[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 5 21:12:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b24e4db3 by security tracker role at 2025-09-05T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,241 +1,529 @@
-CVE-2025-39726 [s390/ism: fix concurrency management in ism_cmd()]
+CVE-2025-9999 (Some payload elements of the messages sent between two stations in a n ...)
+ TODO: check
+CVE-2025-9998 (The sequence of packets received by a Networking server are not correc ...)
+ TODO: check
+CVE-2025-9709 (On-Chip Debug and Test Interface With Improper Access Control and Impr ...)
+ TODO: check
+CVE-2025-9566 (There's a vulnerability in podman where an attacker may use the kube p ...)
+ TODO: check
+CVE-2025-9057 (The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-8695 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-58887 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58886 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58884 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58883 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58882 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58881 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-58880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58878 (Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocomm ...)
+ TODO: check
+CVE-2025-58876 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58875 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58873 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58872 (Insertion of Sensitive Information Into Sent Data vulnerability in pre ...)
+ TODO: check
+CVE-2025-58871 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58870 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58869 (Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCook ...)
+ TODO: check
+CVE-2025-58868 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58867 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58866 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-58865 (Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Adm ...)
+ TODO: check
+CVE-2025-58864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58863 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58862 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58861 (Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Eve ...)
+ TODO: check
+CVE-2025-58860 (Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Enable ...)
+ TODO: check
+CVE-2025-58859 (Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add t ...)
+ TODO: check
+CVE-2025-58858 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58857 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58856 (Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocomme ...)
+ TODO: check
+CVE-2025-58855 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
+CVE-2025-58854 (Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultim ...)
+ TODO: check
+CVE-2025-58853 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping S ...)
+ TODO: check
+CVE-2025-58852 (Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW ...)
+ TODO: check
+CVE-2025-58851 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58850 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58849 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real ...)
+ TODO: check
+CVE-2025-58848 (Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes ...)
+ TODO: check
+CVE-2025-58847 (Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox ...)
+ TODO: check
+CVE-2025-58846 (Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic Word ...)
+ TODO: check
+CVE-2025-58845 (Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Wat ...)
+ TODO: check
+CVE-2025-58844 (Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Datab ...)
+ TODO: check
+CVE-2025-58843 (Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto ...)
+ TODO: check
+CVE-2025-58842 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58841 (Incorrect Privilege Assignment vulnerability in John Luetke Media Auth ...)
+ TODO: check
+CVE-2025-58840 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58839 (Deserialization of Untrusted Data vulnerability in aThemeArt Translati ...)
+ TODO: check
+CVE-2025-58838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58837 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58835 (Improper Validation of Specified Quantity in Input vulnerability in ca ...)
+ TODO: check
+CVE-2025-58834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58833 (Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity M ...)
+ TODO: check
+CVE-2025-58832 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58831 (Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Paralla ...)
+ TODO: check
+CVE-2025-58830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58829 (Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Too ...)
+ TODO: check
+CVE-2025-58828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58827 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-58826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58825 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58824 (Missing Authorization vulnerability in webriti Shk Corporate allows Ex ...)
+ TODO: check
+CVE-2025-58823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58822 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58819 (Unrestricted Upload of File with Dangerous Type vulnerability in Creed ...)
+ TODO: check
+CVE-2025-58818 (Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Devel ...)
+ TODO: check
+CVE-2025-58817 (Missing Authorization vulnerability in DesertThemes SoftMe allows Expl ...)
+ TODO: check
+CVE-2025-58816 (Missing Authorization vulnerability in Plugin Devs Product Carousel Sl ...)
+ TODO: check
+CVE-2025-58815 (Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi C ...)
+ TODO: check
+CVE-2025-58814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58813 (Missing Authorization vulnerability in ThemeArile Consultstreet allows ...)
+ TODO: check
+CVE-2025-58812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58809 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead ...)
+ TODO: check
+CVE-2025-58808 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58807 (Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnis ...)
