[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 25 Aug 2025 01:12:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f93e2266 by security tracker role at 2025-08-25T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-9406 (A weakness has been identified in xuhuisheng lemon up to 
1.13.0. This  ...)
+       TODO: check
+CVE-2025-9405 (A security flaw has been discovered in Open5GS up to 2.7.5. The 
impact ...)
+       TODO: check
+CVE-2025-9404 (A vulnerability was identified in Scada-LTS up to 2.7.8.1. The 
affecte ...)
+       TODO: check
+CVE-2025-9403 (A vulnerability was determined in jqlang jq up to 1.6. Impacted 
is the ...)
+       TODO: check
+CVE-2025-9402 (A vulnerability was found in HuangDou UTCMS 9. This issue 
affects some ...)
+       TODO: check
+CVE-2025-9401 (A vulnerability has been found in HuangDou UTCMS 9. This 
vulnerability ...)
+       TODO: check
+CVE-2025-9400 (A flaw has been found in YiFang CMS up to 2.0.5. This affects 
the func ...)
+       TODO: check
+CVE-2025-9399 (A vulnerability was detected in YiFang CMS up to 2.0.5. 
Affected by th ...)
+       TODO: check
+CVE-2025-9398 (A security vulnerability has been detected in YiFang CMS up to 
2.0.5.  ...)
+       TODO: check
+CVE-2025-9397 (A weakness has been identified in givanz Vvveb up to 1.0.7.2. 
Affected ...)
+       TODO: check
+CVE-2025-9396 (A security flaw has been discovered in ckolivas lrzip up to 
0.651. Thi ...)
+       TODO: check
+CVE-2025-9395 (A vulnerability was identified in wangsongyan wblog 0.0.1. This 
affect ...)
+       TODO: check
+CVE-2025-9394 (A flaw has been found in PoDoFo 1.1.0-dev. This issue affects 
the func ...)
+       TODO: check
+CVE-2025-9393 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, 
RE6500 ...)
+       TODO: check
+CVE-2025-9392 (A security vulnerability has been detected in Linksys RE6250, 
RE6300,  ...)
+       TODO: check
+CVE-2025-9391 (A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. 
Affect ...)
+       TODO: check
+CVE-2025-9390 (A security flaw has been discovered in vim up to 9.1.1615. 
Affected by ...)
+       TODO: check
+CVE-2025-9389 (A vulnerability was identified in vim 9.1.0000. Affected is the 
functi ...)
+       TODO: check
+CVE-2025-9388 (A vulnerability was determined in Scada-LTS up to 2.7.8.1. This 
impact ...)
+       TODO: check
+CVE-2025-9387 (A vulnerability was found in DCN DCME-720 9.1.5.11. This 
affects an un ...)
+       TODO: check
+CVE-2025-9386 (A vulnerability has been found in appneta tcpreplay up to 
4.5.1. The i ...)
+       TODO: check
+CVE-2025-9385 (A flaw has been found in appneta tcpreplay up to 4.5.1. The 
affected e ...)
+       TODO: check
+CVE-2025-9384 (A vulnerability was detected in appneta tcpreplay up to 4.5.1. 
Impacte ...)
+       TODO: check
+CVE-2025-9383 (A security vulnerability has been detected in FNKvision Y215 
CCTV Came ...)
+       TODO: check
+CVE-2025-9118 (A path traversal vulnerability in the NPM package installation 
process ...)
+       TODO: check
+CVE-2025-8997 (An Information Exposure vulnerability has been identified in 
OpenText  ...)
+       TODO: check
+CVE-2025-5514 (Improper Handling of Length Parameter Inconsistency 
vulnerability in w ...)
+       TODO: check
+CVE-2025-5191 (An Unquoted Search Path vulnerability has been identified in 
the utili ...)
+       TODO: check
+CVE-2025-54301 (A stored XSS vulnerability in Quantum Manager component 
1.0.0-3.2.0 fo ...)
+       TODO: check
+CVE-2025-54300 (A stored XSS vulnerability in Quantum Manager component 
1.0.0-3.2.0 fo ...)
