[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 14 09:12:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b1d8d9f by security tracker role at 2025-05-14T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2025-4668
+	REJECTED
+CVE-2025-4574 (In crossbeam-channel rust crate, the internal `Channel` type's `Drop`  ...)
+	TODO: check
+CVE-2025-4520 (The Uncanny Automator plugin for WordPress is vulnerable to unauthoriz ...)
+	TODO: check
+CVE-2025-47905 (Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterpris ...)
+	TODO: check
+CVE-2025-47899
+	REJECTED
+CVE-2025-47898
+	REJECTED
+CVE-2025-47897
+	REJECTED
+CVE-2025-47896
+	REJECTED
+CVE-2025-47895
+	REJECTED
+CVE-2025-47894
+	REJECTED
+CVE-2025-47893
+	REJECTED
+CVE-2025-47892
+	REJECTED
+CVE-2025-47891
+	REJECTED
+CVE-2025-43572 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds  ...)
+	TODO: check
+CVE-2025-43571 (Substance3D - Stager versions 3.1.1 and earlier are affected by a Use  ...)
+	TODO: check
+CVE-2025-43570 (Substance3D - Stager versions 3.1.1 and earlier are affected by a Use  ...)
+	TODO: check
+CVE-2025-43569 (Substance3D - Stager versions 3.1.1 and earlier are affected by an out ...)
+	TODO: check
+CVE-2025-43568 (Substance3D - Stager versions 3.1.1 and earlier are affected by a Use  ...)
+	TODO: check
+CVE-2025-43567 (Adobe Connect versions 12.8 and earlier are affected by a reflected Cr ...)
+	TODO: check
+CVE-2025-43566 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43565 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43564 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43563 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43562 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43561 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43560 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43559 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
+	TODO: check
+CVE-2025-43554 (Substance3D - Modeler versions 1.21.0 and earlier are affected by an o ...)
+	TODO: check
+CVE-2025-43553 (Substance3D - Modeler versions 1.21.0 and earlier are affected by an U ...)
+	TODO: check
+CVE-2025-43551 (Substance3D - Stager versions 3.1.1 and earlier are affected by an out ...)
+	TODO: check
+CVE-2025-43549 (Substance3D - Stager versions 3.1.1 and earlier are affected by a Use  ...)
+	TODO: check
+CVE-2025-43548 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds  ...)
+	TODO: check
+CVE-2025-3623 (The Uncanny Automator plugin for WordPress is vulnerable to PHP Object ...)
+	TODO: check
+CVE-2025-30316 (Adobe Connect versions 12.8 and earlier are affected by a stored Cross ...)
+	TODO: check
+CVE-2025-30315 (Adobe Connect versions 12.8 and earlier are affected by a stored Cross ...)
+	TODO: check
+CVE-2025-30314 (Adobe Connect versions 12.8 and earlier are affected by a stored Cross ...)
+	TODO: check
+CVE-2025-26646 (External control of file name or path in .NET, Visual Studio, and Buil ...)
+	TODO: check
+CVE-2025-24308 (Improper input validation in the UEFI firmware error handler for the I ...)
+	TODO: check
+CVE-2025-23233 (Incorrect execution-assigned permissions for some Edge Orchestrator so ...)
+	TODO: check
+CVE-2025-22895 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
+	TODO: check
+CVE-2025-22892 (Uncontrolled resource consumption for some OpenVINO\u2122 model server ...)
+	TODO: check
+CVE-2025-22848 (Improper conditions check for some Edge Orchestrator software for Inte ...)
+	TODO: check
+CVE-2025-22844 (Improper access control for some Edge Orchestrator software for Intel( ...)
+	TODO: check
+CVE-2025-22843 (Incorrect execution-assigned permissions for some Edge Orchestrator so ...)
+	TODO: check
+CVE-2025-22448 (Insecure inherited permissions for some Intel(R) Simics(R) Package Man ...)
+	TODO: check
+CVE-2025-22446 (Inadequate encryption strength for some Edge Orchestrator software for ...)