+ TODO: check
+CVE-2025-58806 (Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPre ...)
+ TODO: check
+CVE-2025-58805 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58804 (Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerc ...)
+ TODO: check
+CVE-2025-58802 (Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustM ...)
+ TODO: check
+CVE-2025-58801 (Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allow ...)
+ TODO: check
+CVE-2025-58800 (Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Ema ...)
+ TODO: check
+CVE-2025-58799 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custo ...)
+ TODO: check
+CVE-2025-58798 (Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BC ...)
+ TODO: check
+CVE-2025-58797 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-58796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58795 (Missing Authorization vulnerability in Payoneer Checkout Payoneer Chec ...)
+ TODO: check
+CVE-2025-58794 (Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notifica ...)
+ TODO: check
+CVE-2025-58793 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58792 (Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List ...)
+ TODO: check
+CVE-2025-58791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58789 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-58788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-58787 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58785 (Missing Authorization vulnerability in jbhovik Ray Enterprise Translat ...)
+ TODO: check
+CVE-2025-58784 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-58783 (Missing Authorization vulnerability in gutentor Gutentor allows Exploi ...)
+ TODO: check
+CVE-2025-58780 (index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a ...)
+ TODO: check
+CVE-2025-58628 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-58440
+ REJECTED
+CVE-2025-58214 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58206 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-57889 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54744 (Missing Authorization vulnerability in Stylemix MasterStudy LMS allows ...)
+ TODO: check
+CVE-2025-53571 (Missing Authorization vulnerability in VillaTheme HAPPY allows Exploit ...)
+ TODO: check
+CVE-2025-53307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49401 (Deserialization of Untrusted Data vulnerability in ExpressTech Systems ...)
+ TODO: check
+CVE-2025-48317 (Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gate ...)
+ TODO: check
+CVE-2025-48105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48104 (Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating W ...)
+ TODO: check
+CVE-2025-48103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-35452 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use d ...)
+ TODO: check
+CVE-2025-35451 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use h ...)
+ TODO: check
+CVE-2025-32320 (In System UI, there is a possible way to view other users' images due ...)
+ TODO: check
+CVE-2025-32318 (In Skia, there is a possible out of bounds write due to a heap buffer ...)
+ TODO: check
+CVE-2025-32317 (In App Widget, there is a possible Information Disclosure due to a con ...)
+ TODO: check
+CVE-2025-32316 (In gralloc4, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2025-30200 (ECOVACS robot vacuums and base stations communicate via an insecure Wi ...)
+ TODO: check
+CVE-2025-30199 (ECOVACS vacuum robot base stations do not validate firmware updates, s ...)
+ TODO: check
+CVE-2025-30198 (ECOVACS robot vacuums and base stations communicate via an insecure Wi ...)
+ TODO: check
+CVE-2025-27003 (Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Pay ...)
+ TODO: check
+CVE-2025-26461 (In Permission Manager, there is a possible way for the microphone priv ...)
+ TODO: check
+CVE-2025-26434 (In libxml2, there is a possible out of bounds read due to a buffer ove ...)
+ TODO: check
+CVE-2025-10044 (A flaw was found in Keycloak. Keycloak\u2019s account console and othe ...)
+ TODO: check
+CVE-2025-10043 (A path traversal validation flaw exists in Keycloak\u2019s vault key h ...)
+ TODO: check
+CVE-2025-10026 (A vulnerability was found in itsourcecode POS Point of Sale System 1.0 ...)
+ TODO: check
+CVE-2025-10025 (A vulnerability has been found in PHPGurukul Online Course Registratio ...)
+ TODO: check
+CVE-2025-10014 (A flaw has been found in elunez eladmin up to 2.7. This impacts the fu ...)
+ TODO: check
+CVE-2025-10013 (A vulnerability was detected in Portabilis i-Educar up to 2.10. This a ...)
