Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e91f24b by Salvatore Bonaccorso at 2025-08-12T22:35:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2025-55167 (WeGIA is an open source web manager with a
focus on the Portugue
CVE-2025-55166 (savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version
0.22.0, th ...)
NOT-FOR-US: darylldoyle svg-sanitizer
CVE-2025-55164 (content-security-policy-parser parses content security policy
directiv ...)
- TODO: check
+ NOT-FOR-US: helmetjs/content-security-policy-parser
CVE-2025-55011 (Kanboard is project management software that focuses on the
Kanban met ...)
- kanboard <removed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55
@@ -41,11 +41,11 @@ CVE-2025-54864 (Hydra is a continuous integration service
for Nix based projects
CVE-2025-54800 (Hydra is a continuous integration service for Nix based
projects. Prio ...)
NOT-FOR-US: Hydra
CVE-2025-53793 (Improper authentication in Azure Stack allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53789 (Missing authentication for critical function in Windows
StateRepositor ...)
NOT-FOR-US: Microsoft
CVE-2025-53788 (Time-of-check time-of-use (toctou) race condition in Windows
Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53784 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
CVE-2025-53783 (Heap-based buffer overflow in Microsoft Teams allows an
unauthorized a ...)
@@ -57,193 +57,193 @@ CVE-2025-53779 (Relative path traversal in Windows
Kerberos allows an authorized
CVE-2025-53778 (Improper authentication in Windows NTLM allows an authorized
attacker ...)
NOT-FOR-US: Microsoft
CVE-2025-53773 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53772 (Deserialization of untrusted data in Web Deploy allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53769 (External control of file name or path in Windows Security App
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53766 (Heap-based buffer overflow in Windows GDI+ allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53765 (Exposure of private personal information to an unauthorized
actor in A ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53761 (Use after free in Microsoft Office PowerPoint allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53760 (Server-side request forgery (ssrf) in Microsoft Office
SharePoint allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53759 (Use of uninitialized resource in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53744 (An incorrect privilege assignment vulnerability [CWE-266] in
FortiOS S ...)
NOT-FOR-US: Fortinet
CVE-2025-53741 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53740 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53739 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53738 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53737 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53736 (Buffer over-read in Microsoft Office Word allows an
unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53735 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53734 (Use after free in Microsoft Office Visio allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53733 (Incorrect conversion between numeric types in Microsoft Office
Word al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53732 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53731 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53730 (Use after free in Microsoft Office Visio allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53729 (Improper access control in Azure File Sync allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53728 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53727 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53726 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53725 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53724 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53723 (Numeric truncation error in Windows Hyper-V allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53722 (Uncontrolled resource consumption in Windows Remote Desktop
Services a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53721 (Use after free in Windows Connected Devices Platform Service
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53720 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53719 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53718 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53716 (Null pointer dereference in Windows Local Security Authority
Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53156 (Exposure of sensitive information to an unauthorized actor in
Storage ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53155 (Heap-based buffer overflow in Windows Hyper-V allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53154 (Null pointer dereference in Windows Ancillary Function Driver
for WinS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53153 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53152 (Use after free in Desktop Windows Manager allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53151 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53149 (Heap-based buffer overflow in Kernel Streaming WOW Thunk
Service Drive ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53148 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53147 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53145 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53144 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53143 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53142 (Use after free in Microsoft Brokering File System allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53141 (Null pointer dereference in Windows Ancillary Function Driver
for WinS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53140 (Use after free in Kernel Transaction Manager allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53138 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53137 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53136 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53135 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53134 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53133 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53132 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53131 (Heap-based buffer overflow in Windows Media allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-52970 (A improper handling of parameters in Fortinet FortiWeb
versions 7.6.3 ...)
NOT-FOR-US: Fortinet
CVE-2025-50177 (Use after free in Windows Message Queuing allows an
unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50176 (Access of resource using incompatible type ('type confusion')
in Graph ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50173 (Weak authentication in Windows Installer allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50172 (Allocation of resources without limits or throttling in
Windows Direct ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50171 (Missing authorization in Remote Desktop Server allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50170 (Improper handling of insufficient permissions or privileges in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50169 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50168 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50167 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50166 (Integer overflow or wraparound in Windows Distributed
Transaction Coor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50165 (Untrusted pointer dereference in Microsoft Graphics Component
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50164 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50163 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50162 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50161 (Heap-based buffer overflow in Windows Win32K - GRFX allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50160 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50159 (Use after free in Remote Access Point-to-Point Protocol (PPP)
EAP-TLS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50158 (Time-of-check time-of-use (toctou) race condition in Windows
NTFS allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50157 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50156 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50155 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50154 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50153 (Use after free in Desktop Windows Manager allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49813 (An improper neutralization of special elements used in an OS
Command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-49762 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49761 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49759 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49758 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49757 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49755 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49751 (Missing synchronization in Windows Hyper-V allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49745 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49743 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49736 (The ui performs the wrong action in Microsoft Edge for Android
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49712 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49707 (Improper access control in Azure Virtual Machines allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49569 (Substance3D - Viewer versions 0.25 and earlier are affected by
an out- ...)
NOT-FOR-US: Adobe
CVE-2025-49568 (Illustrator versions 28.7.8, 29.6.1 and earlier are affected
by a Use ...)
@@ -269,9 +269,9 @@ CVE-2025-49555 (Adobe Commerce versions 2.4.9-alpha1,
2.4.8-p1, 2.4.7-p6, 2.4.6-
CVE-2025-49554 (Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6,
2.4.6-p11, 2 ...)
NOT-FOR-US: Adobe
CVE-2025-48807 (Improper restriction of communication channel to intended
endpoints in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47954 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47857 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: Fortinet
CVE-2025-43736 (A Denial Of Service via File Upload (DOS) vulnerability in the
Liferay ...)
@@ -321,7 +321,7 @@ CVE-2025-36124 (IBM WebSphere Application Server Liberty
17.0.0.3 through 25.0.0
CVE-2025-36000 (IBM WebSphere Application Server Liberty 17.0.0.3 through
25.0.0.8 i ...)
NOT-FOR-US: IBM
CVE-2025-33051 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-33023 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
NOT-FOR-US: Siemens
CVE-2025-32932 (An Improper neutralization of input during web page generation
('cross ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e91f24b1d9325158e126ac263b9f556e539135a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e91f24b1d9325158e126ac263b9f556e539135a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
