[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 28 20:10:53 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06072e25 by security tracker role at 2023-02-28T20:10:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,177 @@
-CVE-2023-27296
+CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) ...)
+ TODO: check
+CVE-2023-27370
+ RESERVED
+CVE-2023-27369
+ RESERVED
+CVE-2023-27368
+ RESERVED
+CVE-2023-27367
+ RESERVED
+CVE-2023-27366
+ RESERVED
+CVE-2023-27365
+ RESERVED
+CVE-2023-27364
+ RESERVED
+CVE-2023-27363
+ RESERVED
+CVE-2023-27362
+ RESERVED
+CVE-2023-27361
+ RESERVED
+CVE-2023-27360
+ RESERVED
+CVE-2023-27359
+ RESERVED
+CVE-2023-27358
+ RESERVED
+CVE-2023-27357
+ RESERVED
+CVE-2023-27356
+ RESERVED
+CVE-2023-27355
+ RESERVED
+CVE-2023-27354
+ RESERVED
+CVE-2023-27353
+ RESERVED
+CVE-2023-27352
+ RESERVED
+CVE-2023-27351
+ RESERVED
+CVE-2023-27350
+ RESERVED
+CVE-2023-27349
+ RESERVED
+CVE-2023-27348
+ RESERVED
+CVE-2023-27347
+ RESERVED
+CVE-2023-27346
RESERVED
-CVE-2023-27295
+CVE-2023-27345
+ RESERVED
+CVE-2023-27344
+ RESERVED
+CVE-2023-27343
+ RESERVED
+CVE-2023-27342
+ RESERVED
+CVE-2023-27341
+ RESERVED
+CVE-2023-27340
+ RESERVED
+CVE-2023-27339
+ RESERVED
+CVE-2023-27338
+ RESERVED
+CVE-2023-27337
+ RESERVED
+CVE-2023-27336
+ RESERVED
+CVE-2023-27335
+ RESERVED
+CVE-2023-27334
+ RESERVED
+CVE-2023-27333
+ RESERVED
+CVE-2023-27332
+ RESERVED
+CVE-2023-27331
+ RESERVED
+CVE-2023-27330
+ RESERVED
+CVE-2023-27329
+ RESERVED
+CVE-2023-27328
+ RESERVED
+CVE-2023-27327
+ RESERVED
+CVE-2023-27326
+ RESERVED
+CVE-2023-27325
+ RESERVED
+CVE-2023-27324
+ RESERVED
+CVE-2023-27323
+ RESERVED
+CVE-2023-27322
+ RESERVED
+CVE-2023-27321
+ RESERVED
+CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...)
+ TODO: check
+CVE-2023-27319
RESERVED
-CVE-2023-27294
+CVE-2023-27318
RESERVED
-CVE-2023-27293
+CVE-2023-27317
RESERVED
-CVE-2023-27292
+CVE-2023-27316
RESERVED
+CVE-2023-27315
+ RESERVED
+CVE-2023-27314
+ RESERVED
+CVE-2023-27313
+ RESERVED
+CVE-2023-27312
+ RESERVED
+CVE-2023-27311
+ RESERVED
+CVE-2023-27310
+ RESERVED
+CVE-2023-27309
+ RESERVED
+CVE-2023-23554
+ RESERVED
+CVE-2023-22847
+ RESERVED
+CVE-2023-1098
+ RESERVED
+CVE-2023-1097
+ RESERVED
+CVE-2023-1096
+ RESERVED
+CVE-2023-1095
+ RESERVED
+CVE-2023-1094
+ RESERVED
+CVE-2023-1093
+ RESERVED
+CVE-2023-1092
+ RESERVED
+CVE-2023-1091
+ RESERVED
+CVE-2023-1090
+ RESERVED
+CVE-2023-1089
+ RESERVED
+CVE-2023-1088
+ RESERVED
+CVE-2023-1087
+ RESERVED
+CVE-2023-1086
+ RESERVED
+CVE-2023-1085
+ RESERVED
+CVE-2023-1084
+ RESERVED
+CVE-2023-1083
+ RESERVED
+CVE-2023-1082
+ RESERVED
+CVE-2023-27296
+ RESERVED
+CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...)
+ TODO: check
+CVE-2023-27294 (Improper neutralization of input during web page generation allows an ...)
+ TODO: check
+CVE-2023-27293 (Improper neutralization of input during web page generation allows an ...)
+ TODO: check
+CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template injection ...)
+ TODO: check
CVE-2023-26594
RESERVED
CVE-2023-25771
@@ -30,8 +194,8 @@ CVE-2023-22390
RESERVED
CVE-2023-1081 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
NOT-FOR-US: Microweber
-CVE-2023-1080
- RESERVED
+CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
CVE-2023-27291
RESERVED
CVE-2023-27290
@@ -132,8 +296,8 @@ CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-1066
RESERVED
-CVE-2023-1065
- RESERVED
+CVE-2023-1065 (This vulnerability in the Snyk Kubernetes Monitor can result in irrele ...)
+ TODO: check
CVE-2023-1064
RESERVED
CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors Appointment S ...)
@@ -1684,12 +1848,12 @@ CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Rese
NOT-FOR-US: SourceCodester Online BoatReservation System
CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...)
NOT-FOR-US: WP Meta SEO plugin for WordPress
-CVE-2023-1028
- RESERVED
-CVE-2023-1027
- RESERVED
-CVE-2023-1026
- RESERVED
+CVE-2023-1028 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-1027 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...)
+ TODO: check
+CVE-2023-1026 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized acc ...)
+ TODO: check
CVE-2019-25105 (A vulnerability, which was classified as problematic, was found in dro ...)
NOT-FOR-US: dro.pm
CVE-2023-26543
@@ -1758,22 +1922,22 @@ CVE-2023-26512
RESERVED
CVE-2023-1025
RESERVED
-CVE-2023-1024
- RESERVED
-CVE-2023-1023
- RESERVED
-CVE-2023-1022
- RESERVED
+CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...)
+ TODO: check
+CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plu ...)
+ TODO: check
+CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized opt ...)
+ TODO: check
CVE-2023-1021
RESERVED
CVE-2023-1020
RESERVED
CVE-2023-1019
RESERVED
-CVE-2023-1018
- RESERVED
-CVE-2023-1017
- RESERVED
+CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...)
+ TODO: check
+CVE-2023-1017 (An out-of-bounds write vulnerability exists in TPM2.0's Module Library ...)
+ TODO: check
CVE-2023-1016
RESERVED
CVE-2023-1015
@@ -2497,10 +2661,10 @@ CVE-2023-26258
RESERVED
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...)
NOT-FOR-US: Connected Vehicle Systems Alliance
-CVE-2023-26256
- RESERVED
-CVE-2023-26255
- RESERVED
+CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
+ TODO: check
+CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
+ TODO: check
CVE-2023-26254
RESERVED
CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...)
@@ -3722,8 +3886,8 @@ CVE-2023-25809
RESERVED
CVE-2023-25808
RESERVED
-CVE-2023-25807
- RESERVED
+CVE-2023-25807 (DataEase is an open source data visualization and analysis tool. When ...)
+ TODO: check
CVE-2023-25806
RESERVED
CVE-2023-25805 (versionn, software for changing version information across multiple fi ...)
@@ -4759,8 +4923,8 @@ CVE-2023-25542
RESERVED
CVE-2023-25541
RESERVED
-CVE-2023-25540
- RESERVED
+CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...)
+ TODO: check
CVE-2023-25539
RESERVED
CVE-2023-25538
@@ -5094,10 +5258,10 @@ CVE-2023-25434
RESERVED
CVE-2023-25433
RESERVED
-CVE-2023-25432
- RESERVED
-CVE-2023-25431
- RESERVED
+CVE-2023-25432 (An issue was discovered in Online Reviewer Management System v1.0. The ...)
+ TODO: check
+CVE-2023-25431 (An issue was discovered in Online Reviewer Management System v1.0. The ...)
+ TODO: check
CVE-2023-25430
RESERVED
CVE-2023-25429
@@ -5426,12 +5590,12 @@ CVE-2023-25268
RESERVED
CVE-2023-25267
RESERVED
-CVE-2023-25266
- RESERVED
-CVE-2023-25265
- RESERVED
-CVE-2023-25264
- RESERVED
+CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
+ TODO: check
+CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal lead ...)
+ TODO: check
+CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
+ TODO: check
CVE-2023-25263
RESERVED
CVE-2023-25262
@@ -7441,8 +7605,8 @@ CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. ..
NOTE: https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
NOTE: https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835 (v9.0.1247)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-0511
- RESERVED
+CVE-2023-0511 (Relative Path Traversal vulnerability in ForgeRock Access Management J ...)
+ TODO: check
CVE-2023-0510
RESERVED
CVE-2023-24540
@@ -7720,8 +7884,7 @@ CVE-2023-0463 (The force offline MFA prompt setting is not respected when switch
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2023-0462
RESERVED
-CVE-2023-0461
- RESERVED
+CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which can ...)
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
CVE-2023-0460
@@ -7844,8 +8007,8 @@ CVE-2023-24421
RESERVED
CVE-2023-24420
RESERVED
-CVE-2023-24419
- RESERVED
+CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
+ TODO: check
CVE-2023-24418
RESERVED
CVE-2023-24417
@@ -8722,7 +8885,7 @@ CVE-2023-24046
RESERVED
CVE-2023-24045
RESERVED
-CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...)
+CVE-2023-24044 (** DISPUTED ** A Host Header Injection issue on the Login page of Ples ...)
NOT-FOR-US: Plesk Obsidian
CVE-2023-24043
RESERVED
@@ -8823,8 +8986,8 @@ CVE-2023-23994
RESERVED
CVE-2023-23993
RESERVED
-CVE-2023-23992
- RESERVED
+CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...)
+ TODO: check
CVE-2023-23991
RESERVED
CVE-2023-23990
@@ -8841,8 +9004,8 @@ CVE-2023-23985
RESERVED
CVE-2023-23984
RESERVED
-CVE-2023-23983
- RESERVED
+CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive ...)
+ TODO: check
CVE-2023-23982
RESERVED
CVE-2023-23981
@@ -9178,8 +9341,8 @@ CVE-2023-23867
RESERVED
CVE-2023-23866
RESERVED
-CVE-2023-23865
- RESERVED
+CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...)
+ TODO: check
CVE-2023-23864
RESERVED
CVE-2023-23863
@@ -9733,8 +9896,8 @@ CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorc
NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e
CVE-2023-0340
RESERVED
-CVE-2023-0339
- RESERVED
+CVE-2023-0339 (Relative Path Traversal vulnerability in ForgeRock Access Management W ...)
+ TODO: check
CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
NOT-FOR-US: lirantal/daloradius
CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
@@ -9788,8 +9951,8 @@ CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains
NOT-FOR-US: EMC
CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...)
NOT-FOR-US: EMC
-CVE-2023-23689
- RESERVED
+CVE-2023-23689 (Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 ...)
+ TODO: check
CVE-2023-23688
RESERVED
CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube short ...)
@@ -12683,70 +12846,70 @@ CVE-2023-22780
RESERVED
CVE-2023-22779
RESERVED
-CVE-2023-22778
- RESERVED
-CVE-2023-22777
- RESERVED
-CVE-2023-22776
- RESERVED
-CVE-2023-22775
- RESERVED
-CVE-2023-22774
- RESERVED
-CVE-2023-22773
- RESERVED
-CVE-2023-22772
- RESERVED
-CVE-2023-22771
- RESERVED
-CVE-2023-22770
- RESERVED
-CVE-2023-22769
- RESERVED
-CVE-2023-22768
- RESERVED
-CVE-2023-22767
- RESERVED
-CVE-2023-22766
- RESERVED
-CVE-2023-22765
- RESERVED
-CVE-2023-22764
- RESERVED
-CVE-2023-22763
- RESERVED
-CVE-2023-22762
- RESERVED
-CVE-2023-22761
- RESERVED
-CVE-2023-22760
- RESERVED
-CVE-2023-22759
- RESERVED
-CVE-2023-22758
- RESERVED
-CVE-2023-22757
- RESERVED
-CVE-2023-22756
- RESERVED
-CVE-2023-22755
- RESERVED
-CVE-2023-22754
- RESERVED
-CVE-2023-22753
- RESERVED
-CVE-2023-22752
- RESERVED
-CVE-2023-22751
- RESERVED
-CVE-2023-22750
- RESERVED
-CVE-2023-22749
- RESERVED
-CVE-2023-22748
- RESERVED
-CVE-2023-22747
- RESERVED
+CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could allow an ...)
+ TODO: check
+CVE-2023-22777 (An authenticated information disclosure vulnerability exists in the Ar ...)
+ TODO: check
+CVE-2023-22776 (An authenticated path traversal vulnerability exists in the ArubaOS co ...)
+ TODO: check
+CVE-2023-22775 (A vulnerability exists which allows an authenticated attacker to acces ...)
+ TODO: check
+CVE-2023-22774 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...)
+ TODO: check
+CVE-2023-22773 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...)
+ TODO: check
+CVE-2023-22772 (An authenticated path traversal vulnerability exists in the ArubaOS we ...)
+ TODO: check
+CVE-2023-22771 (An insufficient session expiration vulnerability exists in the ArubaOS ...)
+ TODO: check
+CVE-2023-22770 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22769 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22768 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22767 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22766 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22765 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22764 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22763 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22762 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2023-22761 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
+ TODO: check
+CVE-2023-22760 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
+ TODO: check
+CVE-2023-22759 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
+ TODO: check
+CVE-2023-22758 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
+ TODO: check
+CVE-2023-22757 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
+ TODO: check
+CVE-2023-22756 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
+ TODO: check
+CVE-2023-22755 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
+ TODO: check
+CVE-2023-22754 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
+ TODO: check
+CVE-2023-22753 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
+ TODO: check
+CVE-2023-22752 (There are stack-based buffer overflow vulnerabilities that could lead ...)
+ TODO: check
+CVE-2023-22751 (There are stack-based buffer overflow vulnerabilities that could lead ...)
+ TODO: check
+CVE-2023-22750 (There are multiple command injection vulnerabilities that could lead t ...)
+ TODO: check
+CVE-2023-22749 (There are multiple command injection vulnerabilities that could lead t ...)
+ TODO: check
+CVE-2023-22748 (There are multiple command injection vulnerabilities that could lead t ...)
+ TODO: check
+CVE-2023-22747 (There are multiple command injection vulnerabilities that could lead t ...)
+ TODO: check
CVE-2023-22746 (CKAN is an open-source DMS (data management system) for powering data ...)
NOT-FOR-US: CKAN
CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...)
@@ -13012,10 +13175,12 @@ CVE-2014-125045 (A vulnerability has been found in meol1 and classified as criti
NOT-FOR-US: meol1
CVE-2014-125044 (A vulnerability, which was classified as critical, was found in soshto ...)
NOT-FOR-US: soshtolsus wing-tight
-CVE-2014-125043 (A vulnerability, which was classified as problematic, has been found i ...)
+CVE-2014-125043
+ REJECTED
- network-manager 1.0.0-5
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/4da19b89815cbf6e063e39bc33c04fe4b3f789df (1.2-beta1, but upstream version 1.0.0, untagged)
-CVE-2014-125042 (A vulnerability classified as problematic was found in vicamo NetworkM ...)
+CVE-2014-125042
+ REJECTED
- network-manager 1.0.0-5
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/afb0e2c53c4c17dfdb89d63b39db5101cc864704 (1.2-beta1, but upstream version 1.0.0, untagged)
CVE-2023-22665
@@ -15131,7 +15296,7 @@ CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4669 (The Page Builder: Live Composer WordPress plugin through 1.5.22 does n ...)
+CVE-2022-4669 (The Page Builder: Live Composer WordPress plugin before 1.5.23 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
NOT-FOR-US: WordPress plugin
@@ -15986,8 +16151,8 @@ CVE-2022-47614
RESERVED
CVE-2022-47613
RESERVED
-CVE-2022-47612
- RESERVED
+CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
+ TODO: check
CVE-2022-47611
RESERVED
CVE-2022-47610
@@ -18622,8 +18787,8 @@ CVE-2022-47181
RESERVED
CVE-2022-47180
RESERVED
-CVE-2022-47179
- RESERVED
+CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
+ TODO: check
CVE-2022-47178
RESERVED
CVE-2022-47177
@@ -26874,54 +27039,43 @@ CVE-2023-20950
RESERVED
CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...)
NOT-FOR-US: Linux kernel of the Pixel phone
-CVE-2023-20948
- RESERVED
+CVE-2023-20948 (In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out ...)
NOT-FOR-US: Android
CVE-2023-20947
RESERVED
-CVE-2023-20946
- RESERVED
+CVE-2023-20946 (In onStart of BluetoothSwitchPreferenceController.java, there is a pos ...)
NOT-FOR-US: Android
-CVE-2023-20945
- RESERVED
+CVE-2023-20945 (In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is ...)
NOT-FOR-US: Android
-CVE-2023-20944
- RESERVED
+CVE-2023-20944 (In run of ChooseTypeAndAccountActivity.java, there is a possible escal ...)
NOT-FOR-US: Android
-CVE-2023-20943
- RESERVED
+CVE-2023-20943 (In clearApplicationUserData of ActivityManagerService.java, there is a ...)
NOT-FOR-US: Android
CVE-2023-20942
RESERVED
NOT-FOR-US: Android
CVE-2023-20941
RESERVED
-CVE-2023-20940
- RESERVED
+CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...)
NOT-FOR-US: Android
-CVE-2023-20939
- RESERVED
+CVE-2023-20939 (In multiple functions of looper_backed_event_loop.cpp, there is a poss ...)
NOT-FOR-US: Android
-CVE-2023-20938
- RESERVED
+CVE-2023-20938 (In binder_transaction_buffer_release of binder.c, there is a possible ...)
- linux 5.17.6-1
[bullseye] - linux 5.10.158-1
NOTE: https://source.android.com/docs/security/bulletin/2023-02-01
-CVE-2023-20937
- RESERVED
+CVE-2023-20937 (In several functions of the Android Linux kernel, there is a possible ...)
- linux <not-affected> (Android-specific)
NOTE: https://source.android.com/docs/security/bulletin/2023-02-01
CVE-2023-20936
RESERVED
CVE-2023-20935
RESERVED
-CVE-2023-20934
- RESERVED
+CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-20933
- RESERVED
-CVE-2023-20932
- RESERVED
+CVE-2023-20933 (In several functions of MediaCodec.cpp, there is a possible way to cor ...)
+ TODO: check
+CVE-2023-20932 (In onCreatePreferences of EditInfoFragment.java, there is a possible w ...)
NOT-FOR-US: Android
CVE-2023-20931
RESERVED
@@ -27412,8 +27566,8 @@ CVE-2023-20859
RESERVED
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
NOT-FOR-US: VMware
-CVE-2023-20857
- RESERVED
+CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...)
+ TODO: check
CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...)
NOT-FOR-US: VMware
CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity (XXE) vul ...)
@@ -31895,8 +32049,8 @@ CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Bla
NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-43461
RESERVED
-CVE-2022-43459
- RESERVED
+CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainFor ...)
+ TODO: check
CVE-2022-43458
RESERVED
CVE-2022-43453
@@ -36929,13 +37083,11 @@ CVE-2022-41729
RESERVED
CVE-2022-41728
RESERVED
-CVE-2022-41727 [x/image/tiff: over allocation in DecodeConfig]
- RESERVED
+CVE-2022-41727 (An attacker can craft a malformed TIFF image which will consume a sign ...)
- golang-golang-x-image 0.5.0-1
CVE-2022-41726
RESERVED
-CVE-2022-41725
- RESERVED
+CVE-2022-41725 (A denial of service is possible from excessive resource consumption in ...)
- golang-1.20 1.20.1-1
[experimental] - golang-1.19 1.19.6-1
- golang-1.19 1.19.6-2
@@ -36944,8 +37096,7 @@ CVE-2022-41725
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
NOTE: https://go.dev/issue/58006
-CVE-2022-41724
- RESERVED
+CVE-2022-41724 (Large handshake records may cause panics in crypto/tls. Both clients a ...)
- golang-1.20 1.20.1-1
[experimental] - golang-1.19 1.19.6-1
- golang-1.19 1.19.6-2
@@ -36956,8 +37107,7 @@ CVE-2022-41724
NOTE: https://github.com/golang/go/commit/66c58b946beaa38de35241c3f64ec358f5ad03f1 (master)
NOTE: Introduced by: https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06 (go1.12beta1)
NOTE: Introduced by: https://github.com/golang/go/commit/6435d0cfbf72f405f31430e60766add6d6762fe1 (go1.12beta1)
-CVE-2022-41723 [http2/hpack: avoid quadratic complexity in hpack decoding]
- RESERVED
+CVE-2022-41723 (A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ...)
