Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
717f80a8 by Moritz Muehlenhoff at 2023-05-19T11:24:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF
Editor (12.1 ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2023-32680 (Metabase is an open source business analytics engine. To edit
SQL Snip ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to
authentica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Matt ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32322 (Ombi is an open source application which allows users to
request speci ...)
- TODO: check
+ NOT-FOR-US: Ombi
CVE-2023-32100 (Compiler removal of buffer clearing in
sli_se_driver_mac_compute in ...)
NOT-FOR-US: Silicon Labs Gecko Platform SDK
CVE-2023-32099 (Compiler removal of buffer clearing in
sli_se_sign_hashin Sili ...)
@@ -19,15 +19,15 @@ CVE-2023-32097 (Compiler removal of buffer clearing in
sli_crypto_transpar
CVE-2023-32096 (Compiler removal of buffer clearing in
sli_crypto_transparent_ae ...)
NOT-FOR-US: Silicon Labs Gecko Platform SDK
CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that
allows ...)
- TODO: check
+ NOT-FOR-US: OpenText Documentum Content Server
CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation
violation.)
TODO: check
CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail
verificati ...)
- zammad <itp> (bug #841355)
CVE-2023-2800 (Insecure Temporary File in GitHub repository
huggingface/transformers ...)
- TODO: check
+ NOT-FOR-US: Transformers
CVE-2023-2799 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: OA
CVE-2023-2790 (A vulnerability classified as problematic has been found in
TOTOLINK N ...)
NOT-FOR-US: TOTOLINK
CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated
as probl ...)
@@ -1430,7 +1430,7 @@ CVE-2023-31235
CVE-2023-31234
RESERVED
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Haoq ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31232
RESERVED
CVE-2023-31231
@@ -1720,7 +1720,7 @@ CVE-2023-31137 (MaraDNS is open-source software that
implements the Domain Name
CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of
PostgresNIO ...)
NOT-FOR-US: PostgresNIO
CVE-2023-31135 (Dgraph is an open source distributed GraphQL database.
Existing Dgraph ...)
- TODO: check
+ NOT-FOR-US: Dgraph
CVE-2023-31134 (Tauri is software for building applications for multi-platform
deploym ...)
NOT-FOR-US: Tauri
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a
website, ...)
@@ -2492,7 +2492,7 @@ CVE-2023-30870
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital
Downloads plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jon Chri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30867
RESERVED
CVE-2023-30866
@@ -2842,7 +2842,7 @@ CVE-2023-30782
CVE-2023-30781
RESERVED
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30779
RESERVED
CVE-2023-30778
@@ -3534,9 +3534,9 @@ CVE-2023-2027 (The ZM Ajax Login & Register plugin for
WordPress is vulnerable t
CVE-2023-2026
RESERVED
CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to
3.2.5.75 ...)
- TODO: check
+ NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data
Collector ...)
- TODO: check
+ NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2023
RESERVED
CVE-2023-2022
@@ -3907,7 +3907,7 @@ CVE-2023-30489
CVE-2023-30488
RESERVED
CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ThimPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30486
RESERVED
CVE-2023-30485
@@ -3941,7 +3941,7 @@ CVE-2023-30472
CVE-2023-30471
RESERVED
CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode
generati ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in
drivers/nfc/st-nci/n ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
@@ -4317,7 +4317,7 @@ CVE-2023-30335
CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site
scripting ( ...)
NOT-FOR-US: AsmBB
CVE-2023-30333 (An arbitrary file upload vulnerability in the component
/admin/ThemeCo ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2023-30332
RESERVED
CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows
attackers to e ...)
@@ -4739,7 +4739,7 @@ CVE-2023-30126
CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting
(XSS).)
NOT-FOR-US: Eyoucms
CVE-2023-30124 (LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in
the Mem ...)
NOT-FOR-US: wuzhicms
CVE-2023-30122 (An arbitrary file upload vulnerability in the component
/admin/ajax.ph ...)
@@ -5024,7 +5024,7 @@ CVE-2023-29987
CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal
to sibl ...)
NOT-FOR-US: spring-boot-actuator-logview
CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System
v1.0 admin\ ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2023-29984
RESERVED
CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt
cmaps v.8. ...)
@@ -5313,7 +5313,7 @@ CVE-2023-29859
CVE-2023-29858
RESERVED
CVE-2023-29857 (An issue in Teslamate v1.27.1 allows attackers to obtain
sensitive inf ...)
- TODO: check
+ NOT-FOR-US: Teslamate
CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is
vulnerab ...)
NOT-FOR-US: D-Link
CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via
admin/languag ...)
@@ -5594,7 +5594,7 @@ CVE-2023-29722
CVE-2023-29721
RESERVED
CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS)
via index ...)
- TODO: check
+ NOT-FOR-US: SofaWiki
CVE-2023-29719
RESERVED
CVE-2023-29718
@@ -8531,7 +8531,7 @@ CVE-2023-1620
CVE-2023-1619
RESERVED
CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric
Corporation MEL ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial
Automation B&R ...)
