[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add rule for Netgear

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 1 10:00:48 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d697fbdd by Moritz Muehlenhoff at 2025-04-01T10:42:44+02:00
auto-nfu: Add rule for Netgear

- - - - -
1ffeed4d by Moritz Muehlenhoff at 2025-04-01T11:00:19+02:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -485,7 +485,7 @@ CVE-2025-24095 (This issue was addressed with additional entitlement checks. Thi
 CVE-2025-22277 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-21384 (An authenticated attacker can exploit an Server-Side Request Forgery ( ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-1986 (The Gutentor  WordPress plugin before 3.4.7 does not sanitize and esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1665 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to Store ...)
@@ -497,27 +497,27 @@ CVE-2025-1512 (The PowerPack Elementor Addons (Free Widgets, Extensions and Temp
 CVE-2025-1267 (The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0418 (Valmet DNA user passwords in plain text.This practice poses a security ...)
-	TODO: check
+	NOT-FOR-US: Valmet DNA
 CVE-2025-0417 (Lack of protection against brute force attacks in Valmet DNA visualiza ...)
-	TODO: check
+	NOT-FOR-US: Valmet DNA
 CVE-2025-0416 (Local privilege escalation through insecure DCOM configuration in Valm ...)
-	TODO: check
+	NOT-FOR-US: Valmet DNA
 CVE-2024-54809 (Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffe ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54808 (Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer ov ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54807 (In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54806 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary comma ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54805 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injecti ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54804 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injecti ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54803 (Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injecti ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54802 (In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/ ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-54533 (A permissions issue was addressed with additional sandbox restrictions ...)
 	NOT-FOR-US: Apple
 CVE-2024-40864 (The issue was addressed with improved handling of protocols. This issu ...)
@@ -552,7 +552,7 @@ CVE-2025-3048 (After completing a build with AWS Serverless Application Model Co
 CVE-2025-3047 (When running the AWS Serverless Application Model Command Line Interfa ...)
 	NOT-FOR-US: Amazon
 CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
-	TODO: check
+	NOT-FOR-US: EJBCA
 CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
 	NOT-FOR-US: EJBCA
 CVE-2025-3022 (Os command injection vulnerability in e-solutions e-management. This v ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -183,6 +183,8 @@
   description: '.*\b(?i:d-link)\b.*'
 - reason: ESAFENET
   description: '.*\bESAFENET\b.*'
+- reason: Netgear
+  description: '.*\b(?i:Netgear)\b.*'
 - reason: Linksys
   description: '.*\b(?i:Linksys)\b.*'
 - reason: OpenEMR



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad936de243e2efe4aca2b4c9f4644b221f689c7c...1ffeed4d2fc65a839be303463c322917e2a15149

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad936de243e2efe4aca2b4c9f4644b221f689c7c...1ffeed4d2fc65a839be303463c322917e2a15149
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/6913ebc1/attachment.htm>

More information about the debian-security-tracker-commits mailing list