[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 14 22:33:11 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b404eabe by Salvatore Bonaccorso at 2025-05-14T23:32:46+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,7 +85,7 @@ CVE-2025-3600 (In Progress\xae Telerik\xae UI for AJAX, versions 2011.2.712 to 2
CVE-2025-33104 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
NOT-FOR-US: IBM
CVE-2025-32363 (mediDOK before 2.5.18.43 allows remote attackers to achieve remote cod ...)
- TODO: check
+ NOT-FOR-US: mediDOK
CVE-2025-30668 (Integer underflow in some Zoom Workplace Apps may allow an authenticat ...)
NOT-FOR-US: Zoom
CVE-2025-30667 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
@@ -103,21 +103,21 @@ CVE-2025-2900 (IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through
CVE-2025-2875 (CWE-610: Externally Controlled Reference to a Resource in Another Sphe ...)
NOT-FOR-US: Schneider Electric
CVE-2025-26785 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-26784 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-25370 (An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5. ...)
- TODO: check
+ NOT-FOR-US: realme GT 2 (RMX3311)
CVE-2025-24969 (iTop is an web based IT Service Management tool. Prior to version 3.2. ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24785 (iTop is an web based IT Service Management tool. In version 3.2.0, an ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24026 (iTop is an web based IT Service Management tool. Versions prior to 3.2 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24022 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-24021 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2025-22756
REJECTED
CVE-2025-0138 (Web sessions in the web interface of Palo Alto Networks Prisma\xae Clo ...)
@@ -141,19 +141,19 @@ CVE-2025-0130 (A missing exception check in Palo Alto Networks PAN-OS\xae softwa
CVE-2024-8988 (The PeepSo Core: File Uploads plugin for WordPress is vulnerable to In ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pair ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
- TODO: check
+ NOT-FOR-US: Netgate pfSense CE
CVE-2024-57096 (An issue in wps office before v.19302 allows a local attacker to obtai ...)
TODO: check
CVE-2024-56157 (iTop is an web based IT Service Management tool. Prior to versions 3.1 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2024-54780 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
- TODO: check
+ NOT-FOR-US: Netgate pfSense CE
CVE-2024-54779 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
- TODO: check
+ NOT-FOR-US: Netgate pfSense CE
CVE-2024-52601 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
- TODO: check
+ NOT-FOR-US: iTop
CVE-2024-45516 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Pat ...)
NOT-FOR-US: Zimbra
CVE-2024-13940 (The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server- ...)
@@ -273,25 +273,25 @@ CVE-2025-21100 (Improper initialization in the UEFI firmware for the Intel(R) Se
CVE-2025-21099 (Uncontrolled search path for some Intel(R) Graphics software may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-21094 (Improper input validation in the UEFI firmware DXE module for the Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21081 (Protection mechanism failure for some Edge Orchestrator software for I ...)
NOT-FOR-US: Intel
CVE-2025-20629 (Insecure inherited permissions in the NVM Update Utility for some Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20624 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
NOT-FOR-US: Intel
CVE-2025-20618 (Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20616 (Uncontrolled resource consumption for some Edge Orchestrator software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20612 (Incorrect execution-assigned permissions for some Edge Orchestrator so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20611 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20108 (Uncontrolled search path element for some Intel(R) Network Adapter Dri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20104 (Race condition in some Administrative Tools for some Intel(R) Network ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20101 (Out-of-bounds read for some Intel(R) Graphics Drivers may allow an aut ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20100 (Improper access control in the memory controller configurations for so ...)
@@ -303,7 +303,7 @@ CVE-2025-20084 (Uncontrolled resource consumption for some Edge Orchestrator sof
CVE-2025-20083 (Improper authentication in the firmware for the Intel(R) Slim Bootload ...)
TODO: check
CVE-2025-20082 (Time-of-check time-of-use race condition in the UEFI firmware SmiVaria ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20079 (Uncontrolled search path for some Intel(R) Advisor software may allow ...)
NOT-FOR-US: Intel
CVE-2025-20076 (Improper access control for some Edge Orchestrator software for Intel( ...)
@@ -311,45 +311,45 @@ CVE-2025-20076 (Improper access control for some Edge Orchestrator software for
CVE-2025-20071 (NULL pointer dereference for some Intel(R) Graphics Drivers may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20062 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20057 (Uncontrolled resource consumption for some Edge Orchestrator software ...)
NOT-FOR-US: Intel
CVE-2025-20052 (Improper access control for some Intel(R) Graphics software may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20047 (Improper locking in the Intel(R) Integrated Connectivity I/O interface ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20043 (Uncontrolled search path for some Intel(R) RealSense\u2122 SDK softwar ...)
NOT-FOR-US: Intel
CVE-2025-20041 (Uncontrolled search path for some Intel(R) Graphics software for Intel ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20039 (Race condition for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI firmware SmiVar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20032 (Improper input validation for some Intel(R) PROSet/Wireless WiFi Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20031 (Improper input validation for some Intel(R) Graphics Drivers may allow ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20030 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20026 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20022 (Insufficient control flow management for some Edge Orchestrator softwa ...)
NOT-FOR-US: Intel
CVE-2025-20018 (Untrusted pointer dereference for some Intel(R) Graphics Drivers may a ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20015 (Uncontrolled search path element for some Intel(R) Ethernet Connection ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for some Ed ...)
NOT-FOR-US: Intel
CVE-2025-20009 (Improper input validation in the UEFI firmware GenerationSetup module ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20008 (Insecure inherited permissions for some Intel(R) Simics(R) Package Man ...)
NOT-FOR-US: Intel
CVE-2025-20006 (Use after free for some Intel(R) PROSet/Wireless WiFi Software for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20004 (Insufficient control flow management in the Alias Checking Trusted Mod ...)
TODO: check
CVE-2025-20003 (Improper link resolution before file access ('Link Following') for som ...)
@@ -732,7 +732,7 @@ CVE-2025-0035 (Unquoted search path within AMD Cloud Manageability Service can a
CVE-2024-6364 (A vulnerability in Absolute Persistence\xae versions before 2.8 exists ...)
NOT-FOR-US: Absolute Software
CVE-2024-56526 (An issue was discovered in OXID eShop before 7. CMS pages in combinati ...)
- TODO: check
+ NOT-FOR-US: OXID eShop
CVE-2024-51447 (A vulnerability has been identified in Polarion V2310 (All versions), ...)
NOT-FOR-US: Siemens
CVE-2024-51446 (A vulnerability has been identified in Polarion V2310 (All versions), ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b404eabea898c3f57091eb9f0ec9f45a8f68f6ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b404eabea898c3f57091eb9f0ec9f45a8f68f6ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/f5398e78/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list