[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 11 21:09:46 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d2c4c85 by Salvatore Bonaccorso at 2025-11-11T22:09:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,53 +15,53 @@ CVE-2025-7430 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and be
CVE-2025-64773 (In JetBrains YouTrack before 2025.3.104432 a race condition allowed by ...)
NOT-FOR-US: JetBrains
CVE-2025-62453 (Improper validation of generative ai output in GitHub Copilot and Visu ...)
- TODO: check
+ NOT-FOR-US: GitHub Copilot and Visual Studio Code
CVE-2025-62452 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62449 (Improper limitation of a pathname to a restricted directory ('path tra ...)
- TODO: check
+ NOT-FOR-US: Visual Studio Code CoPilot Chat Extension
CVE-2025-62222 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Visual Studio Code CoPilot Chat Extension
CVE-2025-62220 (Heap-based buffer overflow in Windows Subsystem for Linux GUI allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62219 (Double free in Microsoft Wireless Provisioning System allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62218 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62217 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62216 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62215 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62214 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62213 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62211 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62210 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62209 (Insertion of sensitive information into log file in Windows License Ma ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62208 (Insertion of sensitive information into log file in Windows License Ma ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62206 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62205 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62204 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62203 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62202 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62201 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62200 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-62199 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-61845 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
NOT-FOR-US: Adobe
CVE-2025-61844 (Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bo ...)
@@ -113,75 +113,75 @@ CVE-2025-61815 (InDesign Desktop versions 20.5, 19.5.5 and earlier are affected
CVE-2025-61814 (InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a U ...)
NOT-FOR-US: Adobe
CVE-2025-60728 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60727 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60726 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60724 (Heap-based buffer overflow in Microsoft Graphics Component allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60723 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60722 (Improper limitation of a pathname to a restricted directory ('path tra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60721 (Privilege context switching error in Windows Administrator Protection ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60720 (Buffer over-read in Windows TDX.sys allows an authorized attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60719 (Untrusted pointer dereference in Windows Ancillary Function Driver for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60718 (Untrusted search path in Windows Administrator Protection allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60717 (Use after free in Windows Broadcast DVR User Service allows an authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60716 (Use after free in Windows DirectX allows an authorized attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60715 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60714 (Heap-based buffer overflow in Windows OLE allows an unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60713 (Untrusted pointer dereference in Windows Routing and Remote Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60710 (Improper link resolution before file access ('link following') in Host ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60709 (Out-of-bounds read in Windows Common Log File System Driver allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60708 (Untrusted pointer dereference in Storvsp.sys Driver allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60707 (Use after free in Multimedia Class Scheduler Service (MMCSS) allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60706 (Out-of-bounds read in Windows Hyper-V allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60705 (Improper access control in Windows Client-Side Caching (CSC) Service a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60704 (Missing cryptographic step in Windows Kerberos allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-60703 (Untrusted pointer dereference in Windows Remote Desktop allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-5317 (An improper access restriction to a folder in Bitdefender Endpoint Sec ...)
NOT-FOR-US: Bitdefender
CVE-2025-59515 (Use after free in Windows Broadcast DVR User Service allows an authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59514 (Improper privilege management in Microsoft Streaming Service allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59513 (Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59512 (Improper access control in Customer Experience Improvement Program (CE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59511 (External control of file name or path in Windows WLAN Service allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59510 (Improper link resolution before file access ('link following') in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59509 (Insertion of sensitive information into sent data in Windows Speech al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59508 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59507 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59506 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59505 (Double free in Windows Smart Card allows an authorized attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59504 (Heap-based buffer overflow in Azure Monitor Agent allows an unauthoriz ...)
NOT-FOR-US: Microsoft
CVE-2025-59499 (Improper neutralization of special elements used in an sql command ('s ...)
@@ -205,13 +205,13 @@ CVE-2025-41101 (HTML injection vulnerability found in Fairsketch's RISE CRM Fram
CVE-2025-35972 (Uncontrolled search path for the Intel MPI Library before version 2021 ...)
