[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 9 20:25:31 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a45c442 by Salvatore Bonaccorso at 2025-12-09T21:25:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-9638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Portabilis
CVE-2025-9614 (An issue was discovered in the PCI Express (PCIe) Integrity and Data E ...)
- TODO: check
+ NOT-FOR-US: PCI Express (PCIe) Integrity and Data Encryption (IDE) specification
CVE-2025-9613 (A vulnerability was discovered in the PCI Express (PCIe) Integrity and ...)
- TODO: check
+ NOT-FOR-US: PCI Express (PCIe) Integrity and Data Encryption (IDE) specification
CVE-2025-9612 (An issue was discovered in the PCI Express (PCIe) Integrity and Data E ...)
- TODO: check
+ NOT-FOR-US: PCI Express (PCIe) Integrity and Data Encryption (IDE) specification
CVE-2025-9368 (A security issue exists within 432ES-IG3 Series A, which affects Guard ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-6924 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: e-BAP Automation
CVE-2025-6923 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: UNIS
CVE-2025-67599 (Missing Authorization vulnerability in WebToffee WebToffee eCommerce M ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67598 (Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins Support ...)
@@ -219,29 +219,29 @@ CVE-2025-66526 (Missing Authorization vulnerability in Essekia Tablesome tableso
CVE-2025-66525 (Missing Authorization vulnerability in Elastic Email Elastic Email Sen ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66456 (Elysia is a Typescript framework for request validation, type inferenc ...)
- TODO: check
+ NOT-FOR-US: Elysia
CVE-2025-66271 (Clone for Windows provided by ELECOM CO.,LTD. registers a Windows serv ...)
- TODO: check
+ NOT-FOR-US: Clone for Windows (ELECOM)
CVE-2025-66214 (Ladybug adds message-based debugging, unit, system, and regression tes ...)
- TODO: check
+ NOT-FOR-US: Ladybug
CVE-2025-65882 (An issue was discovered in openmptcprouter thru 0.64 in file common/pa ...)
- TODO: check
+ NOT-FOR-US: openmptcprouter
CVE-2025-65741 (Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib In ...)
TODO: check
CVE-2025-65594 (OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Stu ...)
- TODO: check
+ NOT-FOR-US: OpenSIS
CVE-2025-65573 (Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v ...)
- TODO: check
+ NOT-FOR-US: AllskyTeam AllSky
CVE-2025-65572 (Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12 ...)
- TODO: check
+ NOT-FOR-US: AllskyTeam AllSky
CVE-2025-65300 (A stored Cross-Site Scripting (XSS) vulnerability exists in the Coohom ...)
- TODO: check
+ NOT-FOR-US: Coohom SaaS Platform
CVE-2025-65289 (A stored Cross site scripting (XSS) vulnerability in the Mercury MR816 ...)
- TODO: check
+ NOT-FOR-US: Mercury router
CVE-2025-65288 (A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 ...)
- TODO: check
+ NOT-FOR-US: Mercury router
CVE-2025-65287 (An unauthenticated directory traversal vulnerability in cgi-bin/upload ...)
- TODO: check
+ NOT-FOR-US: SNMP Web Pro
CVE-2025-64894 (DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow ...)
NOT-FOR-US: Adobe
CVE-2025-64893 (DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Re ...)
@@ -251,29 +251,29 @@ CVE-2025-64784 (DNG SDK versions 1.7.0 and earlier are affected by a Heap-based
CVE-2025-64783 (DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow ...)
NOT-FOR-US: Adobe
CVE-2025-64696 (Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improper ...)
- TODO: check
+ NOT-FOR-US: Android App "Brother iPrint&Scan"
CVE-2025-64680 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64679 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64678 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64673 (Improper access control in Storvsp.sys Driver allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64672 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64671 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64670 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64667 (User interface (ui) misrepresentation of critical information in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64666 (Improper input validation in Microsoft Exchange Server allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64661 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64658 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64471 (A use of password hash instead of password for authentication vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2025-64447 (A reliance on cookies without validation and integrity checking vulner ...)
@@ -291,21 +291,21 @@ CVE-2025-64156 (An improper neutralization of special elements used in an sql co
CVE-2025-64153 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2025-64113 (Emby Server is a user-installable home media server. Versions below 4. ...)
- TODO: check
+ NOT-FOR-US: Emby Server
CVE-2025-64086 (A NULL pointer dereference vulnerability in the util.readFileIntoStrea ...)
NOT-FOR-US: PDF-XChange
CVE-2025-64085 (A NULL pointer dereference vulnerability in the importDataObject() fun ...)
NOT-FOR-US: PDF-XChange
CVE-2025-63742 (SQL Injection vulnerability in function setwxqyAction in file webmain/ ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63740 (SQL Injection vulnerability in function getselectdataAjax in file inpu ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63739 (An issue was discovered in function phpinisaveAction in file webmain/s ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63738 (An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7 ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63737 (Cross-site scripting (XSS) vulnerability in function urltestAction in ...)
- TODO: check
+ NOT-FOR-US: Xinhu Rainrock RockOA
CVE-2025-63077 (Missing Authorization vulnerability in HappyMonster Happy Addons for E ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-63076 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -461,87 +461,87 @@ CVE-2025-62733 (Cross-Site Request Forgery (CSRF) vulnerability in ProteusThemes
CVE-2025-62631 (An insufficient session expiration vulnerability [CWE-613] in Fortinet ...)
