[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 11 20:13:55 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ac4bec1 by security tracker role at 2025-11-11T20:13:46+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-9408 (System call entry on Cortex M (and possibly R and A, but I think not) ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-9227 (Zohocorp ManageEngine OpManager versions 128609 and below are vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-9223 (Zohocorp ManageEngine Applications Manager versions 178100 and below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-8324 (Zohocorp ManageEngine Analytics Plus versions6170 and below are vulner ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7633 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7632 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7430 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-64773 (In JetBrains YouTrack before 2025.3.104432 a race condition allowed by ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-62453 (Improper validation of generative ai output in GitHub Copilot and Visu ...)
TODO: check
CVE-2025-62452 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
@@ -63,55 +63,55 @@ CVE-2025-62200 (Untrusted pointer dereference in Microsoft Office Excel allows a
CVE-2025-62199 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
TODO: check
CVE-2025-61845 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61844 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61843 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61842 (Format Plugins versions 1.1.1 and earlier are affected by a Use After ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61841 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61840 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61839 (Format Plugins versions 1.1.1 and earlier are affected by an out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61838 (Format Plugins versions 1.1.1 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61837 (Format Plugins versions 1.1.1 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61836 (Illustrator on iPad versions 3.0.9 and earlier are affected by an Inte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61832 (InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61831 (Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61830 (Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Aut ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61829 (Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61828 (Illustrator on iPad versions 3.0.9 and earlier are affected by an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61827 (Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61826 (Illustrator on iPad versions 3.0.9 and earlier are affected by an Inte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61824 (InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61820 (Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Hea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61819 (Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61818 (InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After F ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61817 (InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After F ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61816 (InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61815 (InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a U ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-61814 (InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a U ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-60728 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
TODO: check
CVE-2025-60727 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
@@ -159,7 +159,7 @@ CVE-2025-60704 (Missing cryptographic step in Windows Kerberos allows an unautho
CVE-2025-60703 (Untrusted pointer dereference in Windows Remote Desktop allows an auth ...)
TODO: check
CVE-2025-5317 (An improper access restriction to a folder in Bitdefender Endpoint Sec ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2025-59515 (Use after free in Windows Broadcast DVR User Service allows an authori ...)
TODO: check
CVE-2025-59514 (Improper privilege management in Microsoft Streaming Service allows an ...)
@@ -183,7 +183,7 @@ CVE-2025-59506 (Concurrent execution using shared resource with improper synchro
CVE-2025-59505 (Double free in Windows Smart Card allows an authorized attacker to ele ...)
TODO: check
CVE-2025-59504 (Heap-based buffer overflow in Azure Monitor Agent allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59499 (Improper neutralization of special elements used in an sql command ('s ...)
TODO: check
CVE-2025-59240 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
@@ -213,13 +213,13 @@ CVE-2025-35967 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Softwa
CVE-2025-35963 (Insufficient control flow management for some Intel(R) PROSet/Wireless ...)
TODO: check
CVE-2025-33202 (NVIDIA Triton Inference Server for Linux and Windows contains a vulner ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33186 (NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit ...)
TODO: check
CVE-2025-33185 (NVIDIA AIStore contains a vulnerability in AuthN where an unauthentica ...)
TODO: check
CVE-2025-33178 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33029 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software fo ...)
TODO: check
CVE-2025-33000 (Improper input validation for some Intel QuickAssist Technology before ...)
@@ -325,9 +325,9 @@ CVE-2025-24307 (Improper privilege management for some Intel(R) CIP software bef
CVE-2025-24299 (Improper input validation for some Intel(R) CIP software before versio ...)
TODO: check
CVE-2025-23361 (NVIDIA NeMo Framework for all platforms contains a vulnerability in a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-23357 (NVIDIA Megatron-LM for all platforms contains a vulnerability in a scr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-22391 (Improper access control for some SigTest before version 6.1.10 within ...)
TODO: check
CVE-2025-20622 (Sensitive information uncleared in resource before release for reuse f ...)
@@ -347,43 +347,43 @@ CVE-2025-13032 (Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25
CVE-2025-13027 (Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of ...)
TODO: check
CVE-2025-12953 (The Classified Listing \u2013 AI-Powered Classified ads & Business Dir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12944 (Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ M ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12943 (Improper certificate validation in firmware update logic in NETGEAR RA ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12942 (Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12940 (Login credentials are inadvertently recorded in logs if a Syslog Serve ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-12846 (The Blocksy Companion plugin for WordPress is vulnerable to authentica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12788 (The Hydra Booking \u2014 Appointment Scheduling & Booking Calendar plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12787 (The Hydra Booking \u2014 Appointment Scheduling & Booking Calendar plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12748 (A flaw was discovered in libvirt in the XML file processing. More spec ...)
TODO: check
CVE-2025-12539 (The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12101 (Cross-Site Scripting (XSS)inNetScaler ADC and NetScaler Gateway whenth ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2025-11960 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-11959 (Files or Directories Accessible to External Parties, Exposure of Priva ...)
TODO: check
CVE-2025-11862 (A security issue was discovered within Verve Asset Manager allowing un ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11697 (A local code execution security issue exists within Studio 5000\xae Si ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11696 (A local server-side request forgery (SSRF) security issue exists withi ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11085 (A security issue exists within DataMosaix\u2122 Private Cloud allowing ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11084 (A security issue exists within DataMosaix\u2122 Private Cloud, allowin ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-10918 (Insecure default permissions in the agent of Ivanti Endpoint Manager b ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-10905 (Collision in MiniFilter driverin Avast Software Avast Free Antivirus b ...)
TODO: check
CVE-2025-10161 (Improper Restriction of Excessive Authentication Attempts, Client-Side ...)
@@ -391,7 +391,7 @@ CVE-2025-10161 (Improper Restriction of Excessive Authentication Attempts, Clien
CVE-2024-57695 (An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7 ...)
TODO: check
CVE-2017-20210 (Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerabi ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-13015 (Spoofing issue in Firefox. This vulnerability affects Firefox < 145, F ...)
- firefox <unfixed>
- firefox-esr <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac4bec1175b5fdadd4ee9441d37ae65a87d2590
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac4bec1175b5fdadd4ee9441d37ae65a87d2590
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/46e26e10/attachment.htm>
More information about the debian-security-tracker-commits
mailing list