Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50b61496 by Salvatore Bonaccorso at 2025-10-15T05:49:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,13 +31,13 @@ CVE-2025-7329 (A Stored Cross-Site Scripting security issue
exists in the affect
CVE-2025-7328 (Multiple Broken Authentication security issues exist in the
affected p ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-62366 (mailgen is a Node.js package that generates responsive HTML
e-mails fo ...)
- TODO: check
+ NOT-FOR-US: Node mailgen
CVE-2025-62172 (Home Assistant is open source home automation software that
puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2025-62157 (Argo Workflows is an open source container-native workflow
engine for ...)
- TODO: check
+ NOT-FOR-US: Argo Workflows
CVE-2025-62156 (Argo Workflows is an open source container-native workflow
engine for ...)
- TODO: check
+ NOT-FOR-US: Argo Workflows
CVE-2025-61807 (Substance3D - Stager versions 3.1.4 and earlier are affected
by an Int ...)
NOT-FOR-US: Adobe
CVE-2025-61806 (Substance3D - Stager versions 3.1.4 and earlier are affected
by an out ...)
@@ -185,115 +185,115 @@ CVE-2025-59221 (Use after free in Microsoft Office Word
allows an unauthorized a
CVE-2025-59214 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
NOT-FOR-US: Microsoft
CVE-2025-59213 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59211 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59210 (Windows Resilient File System (ReFS) Deduplication Service
Elevation o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59209 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59208 (Out-of-bounds read in Windows MapUrlToZone allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59207 (Untrusted pointer dereference in Windows Kernel allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59206 (Windows Resilient File System (ReFS) Deduplication Service
Elevation o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59205 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59204 (Use of uninitialized resource in Windows Management Services
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59203 (Insertion of sensitive information into log file in Windows
StateRepos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59202 (Use after free in Windows Remote Desktop Services allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59201 (Improper access control in Network Connection Status Indicator
(NCSI) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59200 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59199 (Improper access control in Software Protection Platform (SPP)
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59198 (Improper input validation in Microsoft Windows Search
Component allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59197 (Insertion of sensitive information into log file in Windows
ETL Channe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59196 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59195 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59194 (Use of uninitialized resource in Windows Kernel allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59193 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59192 (Buffer over-read in Storport.sys Driver allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59191 (Heap-based buffer overflow in Connected Devices Platform
Service (Cdps ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59190 (Improper input validation in Microsoft Windows Search
Component allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59189 (Use after free in Microsoft Brokering File System allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59188 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59187 (Improper input validation in Windows Kernel allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59186 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59185 (External control of file name or path in Windows Core Shell
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59184 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59051 (The FreePBX Endpoint Manager module includes a Network
Scanning featur ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2025-58903 (An Unchecked Return Value vulnerability [CWE-252] in Fortinet
FortiOS ...)
NOT-FOR-US: Fortinet
CVE-2025-58739 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58738 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58737 (Use after free in Windows Remote Desktop allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58736 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58735 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58734 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58733 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58732 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58731 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58730 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58729 (Improper validation of specified type of input in Windows
Local Sessio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58728 (Use after free in Windows Bluetooth Service allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58727 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58726 (Improper access control in Windows SMB Server allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58725 (Heap-based buffer overflow in Windows COM allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58724 (Improper access control in Azure Connected Machine Agent
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58722 (Heap-based buffer overflow in Windows DWM allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58720 (Use of a cryptographic primitive with a risky implementation
in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58719 (Use after free in Connected Devices Platform Service (Cdpsvc)
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58718 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58717 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58716 (Improper input validation in Microsoft Windows Speech allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58715 (Integer overflow or wraparound in Microsoft Windows Speech
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58714 (Improper access control in Windows Ancillary Function Driver
for WinSo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58325 (An Incorrect Provision of Specified Functionality
vulnerability [CWE-6 ...)
