Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44461550 by Salvatore Bonaccorso at 2025-06-11T05:56:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -185,7 +185,7 @@ CVE-2025-43558 (InDesign Desktop versions ID20.2, ID19.5.3
and earlier are affec
CVE-2025-43550 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
NOT-FOR-US: Adobe
CVE-2025-41657 (Due to an undocumented active bluetooth stack on products
delivered wi ...)
- TODO: check
+ NOT-FOR-US: AUMA Riester products
CVE-2025-40662 (Absolute path disclosure vulnerability in DM Corporative CMS.
This vul ...)
NOT-FOR-US: DM Corporative CMS
CVE-2025-40661 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
@@ -227,7 +227,7 @@ CVE-2025-3116 (CWE-20: Improper Input Validation
vulnerability exists that could
CVE-2025-3112 (CWE-400: Uncontrolled Resource Consumption vulnerability exists
that c ...)
NOT-FOR-US: Schneider Electric
CVE-2025-3052 (An arbitrary write vulnerability in Microsoft signed UEFI
firmware all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-37100 (A vulnerability in the APIs of HPE Aruba Networking Private 5G
Corecou ...)
NOT-FOR-US: HPE
CVE-2025-36852 (A critical security vulnerability exists in remote cache
extensions fo ...)
@@ -247,75 +247,75 @@ CVE-2025-36574 (Dell Wyse Management Suite, versions
prior to WMS 5.2, contain a
CVE-2025-33112 (IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow
a non-p ...)
NOT-FOR-US: IBM
CVE-2025-33075 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33073 (Improper access control in Windows SMB allows an authorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33071 (Use after free in Windows KDC Proxy Service (KPSSVC) allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33070 (Use of uninitialized resource in Windows Netlogon allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33069 (Improper verification of cryptographic signature in App
Control for Bu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33068 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33067 (Improper privilege management in Windows Kernel allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33066 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33065 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33064 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33063 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33062 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33061 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33060 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33059 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33058 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33057 (Null pointer dereference in Windows Local Security Authority
(LSA) all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33056 (Improper access control in Microsoft Local Security Authority
Server ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33055 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33053 (External control of file name or path in WebDAV allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33052 (Use of uninitialized resource in Windows DWM Core Library
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33050 (Protection mechanism failure in Windows DHCP Server allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32725 (Protection mechanism failure in Windows DHCP Server allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32724 (Uncontrolled resource consumption in Windows Local Security
Authority ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32722 (Improper access control in Windows Storage Port Driver allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32721 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32720 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32719 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32718 (Integer overflow or wraparound in Windows SMB allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32716 (Out-of-bounds read in Windows Media allows an authorized
attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32715 (Out-of-bounds read in Remote Desktop Client allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32714 (Improper access control in Windows Installer allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32713 (Heap-based buffer overflow in Windows Common Log File System
Driver al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32712 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32710 (Use after free in Windows Remote Desktop Services allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-31104 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-30327 (InCopy versions 20.2, 19.5.3 and earlier are affected by an
Integer Ov ...)
@@ -325,19 +325,19 @@ CVE-2025-30321 (InDesign Desktop versions ID20.2,
ID19.5.3 and earlier are affec
CVE-2025-30317 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
NOT-FOR-US: Adobe
CVE-2025-30220 (GeoServer is an open source server that allows users to share
and edit ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2025-30145 (GeoServer is an open source server that allows users to share
and edit ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2025-2918 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2884 (TCG TPM2.0 Reference implementation's CryptHmacSign helper
function is ...)
TODO: check
CVE-2025-2474 (Out-of-bounds write in the PCX image codec in QNX SDP versions
8.0, 7. ...)
- TODO: check
+ NOT-FOR-US: QNX SDP
CVE-2025-29828 (Missing release of memory after effective lifetime in Windows
Cryptogr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27505 (GeoServer is an open source server that allows users to share
and edit ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2025-27207 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
NOT-FOR-US: Adobe
CVE-2025-27206 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
@@ -351,11 +351,11 @@ CVE-2025-25250 (An Exposure of Sensitive Information to
an Unauthorized Actor vu
CVE-2025-24471 (AnImproper Certificate Validation vulnerability [CWE-295] in
FortiOS v ...)