+	TODO: check
+CVE-2025-21100 (Improper initialization in the UEFI firmware for the Intel(R) Server D ...)
+	TODO: check
+CVE-2025-21099 (Uncontrolled search path for some Intel(R) Graphics software may allow ...)
+	TODO: check
+CVE-2025-21094 (Improper input validation in the UEFI firmware DXE module for the Inte ...)
+	TODO: check
+CVE-2025-21081 (Protection mechanism failure for some Edge Orchestrator software for I ...)
+	TODO: check
+CVE-2025-20629 (Insecure inherited permissions in the NVM Update Utility for some Inte ...)
+	TODO: check
+CVE-2025-20624 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
+	TODO: check
+CVE-2025-20618 (Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Sof ...)
+	TODO: check
+CVE-2025-20616 (Uncontrolled resource consumption for some Edge Orchestrator software  ...)
+	TODO: check
+CVE-2025-20612 (Incorrect execution-assigned permissions for some Edge Orchestrator so ...)
+	TODO: check
+CVE-2025-20611 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
+	TODO: check
+CVE-2025-20108 (Uncontrolled search path element for some Intel(R) Network Adapter Dri ...)
+	TODO: check
+CVE-2025-20104 (Race condition in some Administrative Tools for some Intel(R) Network  ...)
+	TODO: check
+CVE-2025-20101 (Out-of-bounds read for some Intel(R) Graphics Drivers may allow an aut ...)
+	TODO: check
+CVE-2025-20100 (Improper access control in the memory controller configurations for so ...)
+	TODO: check
+CVE-2025-20095 (Incorrect Default Permissions for some Intel(R) RealSense\u2122 SDK so ...)
+	TODO: check
+CVE-2025-20084 (Uncontrolled resource consumption for some Edge Orchestrator software  ...)
+	TODO: check
+CVE-2025-20083 (Improper authentication in the firmware for the Intel(R) Slim Bootload ...)
+	TODO: check
+CVE-2025-20082 (Time-of-check time-of-use race condition in the UEFI firmware SmiVaria ...)
+	TODO: check
+CVE-2025-20079 (Uncontrolled search path for some Intel(R) Advisor software may allow  ...)
+	TODO: check
+CVE-2025-20076 (Improper access control for some Edge Orchestrator software for Intel( ...)
+	TODO: check
+CVE-2025-20071 (NULL pointer dereference for some Intel(R) Graphics Drivers may allow  ...)
+	TODO: check
+CVE-2025-20062 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
+	TODO: check
+CVE-2025-20057 (Uncontrolled resource consumption for some Edge Orchestrator software  ...)
+	TODO: check
+CVE-2025-20052 (Improper access control for some Intel(R) Graphics software may allow  ...)
+	TODO: check
+CVE-2025-20047 (Improper locking in the Intel(R) Integrated Connectivity I/O interface ...)
+	TODO: check
+CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
+	TODO: check
+CVE-2025-20043 (Uncontrolled search path for some Intel(R) RealSense\u2122 SDK softwar ...)
+	TODO: check
+CVE-2025-20041 (Uncontrolled search path for some Intel(R) Graphics software for Intel ...)
+	TODO: check
+CVE-2025-20039 (Race condition for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
+	TODO: check
+CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI firmware SmiVar ...)
+	TODO: check
+CVE-2025-20032 (Improper input validation for some Intel(R) PROSet/Wireless WiFi Softw ...)
+	TODO: check
+CVE-2025-20031 (Improper input validation for some Intel(R) Graphics Drivers may allow ...)
+	TODO: check
+CVE-2025-20030 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
+	TODO: check
+CVE-2025-20026 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for ...)
+	TODO: check
+CVE-2025-20022 (Insufficient control flow management for some Edge Orchestrator softwa ...)
+	TODO: check
+CVE-2025-20018 (Untrusted pointer dereference for some Intel(R) Graphics Drivers may a ...)
+	TODO: check
+CVE-2025-20015 (Uncontrolled search path element for some Intel(R) Ethernet Connection ...)
