[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 22 21:13:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0cc6d538 by security tracker role at 2025-10-22T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,302 +1,876 @@
-CVE-2023-53732 [fs/ntfs3: Fix NULL dereference in ni_write_inode]
+CVE-2025-8848 (A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML ...)
+ TODO: check
+CVE-2025-6833 (The All in One Time Clock Lite \u2013 Tracking Employee Time Has Never ...)
+ TODO: check
+CVE-2025-62659 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-62611 (aiomysql is a library for accessing a MySQL database from the asyncio. ...)
+ TODO: check
+CVE-2025-62610 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2025-62607 (Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior t ...)
+ TODO: check
+CVE-2025-62606 (my little forum is a PHP and MySQL based internet forum that displays ...)
+ TODO: check
+CVE-2025-62604 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
+ TODO: check
+CVE-2025-62513 (OpenBao is an open source identity-based secrets management system. In ...)
+ TODO: check
+CVE-2025-62248 (A reflected cross-site scripting (XSS) vulnerability, resulting from ...)
+ TODO: check
+CVE-2025-62247 (Missing Authorization in Collection Provider component in the Liferay ...)
+ TODO: check
+CVE-2025-62073 (Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.Th ...)
+ TODO: check
+CVE-2025-62072 (Missing Authorization vulnerability in Rustaurius Front End Users fron ...)
+ TODO: check
+CVE-2025-62071 (Missing Authorization vulnerability in Repuso Social proof testimonial ...)
+ TODO: check
+CVE-2025-62070 (Missing Authorization vulnerability in WPXPO WowRevenue revenue.This i ...)
+ TODO: check
+CVE-2025-62069 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62068 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62063 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62062 (Insertion of Sensitive Information Into Sent Data vulnerability in The ...)
+ TODO: check
+CVE-2025-62061 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode Product C ...)
+ TODO: check
+CVE-2025-62060 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62058 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62054 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-62052 (Missing Authorization vulnerability in Horea Radu One Page Express Com ...)
+ TODO: check
+CVE-2025-62048 (Missing Authorization vulnerability in WPMU DEV - Your All-in-One Word ...)
+ TODO: check
+CVE-2025-62042 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62029 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-62027 (Missing Authorization vulnerability in StellarWP Event Tickets event-t ...)
+ TODO: check
+CVE-2025-62026 (Insertion of Sensitive Information Into Sent Data vulnerability in Blo ...)
+ TODO: check
+CVE-2025-62025 (Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp ...)
+ TODO: check
+CVE-2025-62024 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62023 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-62022 (Missing Authorization vulnerability in BuddyPress BuddyPress buddypres ...)
+ TODO: check
+CVE-2025-62021 (Missing Authorization vulnerability in Made Neat Acknowledgify acknowl ...)
+ TODO: check
+CVE-2025-62020 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62019 (Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for G ...)
+ TODO: check
+CVE-2025-62015 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-62013 (Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This i ...)
+ TODO: check
+CVE-2025-62009 (Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of " ...)
+ TODO: check
+CVE-2025-62008 (Deserialization of Untrusted Data vulnerability in acowebs Product Tab ...)
+ TODO: check
+CVE-2025-62007 (Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedbac ...)
+ TODO: check
+CVE-2025-62006 (Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This i ...)
+ TODO: check
+CVE-2025-62005 (Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SU ...)
+ TODO: check
+CVE-2025-61035 (The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incor ...)
+ TODO: check
+CVE-2025-60343 (Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 ...)
+ TODO: check
+CVE-2025-60342 (Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-60341 (Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-60340 (Multiple buffer overflows in the SetClientState function of Tenda AC6 ...)
+ TODO: check
+CVE-2025-60339 (Multiple buffer overflow vulnerabilities in the openSchedWifi function ...)
+ TODO: check
+CVE-2025-60338 (Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-60337 (Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2025-60336 (A NULL pointer dereference in the sub_41773C function of TOTOLINK N600 ...)
+ TODO: check
+CVE-2025-60335 (A NULL pointer dereference in the main function of TOTOLINK N600R v4.3 ...)
+ TODO: check
+CVE-2025-60334 (TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-60333 (TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-60332 (A NULL pointer dereference in the SetWLanRadioSettings function of D-L ...)
+ TODO: check
+CVE-2025-60331 (D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2025-60246 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60238 (Deserialization of Untrusted Data vulnerability in universam UNIVERSAM ...)
+ TODO: check
+CVE-2025-60234 (Deserialization of Untrusted Data vulnerability in designthemes Single ...)
+ TODO: check
+CVE-2025-60232 (Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pr ...)
+ TODO: check
+CVE-2025-60228 (Deserialization of Untrusted Data vulnerability in designthemes Knowle ...)
+ TODO: check
+CVE-2025-60227 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-60226 (Deserialization of Untrusted Data vulnerability in axiomthemes White R ...)
