[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 11 21:10:54 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2ec8839 by Salvatore Bonaccorso at 2025-03-11T22:10:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106,27 +106,27 @@ CVE-2025-27158 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428
CVE-2025-26701 (An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova ...)
TODO: check
CVE-2025-26645 (Relative path traversal in Remote Desktop Client allows an unauthorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26634 (Heap-based buffer overflow in Windows Core Messaging allows an authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26633 (Improper neutralization in Microsoft Management Console allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26631 (Uncontrolled search path element in Visual Studio Code allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26630 (Use after free in Microsoft Office Access allows an unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26629 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26627 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25929 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
- TODO: check
+ NOT-FOR-US: Openmrs
CVE-2025-25928 (A Cross-Site Request Forgery (CSRF) in the component /admin/users/user ...)
- TODO: check
+ NOT-FOR-US: Openmrs
CVE-2025-25927 (A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allo ...)
- TODO: check
+ NOT-FOR-US: Openmrs
CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0 ...)
- TODO: check
+ NOT-FOR-US: Openmrs
CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users to set w ...)
TODO: check
CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid ...)
@@ -134,43 +134,43 @@ CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of Hote
CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 ...)
TODO: check
CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulne ...)
- TODO: check
+ NOT-FOR-US: LSC Smart Connect LSC Indoor PTZ Camera
CVE-2025-25267 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
NOT-FOR-US: Siemens
CVE-2025-25266 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
NOT-FOR-US: Siemens
CVE-2025-25008 (Improper link resolution before file access ('link following') in Micr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25003 (Uncontrolled search path element in Visual Studio allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24998 (Uncontrolled search path element in Visual Studio allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24997 (Null pointer dereference in Windows Kernel Memory allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24996 (External control of file name or path in Windows NTLM allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24995 (Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Drive ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24994 (Improper access control in Windows Cross Device Service allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24993 (Heap-based buffer overflow in Windows NTFS allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24992 (Buffer over-read in Windows NTFS allows an unauthorized attacker to di ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24991 (Out-of-bounds read in Windows NTFS allows an authorized attacker to di ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24988 (Out-of-bounds read in Windows USB Video Driver allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24987 (Out-of-bounds read in Windows USB Video Driver allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24986 (Improper isolation or compartmentalization in Azure PromptFlow allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24985 (Integer overflow or wraparound in Windows Fast FAT Driver allows an un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24984 (Insertion of sensitive information into log file in Windows NTFS allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24983 (Use after free in Windows Win32 Kernel Subsystem allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24453 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
NOT-FOR-US: Adobe
CVE-2025-24452 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
@@ -202,67 +202,67 @@ CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428
CVE-2025-24201 (An out-of-bounds write issue was addressed with improved checks to pre ...)
NOT-FOR-US: Apple
CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24083 (Untrusted pointer dereference in Microsoft Office allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24082 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24081 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24080 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24079 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24078 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24077 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24076 (Improper access control in Windows Cross Device Service allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24075 (Stack-based buffer overflow in Microsoft Office Excel allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24072 (Use after free in Microsoft Local Security Authority Server (lsasrv) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24071 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24070 (Weak authentication in ASP.NET Core & Visual Studio allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24067 (Heap-based buffer overflow in Microsoft Streaming Service allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24066 (Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24064 (Use after free in DNS Server allows an unauthorized attacker to execut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24061 (Protection mechanism failure in Windows Mark of the Web (MOTW) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24059 (Incorrect conversion between numeric types in Windows Common Log File ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24057 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24056 (Heap-based buffer overflow in Windows Telephony Server allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24055 (Out-of-bounds read in Windows USB Video Driver allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24054 (External control of file name or path in Windows NTLM allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24051 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24050 (Heap-based buffer overflow in Role: Windows Hyper-V allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24049 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24048 (Heap-based buffer overflow in Role: Windows Hyper-V allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24046 (Use after free in Microsoft Streaming Service allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24045 (Sensitive data storage in improperly locked memory in Windows Remote D ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24044 (Use after free in Windows Win32 Kernel Subsystem allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24043 (Improper verification of cryptographic signature in .NET allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24035 (Sensitive data storage in improperly locked memory in Windows Remote D ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-23402 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
NOT-FOR-US: Siemens
CVE-2025-23401 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
@@ -280,11 +280,11 @@ CVE-2025-23396 (A vulnerability has been identified in Teamcenter Visualization
CVE-2025-23384 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2025-23360 (NVIDIA Nemo Framework contains a vulnerability where a user could caus ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Nemo Framework
CVE-2025-23243 (NVIDIA Riva contains a vulnerability where a user could cause an impro ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Riva
CVE-2025-23242 (NVIDIA Riva contains a vulnerability where a user could cause an impro ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Riva
CVE-2025-22454 (Insufficiently restrictive permissions in Ivanti Secure Access Client ...)
TODO: check
CVE-2025-22370 (Many fields for the web configuration interface of the firmware for Me ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2ec88394f9e5c245ab9734a0769ab0cecdba8a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2ec88394f9e5c245ab9734a0769ab0cecdba8a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/8bf744fb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list