+	TODO: check
+CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
+	TODO: check
+CVE-2025-20009 (Improper input validation in the UEFI firmware GenerationSetup module  ...)
+	TODO: check
+CVE-2025-20008 (Insecure inherited permissions for some Intel(R) Simics(R) Package Man ...)
+	TODO: check
+CVE-2025-20006 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
+	TODO: check
+CVE-2025-20004 (Insufficient control flow management in the Alias Checking Trusted Mod ...)
+	TODO: check
+CVE-2025-20003 (Improper link resolution before file access ('Link Following') for som ...)
+	TODO: check
+CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality, Incorrect ...)
+	TODO: check
+CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data analyti ...)
+	TODO: check
+CVE-2024-48869 (Improper restriction of software interfaces to hardware features for s ...)
+	TODO: check
+CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver software ma ...)
+	TODO: check
+CVE-2024-47795 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler s ...)
+	TODO: check
+CVE-2024-47550 (Incorrect default permissions for some Endurance Gaming Mode software  ...)
+	TODO: check
+CVE-2024-46895 (Uncontrolled search path for some Intel(R) Arc\u2122 & Iris(R) Xe  ...)
+	TODO: check
+CVE-2024-45371 (Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe g ...)
+	TODO: check
+CVE-2024-45333 (Improper access control for some Intel(R) Data Center GPU Flex Series  ...)
+	TODO: check
+CVE-2024-43101 (Improper access control for some Intel(R) Data Center GPU Flex Series  ...)
+	TODO: check
+CVE-2024-39833 (Uncontrolled search path for some Intel(R) QAT software before version ...)
+	TODO: check
+CVE-2024-39758 (Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe g ...)
+	TODO: check
+CVE-2024-36292 (Improper buffer restrictions for some Intel(R) Data Center GPU Flex Se ...)
+	TODO: check
+CVE-2024-31150 (Out-of-bounds read for some Intel(R) Graphics Driver software may allo ...)
+	TODO: check
+CVE-2024-31073 (Uncontrolled search path for some Intel(R) oneAPI Level Zero software  ...)
+	TODO: check
+CVE-2024-29222 (Out-of-bounds write for some Intel(R) Graphics Driver software may all ...)
+	TODO: check
+CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics Driver instal ...)
+	TODO: check
+CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may allow an ...)
+	TODO: check
 CVE-2025-26864
 	NOT-FOR-US: Apache IoTDB
 CVE-2025-26795
@@ -681,37 +895,37 @@ CVE-2024-55466 (An arbitrary file upload vulnerability in the Image Gallery of T
 	NOT-FOR-US: ThingsBoard
 CVE-2023-34732 (An issue in the userId parameter in the change password function of Fl ...)
 	NOT-FOR-US: Flytxt NEON-dX
-CVE-2025-20054
+CVE-2025-20054 (Uncaught exception in the core management mechanism for some Intel(R)  ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-20103
+CVE-2025-20103 (Insufficient resource pool in the core management mechanism for some I ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2024-45332
+CVE-2024-45332 (Exposure of sensitive information caused by shared microarchitectural  ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 	NOTE: https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
 	NOTE: https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
-CVE-2025-20623
+CVE-2025-20623 (Exposure of sensitive information caused by shared microarchitectural  ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2024-43420
+CVE-2024-43420 (Exposure of sensitive information caused by shared microarchitectural  ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-20012
+CVE-2025-20012 (Incorrect behavior order for some Intel(R) Core\u2122 Ultra Processors ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-24495
+CVE-2025-24495 (Incorrect initialization of resource in the branch prediction unit for ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2024-28956 [x86: Indirect Target Selection]
+CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural Structu ...)
 	- intel-microcode <unfixed> (bug #1105172)
 	- linux <unfixed>
 	- xen <unfixed> (bug #1105193)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1d8d9f8910a50e88bdaefb3ab83cfaed539e2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1d8d9f8910a50e88bdaefb3ab83cfaed539e2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/8b953183/attachment.htm>

More information about the debian-security-tracker-commits mailing list