[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 20 20:12:22 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23bb7f67 by security tracker role at 2023-12-20T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,130 @@
-CVE-2023-37544
+CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
+ TODO: check
+CVE-2023-6912 (Lack of protection against brute force attacks in M-Files Server befor ...)
+ TODO: check
+CVE-2023-6910 (A vulnerable API method in M-Files Server before 23.12.13195.0 allows ...)
+ TODO: check
+CVE-2023-6784 (A malicious user could potentially use the Sitefinity system for the d ...)
+ TODO: check
+CVE-2023-6769 (Stored XSS vulnerability in Amazing Little Poll, affecting versions 1. ...)
+ TODO: check
+CVE-2023-6768 (Authentication bypass vulnerability in Amazing Little Poll affecting v ...)
+ TODO: check
+CVE-2023-6562 (JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an att ...)
+ TODO: check
+CVE-2023-5011 (Student Information System v1.0 is vulnerable to multiple Authenticate ...)
+ TODO: check
+CVE-2023-5010 (Student Information System v1.0 is vulnerable to multiple Authenticate ...)
+ TODO: check
+CVE-2023-5007 (Student Information System v1.0 is vulnerable to multiple Authenticate ...)
+ TODO: check
+CVE-2023-51462 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-51461 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-51460 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-51459 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-51458 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-51457 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-50628 (Buffer Overflow vulnerability in libming version 0.4.8, allows attacke ...)
+ TODO: check
+CVE-2023-50249 (Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Reg ...)
+ TODO: check
+CVE-2023-50044 (Buffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows at ...)
+ TODO: check
+CVE-2023-49825 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-49814 (Unrestricted Upload of File with Dangerous Type vulnerability in Symbi ...)
+ TODO: check
+CVE-2023-49776 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-49773 (Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp ...)
+ TODO: check
+CVE-2023-49772 (Deserialization of Untrusted Data vulnerability in Phpbits Creative St ...)
+ TODO: check
+CVE-2023-49752 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-49272 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...)
+ TODO: check
+CVE-2023-49271 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...)
+ TODO: check
+CVE-2023-49270 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...)
+ TODO: check
+CVE-2023-49269 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...)
+ TODO: check
+CVE-2023-49166 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-49161 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-47990 (SQL Injection vulnerability in components/table_manager/html/edit_admi ...)
+ TODO: check
+CVE-2023-47852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-47784 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
+CVE-2023-47507 (Deserialization of Untrusted Data vulnerability in Master Slider Maste ...)
+ TODO: check
+CVE-2023-47236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-47118 (ClickHouse\xae is an open-source column-oriented database management s ...)
+ TODO: check
+CVE-2023-46311 (Authorization Bypass Through User-Controlled Key vulnerability in gVec ...)
+ TODO: check
+CVE-2023-46149 (Unrestricted Upload of File with Dangerous Type vulnerability in Themi ...)
+ TODO: check
+CVE-2023-46147 (Deserialization of Untrusted Data vulnerability in Themify Themify Ult ...)
+ TODO: check
+CVE-2023-45603 (Unrestricted Upload of File with Dangerous Type vulnerability in Jeff ...)
+ TODO: check
+CVE-2023-41796 (Authorization Bypass Through User-Controlled Key vulnerability in WP S ...)
+ TODO: check
+CVE-2023-40555 (Deserialization of Untrusted Data vulnerability in UX-themes Flatsome ...)
+ TODO: check
+CVE-2023-40204 (Unrestricted Upload of File with Dangerous Type vulnerability in Premi ...)
+ TODO: check
+CVE-2023-40010 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-3742 (Insufficient policy enforcement in ADB in Google Chrome on ChromeOS pr ...)
+ TODO: check
+CVE-2023-38519 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-38513 (Authorization Bypass Through User-Controlled Key vulnerability in Jord ...)
+ TODO: check
+CVE-2023-37871 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
+ TODO: check
+CVE-2023-36520 (Authorization Bypass Through User-Controlled Key vulnerability in Mark ...)
+ TODO: check
+CVE-2023-35916 (Authorization Bypass Through User-Controlled Key vulnerability in Auto ...)
