[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 12 16:17:20 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ff806a0 by Moritz Muehlenhoff at 2023-04-12T17:16:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalat ...)
- TODO: check
+ NOT-FOR-US: CubeFS
CVE-2023-30511
RESERVED
CVE-2023-30510
@@ -6292,9 +6292,9 @@ CVE-2023-28294
CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-28292 (Raw Image Extension Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28291 (Raw Image Extension Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28290
RESERVED
CVE-2023-28289
@@ -6382,69 +6382,69 @@ CVE-2023-28249 (Windows Boot Manager Security Feature Bypass Vulnerability ...)
CVE-2023-28248 (Windows Kernel Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-28247 (Windows Network File System Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28246 (Windows Registry Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28245
RESERVED
CVE-2023-28244 (Windows Kerberos Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28243 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28242
RESERVED
CVE-2023-28241 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28240 (Windows Network Load Balancing Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28239
RESERVED
CVE-2023-28238 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28237 (Windows Kernel Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28236 (Windows Kernel Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28235 (Windows Lock Screen Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28234 (Windows Secure Channel Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28233 (Windows Secure Channel Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28232 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28231 (DHCP Server Service Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28230
RESERVED
CVE-2023-28229 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28228 (Windows Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28227 (Windows Bluetooth Driver Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28226 (Windows Enroll Engine Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28225 (Windows NTLM Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28224 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28223 (Windows Domain Name Service Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28222 (Windows Kernel Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28221 (Windows Error Reporting Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28220 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28219 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28218 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28217 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28216 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-27917 (OS command injection vulnerability in CONPROSYS IoT Gateway products a ...)
NOT-FOR-US: CONPROSYS IoT Gateway products
CVE-2023-27389 (Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway ...)
@@ -11952,7 +11952,7 @@ CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authentica
CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...)
NOT-FOR-US: UBIKA WAAP Gateway/Cloud
CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hi ...)
- TODO: check
+ NOT-FOR-US: OXID eShop
CVE-2023-26259
RESERVED
CVE-2023-26258
@@ -14644,23 +14644,23 @@ CVE-2023-25417
CVE-2023-25416
RESERVED
CVE-2023-25415 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The dev ...)
- TODO: check
+ NOT-FOR-US: Aten
CVE-2023-25414 (Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). ...)
- TODO: check
+ NOT-FOR-US: Aten
CVE-2023-25413 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The dev ...)
- TODO: check
+ NOT-FOR-US: Aten
CVE-2023-25412
RESERVED
CVE-2023-25411 (Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: Aten
CVE-2023-25410
RESERVED
CVE-2023-25409 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restric ...)
- TODO: check
+ NOT-FOR-US: Aten
CVE-2023-25408
RESERVED
CVE-2023-25407 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restric ...)
- TODO: check
+ NOT-FOR-US: Aten
CVE-2023-25406
RESERVED
CVE-2023-25405
@@ -14690,7 +14690,7 @@ CVE-2023-25394
CVE-2023-25393
RESERVED
CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate ...)
- TODO: check
+ NOT-FOR-US: Allegro Tech BigFlow
CVE-2023-25391
RESERVED
CVE-2023-25390
@@ -15866,7 +15866,7 @@ CVE-2023-24937
CVE-2023-24936
RESERVED
CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24934
RESERVED
CVE-2023-24933
@@ -15874,21 +15874,21 @@ CVE-2023-24933
CVE-2023-24932
RESERVED
CVE-2023-24931 (Windows Secure Channel Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24930 (Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-24929 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24928 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24927 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24926 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24925 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24924 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24923 (Microsoft OneDrive for Android Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-24922 (Microsoft Dynamics 365 Information Disclosure Vulnerability ...)
@@ -15908,11 +15908,11 @@ CVE-2023-24916
CVE-2023-24915
RESERVED
CVE-2023-24914 (Win32k Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24913 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
NOT-FOR-US: Microsoft
CVE-2023-24912 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24911 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
NOT-FOR-US: Microsoft
CVE-2023-24910 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
@@ -15950,7 +15950,7 @@ CVE-2023-24895
CVE-2023-24894
RESERVED
CVE-2023-24893 (Visual Studio Code Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24892 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-24891 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
@@ -15962,15 +15962,15 @@ CVE-2023-24889
CVE-2023-24888
RESERVED
CVE-2023-24887 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24886 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24885 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24884 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24883 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24882 (Microsoft OneDrive for Android Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-24881
@@ -16016,7 +16016,7 @@ CVE-2023-24862 (Windows Secure Channel Denial of Service Vulnerability ...)
