[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 31 21:12:16 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46894de1 by security tracker role at 2023-05-31T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-libr ...)
+ TODO: check
+CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-l ...)
+ TODO: check
+CVE-2023-3018 (A vulnerability was found in SourceCodester Lost and Found Information ...)
+ TODO: check
+CVE-2023-3017 (A vulnerability was found in SourceCodester Lost and Found Information ...)
+ TODO: check
+CVE-2023-3016 (A vulnerability was found in yiwent Vip Video Analysis 1.0 and classif ...)
+ TODO: check
+CVE-2023-3015 (A vulnerability has been found in yiwent Vip Video Analysis 1.0 and cl ...)
+ TODO: check
+CVE-2023-3014 (A vulnerability, which was classified as problematic, was found in Bei ...)
+ TODO: check
+CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.)
+ TODO: check
+CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
+ TODO: check
+CVE-2023-3009 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
+ TODO: check
+CVE-2023-3008 (A vulnerability classified as critical has been found in ningzichun St ...)
+ TODO: check
+CVE-2023-3007 (A vulnerability was found in ningzichun Student Management System 1.0. ...)
+ TODO: check
+CVE-2023-3006 (A known cache speculation vulnerability, known as Branch History Injec ...)
+ TODO: check
+CVE-2023-3005 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-3004 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-3003 (A vulnerability classified as critical was found in SourceCodester Tra ...)
+ TODO: check
+CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent's conf ...)
+ TODO: check
+CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...)
+ TODO: check
+CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...)
+ TODO: check
+CVE-2023-34255 (An issue was discovered in the Linux kernel through 6.3.5. There is a ...)
+ TODO: check
+CVE-2023-34229 (In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection p ...)
+ TODO: check
+CVE-2023-34228 (In JetBrains TeamCity before 2023.05 authentication checks were missin ...)
+ TODO: check
+CVE-2023-34227 (In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerabl ...)
+ TODO: check
+CVE-2023-34226 (In JetBrains TeamCity before 2023.05 reflected XSS in the Subscription ...)
+ TODO: check
+CVE-2023-34225 (In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page ...)
+ TODO: check
+CVE-2023-34224 (In JetBrains TeamCity before 2023.05 open redirect during oAuth config ...)
+ TODO: check
+CVE-2023-34223 (In JetBrains TeamCity before 2023.05 parameters of the "password" type ...)
+ TODO: check
+CVE-2023-34222 (In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor ...)
+ TODO: check
+CVE-2023-34221 (In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection ...)
+ TODO: check
+CVE-2023-34220 (In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status P ...)
+ TODO: check
+CVE-2023-34219 (In JetBrains TeamCity before 2023.05 improper permission checks allowe ...)
+ TODO: check
+CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission checks allow ...)
+ TODO: check
+CVE-2023-34088 (Collabora Online is a collaborative online office suite. A stored cros ...)
+ TODO: check
+CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnera ...)
+ TODO: check
+CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom forms and ...)
+ TODO: check
+CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL injecti ...)
+ TODO: check
+CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and de ...)
+ TODO: check
+CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain protocol ...)
+ TODO: check
+CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3 ...)
+ TODO: check
+CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote command exe ...)
+ TODO: check
+CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in Microworld Techno ...)
+ TODO: check
+CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in Microworld ...)
+ TODO: check
+CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated rem ...)
+ TODO: check
+CVE-2023-33718 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::Read ...)
+ TODO: check
+CVE-2023-33509 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to SQL Injection.)
+ TODO: check
+CVE-2023-33508 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to unauthenticated file ...)
+ TODO: check
+CVE-2023-33507 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to Unauthenticated arbi ...)
+ TODO: check
+CVE-2023-33487 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
+CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
+CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
+CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the Inline Table ...)
+ TODO: check
+CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 ...)
+ TODO: check
+CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEdi ...)
+ TODO: check
+CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing an att ...)
+ TODO: check
+CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI Syste ...)
+ TODO: check
+CVE-2023-2749 (Download Center fails to properly validate the file path submitted by ...)
+ TODO: check
+CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...)
+ TODO: check
+CVE-2015-10108 (A vulnerability was found in meitar Inline Google Spreadsheet Viewer P ...)
+ TODO: check
CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine. Prior to ver ...)
NOT-FOR-US: JStachio
CVE-2023-33961 (Leantime is a lean open source project management system. Starting in ...)
@@ -108,6 +224,7 @@ CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7
CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...)
TODO: check
CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...)
+ {DSA-5417-1}
- openssl 3.0.9-1
NOTE: https://www.openssl.org/news/secadv/20230530.txt
NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1u)
@@ -231,7 +348,7 @@ CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10106 (A vulnerability classified as critical was found in mback2k mh_httpbl ...)
+CVE-2015-10106 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
NOT-FOR-US: Typo3 extension
CVE-2014-125101 (A vulnerability classified as critical has been found in Portfolio Gal ...)
NOT-FOR-US: WordPress plugin
@@ -4815,7 +4932,7 @@ CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redi
NOT-FOR-US: Mattermost Desktop App
CVE-2023-1999
RESERVED
- {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
+ {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3439-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -5463,8 +5580,8 @@ CVE-2023-30287
RESERVED
CVE-2023-30286
RESERVED
-CVE-2023-30285
- RESERVED
+CVE-2023-30285 (An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows ...)