NOT-FOR-US: B&R Industrial Automation
CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It
has bee ...)
@@ -9956,7 +9956,7 @@ CVE-2023-28387
CVE-2023-28382
RESERVED
CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper
access co ...)
- TODO: check
+ NOT-FOR-US: Brother
CVE-2023-28367
RESERVED
CVE-2023-27926
@@ -11124,7 +11124,7 @@ CVE-2023-28083 (A remote Cross-site Scripting
vulnerability was discovered in HP
CVE-2023-28082
RESERVED
CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit
e6ed9c1a4b02dc21 ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-28080
RESERVED
CVE-2023-28079
@@ -13006,7 +13006,7 @@ CVE-2023-1134 (Delta Electronics InfraSuite Device
Master versions prior to 1.0.
CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
NOT-FOR-US: Delta Electronics
CVE-2023-1132 (Compiler removal of buffer clearing in
sli_se_driver_key_agreement ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts
Sales ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-1130 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -13153,7 +13153,7 @@ CVE-2023-27432
CVE-2023-27431
RESERVED
CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon
Fincken Mass ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27429
RESERVED
CVE-2023-27428
@@ -13167,7 +13167,7 @@ CVE-2023-27425 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-27424
RESERVED
CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon
Fincken Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27422
RESERVED
CVE-2023-27421
@@ -13820,7 +13820,7 @@ CVE-2023-27219
CVE-2023-27218
RESERVED
CVE-2023-27217 (A stack-based buffer overflow in the ChangeFriendlyName()
function of ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote
authenticated u ...)
NOT-FOR-US: D-Link
CVE-2023-27215
@@ -15985,7 +15985,7 @@ CVE-2023-0967 (Bhima version 1.27.0 allows an attacker
authenticated with normal
CVE-2023-0966 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2023-0965 (Compiler removal of buffer clearing in
sli_cryptoacc_transparent_key_a ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2023-0964 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site
1.0. It ...)
@@ -17072,7 +17072,7 @@ CVE-2023-25935
CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of
cryptog ...)
NOT-FOR-US: Dell
CVE-2023-25933 (A type confusion bug in TypedArray prior to commit
e6ed9c1a4b02dc219de ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-25756
RESERVED
CVE-2023-25546
@@ -17891,7 +17891,7 @@ CVE-2023-25700
CVE-2023-25699
RESERVED
CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio
Wombat Shopp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25697
RESERVED
CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow
Hive Pro ...)
@@ -18461,7 +18461,7 @@ CVE-2023-25570 (Apollo is a configuration management
system. Prior to version 2.
CVE-2023-25569 (Apollo is a configuration management system. Prior to version
2.1.0, a ...)
NOT-FOR-US: Apollo
CVE-2023-25568 (Boxo, formerly known as go-libipfs, is a library for building
IPFS app ...)
- TODO: check
+ NOT-FOR-US: Boxo
CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that
implements ...)
- gss-ntlmssp 1.2.0-1 (bug #1031369)
[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
@@ -20419,9 +20419,9 @@ CVE-2022-4899 (A vulnerability was found in zstd
v1.4.10, where an attacker can
NOTE:
https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa
(v1.5.4)
NOTE: Introduced by
https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726
(v1.4.7)
CVE-2023-24833 (A use-after-free in BigIntPrimitive addition in Hermes prior
to commit ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-24832 (A null pointer dereference bug in Hermes prior to commit
5cae9f72975cf ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One
server b ...)
NOT-FOR-US: Trend Micro
CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to
Stored C ...)
@@ -22818,7 +22818,7 @@ CVE-2023-24001 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-24000
RESERVED
CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23997
@@ -23559,7 +23559,7 @@ CVE-2023-23761 (An improper authentication
vulnerability was identified in GitHu
CVE-2023-23760 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23759 (There is a vulnerability in the fizz library prior to
v2023.01.30.00 w ...)
- TODO: check
+ NOT-FOR-US: Facebook fizz
CVE-2023-23758
RESERVED
CVE-2023-23757
@@ -23850,7 +23850,7 @@ CVE-2023-23669
CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23666
RESERVED
CVE-2023-23665
@@ -24366,9 +24366,9 @@ CVE-2023-23559 (In rndis_query_oid in
drivers/net/wireless/rndis_wlan.c in the L
CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths
in /tmp. ...)
- eternal-terminal <itp> (bug #861635)
CVE-2023-23557 (An error in Hermes' algorithm for copying objects properties
prior to ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-23556 (An error in BigInt conversion to Number in Hermes prior to
commit a6dc ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4
to before ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site
scripting ...)
@@ -33051,7 +33051,7 @@ CVE-2022-47159
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Don ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic
Slider by ...)
