[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 22 20:10:45 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f25a96e by security tracker role at 2023-03-22T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2023-28751
+ RESERVED
+CVE-2023-28750
+ RESERVED
+CVE-2023-28749
+ RESERVED
+CVE-2023-28748
+ RESERVED
+CVE-2023-28747
+ RESERVED
+CVE-2023-28735
+ RESERVED
+CVE-2023-28734
+ RESERVED
+CVE-2023-28733
+ RESERVED
+CVE-2023-28732
+ RESERVED
+CVE-2023-28731
+ RESERVED
+CVE-2023-27882
+ RESERVED
+CVE-2023-1583
+ RESERVED
+CVE-2023-1582
+ RESERVED
+CVE-2023-1581
+ RESERVED
+CVE-2023-1580 (Uncontrolled resource consumption in the logging feature in Devolution ...)
+ TODO: check
+CVE-2023-1579
+ RESERVED
+CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. ...)
+ TODO: check
+CVE-2023-1577
+ RESERVED
+CVE-2023-1576
+ RESERVED
+CVE-2023-1575
+ RESERVED
+CVE-2023-1574 (Information disclosure in the user creation feature of a MSSQL data so ...)
+ TODO: check
+CVE-2023-1573 (A vulnerability was found in DataGear up to 1.11.1 and classified as p ...)
+ TODO: check
+CVE-2023-1572 (A vulnerability has been found in DataGear up to 1.11.1 and classified ...)
+ TODO: check
+CVE-2023-1571 (A vulnerability, which was classified as critical, was found in DataGe ...)
+ TODO: check
+CVE-2023-1570 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1569 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-1568 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2023-1567 (A vulnerability was found in SourceCodester Student Study Center Desk ...)
+ TODO: check
+CVE-2023-1566 (A vulnerability was found in SourceCodester Medical Certificate Genera ...)
+ TODO: check
+CVE-2023-1565 (A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classif ...)
+ TODO: check
+CVE-2023-1564 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...)
+ TODO: check
+CVE-2023-1563 (A vulnerability has been found in SourceCodester Student Study Center ...)
+ TODO: check
+CVE-2023-1562 (Mattermost fails to check the "Show Full Name" setting when rendering ...)
+ TODO: check
+CVE-2023-1561 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2023-1560 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1559 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-1558 (A vulnerability classified as critical has been found in Simple and Be ...)
+ TODO: check
+CVE-2023-1557 (A vulnerability was found in SourceCodester E-Commerce System 1.0. It ...)
+ TODO: check
+CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management System ...)
+ TODO: check
+CVE-2023-1555
+ RESERVED
+CVE-2013-10022
+ RESERVED
CVE-2023-28730
RESERVED
CVE-2023-28729
@@ -58,8 +140,8 @@ CVE-2023-1552
RESERVED
CVE-2023-28709
RESERVED
-CVE-2023-28708
- RESERVED
+CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse pr ...)
+ TODO: check
CVE-2023-28707
RESERVED
CVE-2023-28706
@@ -2072,8 +2154,8 @@ CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF gene
NOTE: https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
NOTE: https://github.com/KnpLabs/snappy/pull/469
NOTE: https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6 (v1.4.2)
-CVE-2023-28114
- RESERVED
+CVE-2023-28114 (`cilium-cli` is the command line interface to install, manage, and tro ...)
+ TODO: check
CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in version 0.3 ...)
NOT-FOR-US: russh
CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
@@ -2498,8 +2580,8 @@ CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.
NOT-FOR-US: qwik
CVE-2023-1282
RESERVED
-CVE-2023-1281
- RESERVED
+CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...)
+ TODO: check
CVE-2023-1280
RESERVED
CVE-2023-1279
@@ -3251,8 +3333,8 @@ CVE-2023-27756
RESERVED
CVE-2023-27755
RESERVED
-CVE-2023-27754
- RESERVED
+CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow ca ...)
+ TODO: check
CVE-2023-27753
RESERVED
CVE-2023-27752
@@ -3483,10 +3565,10 @@ CVE-2023-27640
RESERVED
CVE-2023-27639
RESERVED
-CVE-2023-27638
- RESERVED
-CVE-2023-27637
- RESERVED
+CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
+ TODO: check
+CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
+ TODO: check
CVE-2023-27636
RESERVED
CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -5415,8 +5497,8 @@ CVE-2023-26915
RESERVED
CVE-2023-26914
RESERVED
-CVE-2023-26913
- RESERVED
+CVE-2023-26913 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+ TODO: check
CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...)
