[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 4 08:10:22 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2f773cf by security tracker role at 2023-03-04T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2023-27601
+ RESERVED
+CVE-2023-27600
+ RESERVED
+CVE-2023-27599
+ RESERVED
+CVE-2023-27598
+ RESERVED
+CVE-2023-27597
+ RESERVED
+CVE-2023-27596
+ RESERVED
+CVE-2023-27595
+ RESERVED
+CVE-2023-27594
+ RESERVED
+CVE-2023-27593
+ RESERVED
+CVE-2023-27592
+ RESERVED
+CVE-2023-27591
+ RESERVED
+CVE-2023-27590
+ RESERVED
+CVE-2023-27589
+ RESERVED
+CVE-2023-27588
+ RESERVED
+CVE-2023-27587
+ RESERVED
+CVE-2023-27586
+ RESERVED
+CVE-2023-27585
+ RESERVED
+CVE-2023-27584
+ RESERVED
+CVE-2023-27583
+ RESERVED
+CVE-2023-27582
+ RESERVED
+CVE-2023-27581
+ RESERVED
+CVE-2023-27580
+ RESERVED
+CVE-2023-27579
+ RESERVED
+CVE-2023-27578
+ RESERVED
+CVE-2023-27577
+ RESERVED
+CVE-2023-27576
+ RESERVED
+CVE-2023-27575
+ RESERVED
+CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...)
+ TODO: check
+CVE-2023-27573
+ RESERVED
+CVE-2023-27572
+ RESERVED
+CVE-2023-27571
+ RESERVED
+CVE-2023-27570
+ RESERVED
+CVE-2023-27569
+ RESERVED
+CVE-2023-27568
+ RESERVED
+CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...)
+ TODO: check
+CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write ...)
+ TODO: check
+CVE-2023-27565
+ RESERVED
+CVE-2023-27564
+ RESERVED
+CVE-2023-27563
+ RESERVED
+CVE-2023-27562
+ RESERVED
+CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to Escalation ...)
+ TODO: check
+CVE-2023-27528
+ RESERVED
+CVE-2023-27392
+ RESERVED
+CVE-2023-27382
+ RESERVED
+CVE-2023-26587
+ RESERVED
+CVE-2023-26586
+ RESERVED
+CVE-2023-25951
+ RESERVED
+CVE-2023-25757
+ RESERVED
+CVE-2023-25174
+ RESERVED
+CVE-2023-24596
+ RESERVED
+CVE-2023-22437
+ RESERVED
+CVE-2023-1174
+ RESERVED
+CVE-2023-1173
+ RESERVED
+CVE-2023-1172
+ RESERVED
+CVE-2023-1171
+ RESERVED
+CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
+ TODO: check
+CVE-2023-1169
+ RESERVED
+CVE-2015-10089
+ RESERVED
CVE-2023-1168
RESERVED
CVE-2023-1167
@@ -92,8 +208,8 @@ CVE-2020-36665
RESERVED
CVE-2020-36664
RESERVED
-CVE-2020-36663
- RESERVED
+CVE-2020-36663 (A vulnerability, which was classified as problematic, was found in Art ...)
+ TODO: check
CVE-2023-27539
RESERVED
CVE-2023-27538
@@ -761,8 +877,8 @@ CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected
NOT-FOR-US: GN Publisher plugin for WordPress
CVE-2023-27291
RESERVED
-CVE-2023-27290
- RESERVED
+CVE-2023-27290 (Docker based datastores for IBM Instana (IBM Observability with Instan ...)
+ TODO: check
CVE-2023-27289
RESERVED
CVE-2023-27288
@@ -1874,8 +1990,8 @@ CVE-2023-26781
RESERVED
CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. ...)
TODO: check
-CVE-2023-26779
- RESERVED
+CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which ...)
+ TODO: check
CVE-2023-26778
RESERVED
CVE-2023-26777
@@ -2590,30 +2706,30 @@ CVE-2023-26494
RESERVED
CVE-2023-26493
RESERVED
-CVE-2023-26492
- RESERVED
-CVE-2023-26491
- RESERVED
-CVE-2023-26490
- RESERVED
+CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...)
+ TODO: check
+CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...)
+ TODO: check
CVE-2023-26489
RESERVED
-CVE-2023-26488
- RESERVED
-CVE-2023-26487
- RESERVED
-CVE-2023-26486
- RESERVED
+CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+ TODO: check
+CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
+ TODO: check
+CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...)
+ TODO: check
CVE-2023-26485
RESERVED
CVE-2023-26484
RESERVED
-CVE-2023-26483
- RESERVED
+CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...)
+ TODO: check
CVE-2023-26482
RESERVED
-CVE-2023-26481
- RESERVED
+CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an insufficient ...)
+ TODO: check
CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version 12.10, ...)
NOT-FOR-US: XWiki
CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version 6.0, us ...)
@@ -3037,8 +3153,8 @@ CVE-2023-0970
RESERVED
CVE-2023-0969
RESERVED
-CVE-2023-0968
- RESERVED
+CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
CVE-2023-0967
RESERVED
CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -3400,8 +3516,8 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via
NOTE: https://bugs.debian.org/1031888
NOTE: https://debbugs.gnu.org/61819
NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14
-CVE-2023-26213
- RESERVED
+CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui- ...)
+ TODO: check
CVE-2023-26212
RESERVED
CVE-2023-26211
@@ -3837,8 +3953,8 @@ CVE-2023-26049
RESERVED
CVE-2023-26048
RESERVED
-CVE-2023-26047
- RESERVED
+CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
+ TODO: check
CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
TODO: check
CVE-2023-26045
@@ -4446,8 +4562,8 @@ CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.
- nextcloud-server <itp> (bug #941708)
CVE-2023-25820
RESERVED
-CVE-2023-25819
- RESERVED
+CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
+ TODO: check
CVE-2023-25818
RESERVED
CVE-2023-25817
@@ -5904,10 +6020,10 @@ CVE-2023-25405
RESERVED
CVE-2023-25404
RESERVED
-CVE-2023-25403
- RESERVED
-CVE-2023-25402
- RESERVED
+CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass ...)
+ TODO: check
+CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is n ...)
+ TODO: check
CVE-2023-25401
RESERVED
CVE-2023-25400
@@ -7803,12 +7919,12 @@ CVE-2023-24645
RESERVED
CVE-2023-24644
RESERVED
-CVE-2023-24643
- RESERVED
-CVE-2023-24642
- RESERVED
-CVE-2023-24641
- RESERVED
+CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2023-24640
RESERVED
CVE-2023-24639
@@ -9818,12 +9934,12 @@ CVE-2023-23931 (cryptography is a package designed to expose cryptographic primi
NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696
CVE-2023-23930
RESERVED
-CVE-2023-23929
- RESERVED
+CVE-2023-23929 (vantage6 is a privacy preserving federated learning infrastructure for ...)
+ TODO: check
CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...)
NOT-FOR-US: reason-jose
-CVE-2023-23927
- RESERVED
+CVE-2023-23927 (Craft is a platform for creating digital experiences. When you insert ...)
+ TODO: check
CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...)
NOT-FOR-US: APOC
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
@@ -11781,8 +11897,8 @@ CVE-2023-23315 (The PrestaShop e-commerce platform module stripejs contains a Bl
NOT-FOR-US: PrestaShop
CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload component of ...)
NOT-FOR-US: Zdir
-CVE-2023-23313
- RESERVED
+CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
CVE-2023-23312
RESERVED
CVE-2023-23311
@@ -16031,6 +16147,7 @@ CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweb
CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...)
+ {DSA-5333-1}
- tiff 4.4.0-5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
@@ -19902,8 +20019,8 @@ CVE-2022-46975
RESERVED
CVE-2022-46974
RESERVED
-CVE-2022-46973
- RESERVED
+CVE-2022-46973 (Report v0.9.8.6 was discovered to contain a Server-Side Request Forger ...)
