Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d2c4c85 by Salvatore Bonaccorso at 2025-11-11T22:09:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,53 +15,53 @@ CVE-2025-7430 (Zohocorp ManageEngine Exchange Reporter Plus
versions 5723 and be
CVE-2025-64773 (In JetBrains YouTrack before 2025.3.104432 a race condition
allowed by ...)
NOT-FOR-US: JetBrains
CVE-2025-62453 (Improper validation of generative ai output in GitHub Copilot
and Visu ...)
- TODO: check
+ NOT-FOR-US: GitHub Copilot and Visual Studio Code
CVE-2025-62452 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62449 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Visual Studio Code CoPilot Chat Extension
CVE-2025-62222 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Visual Studio Code CoPilot Chat Extension
CVE-2025-62220 (Heap-based buffer overflow in Windows Subsystem for Linux GUI
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62219 (Double free in Microsoft Wireless Provisioning System allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62218 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62217 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62216 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62215 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62214 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62213 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62211 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62210 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62209 (Insertion of sensitive information into log file in Windows
License Ma ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62208 (Insertion of sensitive information into log file in Windows
License Ma ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62206 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62205 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62204 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62203 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62202 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62201 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62200 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62199 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-61845 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
NOT-FOR-US: Adobe
CVE-2025-61844 (Format Plugins versions 1.1.1 and earlier are affected by an
Out-of-bo ...)
@@ -113,75 +113,75 @@ CVE-2025-61815 (InDesign Desktop versions 20.5, 19.5.5
and earlier are affected
CVE-2025-61814 (InDesign Desktop versions 20.5, 19.5.5 and earlier are
affected by a U ...)
NOT-FOR-US: Adobe
CVE-2025-60728 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60727 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60726 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60724 (Heap-based buffer overflow in Microsoft Graphics Component
allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60723 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60722 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60721 (Privilege context switching error in Windows Administrator
Protection ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60720 (Buffer over-read in Windows TDX.sys allows an authorized
attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60719 (Untrusted pointer dereference in Windows Ancillary Function
Driver for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60718 (Untrusted search path in Windows Administrator Protection
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60717 (Use after free in Windows Broadcast DVR User Service allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60716 (Use after free in Windows DirectX allows an authorized
attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60715 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60714 (Heap-based buffer overflow in Windows OLE allows an
unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60713 (Untrusted pointer dereference in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60710 (Improper link resolution before file access ('link following')
in Host ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60709 (Out-of-bounds read in Windows Common Log File System Driver
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60708 (Untrusted pointer dereference in Storvsp.sys Driver allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60707 (Use after free in Multimedia Class Scheduler Service (MMCSS)
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60706 (Out-of-bounds read in Windows Hyper-V allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60705 (Improper access control in Windows Client-Side Caching (CSC)
Service a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60704 (Missing cryptographic step in Windows Kerberos allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60703 (Untrusted pointer dereference in Windows Remote Desktop allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-5317 (An improper access restriction to a folder in Bitdefender
Endpoint Sec ...)
NOT-FOR-US: Bitdefender
CVE-2025-59515 (Use after free in Windows Broadcast DVR User Service allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59514 (Improper privilege management in Microsoft Streaming Service
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59513 (Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59512 (Improper access control in Customer Experience Improvement
Program (CE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59511 (External control of file name or path in Windows WLAN Service
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59510 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59509 (Insertion of sensitive information into sent data in Windows
Speech al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59508 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59507 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59506 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59505 (Double free in Windows Smart Card allows an authorized
attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59504 (Heap-based buffer overflow in Azure Monitor Agent allows an
unauthoriz ...)
NOT-FOR-US: Microsoft
CVE-2025-59499 (Improper neutralization of special elements used in an sql
command ('s ...)
@@ -205,13 +205,13 @@ CVE-2025-41101 (HTML injection vulnerability found in
Fairsketch's RISE CRM Fram
CVE-2025-35972 (Uncontrolled search path for the Intel MPI Library before
version 2021 ...)
TODO: check
CVE-2025-35971 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi
Software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-35968 (Protection mechanism failure in the UEFI firmware for the Slim
Bootloa ...)
