Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c349d0ca by Salvatore Bonaccorso at 2025-08-12T23:02:31+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -333,7 +333,7 @@ CVE-2025-32086 (Improperly implemented security check for
standard in the DDRIO
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-32004 (Improper input validation in the Intel Edger8r Tool for some
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-30034 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
NOT-FOR-US: Siemens
CVE-2025-30033 (The affected setup component is vulnerable to DLL hijacking.
This coul ...)
@@ -341,27 +341,27 @@ CVE-2025-30033 (The affected setup component is
vulnerable to DLL hijacking. Thi
CVE-2025-27759 (An improper neutralization of special elements used in an OS
command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-27717 (Uncontrolled search path for some Intel(R) Graphics Driver
software ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27707 (Exposure of sensitive information to an unauthorized actor for
some Ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27576 (Uncontrolled resource consumption for some Edge Orchestrator
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27559 (Incorrect default permissions for some AI Playground software
before v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27537 (Improper input validation for some Edge Orchestrator software
before v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-27250 (Uncontrolled resource consumption for some Edge Orchestrator
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26863 (Uncontrolled resource consumption in the Linux kernel-mode
driver for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26697 (Uncontrolled resource consumption in the Linux kernel-mode
driver for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26472 (Uncontrolled resource consumption for some Edge Orchestrator
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26470 (Incorrect default permissions for some Intel(R) Distribution
for Pytho ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26404 (Uncontrolled search path for some Intel(R) DSA software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R)
Xeon(R) ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
@@ -369,67 +369,67 @@ CVE-2025-26403 (Out-of-bounds write in the memory
subsystem for some Intel(R) Xe
CVE-2025-26398 (SolarWinds Database Performance Analyzer was found to contain
a hard-c ...)
NOT-FOR-US: SolarWinds
CVE-2025-25273 (Insufficient control flow management in the Linux kernel-mode
driver f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-25256 (An improper neutralization of special elements used in an OS
command ( ...)
NOT-FOR-US: Fortinet
CVE-2025-25248 (AnInteger Overflow or Wraparound vulnerability [CWE-190] in
FortiOS ve ...)
NOT-FOR-US: Fortinet
CVE-2025-25007 (Improper validation of syntactic correctness of input in
Microsoft Exc ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25006 (Improper handling of additional special element in Microsoft
Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25005 (Improper input validation in Microsoft Exchange Server allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24999 (Improper access control in SQL Server allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24923 (Uncontrolled search path in some Intel(R) AI for Enterprise
Retrieval- ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24921 (Improper neutralization for some Edge Orchestrator software
before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24840 (Improper access control for some Edge Orchestrator software
before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24835 (Protection mechanism failure in the Intel(R) Graphics Driver
for the I ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24523 (Protection mechanism failure for some Edge Orchestrator
software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24520 (Insertion of sensitive information into log file for some
Intel(R) Loc ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24515 (NULL pointer dereference for some Intel(R) Graphics Drivers
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24511 (Improper initialization in the Linux kernel-mode driver for
some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24486 (Improper input validation in the Linux kernel-mode driver for
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24484 (Improper input validation in the Linux kernel-mode driver for
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24325 (Improper input validation in the Linux kernel-mode driver for
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24324 (Integer overflow or wraparound in the Linux kernel-mode driver
for som ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24323 (Improper access control in some firmware package and LED mode
toggle t ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24313 (Improper access control for some Device Plugins for Kubernetes
softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24305 (Insufficient control flow management in the Alias Checking
Trusted Mod ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-24303 (Improper check for unusual or exceptional conditions in the
Linux kern ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24302 (Uncontrolled recursion for some TinyCBOR libraries maintained
by Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-24296 (Improper input validation in some firmware for the Intel(R)
E810 Ether ...)
NOT-FOR-US: Intel
CVE-2025-23241 (Integer overflow or wraparound in the Linux kernel-mode driver
for som ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode
driver f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22889 (Improper handling of overlap between protected memory ranges
for some ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22853 (Improper synchronization in the firmware for some Intel(R) TDX
may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22840 (Sequence of processor instructions leads to unexpected
behavior for so ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html
@@ -439,9 +439,9 @@ CVE-2025-22839 (Insufficient granularity of access control
in the OOB-MSM for so
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22838 (Uncontrolled search path for some Intel(R) RealSense(TM)
Dynamic Calib ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22836 (Integer overflow or wraparound in the Linux kernel-mode driver
for som ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-22834 (AMI APTIOV contains a vulnerability in BIOS where a user may
cause \u2 ...)
NOT-FOR-US: AMI
CVE-2025-22830 (APTIOV contains a vulnerability in BIOS where a skilled user
may cause ...)
@@ -449,37 +449,37 @@ CVE-2025-22830 (APTIOV contains a vulnerability in BIOS
where a skilled user may
CVE-2025-22392 (Out-of-bounds read in firmware for some Intel(R) AMT and
Intel(R) Stan ...)
NOT-FOR-US: Intel
CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R)
TDX may ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver
& Suppor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21090 (Missing reference to active allocated resource for some
Intel(R) Xeon( ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-21086 (Improper input validation in the Linux kernel-mode driver for
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20627 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++
Compiler s ...)
NOT-FOR-US: Intel
CVE-2025-20625 (Improper conditions check for some Intel(R) PROSet/Wireless
WiFi Softw ...)
NOT-FOR-US: Intel
CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in
the firmw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache
mechani ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-20099 (Improper access control for some Intel(R) Rapid Storage
Technology ins ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20093 (Improper check for unusual or exceptional conditions in the
Linux kern ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20092 (Uncontrolled search path for some Clock Jitter Tool software
before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20090 (Untrusted Pointer Dereference for some Intel(R) QuickAssist
Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20087 (Incorrect default permissions for some Intel(R) oneAPI
DPC++/C++ Compi ...)
NOT-FOR-US: Intel
CVE-2025-20077 (Missing release of memory after effective lifetime in the UEFI
OobRasM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20074 (Time-of-check Time-of-use race condition for some Intel(R)
Connectivit ...)
NOT-FOR-US: Intel
CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R)
CSME and I ...)
@@ -495,9 +495,9 @@ CVE-2025-20044 (Improper locking for some Intel(R) TDX
Module firmware before ve
CVE-2025-20037 (Time-of-check time-of-use race condition in firmware for some
Intel(R) ...)
NOT-FOR-US: Intel
CVE-2025-20025 (Uncontrolled recursion for some TinyCBOR libraries maintained
by Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20023 (Incorrect default permissions for some Intel(R) Graphics
Driver softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20017 (Uncontrolled search path for some Intel(R) oneAPI Toolkit and
componen ...)
NOT-FOR-US: Intel
CVE-2024-54678 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c349d0caaa94f322cab496582639acf95eef0edc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c349d0caaa94f322cab496582639acf95eef0edc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
