Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2f773cf by security tracker role at 2023-03-04T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2023-27601
+ RESERVED
+CVE-2023-27600
+ RESERVED
+CVE-2023-27599
+ RESERVED
+CVE-2023-27598
+ RESERVED
+CVE-2023-27597
+ RESERVED
+CVE-2023-27596
+ RESERVED
+CVE-2023-27595
+ RESERVED
+CVE-2023-27594
+ RESERVED
+CVE-2023-27593
+ RESERVED
+CVE-2023-27592
+ RESERVED
+CVE-2023-27591
+ RESERVED
+CVE-2023-27590
+ RESERVED
+CVE-2023-27589
+ RESERVED
+CVE-2023-27588
+ RESERVED
+CVE-2023-27587
+ RESERVED
+CVE-2023-27586
+ RESERVED
+CVE-2023-27585
+ RESERVED
+CVE-2023-27584
+ RESERVED
+CVE-2023-27583
+ RESERVED
+CVE-2023-27582
+ RESERVED
+CVE-2023-27581
+ RESERVED
+CVE-2023-27580
+ RESERVED
+CVE-2023-27579
+ RESERVED
+CVE-2023-27578
+ RESERVED
+CVE-2023-27577
+ RESERVED
+CVE-2023-27576
+ RESERVED
+CVE-2023-27575
+ RESERVED
+CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with
com.apple.security.get-task-allow en ...)
+ TODO: check
+CVE-2023-27573
+ RESERVED
+CVE-2023-27572
+ RESERVED
+CVE-2023-27571
+ RESERVED
+CVE-2023-27570
+ RESERVED
+CVE-2023-27569
+ RESERVED
+CVE-2023-27568
+ RESERVED
+CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that
matches a pf ...)
+ TODO: check
+CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows
out-of-bounds write ...)
+ TODO: check
+CVE-2023-27565
+ RESERVED
+CVE-2023-27564
+ RESERVED
+CVE-2023-27563
+ RESERVED
+CVE-2023-27562
+ RESERVED
+CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to
Escalation ...)
+ TODO: check
+CVE-2023-27528
+ RESERVED
+CVE-2023-27392
+ RESERVED
+CVE-2023-27382
+ RESERVED
+CVE-2023-26587
+ RESERVED
+CVE-2023-26586
+ RESERVED
+CVE-2023-25951
+ RESERVED
+CVE-2023-25757
+ RESERVED
+CVE-2023-25174
+ RESERVED
+CVE-2023-24596
+ RESERVED
+CVE-2023-22437
+ RESERVED
+CVE-2023-1174
+ RESERVED
+CVE-2023-1173
+ RESERVED
+CVE-2023-1172
+ RESERVED
+CVE-2023-1171
+ RESERVED
+CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
+ TODO: check
+CVE-2023-1169
+ RESERVED
+CVE-2015-10089
+ RESERVED
CVE-2023-1168
RESERVED
CVE-2023-1167
@@ -92,8 +208,8 @@ CVE-2020-36665
RESERVED
CVE-2020-36664
RESERVED
-CVE-2020-36663
- RESERVED
+CVE-2020-36663 (A vulnerability, which was classified as problematic, was
found in Art ...)
+ TODO: check
CVE-2023-27539
RESERVED
CVE-2023-27538
@@ -761,8 +877,8 @@ CVE-2023-1080 (The GN Publisher plugin for WordPress is
vulnerable to Reflected
NOT-FOR-US: GN Publisher plugin for WordPress
CVE-2023-27291
RESERVED
-CVE-2023-27290
- RESERVED
+CVE-2023-27290 (Docker based datastores for IBM Instana (IBM Observability
with Instan ...)
+ TODO: check
CVE-2023-27289
RESERVED
CVE-2023-27288
@@ -1874,8 +1990,8 @@ CVE-2023-26781
RESERVED
CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL
Injection. ...)