NOT-FOR-US: S-mall-ssm
CVE-2023-26911
@@ -6634,8 +6716,8 @@ CVE-2023-26428
RESERVED
CVE-2023-26427
RESERVED
-CVE-2023-26426
- RESERVED
+CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
+ TODO: check
CVE-2023-26425
RESERVED
CVE-2023-26424
@@ -6770,8 +6852,8 @@ CVE-2023-26360
RESERVED
CVE-2023-26359
RESERVED
-CVE-2023-26358
- RESERVED
+CVE-2023-26358 (Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted ...)
+ TODO: check
CVE-2023-26357
RESERVED
CVE-2023-26356
@@ -8040,8 +8122,8 @@ CVE-2023-0872
RESERVED
CVE-2023-0871
RESERVED
-CVE-2023-0870
- RESERVED
+CVE-2023-0870 (A form can be manipulated with cross-site request forgery in multiple ...)
+ TODO: check
CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of OpenNM ...)
NOT-FOR-US: OpenNMS
CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versions o ...)
@@ -8188,14 +8270,14 @@ CVE-2023-25864
RESERVED
CVE-2023-25863
RESERVED
-CVE-2023-25862
- RESERVED
-CVE-2023-25861
- RESERVED
-CVE-2023-25860
- RESERVED
-CVE-2023-25859
- RESERVED
+CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
+ TODO: check
+CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
+ TODO: check
+CVE-2023-25860 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
+ TODO: check
+CVE-2023-25859 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
+ TODO: check
CVE-2023-0850 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classifie ...)
NOT-FOR-US: Netgear
CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and clas ...)
@@ -8288,8 +8370,8 @@ CVE-2023-25822
RESERVED
CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.0.4 an ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2023-25820
- RESERVED
+CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+ TODO: check
CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
NOT-FOR-US: Discourse
CVE-2023-25818
@@ -12394,8 +12476,7 @@ CVE-2023-0466
RESERVED
CVE-2023-0465
RESERVED
-CVE-2023-0464 [Excessive Resource Usage Verifying X.509 Policy Constraints]
- RESERVED
+CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
- openssl <unfixed>
[bullseye] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230322.txt
@@ -20835,46 +20916,46 @@ CVE-2023-22273
RESERVED
CVE-2023-22272
RESERVED
-CVE-2023-22271
- RESERVED
+CVE-2023-22271 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a W ...)
+ TODO: check
CVE-2023-22270
RESERVED
-CVE-2023-22269
- RESERVED
+CVE-2023-22269 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
+ TODO: check
CVE-2023-22268
RESERVED
CVE-2023-22267
RESERVED
-CVE-2023-22266
- RESERVED
-CVE-2023-22265
- RESERVED
-CVE-2023-22264
- RESERVED
-CVE-2023-22263
- RESERVED
-CVE-2023-22262
- RESERVED
-CVE-2023-22261
- RESERVED
-CVE-2023-22260
- RESERVED
-CVE-2023-22259
- RESERVED
-CVE-2023-22258
- RESERVED
-CVE-2023-22257
- RESERVED
-CVE-2023-22256
- RESERVED
+CVE-2023-22266 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22265 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22264 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22263 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22262 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22261 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22260 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22259 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22258 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22257 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
+CVE-2023-22256 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
+ TODO: check
CVE-2023-22255
RESERVED
-CVE-2023-22254
- RESERVED
-CVE-2023-22253
- RESERVED
-CVE-2023-22252
- RESERVED
+CVE-2023-22254 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
+ TODO: check
+CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
+ TODO: check
+CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
+ TODO: check
CVE-2023-22251
RESERVED
CVE-2023-22250
@@ -24722,19 +24803,19 @@ CVE-2023-21625
CVE-2023-21624
RESERVED
CVE-2022-46750
- RESERVED
+ REJECTED
CVE-2022-46749
- RESERVED
+ REJECTED
CVE-2022-46748
- RESERVED
+ REJECTED
CVE-2022-46747
- RESERVED
+ REJECTED
CVE-2022-46746
- RESERVED
+ REJECTED
CVE-2022-46745
- RESERVED
+ REJECTED
CVE-2022-46744
- RESERVED
+ REJECTED
CVE-2022-46743
REJECTED
CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePaddle 2 ...)
