[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 12 21:14:25 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9435968 by security tracker role at 2025-08-12T20:14:18+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,25 +3,25 @@ CVE-2025-8885 (Allocation of Resources Without Limits or Throttling vulnerabilit
CVE-2025-8452 (By using the "uscan" protocol provided by the eSCL specification, an a ...)
TODO: check
CVE-2025-8310 (Missing authorization in the admin console of Ivanti Virtual Applicati ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-8297 (Incomplete restriction of configurationin Ivanti Avalanche before vers ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-8296 (SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a r ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5468 (Improper handling of symbolic links in Ivanti Connect Secure before ve ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5466 (XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5462 (A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5456 (A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55169 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-55168 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-55167 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-55166 (savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, th ...)
TODO: check
CVE-2025-55164 (content-security-policy-parser parses content security policy directiv ...)
@@ -67,7 +67,7 @@ CVE-2025-53760 (Server-side request forgery (ssrf) in Microsoft Office SharePoin
CVE-2025-53759 (Use of uninitialized resource in Microsoft Office Excel allows an unau ...)
TODO: check
CVE-2025-53744 (An incorrect privilege assignment vulnerability [CWE-266] in FortiOS S ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53741 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
TODO: check
CVE-2025-53740 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
@@ -165,7 +165,7 @@ CVE-2025-53132 (Concurrent execution using shared resource with improper synchro
CVE-2025-53131 (Heap-based buffer overflow in Windows Media allows an unauthorized att ...)
TODO: check
CVE-2025-52970 (A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-50177 (Use after free in Windows Message Queuing allows an unauthorized attac ...)
TODO: check
CVE-2025-50176 (Access of resource using incompatible type ('type confusion') in Graph ...)
@@ -213,7 +213,7 @@ CVE-2025-50154 (Exposure of sensitive information to an unauthorized actor in Wi
CVE-2025-50153 (Use after free in Desktop Windows Manager allows an authorized attacke ...)
TODO: check
CVE-2025-49813 (An improper neutralization of special elements used in an OS Command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-49762 (Concurrent execution using shared resource with improper synchronizati ...)
TODO: check
CVE-2025-49761 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
@@ -239,99 +239,99 @@ CVE-2025-49712 (Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-49707 (Improper access control in Azure Virtual Machines allows an authorized ...)
TODO: check
CVE-2025-49569 (Substance3D - Viewer versions 0.25 and earlier are affected by an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49568 (Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49567 (Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49564 (Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stac ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49563 (Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49560 (Substance3D - Viewer versions 0.25 and earlier are affected by a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49559 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49558 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49557 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49556 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49555 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-49554 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-48807 (Improper restriction of communication channel to intended endpoints in ...)
TODO: check
CVE-2025-47954 (Improper neutralization of special elements used in an sql command ('s ...)
TODO: check
CVE-2025-47857 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-43736 (A Denial Of Service via File Upload (DOS) vulnerability in the Liferay ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43735 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43734 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-40770 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40769 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40768 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40767 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40766 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40764 (A vulnerability has been identified in Simcenter Femap V2406 (All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40762 (A vulnerability has been identified in Simcenter Femap V2406 (All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40761 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40759 (A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40753 (A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40752 (A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40751 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40746 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40743 (A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40584 (A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All ve ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40570 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-3831 (Log files uploaded during troubleshooting by the Harmony SASE agent ma ...)
TODO: check
CVE-2025-3089 (ServiceNow has addressed a Broken Access Control vulnerability that wa ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2025-36124 (IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 cou ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36000 (IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33051 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
TODO: check
CVE-2025-33023 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32932 (An Improper neutralization of input during web page generation ('cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-32766 (A stack-based buffer overflow vulnerability [CWE-121] in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-32086 (Improperly implemented security check for standard in the DDRIO config ...)
TODO: check
CVE-2025-32004 (Improper input validation in the Intel Edger8r Tool for some Intel(R) ...)
TODO: check
CVE-2025-30034 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30033 (The affected setup component is vulnerable to DLL hijacking. This coul ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-27759 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-27717 (Uncontrolled search path for some Intel(R) Graphics Driver software ma ...)
TODO: check
CVE-2025-27707 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
@@ -357,13 +357,13 @@ CVE-2025-26404 (Uncontrolled search path for some Intel(R) DSA software before v
CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) ...)
TODO: check
CVE-2025-26398 (SolarWinds Database Performance Analyzer was found to contain a hard-c ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-25273 (Insufficient control flow management in the Linux kernel-mode driver f ...)
TODO: check
CVE-2025-25256 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-25248 (AnInteger Overflow or Wraparound vulnerability [CWE-190] in FortiOS ve ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-25007 (Improper validation of syntactic correctness of input in Microsoft Exc ...)
TODO: check
CVE-2025-25006 (Improper handling of additional special element in Microsoft Exchange ...)
@@ -425,9 +425,9 @@ CVE-2025-22838 (Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic
CVE-2025-22836 (Integer overflow or wraparound in the Linux kernel-mode driver for som ...)
TODO: check
CVE-2025-22834 (AMI APTIOV contains a vulnerability in BIOS where a user may cause \u2 ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2025-22830 (APTIOV contains a vulnerability in BIOS where a skilled user may cause ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2025-22392 (Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Stan ...)
TODO: check
CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R) TDX may ...)
@@ -477,37 +477,37 @@ CVE-2025-20023 (Incorrect default permissions for some Intel(R) Graphics Driver
CVE-2025-20017 (Uncontrolled search path for some Intel(R) oneAPI Toolkit and componen ...)
TODO: check
CVE-2024-54678 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-52964 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-52504 (A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-48892 (A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-41986 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41985 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41984 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41983 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41982 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41980 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41979 (A vulnerability has been identified in SmartClient modules Opcenter QL ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-40588 (Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-38805 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
TODO: check
CVE-2024-33607 (Out-of-bounds read in some Intel(R) TDX module software before version ...)
TODO: check
CVE-2024-26009 (An authentication bypass using an alternate path or channel [CWE-288] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-45584 (A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-38500 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94359687c2d46d2712685c065e734d979580fe2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94359687c2d46d2712685c065e734d979580fe2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/b600a947/attachment.htm>
More information about the debian-security-tracker-commits
mailing list