CVE-2023-24861 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-24860 (Microsoft Defender Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24859 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
NOT-FOR-US: Microsoft
CVE-2023-24858 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
@@ -16450,7 +16450,7 @@ CVE-2023-24723
CVE-2023-24722
RESERVED
CVE-2023-24721 (A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1. ...)
- TODO: check
+ NOT-FOR-US: LiveAction LiveSP
CVE-2023-24720 (An arbitrary file upload vulnerability in readium-js v0.32.0 allows at ...)
NOT-FOR-US: readium-js
CVE-2023-24719
@@ -19923,7 +19923,7 @@ CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as cr
CVE-2015-10040 (A vulnerability was found in gitlearn. It has been declared as problem ...)
NOT-FOR-US: gitlearn
CVE-2023-23588 (A vulnerability has been identified in SIMATIC IPC1047 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-23587
RESERVED
CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible to le ...)
@@ -20515,7 +20515,7 @@ CVE-2023-23386
CVE-2023-23385 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Pri ...)
NOT-FOR-US: Microsoft
CVE-2023-23384 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-23383 (Service Fabric Explorer Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-23382 (Azure Machine Learning Compute Instance Information Disclosure Vulnera ...)
@@ -20533,7 +20533,7 @@ CVE-2023-23377 (3D Builder Remote Code Execution Vulnerability ...)
CVE-2023-23376 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2023-23375 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-23373
@@ -20750,7 +20750,7 @@ CVE-2023-23279 (Canteen Management System 1.0 is vulnerable to SQL Injection via
CVE-2023-23278
RESERVED
CVE-2023-23277 (Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote ...)
- TODO: check
+ NOT-FOR-US: Snippet-box
CVE-2023-23276
RESERVED
CVE-2023-23275
@@ -22490,7 +22490,7 @@ CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandle
NOTE: https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
NOTE: https://www.openwall.com/lists/oss-security/2023/01/19/1
CVE-2023-22808 (An issue was discovered in the Arm Android Gralloc Module. A non-privi ...)
- TODO: check
+ NOT-FOR-US: Arm Android Gralloc Module
CVE-2023-22663
RESERVED
CVE-2023-22448
@@ -22969,9 +22969,9 @@ CVE-2023-22644
CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
NOT-FOR-US: SAP
CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-22640
RESERVED
CVE-2023-22639
@@ -22983,7 +22983,7 @@ CVE-2023-22637
CVE-2023-22636 (An unauthorized configuration download vulnerability in FortiWeb 6.3.6 ...)
NOT-FOR-US: Fortinet
CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-494] in ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-22634
RESERVED
CVE-2023-22633
@@ -23167,13 +23167,13 @@ CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in P
CVE-2023-22616
RESERVED
CVE-2023-22615 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2023-22614 (An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kern ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2023-22613 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2023-22612 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that could caus ...)
@@ -24494,7 +24494,7 @@ CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-
CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...)
- web2py <removed>
CVE-2023-22429 (Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Android App 'Wolt Delivery: Food and more'
CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function ...)
NOT-FOR-US: SHIRASAGI
CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
@@ -27605,17 +27605,17 @@ CVE-2022-47470
CVE-2022-47469
RESERVED
CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47466 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47465 (In vdsp service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47464 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47463 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47462 (In telephone service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47461 (In telephone service, there is a missing permission check. This could ...)
@@ -27865,7 +27865,7 @@ CVE-2023-21771 (Windows Local Session Manager (LSM) Elevation of Privilege Vulne
CVE-2023-21770
RESERVED
CVE-2023-21769 (Microsoft Message Queuing Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21768 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
NOT-FOR-US: Microsoft
CVE-2023-21767 (Windows Overlay Filter Elevation of Privilege Vulnerability. ...)
@@ -27945,11 +27945,11 @@ CVE-2023-21731
CVE-2023-21730 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21729 (Remote Procedure Call Runtime Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21728 (Windows Netlogon Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21727 (Remote Procedure Call Runtime Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21726 (Windows Credential Manager User Interface Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
CVE-2023-21725 (Windows Malicious Software Removal Tool Elevation of Privilege Vulnera ...)
@@ -28202,7 +28202,7 @@ CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a
CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: Unisoc
CVE-2022-47362 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...)
@@ -28250,13 +28250,13 @@ CVE-2022-47340
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...)
