[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 14 20:10:43 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88a53a6f by security tracker role at 2023-03-14T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-28342
+ RESERVED
+CVE-2023-28341
+ RESERVED
+CVE-2023-28340
+ RESERVED
+CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege es ...)
+ TODO: check
+CVE-2023-28338
+ RESERVED
+CVE-2023-28337
+ RESERVED
+CVE-2023-28336
+ RESERVED
+CVE-2023-28335
+ RESERVED
+CVE-2023-28334
+ RESERVED
+CVE-2023-28333
+ RESERVED
+CVE-2023-28332
+ RESERVED
+CVE-2023-28331
+ RESERVED
+CVE-2023-28330
+ RESERVED
+CVE-2023-28329
+ RESERVED
+CVE-2023-28328
+ RESERVED
+CVE-2023-28327
+ RESERVED
+CVE-2023-28326
+ RESERVED
+CVE-2023-1405
+ RESERVED
+CVE-2023-1404
+ RESERVED
+CVE-2023-1403
+ RESERVED
+CVE-2023-1402
+ RESERVED
+CVE-2023-1401
+ RESERVED
+CVE-2023-1400
+ RESERVED
+CVE-2023-1399
+ RESERVED
+CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy TeaCMS ...)
+ TODO: check
+CVE-2023-1397 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2023-1396 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+ TODO: check
+CVE-2023-1395 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+ TODO: check
+CVE-2023-1394 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...)
+ TODO: check
+CVE-2023-1393
+ RESERVED
+CVE-2023-1392 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
+ TODO: check
+CVE-2023-1391 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-1390
+ RESERVED
+CVE-2023-1389
+ RESERVED
+CVE-2023-1388
+ RESERVED
+CVE-2023-1387
+ RESERVED
+CVE-2023-1386
+ RESERVED
+CVE-2023-1385
+ RESERVED
+CVE-2023-1384
+ RESERVED
+CVE-2023-1383
+ RESERVED
+CVE-2023-1382
+ RESERVED
+CVE-2022-48410
+ RESERVED
+CVE-2022-48409
+ RESERVED
+CVE-2022-48408
+ RESERVED
+CVE-2022-48407
+ RESERVED
+CVE-2022-48406
+ RESERVED
+CVE-2022-48405
+ RESERVED
+CVE-2022-48404
+ RESERVED
+CVE-2022-48403
+ RESERVED
CVE-2023-28325
RESERVED
CVE-2023-28324
@@ -555,8 +653,7 @@ CVE-2023-28146
RESERVED
CVE-2023-28145
RESERVED
-CVE-2023-28144
- RESERVED
+CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configura ...)
- hotspot <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8
NOTE: Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0)
@@ -977,8 +1074,8 @@ CVE-2023-1301 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester
CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodester COV ...)
NOT-FOR-US: SourceCodester
-CVE-2023-1299
- RESERVED
+CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to es ...)
+ TODO: check
CVE-2023-1298
RESERVED
CVE-2023-28004
@@ -1019,8 +1116,8 @@ CVE-2023-27987
RESERVED
CVE-2023-1297
RESERVED
-CVE-2023-1296
- RESERVED
+CVE-2023-1296 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correct ...)
+ TODO: check
CVE-2023-1295
RESERVED
CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker Manager Syste ...)
@@ -2195,16 +2292,16 @@ CVE-2023-27591
RESERVED
CVE-2023-27590
RESERVED
-CVE-2023-27589
- RESERVED
-CVE-2023-27588
- RESERVED
+CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...)
+ TODO: check
+CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or REST A ...)
+ TODO: check
CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...)
NOT-FOR-US: ReadtoMyShoe
CVE-2023-27586
RESERVED
-CVE-2023-27585
- RESERVED
+CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2023-27584
RESERVED
CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...)