NOT-FOR-US: Fortinet
CVE-2025-58324 (An improper neutralization of input during web page generation
vulnera ...)
@@ -305,101 +305,101 @@ CVE-2025-57740 (An Heap-based Buffer Overflow
vulnerability [CWE-122] in FortiOS
CVE-2025-57716 (An Uncontrolled Search Path Element vulnerability [CWE-427] in
FortiCl ...)
NOT-FOR-US: Fortinet
CVE-2025-57618 (A path traversal vulnerability in FastX3 thru 3.3.67 allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: FastX3
CVE-2025-57563 (A path traversal in StarNet Communications Corporation FastX
v.4 throu ...)
- TODO: check
+ NOT-FOR-US: FastX
CVE-2025-56747 (Creativeitem Academy LMS up to and including 5.13 contains a
privilege ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2025-55701 (Improper validation of specified type of input in Microsoft
Windows al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55700 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55699 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55698 (Null pointer dereference in Windows DirectX allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55697 (Heap-based buffer overflow in Azure Local allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55696 (Time-of-check time-of-use (toctou) race condition in
NtQueryInformatio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55695 (Out-of-bounds read in Windows WLAN Auto Config Service allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55694 (Improper access control in Windows Error Reporting allows an
authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55693 (Use after free in Windows Kernel allows an unauthorized
attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55692 (Improper input validation in Windows Error Reporting allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55691 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55690 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55689 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55688 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55687 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55686 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55685 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55684 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55683 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55682 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55681 (Out-of-bounds read in Windows DWM allows an authorized
attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55680 (Time-of-check time-of-use (toctou) race condition in Windows
Cloud Fil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55679 (Improper input validation in Windows Kernel allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55678 (Use after free in Windows DirectX allows an authorized
attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55677 (Untrusted pointer dereference in Windows Device Association
Broker ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55676 (Generation of error message containing sensitive information
in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55340 (Improper authentication in Windows Remote Desktop Protocol
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55339 (Out-of-bounds read in Windows NDIS allows an authorized
attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55338 (Missing Ability to Patch ROM Code in Windows BitLocker allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55337 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55336 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55335 (Use after free in Windows NTFS allows an unauthorized attacker
to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55334 (Cleartext storage of sensitive information in Windows Kernel
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55333 (Incomplete comparison with missing factors in Windows
BitLocker allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55332 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55331 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55330 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55328 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55326 (Use after free in Connected Devices Platform Service (Cdpsvc)
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55325 (Buffer over-read in Windows Storage Management Provider allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55320 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55315 (Inconsistent interpretation of http requests ('http
request/response s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55248 (Inadequate encryption strength in .NET, .NET Framework, Visual
Studio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55247 (Improper link resolution before file access ('link following')
in .NET ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55240 (Improper access control in Visual Studio allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54973 (A concurrent execution using shared resource with improper
synchroniza ...)
NOT-FOR-US: Fortinet
CVE-2025-54893 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -790,11 +790,11 @@ CVE-2025-62175 (Mastodon is a free, open-source social
network server based on A
CVE-2025-62174 (Mastodon is a free, open-source social network server based on
Activit ...)
- mastodon <itp> (bug #859741)
CVE-2025-61688 (Omni manages Kubernetes on bare metal, virtual machines, or in
a cloud ...)
- TODO: check
+ NOT-FOR-US: Omni
CVE-2025-59889 (Improper authentication of library files in the Eaton IPP
software ins ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-59836 (Omni manages Kubernetes on bare metal, virtual machines, or in
a cloud ...)
- TODO: check
+ NOT-FOR-US: Omni
CVE-2025-55078 (In Eclipse ThreadX before version 6.4.3, an attacker can cause
a denia ...)
TODO: check
CVE-2025-42939 (SAP S/4HANA (Manage Processing Rules - For Bank Statements)
allows an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b614961c615669b76b5be8dcf4da6c680106d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b614961c615669b76b5be8dcf4da6c680106d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