+ TODO: check
+CVE-2025-10012 (A security vulnerability has been detected in Portabilis i-Educar up t ...)
+ TODO: check
+CVE-2025-10011 (A weakness has been identified in Portabilis i-Educar up to 2.10. The ...)
+ TODO: check
+CVE-2024-21977 (Incomplete cleanup after loading a CPU microcode patch may allow a pri ...)
+ TODO: check
+CVE-2024-0028 (In Audio Service, there is a possible way to obtain MAC addresses of n ...)
+ TODO: check
+CVE-2025-39726 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.41-1
NOTE: https://git.kernel.org/linus/897e8601b9cff1d054cdd53047f568b0e1995726 (6.16)
-CVE-2025-39725 [mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list]
+CVE-2025-39725 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.3-1
[trixie] - linux 6.12.41-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9f1e8cd0b7c4c944e9921b52a6661b5eda2705ab (6.16)
-CVE-2025-39724 [serial: 8250: fix panic due to PSLVERR]
+CVE-2025-39724 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7f8fdd4dbffc05982b96caf586f77a014b2a9353 (6.17-rc1)
-CVE-2025-39723 [netfs: Fix unbuffered write error handling]
+CVE-2025-39723 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a3de58b12ce074ec05b8741fa28d62ccb1070468 (6.17-rc3)
-CVE-2025-39722 [crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP]
+CVE-2025-39722 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5ffc47feddcf8eb4d8ac7b42111a02c8e8146512 (6.17-rc1)
-CVE-2025-39721 [crypto: qat - flush misc workqueue during device shutdown]
+CVE-2025-39721 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3d4df408ba9bad2b205c7fb8afc1836a6a4ca88a (6.17-rc1)
-CVE-2025-39720 [ksmbd: fix refcount leak causing resource not released]
+CVE-2025-39720 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/89bb430f621124af39bb31763c4a8b504c9651e2 (6.17-rc3)
-CVE-2025-39719 [iio: imu: bno055: fix OOB access of hw_xlate array]
+CVE-2025-39719 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/399b883ec828e436f1a721bf8551b4da8727e65b (6.17-rc1)
-CVE-2025-39718 [vsock/virtio: Validate length in packet header before skb_put()]
+CVE-2025-39718 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0dab92484474587b82e8e0455839eaf5ac7bf894 (6.17-rc1)
-CVE-2025-39717 [open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE]
+CVE-2025-39717 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9308366f062129d52e0ee3f7a019f7dd41db33df (6.17-rc3)
-CVE-2025-39716 [parisc: Revise __get_user() to probe user read access]
+CVE-2025-39716 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/89f686a0fb6e473a876a9a60a13aec67a62b9a7e (6.17-rc1)
-CVE-2025-39715 [parisc: Revise gateway LWS calls to probe user read access]
+CVE-2025-39715 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8 (6.17-rc1)
-CVE-2025-39714 [media: usbtv: Lock resolution while streaming]
+CVE-2025-39714 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7e40e0bb778907b2441bff68d73c3eb6b6cd319f (6.17-rc1)
-CVE-2025-39713 [media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()]
+CVE-2025-39713 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7af160aea26c7dc9e6734d19306128cce156ec40 (6.17-rc1)
-CVE-2025-39712 [media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval]
+CVE-2025-39712 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/298d1471cf83d5a2a05970e41822a2403f451086 (6.17-rc1)
-CVE-2025-39711 [media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls]
+CVE-2025-39711 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0c92c49fc688cfadacc47ae99b06a31237702e9e (6.17-rc1)
-CVE-2025-39710 [media: venus: Add a check for packet size after reading from shared memory]
+CVE-2025-39710 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/49befc830daa743e051a65468c05c2ff9e8580e6 (6.17-rc1)
-CVE-2025-39709 [media: venus: protect against spurious interrupts during probe]
+CVE-2025-39709 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/3200144a2fa4209dc084a19941b9b203b43580f0 (6.17-rc1)
-CVE-2025-39708 [media: iris: Fix NULL pointer dereference]
+CVE-2025-39708 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0f837559ccdd275c5a059e6ac4d5034b03409f1d (6.17-rc1)
