[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 15 04:50:30 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50b61496 by Salvatore Bonaccorso at 2025-10-15T05:49:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,13 +31,13 @@ CVE-2025-7329 (A Stored Cross-Site Scripting security issue exists in the affect
CVE-2025-7328 (Multiple Broken Authentication security issues exist in the affected p ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-62366 (mailgen is a Node.js package that generates responsive HTML e-mails fo ...)
- TODO: check
+ NOT-FOR-US: Node mailgen
CVE-2025-62172 (Home Assistant is open source home automation software that puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2025-62157 (Argo Workflows is an open source container-native workflow engine for ...)
- TODO: check
+ NOT-FOR-US: Argo Workflows
CVE-2025-62156 (Argo Workflows is an open source container-native workflow engine for ...)
- TODO: check
+ NOT-FOR-US: Argo Workflows
CVE-2025-61807 (Substance3D - Stager versions 3.1.4 and earlier are affected by an Int ...)
NOT-FOR-US: Adobe
CVE-2025-61806 (Substance3D - Stager versions 3.1.4 and earlier are affected by an out ...)
@@ -185,115 +185,115 @@ CVE-2025-59221 (Use after free in Microsoft Office Word allows an unauthorized a
CVE-2025-59214 (Exposure of sensitive information to an unauthorized actor in Windows ...)
NOT-FOR-US: Microsoft
CVE-2025-59213 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59211 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59210 (Windows Resilient File System (ReFS) Deduplication Service Elevation o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59209 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59208 (Out-of-bounds read in Windows MapUrlToZone allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59207 (Untrusted pointer dereference in Windows Kernel allows an authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59206 (Windows Resilient File System (ReFS) Deduplication Service Elevation o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59205 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59204 (Use of uninitialized resource in Windows Management Services allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59203 (Insertion of sensitive information into log file in Windows StateRepos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59202 (Use after free in Windows Remote Desktop Services allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59201 (Improper access control in Network Connection Status Indicator (NCSI) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59200 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59199 (Improper access control in Software Protection Platform (SPP) allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59198 (Improper input validation in Microsoft Windows Search Component allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59197 (Insertion of sensitive information into log file in Windows ETL Channe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59196 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59195 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59194 (Use of uninitialized resource in Windows Kernel allows an authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59193 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59192 (Buffer over-read in Storport.sys Driver allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59191 (Heap-based buffer overflow in Connected Devices Platform Service (Cdps ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59190 (Improper input validation in Microsoft Windows Search Component allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59189 (Use after free in Microsoft Brokering File System allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59188 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59187 (Improper input validation in Windows Kernel allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59186 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59185 (External control of file name or path in Windows Core Shell allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59184 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59051 (The FreePBX Endpoint Manager module includes a Network Scanning featur ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2025-58903 (An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS ...)
NOT-FOR-US: Fortinet
CVE-2025-58739 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58738 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58737 (Use after free in Windows Remote Desktop allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58736 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58735 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58734 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58733 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58732 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58731 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58730 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58729 (Improper validation of specified type of input in Windows Local Sessio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58728 (Use after free in Windows Bluetooth Service allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58727 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58726 (Improper access control in Windows SMB Server allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58725 (Heap-based buffer overflow in Windows COM allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58724 (Improper access control in Azure Connected Machine Agent allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58722 (Heap-based buffer overflow in Windows DWM allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58720 (Use of a cryptographic primitive with a risky implementation in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58719 (Use after free in Connected Devices Platform Service (Cdpsvc) allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58718 (Use after free in Remote Desktop Client allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58717 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58716 (Improper input validation in Microsoft Windows Speech allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58715 (Integer overflow or wraparound in Microsoft Windows Speech allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58714 (Improper access control in Windows Ancillary Function Driver for WinSo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58325 (An Incorrect Provision of Specified Functionality vulnerability [CWE-6 ...)
NOT-FOR-US: Fortinet
CVE-2025-58324 (An improper neutralization of input during web page generation vulnera ...)
@@ -305,101 +305,101 @@ CVE-2025-57740 (An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS
CVE-2025-57716 (An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiCl ...)
NOT-FOR-US: Fortinet
CVE-2025-57618 (A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: FastX3
CVE-2025-57563 (A path traversal in StarNet Communications Corporation FastX v.4 throu ...)
- TODO: check
+ NOT-FOR-US: FastX
CVE-2025-56747 (Creativeitem Academy LMS up to and including 5.13 contains a privilege ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2025-55701 (Improper validation of specified type of input in Microsoft Windows al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55700 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55699 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55698 (Null pointer dereference in Windows DirectX allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55697 (Heap-based buffer overflow in Azure Local allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55696 (Time-of-check time-of-use (toctou) race condition in NtQueryInformatio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55695 (Out-of-bounds read in Windows WLAN Auto Config Service allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55694 (Improper access control in Windows Error Reporting allows an authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55693 (Use after free in Windows Kernel allows an unauthorized attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55692 (Improper input validation in Windows Error Reporting allows an authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55691 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55690 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55689 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55688 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55687 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55686 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55685 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55684 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55683 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55682 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55681 (Out-of-bounds read in Windows DWM allows an authorized attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55680 (Time-of-check time-of-use (toctou) race condition in Windows Cloud Fil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55679 (Improper input validation in Windows Kernel allows an unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55678 (Use after free in Windows DirectX allows an authorized attacker to ele ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55677 (Untrusted pointer dereference in Windows Device Association Broker ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55676 (Generation of error message containing sensitive information in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55340 (Improper authentication in Windows Remote Desktop Protocol allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55339 (Out-of-bounds read in Windows NDIS allows an authorized attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55338 (Missing Ability to Patch ROM Code in Windows BitLocker allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55337 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55336 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55335 (Use after free in Windows NTFS allows an unauthorized attacker to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55334 (Cleartext storage of sensitive information in Windows Kernel allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55333 (Incomplete comparison with missing factors in Windows BitLocker allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55332 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55331 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55330 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55328 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55326 (Use after free in Connected Devices Platform Service (Cdpsvc) allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55325 (Buffer over-read in Windows Storage Management Provider allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55320 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55315 (Inconsistent interpretation of http requests ('http request/response s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55248 (Inadequate encryption strength in .NET, .NET Framework, Visual Studio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55247 (Improper link resolution before file access ('link following') in .NET ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55240 (Improper access control in Visual Studio allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54973 (A concurrent execution using shared resource with improper synchroniza ...)
NOT-FOR-US: Fortinet
CVE-2025-54893 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -790,11 +790,11 @@ CVE-2025-62175 (Mastodon is a free, open-source social network server based on A
CVE-2025-62174 (Mastodon is a free, open-source social network server based on Activit ...)
- mastodon <itp> (bug #859741)
CVE-2025-61688 (Omni manages Kubernetes on bare metal, virtual machines, or in a cloud ...)
- TODO: check
+ NOT-FOR-US: Omni
CVE-2025-59889 (Improper authentication of library files in the Eaton IPP software ins ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-59836 (Omni manages Kubernetes on bare metal, virtual machines, or in a cloud ...)
- TODO: check
+ NOT-FOR-US: Omni
CVE-2025-55078 (In Eclipse ThreadX before version 6.4.3, an attacker can cause a denia ...)
TODO: check
CVE-2025-42939 (SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b614961c615669b76b5be8dcf4da6c680106d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b614961c615669b76b5be8dcf4da6c680106d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/9cf9e644/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list