[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Citrix

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f1ea1c1 by Moritz Muehlenhoff at 2025-06-17T22:41:04+02:00
auto-nfu: Add rule for Citrix

Total CVEs from Citrix: 58
Total CVEs from Citrix with packages assigned: 0

Scope: Citrix issues only.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,23 +11,23 @@ CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complex
 CVE-2025-6050 (Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Sit ...)
 	TODO: check
 CVE-2025-5777 (Insufficient input validation leading to memory overreadon the NetScal ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2025-5700 (The Simple Logo Carousel plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5349 (Improper access control on the NetScaler Management Interface in NetSc ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2025-5291 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core Privilege ...)
 	TODO: check
 CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2025-4754 (Insufficient Session Expiration vulnerability in ash-project ash_authe ...)
 	TODO: check
 CVE-2025-4404 (A privilege escalation from host to domain vulnerability was found in  ...)
 	TODO: check
 CVE-2025-4365 (Arbitrary file read inNetScaler Console and NetScaler SDX (SVM))
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2025-49882 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49881 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -231,7 +231,7 @@ CVE-2025-24773 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-24761 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	TODO: check
 CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker  ...)
 	TODO: check
 CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]


=====================================
data/packages/nfu.yaml
=====================================
@@ -49,6 +49,8 @@
   cna: Canon
 - reason: Centreon
   cna: Centreon
+- reason: Citrix
+  cna: Citrix
 - reason: Crestron
   cna: Crestron
 - reason: Dell / EMC



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f1ea1c1ba7aa242a9659782a132a14d68124bd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f1ea1c1ba7aa242a9659782a132a14d68124bd4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/2c0059c8/attachment-0001.htm>