Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23bb7f67 by security tracker role at 2023-12-20T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,130 @@
-CVE-2023-37544
+CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
+ TODO: check
+CVE-2023-6912 (Lack of protection against brute force attacks in M-Files
Server befor ...)
+ TODO: check
+CVE-2023-6910 (A vulnerable API method in M-Files Server before 23.12.13195.0
allows ...)
+ TODO: check
+CVE-2023-6784 (A malicious user could potentially use the Sitefinity system
for the d ...)
+ TODO: check
+CVE-2023-6769 (Stored XSS vulnerability in Amazing Little Poll, affecting
versions 1. ...)
+ TODO: check
+CVE-2023-6768 (Authentication bypass vulnerability in Amazing Little Poll
affecting v ...)
+ TODO: check
+CVE-2023-6562 (JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows
an att ...)
+ TODO: check
+CVE-2023-5011 (Student Information System v1.0 is vulnerable to multiple
Authenticate ...)
+ TODO: check
+CVE-2023-5010 (Student Information System v1.0 is vulnerable to multiple
Authenticate ...)
+ TODO: check
+CVE-2023-5007 (Student Information System v1.0 is vulnerable to multiple
Authenticate ...)
+ TODO: check
+CVE-2023-51462 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-51461 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-51460 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-51459 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-51458 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-51457 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-50628 (Buffer Overflow vulnerability in libming version 0.4.8, allows
attacke ...)
+ TODO: check
+CVE-2023-50249 (Sentry-Javascript is official Sentry SDKs for JavaScript. A
ReDoS (Reg ...)
+ TODO: check
+CVE-2023-50044 (Buffer Overflow vulnerability in Cesanta MJS version 2.22.0,
allows at ...)
+ TODO: check
+CVE-2023-49825 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-49814 (Unrestricted Upload of File with Dangerous Type vulnerability
in Symbi ...)
+ TODO: check
+CVE-2023-49776 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-49773 (Deserialization of Untrusted Data vulnerability in Tim
Brattberg BCorp ...)
+ TODO: check
+CVE-2023-49772 (Deserialization of Untrusted Data vulnerability in Phpbits
Creative St ...)
+ TODO: check
+CVE-2023-49752 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-49272 (Hotel Management v1.0 is vulnerable to multiple authenticated
Reflecte ...)
+ TODO: check
+CVE-2023-49271 (Hotel Management v1.0 is vulnerable to multiple authenticated
Reflecte ...)
+ TODO: check
+CVE-2023-49270 (Hotel Management v1.0 is vulnerable to multiple authenticated
Reflecte ...)
+ TODO: check
+CVE-2023-49269 (Hotel Management v1.0 is vulnerable to multiple authenticated
Reflecte ...)
+ TODO: check
+CVE-2023-49166 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-49161 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-47990 (SQL Injection vulnerability in
components/table_manager/html/edit_admi ...)
+ TODO: check
+CVE-2023-47852 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-47784 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2023-47507 (Deserialization of Untrusted Data vulnerability in Master
Slider Maste ...)
+ TODO: check
+CVE-2023-47236 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-47118 (ClickHouse\xae is an open-source column-oriented database
management s ...)
+ TODO: check
+CVE-2023-46311 (Authorization Bypass Through User-Controlled Key vulnerability
in gVec ...)
+ TODO: check
+CVE-2023-46149 (Unrestricted Upload of File with Dangerous Type vulnerability
in Themi ...)
+ TODO: check
+CVE-2023-46147 (Deserialization of Untrusted Data vulnerability in Themify
Themify Ult ...)
+ TODO: check
+CVE-2023-45603 (Unrestricted Upload of File with Dangerous Type vulnerability
in Jeff ...)
+ TODO: check
+CVE-2023-41796 (Authorization Bypass Through User-Controlled Key vulnerability
in WP S ...)
+ TODO: check
+CVE-2023-40555 (Deserialization of Untrusted Data vulnerability in UX-themes
Flatsome ...)
+ TODO: check
+CVE-2023-40204 (Unrestricted Upload of File with Dangerous Type vulnerability
in Premi ...)
+ TODO: check
+CVE-2023-40010 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3742 (Insufficient policy enforcement in ADB in Google Chrome on
ChromeOS pr ...)
+ TODO: check
+CVE-2023-38519 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-38513 (Authorization Bypass Through User-Controlled Key vulnerability
in Jord ...)
+ TODO: check
+CVE-2023-37871 (Authorization Bypass Through User-Controlled Key vulnerability
in WooC ...)
+ TODO: check
+CVE-2023-36520 (Authorization Bypass Through User-Controlled Key vulnerability
in Mark ...)
