[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 11 08:10:24 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d2d0056 by security tracker role at 2023-01-11T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,453 @@
+CVE-2023-23088
+ RESERVED
+CVE-2023-23087
+ RESERVED
+CVE-2023-23086
+ RESERVED
+CVE-2023-23085
+ RESERVED
+CVE-2023-23084
+ RESERVED
+CVE-2023-23083
+ RESERVED
+CVE-2023-23082
+ RESERVED
+CVE-2023-23081
+ RESERVED
+CVE-2023-23080
+ RESERVED
+CVE-2023-23079
+ RESERVED
+CVE-2023-23078
+ RESERVED
+CVE-2023-23077
+ RESERVED
+CVE-2023-23076
+ RESERVED
+CVE-2023-23075
+ RESERVED
+CVE-2023-23074
+ RESERVED
+CVE-2023-23073
+ RESERVED
+CVE-2023-23072
+ RESERVED
+CVE-2023-23071
+ RESERVED
+CVE-2023-23070
+ RESERVED
+CVE-2023-23069
+ RESERVED
+CVE-2023-23068
+ RESERVED
+CVE-2023-23067
+ RESERVED
+CVE-2023-23066
+ RESERVED
+CVE-2023-23065
+ RESERVED
+CVE-2023-23064
+ RESERVED
+CVE-2023-23063
+ RESERVED
+CVE-2023-23062
+ RESERVED
+CVE-2023-23061
+ RESERVED
+CVE-2023-23060
+ RESERVED
+CVE-2023-23059
+ RESERVED
+CVE-2023-23058
+ RESERVED
+CVE-2023-23057
+ RESERVED
+CVE-2023-23056
+ RESERVED
+CVE-2023-23055
+ RESERVED
+CVE-2023-23054
+ RESERVED
+CVE-2023-23053
+ RESERVED
+CVE-2023-23052
+ RESERVED
+CVE-2023-23051
+ RESERVED
+CVE-2023-23050
+ RESERVED
+CVE-2023-23049
+ RESERVED
+CVE-2023-23048
+ RESERVED
+CVE-2023-23047
+ RESERVED
+CVE-2023-23046
+ RESERVED
+CVE-2023-23045
+ RESERVED
+CVE-2023-23044
+ RESERVED
+CVE-2023-23043
+ RESERVED
+CVE-2023-23042
+ RESERVED
+CVE-2023-23041
+ RESERVED
+CVE-2023-23040
+ RESERVED
+CVE-2023-23039
+ RESERVED
+CVE-2023-23038
+ RESERVED
+CVE-2023-23037
+ RESERVED
+CVE-2023-23036
+ RESERVED
+CVE-2023-23035
+ RESERVED
+CVE-2023-23034
+ RESERVED
+CVE-2023-23033
+ RESERVED
+CVE-2023-23032
+ RESERVED
+CVE-2023-23031
+ RESERVED
+CVE-2023-23030
+ RESERVED
+CVE-2023-23029
+ RESERVED
+CVE-2023-23028
+ RESERVED
+CVE-2023-23027
+ RESERVED
+CVE-2023-23026
+ RESERVED
+CVE-2023-23025
+ RESERVED
+CVE-2023-23024
+ RESERVED
+CVE-2023-23023
+ RESERVED
+CVE-2023-23022
+ RESERVED
+CVE-2023-23021
+ RESERVED
+CVE-2023-23020
+ RESERVED
+CVE-2023-23019
+ RESERVED
+CVE-2023-23018
+ RESERVED
+CVE-2023-23017
+ RESERVED
+CVE-2023-23016
+ RESERVED
+CVE-2023-23015
+ RESERVED
+CVE-2023-23014
+ RESERVED
+CVE-2023-23013
+ RESERVED
+CVE-2023-23012
+ RESERVED
+CVE-2023-23011
+ RESERVED
+CVE-2023-23010
+ RESERVED
+CVE-2023-23009
+ RESERVED
+CVE-2023-23008
+ RESERVED
+CVE-2023-23007
+ RESERVED
+CVE-2023-23006
+ RESERVED
+CVE-2023-23005
+ RESERVED
+CVE-2023-23004
+ RESERVED
+CVE-2023-23003
+ RESERVED
+CVE-2023-23002
+ RESERVED
+CVE-2023-23001
+ RESERVED
+CVE-2023-23000
+ RESERVED
+CVE-2023-22999
+ RESERVED
+CVE-2023-22998
+ RESERVED
+CVE-2023-22997
+ RESERVED
+CVE-2023-22996
+ RESERVED
+CVE-2023-22995
+ RESERVED
+CVE-2023-22994
+ RESERVED
+CVE-2023-22993
+ RESERVED
+CVE-2023-22992
+ RESERVED
+CVE-2023-22991
+ RESERVED
+CVE-2023-22990
+ RESERVED
+CVE-2023-22989
+ RESERVED
+CVE-2023-22988
+ RESERVED
+CVE-2023-22987
+ RESERVED
+CVE-2023-22986
+ RESERVED
+CVE-2023-22985
+ RESERVED
+CVE-2023-22984
+ RESERVED
+CVE-2023-22983
+ RESERVED
+CVE-2023-22982
+ RESERVED
+CVE-2023-22981
+ RESERVED
+CVE-2023-22980
+ RESERVED
+CVE-2023-22979
+ RESERVED
+CVE-2023-22978
+ RESERVED
+CVE-2023-22977
+ RESERVED
+CVE-2023-22976
+ RESERVED
+CVE-2023-22975
+ RESERVED
+CVE-2023-22974
+ RESERVED
+CVE-2023-22973
+ RESERVED
+CVE-2023-22972
+ RESERVED
+CVE-2023-22971
+ RESERVED
+CVE-2023-22970
+ RESERVED
+CVE-2023-22969
+ RESERVED
+CVE-2023-22968
+ RESERVED
+CVE-2023-22967
+ RESERVED
+CVE-2023-22966
+ RESERVED
+CVE-2023-22965
+ RESERVED
+CVE-2023-22964
+ RESERVED
+CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...)
