[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 12 21:36:20 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e91f24b by Salvatore Bonaccorso at 2025-08-12T22:35:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2025-55167 (WeGIA is an open source web manager with a focus on the Portugue
CVE-2025-55166 (savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, th ...)
NOT-FOR-US: darylldoyle svg-sanitizer
CVE-2025-55164 (content-security-policy-parser parses content security policy directiv ...)
- TODO: check
+ NOT-FOR-US: helmetjs/content-security-policy-parser
CVE-2025-55011 (Kanboard is project management software that focuses on the Kanban met ...)
- kanboard <removed>
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55
@@ -41,11 +41,11 @@ CVE-2025-54864 (Hydra is a continuous integration service for Nix based projects
CVE-2025-54800 (Hydra is a continuous integration service for Nix based projects. Prio ...)
NOT-FOR-US: Hydra
CVE-2025-53793 (Improper authentication in Azure Stack allows an unauthorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53789 (Missing authentication for critical function in Windows StateRepositor ...)
NOT-FOR-US: Microsoft
CVE-2025-53788 (Time-of-check time-of-use (toctou) race condition in Windows Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53784 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
NOT-FOR-US: Microsoft
CVE-2025-53783 (Heap-based buffer overflow in Microsoft Teams allows an unauthorized a ...)
@@ -57,193 +57,193 @@ CVE-2025-53779 (Relative path traversal in Windows Kerberos allows an authorized
CVE-2025-53778 (Improper authentication in Windows NTLM allows an authorized attacker ...)
NOT-FOR-US: Microsoft
CVE-2025-53773 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53772 (Deserialization of untrusted data in Web Deploy allows an authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53769 (External control of file name or path in Windows Security App allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53766 (Heap-based buffer overflow in Windows GDI+ allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53765 (Exposure of private personal information to an unauthorized actor in A ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53761 (Use after free in Microsoft Office PowerPoint allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53760 (Server-side request forgery (ssrf) in Microsoft Office SharePoint allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53759 (Use of uninitialized resource in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53744 (An incorrect privilege assignment vulnerability [CWE-266] in FortiOS S ...)
NOT-FOR-US: Fortinet
CVE-2025-53741 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53740 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53739 (Access of resource using incompatible type ('type confusion') in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53738 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53737 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53736 (Buffer over-read in Microsoft Office Word allows an unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53735 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53734 (Use after free in Microsoft Office Visio allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53733 (Incorrect conversion between numeric types in Microsoft Office Word al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53732 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53731 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53730 (Use after free in Microsoft Office Visio allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53729 (Improper access control in Azure File Sync allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53728 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53727 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53726 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53725 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53724 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53723 (Numeric truncation error in Windows Hyper-V allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53722 (Uncontrolled resource consumption in Windows Remote Desktop Services a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53721 (Use after free in Windows Connected Devices Platform Service allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53720 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53719 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53718 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53716 (Null pointer dereference in Windows Local Security Authority Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53156 (Exposure of sensitive information to an unauthorized actor in Storage ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53155 (Heap-based buffer overflow in Windows Hyper-V allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53154 (Null pointer dereference in Windows Ancillary Function Driver for WinS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53153 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53152 (Use after free in Desktop Windows Manager allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53151 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53149 (Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Drive ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53148 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53147 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53145 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53144 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53143 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53142 (Use after free in Microsoft Brokering File System allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53141 (Null pointer dereference in Windows Ancillary Function Driver for WinS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53140 (Use after free in Kernel Transaction Manager allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53138 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53137 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53136 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53135 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53134 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53133 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53132 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53131 (Heap-based buffer overflow in Windows Media allows an unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-52970 (A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 ...)
NOT-FOR-US: Fortinet
CVE-2025-50177 (Use after free in Windows Message Queuing allows an unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50176 (Access of resource using incompatible type ('type confusion') in Graph ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50173 (Weak authentication in Windows Installer allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50172 (Allocation of resources without limits or throttling in Windows Direct ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50171 (Missing authorization in Remote Desktop Server allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50170 (Improper handling of insufficient permissions or privileges in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50169 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50168 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50167 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50166 (Integer overflow or wraparound in Windows Distributed Transaction Coor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50165 (Untrusted pointer dereference in Microsoft Graphics Component allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50164 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50163 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50162 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50161 (Heap-based buffer overflow in Windows Win32K - GRFX allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50160 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50159 (Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50158 (Time-of-check time-of-use (toctou) race condition in Windows NTFS allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50157 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50156 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50155 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50154 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50153 (Use after free in Desktop Windows Manager allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49813 (An improper neutralization of special elements used in an OS Command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-49762 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49761 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49759 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49758 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49757 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49755 (User interface (ui) misrepresentation of critical information in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49751 (Missing synchronization in Windows Hyper-V allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49745 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49743 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49736 (The ui performs the wrong action in Microsoft Edge for Android allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49712 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49707 (Improper access control in Azure Virtual Machines allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49569 (Substance3D - Viewer versions 0.25 and earlier are affected by an out- ...)
NOT-FOR-US: Adobe
CVE-2025-49568 (Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use ...)
@@ -269,9 +269,9 @@ CVE-2025-49555 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-
CVE-2025-49554 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2 ...)
NOT-FOR-US: Adobe
CVE-2025-48807 (Improper restriction of communication channel to intended endpoints in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47954 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47857 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2025-43736 (A Denial Of Service via File Upload (DOS) vulnerability in the Liferay ...)
@@ -321,7 +321,7 @@ CVE-2025-36124 (IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0
CVE-2025-36000 (IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 i ...)
NOT-FOR-US: IBM
CVE-2025-33051 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33023 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: Siemens
CVE-2025-32932 (An Improper neutralization of input during web page generation ('cross ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e91f24b1d9325158e126ac263b9f556e539135a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e91f24b1d9325158e126ac263b9f556e539135a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/effdb423/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list