TODO: check
CVE-2025-35971 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-35968 (Protection mechanism failure in the UEFI firmware for the Slim Bootloa ...)
TODO: check
CVE-2025-35967 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-35963 (Insufficient control flow management for some Intel(R) PROSet/Wireless ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-33202 (NVIDIA Triton Inference Server for Linux and Windows contains a vulner ...)
NOT-FOR-US: NVIDIA
CVE-2025-33186 (NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit ...)
@@ -221,7 +221,7 @@ CVE-2025-33185 (NVIDIA AIStore contains a vulnerability in AuthN where an unauth
CVE-2025-33178 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
NOT-FOR-US: NVIDIA
CVE-2025-33029 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-33000 (Improper input validation for some Intel QuickAssist Technology before ...)
TODO: check
CVE-2025-32732 (Buffer overflow for some Intel(R) QAT Windows software before version ...)
@@ -237,13 +237,13 @@ CVE-2025-32088 (Improper conditions check for some Intel(R) QAT Windows software
CVE-2025-32038 (Uncontrolled search path for some FPGA Support Package for the Intel o ...)
NOT-FOR-US: Intel
CVE-2025-32037 (Improper access control for some Intel(R) PresentMon before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-32001 (Uncontrolled search path for the Intel(R) Processor Identification Uti ...)
NOT-FOR-US: Intel
CVE-2025-31948 (Improper input validation for some Intel(R) oneAPI Math Kernel Library ...)
NOT-FOR-US: Intel
CVE-2025-31940 (Incorrect default permissions for some Intel(R) Thread Director Visual ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-31937 (Out-of-bounds read for some Intel(R) QAT Windows software before versi ...)
NOT-FOR-US: Intel
CVE-2025-31931 (Uncontrolled search path for the Instrumentation and Tracing Technolog ...)
@@ -251,11 +251,11 @@ CVE-2025-31931 (Uncontrolled search path for the Instrumentation and Tracing Tec
CVE-2025-31647 (Uncontrolled search path for some Intel(R) Graphics Software before ve ...)
TODO: check
CVE-2025-31645 (Uncontrolled search path for some System Event Log Viewer Utility soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-31146 (Time-of-check time-of-use race condition for some Intel Ethernet Adapt ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30518 (Incorrect default permissions for some Intel(R) PresentMon before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30509 (Improper input validation for some Intel QuickAssist Technology softwa ...)
TODO: check
CVE-2025-30506 (Uncontrolled search path for some Intel Driver and Support Assistant b ...)
@@ -263,13 +263,13 @@ CVE-2025-30506 (Uncontrolled search path for some Intel Driver and Support Assis
CVE-2025-30398 (Missing authorization in Nuance PowerScribe allows an unauthorized att ...)
TODO: check
CVE-2025-30255 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30185 (Active debug code for some Intel UEFI reference platforms within Ring ...)
TODO: check
CVE-2025-30182 (Uncontrolled search path for some Intel(R) Distribution for Python sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27725 (Time-of-check time-of-use race condition for some ACAT before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27713 (Out-of-bounds write for some Intel(R) QAT Windows software before vers ...)
NOT-FOR-US: Intel
CVE-2025-27712 (Improper neutralization for some Intel(R) Neural Compressor software b ...)
@@ -313,9 +313,9 @@ CVE-2025-24519 (Buffer overflow for some Intel(R) QAT Windows software before ve
CVE-2025-24516 (Improper access control for some Intel(R) CIP software before version ...)
NOT-FOR-US: Intel
CVE-2025-24512 (Improper input validation for some Intel(R) PROSet/Wireless WiFi Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24491 (Uncontrolled search path for some Intel(R) Killer(TM) Performance Suit ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24327 (Insecure inherited permissions for some Intel(R) Rapid Storage Technol ...)
NOT-FOR-US: Intel
CVE-2025-24314 (Improper access control for some Intel(R) CIP software before version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2c4c8500cee5748197c62ab4a9d6cb44eb6ebe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2c4c8500cee5748197c62ab4a9d6cb44eb6ebe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/f871213b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list