Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
360c7c42 by Moritz Muehlenhoff at 2025-05-14T10:40:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,29 +69,29 @@ CVE-2025-30315 (Adobe Connect versions 12.8 and earlier are
affected by a stored
CVE-2025-30314 (Adobe Connect versions 12.8 and earlier are affected by a
stored Cross ...)
NOT-FOR-US: Adobe
CVE-2025-26646 (External control of file name or path in .NET, Visual Studio,
and Buil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24308 (Improper input validation in the UEFI firmware error handler
for the I ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-23233 (Incorrect execution-assigned permissions for some Edge
Orchestrator so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22895 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
TODO: check
CVE-2025-22892 (Uncontrolled resource consumption for some OpenVINO\u2122
model server ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22848 (Improper conditions check for some Edge Orchestrator software
for Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22844 (Improper access control for some Edge Orchestrator software
for Intel( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22843 (Incorrect execution-assigned permissions for some Edge
Orchestrator so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22448 (Insecure inherited permissions for some Intel(R) Simics(R)
Package Man ...)
TODO: check
CVE-2025-22446 (Inadequate encryption strength for some Edge Orchestrator
software for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21100 (Improper initialization in the UEFI firmware for the Intel(R)
Server D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21099 (Uncontrolled search path for some Intel(R) Graphics software
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-21094 (Improper input validation in the UEFI firmware DXE module for
the Inte ...)
TODO: check
CVE-2025-21081 (Protection mechanism failure for some Edge Orchestrator
software for I ...)
@@ -113,7 +113,7 @@ CVE-2025-20108 (Uncontrolled search path element for some
Intel(R) Network Adapt
CVE-2025-20104 (Race condition in some Administrative Tools for some Intel(R)
Network ...)
TODO: check
CVE-2025-20101 (Out-of-bounds read for some Intel(R) Graphics Drivers may
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20100 (Improper access control in the memory controller
configurations for so ...)
TODO: check
CVE-2025-20095 (Incorrect Default Permissions for some Intel(R)
RealSense\u2122 SDK so ...)
@@ -129,13 +129,13 @@ CVE-2025-20079 (Uncontrolled search path for some
Intel(R) Advisor software may
CVE-2025-20076 (Improper access control for some Edge Orchestrator software
for Intel( ...)
TODO: check
CVE-2025-20071 (NULL pointer dereference for some Intel(R) Graphics Drivers
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20062 (Use after free for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
TODO: check
CVE-2025-20057 (Uncontrolled resource consumption for some Edge Orchestrator
software ...)
TODO: check
CVE-2025-20052 (Improper access control for some Intel(R) Graphics software
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20047 (Improper locking in the Intel(R) Integrated Connectivity I/O
interface ...)
TODO: check
CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
@@ -143,7 +143,7 @@ CVE-2025-20046 (Use after free for some Intel(R)
PROSet/Wireless WiFi Software f
CVE-2025-20043 (Uncontrolled search path for some Intel(R) RealSense\u2122 SDK
softwar ...)
TODO: check
CVE-2025-20041 (Uncontrolled search path for some Intel(R) Graphics software
for Intel ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20039 (Race condition for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
TODO: check
CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI
firmware SmiVar ...)
@@ -151,15 +151,15 @@ CVE-2025-20034 (Improper input validation in the
BackupBiosUpdate UEFI firmware
CVE-2025-20032 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi Softw ...)
TODO: check
CVE-2025-20031 (Improper input validation for some Intel(R) Graphics Drivers
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20030 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
TODO: check
CVE-2025-20026 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi
Software for ...)
TODO: check
CVE-2025-20022 (Insufficient control flow management for some Edge
Orchestrator softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20018 (Untrusted pointer dereference for some Intel(R) Graphics
Drivers may a ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-20015 (Uncontrolled search path element for some Intel(R) Ethernet
Connection ...)
TODO: check
CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
@@ -167,13 +167,13 @@ CVE-2025-20013 (Exposure of sensitive information to an
unauthorized actor for s
CVE-2025-20009 (Improper input validation in the UEFI firmware GenerationSetup
module ...)
