[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 15 08:10:39 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f93d0e5c by security tracker role at 2023-02-15T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2023-25780
+ RESERVED
+CVE-2023-25776
+ RESERVED
+CVE-2023-25773
+ RESERVED
+CVE-2023-25768
+ RESERVED
+CVE-2023-25767
+ RESERVED
+CVE-2023-25766
+ RESERVED
+CVE-2023-25765
+ RESERVED
+CVE-2023-25764
+ RESERVED
+CVE-2023-25763
+ RESERVED
+CVE-2023-25762
+ RESERVED
+CVE-2023-25761
+ RESERVED
+CVE-2023-25545
+ RESERVED
+CVE-2023-25182
+ RESERVED
+CVE-2023-25179
+ RESERVED
+CVE-2023-25175
+ RESERVED
+CVE-2023-24475
+ RESERVED
+CVE-2023-22661
+ RESERVED
+CVE-2023-22379
+ RESERVED
+CVE-2023-22297
+ RESERVED
+CVE-2023-0836
+ RESERVED
+CVE-2023-0835
+ RESERVED
+CVE-2023-0834
+ RESERVED
CVE-2023-25181
RESERVED
CVE-2023-0833
@@ -199,9 +243,9 @@ CVE-2023-25725 (HAProxy before 2.7.3 may allow a bypass of access control becaus
- haproxy 2.6.8-2
NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8 (v2.6.9)
CVE-2023-25724
- RESERVED
+ REJECTED
CVE-2023-25723
- RESERVED
+ REJECTED
CVE-2023-25722
RESERVED
CVE-2023-25721
@@ -767,8 +811,8 @@ CVE-2023-25579
RESERVED
CVE-2023-25578
RESERVED
-CVE-2023-25577
- RESERVED
+CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
+ TODO: check
CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
TODO: check
CVE-2023-25575
@@ -2192,8 +2236,8 @@ CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3,
CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
-CVE-2023-25011
- RESERVED
+CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...)
+ TODO: check
CVE-2023-25010
RESERVED
CVE-2023-25009
@@ -3368,8 +3412,7 @@ CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hi
NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
CVE-2023-0526
RESERVED
-CVE-2023-24580
- RESERVED
+CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Django 3.2 ...)
- python-django 3:3.2.18-1 (bug #1031290)
NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18)
@@ -5021,8 +5064,7 @@ CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share,
TODO: check
CVE-2023-23947
RESERVED
-CVE-2023-23946
- RESERVED
+CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...)
- git <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
NOTE: https://github.com/git/git/commit/fade728df1221598f42d391cf377e9e84a32053f (v2.30.8)
@@ -5053,8 +5095,8 @@ CVE-2023-23936
RESERVED
CVE-2023-23935
RESERVED
-CVE-2023-23934
- RESERVED
+CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
+ TODO: check
CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...)
NOT-FOR-US: OpenSearch Anomaly Detection
CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...)
@@ -5977,8 +6019,8 @@ CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to versio
NOT-FOR-US: Discourse
CVE-2023-23619 (Modelina is a library for generating data models based on inputs such ...)
NOT-FOR-US: Modelina
-CVE-2023-23618
- RESERVED
+CVE-2023-23618 (Git for Windows is the Windows port of the revision control system Git ...)
+ TODO: check
CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and ...)
NOT-FOR-US: OpenMage LTS
CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
@@ -6822,8 +6864,8 @@ CVE-2023-23392
RESERVED
CVE-2023-23391
RESERVED
-CVE-2023-23390
- RESERVED
+CVE-2023-23390 (3D Builder Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-23389
RESERVED
CVE-2023-23388
@@ -6838,24 +6880,24 @@ CVE-2023-23384
RESERVED
CVE-2023-23383
RESERVED
-CVE-2023-23382
- RESERVED
-CVE-2023-23381
- RESERVED
+CVE-2023-23382 (Azure Machine Learning Compute Instance Information Disclosure Vulnera ...)
+ TODO: check
+CVE-2023-23381 (Visual Studio Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-23380
RESERVED
-CVE-2023-23379
- RESERVED
-CVE-2023-23378
- RESERVED
-CVE-2023-23377
- RESERVED
-CVE-2023-23376
- RESERVED
+CVE-2023-23379 (Microsoft Defender for IoT Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23378 (Print 3D Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23377 (3D Builder Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23376 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
CVE-2023-23375
RESERVED
-CVE-2023-23374
- RESERVED
+CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-23373
RESERVED
CVE-2023-23372
@@ -8749,8 +8791,8 @@ CVE-2023-22745 (tpm2-tss is an open source software implementation of the Truste
NOTE: https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67
CVE-2023-22744
RESERVED
-CVE-2023-22743
- RESERVED
+CVE-2023-22743 (Git for Windows is the Windows port of the revision control system Git ...)
