[Git][security-tracker-team/security-tracker][master] Add new grub2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 18 20:42:36 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f498fbe8 by Salvatore Bonaccorso at 2025-11-18T21:41:57+01:00
Add new grub2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -68,13 +68,17 @@ CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX)
 CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory vulnerability [ ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in the nor ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917
 CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's normal c ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917
 CVE-2025-61662 (A Use-After-Free vulnerability has been discovered in GRUB's gettext m ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807
 CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified Bootloa ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3
 CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, ...)
 	NOT-FOR-US: Modular Max Serve
 CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6 ...)
@@ -126,9 +130,11 @@ CVE-2025-54971 (An exposure of sensitive information to an unauthorized actor vu
 CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] in Fortinet F ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU GRUB (Gr ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c4fb4cbc941981894a00ba8e75d634a41967a27f
 CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's network  ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d
 CVE-2025-54660 (An active debug code vulnerability in Fortinet FortiClientWindows 7.4. ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f498fbe8df28dea100233e81b47e189e7c337894

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f498fbe8df28dea100233e81b47e189e7c337894
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/ecf15d6d/attachment.htm>

More information about the debian-security-tracker-commits mailing list