Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ac4bec1 by security tracker role at 2025-11-11T20:13:46+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-9408 (System call entry on Cortex M (and possibly R and A, but I
think not) ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-9227 (Zohocorp ManageEngine OpManager versions 128609 and below are
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-9223 (Zohocorp ManageEngine Applications Manager versions 178100 and
below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-8324 (Zohocorp ManageEngine Analytics Plus versions6170 and below are
vulner ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7633 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and
below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7632 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and
below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7430 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and
below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-64773 (In JetBrains YouTrack before 2025.3.104432 a race condition
allowed by ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-62453 (Improper validation of generative ai output in GitHub Copilot
and Visu ...)
TODO: check
CVE-2025-62452 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
@@ -63,55 +63,55 @@ CVE-2025-62200 (Untrusted pointer dereference in Microsoft
Office Excel allows a
CVE-2025-62199 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
TODO: check
CVE-2025-61845 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61844 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61843 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61842 (Format Plugins versions 1.1.1 and earlier are affected by a
Use After ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61841 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61840 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61839 (Format Plugins versions 1.1.1 and earlier are affected by an
out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61838 (Format Plugins versions 1.1.1 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61837 (Format Plugins versions 1.1.1 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61836 (Illustrator on iPad versions 3.0.9 and earlier are affected by
an Inte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61832 (InDesign Desktop versions 20.5, 19.5.5 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61831 (Illustrator versions 28.7.10, 29.8.2 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61830 (Adobe Pass versions 3.7.3 and earlier are affected by an
Incorrect Aut ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61829 (Illustrator on iPad versions 3.0.9 and earlier are affected by
a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61828 (Illustrator on iPad versions 3.0.9 and earlier are affected by
an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61827 (Illustrator on iPad versions 3.0.9 and earlier are affected by
a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61826 (Illustrator on iPad versions 3.0.9 and earlier are affected by
an Inte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61824 (InDesign Desktop versions 20.5, 19.5.5 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61820 (Illustrator versions 28.7.10, 29.8.2 and earlier are affected
by a Hea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61819 (Photoshop Desktop versions 26.8.1 and earlier are affected by
a Heap-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61818 (InCopy versions 20.5, 19.5.5 and earlier are affected by a Use
After F ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61817 (InCopy versions 20.5, 19.5.5 and earlier are affected by a Use
After F ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61816 (InCopy versions 20.5, 19.5.5 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61815 (InDesign Desktop versions 20.5, 19.5.5 and earlier are
affected by a U ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61814 (InDesign Desktop versions 20.5, 19.5.5 and earlier are
affected by a U ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-60728 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
TODO: check
CVE-2025-60727 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
@@ -159,7 +159,7 @@ CVE-2025-60704 (Missing cryptographic step in Windows
Kerberos allows an unautho
CVE-2025-60703 (Untrusted pointer dereference in Windows Remote Desktop allows
an auth ...)
TODO: check
CVE-2025-5317 (An improper access restriction to a folder in Bitdefender
Endpoint Sec ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2025-59515 (Use after free in Windows Broadcast DVR User Service allows an
authori ...)
TODO: check
CVE-2025-59514 (Improper privilege management in Microsoft Streaming Service
allows an ...)
@@ -183,7 +183,7 @@ CVE-2025-59506 (Concurrent execution using shared resource
with improper synchro
CVE-2025-59505 (Double free in Windows Smart Card allows an authorized
attacker to ele ...)
TODO: check
CVE-2025-59504 (Heap-based buffer overflow in Azure Monitor Agent allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59499 (Improper neutralization of special elements used in an sql
command ('s ...)
TODO: check
CVE-2025-59240 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
@@ -213,13 +213,13 @@ CVE-2025-35967 (Out-of-bounds read for some Intel(R)
PROSet/Wireless WiFi Softwa
CVE-2025-35963 (Insufficient control flow management for some Intel(R)
PROSet/Wireless ...)