-CVE-2025-39707 [drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities]
+CVE-2025-39707 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/b4a69f7f29c8a459ad6b4d8a8b72450f1d9fd288 (6.17-rc1)
-CVE-2025-39706 [drm/amdkfd: Destroy KFD debugfs after destroy KFD wq]
+CVE-2025-39706 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/2e58401a24e7b2d4ec619104e1a76590c1284a4c (6.17-rc1)
-CVE-2025-39705 [drm/amd/display: fix a Null pointer dereference vulnerability]
+CVE-2025-39705 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/1bcf63a44381691d6192872801f830ce3250e367 (6.17-rc1)
-CVE-2025-39704 [LoongArch: KVM: Fix stack protector issue in send_ipi_data()]
+CVE-2025-39704 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5c68549c81bcca70fc464e305ffeefd9af968287 (6.17-rc3)
-CVE-2025-39703 [net, hsr: reject HSR frame if skb can't hold tag]
+CVE-2025-39703 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7af76e9d18a9fd6f8611b3313c86c190f9b6a5a7 (6.17-rc3)
-CVE-2025-39702 [ipv6: sr: Fix MAC comparison to be constant-time]
+CVE-2025-39702 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/a458b2902115b26a25d67393b12ddd57d1216aaa (6.17-rc3)
-CVE-2025-39701 [ACPI: pfr_update: Fix the driver update version check]
+CVE-2025-39701 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8151320c747efb22d30b035af989fed0d502176e (6.17-rc3)
-CVE-2025-39700 [mm/damon/ops-common: ignore migration request to invalid nodes]
+CVE-2025-39700 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7e6c3130690a01076efdf45aa02ba5d5c16849a0 (6.17-rc1)
-CVE-2025-39699 [iommu/riscv: prevent NULL deref in iova_to_phys]
+CVE-2025-39699 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/99d4d1a070870aa08163af8ce0522992b7f35d8c (6.17-rc3)
-CVE-2025-39698 [io_uring/futex: ensure io_futex_wait() cleans up properly on failure]
+CVE-2025-39698 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/508c1314b342b78591f51c4b5dadee31a88335df (6.17-rc3)
-CVE-2025-39697 [NFS: Fix a race when updating an existing write]
+CVE-2025-39697 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/76d2e3890fb169168c73f2e4f8375c7cc24a765e (6.17-rc3)
-CVE-2025-39696 [ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv]
+CVE-2025-39696 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f4422e7c9436abf81a00270be7e4d6d3760ec0e (6.17-rc3)
-CVE-2025-39695 [RDMA/rxe: Flush delayed SKBs while releasing RXE resources]
+CVE-2025-39695 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3c3e9a9f2972b364e8c2cfbfdeb23c6d6be4f87f (6.17-rc3)
-CVE-2025-39694 [s390/sclp: Fix SCCB present check]
+CVE-2025-39694 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/430fa71027b6ac9bb0ce5532b8d0676777d4219a (6.17-rc3)
-CVE-2025-39693 [drm/amd/display: Avoid a NULL pointer dereference]
+CVE-2025-39693 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/07b93a5704b0b72002f0c4bd1076214af67dc661 (6.17-rc3)
-CVE-2025-39692 [smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()]
+CVE-2025-39692 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bac7b996d42e458a94578f4227795a0d4deef6fa (6.17-rc3)
-CVE-2025-39691 [fs/buffer: fix use-after-free when call bh_read() helper]
+CVE-2025-39691 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7375f22495e7cd1c5b3b5af9dcc4f6dffe34ce49 (6.17-rc3)
-CVE-2025-39690 [iio: accel: sca3300: fix uninitialized iio scan data]
+CVE-2025-39690 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4e5b705cc6147f0b9173c6219079f41416bdd3c0 (6.17-rc3)
-CVE-2025-39689 [ftrace: Also allocate and copy hash for reading of filter files]
+CVE-2025-39689 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/bfb336cf97df7b37b2b2edec0f69773e06d11955 (6.17-rc3)
-CVE-2025-39687 [iio: light: as73211: Ensure buffer holes are zeroed]
+CVE-2025-39687 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/433b99e922943efdfd62b9a8e3ad1604838181f2 (6.17-rc3)
-CVE-2025-39686 [comedi: Make insn_rw_emulate_bits() do insn->n samples]
+CVE-2025-39686 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7afba9221f70d4cbce0f417c558879cba0eb5e66 (6.17-rc3)
-CVE-2025-39685 [comedi: pcl726: Prevent invalid irq number]
