[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add rule for ZTE

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 7 08:32:42 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21665c72 by Moritz Muehlenhoff at 2025-03-07T09:30:23+01:00
auto-nfu: Add rule for ZTE

- - - - -
936944c0 by Moritz Muehlenhoff at 2025-03-07T09:32:18+01:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2025-2067 (A vulnerability was found in projectworlds Life Insurance Management S ...)
-	TODO: check
+	NOT-FOR-US: rojectworlds Life Insurance Management System
 CVE-2025-2066 (A vulnerability has been found in projectworlds Life Insurance Managem ...)
-	TODO: check
+	NOT-FOR-US: rojectworlds Life Insurance Management System
 CVE-2025-2065 (A vulnerability, which was classified as critical, was found in projec ...)
-	TODO: check
+	NOT-FOR-US: rojectworlds Life Insurance Management System
 CVE-2025-2064 (A vulnerability, which was classified as critical, has been found in p ...)
-	TODO: check
+	NOT-FOR-US: rojectworlds Life Insurance Management System
 CVE-2025-2063 (A vulnerability classified as critical was found in projectworlds Life ...)
-	TODO: check
+	NOT-FOR-US: rojectworlds Life Insurance Management System
 CVE-2025-2062 (A vulnerability classified as critical has been found in projectworlds ...)
-	TODO: check
+	NOT-FOR-US: rojectworlds Life Insurance Management System
 CVE-2025-2061 (A vulnerability was found in code-projects Online Ticket Reservation S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-2060 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...)
@@ -39,23 +39,23 @@ CVE-2025-2046 (A vulnerability was found in SourceCodester Best Employee Managem
 CVE-2025-2044 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
 	NOT-FOR-US: code-projects
 CVE-2025-2043 (A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified a ...)
-	TODO: check
+	NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2025-2042 (A vulnerability has been found in huang-yk student-manage 1.0 and clas ...)
-	TODO: check
+	NOT-FOR-US: huang-yk student-manage
 CVE-2025-2041 (A vulnerability, which was classified as critical, has been found in s ...)
-	TODO: check
+	NOT-FOR-US: s-a-zhd Ecommerce-Website-using-PHP
 CVE-2025-27816 (A vulnerability was discovered in the Arctera InfoScale 7.0 through 8. ...)
-	TODO: check
+	NOT-FOR-US: Arctera InfoScale
 CVE-2025-27796 (WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocati ...)
 	TODO: check
 CVE-2025-27795 (JXL in GraphicsMagick before 1.3.46 lacks image dimension resource lim ...)
 	TODO: check
 CVE-2025-27598 (ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: ImageSharp
 CVE-2025-26708 (There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2025-25763 (crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at  ...)
-	TODO: check
+	NOT-FOR-US: crmeb CRMEB-KY
 CVE-2025-1475 (The WPCOM Member plugin for WordPress is vulnerable to authentication  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1309 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
@@ -69,7 +69,7 @@ CVE-2025-0749 (The Homey theme for WordPress is vulnerable to authentication byp
 CVE-2025-0748 (The Homey theme for WordPress is vulnerable to Cross-Site Request Forg ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-57972 (The pairing API request handler in Microsoft HoloLens 1 (Windows Holog ...)
-	TODO: check
+	NOT-FOR-US: Microsoft HoloLens
 CVE-2024-13906 (The Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleri ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13655 (The Flex Mag - Responsive WordPress News Theme theme for WordPress is  ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -23,6 +23,8 @@
   cna: WPScan
 - reason: MediaTek
   cna: MediaTek
+- reason: ZTE
+  cna: zte
 # Complex rules (Hint: allOf, anyOf, not)
 - reason: Esri
   allOf:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9831cc4a23d5637512772aa6eda65905ccd05877...936944c08e07f886a02c2daafee41338545e5c59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9831cc4a23d5637512772aa6eda65905ccd05877...936944c08e07f886a02c2daafee41338545e5c59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250307/01a52936/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list