+ TODO: check
+CVE-2023-35916 (Authorization Bypass Through User-Controlled Key vulnerability
in Auto ...)
+ TODO: check
+CVE-2023-35915 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-35914 (Authorization Bypass Through User-Controlled Key vulnerability
in WooC ...)
+ TODO: check
+CVE-2023-35895 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to
remote code e ...)
+ TODO: check
+CVE-2023-35876 (Authorization Bypass Through User-Controlled Key vulnerability
in WooC ...)
+ TODO: check
+CVE-2023-34385 (Unrestricted Upload of File with Dangerous Type vulnerability
in Aksha ...)
+ TODO: check
+CVE-2023-34007 (Unrestricted Upload of File with Dangerous Type vulnerability
in WPChi ...)
+ TODO: check
+CVE-2023-33330 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-33318 (Unrestricted Upload of File with Dangerous Type vulnerability
in WooCo ...)
+ TODO: check
+CVE-2023-33209 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32743 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32590 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32128 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-37544 (Improper Authentication vulnerability in Apache Pulsar
WebSocket Proxy ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-6977 (This vulnerability enables malicious users to read sensitive
files on ...)
NOT-FOR-US: mlflow
@@ -193,6 +319,7 @@ CVE-2023-50761 (The signature of a digitally signed S/MIME
email message may opt
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.
This iss ...)
+ {DSA-5581-1}
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
@@ -203,6 +330,7 @@ CVE-2023-6873 (Memory safety bugs present in Firefox 120.
Some of these bugs sho
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5,
and Thun ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -210,6 +338,7 @@ CVE-2023-6864 (Memory safety bugs present in Firefox 120,
Firefox ESR 115.5, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially
undefined beha ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
@@ -230,6 +359,7 @@ CVE-2023-6868 (In some instances, the user-agent would
allow push requests which
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a
heap buff ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -237,11 +367,13 @@ CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method
was susceptible to a heap
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
CVE-2023-6867 (The timing of a button click causing a popup to disappear was
approxim ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures
produced ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -252,6 +384,7 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked
proper exception handling.
- firefox 121.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when
under mem ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -259,6 +392,7 @@ CVE-2023-6859 (A use-after-free condition affected TLS
socket creation when unde
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in
`nsTextFragment` ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -266,6 +400,7 @@ CVE-2023-6858 (Firefox was susceptible to a heap buffer
overflow in `nsTextFragm
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer
passed to ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -273,11 +408,13 @@ CVE-2023-6857 (When resolving a symlink, a race may occur
where the buffer passe
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing
uninitialized dat ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a
heap buf ...)
+ {DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -2198,7 +2335,8 @@ CVE-2023-45292 (When using the default implementation of
Verify to check a Captc
NOT-FOR-US: base64Captcha
CVE-2023-42932 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
-CVE-2023-42927 (A privacy issue was addressed with improved private data
redaction for ...)
+CVE-2023-42927
+ REJECTED
NOT-FOR-US: Apple
CVE-2023-42926 (Multiple memory corruption issues were addressed with improved
input v ...)
NOT-FOR-US: Apple
@@ -33224,8 +33362,8 @@ CVE-2023-31233 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31231
- RESERVED
+CVE-2023-31231 (Unrestricted Upload of File with Dangerous Type vulnerability
in Unlim ...)
+ TODO: check
CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir
Baidu Tong ...)
NOT-FOR-US: Haoqisir Baidu Tongji generator
CVE-2023-31229
@@ -33352,8 +33490,8 @@ CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate
Member plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31215
- RESERVED
+CVE-2023-31215 (Unrestricted Upload of File with Dangerous Type vulnerability
in Amade ...)
+ TODO: check
CVE-2023-31214
RESERVED
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -33724,8 +33862,8 @@ CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in La
NOT-FOR-US: WooCommerce plugin
CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly
Chronosly ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31092
- RESERVED
+CVE-2023-31092 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31090
@@ -34345,8 +34483,8 @@ CVE-2023-30874 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-30873
RESERVED
-CVE-2023-30872
- RESERVED
+CVE-2023-30872 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
PT Woo P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30870
@@ -34916,8 +35054,8 @@ CVE-2023-30752 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in iCon ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30750
- RESERVED
+CVE-2023-30750 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in ihom ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30748
@@ -35832,8 +35970,8 @@ CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Si
NOT-FOR-US: WordPress plugin
CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30495
- RESERVED
+CVE-2023-30495 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ImageRec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Themefic ...)
@@ -38435,8 +38573,8 @@ CVE-2023-29434 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-29433
RESERVED
-CVE-2023-29432
- RESERVED
+CVE-2023-29432 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-29431
RESERVED
CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
CTHtheme ...)
