[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 17 Aug 2025 01:12:11 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bafa5a15 by security tracker role at 2025-08-17T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2025-9091 (A security flaw has been discovered in Tenda AC20 16.03.08.12. 
Affecte ...)
+       TODO: check
+CVE-2025-9090 (A vulnerability was identified in Tenda AC20 16.03.08.12. 
Affected is  ...)
+       TODO: check
+CVE-2025-9089 (A vulnerability was determined in Tenda AC20 16.03.08.12. This 
issue a ...)
+       TODO: check
+CVE-2025-9088 (A vulnerability was found in Tenda AC20 16.03.08.12. This 
vulnerabilit ...)
+       TODO: check
+CVE-2025-9087 (A vulnerability has been found in Tenda AC20 16.03.08.12. This 
affects ...)
+       TODO: check
 CVE-2025-9092 (Uncontrolled Resource Consumption vulnerability in Legion of 
the Bounc ...)
        NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian 
package for Bouncycastle
 CVE-2025-8878 (The The Paid Membership Plugin, Ecommerce, User Registration 
Form, Log ...)
@@ -3234,7 +3244,7 @@ CVE-2025-46387 (CWE-639 Authorization Bypass Through 
User-Controlled Key)
        NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key)
        NOT-FOR-US: Emby MediaBrowser
-CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak 
encryption.)
+CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak 
encryption. NOTE:  ...)
        - poco <unfixed> (unimportant)
        NOTE: https://github.com/pocoproject/poco/issues/4921
        NOTE: Negligible and disputed security impact
@@ -4633,11 +4643,11 @@ CVE-2025-50270 (A stored Cross Site Scripting (xss) 
vulnerability in the "conten
        NOT-FOR-US: AnQiCMS
 CVE-2025-46809 (A Insertion of Sensitive Information into Log File 
vulnerability in SU ...)
        NOT-FOR-US: SUSE Multi Linux Manager
-CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.)
+CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption. NOTE: 
this issue ...)
        - php-lcobucci-jwt <unfixed> (unimportant)
        NOTE: 
https://github.com/lcobucci/jwt/security/advisories/GHSA-rp3h-65jh-3c3m
        NOTE: Negligible security impact
-CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.)
+CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption. 
NOTE: this  ...)
        NOT-FOR-US: php-jwt
 CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS 
commands us ...)
        NOT-FOR-US: MB connect line GmbH



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bafa5a15752b4a058e1e19525c5a8a4d92a3e1de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bafa5a15752b4a058e1e19525c5a8a4d92a3e1de
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to