+CVE-2025-39685 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/96cb948408b3adb69df7e451ba7da9d21f814d00 (6.17-rc3)
-CVE-2025-39684 [comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()]
+CVE-2025-39684 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/3cd212e895ca2d58963fdc6422502b10dd3966bb (6.17-rc3)
-CVE-2025-39683 [tracing: Limit access to parser->buffer when trace_get_user failed]
+CVE-2025-39683 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/6a909ea83f226803ea0e718f6e88613df9234d58 (6.17-rc3)
-CVE-2025-39682 [tls: fix handling of zero-length records on the rx_list]
+CVE-2025-39682 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/62708b9452f8eb77513115b17c4f8d1a22ebf843 (6.17-rc3)
-CVE-2025-39681 [x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper]
+CVE-2025-39681 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/d8df126349dad855cdfedd6bbf315bad2e901c2f (6.17-rc3)
-CVE-2025-39680 [i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer]
+CVE-2025-39680 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/57f312b955938fc4663f430cb57a71f2414f601b (6.17-rc3)
-CVE-2025-39679 [drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().]
+CVE-2025-39679 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bb8aeaa3191b617c6faf8ae937252e059673b7ea (6.17-rc3)
-CVE-2025-39678 [platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL]
+CVE-2025-39678 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2c78fb287e1f430b929f2e49786518350d15605c (6.17-rc3)
-CVE-2025-39677 [net/sched: Fix backlog accounting in qdisc_dequeue_internal]
+CVE-2025-39677 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/52bf272636bda69587952b35ae97690b8dc89941 (6.17-rc3)
-CVE-2025-39676 [scsi: qla4xxx: Prevent a potential error pointer dereference]
+CVE-2025-39676 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/9dcf111dd3e7ed5fce82bb108e3a3fc001c07225 (6.17-rc3)
-CVE-2025-39675 [drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()]
+CVE-2025-39675 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119 (6.17-rc3)
-CVE-2025-39674 [scsi: ufs: ufs-qcom: Fix ESI null pointer dereference]
+CVE-2025-39674 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6300d5c5438724c0876828da2f6e2c1a661871fc (6.17-rc3)
-CVE-2025-39673 [ppp: fix race conditions in ppp_fill_forward_path]
+CVE-2025-39673 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0417adf367a0af11adf7ace849af4638cfb573f7 (6.17-rc3)
-CVE-2025-38737 [cifs: Fix oops due to uninitialised variable]
+CVE-2025-38737 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/453a6d2a68e54a483d67233c6e1e24c4095ee4be (6.17-rc3)
-CVE-2025-38736 [net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization]
+CVE-2025-38736 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/24ef2f53c07f273bad99173e27ee88d44d135b1c (6.17-rc3)
-CVE-2025-38735 [gve: prevent ethtool ops after shutdown]
+CVE-2025-38735 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.16.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/75a9a46d67f46d608205888f9b34e315c1786345 (6.17-rc3)
-CVE-2025-38734 [net/smc: fix UAF on smcsk after smc_listen_out()]
+CVE-2025-38734 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/d9cef55ed49117bd63695446fb84b4b91815c0b4 (6.17-rc3)
-CVE-2025-38733 [s390/mm: Do not map lowcore with identity mapping]
+CVE-2025-38733 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/93f616ff870a1fb7e84d472cad0af651b18f9f87 (6.17-rc3)
-CVE-2025-38732 [netfilter: nf_reject: don't leak dst refcount for loopback packets]
+CVE-2025-38732 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.5-1
NOTE: https://git.kernel.org/linus/91a79b792204313153e1bdbbe5acbfc28903b3a5 (6.17-rc3)
-CVE-2025-38731 [drm/xe: Fix vm_bind_ioctl double free bug]
+CVE-2025-38731 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -1175,7 +1463,7 @@ CVE-2025-2416 (Improper Restriction of Excessive Authentication Attempts vulnera
NOT-FOR-US: Akinsoft
CVE-2025-2415 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
NOT-FOR-US: Akinsoft
-CVE-2025-26210 (An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3. ...)