+ TODO: check
+CVE-2025-60225 (Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPa ...)
+ TODO: check
+CVE-2025-60224 (Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe ...)
+ TODO: check
+CVE-2025-60222 (Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO ...)
+ TODO: check
+CVE-2025-60221 (Deserialization of Untrusted Data vulnerability in captivateaudio Capt ...)
+ TODO: check
+CVE-2025-60220 (Incorrect Privilege Assignment vulnerability in pebas CouponXxL coupon ...)
+ TODO: check
+CVE-2025-60217 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-60216 (Deserialization of Untrusted Data vulnerability in BoldThemes Addison ...)
+ TODO: check
+CVE-2025-60215 (Deserialization of Untrusted Data vulnerability in designthemes Kriya ...)
+ TODO: check
+CVE-2025-60214 (Deserialization of Untrusted Data vulnerability in BoldThemes Goldenbl ...)
+ TODO: check
+CVE-2025-60213 (Deserialization of Untrusted Data vulnerability in Whitebox-Studio Sca ...)
+ TODO: check
+CVE-2025-60212 (Deserialization of Untrusted Data vulnerability in designthemes VEDA v ...)
+ TODO: check
+CVE-2025-60211 (Incorrect Privilege Assignment vulnerability in extendons WooCommerce ...)
+ TODO: check
+CVE-2025-60210 (Deserialization of Untrusted Data vulnerability in wpeverest Everest F ...)
+ TODO: check
+CVE-2025-60209 (Deserialization of Untrusted Data vulnerability in CRM Perks Connector ...)
+ TODO: check
+CVE-2025-60208 (Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advance ...)
+ TODO: check
+CVE-2025-60206 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-60176 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60168 (Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelru ...)
+ TODO: check
+CVE-2025-60151 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2025-60135 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60134 (Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby W ...)
+ TODO: check
+CVE-2025-60132 (Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogs ...)
+ TODO: check
+CVE-2025-60131 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60041 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-60039 (Deserialization of Untrusted Data vulnerability in rascals Noisa noisa ...)
+ TODO: check
+CVE-2025-59593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-59580 (Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers ...)
+ TODO: check
+CVE-2025-59579 (Insertion of Sensitive Information Into Sent Data vulnerability in Pre ...)
+ TODO: check
+CVE-2025-59578 (Insertion of Sensitive Information Into Sent Data vulnerability in wpd ...)
+ TODO: check
+CVE-2025-59575 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-59571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-59566 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-59564 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-59558 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-59557 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-59555 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-59550 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-59007 (Deserialization of Untrusted Data vulnerability in themesflat TF Woo P ...)
+ TODO: check
+CVE-2025-59006 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-59004 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58971 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58970 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-58967 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58966 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58963 (Unrestricted Upload of File with Dangerous Type vulnerability in 7oroo ...)
+ TODO: check
+CVE-2025-58961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58959 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-58958 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58955 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-57870 (A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11 ...)
+ TODO: check
+CVE-2025-56447 (TM2 Monitoring v3.04 contains an authentication bypass and plaintext c ...)
+ TODO: check
+CVE-2025-53428 (Incorrect Privilege Assignment vulnerability in N-Media Simple User Re ...)
+ TODO: check
+CVE-2025-53427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53425 (Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan doka ...)
+ TODO: check
+CVE-2025-53424 (Missing Authorization vulnerability in vanquish WooCommerce Orders & C ...)
+ TODO: check
+CVE-2025-53423 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53421 (Missing Authorization vulnerability in PickPlugins Accordion accordion ...)
+ TODO: check
+CVE-2025-53420 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53352 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53351 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53238 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53236 (Missing Authorization vulnerability in AndonDesign UDesign Core u-desi ...)
+ TODO: check
+CVE-2025-53234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53232 (Insertion of Sensitive Information Into Sent Data vulnerability in ink ...)
+ TODO: check
+CVE-2025-53229 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53218 (Insertion of Sensitive Information Into Sent Data vulnerability in Saa ...)
+ TODO: check
+CVE-2025-52770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52758 (Unrestricted Upload of File with Dangerous Type vulnerability in Gesun ...)
+ TODO: check
+CVE-2025-52757 (Missing Authorization vulnerability in FantasticPlugins SUMO Membershi ...)
+ TODO: check
+CVE-2025-52756 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-52755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52753 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52752 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-52751 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52742 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52741 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52740 (Deserialization of Untrusted Data vulnerability in Hernan Villanueva B ...)
+ TODO: check
+CVE-2025-52738 (Missing Authorization vulnerability in Wikimedia Foundation Wikipedia ...)
+ TODO: check
+CVE-2025-52737 (Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Stor ...)
+ TODO: check
+CVE-2025-52736 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52735 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52734 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49961 (Missing Authorization vulnerability in Breeze Team Breeze Checkout bre ...)