NOT-FOR-US: Fortinet
CVE-2025-24069 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24068 (Buffer over-read in Windows Storage Management Provider allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24065 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-22463 (A hardcoded key in Ivanti Workspace Control before version
10.19.10.0 ...)
NOT-FOR-US: Ivanti
CVE-2025-22455 (A hardcoded key in Ivanti Workspace Control before version
10.19.0.0 a ...)
@@ -371,11 +371,11 @@ CVE-2025-0052 (Improper input validation performed during
the authentication pro
CVE-2025-0051 (Improper input validation performed during the authentication
process ...)
NOT-FOR-US: Pure Storage
CVE-2024-57190 (Erxes <1.6.1 is vulnerable to Incorrect Access Control. An
attacker ca ...)
- TODO: check
+ NOT-FOR-US: Erxes
CVE-2024-57189 (In Erxes <1.6.2, an authenticated attacker can write to
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Erxes
CVE-2024-57186 (In Erxes <1.6.2, an unauthenticated attacker can read
arbitrary files ...)
- TODO: check
+ NOT-FOR-US: Erxes
CVE-2024-54019 (A improper validation of certificate with host mismatch in
Fortinet Fo ...)
NOT-FOR-US: Fortinet
CVE-2024-50568 (A channel accessible by non-endpoint vulnerability [CWE-300]
in Fortin ...)
@@ -385,37 +385,37 @@ CVE-2024-50562 (An Insufficient Session Expiration
vulnerability [CWE-613] in Fo
CVE-2024-45329 (A authorization bypass through user-controlled key in Fortinet
FortiPo ...)
NOT-FOR-US: Fortinet
CVE-2024-43706 (Improper authorization in Kibana can lead to privilege abuse
via a dir ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2024-41797 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
NOT-FOR-US: Siemens
CVE-2024-41505 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
- TODO: check
+ NOT-FOR-US: Jetimob Plataforma Imobiliaria
CVE-2024-41504 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
- TODO: check
+ NOT-FOR-US: Jetimob Plataforma Imobiliaria
CVE-2024-41503 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
- TODO: check
+ NOT-FOR-US: Jetimob Plataforma Imobiliaria
CVE-2024-41502 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
- TODO: check
+ NOT-FOR-US: Jetimob Plataforma Imobiliaria
CVE-2024-40625 (GeoServer is an open source server that allows users to share
and edit ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2024-38524 (GeoServer is an open source server that allows users to share
and edit ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2024-37396 (A stored cross-site scripting (XSS) vulnerability in the
Calendar func ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-37395 (A stored cross-site scripting (XSS) vulnerability in the
Public Survey ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-37394 (A stored cross-site scripting (XSS) vulnerability in the
Project Dashb ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-34711 (GeoServer is an open source server that allows users to share
and edit ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2024-32119 (An improper authentication vulnerability [CWE-287] in Fortinet
FortiCl ...)
NOT-FOR-US: Fortinet
CVE-2024-29198 (GeoServer is an open source software server written in Java
that allow ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2024-13090 (A privilege escalation vulnerability may enable a service
account to e ...)
TODO: check
CVE-2024-13089 (An OS command injection vulnerability within the update
functionality ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2023-48786 (A server-side request forgery vulnerability [CWE-918] in
Fortinet Fort ...)
NOT-FOR-US: Fortinet
CVE-2025-49133 (Libtpms is a library that targets the integration of TPM
functionality ...)
@@ -544,7 +544,7 @@ CVE-2025-26468 (CyberData 011209 Intercom exposes
features that could allow a
CVE-2025-23192 (SAP BusinessObjects Business Intelligence (BI Workspace)
allows an una ...)
NOT-FOR-US: SAP
CVE-2025-1041 (An improper input validation discovered in Avaya Call
Management Sys ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2025-0037 (In AMD Versal Adaptive SoC devices, the lack of address
validation whe ...)
NOT-FOR-US: AMD
CVE-2025-0036 (In AMD Versal Adaptive SoC devices, the incorrect configuration
of the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44461550cb7b4a908a53deeac7e9d7d82e24dded
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44461550cb7b4a908a53deeac7e9d7d82e24dded
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