+CVE-2025-26210 (DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript exe ...)
NOT-FOR-US: DeepSeek
CVE-2025-20336 (A vulnerability in the directory permissions of Cisco Desk Phone 9800 ...)
NOT-FOR-US: Cisco
@@ -1223,15 +1511,19 @@ CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1 before
NOTE: https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92 (4.2.24)
NOTE: https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243 (5.2.6)
CVE-2025-9867 (Inappropriate implementation in Downloads in Google Chrome on Android ...)
+ {DSA-5993-1}
- chromium 140.0.7339.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9866 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-5993-1}
- chromium 140.0.7339.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9865 (Inappropriate implementation in Toolbar in Google Chrome on Android pr ...)
+ {DSA-5993-1}
- chromium 140.0.7339.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9864 (Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a ...)
+ {DSA-5993-1}
- chromium 140.0.7339.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-38678 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -5509,7 +5801,8 @@ CVE-2025-38612 (In the Linux kernel, the following vulnerability has been resolv
[trixie] - linux 6.12.43-1
[bookworm] - linux 6.1.148-1
NOTE: https://git.kernel.org/linus/eb2cb7dab60f9be0b435ac4a674255429a36d72c (6.17-rc1)
-CVE-2025-38611 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+CVE-2025-38611
+ REJECTED
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bookworm] - linux 6.1.148-1
@@ -10230,9 +10523,9 @@ CVE-2025-8500 (A vulnerability was found in code-projects Human Resource Integra
NOT-FOR-US: code-projects
CVE-2025-8499 (A vulnerability was found in code-projects Online Medicine Guide 1.0. ...)
NOT-FOR-US: code-projects
-CVE-2025-8498 (A vulnerability was found in code-projects Online Medicine Guide 1.0. ...)
+CVE-2025-8498 (A security vulnerability has been detected in code-projects Online Med ...)
NOT-FOR-US: code-projects
-CVE-2025-8497 (A vulnerability was found in code-projects Online Medicine Guide 1.0 a ...)
+CVE-2025-8497 (A weakness has been identified in code-projects Online Medicine Guide ...)
NOT-FOR-US: code-projects
CVE-2025-8496 (A vulnerability has been found in projectworlds Online Admission Syste ...)
NOT-FOR-US: Project Worlds
@@ -37955,7 +38248,8 @@ CVE-2023-53138 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/9781e98a97110f5e76999058368b4be76a788484 (6.3-rc2)
-CVE-2023-53137 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+CVE-2023-53137
+ REJECTED
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/0813299c586b175d7edb25f56412c54b812d0379 (6.3-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24e4db308d62a1507ab7de2312db61f02b3b7f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24e4db308d62a1507ab7de2312db61f02b3b7f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250905/64f6fe4c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list