NOT-FOR-US: Unisoc
CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47337 (In media service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47336 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47334
RESERVED
CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
@@ -29991,9 +29991,9 @@ CVE-2022-46719
CVE-2022-46718
RESERVED
CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46715
RESERVED
CVE-2022-46714
@@ -30007,7 +30007,7 @@ CVE-2022-46711
CVE-2022-46710
RESERVED
CVE-2022-46709 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46708
RESERVED
CVE-2022-46707
@@ -30019,7 +30019,7 @@ CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was
CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2022-46703 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46702 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...)
@@ -30791,7 +30791,7 @@ CVE-2022-46398
CVE-2022-46397 (FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, ...)
NOT-FOR-US: FD.io VPP (Vector Packet Processor) IPSec
CVE-2022-46396 (An issue was discovered in the Arm Mali Kernel Driver. A non-privilege ...)
- TODO: check
+ NOT-FOR-US: Arm Mali
CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
NOT-FOR-US: Arm Mali
CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
@@ -31057,7 +31057,7 @@ CVE-2023-21556 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution
CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2023-21554 (Microsoft Message Queuing Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21553 (Azure DevOps Server Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
@@ -40701,25 +40701,25 @@ CVE-2022-43957
CVE-2022-43956
RESERVED
CVE-2022-43955 (An improper neutralization of input during web page generation [CWE-79 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
NOT-FOR-US: Fortinet
CVE-2022-43953
RESERVED
CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43950
RESERVED
CVE-2022-43949
RESERVED
CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43947 (An improper restriction of excessive authentication attempts vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43946 (Multiple vulnerabilities including an incorrect permission assignment ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-3727
RESERVED
CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...)
@@ -41131,13 +41131,13 @@ CVE-2022-43772 (Hitachi Vantara Pentaho Business Analytics Server versions befor
CVE-2022-43771 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
NOT-FOR-US: Hitachi
CVE-2022-43770 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.3. ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
NOT-FOR-US: Hitachi
CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process correctly s ...)
@@ -41182,7 +41182,7 @@ CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when usi
CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...)
NOT-FOR-US: Sophos
CVE-2022-3695 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3693 (The File Management System developed by FileOrbis before version 10.6. ...)
@@ -41306,7 +41306,7 @@ CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content o
NOT-FOR-US: Apache Superset
NOTE: https://github.com/apache/superset/pull/21895
CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43715
RESERVED
CVE-2022-43714
@@ -42637,7 +42637,7 @@ CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the fu
CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was dis ...)
NOT-FOR-US: Tasmota
CVE-2022-43293 (Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitra ...)
- TODO: check
+ NOT-FOR-US: Wacom
CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -44009,7 +44009,7 @@ CVE-2022-42860
CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...)
NOT-FOR-US: Apple
CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42857
RESERVED
CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...)
@@ -44903,7 +44903,7 @@ CVE-2022-42481
CVE-2022-42478
RESERVED
CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
NOT-FOR-US: Fortinet
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...)
@@ -44917,9 +44917,9 @@ CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('ht
CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
NOT-FOR-US: FortiGuard
CVE-2022-42470 (A relative path traversal vulnerability in Fortinet FortiClient (Windo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-42469 (A permissive list of allowed inputs vulnerability [CWE-183] in FortiGa ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...)
{DSA-5384-1 DLA-3382-1}
[experimental] - openimageio 2.4.7.1+dfsg-1
@@ -46294,7 +46294,7 @@ CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly
CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-41976 (An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 buil ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
NOT-FOR-US: RealVNC
CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...)
@@ -48103,9 +48103,9 @@ CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in
CVE-2022-41332
RESERVED
CVE-2022-41331 (A missing authentication for critical function vulnerability [CWE-306] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41330 (An improper neutralization of input during web page generation vulnera ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
@@ -49666,13 +49666,13 @@ CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE
CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...)
NOT-FOR-US: Fortinet
CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40681
RESERVED
CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-40679 (An improper neutralization of special elements used in an OS command v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions ...)
NOT-FOR-US: Fortinet
CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
@@ -53791,7 +53791,7 @@ CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and
CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
- octoprint <itp> (bug #718591)
CVE-2022-39048 (ServiceNow Tokyo allows XSS. ...)
- TODO: check
+ NOT-FOR-US: ServiceNow Tokyo
CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...)
- glibc <not-affected> (Vulnerable code introduced later)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29536
@@ -55229,7 +55229,7 @@ CVE-2022-38606 (Garage Management System v1.0 was discovered to contain a SQL in
CVE-2022-38605 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Church Management System
CVE-2022-38604 (Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Wacom
CVE-2022-38603
RESERVED
CVE-2022-38602
@@ -58300,7 +58300,7 @@ CVE-2022-37464
CVE-2022-37463
RESERVED
CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget i ...)
