[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 9 21:54:13 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
558cf279 by Salvatore Bonaccorso at 2025-09-09T22:53:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2025-7635 (Unauthenticated Telnet access vulnerability in Calix GigaCenter O
CVE-2025-7350 (A security issue affecting multiple Cisco devices also directly impact ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-5500 (A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. ...)
- TODO: check
+ NOT-FOR-US: ZhenShi Mibro Fit App
CVE-2025-5005 (A vulnerability was detected in Shanghai Lingdang Information Technolo ...)
- TODO: check
+ NOT-FOR-US: Shanghai Lingdang Information Technology Lingdang CRM
CVE-2025-59019 (Missing authorization checks in the CSV download feature of TYPO3 CMS ...)
NOT-FOR-US: Typo3 extension
CVE-2025-59018 (Missing authorization checks in the Workspace Module of TYPO3 CMS vers ...)
@@ -180,21 +180,21 @@ CVE-2025-55243 (Exposure of sensitive information to an unauthorized actor in Mi
CVE-2025-55236 (Time-of-check time-of-use (toctou) race condition in Graphics Kernel a ...)
NOT-FOR-US: Microsoft
CVE-2025-55234 (SMB Server might be susceptible to relay attacks depending on the conf ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55232 (Deserialization of untrusted data in Microsoft High Performance Comput ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55228 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55227 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55226 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55225 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55224 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55223 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55148 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
NOT-FOR-US: Ivanti
CVE-2025-55147 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy ...)
@@ -230,53 +230,53 @@ CVE-2025-55048 (Multiple CWE-78)
CVE-2025-55047 (CWE-798 Use of Hard-coded Credentials)
TODO: check
CVE-2025-54919 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54918 (Improper authentication in Windows NTLM allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54917 (Protection mechanism failure in Windows MapUrlToZone allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54916 (Stack-based buffer overflow in Windows NTFS allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54915 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54913 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54912 (Use after free in Windows BitLocker allows an authorized attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54911 (Use after free in Windows BitLocker allows an authorized attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54910 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54908 (Use after free in Microsoft Office PowerPoint allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54907 (Heap-based buffer overflow in Microsoft Office Visio allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54906 (Free of memory not on the heap in Microsoft Office allows an unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54905 (Untrusted pointer dereference in Microsoft Office Word allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54904 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54903 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54902 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54901 (Buffer over-read in Microsoft Office Excel allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54900 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54899 (Free of memory not on the heap in Microsoft Office Excel allows an una ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54898 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54897 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54896 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54895 (Integer overflow or wraparound in Windows SPNEGO Extended Negotiation ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54894 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54709 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-54261 (ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected ...)
@@ -306,89 +306,89 @@ CVE-2025-54242 (Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a
CVE-2025-54236 (Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2 ...)
NOT-FOR-US: Adobe
CVE-2025-54116 (Improper access control in Windows MultiPoint Services allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54115 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54114 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54113 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54112 (Use after free in Microsoft Virtual Hard Drive allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54111 (Use after free in Windows UI XAML Phone DatePickerFlyout allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54110 (Integer overflow or wraparound in Windows Kernel allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54109 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54108 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54107 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54106 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54105 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54104 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54103 (Use after free in Windows Management Services allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54102 (Use after free in Windows Connected Devices Platform Service allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54101 (Use after free in Windows SMBv3 Client allows an authorized attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54099 (Stack-based buffer overflow in Windows Ancillary Function Driver for W ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54098 (Improper access control in Windows Hyper-V allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54097 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54096 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54095 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54094 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54093 (Time-of-check time-of-use (toctou) race condition in Windows TCP/IP al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54092 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-54091 (Integer overflow or wraparound in Windows Hyper-V allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53914 (Excessive Privilegesvulnerability in Calix GigaCenter ONT (Broadcom So ...)
- TODO: check
+ NOT-FOR-US: Calix
CVE-2025-53913 (Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna ...)
- TODO: check
+ NOT-FOR-US: Calix
CVE-2025-53810 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53809 (Improper input validation in Windows Local Security Authority Subsyste ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53808 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53807 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53806 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53805 (Out-of-bounds read in Windows Internet Information Services allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53804 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53803 (Generation of error message containing sensitive information in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53802 (Use after free in Windows Bluetooth Service allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53801 (Untrusted pointer dereference in Windows DWM allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53800 (No cwe for this issue in Microsoft Graphics Component allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53799 (Use of uninitialized resource in Windows Imaging Component allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53798 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53797 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53796 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53609 (A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 thr ...)
NOT-FOR-US: Fortinet
CVE-2025-53348 (Missing Authorization vulnerability in Laborator Kalium. This issue af ...)
@@ -400,17 +400,17 @@ CVE-2025-53303 (Deserialization of Untrusted Data vulnerability in ThemeMove The
CVE-2025-53291 (Missing Authorization vulnerability in spoddev2021 Spreadconnect. This ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52915 (K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, al ...)
- TODO: check
+ NOT-FOR-US: K7 Security Anti-Malware suite
CVE-2025-52322 (An issue in Open5GS v2.7.2 and before allows a remote attacker to caus ...)
TODO: check
CVE-2025-52277 (Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: YesWiki
CVE-2025-49860 (Missing Authorization vulnerability in Majestic Support Majestic Suppo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49734 (Improper restriction of communication channel to intended endpoints in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49692 (Improper access control in Azure Windows Virtual Machine Agent allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49430 (Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48208 (Improper Neutralization of Special Elements used in an LDAP Query ('LD ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/558cf279cc14e3e4bbb21f221398c0e46d7dd170
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/558cf279cc14e3e4bbb21f221398c0e46d7dd170
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250909/3ee3049e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list