[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 20 21:12:19 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e34d77c by security tracker role at 2025-05-20T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,384 +1,484 @@
-CVE-2025-37991 [parisc: Fix double SIGFPE crash]
+CVE-2025-4997 (A vulnerability, which was classified as problematic, was found in H3C ...)
+ TODO: check
+CVE-2025-4996 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4980 (A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA ...)
+ TODO: check
+CVE-2025-4978 (A vulnerability, which was classified as very critical, was found in N ...)
+ TODO: check
+CVE-2025-4977 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4951 (Editions of Rapid7 AppSpider Pro before version7.5.018 is vulnerable t ...)
+ TODO: check
+CVE-2025-4364 (The affected products could allow an unauthenticated attacker to acces ...)
+ TODO: check
+CVE-2025-48391 (In JetBrains YouTrack before 2025.1.76253 deletion of issues was possi ...)
+ TODO: check
+CVE-2025-48056 (Hubble is a fully distributed networking and security observability pl ...)
+ TODO: check
+CVE-2025-48018 (An authenticated user can modify application state data.)
+ TODO: check
+CVE-2025-48017 (Improper limitation of pathname in Circuit Provisioning and File Impor ...)
+ TODO: check
+CVE-2025-48016 (OpenFlow discovery protocol can exhaust resources because it is not ra ...)
+ TODO: check
+CVE-2025-48015 (Failed login response could be different depending on whether the user ...)
+ TODO: check
+CVE-2025-48014 (Password guessing limits could be bypassed when using LDAP authenticat ...)
+ TODO: check
+CVE-2025-47941 (TYPO3 is an open source, PHP based web content management system. In v ...)
+ TODO: check
+CVE-2025-47940 (TYPO3 is an open source, PHP based web content management system. Star ...)
+ TODO: check
+CVE-2025-47939 (TYPO3 is an open source, PHP based web content management system. By d ...)
+ TODO: check
+CVE-2025-47938 (TYPO3 is an open source, PHP based web content management system. Star ...)
+ TODO: check
+CVE-2025-47937 (TYPO3 is an open source, PHP based web content management system. Star ...)
+ TODO: check
+CVE-2025-47936 (TYPO3 is an open source, PHP based web content management system. In v ...)
+ TODO: check
+CVE-2025-47854 (In JetBrains TeamCity before 2025.03.2 open redirect was possible on e ...)
+ TODO: check
+CVE-2025-47853 (In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration ...)
+ TODO: check
+CVE-2025-47852 (In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integra ...)
+ TODO: check
+CVE-2025-47851 (In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks We ...)
+ TODO: check
+CVE-2025-47850 (In JetBrains YouTrack before 2025.1.74704 restricted attachments could ...)
+ TODO: check
+CVE-2025-47290 (containerd is a container runtime. A time-of-check to time-of-use (TOC ...)
+ TODO: check
+CVE-2025-47277 (vLLM, an inference and serving engine for large language models (LLMs) ...)
+ TODO: check
+CVE-2025-46725 (Langroid is a Python framework to build large language model (LLM)-pow ...)
+ TODO: check
+CVE-2025-46724 (Langroid is a Python framework to build large language model (LLM)-pow ...)
+ TODO: check
+CVE-2025-45862 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
+ TODO: check
+CVE-2025-44893 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-44890 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-44885 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-44084 (D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attac ...)
+ TODO: check
+CVE-2025-41231 (VMware Cloud Foundationcontains a missing authorisation vulnerability. ...)
+ TODO: check
+CVE-2025-41230 (VMware Cloud Foundationcontains an information disclosure vulnerabilit ...)
+ TODO: check
+CVE-2025-41229 (VMware Cloud Foundationcontains a directory traversal vulnerability.A ...)
+ TODO: check
+CVE-2025-41228 (VMware ESXi and vCenter Server contain a reflected cross-site scriptin ...)
+ TODO: check
+CVE-2025-41227 (VMware ESXi,Workstation, and Fusion contain a denial-of-service vulner ...)
+ TODO: check
+CVE-2025-41226 (VMwareESXi contains a denial-of-service vulnerability that occurs when ...)
+ TODO: check
+CVE-2025-41225 (The vCenter Server contains an authenticated command-execution vulnera ...)
+ TODO: check
+CVE-2025-40635 (SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrato ...)
