[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 11 Mar 2025 14:11:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b2ec8839 by Salvatore Bonaccorso at 2025-03-11T22:10:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106,27 +106,27 @@ CVE-2025-27158 (Acrobat Reader versions 24.001.30225, 
20.005.30748, 25.001.20428
 CVE-2025-26701 (An issue was discovered in Percona PMM Server (OVA) before 
3.0.0-1.ova ...)
        TODO: check
 CVE-2025-26645 (Relative path traversal in Remote Desktop Client allows an 
unauthorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-26634 (Heap-based buffer overflow in Windows Core Messaging allows an 
authori ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-26633 (Improper neutralization in Microsoft Management Console allows 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-26631 (Uncontrolled search path element in Visual Studio Code allows 
an autho ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-26630 (Use after free in Microsoft Office Access allows an 
unauthorized attac ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-26629 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-26627 (Improper neutralization of special elements used in a command 
('comman ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-25929 (A reflected cross-site scripting (XSS) vulnerability in the 
component  ...)
-       TODO: check
+       NOT-FOR-US: Openmrs
 CVE-2025-25928 (A Cross-Site Request Forgery (CSRF) in the component 
/admin/users/user ...)
-       TODO: check
+       NOT-FOR-US: Openmrs
 CVE-2025-25927 (A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 
0ff0ed allo ...)
-       TODO: check
+       NOT-FOR-US: Openmrs
 CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 
Build 0 ...)
-       TODO: check
+       NOT-FOR-US: Openmrs
 CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users 
to set w ...)
        TODO: check
 CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of 
HotelDruid ...)
@@ -134,43 +134,43 @@ CVE-2025-25748 (A CSRF vulnerability in the 
gestione_utenti.php endpoint of Hote
 CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid 
v.3.0.7  ...)
        TODO: check
 CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a 
RCE vulne ...)
-       TODO: check
+       NOT-FOR-US: LSC Smart Connect LSC Indoor PTZ Camera
 CVE-2025-25267 (A vulnerability has been identified in Tecnomatix Plant 
Simulation V23 ...)
        NOT-FOR-US: Siemens
 CVE-2025-25266 (A vulnerability has been identified in Tecnomatix Plant 
Simulation V23 ...)
        NOT-FOR-US: Siemens
 CVE-2025-25008 (Improper link resolution before file access ('link following') 
in Micr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-25003 (Uncontrolled search path element in Visual Studio allows an 
authorized ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24998 (Uncontrolled search path element in Visual Studio allows an 
authorized ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24997 (Null pointer dereference in Windows Kernel Memory allows an 
authorized ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24996 (External control of file name or path in Windows NTLM allows 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24995 (Heap-based buffer overflow in Kernel Streaming WOW Thunk 
Service Drive ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24994 (Improper access control in Windows Cross Device Service allows 
an auth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24993 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24992 (Buffer over-read in Windows NTFS allows an unauthorized 
attacker to di ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24991 (Out-of-bounds read in Windows NTFS allows an authorized 
attacker to di ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24988 (Out-of-bounds read in Windows USB Video Driver allows an 
authorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24987 (Out-of-bounds read in Windows USB Video Driver allows an 
authorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24986 (Improper isolation or compartmentalization in Azure PromptFlow 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24985 (Integer overflow or wraparound in Windows Fast FAT Driver 
allows an un ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24984 (Insertion of sensitive information into log file in Windows 
NTFS allow ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24983 (Use after free in Windows Win32 Kernel Subsystem allows an 
authorized  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24453 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are 
affected by ...)
        NOT-FOR-US: Adobe
 CVE-2025-24452 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are 
affected by ...)
@@ -202,67 +202,67 @@ CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 
20.005.30748, 25.001.20428
 CVE-2025-24201 (An out-of-bounds write issue was addressed with improved 
checks to pre ...)
        NOT-FOR-US: Apple
 CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24083 (Untrusted pointer dereference in Microsoft Office allows an 
unauthoriz ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24082 (Use after free in Microsoft Office Excel allows an 
unauthorized attack ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24081 (Use after free in Microsoft Office Excel allows an 
unauthorized attack ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24080 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24079 (Use after free in Microsoft Office Word allows an unauthorized 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24078 (Use after free in Microsoft Office Word allows an unauthorized 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24077 (Use after free in Microsoft Office Word allows an unauthorized 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24076 (Improper access control in Windows Cross Device Service allows 
an auth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24075 (Stack-based buffer overflow in Microsoft Office Excel allows 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24072 (Use after free in Microsoft Local Security Authority Server 
(lsasrv) a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24071 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24070 (Weak authentication in ASP.NET Core &amp; Visual Studio allows 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24067 (Heap-based buffer overflow in Microsoft Streaming Service 
allows an au ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24066 (Heap-based buffer overflow in Windows Kernel-Mode Drivers 
allows an au ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24064 (Use after free in DNS Server allows an unauthorized attacker 
to execut ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24061 (Protection mechanism failure in Windows Mark of the Web (MOTW) 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24059 (Incorrect conversion between numeric types in Windows Common 
Log File  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24057 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24056 (Heap-based buffer overflow in Windows Telephony Server allows 
an unaut ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24055 (Out-of-bounds read in Windows USB Video Driver allows an 
authorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24054 (External control of file name or path in Windows NTLM allows 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24051 (Heap-based buffer overflow in Windows Routing and Remote 
Access Servic ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24050 (Heap-based buffer overflow in Role: Windows Hyper-V allows an 
authoriz ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24049 (Improper neutralization of special elements used in a command 
('comman ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24048 (Heap-based buffer overflow in Role: Windows Hyper-V allows an 
authoriz ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24046 (Use after free in Microsoft Streaming Service allows an 
authorized att ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24045 (Sensitive data storage in improperly locked memory in Windows 
Remote D ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24044 (Use after free in Windows Win32 Kernel Subsystem allows an 
authorized  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24043 (Improper verification of cryptographic signature in .NET 
allows an aut ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24035 (Sensitive data storage in improperly locked memory in Windows 
Remote D ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-23402 (A vulnerability has been identified in Teamcenter 
Visualization V14.3  ...)
        NOT-FOR-US: Siemens
 CVE-2025-23401 (A vulnerability has been identified in Teamcenter 
Visualization V14.3  ...)
@@ -280,11 +280,11 @@ CVE-2025-23396 (A vulnerability has been identified in 
Teamcenter Visualization
 CVE-2025-23384 (A vulnerability has been identified in RUGGEDCOM RM1224 
LTE(4G) EU (6G ...)
        NOT-FOR-US: Siemens
 CVE-2025-23360 (NVIDIA Nemo Framework contains a vulnerability where a user 
could caus ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Nemo Framework
 CVE-2025-23243 (NVIDIA Riva contains a vulnerability where a user could cause 
an impro ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Riva
 CVE-2025-23242 (NVIDIA Riva contains a vulnerability where a user could cause 
an impro ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Riva
 CVE-2025-22454 (Insufficiently restrictive permissions in Ivanti Secure Access 
Client  ...)
        TODO: check
 CVE-2025-22370 (Many fields for the web configuration interface of the 
firmware for Me ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2ec88394f9e5c245ab9734a0769ab0cecdba8a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2ec88394f9e5c245ab9734a0769ab0cecdba8a1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to