@@ -25705,10 +25786,10 @@ CVE-2023-21618
RESERVED
CVE-2023-21617
RESERVED
-CVE-2023-21616
- RESERVED
-CVE-2023-21615
- RESERVED
+CVE-2023-21616 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
+ TODO: check
+CVE-2023-21615 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
+ TODO: check
CVE-2023-21614 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
CVE-2023-21613 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
@@ -28207,8 +28288,7 @@ CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is s
NOT-FOR-US: WordPress plugin
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
NOT-FOR-US: appsmith
-CVE-2022-4095
- RESERVED
+CVE-2022-4095 (A use-after-free flaw was found in Linux kernel before 5.19.2. This is ...)
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
[buster] - linux 4.19.260-1
@@ -29584,7 +29664,7 @@ CVE-2022-3940 (A vulnerability, which was classified as problematic, was found i
CVE-2022-3939 (A vulnerability, which was classified as critical, has been found in l ...)
NOT-FOR-US: lanyulei ferry
CVE-2022-3938
- RESERVED
+ REJECTED
CVE-2022-3937 (The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3936 (The Team Members WordPress plugin before 5.2.1 does not sanitize and e ...)
@@ -191165,67 +191245,67 @@ CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users to
CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...)
NOT-FOR-US: Ericom
CVE-2020-24547
- RESERVED
+ REJECTED
CVE-2020-24546
- RESERVED
+ REJECTED
CVE-2020-24545
- RESERVED
+ REJECTED
CVE-2020-24544
- RESERVED
+ REJECTED
CVE-2020-24543
- RESERVED
+ REJECTED
CVE-2020-24542
- RESERVED
+ REJECTED
CVE-2020-24541
- RESERVED
+ REJECTED
CVE-2020-24540
- RESERVED
+ REJECTED
CVE-2020-24539
- RESERVED
+ REJECTED
CVE-2020-24538
- RESERVED
+ REJECTED
CVE-2020-24537
- RESERVED
+ REJECTED
CVE-2020-24536
- RESERVED
+ REJECTED
CVE-2020-24535
- RESERVED
+ REJECTED
CVE-2020-24534
- RESERVED
+ REJECTED
CVE-2020-24533
- RESERVED
+ REJECTED
CVE-2020-24532
- RESERVED
+ REJECTED
CVE-2020-24531
- RESERVED
+ REJECTED
CVE-2020-24530
- RESERVED
+ REJECTED
CVE-2020-24529
- RESERVED
+ REJECTED
CVE-2020-24528
- RESERVED
+ REJECTED
CVE-2020-24527
- RESERVED
+ REJECTED
CVE-2020-24526
- RESERVED
+ REJECTED
CVE-2020-24525 (Insecure inherited permissions in firmware update tool for some Intel( ...)
NOT-FOR-US: Intel
CVE-2020-24524
- RESERVED
+ REJECTED
CVE-2020-24523
- RESERVED
+ REJECTED
CVE-2020-24522
- RESERVED
+ REJECTED
CVE-2020-24521
- RESERVED
+ REJECTED
CVE-2020-24520
- RESERVED
+ REJECTED
CVE-2020-24519
- RESERVED
+ REJECTED
CVE-2020-24518
- RESERVED
+ REJECTED
CVE-2020-24517
- RESERVED
+ REJECTED
CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...)
NOT-FOR-US: Intel
CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...)
@@ -191248,11 +191328,11 @@ CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processo
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
CVE-2020-24510
- RESERVED
+ REJECTED
CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R) SPS vers ...)
NOT-FOR-US: Intel
CVE-2020-24508
- RESERVED
+ REJECTED
CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME versions b ...)
NOT-FOR-US: Intel
CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions before ...)
@@ -191274,7 +191354,7 @@ CVE-2020-24501 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Contr
CVE-2020-24500 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
NOT-FOR-US: Intel NIC firmware
CVE-2020-24499
- RESERVED
+ REJECTED
CVE-2020-24498 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
NOT-FOR-US: Intel NIC firmware
CVE-2020-24497 (Insufficient Access Control in the firmware for Intel(R) E810 Ethernet ...)