+ TODO: check
+CVE-2025-40634 (Stack-based buffer overflow vulnerability in the 'conn-indicator' bina ...)
+ TODO: check
+CVE-2025-40633 (A Stored Cross-Site Scripting (XSS) vulnerability has been found in K ...)
+ TODO: check
+CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an unlimite ...)
+ TODO: check
+CVE-2025-26086 (An unauthenticated blind SQL injection vulnerability exists in RSI Que ...)
+ TODO: check
+CVE-2025-22157 (This High severity PrivEsc (Privilege Escalation) vulnerability was in ...)
+ TODO: check
+CVE-2024-53359 (An issue in Zalo v23.09.01 allows attackers to obtain sensitive user i ...)
+ TODO: check
+CVE-2024-45641 (IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauth ...)
+ TODO: check
+CVE-2023-33861 (IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a truste ...)
+ TODO: check
+CVE-2025-37991 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/de3629baf5a33af1919dec7136d643b0662e85ef (6.15-rc5)
-CVE-2025-37990 [wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()]
+CVE-2025-37990 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/8e089e7b585d95122c8122d732d1d5ef8f879396 (6.15-rc5)
-CVE-2025-37989 [net: phy: leds: fix memory leak]
+CVE-2025-37989 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux 5.10.237-1
NOTE: https://git.kernel.org/linus/b7f0ee992adf601aa00c252418266177eb7ac2bc (6.15-rc4)
-CVE-2025-37988 [fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()]
+CVE-2025-37988 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0d039eac6e5950f9d1ecc9e410c2fd1feaeab3b6 (6.15-rc4)
-CVE-2025-37987 [pds_core: Prevent possible adminq overflow/stuck condition]
+CVE-2025-37987 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d9e2f070d8af60f2c8c02b2ddf0a9e90b4e9220c (6.15-rc4)
-CVE-2025-37986 [usb: typec: class: Invalidate USB device pointers on partner unregistration]
+CVE-2025-37986 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/66e1a887273c6b89f09bc11a40d0a71d5a081a8e (6.15-rc4)
-CVE-2025-37985 [USB: wdm: close race between wdm_open and wdm_wwan_port_stop]
+CVE-2025-37985 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f (6.15-rc4)
-CVE-2025-37984 [crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()]
+CVE-2025-37984 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b16510a530d1e6ab9683f04f8fb34f2e0f538275 (6.15-rc1)
-CVE-2025-37983 [qibfs: fix _another_ leak]
+CVE-2025-37983 (In the Linux kernel, the following vulnerability has been resolved: q ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux 5.10.237-1
NOTE: https://git.kernel.org/linus/bdb43af4fdb39f844ede401bdb1258f67a580a27 (6.15-rc1)
-CVE-2025-37982 [wifi: wl1251: fix memory leak in wl1251_tx_work]
+CVE-2025-37982 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux 5.10.237-1
NOTE: https://git.kernel.org/linus/a0f0dc96de03ffeefc2a177b7f8acde565cb77f4 (6.15-rc3)
-CVE-2025-37981 [scsi: smartpqi: Use is_kdump_kernel() to check for kdump]
+CVE-2025-37981 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a2d5a0072235a69749ceb04c1a26dc75df66a31a (6.15-rc3)
-CVE-2025-37980 [block: fix resource leak in blk_register_queue() error path]
+CVE-2025-37980 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e (6.15-rc3)
-CVE-2025-37979 [ASoC: qcom: Fix sc7280 lpass potential buffer overflow]
+CVE-2025-37979 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a31a4934b31faea76e735bab17e63d02fcd8e029 (6.15-rc3)
-CVE-2025-37978 [block: integrity: Do not call set_page_dirty_lock()]
+CVE-2025-37978 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/39e160505198ff8c158f11bce2ba19809a756e8b (6.15-rc3)
-CVE-2025-37977 [scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set]
+CVE-2025-37977 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.27-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f92bb7436802f8eb7ee72dc911a33c8897fde366 (6.15-rc3)
-CVE-2025-37976 [wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process]
