[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 19 10:24:43 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
717f80a8 by Moritz Muehlenhoff at 2023-05-19T11:24:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authentica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32322 (Ombi is an open source application which allows users to request speci ...)
- TODO: check
+ NOT-FOR-US: Ombi
CVE-2023-32100 (Compiler removal of buffer clearing in sli_se_driver_mac_compute in ...)
NOT-FOR-US: Silicon Labs Gecko Platform SDK
CVE-2023-32099 (Compiler removal of buffer clearing in sli_se_sign_hashin Sili ...)
@@ -19,15 +19,15 @@ CVE-2023-32097 (Compiler removal of buffer clearing in sli_crypto_transpar
CVE-2023-32096 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...)
NOT-FOR-US: Silicon Labs Gecko Platform SDK
CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that allows ...)
- TODO: check
+ NOT-FOR-US: OpenText Documentum Content Server
CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation violation.)
TODO: check
CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...)
- zammad <itp> (bug #841355)
CVE-2023-2800 (Insecure Temporary File in GitHub repository huggingface/transformers ...)
- TODO: check
+ NOT-FOR-US: Transformers
CVE-2023-2799 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: OA
CVE-2023-2790 (A vulnerability classified as problematic has been found in TOTOLINK N ...)
NOT-FOR-US: TOTOLINK
CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated as probl ...)
@@ -1430,7 +1430,7 @@ CVE-2023-31235
CVE-2023-31234
RESERVED
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31232
RESERVED
CVE-2023-31231
@@ -1720,7 +1720,7 @@ CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name
CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO ...)
NOT-FOR-US: PostgresNIO
CVE-2023-31135 (Dgraph is an open source distributed GraphQL database. Existing Dgraph ...)
- TODO: check
+ NOT-FOR-US: Dgraph
CVE-2023-31134 (Tauri is software for building applications for multi-platform deploym ...)
NOT-FOR-US: Tauri
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...)
@@ -2492,7 +2492,7 @@ CVE-2023-30870
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Chri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30867
RESERVED
CVE-2023-30866
@@ -2842,7 +2842,7 @@ CVE-2023-30782
CVE-2023-30781
RESERVED
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30779
RESERVED
CVE-2023-30778
@@ -3534,9 +3534,9 @@ CVE-2023-2027 (The ZM Ajax Login & Register plugin for WordPress is vulnerable t
CVE-2023-2026
RESERVED
CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 ...)
- TODO: check
+ NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...)
- TODO: check
+ NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2023
RESERVED
CVE-2023-2022
@@ -3907,7 +3907,7 @@ CVE-2023-30489
CVE-2023-30488
RESERVED
CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30486
RESERVED
CVE-2023-30485
@@ -3941,7 +3941,7 @@ CVE-2023-30472
CVE-2023-30471
RESERVED
CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
@@ -4317,7 +4317,7 @@ CVE-2023-30335
CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...)
NOT-FOR-US: AsmBB
CVE-2023-30333 (An arbitrary file upload vulnerability in the component /admin/ThemeCo ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2023-30332
RESERVED
CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...)
@@ -4739,7 +4739,7 @@ CVE-2023-30126
CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).)
NOT-FOR-US: Eyoucms
CVE-2023-30124 (LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...)
NOT-FOR-US: wuzhicms
CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...)
@@ -5024,7 +5024,7 @@ CVE-2023-29987
CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibl ...)
NOT-FOR-US: spring-boot-actuator-logview
CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System v1.0 admin\ ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2023-29984
RESERVED
CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...)
@@ -5313,7 +5313,7 @@ CVE-2023-29859
CVE-2023-29858
RESERVED
CVE-2023-29857 (An issue in Teslamate v1.27.1 allows attackers to obtain sensitive inf ...)
- TODO: check
+ NOT-FOR-US: Teslamate
CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...)
NOT-FOR-US: D-Link
CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...)
@@ -5594,7 +5594,7 @@ CVE-2023-29722
CVE-2023-29721
RESERVED
CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
- TODO: check
+ NOT-FOR-US: SofaWiki
CVE-2023-29719
RESERVED
CVE-2023-29718
@@ -8531,7 +8531,7 @@ CVE-2023-1620
CVE-2023-1619
RESERVED
CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...)
NOT-FOR-US: B&R Industrial Automation
CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...)
@@ -9956,7 +9956,7 @@ CVE-2023-28387
CVE-2023-28382
RESERVED
CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
- TODO: check
+ NOT-FOR-US: Brother
CVE-2023-28367
RESERVED
CVE-2023-27926
@@ -11124,7 +11124,7 @@ CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HP
CVE-2023-28082
RESERVED
CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-28080
RESERVED
CVE-2023-28079
@@ -13006,7 +13006,7 @@ CVE-2023-1134 (Delta Electronics InfraSuite Device Master versions prior to 1.0.
CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...)
NOT-FOR-US: Delta Electronics
CVE-2023-1132 (Compiler removal of buffer clearing in sli_se_driver_key_agreement ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts Sales ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-1130 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -13153,7 +13153,7 @@ CVE-2023-27432
CVE-2023-27431
RESERVED
CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27429
RESERVED
CVE-2023-27428
@@ -13167,7 +13167,7 @@ CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-27424
RESERVED
CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27422
RESERVED
CVE-2023-27421
@@ -13820,7 +13820,7 @@ CVE-2023-27219
CVE-2023-27218
RESERVED
CVE-2023-27217 (A stack-based buffer overflow in the ChangeFriendlyName() function of ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...)