TODO: check
-CVE-2023-26779
- RESERVED
+CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to
Deserialization which ...)
+ TODO: check
CVE-2023-26778
RESERVED
CVE-2023-26777
@@ -2590,30 +2706,30 @@ CVE-2023-26494
RESERVED
CVE-2023-26493
RESERVED
-CVE-2023-26492
- RESERVED
-CVE-2023-26491
- RESERVED
-CVE-2023-26490
- RESERVED
+CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator.
When the U ...)
+ TODO: check
+CVE-2023-26490 (mailcow is a dockerized email package, with multiple
containers linked ...)
+ TODO: check
CVE-2023-26489
RESERVED
-CVE-2023-26488
- RESERVED
-CVE-2023-26487
- RESERVED
-CVE-2023-26486
- RESERVED
+CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
+ TODO: check
+CVE-2023-26487 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
+ TODO: check
+CVE-2023-26486 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
+ TODO: check
CVE-2023-26485
RESERVED
CVE-2023-26484
RESERVED
-CVE-2023-26483
- RESERVED
+CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service
Provider ...)
+ TODO: check
CVE-2023-26482
RESERVED
-CVE-2023-26481
- RESERVED
+CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an
insufficient ...)
+ TODO: check
CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version
12.10, ...)
NOT-FOR-US: XWiki
CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version
6.0, us ...)
@@ -3037,8 +3153,8 @@ CVE-2023-0970
RESERVED
CVE-2023-0969
RESERVED
-CVE-2023-0968
- RESERVED
+CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
CVE-2023-0967
RESERVED
CVE-2023-0966 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -3400,8 +3516,8 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers
to execute commands via
NOTE: https://bugs.debian.org/1031888
NOTE: https://debbugs.gnu.org/61819
NOTE:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14
-CVE-2023-26213
- RESERVED
+CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before
8 webui- ...)
+ TODO: check
CVE-2023-26212
RESERVED
CVE-2023-26211
@@ -3837,8 +3953,8 @@ CVE-2023-26049
RESERVED
CVE-2023-26048
RESERVED
-CVE-2023-26047
- RESERVED
+CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS
functionalit ...)
+ TODO: check
CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS
functionalit ...)
TODO: check
CVE-2023-26045
@@ -4446,8 +4562,8 @@ CVE-2023-25821 (Nextcloud is an Open Source private cloud
software. Versions 24.
- nextcloud-server <itp> (bug #941708)
CVE-2023-25820
RESERVED
-CVE-2023-25819
- RESERVED
+CVE-2023-25819 (Discourse is an open source platform for community discussion.
Tags th ...)
+ TODO: check
CVE-2023-25818
RESERVED
CVE-2023-25817
@@ -5904,10 +6020,10 @@ CVE-2023-25405
RESERVED
CVE-2023-25404
RESERVED
-CVE-2023-25403
- RESERVED
-CVE-2023-25402
- RESERVED
+CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to
Authentication Bypass ...)
+ TODO: check
+CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload.
There is n ...)
+ TODO: check
CVE-2023-25401
RESERVED
CVE-2023-25400
@@ -7803,12 +7919,12 @@ CVE-2023-24645
RESERVED
CVE-2023-24644
RESERVED
-CVE-2023-24643
- RESERVED
-CVE-2023-24642
- RESERVED
-CVE-2023-24641
- RESERVED
+CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2023-24640
RESERVED
CVE-2023-24639
@@ -9818,12 +9934,12 @@ CVE-2023-23931 (cryptography is a package designed to
expose cryptographic primi
NOTE:
https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696
CVE-2023-23930
RESERVED
-CVE-2023-23929
- RESERVED
+CVE-2023-23929 (vantage6 is a privacy preserving federated learning
infrastructure for ...)
+ TODO: check
CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and
OCaml.`Jose.Jws.v ...)