+ TODO: check
+CVE-2025-49960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49957 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49955 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49954 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49953 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49952 (Authorization Bypass Through User-Controlled Key vulnerability in fave ...)
+ TODO: check
+CVE-2025-49951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49950 (Missing Authorization vulnerability in billingo Official Integration f ...)
+ TODO: check
+CVE-2025-49949 (Missing Authorization vulnerability in templazee Templazee templazee a ...)
+ TODO: check
+CVE-2025-49948 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49947 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49946 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49945 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49944 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49940 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49939 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49938 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49937 (Missing Authorization vulnerability in Syed Balkhi Smash Balloon Socia ...)
+ TODO: check
+CVE-2025-49936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49935 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49931 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49926 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-49925 (Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin a ...)
+ TODO: check
+CVE-2025-49924 (Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesal ...)
+ TODO: check
+CVE-2025-49923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49922 (Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetch ...)
+ TODO: check
+CVE-2025-49921 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49920 (Missing Authorization vulnerability in accessiBe Web Accessibility By ...)
+ TODO: check
+CVE-2025-49917 (Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Ex ...)
+ TODO: check
+CVE-2025-49916 (Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-wo ...)
+ TODO: check
+CVE-2025-49915 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49913 (Missing Authorization vulnerability in CoSchedule CoSchedule coschedul ...)
+ TODO: check
+CVE-2025-49912 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49911 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49910 (Missing Authorization vulnerability in AmentoTech Private Limited WPGu ...)
+ TODO: check
+CVE-2025-49908 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49907 (Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-fi ...)
+ TODO: check
+CVE-2025-49906 (Missing Authorization vulnerability in StellarWP WPComplete wpcomplete ...)
+ TODO: check
+CVE-2025-49903 (Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks ...)
+ TODO: check
+CVE-2025-49901 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-49899 (Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonat ...)
+ TODO: check
+CVE-2025-49380 (Deserialization of Untrusted Data vulnerability in wpinstinct WooComme ...)
+ TODO: check
+CVE-2025-49378 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49377 (Missing Authorization vulnerability in Themefic Hydra Booking hydra-bo ...)
+ TODO: check
+CVE-2025-49376 (Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo ...)
+ TODO: check
+CVE-2025-49374 (Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha ...)
+ TODO: check
+CVE-2025-49373 (Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content P ...)
+ TODO: check
+CVE-2025-49060 (Unrestricted Upload of File with Dangerous Type vulnerability in CMSSu ...)
+ TODO: check
+CVE-2025-48338 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48106 (Unrestricted Upload of File with Dangerous Type vulnerability in CMSSu ...)
+ TODO: check
+CVE-2025-48099 (Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & F ...)
+ TODO: check
+CVE-2025-48098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48096 (Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css ...)
+ TODO: check
+CVE-2025-48095 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-48082 (Incorrect Privilege Assignment vulnerability in Progress Planner Progr ...)
+ TODO: check
+CVE-2025-41110 (Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vi ...)
+ TODO: check
+CVE-2025-41109 (Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfac ...)
+ TODO: check
+CVE-2025-41108 (The communication protocol implemented in Ghost Robotics Vision 60 v0. ...)
+ TODO: check
+CVE-2025-39534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32657 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32283 (Deserialization of Untrusted Data vulnerability in designthemes Solar ...)
+ TODO: check
+CVE-2025-31634 (Deserialization of Untrusted Data vulnerability in designthemes Insura ...)
+ TODO: check
+CVE-2025-30944 (Missing Authorization vulnerability in Essekia Tablesome Table Premium ...)
+ TODO: check
+CVE-2025-24934 (Software which sets SO_REUSEPORT_LB on a socket and then connects it t ...)
+ TODO: check
+CVE-2025-23299 (NVIDIA Bluefield and ConnectX contain a vulnerability in the managemen ...)
+ TODO: check
+CVE-2025-22178 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22177 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22176 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22175 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22174 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22173 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22172 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22171 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22170 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22169 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-22168 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
+ TODO: check
+CVE-2025-11966 (In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "d ...)
+ TODO: check
+CVE-2025-11965 (In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a Stati ...)
+ TODO: check
+CVE-2025-11958 (An improper input validation in the Security Dashboard ignored-tasks A ...)
+ TODO: check
+CVE-2025-11957 (Improper authorization in the temporary access workflow of Devolutions ...)
+ TODO: check
+CVE-2025-11952 (Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnera ...)
+ TODO: check
+CVE-2025-11915 (Connection desynchronization between an HTTP proxy and the model backe ...)
+ TODO: check
+CVE-2025-11883 (The Responsive Progress Bar plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-11880 (The SM CountDown Widget plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-11878 (The ST Categories Widget plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-11872 (The Material Design Iconic Font Integration plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-11870 (The Simple Business Data plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-11867 (The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-11866 (The Photographers galleries plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-11844 (Hugging Face Smolagents version 1.20.0 contains an XPath injection vul ...)
