[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jul 10 08:22:05 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68242b53 by Moritz Muehlenhoff at 2023-07-10T09:21:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20269,7 +20269,7 @@ CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulner
CVE-2023-26819
RESERVED
CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, ...)
- TODO: check
+ NOT-FOR-US: Telegram on MacOS
CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...)
NOT-FOR-US: codefever
CVE-2023-26816
@@ -24257,7 +24257,7 @@ CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an
CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...)
NOT-FOR-US: NVIDIA
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25519
RESERVED
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
@@ -54258,7 +54258,7 @@ CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This i
CVE-2022-42861 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-42860 (This issue was addressed with improved checks to prevent unauthorized ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...)
NOT-FOR-US: Apple
CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...)
@@ -54316,7 +54316,7 @@ CVE-2022-42836
CVE-2022-42835
REJECTED
CVE-2022-42834 (An access issue was addressed with improved access restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42833 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2022-42832 (A race condition was addressed with improved locking. This issue is fi ...)
@@ -54379,7 +54379,7 @@ CVE-2022-42809 (The issue was addressed with improved memory handling. This issu
CVE-2022-42808 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-42807 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42806 (A race condition was addressed with improved locking. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-42805 (An integer overflow was addressed with improved input validation. This ...)
@@ -54412,7 +54412,7 @@ CVE-2022-42794
CVE-2022-42793 (An issue in code signature validation was addressed with improved chec ...)
NOT-FOR-US: Apple
CVE-2022-42792 (This issue was addressed with improved data protection. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42791 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2022-42790 (A logic issue was addressed with improved state management. This issue ...)
@@ -56144,7 +56144,7 @@ CVE-2022-42177
CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in con ...)
NOT-FOR-US: PCTechSoft PCSecure
CVE-2022-42175 (Insecure Direct Object Reference vulnerability in WHMCS module SolusVM ...)
- TODO: check
+ NOT-FOR-US: WHMCS module SolusVM
CVE-2022-42174
RESERVED
CVE-2022-42173
@@ -81694,7 +81694,7 @@ CVE-2022-32668
CVE-2022-32667
REJECTED
CVE-2022-32666 (In Wi-Fi, there is a possible low throughput due to misrepresentation ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...)
NOT-FOR-US: MediaTek
CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...)
@@ -92318,13 +92318,13 @@ CVE-2022-29149 (Azure Open Management Infrastructure (OMI) Elevation of Privileg
CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-29147 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29146 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29145 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...)
NOT-FOR-US: Microsoft .NET
CVE-2022-29144 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29143 (Microsoft SQL Server Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -98941,7 +98941,7 @@ CVE-2022-26901 (Microsoft Excel Remote Code Execution Vulnerability)
CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26899 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26898 (Azure Site Recovery Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26897 (Azure Site Recovery Information Disclosure Vulnerability)
@@ -105483,7 +105483,7 @@ CVE-2022-0548
CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a ...)
NOT-FOR-US: Mirametrix Glance
CVE-2022-24695 (Bluetooth Classic in Bluetooth Core Specification through 5.3 does not ...)
- TODO: check
+ NOT-FOR-US: Bluetooth protocol issue
CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
- mahara <removed>
CVE-2022-24693 (Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB ...)
@@ -110836,7 +110836,7 @@ CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability)
CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-23264 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
@@ -113266,7 +113266,7 @@ CVE-2022-22632 (A logic issue was addressed with improved state management. This
CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-22630 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22629 (A buffer overflow issue was addressed with improved memory handling. T ...)
{DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
@@ -129946,7 +129946,7 @@ CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
@@ -149594,7 +149594,7 @@ CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID i
CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34506 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34505
RESERVED
CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability)
@@ -149656,7 +149656,7 @@ CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerabi
CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
@@ -156159,7 +156159,7 @@ CVE-2021-31984 (Power BI Remote Code Execution Vulnerability)
CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
NOT-FOR-US: Microsoft
CVE-2021-31982 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31981
RESERVED
CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...)