NOT-FOR-US: reason-jose
-CVE-2023-23927
- RESERVED
+CVE-2023-23927 (Craft is a platform for creating digital experiences. When you
insert ...)
+ TODO: check
CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for
Neo4j. An ...)
NOT-FOR-US: APOC
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API
which is ...)
@@ -11781,8 +11897,8 @@ CVE-2023-23315 (The PrestaShop e-commerce platform
module stripejs contains a Bl
NOT-FOR-US: PrestaShop
CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload
component of ...)
NOT-FOR-US: Zdir
-CVE-2023-23313
- RESERVED
+CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site
Scripting (XSS) ...)
+ TODO: check
CVE-2023-23312
RESERVED
CVE-2023-23311
@@ -16031,6 +16147,7 @@ CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in
GitHub repository microweb
CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository
ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in
tools/tiffcp.c:94 ...)
+ {DSA-5333-1}
- tiff 4.4.0-5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
@@ -19902,8 +20019,8 @@ CVE-2022-46975
RESERVED
CVE-2022-46974
RESERVED
-CVE-2022-46973
- RESERVED
+CVE-2022-46973 (Report v0.9.8.6 was discovered to contain a Server-Side
Request Forger ...)
+ TODO: check
CVE-2022-46972
RESERVED
CVE-2022-46971
@@ -21220,27 +21337,27 @@ CVE-2022-46572
RESERVED
CVE-2022-46571
RESERVED
-CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
CVE-2022-46567
RESERVED
-CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
CVE-2022-46565
RESERVED
CVE-2022-46564
RESERVED
-CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
-CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a
stack ove ...)
+CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08
was discov ...)
NOT-FOR-US: D-Link
CVE-2022-46559
RESERVED
@@ -50082,7 +50199,7 @@ CVE-2022-37132
RESERVED
CVE-2022-37131
RESERVED
-CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04.img a command injection
vulnerability ...)
+CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img
a comma ...)
NOT-FOR-US: D-Link
CVE-2022-37129 (D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command
Injection vi ...)
NOT-FOR-US: D-Link
@@ -51380,7 +51497,7 @@ CVE-2022-36622 (Samsung Electronics mTower v0.3.0 and
earlier was discovered to
NOT-FOR-US: Samsung Electronics mTower
CVE-2022-36621 (Samsung Electronics mTower v0.3.0 and earlier was discovered
to contai ...)
NOT-FOR-US: Samsung Electronics mTower
-CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer
Overflow via ...)
+CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is
vulnera ...)
NOT-FOR-US: D-link
CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset
without a ...)
NOT-FOR-US: D-link
@@ -116888,7 +117005,8 @@ CVE-2021-39619 (In updatePackageMappingsData of
UsageStatsService.java, there is
NOT-FOR-US: Android
CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is
a possi ...)
NOT-FOR-US: Android
-CVE-2021-39617 (In the user interface buttons of PermissionController, there
is a poss ...)
+CVE-2021-39617
+ REJECTED
NOT-FOR-US: Android
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-204686438 ...)
NOT-FOR-US: Android
@@ -124431,8 +124549,8 @@ CVE-2021-36690 (** DISPUTED ** A segmentation fault
can occur in the sqlite3.exe
- sqlite3 3.36.0-2 (unimportant)
[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17
-CVE-2021-36689
- RESERVED
+CVE-2021-36689 (An issue discovered in
com.samourai.wallet.PinEntryActivity.java in St ...)
+ TODO: check
CVE-2021-36688
RESERVED
CVE-2021-36687
@@ -349574,13 +349692,13 @@ CVE-2017-17969 (Heap-based buffer overflow in the
NCompress::NShrink::CDecoder::
NOTE:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
NOTE: Fixed in upstream 18.00-beta.
CVE-2018-3709
- RESERVED
+ REJECTED
CVE-2018-3708
- RESERVED
+ REJECTED
CVE-2018-3707
- RESERVED
+ REJECTED
CVE-2018-3706
- RESERVED
+ REJECTED
CVE-2018-3705 (Improper directory permissions in the installer for the
Intel(R) Syste ...)
NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel
Parallel ...)
@@ -349602,9 +349720,9 @@ CVE-2018-3697 (Improper directory permissions in the
installer for the Intel Med
CVE-2018-3696 (Authentication bypass in the Intel RAID Web Console 3 for
Windows befo ...)
NOT-FOR-US: Intel RAID Web Console
CVE-2018-3695
- RESERVED
+ REJECTED
CVE-2018-3694
- RESERVED
+ REJECTED
CVE-2018-3693 (Systems with microprocessors utilizing speculative execution
and branc ...)
- linux 4.15.11-1
[stretch] - linux 4.9.88-1
@@ -349612,7 +349730,7 @@ CVE-2018-3693 (Systems with microprocessors utilizing
speculative execution and
NOTE: https://01.org/security/advisories/intel-oss-10002
NOTE: Speculative Bounds Checks Bypass with Store (BCBS)
CVE-2018-3692
- RESERVED
+ REJECTED
CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives
Crypto ...)
NOT-FOR-US: Intel
CVE-2018-3690
@@ -349626,7 +349744,7 @@ CVE-2018-3687 (Unquoted service paths in Intel
Quartus II Programmer and Tools i
CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool
before v ...)
NOT-FOR-US: Intel
CVE-2018-3685
- RESERVED
+ REJECTED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 -
15.0 all ...)
NOT-FOR-US: Intel
CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1
- 18.0 ...)
@@ -349634,23 +349752,23 @@ CVE-2018-3683 (Unquoted service paths in Intel
Quartus Prime in versions 15.1 -
CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and
systems pote ...)
NOT-FOR-US: Intel
CVE-2018-3681
- RESERVED
+ REJECTED
CVE-2018-3680
- RESERVED
+ REJECTED
CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center
Manager S ...)
NOT-FOR-US: Intel
CVE-2018-3678
- RESERVED
+ REJECTED
CVE-2018-3677
- RESERVED
+ REJECTED
CVE-2018-3676
- RESERVED
+ REJECTED
CVE-2018-3675
- RESERVED
+ REJECTED
CVE-2018-3674
- RESERVED
+ REJECTED
CVE-2018-3673
- RESERVED
+ REJECTED
CVE-2018-3672 (Driver module in Intel Smart Sound Technology before version
9.21.00.3 ...)
NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application
before 11.4 ...)
@@ -349675,7 +349793,7 @@ CVE-2018-3665 (System software utilizing Lazy FP
state restore technique on syst
NOTE: Default eagerfpu=on on all CPUs:
https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
NOTE: Hard-disable lazy FPU mode:
https://git.kernel.org/linus/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7
CVE-2018-3664
- RESERVED
+ REJECTED
CVE-2018-3663 (Escalation of privilege in Intel Saffron MemoryBase before 11.4
allows ...)
NOT-FOR-US: Intel Saffron MemoryBase
CVE-2018-3662 (Escalation of privilege in Intel Saffron MemoryBase before
version 11. ...)
@@ -349683,7 +349801,7 @@ CVE-2018-3662 (Escalation of privilege in Intel
Saffron MemoryBase before versio
CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities
selview.exe an ...)
NOT-FOR-US: Intel
CVE-2018-3660
- RESERVED
+ REJECTED
CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware
before vers ...)
NOT-FOR-US: Intel
CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware
versions bef ...)
@@ -349691,25 +349809,25 @@ CVE-2018-3658 (Multiple memory leaks in Intel AMT
in Intel CSME firmware version
CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware
versions ...)
NOT-FOR-US: Intel
CVE-2018-3656
- RESERVED
+ REJECTED
CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version
11.21.55, ...)