+ TODO: check
+CVE-2025-11834 (The WP AD Gallery plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-11830 (The WP Restaurant Listings plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-11827 (The Oboxmedia Ads plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-11825 (The Playerzbr plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-11824 (The Cinza Grid plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-11819 (The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-11818 (The WP Responsive Meet The Team plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-11817 (The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-11813 (The Responsive iframe GoogleMap plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-11811 (The Simple Youtube Shortcode plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-11810 (The Print Button Shortcode plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-11809 (The WP-Force Images Download plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-11807 (The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-11804 (The JB News Ticker plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechanism rev ...)
+ TODO: check
+CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-11086 (The Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Sol ...)
+ TODO: check
+CVE-2025-10138 (The This-or-That plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-10047 (The Email Tracker \u2013 Email Log, Email Open Tracking, Email Analyti ...)
+ TODO: check
+CVE-2016-15048 (AMTT Hotel Broadband Operation System (HiBOS) contains an unauthentica ...)
+ TODO: check
+CVE-2023-53732 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.82-1
NOTE: https://git.kernel.org/linus/8dae4f6341e335a09575be60b4fdf697c732a470 (6.4-rc1)
-CVE-2023-53731 [netlink: fix potential deadlock in netlink_set_err()]
+CVE-2023-53731 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.4.4-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8d61f926d42045961e6b65191c09e3678d86a9cf (6.5-rc1)
-CVE-2023-53730 [blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost]
+CVE-2023-53730 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.4.4-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8d211554679d0b23702bd32ba04aeac0c1c4f660 (6.5-rc1)
-CVE-2023-53729 [soc: qcom: qmi_encdec: Restrict string length in decode]
+CVE-2023-53729 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/8d207400fd6b79c92aeb2f33bb79f62dff904ea2 (6.6-rc1)
-CVE-2023-53728 [posix-timers: Ensure timer ID search-loop limit is valid]
+CVE-2023-53728 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.4.11-1
[bookworm] - linux 6.1.112-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8ce8849dd1e78dadcee0ec9acbd259d239b7069f (6.5-rc1)
-CVE-2023-53727 [net/sched: fq_pie: avoid stalls in fq_pie_timer()]
+CVE-2023-53727 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/8c21ab1bae945686c602c5bfa4e3f3352c2452c5 (6.6-rc1)
-CVE-2023-53726 [arm64: csum: Fix OoB access in IP checksum code for negative lengths]
+CVE-2023-53726 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/8bd795fedb8450ecbef18eeadbd23ed8fc7630f5 (6.6-rc1)
-CVE-2023-53725 [clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe]
+CVE-2023-53725 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.4.4-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8b5bf64c89c7100c921bd807ba39b2eb003061ab (6.5-rc1)
-CVE-2023-53724 [mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()]
+CVE-2023-53724 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8b450dcff23aa254844492831a8e2b508a9d522d (6.3-rc1)
-CVE-2023-53723 [drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend]
+CVE-2023-53723 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8b229ada2669b74fdae06c83fbfda5a5a99fc253 (6.4-rc2)
-CVE-2023-53722 [md: raid1: fix potential OOB in raid1_remove_disk()]
+CVE-2023-53722 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/8b0472b50bcf0f19a5119b00a53b63579c8e1e4d (6.6-rc1)
-CVE-2023-53721 [wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()]
+CVE-2023-53721 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.5.6-1
NOTE: https://git.kernel.org/linus/8ad314da54c6dd223a6b6cc85019160aa842f659 (6.6-rc1)
-CVE-2023-53720 [net/mlx5e: Release the label when replacing existing ct entry]
+CVE-2023-53720 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8ac04a28144cfa89b61be518268233742c23d88d (6.4-rc1)
-CVE-2023-53719 [serial: arc_uart: fix of_iomap leak in `arc_serial_probe`]
+CVE-2023-53719 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd (6.4-rc3)
-CVE-2023-53718 [ring-buffer: Do not swap cpu_buffer during resize process]
+CVE-2023-53718 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.4.13-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/8a96c0288d0737ad77882024974c075345c72011 (6.5-rc3)
-CVE-2023-53717 [wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()]
+CVE-2023-53717 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8a2f35b9830692f7a616f2f627f943bc748af13a (6.3-rc1)
