[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 9 16:00:22 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5fa7c1c9 by Salvatore Bonaccorso at 2025-04-09T17:00:03+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,145 +187,145 @@ CVE-2025-29986 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an
CVE-2025-29985 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initi ...)
NOT-FOR-US: Dell / EMC
CVE-2025-29824 (Use after free in Windows Common Log File System Driver allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29823 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29822 (Incomplete list of disallowed inputs in Microsoft Office OneNote allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29821 (Improper input validation in Dynamics Business Central allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29820 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29819 (External control of file name or path in Azure Portal Windows Admin Ce ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29816 (Improper input validation in Microsoft Office Word allows an unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29812 (Untrusted pointer dereference in Windows Kernel Memory allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29811 (Improper input validation in Windows Mobile Broadband allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29810 (Improper access control in Active Directory Domain Services allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29809 (Insecure storage of sensitive information in Windows Kerberos allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29808 (Use of a cryptographic primitive with a risky implementation in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29805 (Exposure of sensitive information to an unauthorized actor in Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29804 (Improper access control in Visual Studio allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29802 (Improper access control in Visual Studio allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29801 (Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29800 (Improper privilege management in Microsoft AutoUpdate (MAU) allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29794 (Improper authorization in Microsoft Office SharePoint allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29793 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29792 (Use after free in Microsoft Office allows an authorized attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29791 (Access of resource using incompatible type ('type confusion') in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27752 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27751 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27750 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27749 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27748 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27747 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27746 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27745 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27744 (Improper access control in Microsoft Office allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27743 (Untrusted search path in System Center allows an authorized attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27742 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27741 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27740 (Weak authentication in Windows Active Directory Certificate Services a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27739 (Untrusted pointer dereference in Windows Kernel allows an authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27738 (Improper access control in Windows Resilient File System (ReFS) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27737 (Improper input validation in Windows Security Zone Mapping allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27736 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27735 (Insufficient verification of data authenticity in Windows Virtualizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27733 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27732 (Sensitive data storage in improperly locked memory in Windows Win32K - ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27731 (Improper input validation in OpenSSH for Windows allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27730 (Use after free in Windows Digital Media allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27729 (Use after free in Windows Shell allows an unauthorized attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27728 (Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27727 (Improper link resolution before file access ('link following') in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27492 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27491 (Use after free in Windows Hyper-V allows an authorized attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27490 (Heap-based buffer overflow in Windows Bluetooth Service allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27489 (Improper input validation in Azure Local allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27487 (Heap-based buffer overflow in Remote Desktop Client allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27486 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27485 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27484 (Sensitive data storage in improperly locked memory in Windows Universa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27483 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27482 (Sensitive data storage in improperly locked memory in Remote Desktop G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27481 (Stack-based buffer overflow in Windows Telephony Service allows an una ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27480 (Use after free in Remote Desktop Gateway Service allows an unauthorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27479 (Insufficient resource pool in Windows Kerberos allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27478 (Heap-based buffer overflow in Windows Local Security Authority (LSA) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27477 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27476 (Use after free in Windows Digital Media allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27475 (Sensitive data storage in improperly locked memory in Windows Update S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27474 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27473 (Uncontrolled resource consumption in Windows HTTP.sys allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27472 (Protection mechanism failure in Windows Mark of the Web (MOTW) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27471 (Sensitive data storage in improperly locked memory in Microsoft Stream ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27470 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27469 (Uncontrolled resource consumption in Windows LDAP - Lightweight Direct ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27467 (Use after free in Windows Digital Media allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27443 (Insecure default variable initialization in some Zoom Workplace Apps f ...)
NOT-FOR-US: Zoom
CVE-2025-27442 (Cross site scripting in some Zoom Workplace Apps may allow an unauthen ...)
@@ -379,75 +379,75 @@ CVE-2025-27079 (A vulnerability in the file creation process on the command line
CVE-2025-27078 (A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP coul ...)
NOT-FOR-US: HPE
CVE-2025-26688 (Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26687 (Use after free in Windows Win32K - GRFX allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26686 (Sensitive data storage in improperly locked memory in Windows TCP/IP a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26682 (Allocation of resources without limits or throttling in ASP.NET Core a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26681 (Use after free in Windows Win32K - GRFX allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26680 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26679 (Use after free in RPC Endpoint Mapper Service allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26678 (Improper access control in Windows Defender Application Control (WDAC) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26676 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26675 (Out-of-bounds read in Windows Subsystem for Linux allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26674 (Heap-based buffer overflow in Windows Media allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26673 (Uncontrolled resource consumption in Windows LDAP - Lightweight Direct ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26672 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26671 (Use after free in Windows Remote Desktop Services allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26670 (Use after free in Windows LDAP - Lightweight Directory Access Protocol ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26669 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26668 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26667 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26666 (Heap-based buffer overflow in Windows Media allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26665 (Sensitive data storage in improperly locked memory in Windows upnphost ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26664 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26663 (Use after free in Windows LDAP - Lightweight Directory Access Protocol ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26652 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26651 (Exposed dangerous method or function in Windows Local Session Manager ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26649 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26648 (Sensitive data storage in improperly locked memory in Windows Kernel a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26647 (Improper input validation in Windows Kerberos allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26644 (Automated recognition mechanism with inadequate detection or handling ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26642 (Out-of-bounds read in Microsoft Office allows an unauthorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26641 (Uncontrolled resource consumption in Windows Cryptographic Services al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26640 (Use after free in Windows Digital Media allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26639 (Integer overflow or wraparound in Windows USB Print Driver allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26637 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26635 (Weak authentication in Windows Hello allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26628 (Insufficiently protected credentials in Azure Local Cluster allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25254 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: Fortinet
CVE-2025-25227 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
@@ -455,17 +455,17 @@ CVE-2025-25227 (Insufficient state checks lead to a vector that allows to bypass
CVE-2025-25226 (Improper handling of identifiers lead to a SQL injection vulnerability ...)
NOT-FOR-US: Joomla
CVE-2025-25002 (Insertion of sensitive information into log file in Azure Local Cluste ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24074 (Improper input validation in Windows DWM Core Library allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24073 (Improper input validation in Windows DWM Core Library allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24062 (Improper input validation in Windows DWM Core Library allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24060 (Improper input validation in Windows DWM Core Library allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24058 (Improper input validation in Windows DWM Core Library allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-22855 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Fortinet
CVE-2025-22466 (Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
@@ -481,21 +481,21 @@ CVE-2025-22459 (Improper certificate validation in Ivanti Endpoint Manager befor
CVE-2025-22458 (DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
NOT-FOR-US: Ivanti
CVE-2025-21222 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21221 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21205 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21204 (Improper link resolution before file access ('link following') in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21203 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21197 (Improper access control in Windows NTFS allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21191 (Time-of-check time-of-use (toctou) race condition in Windows Local Sec ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21174 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-1095 (IBM Personal Communications v14 and v15 include a Windows service that ...)
NOT-FOR-US: IBM
CVE-2024-54092 (A vulnerability has been identified in Industrial Edge Device Kit - ar ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa7c1c93f0036986787a0d436d652bc7b2f6702
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa7c1c93f0036986787a0d436d652bc7b2f6702
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250409/2ed11b53/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list