@@ -191304,17 +191384,17 @@ CVE-2020-24489 (Incomplete cleanup in some Intel(R) VT-d products may allow an a
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
CVE-2020-24488
- RESERVED
+ REJECTED
CVE-2020-24487
- RESERVED
+ REJECTED
CVE-2020-24486 (Improper input validation in the firmware for some Intel(R) Processors ...)
NOT-FOR-US: Intel
CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux b ...)
NOT-FOR-US: Intel
CVE-2020-24484
- RESERVED
+ REJECTED
CVE-2020-24483
- RESERVED
+ REJECTED
CVE-2020-24482 (Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem ...)
NOT-FOR-US: Intel
CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pro and ...)
@@ -191322,13 +191402,13 @@ CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pr
CVE-2020-24480 (Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may al ...)
NOT-FOR-US: Intel
CVE-2020-24479
- RESERVED
+ REJECTED
CVE-2020-24478
- RESERVED
+ REJECTED
CVE-2020-24477
- RESERVED
+ REJECTED
CVE-2020-24476
- RESERVED
+ REJECTED
CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R) Server B ...)
NOT-FOR-US: Intel
CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
@@ -191336,33 +191416,33 @@ CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boa
CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R) Server Board ...)
NOT-FOR-US: Intel
CVE-2020-24472
- RESERVED
+ REJECTED
CVE-2020-24471
- RESERVED
+ REJECTED
CVE-2020-24470
- RESERVED
+ REJECTED
CVE-2020-24469
- RESERVED
+ REJECTED
CVE-2020-24468
- RESERVED
+ REJECTED
CVE-2020-24467
- RESERVED
+ REJECTED
CVE-2020-24466
- RESERVED
+ REJECTED
CVE-2020-24465
- RESERVED
+ REJECTED
CVE-2020-24464
- RESERVED
+ REJECTED
CVE-2020-24463
- RESERVED
+ REJECTED
CVE-2020-24462 (Out of bounds write in the Intel(R) Graphics Driver before version 15. ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-24461
- RESERVED
+ REJECTED
CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version 20.8. ...)
NOT-FOR-US: Intel
CVE-2020-24459
- RESERVED
+ REJECTED
CVE-2020-24458 (Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (T ...)
NOT-FOR-US: Intel
CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...)
@@ -191386,7 +191466,7 @@ CVE-2020-24451 (Uncontrolled search path in the Intel(R) Optane(TM) DC Persisten
CVE-2020-24450 (Improper conditions check in some Intel(R) Graphics Drivers before ver ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-24449
- RESERVED
+ REJECTED
CVE-2020-24448 (Uncaught exception in some Intel(R) Graphics Drivers before version 15 ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...)
@@ -219547,17 +219627,17 @@ CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers befo
CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-12383
- RESERVED
+ REJECTED
CVE-2020-12382
- RESERVED
+ REJECTED
CVE-2020-12381
- RESERVED
+ REJECTED
CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...)
NOT-FOR-US: Intel
CVE-2020-12379
- RESERVED
+ REJECTED
CVE-2020-12378
- RESERVED
+ REJECTED
CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...)
NOT-FOR-US: Intel
CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...)
@@ -219661,7 +219741,7 @@ CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1
CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...)
NOT-FOR-US: Intel
CVE-2020-12348
- RESERVED
+ REJECTED
CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...)
NOT-FOR-US: Intel
CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...)
@@ -219669,15 +219749,15 @@ CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery L
CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...)
NOT-FOR-US: Intel
CVE-2020-12344
- RESERVED
+ REJECTED
CVE-2020-12343
- RESERVED
+ REJECTED
CVE-2020-12342
- RESERVED
+ REJECTED
CVE-2020-12341
- RESERVED
+ REJECTED
CVE-2020-12340
- RESERVED
+ REJECTED
CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...)
NOT-FOR-US: Intel
CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...)
@@ -219761,7 +219841,7 @@ CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio driv
CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...)
NOT-FOR-US: Intel
CVE-2020-12305
- RESERVED
+ REJECTED
CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...)
NOT-FOR-US: Intel
CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...)
@@ -219775,7 +219855,7 @@ CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board
CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server Board F ...)
NOT-FOR-US: Intel
CVE-2020-12298
- RESERVED
+ REJECTED
CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...)