TODO: check
CVE-2025-35967 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi
Software for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-35963 (Insufficient control flow management for some Intel(R)
PROSet/Wireless ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-33202 (NVIDIA Triton Inference Server for Linux and Windows contains
a vulner ...)
NOT-FOR-US: NVIDIA
CVE-2025-33186 (NVIDIA AIStore contains a vulnerability in AuthN. A successful
exploit ...)
@@ -221,7 +221,7 @@ CVE-2025-33185 (NVIDIA AIStore contains a vulnerability in
AuthN where an unauth
CVE-2025-33178 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
NOT-FOR-US: NVIDIA
CVE-2025-33029 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi
Software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-33000 (Improper input validation for some Intel QuickAssist
Technology before ...)
TODO: check
CVE-2025-32732 (Buffer overflow for some Intel(R) QAT Windows software before
version ...)
@@ -237,13 +237,13 @@ CVE-2025-32088 (Improper conditions check for some
Intel(R) QAT Windows software
CVE-2025-32038 (Uncontrolled search path for some FPGA Support Package for the
Intel o ...)
NOT-FOR-US: Intel
CVE-2025-32037 (Improper access control for some Intel(R) PresentMon before
version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-32001 (Uncontrolled search path for the Intel(R) Processor
Identification Uti ...)
NOT-FOR-US: Intel
CVE-2025-31948 (Improper input validation for some Intel(R) oneAPI Math Kernel
Library ...)
NOT-FOR-US: Intel
CVE-2025-31940 (Incorrect default permissions for some Intel(R) Thread
Director Visual ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-31937 (Out-of-bounds read for some Intel(R) QAT Windows software
before versi ...)
NOT-FOR-US: Intel
CVE-2025-31931 (Uncontrolled search path for the Instrumentation and Tracing
Technolog ...)
@@ -251,11 +251,11 @@ CVE-2025-31931 (Uncontrolled search path for the
Instrumentation and Tracing Tec
CVE-2025-31647 (Uncontrolled search path for some Intel(R) Graphics Software
before ve ...)
TODO: check
CVE-2025-31645 (Uncontrolled search path for some System Event Log Viewer
Utility soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-31146 (Time-of-check time-of-use race condition for some Intel
Ethernet Adapt ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30518 (Incorrect default permissions for some Intel(R) PresentMon
before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30509 (Improper input validation for some Intel QuickAssist
Technology softwa ...)
TODO: check
CVE-2025-30506 (Uncontrolled search path for some Intel Driver and Support
Assistant b ...)
@@ -263,13 +263,13 @@ CVE-2025-30506 (Uncontrolled search path for some Intel
Driver and Support Assis
CVE-2025-30398 (Missing authorization in Nuance PowerScribe allows an
unauthorized att ...)
TODO: check
CVE-2025-30255 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi
Software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30185 (Active debug code for some Intel UEFI reference platforms
within Ring ...)
TODO: check
CVE-2025-30182 (Uncontrolled search path for some Intel(R) Distribution for
Python sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27725 (Time-of-check time-of-use race condition for some ACAT before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27713 (Out-of-bounds write for some Intel(R) QAT Windows software
before vers ...)
NOT-FOR-US: Intel
CVE-2025-27712 (Improper neutralization for some Intel(R) Neural Compressor
software b ...)
@@ -313,9 +313,9 @@ CVE-2025-24519 (Buffer overflow for some Intel(R) QAT
Windows software before ve
CVE-2025-24516 (Improper access control for some Intel(R) CIP software before
version ...)
NOT-FOR-US: Intel
CVE-2025-24512 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24491 (Uncontrolled search path for some Intel(R) Killer(TM)
Performance Suit ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24327 (Insecure inherited permissions for some Intel(R) Rapid Storage
Technol ...)
NOT-FOR-US: Intel
CVE-2025-24314 (Improper access control for some Intel(R) CIP software before
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2c4c8500cee5748197c62ab4a9d6cb44eb6ebe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2c4c8500cee5748197c62ab4a9d6cb44eb6ebe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
