Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e53fb352 by Moritz Muehlenhoff at 2026-06-27T13:26:45+02:00
auto-nfu: Add rule for Flowise
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -1057,21 +1057,21 @@ CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM
implementation (mlkem_cmp_avx2)
CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle
files that ...)
TODO: check
CVE-2025-71338 (Flowise contains a path traversal vulnerability in the
/api/v1/documen ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and
earlier) con ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71335 (Flowise before 3.0.10 (affected versions 3.0.7 and earlier)
fails to i ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71334 (Flowise before 3.0.6 (affected versions 2.2.8 and earlier)
contains an ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71333 (Flowise through 2.2.4 contains an unauthenticated arbitrary
file uploa ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71328 (Flowise before 3.0.10 contains an unverified password change
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71327 (Flowise contains an authentication bypass vulnerability in the
unprote ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71324 (Flowise before 3.0.6 contains an arbitrary file read
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-60465 (A use-after-free in the gf_filter_pid_inst_swap function
(/filter_core ...)
TODO: check
CVE-2025-60464 (A use-after-free in the gf_sei_load_from_state_internal
function (/fil ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -895,6 +895,8 @@
description: '.*\bEmlog\b.*'
- reason: ESAFENET
description: '.*\bESAFENET\b.*'
+- reason: Flowise
+ description: '.*\bFlowise\b.*'
- reason: Intelbras
description: '.*\b(?i:Intelbras)\b.*'
- reason: IrfanView
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits