[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 16 09:53:30 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
524b2239 by Moritz Muehlenhoff at 2023-02-16T10:53:07+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -101,11 +101,11 @@ CVE-2023-25860
CVE-2023-25859
RESERVED
CVE-2023-0850 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classifie ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and clas ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-0847
RESERVED
CVE-2023-25858
@@ -277,7 +277,7 @@ CVE-2023-0842
CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...)
TODO: check
CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...)
- TODO: check
+ NOT-FOR-US: PHPCrazy
CVE-2023-0839
RESERVED
CVE-2023-0838
@@ -1116,13 +1116,13 @@ CVE-2023-25580
CVE-2023-25579
RESERVED
CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
- TODO: check
+ NOT-FOR-US: Starlite
CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
- python-werkzeug <unfixed> (bug #1031370)
NOTE: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 (2.2.3)
NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
- TODO: check
+ NOT-FOR-US: Fastify plugin
CVE-2023-25575
RESERVED
CVE-2023-25574
@@ -1132,7 +1132,7 @@ CVE-2023-25573
CVE-2023-25572 (react-admin is a frontend framework for building browser applications ...)
NOT-FOR-US: react-admin
CVE-2023-25571 (Backstage is an open platform for building developer portals. `@backst ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2023-25570
RESERVED
CVE-2023-25569
@@ -2067,9 +2067,9 @@ CVE-2014-125085 (A vulnerability, which was classified as critical, was found in
CVE-2014-125084 (A vulnerability, which was classified as critical, has been found in G ...)
NOT-FOR-US: Gimmie
CVE-2023-25192 (AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fi ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2023-25191 (AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2023-25190
RESERVED
CVE-2023-0678 (Improper Authorization in GitHub repository phpipam/phpipam prior to v ...)
@@ -2147,7 +2147,7 @@ CVE-2023-25173
CVE-2023-25172
RESERVED
CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...)
- TODO: check
+ NOT-FOR-US: Kiwi TCMS
CVE-2023-25170
RESERVED
CVE-2023-25169
@@ -2177,7 +2177,7 @@ CVE-2023-25158
CVE-2023-25157
RESERVED
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
- TODO: check
+ NOT-FOR-US: Kiwi TCMS
CVE-2023-25155
RESERVED
CVE-2023-25154
@@ -2193,7 +2193,7 @@ CVE-2023-25151 (opentelemetry-go-contrib is a collection of extensions for OpenT
CVE-2023-25150 (Nextcloud office/richdocuments is an office suit for the nextcloud ser ...)
NOT-FOR-US: Nextcloud office/richdocuments
CVE-2023-25149 (TimescaleDB, an open-source time-series SQL database, has a privilege ...)
- TODO: check
+ NOT-FOR-US: Timescale TimescaleDB
CVE-2023-25148
RESERVED
CVE-2023-25147
@@ -2548,7 +2548,7 @@ CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_re
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...)
- TODO: check
+ NOT-FOR-US: PC settings tool
CVE-2023-25010
RESERVED
CVE-2023-25009
@@ -3993,9 +3993,9 @@ CVE-2023-24501
CVE-2023-24500
RESERVED
CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's device. ...)
- TODO: check
+ NOT-FOR-US: Butterfly Button plugin
CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-24497
RESERVED
CVE-2023-24496
@@ -4758,9 +4758,9 @@ CVE-2023-24190
CVE-2023-24189
RESERVED
CVE-2023-24188 (ureport v2.2.9 was discovered to contain an arbitrary file deletion vu ...)
- TODO: check
+ NOT-FOR-US: ureport
CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...)
- TODO: check
+ NOT-FOR-US: ureport
CVE-2023-24186
RESERVED
CVE-2023-24185
@@ -4962,11 +4962,11 @@ CVE-2023-24088
CVE-2023-24087
RESERVED
CVE-2023-24086 (SLIMS v9.5.2 was discovered to contain a reflected cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: SLIMS#
CVE-2023-24085
RESERVED
CVE-2023-24084 (ChiKoi v1.0 was discovered to contain a SQL injection vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: ChiKoi
CVE-2023-24083
RESERVED
CVE-2023-24082
@@ -5370,7 +5370,7 @@ CVE-2023-23950 (User’s supplied input (usually a CRLF sequence) can be use
CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...)
NOT-FOR-US: Symantec
CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share, and e ...)
- TODO: check
+ NOT-FOR-US: ownCloud Android app
CVE-2023-23947
RESERVED
CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...)
@@ -5639,7 +5639,7 @@ CVE-2023-23838
CVE-2023-23837
RESERVED
CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be susceptible to th ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...)
NOT-FOR-US: Zephyr
CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...)
@@ -6346,7 +6346,7 @@ CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to versio
CVE-2023-23619 (Modelina is a library for generating data models based on inputs such ...)
NOT-FOR-US: Modelina
CVE-2023-23618 (Git for Windows is the Windows port of the revision control system Git ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and ...)
NOT-FOR-US: OpenMage LTS
CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
@@ -6968,25 +6968,25 @@ CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2,
CVE-2023-23468
RESERVED
CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS possible th ...)
- TODO: check
+ NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently protected ...)
- TODO: check
+ NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23465 (Media CP Media Control Panel latest version. CSRF possible through uns ...)
- TODO: check
+ NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23464 (Media CP Media Control Panel latest version. A Permissive Flash Cross- ...)
- TODO: check
+ NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23463 (Sunell DVR, latest version, Insufficiently Protected Credentials (CWE- ...)
- TODO: check
+ NOT-FOR-US: Sunell DVR
CVE-2023-23462 (Libpeconv – integer overflow, before commit 75b1565 (30/11/2022) ...)
- TODO: check
+ NOT-FOR-US: libpeconv
CVE-2023-23461 (Libpeconv – access violation, before commit b076013 (30/11/2022) ...)
- TODO: check
+ NOT-FOR-US: libpeconv
CVE-2023-23460 (Priority Web version 19.1.0.68, parameter manipulation on an unspecifi ...)
- TODO: check
+ NOT-FOR-US: Priority Web
CVE-2023-23459 (Priority Windows may allow Command Execution via SQL Injection using a ...)
- TODO: check
+ NOT-FOR-US: Priority Windows
CVE-2023-23458 (Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information ...)
- TODO: check
+ NOT-FOR-US: Sunell DVR
CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...)
- upx-ucl <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160382
@@ -8180,31 +8180,31 @@ CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, t
CVE-2023-22944
RESERVED
CVE-2023-22943 (In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk Clo ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22942 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22941 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an impr ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22940 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22939 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22938 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22937 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the loo ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22936 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22935 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22934 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22933 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22932 (In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cros ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22931 (In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘crea ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-22930
RESERVED
CVE-2023-22929
@@ -8767,7 +8767,7 @@ CVE-2014-125066 (A vulnerability was found in emmflo yuko-bot. It has been decla
CVE-2007-10002 (A vulnerability, which was classified as critical, has been found in w ...)
NOT-FOR-US: web-cyradm
CVE-2023-22855 (Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code executio ...)
- TODO: check
+ NOT-FOR-US: Kardex
CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 ...)
NOT-FOR-US: Mitel
CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...)
@@ -8976,15 +8976,15 @@ CVE-2014-125052 (A vulnerability was found in JervenBolleman sparql-identifiers
CVE-2013-10008 (A vulnerability was found in sheilazpy eShop. It has been classified a ...)
NOT-FOR-US: sheilazpy eShop
CVE-2023-22807 (LS ELECTRIC XBC-DN32U with operating system version 01.80 does not pro ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-22806 (LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits se ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-22805 (LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-22804 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-22803 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-22802
RESERVED
CVE-2023-22801
@@ -9121,7 +9121,7 @@ CVE-2023-22745 (tpm2-tss is an open source software implementation of the Truste
CVE-2023-22744
RESERVED
CVE-2023-22743 (Git for Windows is the Windows port of the revision control system Git ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...)
- libgit2 1.5.1+ds-1 (bug #1029368)
[bullseye] - libgit2 <no-dsa> (Minor issue)
@@ -9280,9 +9280,9 @@ CVE-2023-22672
CVE-2023-0104
RESERVED
CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC XBC-DN32 ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
- TODO: check
+ NOT-FOR-US: LS ELECTRIC
CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...)
