[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 25 09:12:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f93e2266 by security tracker role at 2025-08-25T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-9406 (A weakness has been identified in xuhuisheng lemon up to 1.13.0. This  ...)
+	TODO: check
+CVE-2025-9405 (A security flaw has been discovered in Open5GS up to 2.7.5. The impact ...)
+	TODO: check
+CVE-2025-9404 (A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affecte ...)
+	TODO: check
+CVE-2025-9403 (A vulnerability was determined in jqlang jq up to 1.6. Impacted is the ...)
+	TODO: check
+CVE-2025-9402 (A vulnerability was found in HuangDou UTCMS 9. This issue affects some ...)
+	TODO: check
+CVE-2025-9401 (A vulnerability has been found in HuangDou UTCMS 9. This vulnerability ...)
+	TODO: check
+CVE-2025-9400 (A flaw has been found in YiFang CMS up to 2.0.5. This affects the func ...)
+	TODO: check
+CVE-2025-9399 (A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by th ...)
+	TODO: check
+CVE-2025-9398 (A security vulnerability has been detected in YiFang CMS up to 2.0.5.  ...)
+	TODO: check
+CVE-2025-9397 (A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected ...)
+	TODO: check
+CVE-2025-9396 (A security flaw has been discovered in ckolivas lrzip up to 0.651. Thi ...)
+	TODO: check
+CVE-2025-9395 (A vulnerability was identified in wangsongyan wblog 0.0.1. This affect ...)
+	TODO: check
+CVE-2025-9394 (A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the func ...)
+	TODO: check
+CVE-2025-9393 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500 ...)
+	TODO: check
+CVE-2025-9392 (A security vulnerability has been detected in Linksys RE6250, RE6300,  ...)
+	TODO: check
+CVE-2025-9391 (A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affect ...)
+	TODO: check
+CVE-2025-9390 (A security flaw has been discovered in vim up to 9.1.1615. Affected by ...)
+	TODO: check
+CVE-2025-9389 (A vulnerability was identified in vim 9.1.0000. Affected is the functi ...)
+	TODO: check
+CVE-2025-9388 (A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impact ...)
+	TODO: check
+CVE-2025-9387 (A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an un ...)
+	TODO: check
+CVE-2025-9386 (A vulnerability has been found in appneta tcpreplay up to 4.5.1. The i ...)
+	TODO: check
+CVE-2025-9385 (A flaw has been found in appneta tcpreplay up to 4.5.1. The affected e ...)
+	TODO: check
+CVE-2025-9384 (A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacte ...)
+	TODO: check
+CVE-2025-9383 (A security vulnerability has been detected in FNKvision Y215 CCTV Came ...)
+	TODO: check
+CVE-2025-9118 (A path traversal vulnerability in the NPM package installation process ...)
+	TODO: check
+CVE-2025-8997 (An Information Exposure vulnerability has been identified in OpenText  ...)
+	TODO: check
+CVE-2025-5514 (Improper Handling of Length Parameter Inconsistency vulnerability in w ...)
+	TODO: check
+CVE-2025-5191 (An Unquoted Search Path vulnerability has been identified in the utili ...)
+	TODO: check
+CVE-2025-54301 (A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 fo ...)
+	TODO: check
+CVE-2025-54300 (A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 fo ...)
+	TODO: check
 CVE-2025-9382 (A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.12 ...)
 	NOT-FOR-US: NKvision Y215 CCTV Camera
 CVE-2025-9381 (A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.1 ...)
@@ -1463,7 +1523,7 @@ CVE-2025-9186 (Spoofing issue in the Address Bar component of Firefox Focus for
 	- firefox <not-affected> (Specific to Firefox Focus on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
 CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13,  ...)
-	{DSA-5980-1 DLA-4277-1}
+	{DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
 	- firefox-esr 128.14.0esr-1
 	- firefox 142.0-1
 	- thunderbird 1:128.14.0esr-1
@@ -1480,7 +1540,7 @@ CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics: WebRende
 	- firefox 142.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
 CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vulnerab ...)
-	{DSA-5980-1 DLA-4277-1}
+	{DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
 	- firefox 142.0-1
 	- firefox-esr 128.14.0esr-1
 	- thunderbird 1:128.14.0esr-1
@@ -1488,7 +1548,7 @@ CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vul
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
 CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.' This  ...)
-	{DSA-5980-1 DLA-4277-1}
+	{DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
 	- firefox 142.0-1
 	- firefox-esr 128.14.0esr-1
 	- thunderbird 1:128.14.0esr-1
@@ -1496,7 +1556,7 @@ CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.'
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
 CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP process w ...)
-	{DSA-5980-1 DLA-4277-1}
+	{DSA-5984-1 DSA-5980-1 DLA-4279-1 DLA-4277-1}
 	- firefox 142.0-1
 	- firefox-esr 128.14.0esr-1
 	- thunderbird 1:128.14.0esr-1
@@ -6335,6 +6395,7 @@ CVE-2025-54351 (In iperf before 3.19.1, net.c has a buffer overflow when --skip-
 	NOTE: Fixed by: https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0 (master)
 	NOTE: Fixed by: https://github.com/esnet/iperf/commit/c9af85a384859365b7184be173da4876437aaf40 (3.19.1)
 CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion fail ...)
+	{DLA-4281-1}
 	- iperf3 3.19.1-1 (bug #1110376)
 	[trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
 	[bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
@@ -6343,6 +6404,7 @@ CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertio
 	NOTE: Fixed by: https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a (master)
 	NOTE: Fixed by: https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1 (3.19.1)
 CVE-2025-54349 (In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resul ...)
+	{DLA-4281-1}
 	- iperf3 3.19.1-1 (bug #1110376)
 	[trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
 	[bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
@@ -10811,6 +10873,7 @@ CVE-2025-6993 (The Ultimate WP Mail plugin for WordPress is vulnerable to Privil
 CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3(  <=  180703)/V ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' ...)
+	{DLA-4280-1}
 	- unbound 1.22.0-2 (bug #1109427)
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/5bf82f246481098a6473f296b21fc1229d276c0f (release-1.23.1)
@@ -141263,6 +141326,7 @@ CVE-2024-0445 (The The Plus Addons for Elementor plugin for WordPress is vulnera
 CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote attackers to ca ...)
+	{DLA-4280-1}
 	- unbound 1.20.0-1
 	[bookworm] - unbound <ignored> (Minor issue, too intrusive to backport)
 	[buster] - unbound <ignored> (Not affected by DoS, intrusive changes)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f93e2266442a783946afe6620cb5f9743240d49a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f93e2266442a783946afe6620cb5f9743240d49a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250825/c71a3582/attachment.htm>

More information about the debian-security-tracker-commits mailing list