+ TODO: check
CVE-2022-46972
RESERVED
CVE-2022-46971
@@ -21220,27 +21337,27 @@ CVE-2022-46572
RESERVED
CVE-2022-46571
RESERVED
-CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
CVE-2022-46567
RESERVED
-CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
CVE-2022-46565
RESERVED
CVE-2022-46564
RESERVED
-CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...)
NOT-FOR-US: D-Link
CVE-2022-46559
RESERVED
@@ -50082,7 +50199,7 @@ CVE-2022-37132
RESERVED
CVE-2022-37131
RESERVED
-CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability ...)
+CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a comma ...)
NOT-FOR-US: D-Link
CVE-2022-37129 (D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection vi ...)
NOT-FOR-US: D-Link
@@ -51380,7 +51497,7 @@ CVE-2022-36622 (Samsung Electronics mTower v0.3.0 and earlier was discovered to
NOT-FOR-US: Samsung Electronics mTower
CVE-2022-36621 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...)
NOT-FOR-US: Samsung Electronics mTower
-CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...)
+CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnera ...)
NOT-FOR-US: D-link
CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without a ...)
NOT-FOR-US: D-link
@@ -116888,7 +117005,8 @@ CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is
NOT-FOR-US: Android
CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-39617 (In the user interface buttons of PermissionController, there is a poss ...)
+CVE-2021-39617
+ REJECTED
NOT-FOR-US: Android
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...)
NOT-FOR-US: Android
@@ -124431,8 +124549,8 @@ CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe
- sqlite3 3.36.0-2 (unimportant)
[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17
-CVE-2021-36689
- RESERVED
+CVE-2021-36689 (An issue discovered in com.samourai.wallet.PinEntryActivity.java in St ...)
+ TODO: check
CVE-2021-36688
RESERVED
CVE-2021-36687
@@ -349574,13 +349692,13 @@ CVE-2017-17969 (Heap-based buffer overflow in the NCompress::NShrink::CDecoder::
NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
NOTE: Fixed in upstream 18.00-beta.
CVE-2018-3709
- RESERVED
+ REJECTED
CVE-2018-3708
- RESERVED
+ REJECTED
CVE-2018-3707
- RESERVED
+ REJECTED
CVE-2018-3706
- RESERVED
+ REJECTED
CVE-2018-3705 (Improper directory permissions in the installer for the Intel(R) Syste ...)
NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
@@ -349602,9 +349720,9 @@ CVE-2018-3697 (Improper directory permissions in the installer for the Intel Med
CVE-2018-3696 (Authentication bypass in the Intel RAID Web Console 3 for Windows befo ...)
NOT-FOR-US: Intel RAID Web Console
CVE-2018-3695
- RESERVED
+ REJECTED
CVE-2018-3694
- RESERVED
+ REJECTED
CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and branc ...)
- linux 4.15.11-1
[stretch] - linux 4.9.88-1
@@ -349612,7 +349730,7 @@ CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and
NOTE: https://01.org/security/advisories/intel-oss-10002
NOTE: Speculative Bounds Checks Bypass with Store (BCBS)
CVE-2018-3692
- RESERVED
+ REJECTED
CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives Crypto ...)
NOT-FOR-US: Intel
CVE-2018-3690
@@ -349626,7 +349744,7 @@ CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools i
CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool before v ...)
NOT-FOR-US: Intel
CVE-2018-3685
- RESERVED
+ REJECTED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 all ...)
NOT-FOR-US: Intel
CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 ...)
@@ -349634,23 +349752,23 @@ CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 -
CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems pote ...)
NOT-FOR-US: Intel
CVE-2018-3681
- RESERVED
+ REJECTED
CVE-2018-3680
- RESERVED
+ REJECTED
CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center Manager S ...)
NOT-FOR-US: Intel
CVE-2018-3678
- RESERVED
+ REJECTED
CVE-2018-3677
- RESERVED
+ REJECTED
CVE-2018-3676
- RESERVED
+ REJECTED
CVE-2018-3675
- RESERVED
+ REJECTED
CVE-2018-3674
- RESERVED
+ REJECTED
CVE-2018-3673
- RESERVED
+ REJECTED
CVE-2018-3672 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application before 11.4 ...)