+ TODO: check
CVE-2023-30284
RESERVED
CVE-2023-30283
@@ -6588,8 +6705,8 @@ CVE-2023-29749
RESERVED
CVE-2023-29748
RESERVED
-CVE-2023-29747
- RESERVED
+CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
+ TODO: check
CVE-2023-29746
RESERVED
CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
@@ -15751,8 +15868,8 @@ CVE-2023-26844
RESERVED
CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
NOT-FOR-US: ChurchCRM
-CVE-2023-26842
- RESERVED
+CVE-2023-26842 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
+ TODO: check
CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
NOT-FOR-US: ChurchCRM
CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
@@ -17254,10 +17371,10 @@ CVE-2023-26280
RESERVED
CVE-2023-26279
RESERVED
-CVE-2023-26278
- RESERVED
-CVE-2023-26277
- RESERVED
+CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local au ...)
+ TODO: check
+CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local use ...)
+ TODO: check
CVE-2023-26276
RESERVED
CVE-2023-26275
@@ -22847,18 +22964,21 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che
CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...)
+ {DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...)
+ {DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
+ {DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230322.txt
@@ -68534,11 +68654,11 @@ CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...)
NOT-FOR-US: Microsoft
-CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
@@ -68546,164 +68666,164 @@ CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability.)
+CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability.)
+CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability.)
+CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability.)
+CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.)
+CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege Vulnerability.)
+CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35794 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35778
RESERVED
-CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability.)
+CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
+CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35770 (Windows NTLM Spoofing Vulnerability.)
NOT-FOR-US: Microsoft
-CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. ...)
+CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35767 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
NOT-FOR-US: Microsoft
CVE-2022-35766 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability.)
+CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35759
- RESERVED
-CVE-2022-35758
- RESERVED
-CVE-2022-35757
- RESERVED
-CVE-2022-35756
- RESERVED
-CVE-2022-35755
- RESERVED
-CVE-2022-35754
- RESERVED
-CVE-2022-35753
- RESERVED
-CVE-2022-35752
- RESERVED
-CVE-2022-35751
- RESERVED
-CVE-2022-35750
- RESERVED
-CVE-2022-35749
- RESERVED
-CVE-2022-35748
- RESERVED
-CVE-2022-35747
- RESERVED
-CVE-2022-35746
- RESERVED
-CVE-2022-35745
- RESERVED
-CVE-2022-35744
- RESERVED
-CVE-2022-35743
- RESERVED
+CVE-2022-35759 (Windows Local Security Authority (LSA) Denial of Service Vulnerability)
+ TODO: check
+CVE-2022-35758 (Windows Kernel Memory Information Disclosure Vulnerability)
+ TODO: check
+CVE-2022-35757 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2022-35756 (Windows Kerberos Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35755 (Windows Print Spooler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35754 (Unified Write Filter Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35753 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-35752 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-35751 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35750 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35749 (Windows Digital Media Receiver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35748 (HTTP.sys Denial of Service Vulnerability)
+ TODO: check
+CVE-2022-35747 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability)
+ TODO: check
+CVE-2022-35746 (Windows Digital Media Receiver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35745 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...)
+ TODO: check
+CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
+ TODO: check
CVE-2022-35742
RESERVED
CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged into ...)
@@ -71679,33 +71799,33 @@ CVE-2022-34719 (Windows Distributed File System (DFS) Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability.)
+CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34716 (.NET Spoofing Vulnerability.)
+CVE-2022-34716 (.NET Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability.)
+CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
NOT-FOR-US: Microsoft
CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
+CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
+CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
+CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
+CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
+CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
+CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -71715,13 +71835,13 @@ CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Servic
NOT-FOR-US: Microsoft
CVE-2022-34700 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability.)
+CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34698
RESERVED
CVE-2022-34697
RESERVED
-CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability.)
+CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34695
RESERVED
@@ -71729,17 +71849,17 @@ CVE-2022-34694
RESERVED
CVE-2022-34693
RESERVED
-CVE-2022-34692 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
+CVE-2022-34692 (Microsoft Exchange Server Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerability.)
+CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability.)
+CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-34688
RESERVED
-CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ...)
NOT-FOR-US: Microsoft
@@ -74807,9 +74927,9 @@ CVE-2022-33651 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.)
+CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability.)
+CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -74833,7 +74953,7 @@ CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.)
+CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
@@ -74843,7 +74963,7 @@ CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability)
NOT-FOR-US: Skype for Business and Lync
CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability.)
+CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33630
RESERVED
@@ -84521,13 +84641,13 @@ CVE-2022-30199
RESERVED
CVE-2022-30198 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
+CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30195
RESERVED
-CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability.)
+CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
@@ -84563,9 +84683,9 @@ CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This
NOT-FOR-US: Microsoft
CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
-CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
@@ -84627,7 +84747,7 @@ CVE-2022-30146 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code
NOT-FOR-US: Microsoft
CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability.)
+CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
NOT-FOR-US: Microsoft
@@ -84647,7 +84767,7 @@ CVE-2022-30136 (Windows Network File System Remote Code Execution Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability.)
NOT-FOR-US: Microsoft
-CVE-2022-30134 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
+CVE-2022-30134 (Microsoft Exchange Server Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...)
NOT-FOR-US: Microsoft
@@ -113750,8 +113870,8 @@ CVE-2022-0010 (Insertion of Sensitive Information into Log File vulnerability in
NOT-FOR-US: ABB
CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...)
NOT-FOR-US: spatie/laravel-medialibrary
-CVE-2021-45039
- RESERVED
+CVE-2021-45039 (Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10. ...)
+ TODO: check
CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
@@ -265471,6 +265591,7 @@ CVE-2019-18606
CVE-2019-18605
RESERVED
CVE-2019-18604 (In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distr ...)
+ {DLA-3427-2}
- texlive-bin 2020.20200327.54578-2
[stretch] - texlive-bin <not-affected> (Vulnerable code not present)
[jessie] - texlive-bin <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46894de127f0676e912b24c3b1e0630155ab8eeb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46894de127f0676e912b24c3b1e0630155ab8eeb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230531/4e895080/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list