+       TODO: check
 CVE-2025-9382 (A weakness has been identified in FNKvision Y215 CCTV Camera 
10.194.12 ...)
        NOT-FOR-US: NKvision Y215 CCTV Camera
 CVE-2025-9381 (A security flaw has been discovered in FNKvision Y215 CCTV 
Camera 10.1 ...)
@@ -1463,7 +1523,7 @@ CVE-2025-9186 (Spoofing issue in the Address Bar 
component of Firefox Focus for
        - firefox <not-affected> (Specific to Firefox Focus on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
 CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 
128.13,  ...)
-       {DSA-5980-1 DLA-4277-1}
+       {DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
        - firefox-esr 128.14.0esr-1
        - firefox 142.0-1
        - thunderbird 1:128.14.0esr-1
@@ -1480,7 +1540,7 @@ CVE-2025-9182 ('Denial-of-service due to out-of-memory in 
the Graphics: WebRende
        - firefox 142.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
 CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This 
vulnerab ...)
-       {DSA-5980-1 DLA-4277-1}
+       {DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
        - firefox 142.0-1
        - firefox-esr 128.14.0esr-1
        - thunderbird 1:128.14.0esr-1
@@ -1488,7 +1548,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript 
Engine component. This vul
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
 CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D 
component.' This  ...)
-       {DSA-5980-1 DLA-4277-1}
+       {DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
        - firefox 142.0-1
        - firefox-esr 128.14.0esr-1
        - thunderbird 1:128.14.0esr-1
@@ -1496,7 +1556,7 @@ CVE-2025-9180 ('Same-origin policy bypass in the 
Graphics: Canvas2D component.'
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
 CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP 
process w ...)
-       {DSA-5980-1 DLA-4277-1}
+       {DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
        - firefox 142.0-1
        - firefox-esr 128.14.0esr-1
        - thunderbird 1:128.14.0esr-1
@@ -6335,6 +6395,7 @@ CVE-2025-54351 (In iperf before 3.19.1, net.c has a 
buffer overflow when --skip-
        NOTE: Fixed by: 
https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0 
(master)
        NOTE: Fixed by: 
https://github.com/esnet/iperf/commit/c9af85a384859365b7184be173da4876437aaf40 
(3.19.1)
 CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode 
assertion fail ...)
+       {DLA-4281-1}
        - iperf3 3.19.1-1 (bug #1110376)
        [trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL 
authentication; will be fixed via point release)
        [bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL 
authentication; will be fixed via point release)
@@ -6343,6 +6404,7 @@ CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has 
a Base64Decode assertio
        NOTE: Fixed by: 
https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a 
(master)
        NOTE: Fixed by: 
https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1 
(3.19.1)
 CVE-2025-54349 (In iperf before 3.19.1, iperf_auth.c has an off-by-one error 
and resul ...)
+       {DLA-4281-1}
        - iperf3 3.19.1-1 (bug #1110376)
        [trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL 
authentication; will be fixed via point release)
        [bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL 
authentication; will be fixed via point release)
@@ -10811,6 +10873,7 @@ CVE-2025-6993 (The Ultimate WP Mail plugin for 
WordPress is vulnerable to Privil
 CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3(  <=  
180703)/V ...)
        NOT-FOR-US: TP-Link
 CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday 
Attack' ...)
+       {DLA-4280-1}
        - unbound 1.22.0-2 (bug #1109427)
        NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
        NOTE: Fixed by: 
https://github.com/NLnetLabs/unbound/commit/5bf82f246481098a6473f296b21fc1229d276c0f
 (release-1.23.1)
@@ -141263,6 +141326,7 @@ CVE-2024-0445 (The The Plus Addons for Elementor 
plugin for WordPress is vulnera
 CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is 
vulnerable ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote 
attackers to ca ...)
+       {DLA-4280-1}
        - unbound 1.20.0-1
        [bookworm] - unbound <ignored> (Minor issue, too intrusive to backport)
        [buster] - unbound <ignored> (Not affected by DoS, intrusive changes)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f93e2266442a783946afe6620cb5f9743240d49a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f93e2266442a783946afe6620cb5f9743240d49a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to