[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 12 22:02:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c349d0ca by Salvatore Bonaccorso at 2025-08-12T23:02:31+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -333,7 +333,7 @@ CVE-2025-32086 (Improperly implemented security check for standard in the DDRIO
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-32004 (Improper input validation in the Intel Edger8r Tool for some Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30034 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
NOT-FOR-US: Siemens
CVE-2025-30033 (The affected setup component is vulnerable to DLL hijacking. This coul ...)
@@ -341,27 +341,27 @@ CVE-2025-30033 (The affected setup component is vulnerable to DLL hijacking. Thi
CVE-2025-27759 (An improper neutralization of special elements used in an OS command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-27717 (Uncontrolled search path for some Intel(R) Graphics Driver software ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27707 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27576 (Uncontrolled resource consumption for some Edge Orchestrator software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27559 (Incorrect default permissions for some AI Playground software before v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27537 (Improper input validation for some Edge Orchestrator software before v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27250 (Uncontrolled resource consumption for some Edge Orchestrator software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26863 (Uncontrolled resource consumption in the Linux kernel-mode driver for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26697 (Uncontrolled resource consumption in the Linux kernel-mode driver for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26472 (Uncontrolled resource consumption for some Edge Orchestrator software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26470 (Incorrect default permissions for some Intel(R) Distribution for Pytho ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26404 (Uncontrolled search path for some Intel(R) DSA software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
@@ -369,67 +369,67 @@ CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R) Xe
CVE-2025-26398 (SolarWinds Database Performance Analyzer was found to contain a hard-c ...)
NOT-FOR-US: SolarWinds
CVE-2025-25273 (Insufficient control flow management in the Linux kernel-mode driver f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-25256 (An improper neutralization of special elements used in an OS command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-25248 (AnInteger Overflow or Wraparound vulnerability [CWE-190] in FortiOS ve ...)
NOT-FOR-US: Fortinet
CVE-2025-25007 (Improper validation of syntactic correctness of input in Microsoft Exc ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25006 (Improper handling of additional special element in Microsoft Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25005 (Improper input validation in Microsoft Exchange Server allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24999 (Improper access control in SQL Server allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24923 (Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval- ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24921 (Improper neutralization for some Edge Orchestrator software before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24840 (Improper access control for some Edge Orchestrator software before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24835 (Protection mechanism failure in the Intel(R) Graphics Driver for the I ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24523 (Protection mechanism failure for some Edge Orchestrator software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24520 (Insertion of sensitive information into log file for some Intel(R) Loc ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24515 (NULL pointer dereference for some Intel(R) Graphics Drivers may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24511 (Improper initialization in the Linux kernel-mode driver for some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24486 (Improper input validation in the Linux kernel-mode driver for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24484 (Improper input validation in the Linux kernel-mode driver for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24325 (Improper input validation in the Linux kernel-mode driver for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24324 (Integer overflow or wraparound in the Linux kernel-mode driver for som ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24323 (Improper access control in some firmware package and LED mode toggle t ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24313 (Improper access control for some Device Plugins for Kubernetes softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24305 (Insufficient control flow management in the Alias Checking Trusted Mod ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-24303 (Improper check for unusual or exceptional conditions in the Linux kern ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24302 (Uncontrolled recursion for some TinyCBOR libraries maintained by Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24296 (Improper input validation in some firmware for the Intel(R) E810 Ether ...)
NOT-FOR-US: Intel
CVE-2025-23241 (Integer overflow or wraparound in the Linux kernel-mode driver for som ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode driver f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22889 (Improper handling of overlap between protected memory ranges for some ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22853 (Improper synchronization in the firmware for some Intel(R) TDX may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22840 (Sequence of processor instructions leads to unexpected behavior for so ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html
@@ -439,9 +439,9 @@ CVE-2025-22839 (Insufficient granularity of access control in the OOB-MSM for so
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22838 (Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calib ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22836 (Integer overflow or wraparound in the Linux kernel-mode driver for som ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22834 (AMI APTIOV contains a vulnerability in BIOS where a user may cause \u2 ...)
NOT-FOR-US: AMI
CVE-2025-22830 (APTIOV contains a vulnerability in BIOS where a skilled user may cause ...)
@@ -449,37 +449,37 @@ CVE-2025-22830 (APTIOV contains a vulnerability in BIOS where a skilled user may
CVE-2025-22392 (Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Stan ...)
NOT-FOR-US: Intel
CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R) TDX may ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver & Suppor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21090 (Missing reference to active allocated resource for some Intel(R) Xeon( ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-21086 (Improper input validation in the Linux kernel-mode driver for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20627 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler s ...)
NOT-FOR-US: Intel
CVE-2025-20625 (Improper conditions check for some Intel(R) PROSet/Wireless WiFi Softw ...)
NOT-FOR-US: Intel
CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache mechani ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-20099 (Improper access control for some Intel(R) Rapid Storage Technology ins ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20093 (Improper check for unusual or exceptional conditions in the Linux kern ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20092 (Uncontrolled search path for some Clock Jitter Tool software before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20090 (Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20087 (Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compi ...)
NOT-FOR-US: Intel
CVE-2025-20077 (Missing release of memory after effective lifetime in the UEFI OobRasM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20074 (Time-of-check Time-of-use race condition for some Intel(R) Connectivit ...)
NOT-FOR-US: Intel
CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R) CSME and I ...)
@@ -495,9 +495,9 @@ CVE-2025-20044 (Improper locking for some Intel(R) TDX Module firmware before ve
CVE-2025-20037 (Time-of-check time-of-use race condition in firmware for some Intel(R) ...)
NOT-FOR-US: Intel
CVE-2025-20025 (Uncontrolled recursion for some TinyCBOR libraries maintained by Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20023 (Incorrect default permissions for some Intel(R) Graphics Driver softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20017 (Uncontrolled search path for some Intel(R) oneAPI Toolkit and componen ...)
NOT-FOR-US: Intel
CVE-2024-54678 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c349d0caaa94f322cab496582639acf95eef0edc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c349d0caaa94f322cab496582639acf95eef0edc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/021b6a36/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list