[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 19 21:12:28 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b811ef8b by security tracker role at 2025-09-19T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,118 +1,356 @@
-CVE-2025-39866 [fs: writeback: fix use-after-free in __mark_inode_dirty()]
+CVE-2025-9969 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-9906 (The Keras Model.load_modelmethod can be exploited to achieve arbitrary ...)
+ TODO: check
+CVE-2025-9905 (The Keras Model.load_modelmethod can be exploited to achieve arbitrary ...)
+ TODO: check
+CVE-2025-9081 (Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to proper ...)
+ TODO: check
+CVE-2025-9079 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-8664 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8532 (Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing ...)
+ TODO: check
+CVE-2025-8531 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ TODO: check
+CVE-2025-8487 (The Kubio AI Page Builder plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2025-7937 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
+ TODO: check
+CVE-2025-7702 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
+ TODO: check
+CVE-2025-7665 (The Miniorange OTP Verification with Firebase plugin for WordPress is ...)
+ TODO: check
+CVE-2025-7403 (Unsafe handling in bt_conn_tx_processor causes a use-after-free, resul ...)
+ TODO: check
+CVE-2025-6198 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
+ TODO: check
+CVE-2025-5955 (The Service Finder SMS System plugin for WordPress is vulnerable to au ...)
+ TODO: check
+CVE-2025-5948 (The Service Finder Bookings plugin for WordPress is vulnerable to priv ...)
+ TODO: check
+CVE-2025-59717 (In the @digitalocean/do-markdownit package through 1.16.1 (in npm), th ...)
+ TODO: check
+CVE-2025-59715 (SMSEagle before 6.11 allows reflected XSS via a username or contact ph ...)
+ TODO: check
+CVE-2025-59714 (In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Gr ...)
+ TODO: check
+CVE-2025-59713 (Snipe-IT before 8.1.18 allows unsafe deserialization.)
+ TODO: check
+CVE-2025-59712 (Snipe-IT before 8.1.18 allows XSS.)
+ TODO: check
+CVE-2025-59692 (PureVPN client applications on Linux through September 2025 mishandle ...)
+ TODO: check
+CVE-2025-59691 (PureVPN client applications on Linux through September 2025 allow IPv6 ...)
+ TODO: check
+CVE-2025-59678
+ REJECTED
+CVE-2025-59677
+ REJECTED
+CVE-2025-59676
+ REJECTED
+CVE-2025-59675
+ REJECTED
+CVE-2025-59674
+ REJECTED
+CVE-2025-59673
+ REJECTED
+CVE-2025-59672
+ REJECTED
+CVE-2025-59671
+ REJECTED
+CVE-2025-59670
+ REJECTED
+CVE-2025-59431 (MapServer is a system for developing web-based GIS applications. Prior ...)
+ TODO: check
+CVE-2025-59427 (The Cloudflare Vite plugin enables a full-featured integration between ...)
+ TODO: check
+CVE-2025-59344 (AliasVault is a privacy-first password manager with built-in email ali ...)
+ TODO: check
+CVE-2025-59220 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59216 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59215 (Use after free in Microsoft Graphics Component allows an authorized at ...)
+ TODO: check
+CVE-2025-58114 (Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice ...)
+ TODO: check
+CVE-2025-57880 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
+ TODO: check
+CVE-2025-57644 (Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabi ...)
+ TODO: check
+CVE-2025-57528 (An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_T ...)
+ TODO: check
+CVE-2025-57396 (Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable t ...)
+ TODO: check
+CVE-2025-57296 (Tenda AC6 router firmware 15.03.05.19 contains a command injection vul ...)
+ TODO: check
+CVE-2025-57295 (H3C devices running firmware version NX15V100R015 are vulnerable to un ...)
+ TODO: check
+CVE-2025-57293 (A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) ...)
+ TODO: check
+CVE-2025-56869 (Directory traversal vulnerability in Sync In server thru 1.1.1 allowin ...)
+ TODO: check
+CVE-2025-56762 (Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in erro ...)
+ TODO: check
+CVE-2025-55910 (CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion i ...)
+ TODO: check
+CVE-2025-55068 (Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Un ...)
+ TODO: check
+CVE-2025-54860 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet- ...)
+ TODO: check
+CVE-2025-54818 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a propr ...)
+ TODO: check
+CVE-2025-54815 (Server-side template injection (SSTI) vulnerability in PPress 0.0.9 al ...)
+ TODO: check
+CVE-2025-54810 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a propr ...)
+ TODO: check
+CVE-2025-54807 (The secret used for validating authentication tokens is hardcoded in ...)