NOT-FOR-US: Fortinet
CVE-2025-62573 (Use after free in Windows DirectX allows an authorized attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62572 (Out-of-bounds read in Application Information Services allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62571 (Improper input validation in Windows Installer allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62570 (Improper access control in Windows Camera Frame Server Monitor allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62569 (Use after free in Microsoft Brokering File System allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62567 (Integer underflow (wrap or wraparound) in Windows Hyper-V allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62565 (Use after free in Windows Shell allows an authorized attacker to eleva ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62564 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62563 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62562 (Use after free in Microsoft Office Outlook allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62561 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62560 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62559 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62558 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62557 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62556 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62555 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62554 (Access of resource using incompatible type ('type confusion') in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62553 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62552 (Relative path traversal in Microsoft Office Access allows an unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62550 (Out-of-bounds write in Azure Monitor Agent allows an authorized attack ...)
NOT-FOR-US: Microsoft
CVE-2025-62549 (Untrusted pointer dereference in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62474 (Improper access control in Windows Remote Access Connection Manager al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62473 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62472 (Use of uninitialized resource in Windows Remote Access Connection Mana ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62470 (Heap-based buffer overflow in Windows Common Log File System Driver al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62469 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62468 (Out-of-bounds read in Windows Defender Firewall Service allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62467 (Integer overflow or wraparound in Windows Projected File System allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62466 (Null pointer dereference in Windows Client-Side Caching (CSC) Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62465 (Null pointer dereference in Windows DirectX allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62464 (Buffer over-read in Windows Projected File System allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62463 (Null pointer dereference in Windows DirectX allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62462 (Buffer over-read in Windows Projected File System allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62461 (Buffer over-read in Windows Projected File System Filter Driver allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62458 (Heap-based buffer overflow in Windows Win32K - GRFX allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62457 (Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62456 (Heap-based buffer overflow in Windows Resilient File System (ReFS) all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62455 (Improper input validation in Windows Message Queuing allows an authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62454 (Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62221 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62153 (Missing Authorization vulnerability in Graham Quick Interest Slider qu ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-62152 (Missing Authorization vulnerability in ConveyThis ConveyThis conveythi ...)
@@ -567,21 +567,21 @@ CVE-2025-62085 (Missing Authorization vulnerability in berthaai BERTHA AI bertha
CVE-2025-62082 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-61258 (An issue was discovered in Outsystems Platform Server 11.18.1.37828 al ...)
- TODO: check
+ NOT-FOR-US: Outsystems Platform Server
CVE-2025-61078 (Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM ...)
TODO: check
CVE-2025-61075 (Multiple Incorrect Access Control vulnerabilities in adata Software Gm ...)
- TODO: check
+ NOT-FOR-US: adata Software GmbH Mitarbeiterportal
CVE-2025-61074 (A stored Cross Site Scripting (XSS) vulnherability in the bulletin boa ...)
- TODO: check
+ NOT-FOR-US: adata Software GmbH Mitarbeiter Portal
CVE-2025-60024 (Multiple Improper Limitations of a Pathname to a Restricted Directory ...)
NOT-FOR-US: Fortinet
CVE-2025-5471 (Uncontrolled Search Path Element vulnerability in Yandex Telemost on M ...)
- TODO: check
+ NOT-FOR-US: Yandex Telemost on MacOS
CVE-2025-5470 (Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS ...)
- TODO: check
+ NOT-FOR-US: Yandex
CVE-2025-5469 (Uncontrolled Search Path Element vulnerability in Yandex Messenger on ...)
- TODO: check
+ NOT-FOR-US: Yandex
CVE-2025-59923 (An improper access control vulnerability in Fortinet FortiAuthenticato ...)
NOT-FOR-US: Fortinet
CVE-2025-59810 (An improper access control vulnerability in Fortinet FortiSOAR PaaS 7. ...)
@@ -593,9 +593,9 @@ CVE-2025-59719 (An improper verification of cryptographic signature vulnerabilit
CVE-2025-59718 (A improper verification of cryptographic signature vulnerability in Fo ...)
NOT-FOR-US: Fortinet
CVE-2025-59517 (Improper access control in Windows Storage VSP Driver allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59516 (Missing authentication for critical function in Windows Storage VSP Dr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59132 (Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Duplicat ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-57823 (A direct request ('forced browsing') vulnerability in Fortinet FortiAu ...)
@@ -603,13 +603,13 @@ CVE-2025-57823 (A direct request ('forced browsing') vulnerability in Fortinet F
CVE-2025-56704 (LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerabilit ...)
TODO: check
CVE-2025-55233 (Out-of-bounds read in Windows Projected File System allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54838 (An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4. ...)
NOT-FOR-US: Fortinet
CVE-2025-54353 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: Fortinet
CVE-2025-54100 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53949 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-53679 (An improper neutralization of special elements used in an OS command ( ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a45c4422aa7175e33f2c3d3548d0de5a739012c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a45c4422aa7175e33f2c3d3548d0de5a739012c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/16f73ab3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list