@@ -33623,7 +33623,7 @@ CVE-2022-4420
CVE-2022-4419
RESERVED
CVE-2022-4418 (Local privilege escalation due to unrestricted loading of
unsigned lib ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress
plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4244 (A vulnerability classified as problematic has been found in
yikes-inc- ...)
@@ -38036,11 +38036,11 @@ CVE-2022-4038
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
CVE-2022-45459 (Sensitive information disclosure due to insecure registry
permissions. ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45458 (Sensitive information disclosure and manipulation due to
improper cert ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45457 (Sensitive information disclosure and manipulation due to
improper cert ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The
following p ...)
NOT-FOR-US: Acronis
CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation
cleanup. T ...)
@@ -38048,13 +38048,13 @@ CVE-2022-45455 (Local privilege escalation due to
incomplete uninstallation clea
CVE-2022-45454 (Sensitive information disclosure due to insecure folder
permissions. T ...)
NOT-FOR-US: Acronis
CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are
affecte ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45452 (Local privilege escalation due to insecure folder permissions.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45451
RESERVED
CVE-2022-45450 (Sensitive information disclosure and manipulation due to
improper auth ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45449
RESERVED
CVE-2022-45448
@@ -44693,7 +44693,7 @@ CVE-2023-20191
CVE-2023-20190
RESERVED
CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20188
RESERVED
CVE-2023-20187
@@ -44703,11 +44703,11 @@ CVE-2023-20186
CVE-2023-20185
RESERVED
CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center
Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center
Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center
Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20181
RESERVED
CVE-2023-20180
@@ -44723,13 +44723,13 @@ CVE-2023-20176
CVE-2023-20175
RESERVED
CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20170
RESERVED
CVE-2023-20169
@@ -44737,29 +44737,29 @@ CVE-2023-20169
CVE-2023-20168
RESERVED
CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20165
RESERVED
CVE-2023-20164 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20163 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20162 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20161 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20160 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20159 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20158 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20155
RESERVED
CVE-2023-20154
@@ -44851,7 +44851,7 @@ CVE-2023-20112 (A vulnerability in Cisco access point
(AP) software could allow
CVE-2023-20111
RESERVED
CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco
Smart S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20109
RESERVED
CVE-2023-20108
@@ -44859,7 +44859,7 @@ CVE-2023-20108
CVE-2023-20107 (A vulnerability in the deterministic random bit generator
(DRBG), also ...)
NOT-FOR-US: Cisco
CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20105
RESERVED
CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco
Webex App fo ...)
@@ -44897,7 +44897,7 @@ CVE-2023-20089 (A vulnerability in the Link Layer
Discovery Protocol (LLDP) feat
CVE-2023-20088 (A vulnerability in the nginx configurations that are provided
as part ...)
NOT-FOR-US: Cisco
CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20086
RESERVED
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -44917,7 +44917,7 @@ CVE-2023-20079 (Multiple vulnerabilities in the
web-based management interface o
CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface
of cert ...)
NOT-FOR-US: Cisco
CVE-2023-20077 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting
environment could ...)
NOT-FOR-US: Cisco
CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could
allow an ...)
@@ -45030,7 +45030,7 @@ CVE-2023-20026 (A vulnerability in the web-based
management interface of Cisco S
CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20024 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services
Engine (I ...)
NOT-FOR-US: Cisco
CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services
Engine (I ...)
@@ -45072,7 +45072,7 @@ CVE-2023-20005
CVE-2023-20004
RESERVED
CVE-2023-20003 (A vulnerability in the social login configuration option for
the guest ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software
could all ...)
NOT-FOR-US: Cisco
CVE-2023-20001
@@ -65906,11 +65906,11 @@ CVE-2022-36330 (A buffer overflow vulnerability was
discovered on firmware versi
CVE-2022-36329 (An improper privilege management issue that could allow an
attacker to ...)
NOT-FOR-US: Western Digital
CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that
could ar ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36325 (Affected devices do not properly sanitize data introduced by
an user w ...)
NOT-FOR-US: Siemens
CVE-2022-36324 (Affected devices do not properly handle the renegotiation of
SSL/TLS p ...)
@@ -67369,7 +67369,7 @@ CVE-2022-35800 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability.)
@@ -164676,7 +164676,7 @@ CVE-2021-26367
CVE-2021-26366 (An attacker, who gained elevated privileges via some other
vulnerabili ...)
NOT-FOR-US: AMD
CVE-2021-26365 (Certain size values in firmware binary headers could trigger
out of bo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could
allow an ...)
NOT-FOR-US: AMD
CVE-2021-26363 (A malicious or compromised UApp or ABL could potentially
change the va ...)
@@ -189862,7 +189862,7 @@ CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of
the PowerVR kernel driver,
CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel
driver, a mis ...)
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0877 (Product: AndroidVersions: Android SoCAndroid ID: A-273754094)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR
kernel driv ...)
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a
missing ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717f80a8f7e93f30d7a6f9f184903c1526d1e517
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717f80a8f7e93f30d7a6f9f184903c1526d1e517
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
