Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bff159d0 by Moritz Muehlenhoff at 2025-03-07T12:58:10+01:00
auto-nfu: Add ServiceNow
- - - - -
401816c7 by Moritz Muehlenhoff at 2025-03-07T13:00:56+01:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2025-1475 (The WPCOM Member plugin for WordPress is
vulnerable to authentica
CVE-2025-1309 (The UiPress lite | Effortless custom dashboards, admin themes
and page ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1121 (Privilege escalation in Installer and Recovery image handling
in Googl ...)
- TODO: check
+ NOT-FOR-US: ChromeOS
CVE-2025-0863 (The Flexmls\xae IDX Plugin plugin for WordPress is vulnerable
to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0749 (The Homey theme for WordPress is vulnerable to authentication
bypass i ...)
@@ -111,7 +111,7 @@ CVE-2025-2031 (A vulnerability classified as critical has
been found in Chestnut
CVE-2025-2030 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE
Collaborat ...)
NOT-FOR-US: Seeyon Zhiyuan Interconnect FE Collaborative Office Platform
CVE-2025-2029 (A vulnerability was found in MicroDicom DICOM Viewer 2025.1
Build 3321 ...)
- TODO: check
+ NOT-FOR-US: MicroDicom DICOM Viewer
CVE-2025-27600 (FastGPT is a knowledge-based platform built on the LLMs. Since
the web ...)
NOT-FOR-US: FastGPT
CVE-2025-27509 (fleetdm/fleet is an open source device management, built on
osquery. I ...)
@@ -151,7 +151,7 @@ CVE-2025-1383 (The Podlove Podcast Publisher plugin for
WordPress is vulnerable
CVE-2025-0877 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: AtaksAPP Reservation Management System
CVE-2025-0337 (ServiceNow has addressed an authorization bypass vulnerability
that wa ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2024-7872 (Insertion of Sensitive Information Into Sent Data vulnerability
in Ext ...)
NOT-FOR-US: ExtremePACS Extreme XDS
CVE-2024-52924 (An issue was discovered in NRMM in Samsung Mobile Processor,
Wearable ...)
@@ -614,7 +614,7 @@ CVE-2024-11153 (The Content Control \u2013 The Ultimate
Content Restriction Plug
CVE-2024-11035 (Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be
susceptible ...)
NOT-FOR-US: Carbon Black Cloud Windows Sensor
CVE-2023-38693 (Lucee Server (or simply Lucee) is a dynamic, Java based, tag
and scrip ...)
- TODO: check
+ NOT-FOR-US: Lucee Server
CVE-2025-27685 (Vasion Print (formerly PrinterLogic) before Virtual Appliance
Host 1.0 ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-27684 (Vasion Print (formerly PrinterLogic) before Virtual Appliance
Host 1.0 ...)
@@ -714,7 +714,7 @@ CVE-2025-27638 (Vasion Print (formerly PrinterLogic) before
Virtual Appliance Ho
CVE-2025-27637 (Vasion Print (formerly PrinterLogic) before Virtual Appliance
Host 22. ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-27510 (conda-forge-metadata provides programatic access to
conda-forge's meta ...)
- TODO: check
+ NOT-FOR-US: conda-forge-metadata
CVE-2025-26319 (FlowiseAI Flowise v2.2.6 was discovered to contain an
arbitrary file u ...)
NOT-FOR-US: FlowiseAI Flowise
CVE-2025-26318 (Insecure permissions in TSplus Remote Access v17.30 allow
attackers to ...)
@@ -827,7 +827,7 @@ CVE-2025-27401 (Tuleap is an Open Source Suite to improve
management of software
CVE-2025-27156 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite
which is th ...)
- TODO: check
+ NOT-FOR-US: Pinecone
CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27111 (Rack is a modular Ruby web server interface. The
Rack::Sendfile middle ...)
@@ -1114,7 +1114,7 @@ CVE-2025-1882 (A vulnerability was found in i-Drive i11
and i12 up to 20250227.
CVE-2025-1881 (A vulnerability was found in i-Drive i11 and i12 up to
20250227. It ha ...)
NOT-FOR-US: i-Drive i11 and i12
CVE-2025-1695 (In NGINX Unit before version 1.34.2 with the Java Language
Module in u ...)
- TODO: check
+ NOT-FOR-US: NGINX Unit
CVE-2025-1639 (The Animation Addons for Elementor Pro plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1321 (The teachPress plugin for WordPress is vulnerable to SQL
Injection via ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -21,6 +21,8 @@
cna: SamsungMobile
- reason: SAP
cna: sap
+- reason: ServiceNow
+ cna: SN
- reason: WordPress plugin
cna: Wordfence
- reason: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4a132854d735030a403f355b3f58b8ea0758752...401816c7c21fcdd3cc36fbf09dc8587ab06208d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4a132854d735030a403f355b3f58b8ea0758752...401816c7c21fcdd3cc36fbf09dc8587ab06208d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
