[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Oct 14 22:01:34 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12b63cdd by Moritz Mühlenhoff at 2025-10-14T23:01:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,133 +57,133 @@ CVE-2025-61799 (Dimension versions 4.1.4 and earlier are affected by an out-of-b
CVE-2025-61798 (Dimension versions 4.1.4 and earlier are affected by an out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2025-61678 (FreePBX Endpoint Manager is a module for managing telephony endpoints ...)
- TODO: check
+ NOT-FOR-US: FreePBX Endpoint Manager
CVE-2025-61675 (FreePBX Endpoint Manager is a module for managing telephony endpoints ...)
- TODO: check
+ NOT-FOR-US: FreePBX Endpoint Manager
CVE-2025-60540 (karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Req ...)
- TODO: check
+ NOT-FOR-US: karakeep
CVE-2025-60537 (Improper input validation in the component /kafka/ui/serdes/CustomSerd ...)
- TODO: check
+ NOT-FOR-US: kafka-ui
CVE-2025-60536 (An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to ...)
- TODO: check
+ NOT-FOR-US: kafka-ui
CVE-2025-60535 (A Cross-Site Request Forgery (CSRF) in the component /endpoints/curren ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2025-60374 (Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 a ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-5946 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
NOT-FOR-US: Centreon
CVE-2025-59921 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2025-59502 (Uncontrolled resource consumption in Windows Remote Procedure Call all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59497 (Time-of-check time-of-use (toctou) race condition in Microsoft Defende ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59494 (Improper access control in Azure Monitor Agent allows an authorized at ...)
NOT-FOR-US: Microsoft
CVE-2025-59429 (FreePBX is an open source GUI for managing Asterisk. In versions prior ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2025-59428 (EspoCRM is an open source customer relationship management application ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2025-59295 (Heap-based buffer overflow in Internet Explorer allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59294 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59292 (External control of file name or path in Confidential Azure Container ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59291 (External control of file name or path in Confidential Azure Container ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59290 (Use after free in Windows Bluetooth Service allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59289 (Double free in Windows Bluetooth Service allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59288 (Improper verification of cryptographic signature in GitHub allows an u ...)
- TODO: check
+ NOT-FOR-US: Github
CVE-2025-59287 (Deserialization of untrusted data in Windows Server Update Service all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59285 (Deserialization of untrusted data in Azure Monitor Agent allows an aut ...)
NOT-FOR-US: Microsoft
CVE-2025-59284 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59282 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59281 (Improper link resolution before file access ('link following') in XBox ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59280 (Improper authentication in Windows SMB Client allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59278 (Improper validation of specified type of input in Windows Authenticati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59277 (Improper validation of specified type of input in Windows Authenticati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59275 (Improper validation of specified type of input in Windows Authenticati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59261 (Time-of-check time-of-use (toctou) race condition in Microsoft Graphic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59260 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59259 (Improper validation of specified type of input in Windows Local Sessio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59258 (Insertion of sensitive information into log file in Active Directory F ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59257 (Improper validation of specified type of input in Windows Local Sessio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59255 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59254 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59253 (Improper access control in Microsoft Windows Search Component allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59250 (Improper input validation in JDBC Driver for SQL Server allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59249 (Weak authentication in Microsoft Exchange Server allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59248 (Improper input validation in Microsoft Exchange Server allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59244 (External control of file name or path in Windows Core Shell allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59243 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59242 (Heap-based buffer overflow in Windows Ancillary Function Driver for Wi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59241 (Improper link resolution before file access ('link following') in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59238 (Use after free in Microsoft Office PowerPoint allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59237 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59236 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59235 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59234 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59233 (Access of resource using incompatible type ('type confusion') in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59232 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59231 (Access of resource using incompatible type ('type confusion') in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59230 (Improper access control in Windows Remote Access Connection Manager al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59229 (Uncaught exception in Microsoft Office allows an unauthorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59228 (Improper input validation in Microsoft Office SharePoint allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59227 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59226 (Use after free in Microsoft Office Visio allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59225 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59224 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59223 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59222 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59221 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59214 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59213 (Improper neutralization of special elements used in an sql command ('s ...)
TODO: check
CVE-2025-59211 (Exposure of sensitive information to an unauthorized actor in Windows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12b63cdd5a107ee850aeb3040dbf3bdd64fdaefb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12b63cdd5a107ee850aeb3040dbf3bdd64fdaefb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251014/5599bb42/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list