+CVE-2025-37976 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0c1015493f0e3979bcbd3a12ebc0977578c87f21 (6.14.3)
-CVE-2025-37975 [riscv: module: Fix out-of-bounds relocation access]
+CVE-2025-37975 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0b4cce68efb93e31a8e51795d696df6e379cb41c (6.15-rc3)
-CVE-2025-37974 [s390/pci: Fix missing check for zpci_create_device() error return]
+CVE-2025-37974 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/42420c50c68f3e95e90de2479464f420602229fc (6.15-rc6)
-CVE-2025-37973 [wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation]
+CVE-2025-37973 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/023c1f2f0609218103cbcb48e0104b144d4a16dc (6.15-rc6)
-CVE-2025-37972 [Input: mtk-pmic-keys - fix possible null pointer dereference]
+CVE-2025-37972 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/11cdb506d0fbf5ac05bf55f5afcb3a215c316490 (6.15-rc6)
-CVE-2025-37971 [staging: bcm2835-camera: Initialise dev in v4l2_dev]
+CVE-2025-37971 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/98698ca0e58734bc5c1c24e5bbc7429f981cd186 (6.15-rc6)
-CVE-2025-37970 [iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo]
+CVE-2025-37970 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/159ca7f18129834b6f4c7eae67de48e96c752fc9 (6.15-rc6)
-CVE-2025-37969 [iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo]
+CVE-2025-37969 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/8114ef86e2058e2554111b793596f17bee23fa15 (6.15-rc6)
-CVE-2025-37968 [iio: light: opt3001: fix deadlock due to concurrent flag access]
+CVE-2025-37968 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f063a28002e3350088b4577c5640882bf4ea17ea (6.15-rc6)
-CVE-2025-37967 [usb: typec: ucsi: displayport: Fix deadlock]
+CVE-2025-37967 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/364618c89d4c57c85e5fc51a2446cd939bf57802 (6.15-rc6)
-CVE-2025-37966 [riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL]
+CVE-2025-37966 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ae08d55807c099357c047dba17624b09414635dd (6.15-rc6)
-CVE-2025-37965 [drm/amd/display: Fix invalid context error in dml helper]
+CVE-2025-37965 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9984db63742099ee3f3cff35cf71306d10e64356 (6.15-rc6)
-CVE-2025-37964 [x86/mm: Eliminate window where TLB flushes may be inadvertently skipped]
+CVE-2025-37964 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a (6.15-rc6)
-CVE-2025-37963 [arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users]
+CVE-2025-37963 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/f300769ead032513a68e4a02e806393402e626f8 (6.15-rc7)
-CVE-2025-37962 [ksmbd: fix memory leak in parse_lease_state()]
+CVE-2025-37962 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb4447bcce915b43b691123118893fca4f372a8f (6.15-rc6)
-CVE-2025-37961 [ipvs: fix uninit-value for saddr in do_output_route4]
+CVE-2025-37961 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/e34090d7214e0516eb8722aee295cb2507317c07 (6.15-rc6)
-CVE-2025-37960 [memblock: Accept allocated memory before use in memblock_double_array()]
+CVE-2025-37960 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/da8bf5daa5e55a6af2b285ecda460d6454712ff4 (6.15-rc6)
-CVE-2025-37959 [bpf: Scrub packet on bpf_redirect_peer]
+CVE-2025-37959 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/c4327229948879814229b46aa26a750718888503 (6.15-rc6)
-CVE-2025-37958 [mm/huge_memory: fix dereferencing invalid pmd migration entry]
+CVE-2025-37958 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 (6.15-rc6)
-CVE-2025-37957 [KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception]
+CVE-2025-37957 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a2620f8932fa9fdabc3d78ed6efb004ca409019f (6.15-rc6)
-CVE-2025-37956 [ksmbd: prevent rename with empty string]
+CVE-2025-37956 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/53e3e5babc0963a92d856a5ec0ce92c59f54bc12 (6.15-rc6)