@@ -2586,10 +2683,10 @@ CVE-2023-27465
RESERVED
CVE-2023-27464
RESERVED
-CVE-2023-27463
- RESERVED
-CVE-2023-27462
- RESERVED
+CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
CVE-2023-27461
RESERVED
CVE-2023-27460
@@ -2700,24 +2797,24 @@ CVE-2023-27408
RESERVED
CVE-2023-27407
RESERVED
-CVE-2023-27406
- RESERVED
-CVE-2023-27405
- RESERVED
-CVE-2023-27404
- RESERVED
-CVE-2023-27403
- RESERVED
-CVE-2023-27402
- RESERVED
-CVE-2023-27401
- RESERVED
-CVE-2023-27400
- RESERVED
-CVE-2023-27399
- RESERVED
-CVE-2023-27398
- RESERVED
+CVE-2023-27406 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27405 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27404 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27403 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27402 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27401 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27400 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27399 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
CVE-2023-27383
RESERVED
CVE-2023-27307
@@ -2991,10 +3088,10 @@ CVE-2023-27312
RESERVED
CVE-2023-27311
RESERVED
-CVE-2023-27310
- RESERVED
-CVE-2023-27309
- RESERVED
+CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2023-27309 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm versio ...)
NOT-FOR-US: pg_ivm
CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...)
@@ -3608,18 +3705,18 @@ CVE-2023-27076
RESERVED
CVE-2023-27075
RESERVED
-CVE-2023-27074
- RESERVED
-CVE-2023-27073
- RESERVED
+CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...)
+ TODO: check
+CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1. ...)
+ TODO: check
CVE-2023-27072
RESERVED
CVE-2023-27071
RESERVED
-CVE-2023-27070
- RESERVED
-CVE-2023-27069
- RESERVED
+CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...)
+ TODO: check
+CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...)
+ TODO: check
CVE-2023-27068
RESERVED
CVE-2023-27067
@@ -6386,8 +6483,8 @@ CVE-2023-25959
RESERVED
CVE-2023-25958
RESERVED
-CVE-2023-25957
- RESERVED
+CVE-2023-25957 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
+ TODO: check
CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
NOT-FOR-US: Apache Airflow AWS Provider
CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...)
@@ -7715,22 +7812,22 @@ CVE-2023-25598
RESERVED
CVE-2023-25597
RESERVED
-CVE-2023-25596
- RESERVED
-CVE-2023-25595
- RESERVED
-CVE-2023-25594
- RESERVED
-CVE-2023-25593
- RESERVED
-CVE-2023-25592
- RESERVED
-CVE-2023-25591
- RESERVED
-CVE-2023-25590
- RESERVED
-CVE-2023-25589
- RESERVED
+CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
+ TODO: check
+CVE-2023-25595 (A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allo ...)
+ TODO: check
+CVE-2023-25594 (A vulnerability in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2023-25593 (Vulnerabilities within the web-based management interface of ClearPass ...)
+ TODO: check
+CVE-2023-25592 (Vulnerabilities within the web-based management interface of ClearPass ...)
+ TODO: check
+CVE-2023-25591 (A vulnerability in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2023-25590 (A vulnerability in the ClearPass OnGuard Linux agent could allow malic ...)
+ TODO: check
+CVE-2023-25589 (A vulnerability in the web-based management interface of ClearPass Pol ...)
+ TODO: check
CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...)
NOT-FOR-US: Answer
CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...)
@@ -8673,8 +8770,8 @@ CVE-2023-25208
RESERVED
CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdf ...)
NOT-FOR-US: PrestaShop
-CVE-2023-25206
- RESERVED
+CVE-2023-25206 (PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2023-25205
RESERVED
CVE-2023-25204
@@ -9469,8 +9566,8 @@ CVE-2023-24932
RESERVED
CVE-2023-24931
RESERVED
-CVE-2023-24930
- RESERVED
+CVE-2023-24930 (Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2023-24929
RESERVED
CVE-2023-24928
@@ -9483,16 +9580,16 @@ CVE-2023-24925
RESERVED
CVE-2023-24924
RESERVED
-CVE-2023-24923
- RESERVED
-CVE-2023-24922
- RESERVED
-CVE-2023-24921
- RESERVED
-CVE-2023-24920
- RESERVED
-CVE-2023-24919
- RESERVED
+CVE-2023-24923 (Microsoft OneDrive for Android Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2023-24922 (Microsoft Dynamics 365 Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2023-24921 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-24920 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-24919 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
CVE-2023-24918
RESERVED
CVE-2023-24917
@@ -9503,22 +9600,22 @@ CVE-2023-24915
RESERVED
CVE-2023-24914
RESERVED
-CVE-2023-24913
- RESERVED
+CVE-2023-24913 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
CVE-2023-24912
RESERVED
-CVE-2023-24911
- RESERVED
-CVE-2023-24910
- RESERVED
-CVE-2023-24909
- RESERVED
-CVE-2023-24908
- RESERVED
-CVE-2023-24907
- RESERVED
-CVE-2023-24906
- RESERVED
+CVE-2023-24911 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24910 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-24909 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-24908 (Remote Procedure Call Runtime Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-24907 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-24906 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
CVE-2023-24905
RESERVED
CVE-2023-24904
@@ -9545,12 +9642,12 @@ CVE-2023-24894
RESERVED
CVE-2023-24893
RESERVED
-CVE-2023-24892
- RESERVED
-CVE-2023-24891
- RESERVED
-CVE-2023-24890
- RESERVED
+CVE-2023-24892 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability ...)