- golang-1.20 1.20.1-1
[experimental] - golang-1.19 1.19.6-1
- golang-1.19 1.19.6-2
@@ -36967,8 +37117,7 @@ CVE-2022-41723 [http2/hpack: avoid quadratic complexity in hpack decoding]
- golang-golang-x-net 1:0.7.0+dfsg-1
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
NOTE: https://go.dev/issue/57855
-CVE-2022-41722
- RESERVED
+CVE-2022-41722 (A path traversal vulnerability exists in filepath.Clean on Windows. On ...)
- golang-1.20 <not-affected> (Windows-specific)
- golang-1.19 <not-affected> (Windows-specific)
- golang-1.15 <not-affected> (Windows-specific)
@@ -107541,8 +107690,7 @@ CVE-2022-20553 (In onCreate of LogAccessDialogActivity.java, there is a possible
NOT-FOR-US: Android
CVE-2022-20552 (In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possi ...)
NOT-FOR-US: Android
-CVE-2022-20551
- RESERVED
+CVE-2022-20551 (In createTrack of AudioFlinger.cpp, there is a possible way to record ...)
NOT-FOR-US: Android
CVE-2022-20550 (In Multiple Locations, there is a possibility to launch arbitrary prot ...)
NOT-FOR-US: Android
@@ -107682,8 +107830,7 @@ CVE-2022-20483 (In several functions that parse avrc response in avrc_pars_ct.cc
NOT-FOR-US: Android
CVE-2022-20482 (In createNotificationChannel of NotificationManager.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2022-20481
- RESERVED
+CVE-2022-20481 (In multiple files, there is a possible way to preserve WiFi settings d ...)
NOT-FOR-US: Android
CVE-2022-20480 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
NOT-FOR-US: Android
@@ -107735,8 +107882,7 @@ CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is
NOT-FOR-US: Android
CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible fail ...)
NOT-FOR-US: Android
-CVE-2022-20455
- RESERVED
+CVE-2022-20455 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible pers ...)
NOT-FOR-US: Android
CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...)
NOT-FOR-US: Android
@@ -262062,77 +262208,77 @@ CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or
CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explor ...)
NOT-FOR-US: Amazon AWS JavaScript S3 Explorer
CVE-2019-14651
- RESERVED
+ REJECTED
CVE-2019-14650
- RESERVED
+ REJECTED
CVE-2019-14649
- RESERVED
+ REJECTED
CVE-2019-14648
- RESERVED
+ REJECTED
CVE-2019-14647
- RESERVED
+ REJECTED
CVE-2019-14646
- RESERVED
+ REJECTED
CVE-2019-14645
- RESERVED
+ REJECTED
CVE-2019-14644
- RESERVED
+ REJECTED
CVE-2019-14643
- RESERVED
+ REJECTED
CVE-2019-14642
- RESERVED
+ REJECTED
CVE-2019-14641
- RESERVED
+ REJECTED
CVE-2019-14640
- RESERVED
+ REJECTED
CVE-2019-14639
- RESERVED
+ REJECTED
CVE-2019-14638
- RESERVED
+ REJECTED
CVE-2019-14637
- RESERVED
+ REJECTED
CVE-2019-14636
- RESERVED
+ REJECTED
CVE-2019-14635
- RESERVED
+ REJECTED
CVE-2019-14634
- RESERVED
+ REJECTED
CVE-2019-14633
- RESERVED
+ REJECTED
CVE-2019-14632
- RESERVED
+ REJECTED
CVE-2019-14631
- RESERVED
+ REJECTED
CVE-2019-14630 (Reliance on untrusted inputs in a security decision in some Intel(R) T ...)
NOT-FOR-US: Intel
CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...)
NOT-FOR-US: Intel
CVE-2019-14628
- RESERVED
+ REJECTED
CVE-2019-14627
- RESERVED
+ REJECTED
CVE-2019-14626 (Improper access control in PCIe function for the Intel® FPGA Prog ...)
NOT-FOR-US: Intel
CVE-2019-14625 (Improper access control in on-card storage for the Intel® FPGA Pr ...)
NOT-FOR-US: Intel
CVE-2019-14624
- RESERVED
+ REJECTED
CVE-2019-14623
- RESERVED
+ REJECTED
CVE-2019-14622
- RESERVED
+ REJECTED
CVE-2019-14621
- RESERVED
+ REJECTED
CVE-2019-14620 (Insufficient control flow management for some Intel(R) Wireless Blueto ...)
NOT-FOR-US: Intel
CVE-2019-14619
- RESERVED
+ REJECTED
CVE-2019-14618
- RESERVED
+ REJECTED
CVE-2019-14617
- RESERVED
+ REJECTED
CVE-2019-14616
- RESERVED
+ REJECTED
CVE-2019-14615 (Insufficient control flow in certain data structures for some Intel(R) ...)
{DLA-2114-1}
- linux 5.4.13-1
@@ -262141,7 +262287,7 @@ CVE-2019-14615 (Insufficient control flow in certain data structures for some In
[jessie] - linux <not-affected> (Driver doesn't support this hardware)
NOTE: https://git.kernel.org/linus/bc8a76a152c5f9ef3b48104154a65a68a8b76946
CVE-2019-14614
- RESERVED
+ REJECTED
CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...)
NOT-FOR-US: Intel
CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
@@ -262159,7 +262305,7 @@ CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may
- intel-microcode 3.20191115.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
CVE-2019-14606
- RESERVED
+ REJECTED
CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS Platform Di ...)
NOT-FOR-US: Intel
CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for Intel(R) Quartu ...)
@@ -262177,25 +262323,25 @@ CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and ea
CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions 12.0 th ...)
NOT-FOR-US: Intel
CVE-2019-14597
- RESERVED
+ REJECTED
CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...)
NOT-FOR-US: Intel
CVE-2019-14595
- RESERVED
+ REJECTED
CVE-2019-14594
- RESERVED
+ REJECTED
CVE-2019-14593
- RESERVED
+ REJECTED
CVE-2019-14592
- RESERVED
+ REJECTED
CVE-2019-14591 (Improper input validation in the API for Intel(R) Graphics Driver vers ...)
NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14590 (Improper access control in the API for the Intel(R) Graphics Driver ve ...)
NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14589
- RESERVED
+ REJECTED
CVE-2019-14588
- RESERVED
+ REJECTED
CVE-2019-14587 (Logic issue EDK II may allow an unauthenticated user to potentially en ...)
{DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
@@ -262207,7 +262353,7 @@ CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticate
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14585
- RESERVED
+ REJECTED
CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an authenticated ...)
{DLA-2645-1}
- edk2 2020.11-1 (bug #977300)
@@ -262215,21 +262361,21 @@ CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an authenti
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
CVE-2019-14583
- RESERVED
+ REJECTED
CVE-2019-14582
- RESERVED
+ REJECTED
CVE-2019-14581
- RESERVED
+ REJECTED
CVE-2019-14580
- RESERVED
+ REJECTED
CVE-2019-14579
- RESERVED
+ REJECTED
CVE-2019-14578
- RESERVED
+ REJECTED
CVE-2019-14577
- RESERVED
+ REJECTED
CVE-2019-14576
- RESERVED
+ REJECTED
CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ...)
{DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (low; bug #952935)
@@ -262239,11 +262385,11 @@ CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may allo
CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...)
NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14573
- RESERVED
+ REJECTED
CVE-2019-14572
- RESERVED
+ REJECTED
CVE-2019-14571
- RESERVED
+ REJECTED
CVE-2019-14570 (Memory corruption in system firmware for Intel(R) NUC may allow a priv ...)
NOT-FOR-US: Intel
CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow a pri ...)
@@ -262251,13 +262397,13 @@ CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow
CVE-2019-14568 (Improper permissions in the executable for Intel(R) RST before version ...)
NOT-FOR-US: Intel
CVE-2019-14567
- RESERVED
+ REJECTED
CVE-2019-14566 (Insufficient input validation in Intel(R) SGX SDK multiple Linux and W ...)
NOT-FOR-US: Intel
CVE-2019-14565 (Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.1 ...)
NOT-FOR-US: Intel
CVE-2019-14564
- RESERVED
+ REJECTED
CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user to potent ...)
{DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (low; bug #952934)
@@ -262272,9 +262418,9 @@ CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may all
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
CVE-2019-14561
- RESERVED
+ REJECTED
CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked]
- RESERVED
+ REJECTED
- edk2 <unfixed> (bug #967994)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
@@ -262301,9 +262447,9 @@ CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation I
CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th Generation ...)
NOT-FOR-US: Intel
CVE-2019-14555
- RESERVED
+ REJECTED
CVE-2019-14554
- RESERVED
+ REJECTED
CVE-2019-14553 (Improper authentication in EDK II may allow a privileged user to poten ...)
- edk2 0~20190828.37eef910-4 (unimportant; bug #941775)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1758518
@@ -262311,7 +262457,7 @@ CVE-2019-14553 (Improper authentication in EDK II may allow a privileged user to
NOTE: unimportant, as Debian builds do not enable HTTPSBOOT (via
NOTE: -DNETWORK_TLS_ENABLE=TRUE).
CVE-2019-14552
- RESERVED
+ REJECTED
CVE-2017-18509 (An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before ...)
{DSA-4497-1 DLA-1885-1 DLA-1884-1}
- linux 4.11.6-1
@@ -273402,7 +273548,7 @@ CVE-2019-11185 (The WP Live Chat Support Pro plugin through 8.0.26 for WordPress
CVE-2019-11184 (A race condition in specific microprocessors using Intel (R) DDIO cach ...)
NOT-FOR-US: HW Issue with processors supporting Intel Data-Direct I/O Technology (Intel DDIO) and Remote Direct Memory Access (RDMA)
CVE-2019-11183
- RESERVED
+ REJECTED
CVE-2019-11182 (Memory corruption in Intel(R) Baseboard Management Controller firmware ...)
NOT-FOR-US: Intel
CVE-2019-11181 (Out of bound read in Intel(R) Baseboard Management Controller firmware ...)
@@ -273416,7 +273562,7 @@ CVE-2019-11178 (Stack overflow in Intel(R) Baseboard Management Controller firmw
CVE-2019-11177 (Unhandled exception in Intel(R) Baseboard Management Controller firmwa ...)
NOT-FOR-US: Intel
CVE-2019-11176
- RESERVED
+ REJECTED
CVE-2019-11175 (Insufficient input validation in Intel(R) Baseboard Management Control ...)