NOT-FOR-US: Nessus
CVE-2023-0100
@@ -9508,7 +9508,7 @@ CVE-2023-22631
CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection via a get ...)
NOT-FOR-US: IzyBat Orange casiers
CVE-2023-22629 (An issue was discovered in TitanFTP through 1.94.1205. The move-file f ...)
- TODO: check
+ NOT-FOR-US: TitanFTP
CVE-2023-22628
RESERVED
CVE-2023-22627
@@ -10499,7 +10499,7 @@ CVE-2022-48112
CVE-2022-48111
RESERVED
CVE-2022-48110 (** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Disputed ckeditor issue
CVE-2022-48109
RESERVED
CVE-2022-48108 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...)
@@ -10565,7 +10565,7 @@ CVE-2022-48079 (Monnai aaPanel host system v1.5 contains an access control issue
CVE-2022-48078 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...)
NOT-FOR-US: pycdc
CVE-2022-48077 (Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vu ...)
- TODO: check
+ NOT-FOR-US: Genymotion Desktop
CVE-2022-48076
RESERVED
CVE-2022-48075
@@ -10807,7 +10807,7 @@ CVE-2022-47979
CVE-2022-47978
RESERVED
CVE-2022-47977 (A vulnerability has been identified in JT Open (All versions < V11. ...)
- TODO: check
+ NOT-FOR-US: JT Open
CVE-2022-47976 (The DMSDP module of the distributed hardware has a vulnerability that ...)
NOT-FOR-US: Huawei
CVE-2022-47975 (The DUBAI module has a double free vulnerability. Successful exploitat ...)
@@ -10902,17 +10902,17 @@ CVE-2023-22421
CVE-2023-22419
RESERVED
CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: tsClinical
CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
- TODO: check
+ NOT-FOR-US: Tilt Network Camera
CVE-2023-22375 (** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vuln ...)
- TODO: check
+ NOT-FOR-US: Tilt Network Camera
CVE-2023-22370 (** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Tilt Network Camera
CVE-2023-22369
REJECTED
CVE-2023-22368 (Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 an ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2023-22367 (Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Androi ...)
NOT-FOR-US: Ichiran
CVE-2023-22362 (SUSHIRO App for Android outputs sensitive information to the log file, ...)
@@ -11339,7 +11339,7 @@ CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to
CVE-2022-47937
RESERVED
CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions < V11. ...)
- TODO: check
+ NOT-FOR-US: JT Open
CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions < V11. ...)
NOT-FOR-US: Siemens
CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable to Refle ...)
@@ -13609,65 +13609,65 @@ CVE-2022-4581 (A vulnerability was found in 1j01 mind-map and classified as prob
CVE-2021-4246 (A vulnerability was found in roxlukas LMeve and classified as critical ...)
NOT-FOR-US: roxlukas LMeve
CVE-2023-21823 (Windows Graphics Component Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21822 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21821
RESERVED
CVE-2023-21820 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21819 (Windows Secure Channel Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21818 (Windows Secure Channel Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21817 (Windows Kerberos Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21816 (Windows Active Directory Domain Services API Denial of Service Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21815 (Visual Studio Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21814
RESERVED
CVE-2023-21813 (Windows Secure Channel Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21812 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21811 (Windows iSCSI Service Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21810
RESERVED
CVE-2023-21809 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21808 (.NET and Visual Studio Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21807 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21806 (Power BI Report Server Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21805 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21804 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21803 (Windows iSCSI Discovery Service Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21802 (Windows Media Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21801 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21800 (Windows Installer Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21799 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21798 (Microsoft ODBC Driver Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21797 (Microsoft ODBC Driver Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21794 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
NOT-FOR-US: Microsoft
CVE-2023-21792 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
@@ -13699,9 +13699,9 @@ CVE-2023-21780 (3D Builder Remote Code Execution Vulnerability. This CVE ID is u
CVE-2023-21779 (Visual Studio Code Remote Code Execution. ...)
NOT-FOR-US: Microsoft
CVE-2023-21778 (Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21777 (Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
@@ -13901,17 +13901,17 @@ CVE-2022-47510
CVE-2022-47509
RESERVED
CVE-2022-47508 (Customers who had configured their polling to occur via Kerberos did n ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal Vulnera ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47505
RESERVED
CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47502
RESERVED
CVE-2022-47501
@@ -14408,83 +14408,83 @@ CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Messag
CVE-2023-21723
RESERVED
CVE-2023-21722 (.NET Framework Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21721 (Microsoft OneNote Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21718 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21715 (Microsoft Publisher Security Features Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21714 (Microsoft Office Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21713 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21712
RESERVED
CVE-2023-21711
RESERVED
CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21709
RESERVED
CVE-2023-21708
RESERVED
CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21706 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21705 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21704 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21703 (Azure Data Box Gateway Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21702 (Windows iSCSI Service Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21701 (Microsoft Protected Extensible Authentication Protocol (PEAP) Denial o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21700 (Windows iSCSI Discovery Service Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21699 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21698
RESERVED
CVE-2023-21697 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21696
RESERVED
CVE-2023-21695 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21694 (Windows Fax Service Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21693 (Microsoft PostScript Printer Driver Information Disclosure Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21692 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21691 (Microsoft Protected Extensible Authentication Protocol (PEAP) Informat ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21690 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21689 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21688 (NT OS Kernel Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21687 (HTTP.sys Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21686 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21685 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21684 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21683 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
NOT-FOR-US: Microsoft
CVE-2023-21682 (Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerabi ...)
@@ -14510,9 +14510,9 @@ CVE-2022-47375
CVE-2022-47374
RESERVED
CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of Module Libra ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event section ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-4457 (Due to a misconfiguration in the manifest file of the WARP client for ...)
NOT-FOR-US: Cloudflare Warp
CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...)
@@ -15302,7 +15302,7 @@ CVE-2022-47036
CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...)
NOT-FOR-US: D-Link
CVE-2022-47034 (A type juggling vulnerability in the component /auth/fn.php of PlaySMS ...)
- TODO: check
+ NOT-FOR-US: PlaySMS
CVE-2022-47033
RESERVED
CVE-2022-47032
@@ -15714,7 +15714,7 @@ CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin thr
CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...)
NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin
CVE-2022-46892 (In Ampere AltraMax and Ampere Altra before 2.10c, improper access cont ...)
- TODO: check
+ NOT-FOR-US: Ampere
CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...)
NOT-FOR-US: Arm Mali
CVE-2022-46890 (Weak access control in NexusPHP before 1.7.33 allows a remote authenti ...)
@@ -17092,7 +17092,7 @@ CVE-2022-4288
CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-4286 (A reflected cross-site scripting (XSS) vulnerability exists in System ...)
- TODO: check
+ NOT-FOR-US: B&R Automation Runtime
CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. Parsi ...)
- binutils 2.39.50.20221208-2 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699
@@ -17388,25 +17388,25 @@ CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allo
- chromium 108.0.5359.94-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-21573 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21572 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21571 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21569
RESERVED
CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21567 (Visual Studio Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21565
RESERVED
CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21562
@@ -17428,7 +17428,7 @@ CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution
CVE-2023-21554
RESERVED
CVE-2023-21553 (Azure DevOps Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
NOT-FOR-US: Microsoft
CVE-2023-21551 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
@@ -17476,9 +17476,9 @@ CVE-2023-21531 (Azure Service Fabric Container Elevation of Privilege Vulnerabil
CVE-2023-21530
RESERVED
CVE-2023-21529 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21528 (Microsoft SQL Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2023-21526
@@ -18642,7 +18642,7 @@ CVE-2022-45964
CVE-2022-45963 (h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. ...)
NOT-FOR-US: h3c firewall
CVE-2022-45962 (Open Solutions for Education, Inc openSIS Community Edition v8.0 and e ...)
- TODO: check
+ NOT-FOR-US: OpenSIS
CVE-2022-45961
RESERVED
CVE-2022-45960
@@ -19273,9 +19273,9 @@ CVE-2022-45727
CVE-2022-45726
RESERVED
CVE-2022-45725 (Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a ...)
- TODO: check
+ NOT-FOR-US: Comfast
CVE-2022-45724 (Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a ...)
- TODO: check
+ NOT-FOR-US: Comfast
CVE-2022-45723
RESERVED
CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524b22399197e4cac5de045d79e30b92d827c196
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524b22399197e4cac5de045d79e30b92d827c196
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/8fb39721/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list