NOT-FOR-US: Intel
CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
@@ -230279,7 +230359,7 @@ CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Proces
CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...)
NOT-FOR-US: Intel
CVE-2020-8762
- RESERVED
+ REJECTED
CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...)
NOT-FOR-US: Intel
CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...)
@@ -230307,7 +230387,7 @@ CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions be
CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
NOT-FOR-US: Intel
CVE-2020-8748
- RESERVED
+ REJECTED
CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
NOT-FOR-US: Intel
CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...)
@@ -230333,7 +230413,7 @@ CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA f
CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...)
NOT-FOR-US: Intel
CVE-2020-8735
- RESERVED
+ REJECTED
CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server Board M1 ...)
NOT-FOR-US: Intel
CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...)
@@ -230347,15 +230427,15 @@ CVE-2020-8730 (Heap-based overflow for some Intel(R) Server Boards, Server Syste
CVE-2020-8729 (Buffer copy without checking size of input for some Intel(R) Server Bo ...)
NOT-FOR-US: Intel
CVE-2020-8728
- RESERVED
+ REJECTED
CVE-2020-8727
- RESERVED
+ REJECTED
CVE-2020-8726
- RESERVED
+ REJECTED
CVE-2020-8725
- RESERVED
+ REJECTED
CVE-2020-8724
- RESERVED
+ REJECTED
CVE-2020-8723 (Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...)
NOT-FOR-US: Intel
CVE-2020-8722 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...)
@@ -230405,14 +230485,14 @@ CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD T
CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...)
NOT-FOR-US: Intel
CVE-2020-8699
- RESERVED
+ REJECTED
CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
{DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode 3.20201118.1~deb10u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
- RESERVED
+ REJECTED
CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...)
{DLA-2546-1}
- intel-microcode 3.20201110.1
@@ -230446,7 +230526,7 @@ CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for
CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...)
NOT-FOR-US: Intel
CVE-2020-8686
- RESERVED
+ REJECTED
CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...)
NOT-FOR-US: Intel
CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...)
@@ -230472,7 +230552,7 @@ CVE-2020-8675 (Insufficient control flow management in firmware build and signin
CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...)
NOT-FOR-US: Intel
CVE-2020-8673
- RESERVED
+ REJECTED
CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...)
NOT-FOR-US: Intel
CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
@@ -230482,7 +230562,7 @@ CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may a
CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...)
NOT-FOR-US: Intel
CVE-2020-8668
- RESERVED
+ REJECTED
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
- lua-cgi <not-affected> (session generation changed in 5.1.x, cf. CVE-2014-10399)
NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
@@ -254223,7 +254303,7 @@ CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) P
CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) Processor ...)
NOT-FOR-US: Intel
CVE-2020-0589
- RESERVED
+ REJECTED
CVE-2020-0588 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...)
NOT-FOR-US: Intel
CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...)
@@ -254231,19 +254311,19 @@ CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R) Proc
CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before ...)
NOT-FOR-US: Intel
CVE-2020-0585
- RESERVED
+ REJECTED
CVE-2020-0584 (Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Seri ...)
NOT-FOR-US: Intel
CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...)
NOT-FOR-US: Intel
CVE-2020-0582
- RESERVED
+ REJECTED
CVE-2020-0581
- RESERVED
+ REJECTED
CVE-2020-0580
- RESERVED
+ REJECTED
CVE-2020-0579
- RESERVED
+ REJECTED
CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...)
NOT-FOR-US: Intel
CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...)
@@ -254317,7 +254397,7 @@ CVE-2020-0554 (Race condition in software installer for some Intel(R) Wireless B
CVE-2020-0553 (Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bl ...)
NOT-FOR-US: Intel
CVE-2020-0552
- RESERVED
+ REJECTED
CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...)
NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
@@ -254424,7 +254504,7 @@ CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers
CVE-2020-0510 (Out of bounds read in some Intel(R) Graphics Drivers before versions 1 ...)
NOT-FOR-US: Intel
CVE-2020-0509
- RESERVED
+ REJECTED
CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...)
NOT-FOR-US: Intel
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f25a96ec92e14e079a18fed7b1318eaf6f77a1f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f25a96ec92e14e079a18fed7b1318eaf6f77a1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230322/75c8c794/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list