+ TODO: check
+CVE-2023-22962
+ RESERVED
+CVE-2023-22961
+ RESERVED
+CVE-2023-22960
+ RESERVED
+CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.ph ...)
+ TODO: check
+CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoo ...)
+ TODO: check
+CVE-2023-22957
+ RESERVED
+CVE-2023-22956
+ RESERVED
+CVE-2023-22955
+ RESERVED
+CVE-2023-22954
+ RESERVED
+CVE-2023-22953
+ RESERVED
+CVE-2023-22952
+ RESERVED
+CVE-2023-22951
+ RESERVED
+CVE-2023-22950
+ RESERVED
+CVE-2023-22949
+ RESERVED
+CVE-2023-22948
+ RESERVED
+CVE-2023-22947 (** DISPUTED ** Insecure folder permissions in the Windows installation ...)
+ TODO: check
+CVE-2023-22946
+ RESERVED
+CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...)
+ TODO: check
+CVE-2023-22944
+ RESERVED
+CVE-2023-22943
+ RESERVED
+CVE-2023-22942
+ RESERVED
+CVE-2023-22941
+ RESERVED
+CVE-2023-22940
+ RESERVED
+CVE-2023-22939
+ RESERVED
+CVE-2023-22938
+ RESERVED
+CVE-2023-22937
+ RESERVED
+CVE-2023-22936
+ RESERVED
+CVE-2023-22935
+ RESERVED
+CVE-2023-22934
+ RESERVED
+CVE-2023-22933
+ RESERVED
+CVE-2023-22932
+ RESERVED
+CVE-2023-22931
+ RESERVED
+CVE-2023-22930
+ RESERVED
+CVE-2023-22929
+ RESERVED
+CVE-2023-22928
+ RESERVED
+CVE-2023-22927
+ RESERVED
+CVE-2023-22926
+ RESERVED
+CVE-2023-22925
+ RESERVED
+CVE-2023-22656
+ RESERVED
+CVE-2023-22433
+ RESERVED
+CVE-2023-22426
+ RESERVED
+CVE-2023-22423
+ RESERVED
+CVE-2023-22420
+ RESERVED
+CVE-2023-22364
+ RESERVED
+CVE-2023-22352
+ RESERVED
+CVE-2023-22343
+ RESERVED
+CVE-2023-22328
+ RESERVED
+CVE-2023-22289
+ RESERVED
+CVE-2023-0209
+ RESERVED
+CVE-2023-0208
+ RESERVED
+CVE-2023-0207
+ RESERVED
+CVE-2023-0206
+ RESERVED
+CVE-2023-0205
+ RESERVED
+CVE-2023-0204
+ RESERVED
+CVE-2023-0203
+ RESERVED
+CVE-2023-0202
+ RESERVED
+CVE-2023-0201
+ RESERVED
+CVE-2023-0200
+ RESERVED
+CVE-2023-0199
+ RESERVED
+CVE-2023-0198
+ RESERVED
+CVE-2023-0197
+ RESERVED
+CVE-2023-0196
+ RESERVED
+CVE-2023-0195
+ RESERVED
+CVE-2023-0194
+ RESERVED
+CVE-2023-0193
+ RESERVED
+CVE-2023-0192
+ RESERVED
+CVE-2023-0191
+ RESERVED
+CVE-2023-0190
+ RESERVED
+CVE-2023-0189
+ RESERVED
+CVE-2023-0188
+ RESERVED
+CVE-2023-0187
+ RESERVED
+CVE-2023-0186
+ RESERVED
+CVE-2023-0185
+ RESERVED
+CVE-2023-0184
+ RESERVED
+CVE-2023-0183
+ RESERVED
+CVE-2023-0182
+ RESERVED
+CVE-2023-0181
+ RESERVED
+CVE-2023-0180
+ RESERVED
+CVE-2023-0179
+ RESERVED
+CVE-2023-0178
+ RESERVED
+CVE-2023-0177
+ RESERVED
+CVE-2023-0176
+ RESERVED
+CVE-2023-0175
+ RESERVED
+CVE-2023-0174
+ RESERVED
+CVE-2023-0173
+ RESERVED
+CVE-2023-0172
+ RESERVED
+CVE-2023-0171
+ RESERVED
+CVE-2023-0170
+ RESERVED
+CVE-2023-0169
+ RESERVED
+CVE-2023-0168
+ RESERVED
+CVE-2023-0167
+ RESERVED
+CVE-2023-0166
+ RESERVED
+CVE-2023-0165
+ RESERVED
+CVE-2023-0164
+ RESERVED
+CVE-2022-48253 (nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that m ...)
+ TODO: check
+CVE-2022-48252 (The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote ...)
+ TODO: check
+CVE-2015-10037 (A vulnerability, which was classified as critical, was found in ACI_Es ...)
+ TODO: check
+CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been declare ...)
+ TODO: check
+CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It has been ...)
+ TODO: check
CVE-2023-22924
RESERVED
CVE-2023-22923
@@ -33,6 +483,7 @@ CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x throu
CVE-2023-22908
RESERVED
CVE-2023-0210
+ RESERVED
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -145,60 +596,46 @@ CVE-2023-0143
RESERVED
CVE-2023-0142
RESERVED
-CVE-2023-0141
- RESERVED
+CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0140
- RESERVED
+CVE-2023-0140 (Inappropriate implementation in in File System API in Google Chrome on ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0139
- RESERVED
+CVE-2023-0139 (Insufficient validation of untrusted input in Downloads in Google Chro ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0138
- RESERVED
+CVE-2023-0138 (Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0137
- RESERVED
+CVE-2023-0137 (Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS pr ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0136
- RESERVED
+CVE-2023-0136 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0135
- RESERVED
+CVE-2023-0135 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0134
- RESERVED
+CVE-2023-0134 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0133
- RESERVED
+CVE-2023-0133 (Inappropriate implementation in in Permission prompts in Google Chrome ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0132
- RESERVED
+CVE-2023-0132 (Inappropriate implementation in in Permission prompts in Google Chrome ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0131
- RESERVED
+CVE-2023-0131 (Inappropriate implementation in in iframe Sandbox in Google Chrome pri ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0130
- RESERVED
+CVE-2023-0130 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0129
- RESERVED
+CVE-2023-0129 (Heap buffer overflow in Network Service in Google Chrome prior to 109. ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0128
- RESERVED
+CVE-2023-0128 (Use after free in Overview Mode in Google Chrome on Chrome OS prior to ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0127
@@ -1739,8 +2176,8 @@ CVE-2023-22481
RESERVED
CVE-2023-22480
RESERVED
-CVE-2023-22479
- RESERVED
+CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack allows ...)
+ TODO: check
CVE-2023-22478
RESERVED
CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
@@ -1860,8 +2297,8 @@ CVE-2023-22471
RESERVED
CVE-2023-22470
RESERVED
-CVE-2023-22469
- RESERVED
+CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal planning an ...)
+ TODO: check
CVE-2023-22468
RESERVED
CVE-2023-22467 (Luxon is a library for working with dates and times in JavaScript. On ...)
@@ -3119,8 +3556,8 @@ CVE-2022-4638 (A vulnerability classified as problematic was found in collective
NOT-FOR-US: collective.contact.widget
CVE-2022-4637 (A vulnerability classified as problematic has been found in ep3-bs up ...)
NOT-FOR-US: ep3-bs
-CVE-2022-4636
- RESERVED
+CVE-2022-4636 (Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1 ...)
+ TODO: check
CVE-2022-4635
RESERVED
CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...)
@@ -5171,46 +5608,46 @@ CVE-2023-21795
RESERVED
CVE-2023-21794
RESERVED
-CVE-2023-21793
- RESERVED
-CVE-2023-21792
- RESERVED
-CVE-2023-21791
- RESERVED
-CVE-2023-21790
- RESERVED
-CVE-2023-21789
- RESERVED
-CVE-2023-21788
- RESERVED
-CVE-2023-21787
- RESERVED
-CVE-2023-21786
- RESERVED
-CVE-2023-21785
- RESERVED
-CVE-2023-21784
- RESERVED
-CVE-2023-21783
- RESERVED
-CVE-2023-21782
- RESERVED
-CVE-2023-21781
- RESERVED
-CVE-2023-21780
- RESERVED
-CVE-2023-21779
- RESERVED
+CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21792 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21791 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21790 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21789 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21788 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21787 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21786 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21785 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21784 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21783 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21782 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21781 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21780 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
+ TODO: check
+CVE-2023-21779 (Visual Studio Code Remote Code Execution. ...)
+ TODO: check
CVE-2023-21778
RESERVED
CVE-2023-21777
RESERVED
-CVE-2023-21776
- RESERVED
+CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2023-21775
RESERVED
-CVE-2023-21774
- RESERVED
+CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
CVE-2022-4580
RESERVED
CVE-2022-4579
@@ -5731,106 +6168,106 @@ CVE-2022-4477
RESERVED
CVE-2022-4476
RESERVED
-CVE-2023-21773
- RESERVED
-CVE-2023-21772
- RESERVED
-CVE-2023-21771
- RESERVED
+CVE-2023-21773 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21772 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21771 (Windows Local Session Manager (LSM) Elevation of Privilege Vulnerabili ...)
+ TODO: check
CVE-2023-21770
RESERVED
CVE-2023-21769
RESERVED
-CVE-2023-21768
- RESERVED
-CVE-2023-21767
- RESERVED
-CVE-2023-21766
- RESERVED
-CVE-2023-21765
- RESERVED
-CVE-2023-21764
- RESERVED
-CVE-2023-21763
- RESERVED
-CVE-2023-21762
- RESERVED
-CVE-2023-21761
- RESERVED
-CVE-2023-21760
- RESERVED
-CVE-2023-21759
- RESERVED
-CVE-2023-21758
- RESERVED
-CVE-2023-21757
- RESERVED
+CVE-2023-21768 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2023-21767 (Windows Overlay Filter Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21766 (Windows Overlay Filter Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2023-21765 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21764 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
+CVE-2023-21763 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
+CVE-2023-21762 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2023-21761 (Microsoft Exchange Server Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2023-21760 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21759 (Windows Smart Card Resource Management Server Security Feature Bypass ...)
+ TODO: check
+CVE-2023-21758 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
+ TODO: check
+CVE-2023-21757 (Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerabil ...)
+ TODO: check
CVE-2023-21756
RESERVED
-CVE-2023-21755
- RESERVED
-CVE-2023-21754
- RESERVED
-CVE-2023-21753
- RESERVED
-CVE-2023-21752
- RESERVED
+CVE-2023-21755 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21754 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability. This C ...)
+ TODO: check
+CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2023-21751
RESERVED
-CVE-2023-21750
- RESERVED
-CVE-2023-21749
- RESERVED
-CVE-2023-21748
- RESERVED
-CVE-2023-21747
- RESERVED
-CVE-2023-21746
- RESERVED
-CVE-2023-21745
- RESERVED
-CVE-2023-21744
- RESERVED
-CVE-2023-21743
- RESERVED
-CVE-2023-21742
- RESERVED
-CVE-2023-21741
- RESERVED
+CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21748 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21747 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21746 (Windows NTLM Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21745 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2023-21744 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2023-21743 (Microsoft SharePoint Server Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2023-21742 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2023-21741 (Microsoft Office Visio Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2023-21740
RESERVED
-CVE-2023-21739
- RESERVED
-CVE-2023-21738
- RESERVED
-CVE-2023-21737
- RESERVED
-CVE-2023-21736
- RESERVED
-CVE-2023-21735
- RESERVED
-CVE-2023-21734
- RESERVED
-CVE-2023-21733
- RESERVED
-CVE-2023-21732
- RESERVED
+CVE-2023-21739 (Windows Bluetooth Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21738 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21737 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21736 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21735 (Microsoft Office Remote Code Execution Vulnerability. This CVE ID is u ...)
+ TODO: check
+CVE-2023-21734 (Microsoft Office Remote Code Execution Vulnerability. This CVE ID is u ...)
+ TODO: check
+CVE-2023-21733 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21732 (Microsoft ODBC Driver Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2023-21731
RESERVED
-CVE-2023-21730
- RESERVED
+CVE-2023-21730 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2023-21729
RESERVED
-CVE-2023-21728
- RESERVED
+CVE-2023-21728 (Windows Netlogon Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2023-21727
RESERVED
-CVE-2023-21726
- RESERVED
-CVE-2023-21725
- RESERVED
-CVE-2023-21724
- RESERVED
+CVE-2023-21726 (Windows Credential Manager User Interface Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2023-21725 (Windows Malicious Software Removal Tool Elevation of Privilege Vulnera ...)
+ TODO: check
+CVE-2023-21724 (Microsoft DWM Core Library Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-47393
RESERVED
CVE-2022-47392
@@ -5987,26 +6424,26 @@ CVE-2023-21685
RESERVED
CVE-2023-21684
RESERVED
-CVE-2023-21683
- RESERVED
-CVE-2023-21682
- RESERVED
-CVE-2023-21681
- RESERVED
-CVE-2023-21680
- RESERVED
-CVE-2023-21679
- RESERVED
-CVE-2023-21678
- RESERVED
-CVE-2023-21677
- RESERVED
-CVE-2023-21676
- RESERVED
-CVE-2023-21675
- RESERVED
-CVE-2023-21674
- RESERVED
+CVE-2023-21683 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
+ TODO: check
+CVE-2023-21682 (Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerabi ...)
+ TODO: check
+CVE-2023-21681 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-21680 (Windows Win32k Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21679 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-21678 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21677 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
+ TODO: check
+CVE-2023-21676 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+ TODO: check
+CVE-2023-21675 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
+ TODO: check
CVE-2022-47375
RESERVED
CVE-2022-47374
@@ -7363,16 +7800,14 @@ CVE-2022-4384
RESERVED
CVE-2022-4383
RESERVED
-CVE-2022-4382
- RESERVED
+CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4380
RESERVED
-CVE-2022-4379
- RESERVED
+CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/n ...)
- linux 6.1.4-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/14/3
@@ -7642,8 +8077,7 @@ CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an I
NOT-FOR-US: WordPress plugin
CVE-2022-4339
REJECTED
-CVE-2022-4338 [Integer Underflow in Organization Specific TLV]
- RESERVED
+CVE-2022-4338 (An integer underflow in Organization Specific TLV was found in various ...)
{DLA-3253-1}
- openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
@@ -7651,8 +8085,7 @@ CVE-2022-4338 [Integer Underflow in Organization Specific TLV]
NOTE: https://github.com/openvswitch/ovs/pull/405
NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8 (v2.4.0)
NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4
-CVE-2022-4337 [Out-of-Bounds Read in Organization Specific TLV]
- RESERVED
+CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in variou ...)
{DLA-3253-1}
- openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
@@ -8468,8 +8901,8 @@ CVE-2022-46451
RESERVED
CVE-2022-46450
RESERVED
-CVE-2022-46449
- RESERVED
+CVE-2022-46449 (An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cau ...)
+ TODO: check
CVE-2022-46448
RESERVED
CVE-2022-46447
@@ -8868,86 +9301,86 @@ CVE-2023-21565
RESERVED
CVE-2023-21564
RESERVED
-CVE-2023-21563
- RESERVED
+CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2023-21562
RESERVED
-CVE-2023-21561
- RESERVED
-CVE-2023-21560
- RESERVED
-CVE-2023-21559
- RESERVED
-CVE-2023-21558
- RESERVED
-CVE-2023-21557
- RESERVED
-CVE-2023-21556
- RESERVED
-CVE-2023-21555
- RESERVED
+CVE-2023-21561 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21560 (Windows Boot Manager Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2023-21559 (Windows Cryptographic Information Disclosure Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21558 (Windows Error Reporting Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21557 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...)
+ TODO: check
+CVE-2023-21556 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
+ TODO: check
CVE-2023-21554
RESERVED
CVE-2023-21553
RESERVED
-CVE-2023-21552
- RESERVED
-CVE-2023-21551
- RESERVED
-CVE-2023-21550
- RESERVED
-CVE-2023-21549
- RESERVED
-CVE-2023-21548
- RESERVED
-CVE-2023-21547
- RESERVED
-CVE-2023-21546
- RESERVED
+CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2023-21551 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21550 (Windows Cryptographic Information Disclosure Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21549 (Windows SMB Witness Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21548 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2023-21547 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2023-21546 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
+ TODO: check
CVE-2023-21545
RESERVED
CVE-2023-21544
RESERVED
-CVE-2023-21543
- RESERVED
-CVE-2023-21542
- RESERVED
-CVE-2023-21541
- RESERVED
-CVE-2023-21540
- RESERVED
-CVE-2023-21539
- RESERVED
-CVE-2023-21538
- RESERVED
-CVE-2023-21537
- RESERVED
-CVE-2023-21536
- RESERVED
-CVE-2023-21535
- RESERVED
+CVE-2023-21543 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-21542 (Windows Installer Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21541 (Windows Task Scheduler Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21540 (Windows Cryptographic Information Disclosure Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2023-21539 (Windows Authentication Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2023-21538 (.NET Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2023-21537 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21536 (Event Tracing for Windows Information Disclosure Vulnerability. This C ...)
+ TODO: check
+CVE-2023-21535 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
CVE-2023-21534
RESERVED
CVE-2023-21533
RESERVED
-CVE-2023-21532
- RESERVED
-CVE-2023-21531
- RESERVED
+CVE-2023-21532 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2023-21531 (Azure Service Fabric Container Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2023-21530
RESERVED
CVE-2023-21529
RESERVED
CVE-2023-21528
RESERVED
-CVE-2023-21527
- RESERVED
+CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2023-21526
RESERVED
-CVE-2023-21525
- RESERVED
-CVE-2023-21524
- RESERVED
+CVE-2023-21525 (Remote Procedure Call Runtime Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2023-21524 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
+ TODO: check
CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...)
NOT-FOR-US: Rapid7 Nexpose and InsightVM
CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape ...)
@@ -9619,8 +10052,8 @@ CVE-2022-46165
RESERVED
CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...)
NOT-FOR-US: NodeBB
-CVE-2022-46163
- RESERVED
+CVE-2022-46163 (Travel support program is a rails app to support the travel support pr ...)
+ TODO: check
CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Prior to ...)
NOT-FOR-US: BBCode plugin for Discourse
CVE-2022-46161 (pdfmake is an open source client/server side PDF printing in pure Java ...)
