Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 63fff59c by Moritz Muehlenhoff at 2025-05-23T10:09:09+02:00 auto-nfu: Add CNA rule for WSO2 These are all FLOSS, but none are packaged in Debian. Total CVEs from WSO2: 14 Total CVEs from WSO2 with packages assigned: 0 Scope: WSO2 products and services scoped under Responsible Disclosure Program https://security.docs.wso2.com/en/latest/security-reporting/reward-and-acknowledgement-program/#products-services-in-scope. - - - - - 2 changed files: - data/CVE/list - data/packages/nfu.yaml Changes: ===================================== data/CVE/list ===================================== @@ -142,13 +142,13 @@ CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if se CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2024-7487 (An improper authentication vulnerability exists in WSO2 Identity Serve ...) - TODO: check + NOT-FOR-US: WSO2 CVE-2024-7103 (A reflected cross-site scripting (XSS) vulnerability exists in the sub ...) - TODO: check + NOT-FOR-US: WSO2 CVE-2024-6914 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...) - TODO: check + NOT-FOR-US: WSO2 CVE-2024-5962 (A reflected cross-site scripting (XSS) vulnerability exists in the aut ...) - TODO: check + NOT-FOR-US: WSO2 CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authe ...) NOT-FOR-US: Infoblox NETMRI CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL i ...) ===================================== data/packages/nfu.yaml ===================================== @@ -173,6 +173,8 @@ cna: Wordfence - reason: WordPress plugin cna: WPScan +- reason: WSO2 + cna: WSO2 - reason: Xerox cna: Xerox - reason: Xiaomi View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fff59ceb38c466efea87b2bf53a835ae76d5e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fff59ceb38c466efea87b2bf53a835ae76d5e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