+ TODO: check
CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...)
- libgit2 1.5.1+ds-1 (bug #1029368)
[bullseye] - libgit2 <no-dsa> (Minor issue)
@@ -9136,8 +9178,8 @@ CVE-2023-22631
RESERVED
CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection via a get ...)
NOT-FOR-US: IzyBat Orange casiers
-CVE-2023-22629
- RESERVED
+CVE-2023-22629 (An issue was discovered in TitanFTP through 1.94.1205. The move-file f ...)
+ TODO: check
CVE-2023-22628
RESERVED
CVE-2023-22627
@@ -9772,8 +9814,7 @@ CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is
NOT-FOR-US: ZITADEL
CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...)
NOT-FOR-US: Gatsby
-CVE-2023-22490
- RESERVED
+CVE-2023-22490 (Git is a revision control system. Using a specially-crafted repository ...)
- git <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
NOTE: https://github.com/git/git/commit/58325b93c5b6212697b088371809e9948fee8052 (v2.30.8)
@@ -10531,8 +10572,8 @@ CVE-2023-22421
RESERVED
CVE-2023-22419
RESERVED
-CVE-2023-22377
- RESERVED
+CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
+ TODO: check
CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
TODO: check
CVE-2023-22375 (** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vuln ...)
@@ -10541,8 +10582,8 @@ CVE-2023-22370 (** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vuln
TODO: check
CVE-2023-22369
REJECTED
-CVE-2023-22368
- RESERVED
+CVE-2023-22368 (Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 an ...)
+ TODO: check
CVE-2023-22367 (Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Androi ...)
NOT-FOR-US: Ichiran
CVE-2023-22362 (SUSHIRO App for Android outputs sensitive information to the log file, ...)
@@ -13237,66 +13278,66 @@ CVE-2022-4581 (A vulnerability was found in 1j01 mind-map and classified as prob
NOT-FOR-US: 1j01
CVE-2021-4246 (A vulnerability was found in roxlukas LMeve and classified as critical ...)
NOT-FOR-US: roxlukas LMeve
-CVE-2023-21823
- RESERVED
-CVE-2023-21822
- RESERVED
+CVE-2023-21823 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21822 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2023-21821
RESERVED
-CVE-2023-21820
- RESERVED
-CVE-2023-21819
- RESERVED
-CVE-2023-21818
- RESERVED
-CVE-2023-21817
- RESERVED
-CVE-2023-21816
- RESERVED
-CVE-2023-21815
- RESERVED
+CVE-2023-21820 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...)
+ TODO: check
+CVE-2023-21819 (Windows Secure Channel Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21818 (Windows Secure Channel Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21817 (Windows Kerberos Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-21816 (Windows Active Directory Domain Services API Denial of Service Vulnera ...)
+ TODO: check
+CVE-2023-21815 (Visual Studio Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21814
RESERVED
-CVE-2023-21813
- RESERVED
-CVE-2023-21812
- RESERVED
-CVE-2023-21811
- RESERVED
+CVE-2023-21813 (Windows Secure Channel Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21812 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2023-21811 (Windows iSCSI Service Denial of Service Vulnerability ...)
+ TODO: check
CVE-2023-21810
RESERVED
-CVE-2023-21809
- RESERVED
-CVE-2023-21808
- RESERVED
-CVE-2023-21807
- RESERVED
-CVE-2023-21806
- RESERVED
-CVE-2023-21805
- RESERVED
-CVE-2023-21804
- RESERVED
-CVE-2023-21803
- RESERVED
-CVE-2023-21802
- RESERVED
-CVE-2023-21801
- RESERVED
-CVE-2023-21800
- RESERVED
-CVE-2023-21799
- RESERVED
-CVE-2023-21798
- RESERVED
-CVE-2023-21797
- RESERVED
+CVE-2023-21809 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2023-21808 (.NET and Visual Studio Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21807 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-21806 (Power BI Report Server Spoofing Vulnerability ...)
+ TODO: check
+CVE-2023-21805 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21804 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-21803 (Windows iSCSI Discovery Service Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21802 (Windows Media Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21801 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2023-21800 (Windows Installer Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-21799 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-21798 (Microsoft ODBC Driver Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21797 (Microsoft ODBC Driver Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2023-21794
- RESERVED
+CVE-2023-21794 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
+ TODO: check
CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
NOT-FOR-US: Microsoft
CVE-2023-21792 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
@@ -13327,10 +13368,10 @@ CVE-2023-21780 (3D Builder Remote Code Execution Vulnerability. This CVE ID is u
NOT-FOR-US: Microsoft
CVE-2023-21779 (Visual Studio Code Remote Code Execution. ...)
NOT-FOR-US: Microsoft
-CVE-2023-21778
- RESERVED
-CVE-2023-21777
- RESERVED
+CVE-2023-21778 (Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerab ...)
