Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f1ea1c1 by Moritz Muehlenhoff at 2025-06-17T22:41:04+02:00
auto-nfu: Add rule for Citrix
Total CVEs from Citrix: 58
Total CVEs from Citrix with packages assigned: 0
Scope: Citrix issues only.
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,23 +11,23 @@ CVE-2025-6069 (The html.parser.HTMLParser class had
worse-case quadratic complex
CVE-2025-6050 (Mezzanine CMS, in versions prior to 6.1.1, contains a Stored
Cross-Sit ...)
TODO: check
CVE-2025-5777 (Insufficient input validation leading to memory overreadon the
NetScal ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2025-5700 (The Simple Logo Carousel plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5349 (Improper access control on the NetScaler Management Interface
in NetSc ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2025-5291 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core
Privilege ...)
TODO: check
CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain
SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2025-4754 (Insufficient Session Expiration vulnerability in ash-project
ash_authe ...)
TODO: check
CVE-2025-4404 (A privilege escalation from host to domain vulnerability was
found in ...)
TODO: check
CVE-2025-4365 (Arbitrary file read inNetScaler Console and NetScaler SDX (SVM))
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2025-49882 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49881 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -231,7 +231,7 @@ CVE-2025-24773 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-24761 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain
SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote
attacker ...)
TODO: check
CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]
=====================================
data/packages/nfu.yaml
=====================================
@@ -49,6 +49,8 @@
cna: Canon
- reason: Centreon
cna: Centreon
+- reason: Citrix
+ cna: Citrix
- reason: Crestron
cna: Crestron
- reason: Dell / EMC
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f1ea1c1ba7aa242a9659782a132a14d68124bd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f1ea1c1ba7aa242a9659782a132a14d68124bd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