-CVE-2023-53716 [net: fix skb leak in __skb_tstamp_tx()]
+CVE-2023-53716 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/8a02fb71d7192ff1a9a47c9d937624966c6e09af (6.4-rc4)
-CVE-2023-53715 [wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex]
+CVE-2023-53715 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/89b89e52153fda2733562776c7c9d9d3ebf8dd6d (6.4-rc1)
-CVE-2023-53714 [drm/stm: ltdc: fix late dereference check]
+CVE-2023-53714 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.4.13-1
[bookworm] - linux 6.1.52-1
NOTE: https://git.kernel.org/linus/898a9e3f56db9860ab091d4bf41b6caa99aafc3d (6.5-rc1)
-CVE-2023-53713 [arm64: sme: Use STR P to clear FFR context field in streaming SVE mode]
+CVE-2023-53713 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.4.4-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/893b24181b4c4bf1fa2841b1ed192e5413a97cb1 (6.5-rc1)
-CVE-2023-53712 [ARM: 9317/1: kexec: Make smp stop calls asynchronous]
+CVE-2023-53712 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
NOTE: https://git.kernel.org/linus/8922ba71c969d2a0c01a94372a71477d879470de (6.6-rc1)
-CVE-2023-53711 [NFS: Fix a potential data corruption]
+CVE-2023-53711 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/88975a55969e11f26fe3846bf4fbf8e7dc8cbbd4 (6.6-rc1)
-CVE-2023-53710 [wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read]
+CVE-2023-53710 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.1.20-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/888d89034f9eaeab9b5b75f13dbe35376c7dd471 (6.3-rc1)
-CVE-2023-53709 [ring-buffer: Handle race between rb_move_tail and rb_check_pages]
+CVE-2023-53709 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8843e06f67b14f71c044bf6267b2387784c7e198 (6.3-rc1)
-CVE-2023-53708 [ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects]
+CVE-2023-53708 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
NOTE: https://git.kernel.org/linus/883cf0d4cf288313b71146ddebdf5d647b76c78b (6.6-rc1)
-CVE-2023-53707 [drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1]
+CVE-2023-53707 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.4.13-1
[bookworm] - linux 6.1.52-1
NOTE: https://git.kernel.org/linus/87c2213e85bd81e4a9a4d0880c256568794ae388 (6.5-rc1)
-CVE-2023-53706 [mm/vmemmap/devdax: fix kernel crash when probing devdax devices]
+CVE-2023-53706 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87a7ae75d7383afa998f57656d1d14e2a730cc47 (6.4-rc1)
-CVE-2023-53705 [ipv6: Fix out-of-bounds access in ipv6_find_tlv()]
+CVE-2023-53705 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/878ecb0897f4737a4c9401f3523fd49589025671 (6.4-rc4)
-CVE-2023-53704 [clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()]
+CVE-2023-53704 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.4.4-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/878b02d5f3b56cb090dbe2c70c89273be144087f (6.5-rc1)
-CVE-2023-53703 [HID: amd_sfh: Fix for shift-out-of-bounds]
+CVE-2023-53703 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.4.11-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87854366176403438d01f368b09de3ec2234e0f5 (6.5-rc2)
-CVE-2023-53702 [s390/crypto: use vector instructions only if available for ChaCha20]
+CVE-2023-53702 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8703dd6b238da0ec6c276e53836f8200983d3d9b (6.4-rc3)
-CVE-2023-53701 [netfilter: nf_tables: deactivate anonymous set from preparation phase]
+CVE-2023-53701 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.27-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux 5.10.179-1
[buster] - linux 4.19.289-1
NOTE: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1)
-CVE-2023-53700 [media: max9286: Fix memleak in max9286_v4l2_register()]
+CVE-2023-53700 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8636c5fc7658c7c6299fb8b352d24ea4b9ba99e2 (6.3-rc1)
-CVE-2023-53699 [riscv: move memblock_allow_resize() after linear mapping is ready]
+CVE-2023-53699 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.4.4-1
[bookworm] - linux 6.1.52-1
NOTE: https://git.kernel.org/linus/85fadc0d04119c2fe4a20287767ab904c6d21ba1 (6.5-rc1)
-CVE-2023-53698 [xsk: fix refcount underflow in error path]
+CVE-2023-53698 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.4.11-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/85c2c79a07302fe68a1ad5cc449458cc559e314d (6.5-rc6)
-CVE-2023-53697 [nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()]
+CVE-2023-53697 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/85ae42c72142346645e63c33835da947dfa008b3 (6.6-rc1)
-CVE-2023-53696 [scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()]
+CVE-2023-53696 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.1.25-1
NOTE: https://git.kernel.org/linus/85ade4010e13ef152ea925c74d94253db92e5428 (6.3-rc6)
-CVE-2023-53695 [udf: Detect system inodes linked into directory hierarchy]
+CVE-2023-53695 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/85a37983ec69cc9fcd188bc37c4de15ee326355a (6.3-rc1)