+ TODO: check
+CVE-2023-21777 (Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerabil ...)
+ TODO: check
CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
@@ -14036,84 +14077,84 @@ CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Messag
NOT-FOR-US: KDDI +Message App, NTT DOCOMO +Message App and SoftBank +Message App
CVE-2023-21723
RESERVED
-CVE-2023-21722
- RESERVED
-CVE-2023-21721
- RESERVED
-CVE-2023-21720
- RESERVED
+CVE-2023-21722 (.NET Framework Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21721 (Microsoft OneNote Spoofing Vulnerability ...)
+ TODO: check
+CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...)
+ TODO: check
CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2023-21718
- RESERVED
-CVE-2023-21717
- RESERVED
-CVE-2023-21716
- RESERVED
-CVE-2023-21715
- RESERVED
-CVE-2023-21714
- RESERVED
-CVE-2023-21713
- RESERVED
+CVE-2023-21718 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21715 (Microsoft Publisher Security Features Bypass Vulnerability ...)
+ TODO: check
+CVE-2023-21714 (Microsoft Office Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2023-21713 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21712
RESERVED
CVE-2023-21711
RESERVED
-CVE-2023-21710
- RESERVED
+CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21709
RESERVED
CVE-2023-21708
RESERVED
-CVE-2023-21707
- RESERVED
-CVE-2023-21706
- RESERVED
-CVE-2023-21705
- RESERVED
-CVE-2023-21704
- RESERVED
-CVE-2023-21703
- RESERVED
-CVE-2023-21702
- RESERVED
-CVE-2023-21701
- RESERVED
-CVE-2023-21700
- RESERVED
-CVE-2023-21699
- RESERVED
+CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21706 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21705 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21704 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2023-21703 (Azure Data Box Gateway Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21702 (Windows iSCSI Service Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21701 (Microsoft Protected Extensible Authentication Protocol (PEAP) Denial o ...)
+ TODO: check
+CVE-2023-21700 (Windows iSCSI Discovery Service Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21699 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...)
+ TODO: check
CVE-2023-21698
RESERVED
-CVE-2023-21697
- RESERVED
+CVE-2023-21697 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...)
+ TODO: check
CVE-2023-21696
RESERVED
-CVE-2023-21695
- RESERVED
-CVE-2023-21694
- RESERVED
-CVE-2023-21693
- RESERVED
-CVE-2023-21692
- RESERVED
-CVE-2023-21691
- RESERVED
-CVE-2023-21690
- RESERVED
-CVE-2023-21689
- RESERVED
-CVE-2023-21688
- RESERVED
-CVE-2023-21687
- RESERVED
-CVE-2023-21686
- RESERVED
-CVE-2023-21685
- RESERVED
-CVE-2023-21684
- RESERVED
+CVE-2023-21695 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
+ TODO: check
+CVE-2023-21694 (Windows Fax Service Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21693 (Microsoft PostScript Printer Driver Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2023-21692 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
+ TODO: check
+CVE-2023-21691 (Microsoft Protected Extensible Authentication Protocol (PEAP) Informat ...)
+ TODO: check
+CVE-2023-21690 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
+ TODO: check
+CVE-2023-21689 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
+ TODO: check
+CVE-2023-21688 (NT OS Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-21687 (HTTP.sys Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2023-21686 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-21685 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-21684 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
+ TODO: check
CVE-2023-21683 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
NOT-FOR-US: Microsoft
CVE-2023-21682 (Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerabi ...)
@@ -14138,10 +14179,10 @@ CVE-2022-47375
RESERVED
CVE-2022-47374
RESERVED
-CVE-2022-47373
- RESERVED
-CVE-2022-47372
- RESERVED
+CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of Module Libra ...)
+ TODO: check
+CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event section ...)
+ TODO: check
CVE-2022-4457 (Due to a misconfiguration in the manifest file of the WARP client for ...)
NOT-FOR-US: Cloudflare Warp
CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...)
@@ -17016,26 +17057,26 @@ CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allo
{DSA-5295-1}
- chromium 108.0.5359.94-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-21573
- RESERVED
-CVE-2023-21572
- RESERVED
-CVE-2023-21571
- RESERVED
-CVE-2023-21570
- RESERVED
+CVE-2023-21573 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-21572 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-21571 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
CVE-2023-21569
RESERVED
-CVE-2023-21568
- RESERVED
-CVE-2023-21567
- RESERVED
-CVE-2023-21566
- RESERVED
+CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote Code Ex ...)
+ TODO: check
+CVE-2023-21567 (Visual Studio Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2023-21565
RESERVED
-CVE-2023-21564
- RESERVED
+CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability ...)