@@ -156249,7 +156249,7 @@ CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability)
CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...)
NOT-FOR-US: Microsoft
CVE-2021-31937 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...)
@@ -157165,7 +157165,7 @@ CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3
CVE-2021-31636
RESERVED
CVE-2021-31635 (Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 ...)
- TODO: check
+ NOT-FOR-US: jFinal
CVE-2021-31634
RESERVED
CVE-2021-31633
@@ -160983,11 +160983,11 @@ CVE-2021-30207
CVE-2021-30206
RESERVED
CVE-2021-30205 (Incorrect access control in the component /index.php?mod=system&op=org ...)
- TODO: check
+ NOT-FOR-US: dzzoffice
CVE-2021-30204
RESERVED
CVE-2021-30203 (A reflected cross-site scripting (XSS) vulnerability in the zero param ...)
- TODO: check
+ NOT-FOR-US: dzzoffice
CVE-2021-30202
RESERVED
CVE-2021-30201 (The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. ...)
@@ -167202,7 +167202,7 @@ CVE-2021-27827
CVE-2021-27826
RESERVED
CVE-2021-27825 (A directory traversal vulnerability on Mercury MAC1200R devices allows ...)
- TODO: check
+ NOT-FOR-US: Mercury MAC1200R devices
CVE-2021-27824
RESERVED
CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
@@ -172299,9 +172299,9 @@ CVE-2021-25830 (A file extension handling issue was found in [core] module of ON
CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...)
NOT-FOR-US: ONLYOFFICE DocumentServer
CVE-2021-25828 (Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting ...)
- TODO: check
+ NOT-FOR-US: Emby server
CVE-2021-25827 (Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setti ...)
- TODO: check
+ NOT-FOR-US: Emby server
CVE-2021-25826
RESERVED
CVE-2021-25825
@@ -195676,7 +195676,7 @@ CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt
CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...)
NOT-FOR-US: Android
CVE-2021-0945 (In _PMRCreate of the PowerVR kernel driver, a missing bounds check mea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0944
RESERVED
CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write due to ...)
@@ -196196,7 +196196,7 @@ CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after fre
CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...)
NOT-FOR-US: Android
CVE-2021-0701 (In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missin ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0700
RESERVED
CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due to a m ...)
@@ -201707,11 +201707,11 @@ CVE-2020-26712 (REDCap 10.3.4 contains a SQL injection vulnerability in the ToDo
CVE-2020-26711
RESERVED
CVE-2020-26710 (easy-parse v0.1.1 was discovered to contain a XML External Entity Inje ...)
- TODO: check
+ NOT-FOR-US: easy-parse
CVE-2020-26709 (py-xml v1.0 was discovered to contain an XML External Entity Injection ...)
- TODO: check
+ NOT-FOR-US: py-xml
CVE-2020-26708 (requests-xml v0.2.3 was discovered to contain an XML External Entity I ...)
- TODO: check
+ NOT-FOR-US: requests-xml
CVE-2020-26707 (An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 w ...)
NOT-FOR-US: aaptjs
CVE-2020-26706
@@ -209497,7 +209497,7 @@ CVE-2020-23454
CVE-2020-23453
RESERVED
CVE-2020-23452 (A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 ...)
- TODO: check
+ NOT-FOR-US: Selenium Grid
CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to ...)
NOT-FOR-US: Spiceworks
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on ...)
@@ -210350,9 +210350,9 @@ CVE-2020-23068
CVE-2020-23067
RESERVED
CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v ...)
- TODO: check
+ - tinymce <removed>
CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform ...)
- TODO: check
+ NOT-FOR-US: eZ Systems AS eZPublish
CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before ...)
- jquery <removed>
NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-565129
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68242b538236a2b62c01e53cead07641a92c8851
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68242b538236a2b62c01e53cead07641a92c8851
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230710/8c7c77b8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list