[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 14 May 2025 01:12:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3b1d8d9f by security tracker role at 2025-05-14T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2025-4668
+       REJECTED
+CVE-2025-4574 (In crossbeam-channel rust crate, the internal `Channel` type's 
`Drop`  ...)
+       TODO: check
+CVE-2025-4520 (The Uncanny Automator plugin for WordPress is vulnerable to 
unauthoriz ...)
+       TODO: check
+CVE-2025-47905 (Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish 
Enterpris ...)
+       TODO: check
+CVE-2025-47899
+       REJECTED
+CVE-2025-47898
+       REJECTED
+CVE-2025-47897
+       REJECTED
+CVE-2025-47896
+       REJECTED
+CVE-2025-47895
+       REJECTED
+CVE-2025-47894
+       REJECTED
+CVE-2025-47893
+       REJECTED
+CVE-2025-47892
+       REJECTED
+CVE-2025-47891
+       REJECTED
+CVE-2025-43572 (Dimension versions 4.1.2 and earlier are affected by an 
out-of-bounds  ...)
+       TODO: check
+CVE-2025-43571 (Substance3D - Stager versions 3.1.1 and earlier are affected 
by a Use  ...)
+       TODO: check
+CVE-2025-43570 (Substance3D - Stager versions 3.1.1 and earlier are affected 
by a Use  ...)
+       TODO: check
+CVE-2025-43569 (Substance3D - Stager versions 3.1.1 and earlier are affected 
by an out ...)
+       TODO: check
+CVE-2025-43568 (Substance3D - Stager versions 3.1.1 and earlier are affected 
by a Use  ...)
+       TODO: check
+CVE-2025-43567 (Adobe Connect versions 12.8 and earlier are affected by a 
reflected Cr ...)
+       TODO: check
+CVE-2025-43566 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43565 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43564 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43563 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43562 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43561 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43560 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43559 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
+       TODO: check
+CVE-2025-43554 (Substance3D - Modeler versions 1.21.0 and earlier are affected 
by an o ...)
+       TODO: check
+CVE-2025-43553 (Substance3D - Modeler versions 1.21.0 and earlier are affected 
by an U ...)
+       TODO: check
+CVE-2025-43551 (Substance3D - Stager versions 3.1.1 and earlier are affected 
by an out ...)
+       TODO: check
+CVE-2025-43549 (Substance3D - Stager versions 3.1.1 and earlier are affected 
by a Use  ...)
+       TODO: check
+CVE-2025-43548 (Dimension versions 4.1.2 and earlier are affected by an 
out-of-bounds  ...)
+       TODO: check
+CVE-2025-3623 (The Uncanny Automator plugin for WordPress is vulnerable to PHP 
Object ...)
+       TODO: check
+CVE-2025-30316 (Adobe Connect versions 12.8 and earlier are affected by a 
stored Cross ...)
+       TODO: check
+CVE-2025-30315 (Adobe Connect versions 12.8 and earlier are affected by a 
stored Cross ...)
+       TODO: check
+CVE-2025-30314 (Adobe Connect versions 12.8 and earlier are affected by a 
stored Cross ...)
+       TODO: check
+CVE-2025-26646 (External control of file name or path in .NET, Visual Studio, 
and Buil ...)
+       TODO: check
+CVE-2025-24308 (Improper input validation in the UEFI firmware error handler 
for the I ...)
+       TODO: check
+CVE-2025-23233 (Incorrect execution-assigned permissions for some Edge 
Orchestrator so ...)
+       TODO: check
+CVE-2025-22895 (Exposure of sensitive information to an unauthorized actor for 
some Ed ...)
+       TODO: check
+CVE-2025-22892 (Uncontrolled resource consumption for some OpenVINO\u2122 
model server ...)
+       TODO: check
+CVE-2025-22848 (Improper conditions check for some Edge Orchestrator software 
for Inte ...)
+       TODO: check
+CVE-2025-22844 (Improper access control for some Edge Orchestrator software 
for Intel( ...)
+       TODO: check
+CVE-2025-22843 (Incorrect execution-assigned permissions for some Edge 
Orchestrator so ...)
+       TODO: check
+CVE-2025-22448 (Insecure inherited permissions for some Intel(R) Simics(R) 
Package Man ...)
+       TODO: check
+CVE-2025-22446 (Inadequate encryption strength for some Edge Orchestrator 
software for ...)
+       TODO: check
+CVE-2025-21100 (Improper initialization in the UEFI firmware for the Intel(R) 
Server D ...)