NOT-FOR-US: D-Link
CVE-2023-27215
@@ -15985,7 +15985,7 @@ CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal
CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2023-0965 (Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_a ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2023-0964 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
@@ -17072,7 +17072,7 @@ CVE-2023-25935
CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...)
NOT-FOR-US: Dell
CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-25756
RESERVED
CVE-2023-25546
@@ -17891,7 +17891,7 @@ CVE-2023-25700
CVE-2023-25699
RESERVED
CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25697
RESERVED
CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hive Pro ...)
@@ -18461,7 +18461,7 @@ CVE-2023-25570 (Apollo is a configuration management system. Prior to version 2.
CVE-2023-25569 (Apollo is a configuration management system. Prior to version 2.1.0, a ...)
NOT-FOR-US: Apollo
CVE-2023-25568 (Boxo, formerly known as go-libipfs, is a library for building IPFS app ...)
- TODO: check
+ NOT-FOR-US: Boxo
CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...)
- gss-ntlmssp 1.2.0-1 (bug #1031369)
[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
@@ -20419,9 +20419,9 @@ CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can
NOTE: https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa (v1.5.4)
NOTE: Introduced by https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726 (v1.4.7)
CVE-2023-24833 (A use-after-free in BigIntPrimitive addition in Hermes prior to commit ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-24832 (A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...)
NOT-FOR-US: Trend Micro
CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...)
@@ -22818,7 +22818,7 @@ CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-24000
RESERVED
CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23997
@@ -23559,7 +23559,7 @@ CVE-2023-23761 (An improper authentication vulnerability was identified in GitHu
CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...)
- TODO: check
+ NOT-FOR-US: Facebook fizz
CVE-2023-23758
RESERVED
CVE-2023-23757
@@ -23850,7 +23850,7 @@ CVE-2023-23669
CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23666
RESERVED
CVE-2023-23665
@@ -24366,9 +24366,9 @@ CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the L
CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...)
- eternal-terminal <itp> (bug #861635)
CVE-2023-23557 (An error in Hermes' algorithm for copying objects properties prior to ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-23556 (An error in BigInt conversion to Number in Hermes prior to commit a6dc ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site scripting ...)
@@ -33051,7 +33051,7 @@ CVE-2022-47159
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...)
@@ -33623,7 +33623,7 @@ CVE-2022-4420
CVE-2022-4419
RESERVED
CVE-2022-4418 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
@@ -38036,11 +38036,11 @@ CVE-2022-4038
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45457 (Sensitive information disclosure and manipulation due to improper cert ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...)
NOT-FOR-US: Acronis
CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...)
@@ -38048,13 +38048,13 @@ CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation clea
CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...)
NOT-FOR-US: Acronis
CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are affecte ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45451
RESERVED
CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45449
RESERVED
CVE-2022-45448
@@ -44693,7 +44693,7 @@ CVE-2023-20191
CVE-2023-20190
RESERVED
CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20188
RESERVED
CVE-2023-20187
@@ -44703,11 +44703,11 @@ CVE-2023-20186
CVE-2023-20185
RESERVED
CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20181
RESERVED
CVE-2023-20180
@@ -44723,13 +44723,13 @@ CVE-2023-20176
CVE-2023-20175
RESERVED
CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20170
RESERVED
CVE-2023-20169
@@ -44737,29 +44737,29 @@ CVE-2023-20169
CVE-2023-20168
RESERVED
CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20165
RESERVED
CVE-2023-20164 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20163 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20162 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20161 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20160 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20159 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20158 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20155
RESERVED
CVE-2023-20154
@@ -44851,7 +44851,7 @@ CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow
CVE-2023-20111
RESERVED
CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20109
RESERVED
CVE-2023-20108
@@ -44859,7 +44859,7 @@ CVE-2023-20108
CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...)
NOT-FOR-US: Cisco
CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20105
RESERVED
CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...)
@@ -44897,7 +44897,7 @@ CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feat
CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...)
NOT-FOR-US: Cisco
CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20086
RESERVED
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -44917,7 +44917,7 @@ CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface o
CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...)
NOT-FOR-US: Cisco
CVE-2023-20077 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...)
NOT-FOR-US: Cisco
CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...)
@@ -45030,7 +45030,7 @@ CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco S
CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20024 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
NOT-FOR-US: Cisco
CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
@@ -45072,7 +45072,7 @@ CVE-2023-20005
CVE-2023-20004
RESERVED
CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...)
NOT-FOR-US: Cisco
CVE-2023-20001
@@ -65906,11 +65906,11 @@ CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware versi
CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...)
NOT-FOR-US: Western Digital
CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that could ar ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36325 (Affected devices do not properly sanitize data introduced by an user w ...)
NOT-FOR-US: Siemens
CVE-2022-36324 (Affected devices do not properly handle the renegotiation of SSL/TLS p ...)
@@ -67369,7 +67369,7 @@ CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.)
@@ -164676,7 +164676,7 @@ CVE-2021-26367
CVE-2021-26366 (An attacker, who gained elevated privileges via some other vulnerabili ...)
NOT-FOR-US: AMD
CVE-2021-26365 (Certain size values in firmware binary headers could trigger out of bo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could allow an ...)
NOT-FOR-US: AMD
CVE-2021-26363 (A malicious or compromised UApp or ABL could potentially change the va ...)
@@ -189862,7 +189862,7 @@ CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver,
CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a mis ...)
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0877 (Product: AndroidVersions: Android SoCAndroid ID: A-273754094)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driv ...)
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717f80a8f7e93f30d7a6f9f184903c1526d1e517
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717f80a8f7e93f30d7a6f9f184903c1526d1e517
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230519/2384d5fb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list