-CVE-2023-53694 [riscv: ftrace: Fixup panic by disabling preemption]
+CVE-2023-53694 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.1.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8547649981e6631328cd64f583667501ae385531 (6.3-rc1)
-CVE-2023-53693 [USB: gadget: Fix the memory leak in raw_gadget driver]
+CVE-2023-53693 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.4.11-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/83e30f2bf86ef7c38fbd476ed81a88522b620628 (6.5-rc4)
-CVE-2023-53692 [ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline]
+CVE-2023-53692 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/835659598c67907b98cd2aa57bb951dfaf675c69 (6.4-rc1)
-CVE-2022-50582 [regulator: core: Prevent integer underflow]
+CVE-2022-50582 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8d8e16592022c9650df8aedfe6552ed478d7135b (6.1-rc1)
-CVE-2022-50581 [hfs: fix OOB Read in __hfs_brec_find]
+CVE-2022-50581 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8d824e69d9f3fa3121b2dda25053bae71e2460d2 (6.2-rc1)
-CVE-2022-50580 [blk-throttle: prevent overflow while calculating wait time]
+CVE-2022-50580 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8d6bbaada2e0a65f9012ac4c2506460160e7237a (6.1-rc1)
-CVE-2022-50579 [arm64: ftrace: fix module PLTs with mcount]
+CVE-2022-50579 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8cfb08575c6d4585f1ce0deeb189e5c824776b04 (6.1-rc1)
-CVE-2022-50578 [class: fix possible memory leak in __class_register()]
+CVE-2022-50578 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8c3e8a6bdb5253b97ad532570f8b5db5f7a06407 (6.2-rc1)
-CVE-2022-50577 [ima: Fix memory leak in __ima_inode_hash()]
+CVE-2022-50577 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8 (6.2-rc1)
-CVE-2022-50576 [serial: pch: Fix PCI device refcount leak in pch_request_dma()]
+CVE-2022-50576 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8be3a7bf773700534a6e8f87f6ed2ed111254be5 (6.2-rc1)
-CVE-2022-50575 [xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()]
+CVE-2022-50575 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79 (6.2-rc1)
-CVE-2022-50574 [drm/omap: dss: Fix refcount leak bugs]
+CVE-2022-50574 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8b42057e62120813ebe9274f508fa785b7cab33a (6.1-rc1)
-CVE-2022-50573 [wifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks]
+CVE-2022-50573 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8b25301af01566f4b5a301fc1ad7c5d2b1788d7f (6.3-rc1)
-CVE-2022-50572 [ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()]
+CVE-2022-50572 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8ab2d12c726f0fde0692fa5d81d8019b3dcd62d0 (6.2-rc1)
-CVE-2022-50571 [btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure]
+CVE-2022-50571 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/8a1ae2781dee9fc21ca82db682d37bea4bd074ad (6.1-rc1)
-CVE-2022-50570 [platform/chrome: fix memory corruption in ioctl]
+CVE-2022-50570 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8a07b45fd3c2dda24fad43639be5335a4595196a (6.1-rc1)
-CVE-2022-50569 [xfrm: Update ipcomp_scratches with NULL when freed]
+CVE-2022-50569 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8a04d2fc700f717104bfb95b0f6694e448a4537f (6.1-rc1)
-CVE-2022-50568 [usb: gadget: f_hid: fix f_hidg lifetime vs cdev]
+CVE-2022-50568 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/89ff3dfac604614287ad5aad9370c3f984ea3f4b (6.2-rc1)
-CVE-2022-50567 [fs: jfs: fix shift-out-of-bounds in dbAllocAG]
+CVE-2022-50567 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/898f706695682b9954f280d95e49fa86ffa55d08 (6.2-rc1)
-CVE-2022-50566 [mtd: Fix device name leak when register device failed in add_mtd_device()]
+CVE-2022-50566 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/895d68a39481a75c680aa421546931fb11942fa6 (6.2-rc1)
-CVE-2022-50565 [wifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx()]
+CVE-2022-50565 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/895b3b06efc285c1245242e9638b9ae251dc13ec (6.2-rc1)
-CVE-2022-50564 [s390/netiucv: Fix return type of netiucv_tx()]
+CVE-2022-50564 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/88d86d18d7cf7e9137c95f9d212bb9fff8a1b4be (6.2-rc1)
-CVE-2022-50563 [dm thin: Fix UAF in run_timer_softirq()]
+CVE-2022-50563 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/88430ebcbc0ec637b710b947738839848c20feff (6.2-rc1)
-CVE-2022-50562 [tpm: acpi: Call acpi_put_table() to fix memory leak]
+CVE-2022-50562 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/8740a12ca2e2959531ad253bac99ada338b33d80 (6.2-rc1)
-CVE-2022-50561 [iio: fix memory leak in iio_device_register_eventset()]
+CVE-2022-50561 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/86fdd15e10e404e70ecb2a3bff24d70356d42b36 (6.2-rc1)
-CVE-2022-50560 [drm/meson: explicitly remove aggregate driver at module unload time]
+CVE-2022-50560 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/8616f2a0589a80e08434212324250eb22f6a66ce (6.1-rc1)
