Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a45c442 by Salvatore Bonaccorso at 2025-12-09T21:25:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-9638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Portabilis
CVE-2025-9614 (An issue was discovered in the PCI Express (PCIe) Integrity and
Data E ...)
- TODO: check
+ NOT-FOR-US: PCI Express (PCIe) Integrity and Data Encryption (IDE)
specification
CVE-2025-9613 (A vulnerability was discovered in the PCI Express (PCIe)
Integrity and ...)
- TODO: check
+ NOT-FOR-US: PCI Express (PCIe) Integrity and Data Encryption (IDE)
specification
CVE-2025-9612 (An issue was discovered in the PCI Express (PCIe) Integrity and
Data E ...)
- TODO: check
+ NOT-FOR-US: PCI Express (PCIe) Integrity and Data Encryption (IDE)
specification
CVE-2025-9368 (A security issue exists within 432ES-IG3 Series A, which
affects Guard ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-6924 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: e-BAP Automation
CVE-2025-6923 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: UNIS
CVE-2025-67599 (Missing Authorization vulnerability in WebToffee WebToffee
eCommerce M ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67598 (Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins
Support ...)
@@ -219,29 +219,29 @@ CVE-2025-66526 (Missing Authorization vulnerability in
Essekia Tablesome tableso
CVE-2025-66525 (Missing Authorization vulnerability in Elastic Email Elastic
Email Sen ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66456 (Elysia is a Typescript framework for request validation, type
inferenc ...)
- TODO: check
+ NOT-FOR-US: Elysia
CVE-2025-66271 (Clone for Windows provided by ELECOM CO.,LTD. registers a
Windows serv ...)
- TODO: check
+ NOT-FOR-US: Clone for Windows (ELECOM)
CVE-2025-66214 (Ladybug adds message-based debugging, unit, system, and
regression tes ...)
- TODO: check
+ NOT-FOR-US: Ladybug
CVE-2025-65882 (An issue was discovered in openmptcprouter thru 0.64 in file
common/pa ...)
- TODO: check
+ NOT-FOR-US: openmptcprouter
CVE-2025-65741 (Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to
Dylib In ...)
TODO: check
CVE-2025-65594 (OpenSIS 9.2 and below is vulnerable to Incorrect Access
Control in Stu ...)
- TODO: check
+ NOT-FOR-US: OpenSIS
CVE-2025-65573 (Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam
AllSky v ...)
- TODO: check
+ NOT-FOR-US: AllskyTeam AllSky
CVE-2025-65572 (Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky
v2024.12 ...)
- TODO: check
+ NOT-FOR-US: AllskyTeam AllSky
CVE-2025-65300 (A stored Cross-Site Scripting (XSS) vulnerability exists in
the Coohom ...)
- TODO: check
+ NOT-FOR-US: Coohom SaaS Platform
CVE-2025-65289 (A stored Cross site scripting (XSS) vulnerability in the
Mercury MR816 ...)
- TODO: check
+ NOT-FOR-US: Mercury router
CVE-2025-65288 (A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build
110427 ...)
- TODO: check
+ NOT-FOR-US: Mercury router
CVE-2025-65287 (An unauthenticated directory traversal vulnerability in
cgi-bin/upload ...)
- TODO: check
+ NOT-FOR-US: SNMP Web Pro
CVE-2025-64894 (DNG SDK versions 1.7.0 and earlier are affected by an Integer
Overflow ...)
NOT-FOR-US: Adobe
CVE-2025-64893 (DNG SDK versions 1.7.0 and earlier are affected by an
Out-of-bounds Re ...)
@@ -251,29 +251,29 @@ CVE-2025-64784 (DNG SDK versions 1.7.0 and earlier are
affected by a Heap-based
CVE-2025-64783 (DNG SDK versions 1.7.0 and earlier are affected by an Integer
Overflow ...)
NOT-FOR-US: Adobe
CVE-2025-64696 (Android App "Brother iPrint&Scan" versions 6.13.7 and earlier
improper ...)
- TODO: check
+ NOT-FOR-US: Android App "Brother iPrint&Scan"
CVE-2025-64680 (Heap-based buffer overflow in Windows DWM Core Library allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64679 (Heap-based buffer overflow in Windows DWM Core Library allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64678 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64673 (Improper access control in Storvsp.sys Driver allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64672 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64671 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64670 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64667 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64666 (Improper input validation in Microsoft Exchange Server allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64661 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64658 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64471 (A use of password hash instead of password for authentication
vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2025-64447 (A reliance on cookies without validation and integrity
checking vulner ...)
@@ -291,21 +291,21 @@ CVE-2025-64156 (An improper neutralization of special
elements used in an sql co
CVE-2025-64153 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: Fortinet
CVE-2025-64113 (Emby Server is a user-installable home media server. Versions
below 4. ...)
- TODO: check
+ NOT-FOR-US: Emby Server
CVE-2025-64086 (A NULL pointer dereference vulnerability in the
util.readFileIntoStrea ...)
NOT-FOR-US: PDF-XChange
CVE-2025-64085 (A NULL pointer dereference vulnerability in the
importDataObject() fun ...)
NOT-FOR-US: PDF-XChange
CVE-2025-63742 (SQL Injection vulnerability in function setwxqyAction in file
webmain/ ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63740 (SQL Injection vulnerability in function getselectdataAjax in
file inpu ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63739 (An issue was discovered in function phpinisaveAction in file
webmain/s ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63738 (An issue was discovered in file index.php in Xinhu Rainrock
RockOA 2.7 ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63737 (Cross-site scripting (XSS) vulnerability in function
urltestAction in ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63077 (Missing Authorization vulnerability in HappyMonster Happy
Addons for E ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-63076 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -461,87 +461,87 @@ CVE-2025-62733 (Cross-Site Request Forgery (CSRF)
vulnerability in ProteusThemes
CVE-2025-62631 (An insufficient session expiration vulnerability [CWE-613] in
Fortinet ...)
