Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68242b53 by Moritz Muehlenhoff at 2023-07-10T09:21:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20269,7 +20269,7 @@ CVE-2023-26820 (siteproxy v1.0 was discovered to
contain a path traversal vulner
CVE-2023-26819
RESERVED
CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted
files, ...)
- TODO: check
+ NOT-FOR-US: Telegram on MacOS
CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to
contain a r ...)
NOT-FOR-US: codefever
CVE-2023-26816
@@ -24257,7 +24257,7 @@ CVE-2023-25522 (NVIDIA DGX A100/A800 contains a
vulnerability in SBIOS where an
CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where
an attack ...)
NOT-FOR-US: NVIDIA
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
nvbootc ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25519
RESERVED
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the
PCIe contro ...)
@@ -54258,7 +54258,7 @@ CVE-2022-42862 (This issue was addressed by removing
the vulnerable code. This i
CVE-2022-42861 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-42860 (This issue was addressed with improved checks to prevent
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable
code. This i ...)
NOT-FOR-US: Apple
CVE-2022-42858 (A memory corruption issue was addressed with improved input
validation ...)
@@ -54316,7 +54316,7 @@ CVE-2022-42836
CVE-2022-42835
REJECTED
CVE-2022-42834 (An access issue was addressed with improved access
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42833 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2022-42832 (A race condition was addressed with improved locking. This
issue is fi ...)
@@ -54379,7 +54379,7 @@ CVE-2022-42809 (The issue was addressed with improved
memory handling. This issu
CVE-2022-42808 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-42807 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42806 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-42805 (An integer overflow was addressed with improved input
validation. This ...)
@@ -54412,7 +54412,7 @@ CVE-2022-42794
CVE-2022-42793 (An issue in code signature validation was addressed with
improved chec ...)
NOT-FOR-US: Apple
CVE-2022-42792 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42791 (A race condition was addressed with improved state handling.
This issu ...)
NOT-FOR-US: Apple
CVE-2022-42790 (A logic issue was addressed with improved state management.
This issue ...)
@@ -56144,7 +56144,7 @@ CVE-2022-42177
CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded
Credentials in con ...)
NOT-FOR-US: PCTechSoft PCSecure
CVE-2022-42175 (Insecure Direct Object Reference vulnerability in WHMCS module
SolusVM ...)
- TODO: check
+ NOT-FOR-US: WHMCS module SolusVM
CVE-2022-42174
RESERVED
CVE-2022-42173
@@ -81694,7 +81694,7 @@ CVE-2022-32668
CVE-2022-32667
REJECTED
CVE-2022-32666 (In Wi-Fi, there is a possible low throughput due to
misrepresentation ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32665 (In Boa, there is a possible command injection due to improper
input va ...)
NOT-FOR-US: MediaTek
CVE-2022-32664 (In Config Manager, there is a possible command injection due
to improp ...)
@@ -92318,13 +92318,13 @@ CVE-2022-29149 (Azure Open Management Infrastructure
(OMI) Elevation of Privileg
CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-29147 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29146 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29145 (.NET and Visual Studio Denial of Service Vulnerability. This
CVE ID is ...)
NOT-FOR-US: Microsoft .NET
CVE-2022-29144 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29143 (Microsoft SQL Server Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
@@ -98941,7 +98941,7 @@ CVE-2022-26901 (Microsoft Excel Remote Code Execution
Vulnerability)
CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26899 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26898 (Azure Site Recovery Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26897 (Azure Site Recovery Information Disclosure Vulnerability)
@@ -105483,7 +105483,7 @@ CVE-2022-0548
CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30)
allows a ...)
NOT-FOR-US: Mirametrix Glance
CVE-2022-24695 (Bluetooth Classic in Bluetooth Core Specification through 5.3
does not ...)
- TODO: check
+ NOT-FOR-US: Bluetooth protocol issue
CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and
21.10 before ...)
- mahara <removed>
CVE-2022-24693 (Baicells Nova436Q and Neutrino 430 devices with firmware
through QRTB ...)
@@ -110836,7 +110836,7 @@ CVE-2022-23266 (Microsoft Defender for IoT Elevation
of Privilege Vulnerability)
CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-23264 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
@@ -113266,7 +113266,7 @@ CVE-2022-22632 (A logic issue was addressed with
improved state management. This
CVE-2022-22631 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-22630 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22629 (A buffer overflow issue was addressed with improved memory
handling. T ...)
{DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
@@ -129946,7 +129946,7 @@ CVE-2021-42309 (Microsoft SharePoint Server Remote
Code Execution Vulnerability
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID
is unique ...)
@@ -149594,7 +149594,7 @@ CVE-2021-34508 (Windows Kernel Remote Code Execution
Vulnerability This CVE ID i
CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34506 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34505
RESERVED
CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability)
@@ -149656,7 +149656,7 @@ CVE-2021-34477 (Visual Studio Code .NET Runtime
Elevation of Privilege Vulnerabi
CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34475 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
@@ -156159,7 +156159,7 @@ CVE-2021-31984 (Power BI Remote Code Execution
Vulnerability)
CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is
unique fro ...)