-CVE-2022-50559 [clk: imx: scu: fix memleak on platform_device_add() fails]
+CVE-2022-50559 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.0.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/855ae87a2073ebf1b395e020de54fdf9ce7d166f (6.1-rc1)
-CVE-2022-50558 [regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode]
+CVE-2022-50558 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/84498d1fb35de6ab71bdfdb6270a464fb4a0951b (6.2-rc1)
-CVE-2022-50557 [pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions()]
+CVE-2022-50557 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/83e1bcaf8cef26edaaf2a6098ef760f563683483 (6.2-rc1)
-CVE-2022-50556 [drm: Fix potential null-ptr-deref due to drmm_mode_config_init()]
+CVE-2022-50556 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/834c23e4f798dcdc8af251b3c428ceef94741991 (6.3-rc1)
-CVE-2025-40780 [Cache poisoning due to weak PRNG]
+CVE-2025-40780 (In specific circumstances, due to a weakness in the Pseudo Random Numb ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-40780
-CVE-2025-40778 [Cache poisoning attacks with unsolicited RRs]
+CVE-2025-40778 (Under certain circumstances, BIND is too lenient when accepting record ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-40778
-CVE-2025-8677 [Resource exhaustion via malformed DNSKEY handling]
+CVE-2025-8677 (Querying for records within a specially crafted zone containing certai ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-8677
CVE-2025-62775 (Mercku M6a devices through 2.1.0 allow root TELNET logins via the web ...)
@@ -341,10 +915,10 @@ CVE-2024-58274 (Hikvision CSMP (Comprehensive Security Management Platform) iSec
NOT-FOR-US: Hikvision
CVE-2023-53691 (Hikvision CSMP (Comprehensive Security Management Platform) iSecure Ce ...)
NOT-FOR-US: Hikvision
-CVE-2025-62526
+CVE-2025-62526 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
NOT-FOR-US: OpenWRT (ubusd)
NOTE: https://openwrt.org/advisory/2025-10-22-1
-CVE-2025-62525
+CVE-2025-62525 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
NOT-FOR-US: OpenWRT (ltq-ptm)
NOTE: https://openwrt.org/advisory/2025-10-22-2
CVE-2025-12036
@@ -4660,7 +5234,7 @@ CVE-2025-6242 (A Server-Side Request Forgery (SSRF) vulnerability exists in the
- vllm <itp> (bug #1095237)
CVE-2025-59425 (vLLM is an inference and serving engine for large language models (LLM ...)
- vllm <itp> (bug #1095237)
-CVE-2025-58712
+CVE-2025-58712 (A container privilege escalation flaw was found in certain AMQ Broker ...)
NOT-FOR-US: Red Hat AMQ
CVE-2025-25009 (Improper Neutralization of Input During Web Page Generation in Kibana ...)
- kibana <itp> (bug #700337)
@@ -9138,7 +9712,7 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Co
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8 (GIMP_2_99_12)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fb31ddf32298bb2f0f09b3ccc53464b8693a050e
CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
- {DSA-6014-1}
+ {DSA-6014-1 DLA-4342-1}
- gimp 3.0.4-6.1 (bug #1116459)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-911/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
@@ -9155,7 +9729,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8 (GIMP_2_99_14)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5f4329d324b0db7a857918941ef7e1d27f3d3992
CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
- {DSA-6018-1}
+ {DSA-6018-1 DLA-4341-1}
- gegl 1:0.4.62-3.1 (bug #1116470)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
@@ -11008,7 +11582,8 @@ CVE-2025-53461 (Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53460 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-53459 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+CVE-2025-53459
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53458 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -26039,6 +26614,7 @@ CVE-2025-32932 (An Improper neutralization of input during web page generation (
CVE-2025-32766 (A stack-based buffer overflow vulnerability [CWE-121] in Fortinet Fort ...)
NOT-FOR-US: Fortinet
CVE-2025-32086 (Improperly implemented security check for standard in the DDRIO config ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -26073,6 +26649,7 @@ CVE-2025-26470 (Incorrect default permissions for some Intel(R) Distribution for
CVE-2025-26404 (Uncontrolled search path for some Intel(R) DSA software before version ...)
NOT-FOR-US: Intel
CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -26121,6 +26698,7 @@ CVE-2025-24323 (Improper access control in some firmware package and LED mode to
CVE-2025-24313 (Improper access control for some Device Plugins for Kubernetes softwar ...)
NOT-FOR-US: Intel
CVE-2025-24305 (Insufficient control flow management in the Alias Checking Trusted Mod ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -26135,16 +26713,19 @@ CVE-2025-23241 (Integer overflow or wraparound in the Linux kernel-mode driver f
CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode driver f ...)