NOT-FOR-US: Fortinet
CVE-2025-62573 (Use after free in Windows DirectX allows an authorized
attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62572 (Out-of-bounds read in Application Information Services allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62571 (Improper input validation in Windows Installer allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62570 (Improper access control in Windows Camera Frame Server Monitor
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62569 (Use after free in Microsoft Brokering File System allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62567 (Integer underflow (wrap or wraparound) in Windows Hyper-V
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62565 (Use after free in Windows Shell allows an authorized attacker
to eleva ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62564 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62563 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62562 (Use after free in Microsoft Office Outlook allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62561 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62560 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62559 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62558 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62557 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62556 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62555 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62554 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62553 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62552 (Relative path traversal in Microsoft Office Access allows an
unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62550 (Out-of-bounds write in Azure Monitor Agent allows an
authorized attack ...)
NOT-FOR-US: Microsoft
CVE-2025-62549 (Untrusted pointer dereference in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62474 (Improper access control in Windows Remote Access Connection
Manager al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62473 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62472 (Use of uninitialized resource in Windows Remote Access
Connection Mana ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62470 (Heap-based buffer overflow in Windows Common Log File System
Driver al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62469 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62468 (Out-of-bounds read in Windows Defender Firewall Service allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62467 (Integer overflow or wraparound in Windows Projected File
System allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62466 (Null pointer dereference in Windows Client-Side Caching (CSC)
Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62465 (Null pointer dereference in Windows DirectX allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62464 (Buffer over-read in Windows Projected File System allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62463 (Null pointer dereference in Windows DirectX allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62462 (Buffer over-read in Windows Projected File System allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62461 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62458 (Heap-based buffer overflow in Windows Win32K - GRFX allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62457 (Out-of-bounds read in Windows Cloud Files Mini Filter Driver
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62456 (Heap-based buffer overflow in Windows Resilient File System
(ReFS) all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62455 (Improper input validation in Windows Message Queuing allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62454 (Heap-based buffer overflow in Windows Cloud Files Mini Filter
Driver a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62221 (Use after free in Windows Cloud Files Mini Filter Driver
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62153 (Missing Authorization vulnerability in Graham Quick Interest
Slider qu ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-62152 (Missing Authorization vulnerability in ConveyThis ConveyThis
conveythi ...)
@@ -567,21 +567,21 @@ CVE-2025-62085 (Missing Authorization vulnerability in
berthaai BERTHA AI bertha
CVE-2025-62082 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-61258 (An issue was discovered in Outsystems Platform Server
11.18.1.37828 al ...)
- TODO: check
+ NOT-FOR-US: Outsystems Platform Server
CVE-2025-61078 (Cross-site scripting (XSS) vulnerability in Request IP form in
phpIPAM ...)
TODO: check
CVE-2025-61075 (Multiple Incorrect Access Control vulnerabilities in adata
Software Gm ...)
- TODO: check
+ NOT-FOR-US: adata Software GmbH Mitarbeiterportal
CVE-2025-61074 (A stored Cross Site Scripting (XSS) vulnherability in the
bulletin boa ...)
- TODO: check
+ NOT-FOR-US: adata Software GmbH Mitarbeiter Portal
CVE-2025-60024 (Multiple Improper Limitations of a Pathname to a Restricted
Directory ...)
NOT-FOR-US: Fortinet
CVE-2025-5471 (Uncontrolled Search Path Element vulnerability in Yandex
Telemost on M ...)
- TODO: check
+ NOT-FOR-US: Yandex Telemost on MacOS
CVE-2025-5470 (Uncontrolled Search Path Element vulnerability in Yandex Disk
on MacOS ...)
- TODO: check
+ NOT-FOR-US: Yandex
CVE-2025-5469 (Uncontrolled Search Path Element vulnerability in Yandex
Messenger on ...)
- TODO: check
+ NOT-FOR-US: Yandex
CVE-2025-59923 (An improper access control vulnerability in Fortinet
FortiAuthenticato ...)
NOT-FOR-US: Fortinet
CVE-2025-59810 (An improper access control vulnerability in Fortinet FortiSOAR
PaaS 7. ...)
@@ -593,9 +593,9 @@ CVE-2025-59719 (An improper verification of cryptographic
signature vulnerabilit
CVE-2025-59718 (A improper verification of cryptographic signature
vulnerability in Fo ...)
NOT-FOR-US: Fortinet
CVE-2025-59517 (Improper access control in Windows Storage VSP Driver allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59516 (Missing authentication for critical function in Windows
Storage VSP Dr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59132 (Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones
Duplicat ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-57823 (A direct request ('forced browsing') vulnerability in Fortinet
FortiAu ...)
@@ -603,13 +603,13 @@ CVE-2025-57823 (A direct request ('forced browsing')
vulnerability in Fortinet F
CVE-2025-56704 (LeptonCMS version 7.3.0 contains an arbitrary file upload
vulnerabilit ...)
TODO: check
CVE-2025-55233 (Out-of-bounds read in Windows Projected File System allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54838 (An Incorrect Authorization vulnerability [CWE-863] in
FortiPortal 7.4. ...)
NOT-FOR-US: Fortinet
CVE-2025-54353 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
NOT-FOR-US: Fortinet
CVE-2025-54100 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53949 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-53679 (An improper neutralization of special elements used in an OS
command ( ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a45c4422aa7175e33f2c3d3548d0de5a739012c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a45c4422aa7175e33f2c3d3548d0de5a739012c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