@@ -10788,7 +11221,7 @@ CVE-2022-45695
CVE-2022-45694
RESERVED
CVE-2022-45693 (Jettison before v1.5.2 was discovered to contain a stack overflow via ...)
- {DLA-3259-1}
+ {DSA-5312-1 DLA-3259-1}
- libjettison-java 1.5.3-1
NOTE: https://github.com/jettison-json/jettison/issues/52
CVE-2022-45692
@@ -10806,7 +11239,7 @@ CVE-2022-45687
CVE-2022-45686
RESERVED
CVE-2022-45685 (A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...)
- {DLA-3259-1}
+ {DSA-5312-1 DLA-3259-1}
- libjettison-java 1.5.3-1
NOTE: https://github.com/jettison-json/jettison/issues/54
CVE-2022-45684
@@ -10949,8 +11382,8 @@ CVE-2022-45616
RESERVED
CVE-2022-45615
RESERVED
-CVE-2022-45614
- RESERVED
+CVE-2022-45614 (An issue in the /index.php/user/edit_user/ component of Book Store Man ...)
+ TODO: check
CVE-2022-45613
RESERVED
CVE-2022-45612
@@ -12506,14 +12939,14 @@ CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent us
NOT-FOR-US: WordPress plugin
CVE-2022-3960
RESERVED
-CVE-2022-45167
- RESERVED
-CVE-2022-45166
- RESERVED
-CVE-2022-45165
- RESERVED
-CVE-2022-45164
- RESERVED
+CVE-2022-45167 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
+ TODO: check
+CVE-2022-45166 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
+ TODO: check
+CVE-2022-45165 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
+ TODO: check
+CVE-2022-45164 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
+ TODO: check
CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP devices w ...)
NOT-FOR-US: NXP devices
CVE-2022-45162
@@ -17331,28 +17764,28 @@ CVE-2023-20534
RESERVED
CVE-2023-20533
RESERVED
-CVE-2023-20532
- RESERVED
-CVE-2023-20531
- RESERVED
-CVE-2023-20530
- RESERVED
-CVE-2023-20529
- RESERVED
-CVE-2023-20528
- RESERVED
-CVE-2023-20527
- RESERVED
+CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...)
+ TODO: check
+CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...)
+ TODO: check
+CVE-2023-20530 (Insufficient input validation of BIOS mailbox messages in SMU may resu ...)
+ TODO: check
+CVE-2023-20529 (Insufficient bound checks in the SMU may allow an attacker to update t ...)
+ TODO: check
+CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical attacker ...)
+ TODO: check
+CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...)
+ TODO: check
CVE-2023-20526
RESERVED
-CVE-2023-20525
- RESERVED
+CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
+ TODO: check
CVE-2023-20524
RESERVED
-CVE-2023-20523
- RESERVED
-CVE-2023-20522
- RESERVED
+CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond the bu ...)
+ TODO: check
+CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...)
+ TODO: check
CVE-2023-20521
RESERVED
CVE-2023-20520
@@ -20069,16 +20502,16 @@ CVE-2022-43395
RESERVED
CVE-2022-43394
RESERVED
-CVE-2022-43393
- RESERVED
-CVE-2022-43392
- RESERVED
-CVE-2022-43391
- RESERVED
-CVE-2022-43390
- RESERVED
-CVE-2022-43389
- RESERVED
+CVE-2022-43393 (An improper check for unusual or exceptional conditions in the HTTP re ...)
+ TODO: check
+CVE-2022-43392 (A buffer overflow vulnerability in the parameter of web server in Zyxe ...)
+ TODO: check
+CVE-2022-43391 (A buffer overflow vulnerability in the parameter of the CGI program in ...)
+ TODO: check
+CVE-2022-43390 (A command injection vulnerability in the CGI program of Zyxel NR7101 f ...)
+ TODO: check
+CVE-2022-43389 (A buffer overflow vulnerability in the library of the web server in Zy ...)
+ TODO: check
CVE-2022-43388
RESERVED
CVE-2022-43387
@@ -23092,8 +23525,8 @@ CVE-2022-42273
RESERVED
CVE-2022-42272
RESERVED
-CVE-2022-42271
- RESERVED
+CVE-2022-42271 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...)
+ TODO: check
CVE-2022-42270 (NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_tas ...)
NOT-FOR-US: NVIDIA
CVE-2022-42269 (NVIDIA Trusted OS contains a vulnerability in an SMC call handler, whe ...)
@@ -24188,7 +24621,7 @@ CVE-2022-41854 (Those using Snakeyaml to parse untrusted YAML files may be vulne
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
TODO: check details
CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...)
- {DLA-3234-1}
+ {DSA-5313-1 DLA-3234-1}
- hsqldb 2.7.1-1 (bug #1023573)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
NOTE: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control
@@ -28518,12 +28951,12 @@ CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to De
NOTE: Only solution for the issue is to catch the StackOverflowError in the client code
NOTE: calling XStream.
CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
- {DLA-3259-1}
+ {DSA-5312-1 DLA-3259-1}
- libjettison-java 1.5.3-1 (bug #1022553)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
NOTE: https://github.com/jettison-json/jettison/issues/45
CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
- {DLA-3184-1}
+ {DSA-5312-1 DLA-3184-1}
- libjettison-java 1.5.1-1 (bug #1022554)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
NOTE: https://github.com/jettison-json/jettison/issues/45
@@ -32949,14 +33382,14 @@ CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA
- rhonabwy 1.1.7-1
[bullseye] - rhonabwy <not-affected> (Vulnerable code not present)
NOTE: https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399
-CVE-2022-38492
- RESERVED
-CVE-2022-38491
- RESERVED
-CVE-2022-38490
- RESERVED
-CVE-2022-38489
- RESERVED
+CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 ...)
+ TODO: check
+CVE-2022-38491 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
+ TODO: check
+CVE-2022-38490 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
+ TODO: check
+CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1. ...)
+ TODO: check
CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...)
NOT-FOR-US: logrocket-oauth2-example
CVE-2022-38487
@@ -32973,10 +33406,10 @@ CVE-2022-38484
RESERVED
CVE-2022-38483
RESERVED
-CVE-2022-38482
- RESERVED
-CVE-2022-38481
- RESERVED
+CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...)
+ TODO: check
+CVE-2022-38481 (An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The ap ...)
+ TODO: check
CVE-2022-38480
RESERVED
CVE-2022-38479
@@ -33307,8 +33740,8 @@ CVE-2022-38396
RESERVED
CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...)
NOT-FOR-US: HP
-CVE-2022-38393
- RESERVED
+CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...)
+ TODO: check
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
@@ -33393,8 +33826,8 @@ CVE-2022-38383
RESERVED
CVE-2022-38382
RESERVED
-CVE-2022-38105
- RESERVED
+CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...)
+ TODO: check
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
@@ -37721,8 +38154,8 @@ CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server an
NOT-FOR-US: Atlassian
CVE-2022-36799 (This issue exists to document that a security improvement in the way t ...)
NOT-FOR-US: Atlassian
-CVE-2022-35401
- RESERVED
+CVE-2022-35401 (An authentication bypass vulnerability exists in the get_IFTTTTtoken.c ...)
+ TODO: check
CVE-2022-2548
RESERVED
CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...)
@@ -38442,12 +38875,12 @@ CVE-2022-36445
RESERVED
CVE-2022-36444 (An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10 ...)
NOT-FOR-US: Atos Unify OpenScape SBC
-CVE-2022-36443
- RESERVED
-CVE-2022-36442
- RESERVED
-CVE-2022-36441
- RESERVED
+CVE-2022-36443 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The de ...)
+ TODO: check
+CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By usi ...)
+ TODO: check
+CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...)
+ TODO: check
CVE-2022-36440
RESERVED
CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
@@ -55697,8 +56130,8 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory trav
[stretch] - rar <no-dsa> (Non-free not supported)
NOTE: 6.12 application version corresponds to 6.1.7 source version:
NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
-CVE-2022-30332
- RESERVED
+CVE-2022-30332 (In Talend Administration Center 7.3.1.20200219 before TAC-15950, the F ...)
+ TODO: check
CVE-2022-30331 (** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph ...)
NOT-FOR-US: TigerGraph
CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...)
@@ -56092,16 +56525,16 @@ CVE-2021-46797
RESERVED
CVE-2021-46796
RESERVED
-CVE-2021-46795
- RESERVED
+CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an ...)
+ TODO: check
CVE-2021-46794
RESERVED
CVE-2021-46793
RESERVED
CVE-2021-46792
RESERVED
-CVE-2021-46791
- RESERVED
+CVE-2021-46791 (Insufficient input validation during parsing of the System Management ...)
+ TODO: check
CVE-2022-30227
RESERVED
CVE-2022-30226 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
@@ -61706,8 +62139,8 @@ CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14
- gitlab <unfixed>
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-46779
- RESERVED
+CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...)
+ TODO: check
CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel vulnera ...)
NOT-FOR-US: AMD
CVE-2021-46777
@@ -61728,10 +62161,10 @@ CVE-2021-46770
RESERVED
CVE-2021-46769
RESERVED
-CVE-2021-46768
- RESERVED
-CVE-2021-46767
- RESERVED
+CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...)
+ TODO: check
+CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
+ TODO: check
CVE-2021-46766
RESERVED
CVE-2021-46765
@@ -72332,8 +72765,8 @@ CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/
NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-0553
- RESERVED
+CVE-2022-0553 (There is no check to see if slot 0 is being uploaded from the device t ...)
+ TODO: check
CVE-2022-0552 (A flaw was found in the original fix for the netty-codec-http CVE-2021 ...)
NOT-FOR-US: Red Hat OpenShift Logging elasticsearch6 container
CVE-2022-24699
@@ -75779,10 +76212,10 @@ CVE-2022-23816
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
CVE-2022-23815
RESERVED
-CVE-2022-23814
- RESERVED
-CVE-2022-23813
- RESERVED
+CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...)
