Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a4f7858 by Moritz Muehlenhoff at 2025-06-25T17:53:04+02:00
auto-nfu: Add rule for Zephyr
Total CVEs from zephyr: 137
Total CVEs from zephyr with packages assigned: 0
Scope: Zephyr project components, and vulnerabilities that are not in another
CNA’s scope.
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -429,7 +429,7 @@ CVE-2025-34032 (A reflected cross-site scripting (XSS)
vulnerability exists in t
CVE-2025-34031 (A path traversal vulnerability exists in the Moodle LMS Jmol
plugin ve ...)
NOT-FOR-US: Moodle plugin
CVE-2025-2962 (A denial-of-service issue in the dns implemenation could cause
an infi ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-23092 (Mitel OpenScape Accounting Management through V5 R1.1.0 could
allow an ...)
NOT-FOR-US: Mitel
CVE-2024-56731 (Gogs is an open source self-hosted Git service. Prior to
version 0.13. ...)
@@ -41684,11 +41684,11 @@ CVE-2025-22974 (SQL Injection vulnerability in SeaCMS
v.13.2 and before allows a
CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component
versions 3.3.0 ...)
NOT-FOR-US: Hikashop
CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a
memcpy o ...)
- NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-1674 (A lack of input validation allows for out of bounds reads
caused by ma ...)
- NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause
an out ...)
- NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection
via the ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1646 (A vulnerability, which was classified as critical, has been
found in L ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -213,6 +213,8 @@
cna: Xiaomi
- reason: Yokogawa
cna: YokogawaGroup
+- reason: Zephyr, different from src:zephyr
+ cna: zephyr
- reason: Zscaler
cna: Zscaler
- reason: Zoho
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4f78583837e73bdbe0e0c99071b048b0e1059d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4f78583837e73bdbe0e0c99071b048b0e1059d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