NOT-FOR-US: Microsoft
CVE-2021-31982 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31981
RESERVED
CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution
Vulnerabil ...)
@@ -156249,7 +156249,7 @@ CVE-2021-31939 (Microsoft Excel Remote Code Execution
Vulnerability)
CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of
Privilege Vul ...)
NOT-FOR-US: Microsoft
CVE-2021-31937 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31936 (Microsoft Accessibility Insights for Web Information
Disclosure Vulner ...)
NOT-FOR-US: Microsoft
CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted
distribution ...)
@@ -157165,7 +157165,7 @@ CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2,
1.3, 2.0, 2.1, 2.2, 2.2.1, 3
CVE-2021-31636
RESERVED
CVE-2021-31635 (Server-Side Template Injection (SSTI) vulnerability in jFinal
v.4.9.08 ...)
- TODO: check
+ NOT-FOR-US: jFinal
CVE-2021-31634
RESERVED
CVE-2021-31633
@@ -160983,11 +160983,11 @@ CVE-2021-30207
CVE-2021-30206
RESERVED
CVE-2021-30205 (Incorrect access control in the component
/index.php?mod=system&op=org ...)
- TODO: check
+ NOT-FOR-US: dzzoffice
CVE-2021-30204
RESERVED
CVE-2021-30203 (A reflected cross-site scripting (XSS) vulnerability in the
zero param ...)
- TODO: check
+ NOT-FOR-US: dzzoffice
CVE-2021-30202
RESERVED
CVE-2021-30201 (The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the
system. ...)
@@ -167202,7 +167202,7 @@ CVE-2021-27827
CVE-2021-27826
RESERVED
CVE-2021-27825 (A directory traversal vulnerability on Mercury MAC1200R
devices allows ...)
- TODO: check
+ NOT-FOR-US: Mercury MAC1200R devices
CVE-2021-27824
RESERVED
CVE-2021-27823 (An information disclosure vulnerability was discovered in
/index.class ...)
@@ -172299,9 +172299,9 @@ CVE-2021-25830 (A file extension handling issue was
found in [core] module of ON
CVE-2021-25829 (An improper binary stream data handling issue was found in the
[core] ...)
NOT-FOR-US: ONLYOFFICE DocumentServer
CVE-2021-25828 (Emby Server versions < 4.6.0.50 is vulnerable to Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: Emby server
CVE-2021-25827 (Emby Server < 4.7.12.0 is vulnerable to a login bypass attack
by setti ...)
- TODO: check
+ NOT-FOR-US: Emby server
CVE-2021-25826
RESERVED
CVE-2021-25825
@@ -195676,7 +195676,7 @@ CVE-2021-0947 (The method
PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt
CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates
puiMemspaceNameI ...)
NOT-FOR-US: Android
CVE-2021-0945 (In _PMRCreate of the PowerVR kernel driver, a missing bounds
check mea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0944
RESERVED
CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write
due to ...)
@@ -196196,7 +196196,7 @@ CVE-2021-0703 (In SecondStageMain of init.cpp, there
is a possible use after fre
CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way
to share ...)
NOT-FOR-US: Android
CVE-2021-0701 (In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a
missin ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0700
RESERVED
CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due
to a m ...)
@@ -201707,11 +201707,11 @@ CVE-2020-26712 (REDCap 10.3.4 contains a SQL
injection vulnerability in the ToDo
CVE-2020-26711
RESERVED
CVE-2020-26710 (easy-parse v0.1.1 was discovered to contain a XML External
Entity Inje ...)
- TODO: check
+ NOT-FOR-US: easy-parse
CVE-2020-26709 (py-xml v1.0 was discovered to contain an XML External Entity
Injection ...)
- TODO: check
+ NOT-FOR-US: py-xml
CVE-2020-26708 (requests-xml v0.2.3 was discovered to contain an XML External
Entity I ...)
- TODO: check
+ NOT-FOR-US: requests-xml
CVE-2020-26707 (An issue was discovered in the add function in Shenzhim AAPTJS
1.3.1 w ...)
NOT-FOR-US: aaptjs
CVE-2020-26706
@@ -209497,7 +209497,7 @@ CVE-2020-23454
CVE-2020-23453
RESERVED
CVE-2020-23452 (A cross-site scripting (XSS) vulnerability in Selenium Grid
v3.141.59 ...)
- TODO: check
+ NOT-FOR-US: Selenium Grid
CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can
lead to ...)
NOT-FOR-US: Spiceworks
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name
typed on ...)
@@ -210350,9 +210350,9 @@ CVE-2020-23068
CVE-2020-23067
RESERVED
CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and
before and v ...)
- TODO: check
+ - tinymce <removed>
CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish
Platform ...)
- TODO: check
+ NOT-FOR-US: eZ Systems AS eZPublish
CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x
before ...)
- jquery <removed>
NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-565129
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68242b538236a2b62c01e53cead07641a92c8851
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68242b538236a2b62c01e53cead07641a92c8851
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