TODO: check
CVE-2025-33202 (NVIDIA Triton Inference Server for Linux and Windows contains
a vulner ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33186 (NVIDIA AIStore contains a vulnerability in AuthN. A successful
exploit ...)
TODO: check
CVE-2025-33185 (NVIDIA AIStore contains a vulnerability in AuthN where an
unauthentica ...)
TODO: check
CVE-2025-33178 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33029 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi
Software fo ...)
TODO: check
CVE-2025-33000 (Improper input validation for some Intel QuickAssist
Technology before ...)
@@ -325,9 +325,9 @@ CVE-2025-24307 (Improper privilege management for some
Intel(R) CIP software bef
CVE-2025-24299 (Improper input validation for some Intel(R) CIP software
before versio ...)
TODO: check
CVE-2025-23361 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-23357 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in a scr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-22391 (Improper access control for some SigTest before version 6.1.10
within ...)
TODO: check
CVE-2025-20622 (Sensitive information uncleared in resource before release for
reuse f ...)
@@ -347,43 +347,43 @@ CVE-2025-13032 (Double fetch in sandbox kernel driver in
Avast/AVG Antivirus <25
CVE-2025-13027 (Memory safety bugs present in Firefox 144 and Thunderbird 144.
Some of ...)
TODO: check
CVE-2025-12953 (The Classified Listing \u2013 AI-Powered Classified ads &
Business Dir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12944 (Improper input validation in NETGEAR DGN2200v4 (N300 Wireless
ADSL2+ M ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12943 (Improper certificate validation in firmware update logic in
NETGEAR RA ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12942 (Improper Input Validation vulnerability in NETGEAR R6260 and
NETGEAR R ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12940 (Login credentials are inadvertently recorded in logs if a
Syslog Serve ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12846 (The Blocksy Companion plugin for WordPress is vulnerable to
authentica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12788 (The Hydra Booking \u2014 Appointment Scheduling & Booking
Calendar plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12787 (The Hydra Booking \u2014 Appointment Scheduling & Booking
Calendar plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12748 (A flaw was discovered in libvirt in the XML file processing.
More spec ...)
TODO: check
CVE-2025-12539 (The TNC Toolbox: Web Performance plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12101 (Cross-Site Scripting (XSS)inNetScaler ADC and NetScaler
Gateway whenth ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2025-11960 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-11959 (Files or Directories Accessible to External Parties, Exposure
of Priva ...)
TODO: check
CVE-2025-11862 (A security issue was discovered within Verve Asset Manager
allowing un ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11697 (A local code execution security issue exists within Studio
5000\xae Si ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11696 (A local server-side request forgery (SSRF) security issue
exists withi ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11085 (A security issue exists within DataMosaix\u2122 Private Cloud
allowing ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11084 (A security issue exists within DataMosaix\u2122 Private Cloud,
allowin ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-10918 (Insecure default permissions in the agent of Ivanti Endpoint
Manager b ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-10905 (Collision in MiniFilter driverin Avast Software Avast Free
Antivirus b ...)
TODO: check
CVE-2025-10161 (Improper Restriction of Excessive Authentication Attempts,
Client-Side ...)
@@ -391,7 +391,7 @@ CVE-2025-10161 (Improper Restriction of Excessive
Authentication Attempts, Clien
CVE-2024-57695 (An issue in Agnitum Outpost Security Suite 7.5.3
(3942.608.1810) and 7 ...)
TODO: check
CVE-2017-20210 (Photo Station 5.4.1 & 5.2.7 include the security fix for the
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-13015 (Spoofing issue in Firefox. This vulnerability affects Firefox
< 145, F ...)
- firefox <unfixed>
- firefox-esr <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac4bec1175b5fdadd4ee9441d37ae65a87d2590
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac4bec1175b5fdadd4ee9441d37ae65a87d2590
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
