[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add ServiceNow
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 7 12:01:23 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bff159d0 by Moritz Muehlenhoff at 2025-03-07T12:58:10+01:00
auto-nfu: Add ServiceNow
- - - - -
401816c7 by Moritz Muehlenhoff at 2025-03-07T13:00:56+01:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2025-1475 (The WPCOM Member plugin for WordPress is vulnerable to authentica
CVE-2025-1309 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1121 (Privilege escalation in Installer and Recovery image handling in Googl ...)
- TODO: check
+ NOT-FOR-US: ChromeOS
CVE-2025-0863 (The Flexmls\xae IDX Plugin plugin for WordPress is vulnerable to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0749 (The Homey theme for WordPress is vulnerable to authentication bypass i ...)
@@ -111,7 +111,7 @@ CVE-2025-2031 (A vulnerability classified as critical has been found in Chestnut
CVE-2025-2030 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborat ...)
NOT-FOR-US: Seeyon Zhiyuan Interconnect FE Collaborative Office Platform
CVE-2025-2029 (A vulnerability was found in MicroDicom DICOM Viewer 2025.1 Build 3321 ...)
- TODO: check
+ NOT-FOR-US: MicroDicom DICOM Viewer
CVE-2025-27600 (FastGPT is a knowledge-based platform built on the LLMs. Since the web ...)
NOT-FOR-US: FastGPT
CVE-2025-27509 (fleetdm/fleet is an open source device management, built on osquery. I ...)
@@ -151,7 +151,7 @@ CVE-2025-1383 (The Podlove Podcast Publisher plugin for WordPress is vulnerable
CVE-2025-0877 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: AtaksAPP Reservation Management System
CVE-2025-0337 (ServiceNow has addressed an authorization bypass vulnerability that wa ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2024-7872 (Insertion of Sensitive Information Into Sent Data vulnerability in Ext ...)
NOT-FOR-US: ExtremePACS Extreme XDS
CVE-2024-52924 (An issue was discovered in NRMM in Samsung Mobile Processor, Wearable ...)
@@ -614,7 +614,7 @@ CVE-2024-11153 (The Content Control \u2013 The Ultimate Content Restriction Plug
CVE-2024-11035 (Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible ...)
NOT-FOR-US: Carbon Black Cloud Windows Sensor
CVE-2023-38693 (Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scrip ...)
- TODO: check
+ NOT-FOR-US: Lucee Server
CVE-2025-27685 (Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0 ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-27684 (Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0 ...)
@@ -714,7 +714,7 @@ CVE-2025-27638 (Vasion Print (formerly PrinterLogic) before Virtual Appliance Ho
CVE-2025-27637 (Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22. ...)
NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-27510 (conda-forge-metadata provides programatic access to conda-forge's meta ...)
- TODO: check
+ NOT-FOR-US: conda-forge-metadata
CVE-2025-26319 (FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file u ...)
NOT-FOR-US: FlowiseAI Flowise
CVE-2025-26318 (Insecure permissions in TSplus Remote Access v17.30 allow attackers to ...)
@@ -827,7 +827,7 @@ CVE-2025-27401 (Tuleap is an Open Source Suite to improve management of software
CVE-2025-27156 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite which is th ...)
- TODO: check
+ NOT-FOR-US: Pinecone
CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
@@ -1114,7 +1114,7 @@ CVE-2025-1882 (A vulnerability was found in i-Drive i11 and i12 up to 20250227.
CVE-2025-1881 (A vulnerability was found in i-Drive i11 and i12 up to 20250227. It ha ...)
NOT-FOR-US: i-Drive i11 and i12
CVE-2025-1695 (In NGINX Unit before version 1.34.2 with the Java Language Module in u ...)
- TODO: check
+ NOT-FOR-US: NGINX Unit
CVE-2025-1639 (The Animation Addons for Elementor Pro plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1321 (The teachPress plugin for WordPress is vulnerable to SQL Injection via ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -21,6 +21,8 @@
cna: SamsungMobile
- reason: SAP
cna: sap
+- reason: ServiceNow
+ cna: SN
- reason: WordPress plugin
cna: Wordfence
- reason: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4a132854d735030a403f355b3f58b8ea0758752...401816c7c21fcdd3cc36fbf09dc8587ab06208d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4a132854d735030a403f355b3f58b8ea0758752...401816c7c21fcdd3cc36fbf09dc8587ab06208d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250307/ab56ddec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list