TODO: check
CVE-2025-20008 (Insecure inherited permissions for some Intel(R) Simics(R)
Package Man ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20006 (Use after free for some Intel(R) PROSet/Wireless WiFi Software
for Win ...)
TODO: check
CVE-2025-20004 (Insufficient control flow management in the Alias Checking
Trusted Mod ...)
TODO: check
CVE-2025-20003 (Improper link resolution before file access ('Link Following')
for som ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality,
Incorrect ...)
TODO: check
CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data
analyti ...)
@@ -181,33 +181,33 @@ CVE-2024-52290 (LF Edge eKuiper is a lightweight internet
of things (IoT) data a
CVE-2024-48869 (Improper restriction of software interfaces to hardware
features for s ...)
TODO: check
CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver
software ma ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-47795 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++
Compiler s ...)
TODO: check
CVE-2024-47550 (Incorrect default permissions for some Endurance Gaming Mode
software ...)
TODO: check
CVE-2024-46895 (Uncontrolled search path for some Intel(R) Arc\u2122 &
Iris(R) Xe ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-45371 (Improper access control for some Intel(R) Arc\u2122 &
Iris(R) Xe g ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-45333 (Improper access control for some Intel(R) Data Center GPU Flex
Series ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-43101 (Improper access control for some Intel(R) Data Center GPU Flex
Series ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-39833 (Uncontrolled search path for some Intel(R) QAT software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39758 (Improper access control for some Intel(R) Arc\u2122 &
Iris(R) Xe g ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-36292 (Improper buffer restrictions for some Intel(R) Data Center GPU
Flex Se ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-31150 (Out-of-bounds read for some Intel(R) Graphics Driver software
may allo ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-31073 (Uncontrolled search path for some Intel(R) oneAPI Level Zero
software ...)
TODO: check
CVE-2024-29222 (Out-of-bounds write for some Intel(R) Graphics Driver software
may all ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics
Driver instal ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may
allow an ...)
TODO: check
CVE-2025-26864
@@ -504,25 +504,25 @@ CVE-2025-29829 (Use of uninitialized resource in Windows
Trusted Runtime Interfa
CVE-2025-29826 (Improper handling of insufficient permissions or privileges in
Microso ...)
NOT-FOR-US: Microsoft
CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in
/admin- ...)
- TODO: check
+ NOT-FOR-US: owl-admin
CVE-2025-28056 (rebuild v3.9.0 through v3.9.3 has a SQL injection
vulnerability in /ad ...)
TODO: check
CVE-2025-28055 (upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: upset-gal-web
CVE-2025-27696 (Improper Authorization vulnerability in Apache Superset allows
ownersh ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2025-27488 (Use of hard-coded credentials in Windows Hardware Lab Kit
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27468 (Improper privilege management in Windows Secure Kernel Mode
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27197 (Lightroom Desktop versions 8.2 and earlier are affected by an
out-of-b ...)
NOT-FOR-US: Adobe
CVE-2025-26685 (Improper authentication in Microsoft Defender for Identity
allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26684 (External control of file name or path in Microsoft Defender
for Endpoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26677 (Uncontrolled resource consumption in Remote Desktop Gateway
Service al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26390 (A vulnerability has been identified in OZW672 (All versions <
V6.0), O ...)
NOT-FOR-US: Siemens
CVE-2025-26389 (A vulnerability has been identified in OZW672 (All versions <
V8.0), O ...)
@@ -530,7 +530,7 @@ CVE-2025-26389 (A vulnerability has been identified in
OZW672 (All versions < V8
CVE-2025-24510 (A vulnerability has been identified in MS/TP Point Pickup
Module (All ...)
NOT-FOR-US: Siemens
CVE-2025-24063 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24009 (A vulnerability has been identified in SIRIUS 3RK3 Modular
Safety Syst ...)
NOT-FOR-US: Siemens
CVE-2025-24008 (A vulnerability has been identified in SIRIUS 3RK3 Modular
Safety Syst ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360c7c424d642f4aa859470bbe0bef43bff642c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360c7c424d642f4aa859470bbe0bef43bff642c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