-CVE-2025-37955 [virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()]
+CVE-2025-37955 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4397684a292a71fbc1e815c3e283f7490ddce5ae (6.15-rc6)
-CVE-2025-37954 [smb: client: Avoid race in open_cached_dir with lease breaks]
+CVE-2025-37954 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/3ca02e63edccb78ef3659bebc68579c7224a6ca2 (6.15-rc6)
-CVE-2025-37953 [sch_htb: make htb_deactivate() idempotent]
+CVE-2025-37953 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3769478610135e82b262640252d90f6efb05be71 (6.15-rc6)
-CVE-2025-37952 [ksmbd: Fix UAF in __close_file_table_ids]
+CVE-2025-37952 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/36991c1ccde2d5a521577c448ffe07fcccfe104d (6.15-rc6)
-CVE-2025-37951 [drm/v3d: Add job to pending list if the reset was skipped]
+CVE-2025-37951 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/35e4079bf1a2570abffce6ababa631afcf8ea0e5 (6.15-rc6)
-CVE-2025-37950 [ocfs2: fix panic in failed foilio allocation]
+CVE-2025-37950 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/31d4cd4eb2f8d9b87ebfa6a5e443a59e3b3d7b8c (6.15-rc6)
-CVE-2025-37949 [xenbus: Use kref to track req lifetime]
+CVE-2025-37949 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27 (6.15-rc6)
-CVE-2025-37948 [arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs]
+CVE-2025-37948 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/0dfefc2ea2f29ced2416017d7e5b1253a54c2735 (6.15-rc7)
-CVE-2025-37947 [ksmbd: prevent out-of-bounds stream writes by validating *pos]
+CVE-2025-37947 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/0ca6df4f40cf4c32487944aaf48319cb6c25accc (6.15-rc6)
-CVE-2025-37946 [s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs]
+CVE-2025-37946 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1 (6.15-rc6)
-CVE-2025-37945 [net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY]
+CVE-2025-37945 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fc75ea20ffb452652f0d4033f38fe88d7cfdae35 (6.15-rc2)
-CVE-2025-37944 [wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process]
+CVE-2025-37944 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/63fdc4509bcf483e79548de6bc08bf3c8e504bb3 (6.15-rc1)
-CVE-2025-37943 [wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi]
+CVE-2025-37943 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/9a0dddfb30f120db3851627935851d262e4e7acb (6.15-rc1)
-CVE-2025-37942 [HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX]
+CVE-2025-37942 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.12.25-1
NOTE: https://git.kernel.org/linus/1f650dcec32d22deb1d6db12300a2b98483099a9 (6.15-rc1)
-CVE-2025-37941 [ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()]
+CVE-2025-37941 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.25-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3e330acf4efd63876d673c046cd073a1d4ed57a8 (6.15-rc1)
-CVE-2025-37940 [ftrace: Add cond_resched() to ftrace_graph_set_hash()]
+CVE-2025-37940 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux 5.10.237-1
NOTE: https://git.kernel.org/linus/42ea22e754ba4f2b86f8760ca27f6f71da2d982c (6.15-rc1)
-CVE-2025-37939 [libbpf: Fix accessing BTF.ext core_relo header]
+CVE-2025-37939 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0a7c2a84359612e54328aa52030eb202093da6e2 (6.15-rc1)
-CVE-2025-37938 [tracing: Verify event formats that have "%*p.."]
+CVE-2025-37938 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.12.27-1
[bookworm] - linux 6.1.137-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ea8d7647f9ddf1f81e2027ed305299797299aa03 (6.15-rc1)
-CVE-2025-37937 [objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()]
+CVE-2025-37937 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux 5.10.237-1
NOTE: https://git.kernel.org/linus/e63d465f59011dede0a0f1d21718b59a64c3ff5c (6.15-rc1)
-CVE-2025-37936 [perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.]
