Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5fa7c1c9 by Salvatore Bonaccorso at 2025-04-09T17:00:03+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,145 +187,145 @@ CVE-2025-29986 (Dell Common Event Enabler, version(s)
CEE 9.0.0.0, contain(s) an
CVE-2025-29985 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s)
an Initi ...)
NOT-FOR-US: Dell / EMC
CVE-2025-29824 (Use after free in Windows Common Log File System Driver allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29823 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29822 (Incomplete list of disallowed inputs in Microsoft Office
OneNote allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29821 (Improper input validation in Dynamics Business Central allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29820 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29819 (External control of file name or path in Azure Portal Windows
Admin Ce ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29816 (Improper input validation in Microsoft Office Word allows an
unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29812 (Untrusted pointer dereference in Windows Kernel Memory allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29811 (Improper input validation in Windows Mobile Broadband allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29810 (Improper access control in Active Directory Domain Services
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29809 (Insecure storage of sensitive information in Windows Kerberos
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29808 (Use of a cryptographic primitive with a risky implementation
in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29805 (Exposure of sensitive information to an unauthorized actor in
Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29804 (Improper access control in Visual Studio allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29802 (Improper access control in Visual Studio allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29801 (Incorrect default permissions in Microsoft AutoUpdate (MAU)
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29800 (Improper privilege management in Microsoft AutoUpdate (MAU)
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29794 (Improper authorization in Microsoft Office SharePoint allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29793 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29792 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-29791 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27752 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27751 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27750 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27749 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27748 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27747 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27746 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27745 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27744 (Improper access control in Microsoft Office allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27743 (Untrusted search path in System Center allows an authorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27742 (Out-of-bounds read in Windows NTFS allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27741 (Out-of-bounds read in Windows NTFS allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27740 (Weak authentication in Windows Active Directory Certificate
Services a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27739 (Untrusted pointer dereference in Windows Kernel allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27738 (Improper access control in Windows Resilient File System
(ReFS) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27737 (Improper input validation in Windows Security Zone Mapping
allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27736 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27735 (Insufficient verification of data authenticity in Windows
Virtualizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27733 (Out-of-bounds read in Windows NTFS allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27732 (Sensitive data storage in improperly locked memory in Windows
Win32K - ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27731 (Improper input validation in OpenSSH for Windows allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27730 (Use after free in Windows Digital Media allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27729 (Use after free in Windows Shell allows an unauthorized
attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27728 (Out-of-bounds read in Windows Kernel-Mode Drivers allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27727 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27492 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27491 (Use after free in Windows Hyper-V allows an authorized
attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27490 (Heap-based buffer overflow in Windows Bluetooth Service allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27489 (Improper input validation in Azure Local allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27487 (Heap-based buffer overflow in Remote Desktop Client allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27486 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27485 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27484 (Sensitive data storage in improperly locked memory in Windows
Universa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27483 (Out-of-bounds read in Windows NTFS allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27482 (Sensitive data storage in improperly locked memory in Remote
Desktop G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27481 (Stack-based buffer overflow in Windows Telephony Service
allows an una ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27480 (Use after free in Remote Desktop Gateway Service allows an
unauthorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27479 (Insufficient resource pool in Windows Kerberos allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27478 (Heap-based buffer overflow in Windows Local Security Authority
(LSA) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27477 (Heap-based buffer overflow in Windows Telephony Service allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27476 (Use after free in Windows Digital Media allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27475 (Sensitive data storage in improperly locked memory in Windows
Update S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27474 (Use of uninitialized resource in Windows Routing and Remote
Access Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27473 (Uncontrolled resource consumption in Windows HTTP.sys allows
an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27472 (Protection mechanism failure in Windows Mark of the Web (MOTW)
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27471 (Sensitive data storage in improperly locked memory in
Microsoft Stream ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27470 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27469 (Uncontrolled resource consumption in Windows LDAP -
Lightweight Direct ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27467 (Use after free in Windows Digital Media allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-27443 (Insecure default variable initialization in some Zoom
Workplace Apps f ...)