+       TODO: check
+CVE-2025-21099 (Uncontrolled search path for some Intel(R) Graphics software 
may allow ...)
+       TODO: check
+CVE-2025-21094 (Improper input validation in the UEFI firmware DXE module for 
the Inte ...)
+       TODO: check
+CVE-2025-21081 (Protection mechanism failure for some Edge Orchestrator 
software for I ...)
+       TODO: check
+CVE-2025-20629 (Insecure inherited permissions in the NVM Update Utility for 
some Inte ...)
+       TODO: check
+CVE-2025-20624 (Exposure of sensitive information to an unauthorized actor for 
some Ed ...)
+       TODO: check
+CVE-2025-20618 (Stack-based buffer overflow for some Intel(R) PROSet/Wireless 
WiFi Sof ...)
+       TODO: check
+CVE-2025-20616 (Uncontrolled resource consumption for some Edge Orchestrator 
software  ...)
+       TODO: check
+CVE-2025-20612 (Incorrect execution-assigned permissions for some Edge 
Orchestrator so ...)
+       TODO: check
+CVE-2025-20611 (Exposure of sensitive information to an unauthorized actor for 
some Ed ...)
+       TODO: check
+CVE-2025-20108 (Uncontrolled search path element for some Intel(R) Network 
Adapter Dri ...)
+       TODO: check
+CVE-2025-20104 (Race condition in some Administrative Tools for some Intel(R) 
Network  ...)
+       TODO: check
+CVE-2025-20101 (Out-of-bounds read for some Intel(R) Graphics Drivers may 
allow an aut ...)
+       TODO: check
+CVE-2025-20100 (Improper access control in the memory controller 
configurations for so ...)
+       TODO: check
+CVE-2025-20095 (Incorrect Default Permissions for some Intel(R) 
RealSense\u2122 SDK so ...)
+       TODO: check
+CVE-2025-20084 (Uncontrolled resource consumption for some Edge Orchestrator 
software  ...)
+       TODO: check
+CVE-2025-20083 (Improper authentication in the firmware for the Intel(R) Slim 
Bootload ...)
+       TODO: check
+CVE-2025-20082 (Time-of-check time-of-use race condition in the UEFI firmware 
SmiVaria ...)
+       TODO: check
+CVE-2025-20079 (Uncontrolled search path for some Intel(R) Advisor software 
may allow  ...)
+       TODO: check
+CVE-2025-20076 (Improper access control for some Edge Orchestrator software 
for Intel( ...)
+       TODO: check
+CVE-2025-20071 (NULL pointer dereference for some Intel(R) Graphics Drivers 
may allow  ...)
+       TODO: check
+CVE-2025-20062 (Use after free for some Intel(R) PROSet/Wireless WiFi Software 
for Win ...)
+       TODO: check
+CVE-2025-20057 (Uncontrolled resource consumption for some Edge Orchestrator 
software  ...)
+       TODO: check
+CVE-2025-20052 (Improper access control for some Intel(R) Graphics software 
may allow  ...)
+       TODO: check
+CVE-2025-20047 (Improper locking in the Intel(R) Integrated Connectivity I/O 
interface ...)
+       TODO: check
+CVE-2025-20046 (Use after free for some Intel(R) PROSet/Wireless WiFi Software 
for Win ...)
+       TODO: check
+CVE-2025-20043 (Uncontrolled search path for some Intel(R) RealSense\u2122 SDK 
softwar ...)
+       TODO: check
+CVE-2025-20041 (Uncontrolled search path for some Intel(R) Graphics software 
for Intel ...)
+       TODO: check
+CVE-2025-20039 (Race condition for some Intel(R) PROSet/Wireless WiFi Software 
for Win ...)
+       TODO: check
+CVE-2025-20034 (Improper input validation in the BackupBiosUpdate UEFI 
firmware SmiVar ...)
+       TODO: check
+CVE-2025-20032 (Improper input validation for some Intel(R) PROSet/Wireless 
WiFi Softw ...)
+       TODO: check
+CVE-2025-20031 (Improper input validation for some Intel(R) Graphics Drivers 
may allow ...)
+       TODO: check
+CVE-2025-20030 (Exposure of sensitive information to an unauthorized actor for 
some Ed ...)
+       TODO: check
+CVE-2025-20026 (Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi 
Software for ...)
+       TODO: check
+CVE-2025-20022 (Insufficient control flow management for some Edge 
Orchestrator softwa ...)
+       TODO: check
+CVE-2025-20018 (Untrusted pointer dereference for some Intel(R) Graphics 
Drivers may a ...)