+ TODO: check
+CVE-2025-54761 (An issue was discovered in PPress 0.0.9 allowing attackers to gain esc ...)
+ TODO: check
+CVE-2025-54754 (An attacker with adjacent access, without authentication, can exploit ...)
+ TODO: check
+CVE-2025-54497 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet ...)
+ TODO: check
+CVE-2025-53969 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a servic ...)
+ TODO: check
+CVE-2025-53947 (A local attacker with low privileges on the Windows system where the ...)
+ TODO: check
+CVE-2025-52873 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet ...)
+ TODO: check
+CVE-2025-52159 (Hardcoded credentials in default configuration of PPress 0.0.9.)
+ TODO: check
+CVE-2025-48703 (CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allo ...)
+ TODO: check
+CVE-2025-48007 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
+ TODO: check
+CVE-2025-47698 (An adjacent attacker without authentication can exploit this vulnerabi ...)
+ TODO: check
+CVE-2025-46703 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
+ TODO: check
+CVE-2025-43809 (Cross-Site Request Forgery (CSRF) vulnerability in the server (license ...)
+ TODO: check
+CVE-2025-43803 (Insecure direct object reference (IDOR) vulnerability in the Contacts ...)
+ TODO: check
+CVE-2025-36248 (IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2025-34206 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34205 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34204 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34203 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34202 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 2 ...)
+ TODO: check
+CVE-2025-34201 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34200 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34199 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34198 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34197 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34195 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34194 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34193 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
+ TODO: check
+CVE-2025-34192 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34191 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34190 (Vasion Print (formerly PrinterLogic) Virtual Appliance Hostand Applica ...)
+ TODO: check
+CVE-2025-34189 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-34188 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
+ TODO: check
+CVE-2025-30755 (OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when ...)
+ TODO: check
+CVE-2025-30519 (Dover Fueling Solutions ProGauge MagLink LX4 Deviceshave default root ...)
+ TODO: check
+CVE-2025-26517 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0. ...)
+ TODO: check
+CVE-2025-26516 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0. ...)
+ TODO: check
+CVE-2025-26515 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0. ...)
+ TODO: check
+CVE-2025-26514 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0. ...)
+ TODO: check
+CVE-2025-10722 (A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. ...)
+ TODO: check
+CVE-2025-10721 (A vulnerability was determined in Webull Investing & Trading App 11.2. ...)
+ TODO: check
+CVE-2025-10719 (Tronclass developed by WisdomGarden has an Insecure Direct object Refe ...)
+ TODO: check
+CVE-2025-10718 (A vulnerability was found in Ooma Office Business Phone App up to 7.2. ...)
+ TODO: check
+CVE-2025-10717 (A vulnerability has been found in intsig CamScanner App 6.91.1.5.25071 ...)
+ TODO: check
+CVE-2025-10716 (A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Af ...)
+ TODO: check
+CVE-2025-10715 (A security flaw has been discovered in APEUni PTE Exam Practice App up ...)
+ TODO: check
+CVE-2025-10712 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20 ...)
+ TODO: check
+CVE-2025-10711 (A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up ...)
+ TODO: check
+CVE-2025-10710 (A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 202508 ...)
+ TODO: check
+CVE-2025-10709 (A vulnerability was detected in Four-Faith Water Conservancy Informati ...)
+ TODO: check
+CVE-2025-10708 (A security vulnerability has been detected in Four-Faith Water Conserv ...)
+ TODO: check
+CVE-2025-10707 (A weakness has been identified in JeecgBoot up to 3.8.2. Affected is a ...)
+ TODO: check
+CVE-2025-10690 (The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vu ...)
+ TODO: check
+CVE-2025-10689 (A vulnerability was identified in D-Link DIR-645 105B01. This issue af ...)
+ TODO: check
+CVE-2025-10647 (The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitr ...)
+ TODO: check
+CVE-2025-10630 (Grafana is an open-source platform for monitoring and observability.Gr ...)
+ TODO: check
+CVE-2025-10568 (HyperX NGENUITY software is potentially vulnerable to arbitrary code e ...)
+ TODO: check
+CVE-2025-10468 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-10458 (Parameters are not validated or sanitized, and are later used in vario ...)
+ TODO: check
+CVE-2025-10457 (The function responsible for handling BLE connection responses does no ...)
+ TODO: check
+CVE-2025-10456 (A vulnerability was identified in the handling of Bluetooth Low Energy ...)
+ TODO: check
+CVE-2025-10146 (The Download Manager plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2025-10035 (A deserialization vulnerability in the License Servlet of Fortra's GoA ...)
+ TODO: check
+CVE-2024-13990 (MicroWorld eScan AV's update mechanism failed to ensure authenticity a ...)
