[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 14 09:41:17 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
360c7c42 by Moritz Muehlenhoff at 2025-05-14T10:40:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,29 +69,29 @@ CVE-2025-30315 (Adobe Connect versions 12.8 and earlier are affected by a stored
CVE-2025-30314 (Adobe Connect versions 12.8 and earlier are affected by a stored Cross ...)
NOT-FOR-US: Adobe
CVE-2025-26646 (External control of file name or path in .NET, Visual Studio, and Buil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24308 (Improper input validation in the UEFI firmware error handler for the I ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-23233 (Incorrect execution-assigned permissions for some Edge Orchestrator so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22895 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
TODO: check
CVE-2025-22892 (Uncontrolled resource consumption for some OpenVINO\u2122 model server ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22848 (Improper conditions check for some Edge Orchestrator software for Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22844 (Improper access control for some Edge Orchestrator software for Intel( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22843 (Incorrect execution-assigned permissions for some Edge Orchestrator so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22448 (Insecure inherited permissions for some Intel(R) Simics(R) Package Man ...)
TODO: check
CVE-2025-22446 (Inadequate encryption strength for some Edge Orchestrator software for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21100 (Improper initialization in the UEFI firmware for the Intel(R) Server D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21099 (Uncontrolled search path for some Intel(R) Graphics software may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-21094 (Improper input validation in the UEFI firmware DXE module for the Inte ...)
TODO: check
CVE-2025-21081 (Protection mechanism failure for some Edge Orchestrator software for I ...)
@@ -113,7 +113,7 @@ CVE-2025-20108 (Uncontrolled search path element for some Intel(R) Network Adapt
CVE-2025-20104 (Race condition in some Administrative Tools for some Intel(R) Network ...)
TODO: check
CVE-2025-20101 (Out-of-bounds read for some Intel(R) Graphics Drivers may allow an aut ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20100 (Improper access control in the memory controller configurations for so ...)
TODO: check
CVE-2025-20095 (Incorrect Default Permissions for some Intel(R) RealSense\u2122 SDK so ...)
@@ -129,13 +129,13 @@ CVE-2025-20079 (Uncontrolled search path for some Intel(R) Advisor software may
CVE-2025-20076 (Improper access control for some Edge Orchestrator software for Intel( ...)
TODO: check
CVE-2025-20071 (NULL pointer dereference for some Intel(R) Graphics Drivers may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20062 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
TODO: check
CVE-2025-20057 (Uncontrolled resource consumption for some Edge Orchestrator software ...)
TODO: check
CVE-2025-20052 (Improper access control for some Intel(R) Graphics software may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20047 (Improper locking in the Intel(R) Integrated Connectivity I/O interface ...)
TODO: check
CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
@@ -143,7 +143,7 @@ CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software f
CVE-2025-20043 (Uncontrolled search path for some Intel(R) RealSense\u2122 SDK softwar ...)
TODO: check
CVE-2025-20041 (Uncontrolled search path for some Intel(R) Graphics software for Intel ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20039 (Race condition for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
TODO: check
CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI firmware SmiVar ...)
@@ -151,15 +151,15 @@ CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI firmware
CVE-2025-20032 (Improper input validation for some Intel(R) PROSet/Wireless WiFi Softw ...)
TODO: check
CVE-2025-20031 (Improper input validation for some Intel(R) Graphics Drivers may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20030 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
TODO: check
CVE-2025-20026 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for ...)
TODO: check
CVE-2025-20022 (Insufficient control flow management for some Edge Orchestrator softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20018 (Untrusted pointer dereference for some Intel(R) Graphics Drivers may a ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20015 (Uncontrolled search path element for some Intel(R) Ethernet Connection ...)
TODO: check
CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
@@ -167,13 +167,13 @@ CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for s
CVE-2025-20009 (Improper input validation in the UEFI firmware GenerationSetup module ...)
TODO: check
CVE-2025-20008 (Insecure inherited permissions for some Intel(R) Simics(R) Package Man ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20006 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
TODO: check
CVE-2025-20004 (Insufficient control flow management in the Alias Checking Trusted Mod ...)
TODO: check
CVE-2025-20003 (Improper link resolution before file access ('Link Following') for som ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality, Incorrect ...)
TODO: check
CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data analyti ...)
@@ -181,33 +181,33 @@ CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data a
CVE-2024-48869 (Improper restriction of software interfaces to hardware features for s ...)
TODO: check
CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver software ma ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-47795 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler s ...)
TODO: check
CVE-2024-47550 (Incorrect default permissions for some Endurance Gaming Mode software ...)
TODO: check
CVE-2024-46895 (Uncontrolled search path for some Intel(R) Arc\u2122 & Iris(R) Xe ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-45371 (Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe g ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-45333 (Improper access control for some Intel(R) Data Center GPU Flex Series ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-43101 (Improper access control for some Intel(R) Data Center GPU Flex Series ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-39833 (Uncontrolled search path for some Intel(R) QAT software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39758 (Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe g ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-36292 (Improper buffer restrictions for some Intel(R) Data Center GPU Flex Se ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-31150 (Out-of-bounds read for some Intel(R) Graphics Driver software may allo ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-31073 (Uncontrolled search path for some Intel(R) oneAPI Level Zero software ...)
TODO: check
CVE-2024-29222 (Out-of-bounds write for some Intel(R) Graphics Driver software may all ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics Driver instal ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may allow an ...)
TODO: check
CVE-2025-26864
@@ -504,25 +504,25 @@ CVE-2025-29829 (Use of uninitialized resource in Windows Trusted Runtime Interfa
CVE-2025-29826 (Improper handling of insufficient permissions or privileges in Microso ...)
NOT-FOR-US: Microsoft
CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin- ...)
- TODO: check
+ NOT-FOR-US: owl-admin
CVE-2025-28056 (rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /ad ...)
TODO: check
CVE-2025-28055 (upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file ...)
- TODO: check
+ NOT-FOR-US: upset-gal-web
CVE-2025-27696 (Improper Authorization vulnerability in Apache Superset allows ownersh ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2025-27488 (Use of hard-coded credentials in Windows Hardware Lab Kit allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27468 (Improper privilege management in Windows Secure Kernel Mode allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27197 (Lightroom Desktop versions 8.2 and earlier are affected by an out-of-b ...)
NOT-FOR-US: Adobe
CVE-2025-26685 (Improper authentication in Microsoft Defender for Identity allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26684 (External control of file name or path in Microsoft Defender for Endpoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26677 (Uncontrolled resource consumption in Remote Desktop Gateway Service al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26390 (A vulnerability has been identified in OZW672 (All versions < V6.0), O ...)
NOT-FOR-US: Siemens
CVE-2025-26389 (A vulnerability has been identified in OZW672 (All versions < V8.0), O ...)
@@ -530,7 +530,7 @@ CVE-2025-26389 (A vulnerability has been identified in OZW672 (All versions < V8
CVE-2025-24510 (A vulnerability has been identified in MS/TP Point Pickup Module (All ...)
NOT-FOR-US: Siemens
CVE-2025-24063 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24009 (A vulnerability has been identified in SIRIUS 3RK3 Modular Safety Syst ...)
NOT-FOR-US: Siemens
CVE-2025-24008 (A vulnerability has been identified in SIRIUS 3RK3 Modular Safety Syst ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360c7c424d642f4aa859470bbe0bef43bff642c5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360c7c424d642f4aa859470bbe0bef43bff642c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/a8149f89/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list