+CVE-2025-37936 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/58f6217e5d0132a9f14e401e62796916aa055c1b (6.15-rc5)
-CVE-2025-37935 [net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM]
+CVE-2025-37935 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6e0490fc36cdac696f96e57b61d93b9ae32e0f4c (6.15-rc5)
-CVE-2025-37934 [ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction]
+CVE-2025-37934 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3cc393d2232ec770b5f79bf0673d67702a3536c3 (6.15-rc5)
-CVE-2025-37933 [octeon_ep: Fix host hang issue during device reboot]
+CVE-2025-37933 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/34f42736b325287a7b2ce37e415838f539767bda (6.15-rc5)
-CVE-2025-37932 [sch_htb: make htb_qlen_notify() idempotent]
+CVE-2025-37932 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/5ba8b837b522d7051ef81bacf3d95383ff8edce5 (6.15-rc2)
-CVE-2025-37931 [btrfs: adjust subpage bit start based on sectorsize]
+CVE-2025-37931 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e08e49d986f82c30f42ad0ed43ebbede1e1e3739 (6.15-rc5)
-CVE-2025-37930 [drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()]
+CVE-2025-37930 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/bbe5679f30d7690a9b6838a583b9690ea73fe0e9 (6.15-rc5)
-CVE-2025-37929 [arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays]
+CVE-2025-37929 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72 (6.15-rc5)
-CVE-2025-37928 [dm-bufio: don't schedule in atomic context]
+CVE-2025-37928 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/a3d8f0a7f5e8b193db509c7191fefeed3533fc44 (6.15-rc5)
-CVE-2025-37927 [iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid]
+CVE-2025-37927 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/8dee308e4c01dea48fc104d37f92d5b58c50b96c (6.15-rc5)
-CVE-2025-37926 [ksmbd: fix use-after-free in ksmbd_session_rpc_open]
+CVE-2025-37926 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/a1f46c99d9ea411f9bf30025b912d881d36fc709 (6.15-rc5)
-CVE-2025-37924 [ksmbd: fix use-after-free in kerberos authentication]
+CVE-2025-37924 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/e86e9134e1d1c90a960dd57f59ce574d27b9a124 (6.15-rc5)
-CVE-2025-37923 [tracing: Fix oob write in trace_seq_to_buffer()]
+CVE-2025-37923 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/f5178c41bb43444a6008150fe6094497135d07cb (6.15-rc5)
-CVE-2025-37922 [book3s64/radix : Align section vmemmap start address to PAGE_SIZE]
+CVE-2025-37922 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9cf7e13fecbab0894f6986fc6986ab2eba8de52e (6.15-rc5)
-CVE-2025-37921 [vxlan: vnifilter: Fix unlocked deletion of default FDB entry]
+CVE-2025-37921 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/087a9eb9e5978e3ba362e1163691e41097e8ca20 (6.15-rc5)
-CVE-2025-37920 [xsk: Fix race condition in AF_XDP generic RX path]
+CVE-2025-37920 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/a1356ac7749cafc4e27aa62c0c4604b5dca4983e (6.15-rc5)
-CVE-2025-37919 [ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot]
+CVE-2025-37919 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6d9b64156d849e358cb49b6b899fb0b7d262bda8 (6.15-rc5)
-CVE-2025-37918 [Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()]
+CVE-2025-37918 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0317b033abcd1d8dd2798f0e2de5e84543d0bd22 (6.15-rc5)
-CVE-2025-37917 [net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll]
+CVE-2025-37917 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6fe0866014486736cc3ba1c6fd4606d3dbe55c9c (6.15-rc5)
-CVE-2025-37916 [pds_core: remove write-after-free of client_id]
+CVE-2025-37916 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dfd76010f8e821b66116dec3c7d90dd2403d1396 (6.15-rc5)
-CVE-2025-37915 [net_sched: drr: Fix double list add in class with netem as child qdisc]
+CVE-2025-37915 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/f99a3fbf023e20b626be4b0f042463d598050c9a (6.15-rc5)
-CVE-2025-37914 [net_sched: ets: Fix double list add in class with netem as child qdisc]
+CVE-2025-37914 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/1a6d0c00fa07972384b0c308c72db091d49988b6 (6.15-rc5)
-CVE-2025-37913 [net_sched: qfq: Fix double list add in class with netem as child qdisc]
+CVE-2025-37913 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/f139f37dcdf34b67f5bf92bc8e0f7f6b3ac63aa4 (6.15-rc5)
-CVE-2025-37912 [ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()]
+CVE-2025-37912 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/425c5f266b2edeee0ce16fedd8466410cdcfcfe3 (6.15-rc5)
-CVE-2025-37911 [bnxt_en: Fix out-of-bound memcpy() during ethtool -w]