+ TODO: check
+CVE-2023-24891 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-24890 (Microsoft OneDrive for iOS Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2023-24889
RESERVED
CVE-2023-24888
@@ -9565,60 +9662,60 @@ CVE-2023-24884
RESERVED
CVE-2023-24883
RESERVED
-CVE-2023-24882
- RESERVED
+CVE-2023-24882 (Microsoft OneDrive for Android Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2023-24881
RESERVED
-CVE-2023-24880
- RESERVED
-CVE-2023-24879
- RESERVED
+CVE-2023-24880 (Windows SmartScreen Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2023-24879 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
CVE-2023-24878
RESERVED
CVE-2023-24877
RESERVED
-CVE-2023-24876
- RESERVED
+CVE-2023-24876 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
CVE-2023-24875
RESERVED
CVE-2023-24874
RESERVED
CVE-2023-24873
RESERVED
-CVE-2023-24872
- RESERVED
-CVE-2023-24871
- RESERVED
-CVE-2023-24870
- RESERVED
-CVE-2023-24869
- RESERVED
-CVE-2023-24868
- RESERVED
-CVE-2023-24867
- RESERVED
-CVE-2023-24866
- RESERVED
-CVE-2023-24865
- RESERVED
-CVE-2023-24864
- RESERVED
-CVE-2023-24863
- RESERVED
-CVE-2023-24862
- RESERVED
-CVE-2023-24861
- RESERVED
+CVE-2023-24872 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-24871 (Windows Bluetooth Service Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-24870 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24869 (Remote Procedure Call Runtime Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-24868 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-24867 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-24866 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24865 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24864 (Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privil ...)
+ TODO: check
+CVE-2023-24863 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24862 (Windows Secure Channel Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-24861 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2023-24860
RESERVED
-CVE-2023-24859
- RESERVED
-CVE-2023-24858
- RESERVED
-CVE-2023-24857
- RESERVED
-CVE-2023-24856
- RESERVED
+CVE-2023-24859 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
+ TODO: check
+CVE-2023-24858 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24857 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
+CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
+ TODO: check
CVE-2023-24016
RESERVED
CVE-2023-23910
@@ -11547,8 +11644,8 @@ CVE-2023-24182
RESERVED
CVE-2023-24181
RESERVED
-CVE-2023-24180
- RESERVED
+CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
+ TODO: check
CVE-2023-24179
RESERVED
CVE-2023-24178
@@ -13924,88 +14021,88 @@ CVE-2023-23425
RESERVED
CVE-2023-23424
RESERVED
-CVE-2023-23423
- RESERVED
-CVE-2023-23422
- RESERVED
-CVE-2023-23421
- RESERVED
-CVE-2023-23420
- RESERVED
-CVE-2023-23419
- RESERVED
-CVE-2023-23418
- RESERVED
-CVE-2023-23417
- RESERVED
-CVE-2023-23416
- RESERVED
-CVE-2023-23415
- RESERVED
-CVE-2023-23414
- RESERVED
-CVE-2023-23413
- RESERVED
-CVE-2023-23412
- RESERVED
-CVE-2023-23411
- RESERVED
-CVE-2023-23410
- RESERVED
-CVE-2023-23409
- RESERVED
-CVE-2023-23408
- RESERVED
-CVE-2023-23407
- RESERVED
-CVE-2023-23406
- RESERVED
-CVE-2023-23405
- RESERVED
-CVE-2023-23404
- RESERVED
-CVE-2023-23403
- RESERVED
-CVE-2023-23402
- RESERVED
-CVE-2023-23401
- RESERVED
-CVE-2023-23400
- RESERVED
-CVE-2023-23399
- RESERVED
-CVE-2023-23398
- RESERVED
-CVE-2023-23397
- RESERVED
-CVE-2023-23396
- RESERVED
-CVE-2023-23395
- RESERVED
-CVE-2023-23394
- RESERVED
-CVE-2023-23393
- RESERVED
-CVE-2023-23392
- RESERVED
-CVE-2023-23391
- RESERVED
+CVE-2023-23423 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23422 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23421 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23420 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23419 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2023-23418 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2023-23417 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
+ TODO: check
+CVE-2023-23416 (Windows Cryptographic Services Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23415 (Internet Control Message Protocol (ICMP) Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2023-23414 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...)
+ TODO: check
+CVE-2023-23413 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-23412 (Windows Accounts Picture Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23411 (Windows Hyper-V Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-23410 (Windows HTTP.sys Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23409 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulner ...)
+ TODO: check
+CVE-2023-23408 (Azure Apache Ambari Spoofing Vulnerability ...)
+ TODO: check
+CVE-2023-23407 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...)
+ TODO: check
+CVE-2023-23406 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-23405 (Remote Procedure Call Runtime Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23404 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-23403 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
+ TODO: check
+CVE-2023-23402 (Windows Media Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23401 (Windows Media Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23400 (Windows DNS Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23399 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23398 (Microsoft Excel Spoofing Vulnerability ...)
+ TODO: check
+CVE-2023-23397 (Microsoft Outlook Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23396 (Microsoft Excel Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2023-23395 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ TODO: check
+CVE-2023-23394 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulner ...)
+ TODO: check
+CVE-2023-23393 (Windows BrokerInfrastructure Service Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2023-23392 (HTTP Protocol Stack Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2023-23391 (Office for Android Spoofing Vulnerability ...)
+ TODO: check
CVE-2023-23390 (3D Builder Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2023-23389
- RESERVED
-CVE-2023-23388
- RESERVED
+CVE-2023-23389 (Microsoft Defender Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2023-23388 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2023-23387
RESERVED
CVE-2023-23386
RESERVED
-CVE-2023-23385
- RESERVED
+CVE-2023-23385 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Pri ...)
+ TODO: check
CVE-2023-23384
RESERVED
-CVE-2023-23383
- RESERVED
+CVE-2023-23383 (Service Fabric Explorer Spoofing Vulnerability ...)
+ TODO: check
CVE-2023-23382 (Azure Machine Learning Compute Instance Information Disclosure Vulnera ...)
NOT-FOR-US: Microsoft
CVE-2023-23381 (Visual Studio Remote Code Execution Vulnerability ...)
@@ -20516,7 +20613,7 @@ CVE-2023-21803 (Windows iSCSI Discovery Service Remote Code Execution Vulnerabil
NOT-FOR-US: Microsoft
CVE-2023-21802 (Windows Media Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2023-21801 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
+CVE-2023-21801 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
NOT-FOR-US: Microsoft
CVE-2023-21800 (Windows Installer Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
@@ -20935,8 +21032,8 @@ CVE-2022-47445
RESERVED
CVE-2022-47444
RESERVED
-CVE-2022-47443
- RESERVED
+CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
+ TODO: check
CVE-2022-47442
RESERVED
CVE-2022-47441
@@ -20977,8 +21074,8 @@ CVE-2022-47424
RESERVED
CVE-2022-47423
RESERVED
-CVE-2022-47422
- RESERVED
+CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept St ...)
+ TODO: check
CVE-2022-47421
RESERVED
CVE-2022-47420
@@ -21278,7 +21375,7 @@ CVE-2023-21723
RESERVED
CVE-2023-21722 (.NET Framework Denial of Service Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2023-21721 (Microsoft OneNote Spoofing Vulnerability ...)