+ TODO: check
+CVE-2023-35915 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-35914 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
+ TODO: check
+CVE-2023-35895 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code e ...)
+ TODO: check
+CVE-2023-35876 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
+ TODO: check
+CVE-2023-34385 (Unrestricted Upload of File with Dangerous Type vulnerability in Aksha ...)
+ TODO: check
+CVE-2023-34007 (Unrestricted Upload of File with Dangerous Type vulnerability in WPChi ...)
+ TODO: check
+CVE-2023-33330 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-33318 (Unrestricted Upload of File with Dangerous Type vulnerability in WooCo ...)
+ TODO: check
+CVE-2023-33209 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32743 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32590 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32128 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-37544 (Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-6977 (This vulnerability enables malicious users to read sensitive files on ...)
NOT-FOR-US: mlflow
@@ -193,6 +319,7 @@ CVE-2023-50761 (The signature of a digitally signed S/MIME email message may opt
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`. This iss ...)
+ {DSA-5581-1}
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
@@ -203,6 +330,7 @@ CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs sho
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -210,6 +338,7 @@ CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
@@ -230,6 +359,7 @@ CVE-2023-6868 (In some instances, the user-agent would allow push requests which
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -237,11 +367,13 @@ CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -252,6 +384,7 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling.
- firefox 121.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -259,6 +392,7 @@ CVE-2023-6859 (A use-after-free condition affected TLS socket creation when unde
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -266,6 +400,7 @@ CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragm
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -273,11 +408,13 @@ CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passe
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -2198,7 +2335,8 @@ CVE-2023-45292 (When using the default implementation of Verify to check a Captc
NOT-FOR-US: base64Captcha
CVE-2023-42932 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
-CVE-2023-42927 (A privacy issue was addressed with improved private data redaction for ...)
+CVE-2023-42927
+ REJECTED
NOT-FOR-US: Apple
CVE-2023-42926 (Multiple memory corruption issues were addressed with improved input v ...)
NOT-FOR-US: Apple
@@ -33224,8 +33362,8 @@ CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31231
- RESERVED
+CVE-2023-31231 (Unrestricted Upload of File with Dangerous Type vulnerability in Unlim ...)
+ TODO: check
CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tong ...)
NOT-FOR-US: Haoqisir Baidu Tongji generator
CVE-2023-31229
@@ -33352,8 +33490,8 @@ CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31215
- RESERVED
+CVE-2023-31215 (Unrestricted Upload of File with Dangerous Type vulnerability in Amade ...)
+ TODO: check
CVE-2023-31214
RESERVED
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -33724,8 +33862,8 @@ CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in La
NOT-FOR-US: WooCommerce plugin
CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31092
- RESERVED
+CVE-2023-31092 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31090
@@ -34345,8 +34483,8 @@ CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-30873
RESERVED
-CVE-2023-30872
- RESERVED
+CVE-2023-30872 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30870
@@ -34916,8 +35054,8 @@ CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iCon ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30750
- RESERVED
+CVE-2023-30750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30748
@@ -35832,8 +35970,8 @@ CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Si
NOT-FOR-US: WordPress plugin
CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30495
- RESERVED
+CVE-2023-30495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic ...)
@@ -38435,8 +38573,8 @@ CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-29433
RESERVED
-CVE-2023-29432
- RESERVED
+CVE-2023-29432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-29431
RESERVED
CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHtheme ...)
@@ -38751,8 +38889,8 @@ CVE-2023-29386
RESERVED
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29384
- RESERVED
+CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability in HM Pl ...)
+ TODO: check
CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...)
@@ -39639,8 +39777,8 @@ CVE-2023-29104 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
NOT-FOR-US: Siemens
CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
NOT-FOR-US: Siemens
-CVE-2023-29102
- RESERVED
+CVE-2023-29102 (Unrestricted Upload of File with Dangerous Type vulnerability in Olive ...)
+ TODO: check
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
NOT-FOR-US: Muffingroup
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
@@ -39651,8 +39789,8 @@ CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ar
NOT-FOR-US: WordPress plugin
CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3r ...)