+ TODO: check
+CVE-2022-4980 (General Bytes Crypto Application Server (CAS) beginning with version 2 ...)
+ TODO: check
+CVE-2025-39866 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/d02d2c98d25793902f65803ab853b592c7a96b29 (6.17-rc3)
-CVE-2025-39865 [tee: fix NULL pointer dereference in tee_shm_put]
+CVE-2025-39865 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/e4a718a3a47e89805c3be9d46a84de1949a98d5d (6.17-rc5)
-CVE-2025-39864 [wifi: cfg80211: fix use-after-free in cmp_bss()]
+CVE-2025-39864 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/26e84445f02ce6b2fe5f3e0e28ff7add77f35e08 (6.17-rc5)
-CVE-2025-39863 [wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work]
+CVE-2025-39863 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc (6.17-rc5)
-CVE-2025-39862 [wifi: mt76: mt7915: fix list corruption after hardware restart]
+CVE-2025-39862 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.16.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/065c79df595af21d6d1b27d642860faa1d938774 (6.17-rc5)
-CVE-2025-39861 [Bluetooth: vhci: Prevent use-after-free by removing debugfs files early]
+CVE-2025-39861 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.16.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/28010791193a4503f054e8d69a950ef815deb539 (6.17-rc5)
-CVE-2025-39860 [Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()]
+CVE-2025-39860 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/862c628108562d8c7a516a900034823b381d3cba (6.17-rc5)
-CVE-2025-39859 [ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog]
+CVE-2025-39859 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8bf935cf789872350b04c1a6468b0a509f67afb2 (6.17-rc5)
-CVE-2025-39858 [eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring]
+CVE-2025-39858 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.16.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e580beaf43d563aaf457f1c7f934002355ebfe7b (6.17-rc5)
-CVE-2025-39857 [net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()]
+CVE-2025-39857 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ba1e9421cf1a8369d25c3832439702a015d6b5f9 (6.17-rc5)
-CVE-2025-39856 [net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev]
+CVE-2025-39856 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a6099f263e1f408bcc7913c9df24b0677164fc5d (6.17-rc5)
-CVE-2025-39855 [ice: fix NULL access of tx->in_use in ice_ptp_ts_irq]
+CVE-2025-39855 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/403bf043d9340196e06769065169df7444b91f7a (6.17-rc5)
-CVE-2025-39854 [ice: fix NULL access of tx->in_use in ice_ll_ts_intr]
+CVE-2025-39854 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f6486338fde3f04ed0ec59fe67a69a208c32734f (6.17-rc5)
-CVE-2025-39853 [i40e: Fix potential invalid access when MAC list is empty]
+CVE-2025-39853 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/a556f06338e1d5a85af0e32ecb46e365547f92b9 (6.17-rc5)
-CVE-2025-39852 [net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6]
+CVE-2025-39852 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fa390321aba0a54d0f7ae95ee4ecde1358bb9234 (6.17-rc5)
-CVE-2025-39851 [vxlan: Fix NPD when refreshing an FDB entry with a nexthop object]
+CVE-2025-39851 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/6ead38147ebb813f08be6ea8ef547a0e4c09559a (6.17-rc5)
-CVE-2025-39850 [vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects]
+CVE-2025-39850 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/1f5d2fd1ca04a23c18b1bde9a43ce2fa2ffa1bce (6.17-rc5)
-CVE-2025-39849 [wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()]
+CVE-2025-39849 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/62b635dcd69c4fde7ce1de4992d71420a37e51e3 (6.17-rc5)
-CVE-2025-39848 [ax25: properly unshare skbs in ax25_kiss_rcv()]
+CVE-2025-39848 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/8156210d36a43e76372312c87eb5ea3dbb405a85 (6.17-rc5)
-CVE-2025-39847 [ppp: fix memory leak in pad_compress_skb]
+CVE-2025-39847 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/4844123fe0b853a4982c02666cb3fd863d701d50 (6.17-rc5)
-CVE-2025-39846 [pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()]
+CVE-2025-39846 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/44822df89e8f3386871d9cad563ece8e2fd8f0e7 (6.17-rc5)
-CVE-2025-39845 [x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()]
+CVE-2025-39845 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6659d027998083fbb6d42a165b0c90dc2e8ba989 (6.17-rc5)
-CVE-2025-39844 [mm: move page table sync declarations to linux/pgtable.h]
+CVE-2025-39844 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7cc183f2e67d19b03ee5c13a6664b8c6cc37ff9d (6.17-rc5)
-CVE-2025-39843 [mm: slub: avoid wake up kswapd in set_track_prepare]
+CVE-2025-39843 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/850470a8413a8a78e772c4f6bd9fe81ec6bd5b0f (6.17-rc5)
-CVE-2025-39842 [ocfs2: prevent release journal inode after journal shutdown]
+CVE-2025-39842 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.16.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f46e8ef8bb7b452584f2e75337b619ac51a7cadf (6.17-rc5)
-CVE-2025-39841 [scsi: lpfc: Fix buffer free/clear order in deferred receive path]
+CVE-2025-39841 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/9dba9a45c348e8460da97c450cddf70b2056deb3 (6.17-rc5)
-CVE-2025-39840 [audit: fix out-of-bounds read in audit_compare_dname_path()]
+CVE-2025-39840 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.16.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4540f1d23e7f387880ce46d11b5cd3f27248bf8d (6.17-rc5)
-CVE-2025-39839 [batman-adv: fix OOB read/write in network-coding decode]