+CVE-2023-21721 (Microsoft OneNote Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...)
NOT-FOR-US: Microsoft
@@ -21304,8 +21401,8 @@ CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability ..
NOT-FOR-US: Microsoft
CVE-2023-21709
RESERVED
-CVE-2023-21708
- RESERVED
+CVE-2023-21708 (Remote Procedure Call Runtime Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2023-21706 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
@@ -21334,7 +21431,7 @@ CVE-2023-21695 (Microsoft Protected Extensible Authentication Protocol (PEAP) Re
NOT-FOR-US: Microsoft
CVE-2023-21694 (Windows Fax Service Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2023-21693 (Microsoft PostScript Printer Driver Information Disclosure Vulnerabili ...)
+CVE-2023-21693 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
NOT-FOR-US: Microsoft
CVE-2023-21692 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
NOT-FOR-US: Microsoft
@@ -21352,7 +21449,7 @@ CVE-2023-21686 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execut
NOT-FOR-US: Microsoft
CVE-2023-21685 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2023-21684 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
+CVE-2023-21684 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
NOT-FOR-US: Microsoft
CVE-2023-21683 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
NOT-FOR-US: Microsoft
@@ -21895,8 +21992,8 @@ CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47154
- RESERVED
+CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS ...)
+ TODO: check
CVE-2022-47153
RESERVED
CVE-2022-47152
@@ -21909,20 +22006,20 @@ CVE-2022-47149
RESERVED
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47147
- RESERVED
+CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...)
+ TODO: check
CVE-2022-47146
RESERVED
CVE-2022-47145
RESERVED
CVE-2022-47144
RESERVED
-CVE-2022-47143
- RESERVED
+CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...)
+ TODO: check
CVE-2022-47142
RESERVED
-CVE-2022-47141
- RESERVED
+CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...)
+ TODO: check
CVE-2022-47140
RESERVED
CVE-2022-47139
@@ -23201,7 +23298,7 @@ CVE-2022-46745
CVE-2022-46744
RESERVED
CVE-2022-46743
- RESERVED
+ REJECTED
CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePaddle 2 ...)
NOT-FOR-US: PaddlePaddle
CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. ...)
@@ -34680,12 +34777,12 @@ CVE-2022-41807 (Missing authorization vulnerability exists in Kyocera Document S
NOT-FOR-US: Kyocera Document Solutions
CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyocera D ...)
NOT-FOR-US: Kyocera Document Solutions
-CVE-2022-3680
- RESERVED
+CVE-2022-3680 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+ TODO: check
CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 1.2.17 uns ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3678
- RESERVED
+CVE-2022-3678 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+ TODO: check
CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
@@ -46453,12 +46550,12 @@ CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provid
NOT-FOR-US: Fastly
CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...)
NOT-FOR-US: GitHub Advanced Security to CSV
-CVE-2022-39216
- RESERVED
+CVE-2022-39216 (Combodo iTop is an open source, web-based IT service management platfo ...)
+ TODO: check
CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...)
NOT-FOR-US: Tauri
-CVE-2022-39214
- RESERVED
+CVE-2022-39214 (Combodo iTop is an open source, web-based IT service management platfo ...)
+ TODO: check
CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability Scoring Syst ...)
NOT-FOR-US: go-cvss
CVE-2022-39212 (Nextcloud Talk is an open source chat, video & audio calls client ...)
@@ -46653,7 +46750,7 @@ CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linu
NOTE: https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15
CVE-2022-39159
REJECTED
-CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All v ...)
+CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...)
NOT-FOR-US: Siemens
@@ -59379,7 +59476,7 @@ CVE-2022-34665 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
- nvidia-graphics-drivers-tesla-510 510.85.02-1
CVE-2022-34664
RESERVED
-CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
CVE-2022-34662 (When users add resources to the resource center with a relation path w ...)
NOT-FOR-US: Apache DolphinScheduler
@@ -62235,7 +62332,7 @@ CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability. ...
NOT-FOR-US: Microsoft
CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability. ...)
+CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-33643 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
@@ -62259,7 +62356,7 @@ CVE-2022-33634 (Windows Point-to-Point Tunneling Protocol Remote Code Execution
NOT-FOR-US: Microsoft
CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Skype for Business and Lync
-CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability. ...)
+CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
@@ -79529,6 +79626,7 @@ CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub reposito
CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
+ {DLA-3362-1}
- qemu 1:7.1+dfsg-2 (bug #1014589)
[bullseye] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
@@ -91712,10 +91810,10 @@ CVE-2021-46402
RESERVED
CVE-2022-23792
RESERVED
-CVE-2022-23791
- RESERVED
-CVE-2022-23790
- RESERVED
+CVE-2022-23791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2022-23790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-23789
RESERVED
CVE-2022-23788
@@ -93734,6 +93832,7 @@ CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub r
CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0216 (A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...)
+ {DLA-3362-1}
- qemu 1:7.1+dfsg-1 (bug #1014590)
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036953
@@ -97475,8 +97574,8 @@ CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
CVE-2021-4196
RESERVED
-CVE-2021-4195
- RESERVED
+CVE-2021-4195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...)
NOT-FOR-US: Samsung
CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...)
@@ -113265,15 +113364,15 @@ CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill
NOT-FOR-US: Siemens
CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
NOT-FOR-US: Siemens
-CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
-CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
-CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
-CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800 (All versions &l ...)
NOT-FOR-US: Siemens
-CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800 (All versions &l ...)
NOT-FOR-US: Siemens
CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
@@ -125609,9 +125708,9 @@ CVE-2021-37211 (The bulletin function of Flygo does not filter special character
NOT-FOR-US: Flygo
CVE-2021-37210
RESERVED
-CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All v ...)
+CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM i800 (All versions &l ...)
NOT-FOR-US: Siemens
-CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...)
NOT-FOR-US: Siemens
@@ -131952,7 +132051,7 @@ CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versi
NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b
CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
- {DLA-2753-1}
+ {DLA-3362-1 DLA-2753-1}
- libslirp 4.6.1-1 (bug #989996)
[bullseye] - libslirp 4.4.0-1+deb11u2
- qemu 1:4.1-2
@@ -131961,7 +132060,7 @@ CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP ne
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...)
- {DLA-2753-1}
+ {DLA-3362-1 DLA-2753-1}
- libslirp 4.6.1-1 (bug #989995)
[bullseye] - libslirp 4.4.0-1+deb11u2
- qemu 1:4.1-2
@@ -131969,7 +132068,7 @@ CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP ne
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...)
- {DLA-2970-1}
+ {DLA-3362-1 DLA-2970-1}
- libslirp 4.6.1-1 (bug #989994)
[bullseye] - libslirp 4.4.0-1+deb11u2
- qemu 1:4.1-2
@@ -131977,6 +132076,7 @@ CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP ne
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ {DLA-3362-1}
- libslirp 4.6.1-1 (bug #989993)
[bullseye] - libslirp 4.4.0-1+deb11u2
- qemu 1:4.1-2
@@ -174705,7 +174805,7 @@ CVE-2020-29132
CVE-2020-29131
RESERVED
CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...)
- {DLA-2560-1}
+ {DLA-3362-1 DLA-2560-1}
- libslirp 4.4.0-1
- qemu 1:4.1-2
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0)
@@ -188252,7 +188352,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
- {DLA-2623-1}
+ {DLA-3362-1 DLA-2623-1}
- qemu 1:5.2+dfsg-10 (bug #986795)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1
@@ -204857,7 +204957,7 @@ CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
NOT-FOR-US: Ghisler Total Commander
CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
- {DLA-2623-1}
+ {DLA-3362-1 DLA-2623-1}
- qemu 1:5.2+dfsg-10 (bug #970937)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
@@ -212410,6 +212510,7 @@ CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvnccli
CVE-2020-14395
REJECTED
CVE-2020-14394 (An infinite loop flaw was found in the USB xHCI controller emulation o ...)
+ {DLA-3362-1}
- qemu 1:7.1+dfsg-1 (bug #979677)
[bullseye] - qemu <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a53a6f17c1dac47736d2da9b795d3b22b08730
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a53a6f17c1dac47736d2da9b795d3b22b08730
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230314/ded178d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list