[Git][security-tracker-team/security-tracker][master] 3 commits: auto-nfu: Add Liferay

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 19 21:48:53 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23e7eba4 by Moritz Muehlenhoff at 2025-03-19T22:36:13+01:00
auto-nfu: Add Liferay

Total CVEs from Liferay: 67
Total CVEs from Liferay with packages assigned: 0

- - - - -
4432fab1 by Moritz Muehlenhoff at 2025-03-19T22:43:31+01:00
auto-nfu: Add Absolute Software

Total CVEs from Absolute: 15
Total CVEs from Absolute with packages assigned: 0

- - - - -
b506df1e by Moritz Muehlenhoff at 2025-03-19T22:48:26+01:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2025-30196 (Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for li
 CVE-2025-30154 (reviewdog/action-setup is a GitHub action that installs reviewdog. rev ...)
 	NOT-FOR-US: reviewdog/action-setup GitHub action
 CVE-2025-30153 (kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131 ...)
-	TODO: check
+	NOT-FOR-US: kin-openapi
 CVE-2025-30152 (The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin for the ...)
-	TODO: check
+	NOT-FOR-US: Syliud PayPal plugin
 CVE-2025-30144 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5 ...)
 	TODO: check
 CVE-2025-2536 (Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 th ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-2512 (The File Away plugin for WordPress is vulnerable to arbitrary file upl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2511 (The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQ ...)
@@ -33,23 +33,23 @@ CVE-2025-29783 (vLLM is a high-throughput and memory-efficient inference and ser
 CVE-2025-29770 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
 	NOT-FOR-US: vLLM
 CVE-2025-29405 (An arbitrary file upload vulnerability in the component /admin/templat ...)
-	TODO: check
+	NOT-FOR-US: emlog pro
 CVE-2025-29401 (An arbitrary file upload vulnerability in the component /views/plugin. ...)
-	TODO: check
+	NOT-FOR-US: emlog pro
 CVE-2025-29137 (Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the time ...)
 	NOT-FOR-US: Tenda
 CVE-2025-29118 (Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-27705 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
-	TODO: check
+	NOT-FOR-US: Absolute Software
 CVE-2025-27704 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
-	TODO: check
+	NOT-FOR-US: Absolute Software
 CVE-2025-27415 (Nuxt is an open-source web development framework for Vue.js. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: Nuxt
 CVE-2025-26486 (Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash ...)
-	TODO: check
+	NOT-FOR-US: Beta80 Life 1st Identity Manager
 CVE-2025-26485 (The Exposure of Sensitive Information to an Unauthorized Actor  vulner ...)
-	TODO: check
+	NOT-FOR-US: Beta80 Life 1st Identity Manager
 CVE-2025-26475 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26 ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-23382 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26 ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -1,6 +1,8 @@
 # Simple CNA based rules
 - reason: 1E
   cna: 1E
+- reason: Absolute Software
+  cna: Absolute
 - reason: AMI
   cna: AMI
 - reason: Apple
@@ -47,6 +49,8 @@
   cna: Joomla
 - reason: Juniper
   cna: juniper
+- reason: Liferay
+  cna: Liferay
 - reason: MediaTek
   cna: MediaTek
 - reason: Palo Alto Networks



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9780d3c75642e7a9e06a0a17e6a26dcfd592d0f8...b506df1ea3c03386e48a4bd464d06564cbb5f4fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9780d3c75642e7a9e06a0a17e6a26dcfd592d0f8...b506df1ea3c03386e48a4bd464d06564cbb5f4fe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250319/68e8263f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list