Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23e7eba4 by Moritz Muehlenhoff at 2025-03-19T22:36:13+01:00
auto-nfu: Add Liferay
Total CVEs from Liferay: 67
Total CVEs from Liferay with packages assigned: 0
- - - - -
4432fab1 by Moritz Muehlenhoff at 2025-03-19T22:43:31+01:00
auto-nfu: Add Absolute Software
Total CVEs from Absolute: 15
Total CVEs from Absolute with packages assigned: 0
- - - - -
b506df1e by Moritz Muehlenhoff at 2025-03-19T22:48:26+01:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2025-30196 (Jenkins AnchorChain Plugin 1.0 does not limit
URL schemes for li
CVE-2025-30154 (reviewdog/action-setup is a GitHub action that installs
reviewdog. rev ...)
NOT-FOR-US: reviewdog/action-setup GitHub action
CVE-2025-30153 (kin-openapi is a Go project for handling OpenAPI files. Prior
to 0.131 ...)
- TODO: check
+ NOT-FOR-US: kin-openapi
CVE-2025-30152 (The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin
for the ...)
- TODO: check
+ NOT-FOR-US: Syliud PayPal plugin
CVE-2025-30144 (fast-jwt provides fast JSON Web Token (JWT) implementation.
Prior to 5 ...)
TODO: check
CVE-2025-2536 (Cross-site scripting (XSS) vulnerability on Liferay Portal
7.4.3.82 th ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-2512 (The File Away plugin for WordPress is vulnerable to arbitrary
file upl ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2511 (The AHAthat Plugin plugin for WordPress is vulnerable to
time-based SQ ...)
@@ -33,23 +33,23 @@ CVE-2025-29783 (vLLM is a high-throughput and
memory-efficient inference and ser
CVE-2025-29770 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
NOT-FOR-US: vLLM
CVE-2025-29405 (An arbitrary file upload vulnerability in the component
/admin/templat ...)
- TODO: check
+ NOT-FOR-US: emlog pro
CVE-2025-29401 (An arbitrary file upload vulnerability in the component
/views/plugin. ...)
- TODO: check
+ NOT-FOR-US: emlog pro
CVE-2025-29137 (Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by
the time ...)
NOT-FOR-US: Tenda
CVE-2025-29118 (Tenda AC8 V16.03.34.06 was discovered to contain a stack
overflow via ...)
NOT-FOR-US: Tenda
CVE-2025-27705 (There is a cross-site scripting vulnerability in the Secure
Access adm ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2025-27704 (There is a cross-site scripting vulnerability in the Secure
Access adm ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2025-27415 (Nuxt is an open-source web development framework for Vue.js.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Nuxt
CVE-2025-26486 (Use of a Broken or Risky Cryptographic Algorithm, Use of
Password Hash ...)
- TODO: check
+ NOT-FOR-US: Beta80 Life 1st Identity Manager
CVE-2025-26485 (The Exposure of Sensitive Information to an Unauthorized Actor
vulner ...)
- TODO: check
+ NOT-FOR-US: Beta80 Life 1st Identity Manager
CVE-2025-26475 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS,
version(s) 5.26 ...)
NOT-FOR-US: Dell / EMC
CVE-2025-23382 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS,
version(s) 5.26 ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -1,6 +1,8 @@
# Simple CNA based rules
- reason: 1E
cna: 1E
+- reason: Absolute Software
+ cna: Absolute
- reason: AMI
cna: AMI
- reason: Apple
@@ -47,6 +49,8 @@
cna: Joomla
- reason: Juniper
cna: juniper
+- reason: Liferay
+ cna: Liferay
- reason: MediaTek
cna: MediaTek
- reason: Palo Alto Networks
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9780d3c75642e7a9e06a0a17e6a26dcfd592d0f8...b506df1ea3c03386e48a4bd464d06564cbb5f4fe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9780d3c75642e7a9e06a0a17e6a26dcfd592d0f8...b506df1ea3c03386e48a4bd464d06564cbb5f4fe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