+ TODO: check
CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21562
@@ -17056,8 +17097,8 @@ CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution
NOT-FOR-US: Microsoft
CVE-2023-21554
RESERVED
-CVE-2023-21553
- RESERVED
+CVE-2023-21553 (Azure DevOps Server Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
NOT-FOR-US: Microsoft
CVE-2023-21551 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
@@ -17104,10 +17145,10 @@ CVE-2023-21531 (Azure Service Fabric Container Elevation of Privilege Vulnerabil
NOT-FOR-US: Microsoft
CVE-2023-21530
RESERVED
-CVE-2023-21529
- RESERVED
-CVE-2023-21528
- RESERVED
+CVE-2023-21529 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-21528 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21526
@@ -19718,10 +19759,10 @@ CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration
NOT-FOR-US: Zyxel
CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by ...)
NOT-FOR-US: Apache Superset
-CVE-2022-45437
- RESERVED
-CVE-2022-45436
- RESERVED
+CVE-2022-45437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2022-45436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-4003
RESERVED
CVE-2022-4002
@@ -22844,8 +22885,8 @@ CVE-2023-20951
RESERVED
CVE-2023-20950
RESERVED
-CVE-2023-20949
- RESERVED
+CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...)
+ TODO: check
CVE-2023-20948
RESERVED
NOT-FOR-US: Android
@@ -22908,8 +22949,8 @@ CVE-2023-20928 (In binder_vma_close of binder.c, there is a possible use after f
NOTE: https://android.googlesource.com/kernel/common/+/201d5f4a3ec1
NOTE: https://source.android.com/docs/security/bulletin/2023-01-01
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2374
-CVE-2023-20927
- RESERVED
+CVE-2023-20927 (In permissions of AndroidManifest.xml, there is a possible way to gran ...)
+ TODO: check
CVE-2023-20926
RESERVED
CVE-2023-20925 (In setUclampMinLocked of PowerSessionManager.cpp, there is a possible ...)
@@ -56421,12 +56462,12 @@ CVE-2022-32957
RESERVED
CVE-2022-32956
RESERVED
-CVE-2022-32955
- RESERVED
-CVE-2022-32954
- RESERVED
-CVE-2022-32953
- RESERVED
+CVE-2022-32955 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
+CVE-2022-32954 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5. ...)
+ TODO: check
+CVE-2022-32953 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32952
REJECTED
CVE-2022-32951
@@ -57593,24 +57634,24 @@ CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0
NOT-FOR-US: Dell
CVE-2022-32479
RESERVED
-CVE-2022-32478
- RESERVED
+CVE-2022-32478 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32477
RESERVED
-CVE-2022-32476
- RESERVED
+CVE-2022-32476 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32475
RESERVED
-CVE-2022-32474
- RESERVED
-CVE-2022-32473
- RESERVED
+CVE-2022-32474 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
+CVE-2022-32473 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32472
REJECTED
-CVE-2022-32471
- RESERVED
-CVE-2022-32470
- RESERVED
+CVE-2022-32471 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
+ TODO: check
+CVE-2022-32470 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32469
RESERVED
CVE-2022-32468
@@ -66468,8 +66509,8 @@ CVE-2022-29559
RESERVED
CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...)
NOT-FOR-US: Realtek
-CVE-2022-29557
- RESERVED
+CVE-2022-29557 (LexisNexis Firco Compliance Link 3.7 allows CSRF. ...)
+ TODO: check
CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise ...)
NOT-FOR-US: mendersoftware/iot-manager
CVE-2022-29555 (The Deviceconnect microservice through 1.3.0 in Northern.tech Mender E ...)
@@ -71986,8 +72027,8 @@ CVE-2022-27679
RESERVED
CVE-2022-27678
RESERVED
-CVE-2022-27677
- RESERVED
+CVE-2022-27677 (Failure to validate privileges during installation of AMD Ryzen™ ...)
+ TODO: check
CVE-2022-27676
REJECTED
CVE-2022-27675
@@ -71996,8 +72037,7 @@ CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in AMD
NOT-FOR-US: AMD
CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may potential ...)
NOT-FOR-US: AMD
-CVE-2022-27672
- RESERVED
+CVE-2022-27672 (When SMT is enabled, certain AMD processors may speculatively execute ...)
- linux 6.1.12-1
- xen <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/4
@@ -76766,8 +76806,8 @@ CVE-2022-25981
RESERVED
CVE-2022-25979 (Versions of the package jsuites before 5.0.1 are vulnerable to Cross-s ...)
TODO: check
-CVE-2022-25978
- RESERVED
+CVE-2022-25978 (All versions of the package github.com/usememos/memos/server are vulne ...)
+ TODO: check
CVE-2022-25977
RESERVED
CVE-2022-25975
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f93d0e5c48eb20cbf9ac37f49334872e8b00d376
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f93d0e5c48eb20cbf9ac37f49334872e8b00d376
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230215/e9efae76/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list