+CVE-2025-37911 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/6b87bd94f34370bbf1dfa59352bed8efab5bf419 (6.15-rc5)
-CVE-2025-37910 [ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations]
+CVE-2025-37910 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e98386d79a23c57cf179fe4138322e277aa3aa74 (6.15-rc5)
-CVE-2025-37909 [net: lan743x: Fix memleak issue when GSO enabled]
+CVE-2025-37909 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/2d52e2e38b85c8b7bc00dca55c2499f46f8c8198 (6.15-rc5)
-CVE-2025-37908 [mm, slab: clean up slab->obj_exts always]
+CVE-2025-37908 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/be8250786ca94952a19ce87f98ad9906448bc9ef (6.15-rc5)
-CVE-2025-37907 [accel/ivpu: Fix locking order in ivpu_job_submit]
+CVE-2025-37907 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/ab680dc6c78aa035e944ecc8c48a1caab9f39924 (6.15-rc1)
-CVE-2025-37906 [ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd]
+CVE-2025-37906 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f40139fde5278d81af3227444fd6e76a76b9506d (6.15-rc4)
-CVE-2025-37905 [firmware: arm_scmi: Balance device refcount when destroying devices]
+CVE-2025-37905 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9ca67840c0ddf3f39407339624cef824a4f27599 (6.15-rc6)
-CVE-2025-37904 [btrfs: fix the inode leak in btrfs_iget()]
+CVE-2025-37904 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/48c1d1bb525b1c44b8bdc8e7ec5629cb6c2b9fc4 (6.15-rc5)
-CVE-2025-37903 [drm/amd/display: Fix slab-use-after-free in hdcp]
+CVE-2025-37903 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/be593d9d91c5a3a363d456b9aceb71029aeb3f1d (6.15-rc5)
-CVE-2025-37902 [dm: fix copying after src array boundaries]
+CVE-2025-37902 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f1aff4bc199cb92c055668caed65505e3b4d2656 (6.15-rc6)
-CVE-2025-37901 [irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs]
+CVE-2025-37901 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/38a05c0b87833f5b188ae43b428b1f792df2b384 (6.15-rc5)
-CVE-2025-37900 [iommu: Fix two issues in iommu_copy_struct_from_user()]
+CVE-2025-37900 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/30a3f2f3e4bd6335b727c83c08a982d969752bc1 (6.15-rc5)
-CVE-2025-37899 [ksmbd: fix use-after-free in session logoff]
+CVE-2025-37899 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/2fc9feff45d92a92cd5f96487655d5be23fb7e2b (6.15-rc5)
-CVE-2025-37898 [powerpc64/ftrace: fix module loading without patchable function entries]
+CVE-2025-37898 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/534f5a8ba27863141e29766467a3e1f61bcb47ac (6.15-rc5)
-CVE-2025-37897 [wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release]
+CVE-2025-37897 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.12.29-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0fb15ae3b0a9221be01715dac0335647c79f3362 (6.15-rc5)
-CVE-2025-37896 [spi: spi-mem: Add fix to avoid divide error]
+CVE-2025-37896 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8e4d3d8a5e51e07bd0d6cdd81b5e4af79f796927 (6.15-rc5)
-CVE-2025-37895 [bnxt_en: Fix error handling path in bnxt_init_chip()]
+CVE-2025-37895 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9ab7a709c926c16b4433cf02d04fcbcf35aaab2b (6.15-rc5)
-CVE-2025-37894 [net: use sock_gen_put() when sk_state is TCP_TIME_WAIT]
+CVE-2025-37894 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f920436a44295ca791ebb6dae3f4190142eec703 (6.15-rc5)
-CVE-2025-37892 [mtd: inftlcore: Add error check for inftl_read_oob()]
+CVE-2025-37892 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.25-1
[bookworm] - linux 6.1.135-1
[bullseye] - linux 5.10.237-1
@@ -5750,7 +5850,8 @@ CVE-2025-3779 (The Personizely plugin for WordPress is vulnerable to Stored Cros
NOT-FOR-US: WordPress plugin
CVE-2025-21572 (OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when ...)
NOT-FOR-US: OpenGrok
-CVE-2025-0782 (A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows ...)
+CVE-2025-0782
+ REJECTED
NOT-FOR-US: h2oai/h2o-3
CVE-2024-55069 (ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_ ...)
- ffmpeg 7:7.1.1-1
@@ -22183,7 +22284,7 @@ CVE-2024-21760 (An improper control of generation of code ('Code Injection') vul
CVE-2023-47539 (An improper access control vulnerability in FortiMail version 7.4.0 co ...)
NOT-FOR-US: Fortinet
CVE-2025-0755 (The various bson_appendfunctions in the MongoDB C driver library may b ...)
- {DLA-4160-1}
+ {DLA-4175-1 DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.27.5-1
@@ -94383,7 +94484,7 @@ CVE-2024-6463
CVE-2024-6461
REJECTED
CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulnerable ...)