@@ -349675,7 +349793,7 @@ CVE-2018-3665 (System software utilizing Lazy FP state restore technique on syst
NOTE: Default eagerfpu=on on all CPUs: https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
NOTE: Hard-disable lazy FPU mode: https://git.kernel.org/linus/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7
CVE-2018-3664
- RESERVED
+ REJECTED
CVE-2018-3663 (Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows ...)
NOT-FOR-US: Intel Saffron MemoryBase
CVE-2018-3662 (Escalation of privilege in Intel Saffron MemoryBase before version 11. ...)
@@ -349683,7 +349801,7 @@ CVE-2018-3662 (Escalation of privilege in Intel Saffron MemoryBase before versio
CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.exe an ...)
NOT-FOR-US: Intel
CVE-2018-3660
- RESERVED
+ REJECTED
CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware before vers ...)
NOT-FOR-US: Intel
CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware versions bef ...)
@@ -349691,25 +349809,25 @@ CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware version
CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware versions ...)
NOT-FOR-US: Intel
CVE-2018-3656
- RESERVED
+ REJECTED
CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version 11.21.55, ...)
NOT-FOR-US: Intel
CVE-2018-3654
- RESERVED
+ REJECTED
CVE-2018-3653
- RESERVED
+ REJECTED
CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect Interface) ...)
NOT-FOR-US: Intel
CVE-2018-3651
- RESERVED
+ REJECTED
CVE-2018-3650 (Insufficient Input Validation in Bleach module in INTEL Distribution f ...)
NOT-FOR-US: Intel
CVE-2018-3649 (DLL injection vulnerability in the installation executables (Autorun.e ...)
NOT-FOR-US: Intel
CVE-2018-3648
- RESERVED
+ REJECTED
CVE-2018-3647
- RESERVED
+ REJECTED
CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and addre ...)
{DSA-4279-1 DSA-4274-1 DLA-1481-1}
- linux 4.17.15-1
@@ -349727,11 +349845,11 @@ CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and
CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
NOT-FOR-US: Intel
CVE-2018-3644
- RESERVED
+ REJECTED
CVE-2018-3643 (A vulnerability in Power Management Controller firmware in systems usi ...)
NOT-FOR-US: Intel
CVE-2018-3642
- RESERVED
+ REJECTED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
NOT-FOR-US: Intel
CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that ...)
@@ -349763,9 +349881,9 @@ CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and
CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
NOT-FOR-US: Intel
CVE-2018-3637
- RESERVED
+ REJECTED
CVE-2018-3636
- RESERVED
+ REJECTED
CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store Techno ...)
NOT-FOR-US: Intel
CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect Acc ...)
@@ -349775,7 +349893,7 @@ CVE-2018-3633
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel Conve ...)
NOT-FOR-US: Intel
CVE-2018-3631
- RESERVED
+ REJECTED
CVE-2018-3630
REJECTED
CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
@@ -349787,13 +349905,13 @@ CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9 ...)
NOT-FOR-US: Intel
CVE-2018-3625
- RESERVED
+ REJECTED
CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM7 ...)
NOT-FOR-US: Intel
CVE-2018-3623
- RESERVED
+ REJECTED
CVE-2018-3622
- RESERVED
+ REJECTED
CVE-2018-3621 (Insufficient input validation in the Intel Driver & Support Assist ...)
NOT-FOR-US: Intel
CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and addre ...)
@@ -349812,7 +349930,7 @@ CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and
CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
NOT-FOR-US: Intel
CVE-2018-3618
- RESERVED
+ REJECTED
CVE-2018-3617
REJECTED
CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS implementation ...)
@@ -349824,7 +349942,7 @@ CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and
NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3614
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
CVE-2018-3613 (Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f773cfcc8a59be23eab8bbf4ca92c4d9adee3d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f773cfcc8a59be23eab8bbf4ca92c4d9adee3d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230304/2a6ab42e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list