Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b404eabe by Salvatore Bonaccorso at 2025-05-14T23:32:46+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,7 +85,7 @@ CVE-2025-3600 (In Progress\xae Telerik\xae UI for AJAX,
versions 2011.2.712 to 2
CVE-2025-33104 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
NOT-FOR-US: IBM
CVE-2025-32363 (mediDOK before 2.5.18.43 allows remote attackers to achieve
remote cod ...)
- TODO: check
+ NOT-FOR-US: mediDOK
CVE-2025-30668 (Integer underflow in some Zoom Workplace Apps may allow an
authenticat ...)
NOT-FOR-US: Zoom
CVE-2025-30667 (NULL pointer dereference in some Zoom Workplace Apps for
Windows may a ...)
@@ -103,21 +103,21 @@ CVE-2025-2900 (IBM Semeru Runtime 8.0.302.0 through
8.0.442.0, 11.0.12.0 through
CVE-2025-2875 (CWE-610: Externally Controlled Reference to a Resource in
Another Sphe ...)
NOT-FOR-US: Schneider Electric
CVE-2025-26785 (An issue was discovered in NAS in Samsung Mobile Processor,
Wearable P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-26784 (An issue was discovered in NAS in Samsung Mobile Processor,
Wearable P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-25370 (An issue in realme GT 2 (RMX3311) running Android 14 with
realme UI 5. ...)
- TODO: check
+ NOT-FOR-US: realme GT 2 (RMX3311)
CVE-2025-24969 (iTop is an web based IT Service Management tool. Prior to
version 3.2. ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24785 (iTop is an web based IT Service Management tool. In version
3.2.0, an ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24026 (iTop is an web based IT Service Management tool. Versions
prior to 3.2 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24022 (iTop is an web based IT Service Management tool. Prior to
versions 2.7 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24021 (iTop is an web based IT Service Management tool. Prior to
versions 2.7 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-22756
REJECTED
CVE-2025-0138 (Web sessions in the web interface of Palo Alto Networks
Prisma\xae Clo ...)
@@ -141,19 +141,19 @@ CVE-2025-0130 (A missing exception check in Palo Alto
Networks PAN-OS\xae softwa
CVE-2024-8988 (The PeepSo Core: File Uploads plugin for WordPress is
vulnerable to In ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio devices are
Bluetooth pair ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
- TODO: check
+ NOT-FOR-US: Netgate pfSense CE
CVE-2024-57096 (An issue in wps office before v.19302 allows a local attacker
to obtai ...)
TODO: check
CVE-2024-56157 (iTop is an web based IT Service Management tool. Prior to
versions 3.1 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2024-54780 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
- TODO: check
+ NOT-FOR-US: Netgate pfSense CE
CVE-2024-54779 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
- TODO: check
+ NOT-FOR-US: Netgate pfSense CE
CVE-2024-52601 (iTop is an web based IT Service Management tool. Prior to
versions 2.7 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2024-45516 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0
before Pat ...)
NOT-FOR-US: Zimbra
CVE-2024-13940 (The Ninja Forms Webhooks plugin for WordPress is vulnerable to
Server- ...)
@@ -273,25 +273,25 @@ CVE-2025-21100 (Improper initialization in the UEFI
firmware for the Intel(R) Se
CVE-2025-21099 (Uncontrolled search path for some Intel(R) Graphics software
may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-21094 (Improper input validation in the UEFI firmware DXE module for
the Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21081 (Protection mechanism failure for some Edge Orchestrator
software for I ...)
NOT-FOR-US: Intel
CVE-2025-20629 (Insecure inherited permissions in the NVM Update Utility for
some Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20624 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
NOT-FOR-US: Intel
CVE-2025-20618 (Stack-based buffer overflow for some Intel(R) PROSet/Wireless
WiFi Sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20616 (Uncontrolled resource consumption for some Edge Orchestrator
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20612 (Incorrect execution-assigned permissions for some Edge
Orchestrator so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20611 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20108 (Uncontrolled search path element for some Intel(R) Network
Adapter Dri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20104 (Race condition in some Administrative Tools for some Intel(R)
Network ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20101 (Out-of-bounds read for some Intel(R) Graphics Drivers may
allow an aut ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20100 (Improper access control in the memory controller
configurations for so ...)
@@ -303,7 +303,7 @@ CVE-2025-20084 (Uncontrolled resource consumption for some
Edge Orchestrator sof
CVE-2025-20083 (Improper authentication in the firmware for the Intel(R) Slim
Bootload ...)
TODO: check
CVE-2025-20082 (Time-of-check time-of-use race condition in the UEFI firmware
SmiVaria ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20079 (Uncontrolled search path for some Intel(R) Advisor software
may allow ...)
NOT-FOR-US: Intel
CVE-2025-20076 (Improper access control for some Edge Orchestrator software
for Intel( ...)
@@ -311,45 +311,45 @@ CVE-2025-20076 (Improper access control for some Edge
Orchestrator software for
CVE-2025-20071 (NULL pointer dereference for some Intel(R) Graphics Drivers
may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20062 (Use after free for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20057 (Uncontrolled resource consumption for some Edge Orchestrator
software ...)
NOT-FOR-US: Intel
CVE-2025-20052 (Improper access control for some Intel(R) Graphics software
may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20047 (Improper locking in the Intel(R) Integrated Connectivity I/O
interface ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20043 (Uncontrolled search path for some Intel(R) RealSense\u2122 SDK
softwar ...)
NOT-FOR-US: Intel
CVE-2025-20041 (Uncontrolled search path for some Intel(R) Graphics software
for Intel ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20039 (Race condition for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI
firmware SmiVar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20032 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20031 (Improper input validation for some Intel(R) Graphics Drivers
may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20030 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20026 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi
Software for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20022 (Insufficient control flow management for some Edge
Orchestrator softwa ...)
NOT-FOR-US: Intel
CVE-2025-20018 (Untrusted pointer dereference for some Intel(R) Graphics
Drivers may a ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20015 (Uncontrolled search path element for some Intel(R) Ethernet
Connection ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
NOT-FOR-US: Intel
CVE-2025-20009 (Improper input validation in the UEFI firmware GenerationSetup
module ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20008 (Insecure inherited permissions for some Intel(R) Simics(R)
Package Man ...)
NOT-FOR-US: Intel
CVE-2025-20006 (Use after free for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20004 (Insufficient control flow management in the Alias Checking
Trusted Mod ...)
TODO: check
CVE-2025-20003 (Improper link resolution before file access ('Link Following')
for som ...)
@@ -732,7 +732,7 @@ CVE-2025-0035 (Unquoted search path within AMD Cloud
Manageability Service can a
CVE-2024-6364 (A vulnerability in Absolute Persistence\xae versions before 2.8
exists ...)
NOT-FOR-US: Absolute Software
CVE-2024-56526 (An issue was discovered in OXID eShop before 7. CMS pages in
combinati ...)
- TODO: check
+ NOT-FOR-US: OXID eShop
CVE-2024-51447 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
NOT-FOR-US: Siemens
CVE-2024-51446 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b404eabea898c3f57091eb9f0ec9f45a8f68f6ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b404eabea898c3f57091eb9f0ec9f45a8f68f6ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