NOT-FOR-US: Intel
CVE-2018-3654
- RESERVED
+ REJECTED
CVE-2018-3653
- RESERVED
+ REJECTED
CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect
Interface) ...)
NOT-FOR-US: Intel
CVE-2018-3651
- RESERVED
+ REJECTED
CVE-2018-3650 (Insufficient Input Validation in Bleach module in INTEL
Distribution f ...)
NOT-FOR-US: Intel
CVE-2018-3649 (DLL injection vulnerability in the installation executables
(Autorun.e ...)
NOT-FOR-US: Intel
CVE-2018-3648
- RESERVED
+ REJECTED
CVE-2018-3647
- RESERVED
+ REJECTED
CVE-2018-3646 (Systems with microprocessors utilizing speculative execution
and addre ...)
{DSA-4279-1 DSA-4274-1 DLA-1481-1}
- linux 4.17.15-1
@@ -349727,11 +349845,11 @@ CVE-2018-3646 (Systems with microprocessors
utilizing speculative execution and
CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote
Keyboard a ...)
NOT-FOR-US: Intel
CVE-2018-3644
- RESERVED
+ REJECTED
CVE-2018-3643 (A vulnerability in Power Management Controller firmware in
systems usi ...)
NOT-FOR-US: Intel
CVE-2018-3642
- RESERVED
+ REJECTED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote
Keyboard a ...)
NOT-FOR-US: Intel
CVE-2018-3640 (Systems with microprocessors utilizing speculative execution
and that ...)
@@ -349763,9 +349881,9 @@ CVE-2018-3639 (Systems with microprocessors utilizing
speculative execution and
CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote
Keyboard a ...)
NOT-FOR-US: Intel
CVE-2018-3637
- RESERVED
+ REJECTED
CVE-2018-3636
- RESERVED
+ REJECTED
CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store
Techno ...)
NOT-FOR-US: Intel
CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online
Connect Acc ...)
@@ -349775,7 +349893,7 @@ CVE-2018-3633
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in
Intel Conve ...)
NOT-FOR-US: Intel
CVE-2018-3631
- RESERVED
+ REJECTED
CVE-2018-3630
REJECTED
CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management
Technology ...)
@@ -349787,13 +349905,13 @@ CVE-2018-3627 (Logic bug in Intel Converged
Security Management Engine 11.x may
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux)
and 1.9 ...)
NOT-FOR-US: Intel
CVE-2018-3625
- RESERVED
+ REJECTED
CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx,
XMM72xx, XMM7 ...)
NOT-FOR-US: Intel
CVE-2018-3623
- RESERVED
+ REJECTED
CVE-2018-3622
- RESERVED
+ REJECTED
CVE-2018-3621 (Insufficient input validation in the Intel Driver & Support
Assist ...)
NOT-FOR-US: Intel
CVE-2018-3620 (Systems with microprocessors utilizing speculative execution
and addre ...)
@@ -349812,7 +349930,7 @@ CVE-2018-3620 (Systems with microprocessors utilizing
speculative execution and
CVE-2018-3619 (Information disclosure vulnerability in storage media in
systems with ...)
NOT-FOR-US: Intel
CVE-2018-3618
- RESERVED
+ REJECTED
CVE-2018-3617
REJECTED
CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS
implementation ...)
@@ -349824,7 +349942,7 @@ CVE-2018-3615 (Systems with microprocessors utilizing
speculative execution and
NOTE: The 3.20180703.1 release for intel-microcode was the first batch
of updates which targeted
NOTE: most server type CPUs, additional models were supported in the
3.20180807a.1 release
CVE-2018-3614
- RESERVED
+ REJECTED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
NOTE:
https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
CVE-2018-3613 (Logic issue in variable service module for EDK
II/UDK2018/UDK2017/UDK2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f773cfcc8a59be23eab8bbf4ca92c4d9adee3d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f773cfcc8a59be23eab8bbf4ca92c4d9adee3d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
