[Git][security-tracker-team/security-tracker][master] automatic update

Sun Aug 17 09:12:03 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bafa5a15 by security tracker role at 2025-08-17T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2025-9091 (A security flaw has been discovered in Tenda AC20 16.03.08.12. Affecte ...)
+	TODO: check
+CVE-2025-9090 (A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is  ...)
+	TODO: check
+CVE-2025-9089 (A vulnerability was determined in Tenda AC20 16.03.08.12. This issue a ...)
+	TODO: check
+CVE-2025-9088 (A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerabilit ...)
+	TODO: check
+CVE-2025-9087 (A vulnerability has been found in Tenda AC20 16.03.08.12. This affects ...)
+	TODO: check
 CVE-2025-9092 (Uncontrolled Resource Consumption vulnerability in Legion of the Bounc ...)
 	NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle
 CVE-2025-8878 (The The Paid Membership Plugin, Ecommerce, User Registration Form, Log ...)
@@ -3234,7 +3244,7 @@ CVE-2025-46387 (CWE-639 Authorization Bypass Through User-Controlled Key)
 	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key)
 	NOT-FOR-US: Emby MediaBrowser
-CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.)
+CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption. NOTE:  ...)
 	- poco <unfixed> (unimportant)
 	NOTE: https://github.com/pocoproject/poco/issues/4921
 	NOTE: Negligible and disputed security impact
@@ -4633,11 +4643,11 @@ CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the "conten
 	NOT-FOR-US: AnQiCMS
 CVE-2025-46809 (A Insertion of Sensitive Information into Log File vulnerability in SU ...)
 	NOT-FOR-US: SUSE Multi Linux Manager
-CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.)
+CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue ...)
 	- php-lcobucci-jwt <unfixed> (unimportant)
 	NOTE: https://github.com/lcobucci/jwt/security/advisories/GHSA-rp3h-65jh-3c3m
 	NOTE: Negligible security impact
-CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.)
+CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this  ...)
 	NOT-FOR-US: php-jwt
 CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS commands us ...)
 	NOT-FOR-US: MB connect line GmbH



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bafa5a15752b4a058e1e19525c5a8a4d92a3e1de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bafa5a15752b4a058e1e19525c5a8a4d92a3e1de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250817/edcdd9e1/attachment.htm>