NOT-FOR-US: Zoom
CVE-2025-27442 (Cross site scripting in some Zoom Workplace Apps may allow an
unauthen ...)
@@ -379,75 +379,75 @@ CVE-2025-27079 (A vulnerability in the file creation
process on the command line
CVE-2025-27078 (A vulnerability in a system binary of AOS-8 Instant and AOS-10
AP coul ...)
NOT-FOR-US: HPE
CVE-2025-26688 (Stack-based buffer overflow in Microsoft Virtual Hard Drive
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26687 (Use after free in Windows Win32K - GRFX allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26686 (Sensitive data storage in improperly locked memory in Windows
TCP/IP a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26682 (Allocation of resources without limits or throttling in
ASP.NET Core a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26681 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26680 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26679 (Use after free in RPC Endpoint Mapper Service allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26678 (Improper access control in Windows Defender Application
Control (WDAC) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26676 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26675 (Out-of-bounds read in Windows Subsystem for Linux allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26674 (Heap-based buffer overflow in Windows Media allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26673 (Uncontrolled resource consumption in Windows LDAP -
Lightweight Direct ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26672 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26671 (Use after free in Windows Remote Desktop Services allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26670 (Use after free in Windows LDAP - Lightweight Directory Access
Protocol ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26669 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26668 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26667 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26666 (Heap-based buffer overflow in Windows Media allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26665 (Sensitive data storage in improperly locked memory in Windows
upnphost ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26664 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26663 (Use after free in Windows LDAP - Lightweight Directory Access
Protocol ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26652 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26651 (Exposed dangerous method or function in Windows Local Session
Manager ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26649 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26648 (Sensitive data storage in improperly locked memory in Windows
Kernel a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26647 (Improper input validation in Windows Kerberos allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26644 (Automated recognition mechanism with inadequate detection or
handling ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26642 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26641 (Uncontrolled resource consumption in Windows Cryptographic
Services al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26640 (Use after free in Windows Digital Media allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26639 (Integer overflow or wraparound in Windows USB Print Driver
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26637 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26635 (Weak authentication in Windows Hello allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-26628 (Insufficiently protected credentials in Azure Local Cluster
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-25254 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
NOT-FOR-US: Fortinet
CVE-2025-25227 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
@@ -455,17 +455,17 @@ CVE-2025-25227 (Insufficient state checks lead to a
vector that allows to bypass
CVE-2025-25226 (Improper handling of identifiers lead to a SQL injection
vulnerability ...)
NOT-FOR-US: Joomla
CVE-2025-25002 (Insertion of sensitive information into log file in Azure
Local Cluste ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24074 (Improper input validation in Windows DWM Core Library allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24073 (Improper input validation in Windows DWM Core Library allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24062 (Improper input validation in Windows DWM Core Library allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24060 (Improper input validation in Windows DWM Core Library allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24058 (Improper input validation in Windows DWM Core Library allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-22855 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Fortinet
CVE-2025-22466 (Reflected XSS in Ivanti Endpoint Manager before version 2024
SU1 or be ...)
@@ -481,21 +481,21 @@ CVE-2025-22459 (Improper certificate validation in Ivanti
Endpoint Manager befor
CVE-2025-22458 (DLL hijacking in Ivanti Endpoint Manager before version 2024
SU1 or be ...)
NOT-FOR-US: Ivanti
CVE-2025-21222 (Heap-based buffer overflow in Windows Telephony Service allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21221 (Heap-based buffer overflow in Windows Telephony Service allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21205 (Heap-based buffer overflow in Windows Telephony Service allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21204 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21203 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21197 (Improper access control in Windows NTFS allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21191 (Time-of-check time-of-use (toctou) race condition in Windows
Local Sec ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21174 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-1095 (IBM Personal Communications v14 and v15 include a Windows
service that ...)
NOT-FOR-US: IBM
CVE-2024-54092 (A vulnerability has been identified in Industrial Edge Device
Kit - ar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa7c1c93f0036986787a0d436d652bc7b2f6702
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa7c1c93f0036986787a0d436d652bc7b2f6702
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