+ TODO: check
+CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP memory ...)
+ TODO: check
CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
NOT-FOR-US: TransmitMail
CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
@@ -89501,8 +89934,8 @@ CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment t
NOT-FOR-US: Aim
CVE-2021-3967 (Improper Access Control in GitHub repository zulip/zulip prior to 4.10 ...)
- zulip-server <itp> (bug #800052)
-CVE-2021-3966
- RESERVED
+CVE-2021-3966 (usb device bluetooth class includes a buffer overflow related to imple ...)
+ TODO: check
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
NOT-FOR-US: HP
CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 ...)
@@ -137108,22 +137541,22 @@ CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26410
RESERVED
-CVE-2021-26409
- RESERVED
+CVE-2021-26409 (Insufficient bounds checking in SEV-ES may allow an attacker to corrup ...)
+ TODO: check
CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy firmwar ...)
NOT-FOR-US: AMD
-CVE-2021-26407
- RESERVED
+CVE-2021-26407 (A randomly generated Initialization Vector (IV) may lead to a collisio ...)
+ TODO: check
CVE-2021-26406
RESERVED
CVE-2021-26405
RESERVED
-CVE-2021-26404
- RESERVED
-CVE-2021-26403
- RESERVED
-CVE-2021-26402
- RESERVED
+CVE-2021-26404 (Improper input validation and bounds checking in SEV firmware may leak ...)
+ TODO: check
+CVE-2021-26403 (Insufficient checks in SEV may lead to a malicious hypervisor disclosi ...)
+ TODO: check
+CVE-2021-26402 (Insufficient bounds checking in ASP (AMD Secure Processor) firmware wh ...)
+ TODO: check
CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-57 ...)
- linux 5.16.12-1
[bullseye] - linux 5.10.103-1
@@ -137135,12 +137568,12 @@ CVE-2021-26400 (AMD processors may speculatively re-order load instructions whic
NOT-FOR-US: AMD
CVE-2021-26399
RESERVED
-CVE-2021-26398
- RESERVED
+CVE-2021-26398 (Insufficient input validation in SYS_KEY_DERIVE system call in a compr ...)
+ TODO: check
CVE-2021-26397
RESERVED
-CVE-2021-26396
- RESERVED
+CVE-2021-26396 (Insufficient validation of address mapping to IO in ASP (AMD Secure Pr ...)
+ TODO: check
CVE-2021-26395
RESERVED
CVE-2021-26394
@@ -137221,11 +137654,11 @@ CVE-2021-26357
RESERVED
CVE-2021-26356
RESERVED
-CVE-2021-26355
- RESERVED
+CVE-2021-26355 (Insufficient fencing and checks in System Management Unit (SMU) may re ...)
+ TODO: check
CVE-2021-26354
RESERVED
-CVE-2021-26353 (Due to a mishandled error, it is possible to leave the DRTM UApp in a ...)
+CVE-2021-26353 (Failure to validate inputs in SMM may allow an attacker to create a mi ...)
NOT-FOR-US: AMD
CVE-2021-26352 (Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plu ...)
NOT-FOR-US: AMD
@@ -137237,16 +137670,16 @@ CVE-2021-26349 (Failure to assign a new report ID to an imported guest may poten
NOT-FOR-US: AMD
CVE-2021-26348 (Failure to flush the Translation Lookaside Buffer (TLB) of the I/O mem ...)
NOT-FOR-US: AMD
-CVE-2021-26347 (TOCTOU (time-of-check to time-of-use) issue in the System Management U ...)
+CVE-2021-26347 (Failure to validate the integer operand in ASP (AMD Secure Processor) ...)
NOT-FOR-US: AMD
-CVE-2021-26346
- RESERVED
+CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Processor) ...)
+ TODO: check
CVE-2021-26345
RESERVED
CVE-2021-26344
RESERVED
-CVE-2021-26343
- RESERVED
+CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...)
+ TODO: check
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ...)
NOT-FOR-US: AMD
CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional direct bran ...)
@@ -137278,8 +137711,8 @@ CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based ove
NOT-FOR-US: AMD
CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
NOT-FOR-US: AMD
-CVE-2021-26328
- RESERVED
+CVE-2021-26328 (Failure to verify the mode of CPU execution at the time of SNP_INIT ma ...)
+ TODO: check
CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
NOT-FOR-US: AMD
CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
@@ -137303,8 +137736,8 @@ CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
CVE-2021-26317 (Failure to verify the protocol in SMM may allow an attacker to control ...)
NOT-FOR-US: AMD
-CVE-2021-26316
- RESERVED
+CVE-2021-26316 (Failure to validate the communication buffer and communication service ...)
+ TODO: check
CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
NOT-FOR-US: AMD
CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d2d0056bbb3ce82596026654b63c6312b3c2dad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d2d0056bbb3ce82596026654b63c6312b3c2dad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230111/9770ff97/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list