NOT-FOR-US: Intel
CVE-2019-11174 (Insufficient access control in Intel(R) Baseboard Management Controlle ...)
@@ -273430,7 +273576,7 @@ CVE-2019-11171 (Heap corruption in Intel(R) Baseboard Management Controller firm
CVE-2019-11170 (Authentication bypass in Intel(R) Baseboard Management Controller firm ...)
NOT-FOR-US: Intel
CVE-2019-11169
- RESERVED
+ REJECTED
CVE-2019-11168 (Insufficient session validation in Intel(R) Baseboard Management Contr ...)
NOT-FOR-US: Intel
CVE-2019-11167 (Improper file permission in software installer for Intel(R) Smart Conn ...)
@@ -273440,19 +273586,19 @@ CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Str
CVE-2019-11165 (Improper conditions check in the Linux kernel driver for the Intel(R) ...)
NOT-FOR-US: Intel, driver doesn't seem to be upstreamed
CVE-2019-11164
- RESERVED
+ REJECTED
CVE-2019-11163 (Insufficient access control in a hardware abstraction driver for Intel ...)
NOT-FOR-US: Intel(R) Processor Identification Utility for Windows
CVE-2019-11162 (Insufficient access control in hardware abstraction in SEMA driver for ...)
NOT-FOR-US: Intel
CVE-2019-11161
- RESERVED
+ REJECTED
CVE-2019-11160
- RESERVED
+ REJECTED
CVE-2019-11159
- RESERVED
+ REJECTED
CVE-2019-11158
- RESERVED
+ REJECTED
CVE-2019-11157 (Improper conditions check in voltage settings for some Intel(R) Proces ...)
NOT-FOR-US: Intel
CVE-2019-11156 (Logic errors in Intel(R) PROSet/Wireless WiFi Software before version ...)
@@ -273468,9 +273614,9 @@ CVE-2019-11152 (Memory corruption issues in Intel(R) WIFI Drivers before version
CVE-2019-11151 (Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 ...)
NOT-FOR-US: Intel
CVE-2019-11150
- RESERVED
+ REJECTED
CVE-2019-11149
- RESERVED
+ REJECTED
CVE-2019-11148 (Improper permissions in the installer for Intel(R) Remote Displays SDK ...)
NOT-FOR-US: Intel
CVE-2019-11147 (Insufficient access control in hardware abstraction driver for MEInfo ...)
@@ -273480,13 +273626,13 @@ CVE-2019-11146 (Improper file verification in Intel® Driver & Support A
CVE-2019-11145 (Improper file verification in Intel® Driver & Support Assista ...)
NOT-FOR-US: Intel
CVE-2019-11144
- RESERVED
+ REJECTED
CVE-2019-11143 (Improper permissions in the software installer for Intel(R) Authentica ...)
NOT-FOR-US: Intel
CVE-2019-11142
- RESERVED
+ REJECTED
CVE-2019-11141
- RESERVED
+ REJECTED
CVE-2019-11140 (Insufficient session validation in system firmware for Intel(R) NUC ma ...)
NOT-FOR-US: Intel
CVE-2019-11139 (Improper conditions check in the voltage modulation interface for some ...)
@@ -273496,7 +273642,7 @@ CVE-2019-11139 (Improper conditions check in the voltage modulation interface fo
NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional
NOTE: update for CFL-S was added in 3.20191113.1.
CVE-2019-11138
- RESERVED
+ REJECTED
CVE-2019-11137 (Insufficient input validation in system firmware for Intel(R) Xeon(R) ...)
NOT-FOR-US: Intel
CVE-2019-11136 (Insufficient access control in system firmware for Intel(R) Xeon(R) Sc ...)
@@ -273512,7 +273658,7 @@ CVE-2019-11135 (TSX Asynchronous Abort condition on some CPUs utilizing speculat
NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional
NOTE: update for CFL-S was added in 3.20191113.1.
CVE-2019-11134
- RESERVED
+ REJECTED
CVE-2019-11133 (Improper access control in the Intel(R) Processor Diagnostic Tool befo ...)
NOT-FOR-US: Intel
CVE-2019-11132 (Cross site scripting in subsystem in Intel(R) AMT before versions 11.8 ...)
@@ -273520,7 +273666,7 @@ CVE-2019-11132 (Cross site scripting in subsystem in Intel(R) AMT before version
CVE-2019-11131 (Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.1 ...)
NOT-FOR-US: Intel
CVE-2019-11130
- RESERVED
+ REJECTED
CVE-2019-11129 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...)
NOT-FOR-US: Intel
CVE-2019-11128 (Insufficient input validation in system firmware for Intel(R) NUC Kit ...)
@@ -273536,7 +273682,7 @@ CVE-2019-11124 (Out of bound read/write in system firmware for Intel(R) NUC Kit
CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R) NUC Ki ...)
NOT-FOR-US: Intel
CVE-2019-11122
- RESERVED
+ REJECTED
CVE-2019-11121 (Improper file permissions in the installer for the Intel(R) Media SDK ...)
NOT-FOR-US: Intel
CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...)
@@ -273544,13 +273690,13 @@ CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active
CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...)
NOT-FOR-US: Intel
CVE-2019-11118
- RESERVED
+ REJECTED
CVE-2019-11117 (Improper permissions in the installer for Intel(R) Omni-Path Fabric Ma ...)