+CVE-2025-39839 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087 (6.17-rc5)
-CVE-2025-39838 [cifs: prevent NULL pointer dereference in UTF16 conversion]
+CVE-2025-39838 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.6-1
NOTE: https://git.kernel.org/linus/70bccd9855dae56942f2b18a08ba137bb54093a0 (6.17-rc5)
-CVE-2025-39837 [platform/x86: asus-wmi: Fix racy registrations]
+CVE-2025-39837 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -712,15 +950,19 @@ CVE-2025-30187 (In some circumstances, when DNSdist is configured to use the ngh
NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
CVE-2025-10500
+ {DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-10501
+ {DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-10502
+ {DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-10585
+ {DSA-6004-1}
- chromium 140.0.7339.185-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9083 (The Ninja Forms WordPress plugin before 3.11.1 unserializes user inpu ...)
@@ -2053,7 +2295,7 @@ CVE-2022-50339 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f74ca25d6d6629ffd4fd80a1a73037253b57d06b (6.1-rc1)
CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2 ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -2061,7 +2303,7 @@ CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10537
CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -2075,7 +2317,7 @@ CVE-2025-10534 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
- firefox 143.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10534
CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefo ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -2083,7 +2325,7 @@ CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 115.28,
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10533
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10533
CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -2097,7 +2339,7 @@ CVE-2025-10530 (This vulnerability affects Firefox < 143 and Thunderbird < 143.)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10530
CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -2105,7 +2347,7 @@ CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10529
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10529
CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -2113,7 +2355,7 @@ CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, T
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10528
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10528
CVE-2025-10527 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunder ...)
- {DSA-6003-1}
+ {DSA-6003-1 DLA-4305-1}
- firefox 143.0-1
- firefox-esr 140.3.0esr-1
- thunderbird <unfixed>
@@ -10895,7 +11137,7 @@ CVE-2025-5261 (Authorization Bypass Through User-Controlled Key vulnerability in
CVE-2025-5260 (Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yaz\u01 ...)
NOT-FOR-US: Pik Online Yazilim Cozumleri
CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, ...)
- {DLA-4299-1}
+ {DSA-6006-1 DSA-6005-1 DLA-4299-1}
- jetty12 12.0.17-3.1 (bug #1111765)
- jetty9 9.4.57-1.1 (bug #1111766)
- jetty <removed>
@@ -728573,29 +728815,29 @@ CVE-2014-0775
REJECTED
CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider Elec ...)
NOT-FOR-US: Schneider Electric OPC Factory Server
-CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX contro ...)
+CVE-2014-0773 (The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \u201cCre ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0772 (The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 Activ ...)
+CVE-2014-0772 (The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlTo ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX cont ...)
+CVE-2014-0771 (The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \u201cOpe ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
+CVE-2014-0770 (By providing an overly long string to the UserName parameter, an atta ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X- ...)
NOT-FOR-US: Festo controller
-CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
+CVE-2014-0768 (An attacker may pass an overly long value from the AccessCode2 argumen ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
+CVE-2014-0767 (An attacker may exploit this vulnerability by passing an overly long ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0766 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
+CVE-2014-0766 (An attacker can exploit this vulnerability by copying an overly long ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0765 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
+CVE-2014-0765 (To exploit this vulnerability, the attacker sends data from the GotoCm ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0764 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
+CVE-2014-0764 (By providing an overly long string to the NodeName parameter, an atta ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech W ...)
+CVE-2014-0763 (An attacker using SQL injection may use arguments to construct queries ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0762 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows p ...)
+CVE-2014-0762 (The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substati ...)
NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0761 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows r ...)
NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b811ef8b8df0019b8f938274827838bb55f3d68a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b811ef8b8df0019b8f938274827838bb55f3d68a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250919/c7b1876f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list