NOT-FOR-US: Intel
CVE-2025-22889 (Improper handling of overlap between protected memory ranges for some ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22853 (Improper synchronization in the firmware for some Intel(R) TDX may all ...)
NOT-FOR-US: Intel
CVE-2025-22840 (Sequence of processor instructions leads to unexpected behavior for so ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22839 (Insufficient granularity of access control in the OOB-MSM for some Int ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -26163,6 +26744,7 @@ CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R) T
CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver & Suppor ...)
NOT-FOR-US: Intel
CVE-2025-21090 (Missing reference to active allocated resource for some Intel(R) Xeon( ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -26175,6 +26757,7 @@ CVE-2025-20625 (Improper conditions check for some Intel(R) PROSet/Wireless WiFi
CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmw ...)
NOT-FOR-US: Intel
CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache mechani ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -26195,6 +26778,7 @@ CVE-2025-20074 (Time-of-check Time-of-use race condition for some Intel(R) Conne
CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R) CSME and I ...)
NOT-FOR-US: Intel
CVE-2025-20053 (Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmw ...)
+ {DSA-6030-1}
- intel-microcode 3.20250812.1 (bug #1110983)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -43548,6 +44132,7 @@ CVE-2025-6052 (A flaw was found in how GLib\u2019s GString manages memory when a
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/987309f23ada52592bffdb5db0d8a5d58bd8097b (2.84.3)
NOTE: Negligible security impact
CVE-2025-6035 (A flaw was found in GIMP. An integer overflow vulnerability exists in ...)
+ {DLA-4342-1}
- gimp 3.0.4-2
[bookworm] - gimp <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13518
@@ -48594,7 +49179,7 @@ CVE-2025-48796 (A flaw was found in GIMP. The GIMP ani_load_image() function is
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0dc98936a0d9f5a70025f4e9cf321d1118ea500e (GIMP_2_99_16)
NOTE: Introduced in: https://gitlab.gnome.org/GNOME/gimp/-/commit/aa51b9e19ece8a8c54a513fe33b6d65abcb0fbfb (GIMP_2_99_12)
CVE-2025-48797 (A flaw was found in GIMP when processing certain TGA image files. If a ...)
- {DSA-5939-1}
+ {DSA-5939-1 DLA-4342-1}
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368558
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
@@ -48607,7 +49192,7 @@ CVE-2025-48797 (A flaw was found in GIMP when processing certain TGA image files
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/d7f0829ae995ca7ca9c64851a1ed03b11702ef1c (gimp-2-10)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ffb7cad1a402377927bc2dc62dad324ae03cec92 (gimp-2-10)
CVE-2025-48798 (A flaw was found in GIMP when processing XCF image files. If a user op ...)
- {DSA-5939-1}
+ {DSA-5939-1 DLA-4342-1}
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368557
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
@@ -54577,7 +55162,7 @@ CVE-2025-37800 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/18daa52418e7e4629ed1703b64777294209d2622 (6.15-rc4)
CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
- {DSA-5939-1}
+ {DSA-5939-1 DLA-4342-1}
- gimp 3.0.2-3.1 (bug #1105005)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
@@ -63592,12 +64177,13 @@ CVE-2024-13874 (The Feedify WordPress plugin before 2.4.6 does not sanitise and
CVE-2024-10894 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2761 (GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulner ...)
- {DSA-5939-1}
+ {DSA-5939-1 DLA-4342-1}
- gimp 3.0.0-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c (GIMP_3_0_0)
CVE-2025-2760 (GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
+ {DLA-4342-1}
- gimp 3.0.4-3 (bug #1107758)
[bookworm] - gimp <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
@@ -94641,12 +95227,14 @@ CVE-2024-6437 (On affected platforms running Arista EOS with one of the followin
CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted packet w ...)
NOT-FOR-US: Arista EOS
CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an integer under ...)
+ {DLA-4343-1}
- raptor2 2.0.16-6 (bug #1067896)
[bookworm] - raptor2 2.0.15-4+deb12u1
NOTE: https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md
NOTE: https://github.com/dajobe/raptor/issues/70
NOTE: https://github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44
CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buf ...)
+ {DLA-4343-1}
- raptor2 2.0.16-6 (bug #1067896)
[bookworm] - raptor2 2.0.15-4+deb12u1
NOTE: https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md
@@ -345399,6 +345987,7 @@ CVE-2021-45464 (kvmtool through 39181fc allows an out-of-bounds write, related t
- kvmtool <removed> (bug #1006290)
NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/
CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...)
+ {DLA-4341-1}
- gegl 1:0.4.34-1 (bug #1002661)
[buster] - gegl <no-dsa> (Minor issue)
[stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc6d53887f64e2275fd0368510ac90ad9f1be96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc6d53887f64e2275fd0368510ac90ad9f1be96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251022/b4a1cd37/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list