NOT-FOR-US: Intel
CVE-2019-11116
- RESERVED
+ REJECTED
CVE-2019-11115
- RESERVED
+ REJECTED
CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support Assista ...)
NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11113 (Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver bef ...)
@@ -273582,7 +273728,7 @@ CVE-2019-11101 (Insufficient input validation in the subsystem for Intel(R) CSME
CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT before ...)
NOT-FOR-US: Intel
CVE-2019-11099
- RESERVED
+ REJECTED
CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...)
[experimental] - edk2 2021.02-1
- edk2 2020.11-5 (bug #991495)
@@ -305789,7 +305935,7 @@ CVE-2019-0178 (Insufficient password protection in the attestation database for
CVE-2019-0177 (Insufficient password protection in the attestation database for Open ...)
NOT-FOR-US: Open CIT
CVE-2019-0176
- RESERVED
+ REJECTED
CVE-2019-0175 (Insufficient password protection in the attestation database for Open ...)
NOT-FOR-US: Open CIT
CVE-2019-0174 (Logic condition in specific microprocessors may allow an authenticated ...)
@@ -305808,7 +305954,7 @@ CVE-2019-0169 (Heap overflow in subsystem in Intel(R) CSME before versions 11.8.
CVE-2019-0168 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...)
NOT-FOR-US: Intel
CVE-2019-0167
- RESERVED
+ REJECTED
CVE-2019-0166 (Insufficient input validation in the subsystem for Intel(R) AMT before ...)
NOT-FOR-US: Intel
CVE-2019-0165 (Insufficient Input validation in the subsystem for Intel(R) CSME befor ...)
@@ -305841,7 +305987,7 @@ CVE-2019-0158 (Insufficient path checking in the installation package for Intel(
CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...)
NOT-FOR-US: Intel
CVE-2019-0156
- RESERVED
+ REJECTED
CVE-2019-0155 (Insufficient access control in a subsystem for Intel (R) processor gra ...)
{DSA-4564-1 DLA-1990-1}
- linux 5.3.9-2
@@ -305892,7 +306038,7 @@ CVE-2019-0139 (Insufficient access control in firmware for Intel(R) Ethernet 700
CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.1 ...)
NOT-FOR-US: Intel(R) ACU Wizard
CVE-2019-0137
- RESERVED
+ REJECTED
CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...)
{DLA-2114-1 DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
@@ -305905,7 +306051,7 @@ CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated St
CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and Thermal Fram ...)
NOT-FOR-US: Intel
CVE-2019-0133
- RESERVED
+ REJECTED
CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...)
NOT-FOR-US: Intel Unite(R) Client
CVE-2019-0131 (Insufficient input validation in subsystem in Intel(R) AMT before vers ...)
@@ -305921,7 +306067,7 @@ CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 an
CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...)
NOT-FOR-US: Intel
CVE-2019-0125
- RESERVED
+ REJECTED
CVE-2019-0124 (Insufficient memory protection in Intel(R) 6th Generation Core Process ...)
NOT-FOR-US: Intel
CVE-2019-0123 (Insufficient memory protection in Intel(R) 6th Generation Core Process ...)
@@ -305935,7 +306081,7 @@ CVE-2019-0120 (Insufficient key protection vulnerability in silicon reference fi
CVE-2019-0119 (Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) ...)
NOT-FOR-US: Intel
CVE-2019-0118
- RESERVED
+ REJECTED
CVE-2019-0117 (Insufficient access control in protected memory subsystem for Intel(R) ...)
NOT-FOR-US: Intel SGX vulnerabilities
NOTE: Fixes included in intel-microcode/3.20191112.1
@@ -305972,7 +306118,7 @@ CVE-2019-0102 (Insufficient session authentication in web server for Intel(R) Da
CVE-2019-0101 (Authentication bypass in the Intel Unite(R) solution versions 3.2 thro ...)
NOT-FOR-US: Intel
CVE-2019-0100
- RESERVED
+ REJECTED
CVE-2019-0099 (Insufficient access control vulnerability in subsystem in Intel(R) SPS ...)
NOT-FOR-US: Intel
CVE-2019-0098 (Logic bug vulnerability in subsystem for Intel(R) CSME before version ...)
@@ -305982,7 +306128,7 @@ CVE-2019-0097 (Insufficient input validation vulnerability in subsystem for Inte
CVE-2019-0096 (Out of bound write vulnerability in subsystem for Intel(R) AMT before ...)
NOT-FOR-US: Intel
CVE-2019-0095
- RESERVED
+ REJECTED
CVE-2019-0094 (Insufficient input validation vulnerability in subsystem for Intel(R) ...)
NOT-FOR-US: Intel
CVE-2019-0093 (Insufficient data sanitization vulnerability in HECI subsystem for Int ...)
@@ -305998,7 +306144,7 @@ CVE-2019-0089 (Improper data sanitization vulnerability in subsystem in Intel(R)
CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for Wind ...)
NOT-FOR-US: Intel
CVE-2019-0087
- RESERVED
+ REJECTED
CVE-2019-0086 (Insufficient access control vulnerability in Dynamic Application Loade ...)
NOT-FOR-US: Intel
CVE-2018-19269
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06072e251b06d0452f71f7f9e7b42ce06732a71c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06072e251b06d0452f71f7f9e7b42ce06732a71c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230228/cb788ad1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list