+       TODO: check
+CVE-2025-20015 (Uncontrolled search path element for some Intel(R) Ethernet 
Connection ...)
+       TODO: check
+CVE-2025-20013 (Exposure of sensitive information to an unauthorized actor for 
some Ed ...)
+       TODO: check
+CVE-2025-20009 (Improper input validation in the UEFI firmware GenerationSetup 
module  ...)
+       TODO: check
+CVE-2025-20008 (Insecure inherited permissions for some Intel(R) Simics(R) 
Package Man ...)
+       TODO: check
+CVE-2025-20006 (Use after free for some Intel(R) PROSet/Wireless WiFi Software 
for Win ...)
+       TODO: check
+CVE-2025-20004 (Insufficient control flow management in the Alias Checking 
Trusted Mod ...)
+       TODO: check
+CVE-2025-20003 (Improper link resolution before file access ('Link Following') 
for som ...)
+       TODO: check
+CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality, 
Incorrect ...)
+       TODO: check
+CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data 
analyti ...)
+       TODO: check
+CVE-2024-48869 (Improper restriction of software interfaces to hardware 
features for s ...)
+       TODO: check
+CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver 
software ma ...)
+       TODO: check
+CVE-2024-47795 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ 
Compiler s ...)
+       TODO: check
+CVE-2024-47550 (Incorrect default permissions for some Endurance Gaming Mode 
software  ...)
+       TODO: check
+CVE-2024-46895 (Uncontrolled search path for some Intel(R) Arc\u2122 &amp; 
Iris(R) Xe  ...)
+       TODO: check
+CVE-2024-45371 (Improper access control for some Intel(R) Arc\u2122 &amp; 
Iris(R) Xe g ...)
+       TODO: check
+CVE-2024-45333 (Improper access control for some Intel(R) Data Center GPU Flex 
Series  ...)
+       TODO: check
+CVE-2024-43101 (Improper access control for some Intel(R) Data Center GPU Flex 
Series  ...)
+       TODO: check
+CVE-2024-39833 (Uncontrolled search path for some Intel(R) QAT software before 
version ...)
+       TODO: check
+CVE-2024-39758 (Improper access control for some Intel(R) Arc\u2122 &amp; 
Iris(R) Xe g ...)
+       TODO: check
+CVE-2024-36292 (Improper buffer restrictions for some Intel(R) Data Center GPU 
Flex Se ...)
+       TODO: check
+CVE-2024-31150 (Out-of-bounds read for some Intel(R) Graphics Driver software 
may allo ...)
+       TODO: check
+CVE-2024-31073 (Uncontrolled search path for some Intel(R) oneAPI Level Zero 
software  ...)
+       TODO: check
+CVE-2024-29222 (Out-of-bounds write for some Intel(R) Graphics Driver software 
may all ...)
+       TODO: check
+CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics 
Driver instal ...)
+       TODO: check
+CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may 
allow an ...)
+       TODO: check
 CVE-2025-26864
        NOT-FOR-US: Apache IoTDB
 CVE-2025-26795
@@ -681,37 +895,37 @@ CVE-2024-55466 (An arbitrary file upload vulnerability in 
the Image Gallery of T
        NOT-FOR-US: ThingsBoard
 CVE-2023-34732 (An issue in the userId parameter in the change password 
function of Fl ...)
        NOT-FOR-US: Flytxt NEON-dX
-CVE-2025-20054
+CVE-2025-20054 (Uncaught exception in the core management mechanism for some 
Intel(R)  ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-20103
+CVE-2025-20103 (Insufficient resource pool in the core management mechanism 
for some I ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2024-45332
+CVE-2024-45332 (Exposure of sensitive information caused by shared 
microarchitectural  ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
        NOTE: 
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
        NOTE: https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
-CVE-2025-20623
+CVE-2025-20623 (Exposure of sensitive information caused by shared 
microarchitectural  ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2024-43420
+CVE-2024-43420 (Exposure of sensitive information caused by shared 
microarchitectural  ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-20012
+CVE-2025-20012 (Incorrect behavior order for some Intel(R) Core\u2122 Ultra 
Processors ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-24495
+CVE-2025-24495 (Incorrect initialization of resource in the branch prediction 
unit for ...)
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2024-28956 [x86: Indirect Target Selection]
+CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural 
Structu ...)
        - intel-microcode <unfixed> (bug #1105172)
        - linux <unfixed>
        - xen <unfixed> (bug #1105193)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1d8d9f8910a50e88bdaefb3ab83cfaed539e2d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1d8d9f8910a50e88bdaefb3ab83cfaed539e2d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to