Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d697fbdd by Moritz Muehlenhoff at 2025-04-01T10:42:44+02:00
auto-nfu: Add rule for Netgear
- - - - -
1ffeed4d by Moritz Muehlenhoff at 2025-04-01T11:00:19+02:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -485,7 +485,7 @@ CVE-2025-24095 (This issue was addressed with additional
entitlement checks. Thi
CVE-2025-22277 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-21384 (An authenticated attacker can exploit an Server-Side Request
Forgery ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-1986 (The Gutentor WordPress plugin before 3.4.7 does not sanitize
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1665 (The Avada (Fusion) Builder plugin for WordPress is vulnerable
to Store ...)
@@ -497,27 +497,27 @@ CVE-2025-1512 (The PowerPack Elementor Addons (Free
Widgets, Extensions and Temp
CVE-2025-1267 (The Groundhogg plugin for Wordpress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0418 (Valmet DNA user passwords in plain text.This practice poses a
security ...)
- TODO: check
+ NOT-FOR-US: Valmet DNA
CVE-2025-0417 (Lack of protection against brute force attacks in Valmet DNA
visualiza ...)
- TODO: check
+ NOT-FOR-US: Valmet DNA
CVE-2025-0416 (Local privilege escalation through insecure DCOM configuration
in Valm ...)
- TODO: check
+ NOT-FOR-US: Valmet DNA
CVE-2024-54809 (Netgear Inc WNR854T 1.5.2 (North America) contains a
stack-based buffe ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54808 (Netgear WNR854T 1.5.2 (North America) contains a stack-based
buffer ov ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54807 (In Netgear WNR854T 1.5.2 (North America), the UPNP service is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54806 (Netgear WNR854T 1.5.2 (North America) is vulnerable to
Arbitrary comma ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54805 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Command
Injecti ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54804 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Command
Injecti ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54803 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Command
Injecti ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54802 (In Netgear WNR854T 1.5.2 (North America), the UPNP service
(/usr/sbin/ ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-54533 (A permissions issue was addressed with additional sandbox
restrictions ...)
NOT-FOR-US: Apple
CVE-2024-40864 (The issue was addressed with improved handling of protocols.
This issu ...)
@@ -552,7 +552,7 @@ CVE-2025-3048 (After completing a build with AWS Serverless
Application Model Co
CVE-2025-3047 (When running the AWS Serverless Application Model Command Line
Interfa ...)
NOT-FOR-US: Amazon
CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0
Enterprise. ...)
- TODO: check
+ NOT-FOR-US: EJBCA
CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0
Enterprise. ...)
NOT-FOR-US: EJBCA
CVE-2025-3022 (Os command injection vulnerability in e-solutions e-management.
This v ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -183,6 +183,8 @@
description: '.*\b(?i:d-link)\b.*'
- reason: ESAFENET
description: '.*\bESAFENET\b.*'
+- reason: Netgear
+ description: '.*\b(?i:Netgear)\b.*'
- reason: Linksys
description: '.*\b(?i:Linksys)\b.*'
- reason: OpenEMR
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad936de243e2efe4aca2b4c9f4644b221f689c7c...1ffeed4d2fc65a839be303463c322917e2a15149
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad936de243e2efe4aca2b4c9f4644b221f689c7c...1ffeed4d2fc65a839be303463c322917e2a15149
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