NOT-FOR-US: WordPress Plugin
-CVE-2023-29096
- RESERVED
+CVE-2023-29096 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
@@ -40805,8 +40943,8 @@ CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28788
- RESERVED
+CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-28787
RESERVED
CVE-2023-28786
@@ -40817,8 +40955,8 @@ CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
NOT-FOR-US: WordPress plugin
CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress Plugin
-CVE-2023-28782
- RESERVED
+CVE-2023-28782 (Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. G ...)
+ TODO: check
CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local P ...)
@@ -41812,8 +41950,8 @@ CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerab
NOT-FOR-US: Wordpress theme
CVE-2023-28492
RESERVED
-CVE-2023-28491
- RESERVED
+CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
@@ -43025,8 +43163,8 @@ CVE-2023-28172 (Cross-Site Request Forgery (CSRF) vulnerability in flippercode W
NOT-FOR-US: WordPress plugin
CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress theme
-CVE-2023-28170
- RESERVED
+CVE-2023-28170 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28168
@@ -47719,8 +47857,8 @@ CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26526
RESERVED
-CVE-2023-26525
- RESERVED
+CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26523
@@ -49381,8 +49519,8 @@ CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25970
- RESERVED
+CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability in Zendr ...)
+ TODO: check
CVE-2023-25969
RESERVED
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...)
@@ -55515,8 +55653,8 @@ CVE-2023-23972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23970
- RESERVED
+CVE-2023-23970 (Unrestricted Upload of File with Dangerous Type vulnerability in WooRo ...)
+ TODO: check
CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...)
NOT-FOR-US: MilesightVPN
CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...)
@@ -63067,12 +63205,12 @@ CVE-2022-47601
RESERVED
CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47599
- RESERVED
+CVE-2022-47599 (Deserialization of Untrusted Data vulnerability in File Manager by Bit ...)
+ TODO: check
CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47597
- RESERVED
+CVE-2022-47597 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -74385,8 +74523,8 @@ CVE-2022-44686
RESERVED
CVE-2022-44685
RESERVED
-CVE-2022-44684
- RESERVED
+CVE-2022-44684 (Windows Local Session Manager (LSM) Denial of Service Vulnerability)
+ TODO: check
CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability)
@@ -83697,7 +83835,7 @@ CVE-2022-42004 (In FasterXML jackson-databind before 2.13.4, resource exhaustion
NOTE: https://github.com/FasterXML/jackson-databind/issues/3582
NOTE: https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 (jackson-databind-2.13.4)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
-CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion c ...)
+CVE-2022-42003 (In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, ...)
{DSA-5283-1 DLA-3207-1}
- jackson-databind 2.14.0-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/3590
@@ -86297,9 +86435,9 @@ CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41084
RESERVED
-CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability.)
+CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability.)
+CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
@@ -86377,33 +86515,33 @@ CVE-2022-41045 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privil
NOT-FOR-US: Microsoft
CVE-2022-41044 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability.)
+CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability.)
+CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41041
RESERVED
-CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability.)
+CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41039 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability.)
+CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability.)
+CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege Vulnerability ...)
+CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability.)
+CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability)
- nuget <not-affected> (Vulnerable code not present)
NOTE: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032
NOTE: https://github.com/NuGet/NuGet.Client/commit/3c1bf9decc8a114c091a6164c42f524ae2bb1e21 (6.3.1.1)
-CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability.)
+CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
@@ -94631,45 +94769,45 @@ CVE-2022-2727 (A vulnerability was found in SourceCodester Gym Management System
NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2726 (A vulnerability classified as critical has been found in SEMCMS. This ...)
NOT-FOR-US: SEMCMS
-CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38052
RESERVED
-CVE-2022-38051 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+CVE-2022-38051 (Windows Graphics Component Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability.)
+CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability.)
+CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability.)
+CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38047 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability.)
+CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38045 (Server Service Remote Protocol Elevation of Privilege Vulnerability.)
+CVE-2022-38045 (Windows Server Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution Vulnerability.)
+CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38043 (Windows Security Support Provider Interface Information Disclosure Vul ...)
NOT-FOR-US: Microsoft
-CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege Vulnerability.)
+CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability.)
+CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability.)
+CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.)
+CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38035
RESERVED
-CVE-2022-38034 (Windows Workstation Service Elevation of Privilege Vulnerability.)
+CVE-2022-38034 (Windows Workstation Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38033 (Windows Server Remotely Accessible Registry Keys Information Disclosur ...)
NOT-FOR-US: Microsoft
@@ -94677,15 +94815,15 @@ CVE-2022-38032 (Windows Portable Device Enumerator Service Security Feature Bypa
NOT-FOR-US: Microsoft
CVE-2022-38031 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-38030 (Windows USB Serial Driver Information Disclosure Vulnerability.)
+CVE-2022-38030 (Windows USB Serial Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability.)
+CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability.)
+CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability.)
+CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability.)
+CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -94696,17 +94834,17 @@ CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability)
NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html
NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
-CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability.)
+CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38018
RESERVED
-CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability.)
+CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
@@ -94714,11 +94852,11 @@ CVE-2022-38015 (Windows Hyper-V Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability.)
+CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability.)
+CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38010 (Microsoft Office Visio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -94734,23 +94872,23 @@ CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38003 (Windows Resilient File System Elevation of Privilege.)
+CVE-2022-38003 (Windows Resilient File System Elevation of Privilege)
NOT-FOR-US: Microsoft
CVE-2022-38002
RESERVED
-CVE-2022-38001 (Microsoft Office Spoofing Vulnerability.)
+CVE-2022-38001 (Microsoft Office Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38000 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-37999 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service Vulnerability. T ...)
+CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37997 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+CVE-2022-37997 (Windows Graphics Component Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability.)
+CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
@@ -94758,53 +94896,53 @@ CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege Vu
NOT-FOR-US: Microsoft
CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37989 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
NOT-FOR-US: Microsoft
-CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37987 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
NOT-FOR-US: Microsoft
-CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability.)
+CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37985 (Windows Graphics Component Information Disclosure Vulnerability.)
+CVE-2022-37985 (Windows Graphics Component Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability.)
+CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege Vulnerability.)
+CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37982 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability.)
+CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability.)
+CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability.)
+CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature Bypass.)
+CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature Bypass)
NOT-FOR-US: Microsoft
CVE-2022-37977 (Local Security Authority Subsystem Service (LSASS) Denial of Service V ...)
NOT-FOR-US: Microsoft
CVE-2022-37976 (Active Directory Certificate Services Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability.)
+CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37974 (Windows Mixed Reality Developer Tools Information Disclosure Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service Vulnerability. T ...)
+CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability.)
+CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege Vulnerability.)
+CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability.)
+CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vu ...)
+CVE-2022-37968 (<p>Microsoft has identified a vulnerability affecting the cluster conn ...)
NOT-FOR-US: Microsoft
CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
@@ -100474,7 +100612,7 @@ CVE-2022-35831 (Windows Remote Access Connection Manager Information Disclosure
NOT-FOR-US: Microsoft
CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability.)
+CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...)
NOT-FOR-US: Microsoft
@@ -100592,7 +100730,7 @@ CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35770 (Windows NTLM Spoofing Vulnerability.)
+CVE-2022-35770 (Windows NTLM Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
@@ -103695,7 +103833,7 @@ CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerab
NOT-FOR-US: Microsoft
CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability.)
+CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34688
RESERVED
@@ -106783,7 +106921,7 @@ CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability.)
+CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -106803,7 +106941,7 @@ CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability.)
+CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33634 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
@@ -126251,7 +126389,7 @@ CVE-2022-26931 (Windows Kerberos Elevation of Privilege Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability.)
+CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -133516,7 +133654,7 @@ CVE-2022-24482 (Windows ALPC Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability.)
+CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23bb7f67b106896813a35dcfab6c0f11c9550f18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23bb7f67b106896813a35dcfab6c0f11c9550f18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/5833c392/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list