- {DLA-4160-1}
+ {DLA-4175-1 DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.27.1-1
@@ -94627,7 +94728,7 @@ CVE-2024-6438 (A vulnerability has been found in Hitout Carsale 1.0 and classifi
CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB Rust ...)
NOT-FOR-US: MongoDB rust driver
CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...)
- {DLA-4160-1}
+ {DLA-4175-1 DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.26.2-1
@@ -205094,7 +205195,7 @@ CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its f
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit cond ...)
- {DLA-4160-1}
+ {DLA-4175-1 DLA-4160-1}
- libbson-xs-perl <removed>
[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.25.0-1
@@ -334214,6 +334315,7 @@ CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3
CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...)
NOT-FOR-US: Hexagon G!nius Auskunftsportal
CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing authent ...)
+ {DLA-4175-1}
- php-mongodb 1.11.1+1.9.2+1.7.5-4
[bullseye] - php-mongodb <no-dsa> (Minor issue)
[buster] - php-mongodb <no-dsa> (Minor issue)
@@ -493457,7 +493559,7 @@ CVE-2019-3730 (RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x
NOT-FOR-US: RSA
CVE-2019-3729 (RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, ...)
NOT-FOR-US: RSA
-CVE-2019-3728 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) ...)
+CVE-2019-3728 (RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 ...)
NOT-FOR-US: RSA
CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...)
NOT-FOR-US: Dell EMC RecoverPoint
@@ -502629,13 +502731,13 @@ CVE-2019-1031 (A cross-site-scripting (XSS) vulnerability exists when Microsoft
NOT-FOR-US: Microsoft
CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft Edge bas ...)
NOT-FOR-US: Microsoft
-CVE-2019-1029 (A denial of service vulnerability exists in Skype for Business, aka 'S ...)
+CVE-2019-1029 (A denial of service vulnerability exists in Skype for Business. An att ...)
NOT-FOR-US: Skype
-CVE-2019-1028 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
+CVE-2019-1028 (An elevation of privilege exists in Windows Audio Service. An attacker ...)
NOT-FOR-US: Microsoft
-CVE-2019-1027 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
+CVE-2019-1027 (An elevation of privilege exists in Windows Audio Service. An attacker ...)
NOT-FOR-US: Microsoft
-CVE-2019-1026 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
+CVE-2019-1026 (An elevation of privilege exists in Windows Audio Service. An attacker ...)
NOT-FOR-US: Microsoft
CVE-2019-1025 (A denial of service vulnerability exists when Windows improperly handl ...)
NOT-FOR-US: Microsoft
@@ -502643,9 +502745,9 @@ CVE-2019-1024 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-1023 (An information disclosure vulnerability exists when the scripting engi ...)
NOT-FOR-US: Microsoft
-CVE-2019-1022 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
+CVE-2019-1022 (An elevation of privilege exists in Windows Audio Service. An attacker ...)
NOT-FOR-US: Microsoft
-CVE-2019-1021 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
+CVE-2019-1021 (An elevation of privilege exists in Windows Audio Service. An attacker ...)
NOT-FOR-US: Microsoft
CVE-2019-1020
REJECTED
@@ -502673,7 +502775,7 @@ CVE-2019-1009 (An information disclosure vulnerability exists when the Windows G
NOT-FOR-US: Microsoft
CVE-2019-1008 (A security feature bypass vulnerability exists in Dynamics On Premise, ...)
NOT-FOR-US: Microsoft Dynamics On-Premise
-CVE-2019-1007 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
+CVE-2019-1007 (An elevation of privilege exists in Windows Audio Service. An attacker ...)
NOT-FOR-US: Microsoft
CVE-2019-1006 (An authentication bypass vulnerability exists in Windows Communication ...)
NOT-FOR-US: Microsoft
@@ -502707,11 +502809,11 @@ CVE-2019-0992 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-0991 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
-CVE-2019-0990 (An information disclosure vulnerability exists when the scripting engi ...)
+CVE-2019-0990 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
CVE-2019-0989 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
-CVE-2019-0988 (A remote code execution vulnerability exists in the way that the scrip ...)
+CVE-2019-0988 (A remote code execution vulnerability exists in the way the scripting ...)
NOT-FOR-US: Microsoft
CVE-2019-0987
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e34d77cf080722e443ab8ce193c2585255d1dd8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e34d77cf080722e443ab8ce193c2585255d1dd8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/6e073096/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list