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
- mongo-c-driver 1.25.0-1
@@ -297250,7 +297475,7 @@ CVE-2022-21548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
NOT-FOR-US: Oracle
CVE-2022-21547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.30-1 (bug #1015789)
-CVE-2022-21546 (In newer version of the SBC specs, we have a NDOB bit that indicates t ...)
+CVE-2022-21546 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.19.6-1
NOTE: https://git.kernel.org/linus/ccd3f449052449a917a3e577d8ba0368f43b8f29 (5.19-rc7)
CVE-2022-21545 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...)
@@ -508321,6 +508546,7 @@ CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to X
CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration fi ...)
NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in ...)
+ {DLA-4160-1}
- libbson <removed> (bug #913896)
[stretch] - libbson <no-dsa> (Minor issue)
- libbson-xs-perl <removed>
@@ -564442,6 +564668,7 @@ CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423
NOTE: Crash in CLI tool, no securiy impact
CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-it ...)
+ {DLA-4160-1}
- libbson 1.8.0-1 (bug #874754)
[stretch] - libbson <no-dsa> (Minor issue)
- libbson-xs-perl <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2339d68548c73c167b8d4ab105d862ef491c1faf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2339d68548c73c167b8d4ab105d862ef491c1faf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/1ccc86fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list