- TODO: check
+ NOT-FOR-US: Upstream Works Agent Desktop for Cisco Finesse
CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...)
NOT-FOR-US: Canon Medical Vitrea View
CVE-2022-37460
@@ -59972,7 +59972,7 @@ CVE-2022-33145
CVE-2022-2562
RESERVED
CVE-2022-2561 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: QuickOPC
CVE-2022-2560 (This vulnerability allows remote attackers to delete arbitrary files o ...)
NOT-FOR-US: EnterpriseDT CompleteFTP Server
CVE-2022-2559 (The Fluent Support WordPress plugin before 1.5.8 does not properly san ...)
@@ -62781,7 +62781,7 @@ CVE-2022-35852
CVE-2022-35851 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-35849
RESERVED
CVE-2022-35848
@@ -70837,7 +70837,7 @@ CVE-2022-32873
CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2022-32871 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32870 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2022-32869
@@ -86720,11 +86720,11 @@ CVE-2022-27489 (A improper neutralization of special elements used in an os comm
CVE-2022-27488
RESERVED
CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-27486
RESERVED
CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...)
NOT-FOR-US: FortiGuard
CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
@@ -121448,7 +121448,7 @@ CVE-2021-41528
CVE-2021-41527
RESERVED
CVE-2021-41526 (A vulnerability has been reported in the windows installer (MSI) built ...)
- TODO: check
+ NOT-FOR-US: Flexera
CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
NOT-FOR-US: FlexNet
CVE-2021-3821 (A potential security vulnerability has been identified for certain HP ...)
@@ -133378,7 +133378,7 @@ CVE-2021-36823 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPre
CVE-2021-36822
RESERVED
CVE-2021-36821 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in WPMU DEV Fo ...)
- TODO: check
+ NOT-FOR-US: WMPU
CVE-2021-36820
REJECTED
CVE-2021-36819
@@ -146415,7 +146415,7 @@ CVE-2021-31709
CVE-2021-31708
RESERVED
CVE-2021-31707 (Permissions vulnerability found in KiteCMS allows a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: KiteCMS
CVE-2021-31706
RESERVED
CVE-2021-31705
@@ -146559,7 +146559,7 @@ CVE-2021-31639
CVE-2021-31638
RESERVED
CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, ...)
- TODO: check
+ NOT-FOR-US: UwAmp
CVE-2021-31636
RESERVED
CVE-2021-31635
@@ -161385,7 +161385,7 @@ CVE-2021-3269
CVE-2021-3268
RESERVED
CVE-2021-3267 (File Upload vulnerability found in KiteCMS v.1.1 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: KiteCMS
CVE-2021-3266
RESERVED
CVE-2021-3265
@@ -172076,19 +172076,19 @@ CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticat
CVE-2020-36078
RESERVED
CVE-2020-36077 (SQL injection vulnerability found in Tailor Mangement System v.1 allow ...)
- TODO: check
+ NOT-FOR-US: Tailor Management System
CVE-2020-36076
RESERVED
CVE-2020-36075
RESERVED
CVE-2020-36074 (SQL injection vulnerability found in Tailor Mangement System v.1 allow ...)
- TODO: check
+ NOT-FOR-US: Tailor Management System
CVE-2020-36073 (SQL injection vulnerability found in Tailor Management System v.1 allo ...)
- TODO: check
+ NOT-FOR-US: Tailor Management System
CVE-2020-36072 (SQL injection vulnerability found in Tailor Management System v.1 allo ...)
- TODO: check
+ NOT-FOR-US: Tailor Management System
CVE-2020-36071 (SQL injection vulnerability found in Tailor Management System v.1 allo ...)
- TODO: check
+ NOT-FOR-US: Tailor Management System
CVE-2020-36070
RESERVED
CVE-2020-36069
@@ -195718,7 +195718,7 @@ CVE-2020-24859
CVE-2020-24858
RESERVED
CVE-2020-24857 (Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows a ...)
- TODO: check
+ NOT-FOR-US: IXPManager
CVE-2020-24856
RESERVED
CVE-2020-24855 (Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allo ...)
@@ -199112,7 +199112,7 @@ CVE-2020-23329
CVE-2020-23328
RESERVED
CVE-2020-23327 (Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 all ...)
- TODO: check
+ NOT-FOR-US: ZblogPHP
CVE-2020-23326
RESERVED
CVE-2020-23325
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ff806a05b73771640e75efcb1cdf29d6a8263a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ff806a05b73771640e75efcb1cdf29d6a8263a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/3d78a2cd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list