@@ -38751,8 +38889,8 @@ CVE-2023-29386
RESERVED
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kevon Ad ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29384
- RESERVED
+CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability
in HM Pl ...)
+ TODO: check
CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not
properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository
sidekiq/si ...)
@@ -39639,8 +39777,8 @@ CVE-2023-29104 (A vulnerability has been identified in
SIMATIC Cloud Connect 7 C
NOT-FOR-US: Siemens
CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7
CC712 ( ...)
NOT-FOR-US: Siemens
-CVE-2023-29102
- RESERVED
+CVE-2023-29102 (Unrestricted Upload of File with Dangerous Type vulnerability
in Olive ...)
+ TODO: check
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Muffingr ...)
NOT-FOR-US: Muffingroup
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Dream-Th ...)
@@ -39651,8 +39789,8 @@ CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ar
NOT-FOR-US: WordPress plugin
CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in a3r ...)
NOT-FOR-US: WordPress Plugin
-CVE-2023-29096
- RESERVED
+CVE-2023-29096 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F.
Carr RSV ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in PI W ...)
@@ -40805,8 +40943,8 @@ CVE-2023-28790 (Auth. (editor+) Stored Cross-Site
Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cimatti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28788
- RESERVED
+CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-28787
RESERVED
CVE-2023-28786
@@ -40817,8 +40955,8 @@ CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Co
NOT-FOR-US: WordPress plugin
CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress Plugin
-CVE-2023-28782
- RESERVED
+CVE-2023-28782 (Deserialization of Untrusted Data vulnerability in
Rocketgenius Inc. G ...)
+ TODO: check
CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Cimatti Con ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast
Local P ...)
@@ -41812,8 +41950,8 @@ CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site
Scripting (XSS) vulnerab
NOT-FOR-US: Wordpress theme
CVE-2023-28492
RESERVED
-CVE-2023-28491
- RESERVED
+CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Estatik ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE
(All vers ...)
@@ -43025,8 +43163,8 @@ CVE-2023-28172 (Cross-Site Request Forgery (CSRF)
vulnerability in flippercode W
NOT-FOR-US: WordPress plugin
CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: WordPress theme
-CVE-2023-28170
- RESERVED
+CVE-2023-28170 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Core ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28168
@@ -47719,8 +47857,8 @@ CVE-2023-26527 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26526
RESERVED
-CVE-2023-26525
- RESERVED
+CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech
Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26523
@@ -49381,8 +49519,8 @@ CVE-2023-25972 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD
Educare plugi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25970
- RESERVED
+CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zendr ...)
+ TODO: check
CVE-2023-25969
RESERVED
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs,
Madalin ...)
@@ -55515,8 +55653,8 @@ CVE-2023-23972 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Code ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23970
- RESERVED
+CVE-2023-23970 (Unrestricted Upload of File with Dangerous Type vulnerability
in WooRo ...)
+ TODO: check
CVE-2023-23907 (A directory traversal vulnerability exists in the server.js
start func ...)
NOT-FOR-US: MilesightVPN
CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login
functionali ...)
@@ -63067,12 +63205,12 @@ CVE-2022-47601
RESERVED
CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47599
- RESERVED
+CVE-2022-47599 (Deserialization of Untrusted Data vulnerability in File
Manager by Bit ...)
+ TODO: check
CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP P ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47597
- RESERVED
+CVE-2022-47597 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jeff ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -74385,8 +74523,8 @@ CVE-2022-44686
RESERVED
CVE-2022-44685
RESERVED
-CVE-2022-44684
- RESERVED
+CVE-2022-44684 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability)
+ TODO: check
CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability)
@@ -83697,7 +83835,7 @@ CVE-2022-42004 (In FasterXML jackson-databind before
2.13.4, resource exhaustion
NOTE: https://github.com/FasterXML/jackson-databind/issues/3582
NOTE:
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
(jackson-databind-2.13.4)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
-CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource
exhaustion c ...)
+CVE-2022-42003 (In FasterXML jackson-databind before versions 2.13.4.1 and
2.12.17.1, ...)
{DSA-5283-1 DLA-3207-1}
- jackson-databind 2.14.0-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/3590
@@ -86297,9 +86435,9 @@ CVE-2022-41085 (Azure CycleCloud Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41084
RESERVED
-CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability.)
+CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability.)
+CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
@@ -86377,33 +86515,33 @@ CVE-2022-41045 (Windows Advanced Local Procedure Call
(ALPC) Elevation of Privil
NOT-FOR-US: Microsoft
CVE-2022-41044 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability.)
+CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability.)
+CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41041
RESERVED
-CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege
Vulnerability.)
+CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41039 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
+CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
+CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
+CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability.)
+CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability.)
+CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege
Vulnerability ...)
+CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability.)
+CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability)
- nuget <not-affected> (Vulnerable code not present)
NOTE:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032
NOTE:
https://github.com/NuGet/NuGet.Client/commit/3c1bf9decc8a114c091a6164c42f524ae2bb1e21
(6.3.1.1)
-CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability.)
+CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
@@ -94631,45 +94769,45 @@ CVE-2022-2727 (A vulnerability was found in
SourceCodester Gym Management System
NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2726 (A vulnerability classified as critical has been found in
SEMCMS. This ...)
NOT-FOR-US: SEMCMS
-CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
+CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38052
RESERVED
-CVE-2022-38051 (Windows Graphics Component Elevation of Privilege
Vulnerability. This ...)
+CVE-2022-38051 (Windows Graphics Component Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability.)
+CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability.)
+CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability.)
+CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38047 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability.)
+CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38045 (Server Service Remote Protocol Elevation of Privilege
Vulnerability.)
+CVE-2022-38045 (Windows Server Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution
Vulnerability.)
+CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38043 (Windows Security Support Provider Interface Information
Disclosure Vul ...)
NOT-FOR-US: Microsoft
-CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege
Vulnerability.)
+CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability.)
+CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability.)
+CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service
Vulnerability.)
+CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38035
RESERVED
-CVE-2022-38034 (Windows Workstation Service Elevation of Privilege
Vulnerability.)
+CVE-2022-38034 (Windows Workstation Service Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38033 (Windows Server Remotely Accessible Registry Keys Information
Disclosur ...)
NOT-FOR-US: Microsoft
@@ -94677,15 +94815,15 @@ CVE-2022-38032 (Windows Portable Device Enumerator
Service Security Feature Bypa
NOT-FOR-US: Microsoft
CVE-2022-38031 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-38030 (Windows USB Serial Driver Information Disclosure
Vulnerability.)
+CVE-2022-38030 (Windows USB Serial Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability.)
+CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability.)
+CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability.)
+CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability.)
+CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure
Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -94696,17 +94834,17 @@ CVE-2022-38023 (Netlogon RPC Elevation of Privilege
Vulnerability)
NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html
NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
-CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of
Privilege Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability.)
+CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38018
RESERVED
-CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability.)
+CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
@@ -94714,11 +94852,11 @@ CVE-2022-38015 (Windows Hyper-V Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of
Privilege Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability.)
+CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability.)
+CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38010 (Microsoft Office Visio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -94734,23 +94872,23 @@ CVE-2022-38005 (Windows Print Spooler Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-38003 (Windows Resilient File System Elevation of Privilege.)
+CVE-2022-38003 (Windows Resilient File System Elevation of Privilege)
NOT-FOR-US: Microsoft
CVE-2022-38002
RESERVED
-CVE-2022-38001 (Microsoft Office Spoofing Vulnerability.)
+CVE-2022-38001 (Microsoft Office Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-38000 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-37999 (Windows Group Policy Preference Client Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability. T ...)
+CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37997 (Windows Graphics Component Elevation of Privilege
Vulnerability. This ...)
+CVE-2022-37997 (Windows Graphics Component Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability.)
+CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
@@ -94758,53 +94896,53 @@ CVE-2022-37993 (Windows Group Policy Preference
Client Elevation of Privilege Vu
NOT-FOR-US: Microsoft
CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37989 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
NOT-FOR-US: Microsoft
-CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37987 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
NOT-FOR-US: Microsoft
-CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability.)
+CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37985 (Windows Graphics Component Information Disclosure
Vulnerability.)
+CVE-2022-37985 (Windows Graphics Component Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability.)
+CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege
Vulnerability.)
+CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37982 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability.)
+CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability.)
+CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability.)
+CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature
Bypass.)
+CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature
Bypass)
NOT-FOR-US: Microsoft
CVE-2022-37977 (Local Security Authority Subsystem Service (LSASS) Denial of
Service V ...)
NOT-FOR-US: Microsoft
CVE-2022-37976 (Active Directory Certificate Services Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability.)
+CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37974 (Windows Mixed Reality Developer Tools Information Disclosure
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability. T ...)
+CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing
Vulnerability.)
+CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege
Vulnerability.)
+CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability.)
+CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of
Privilege Vu ...)
+CVE-2022-37968 (<p>Microsoft has identified a vulnerability affecting the
cluster conn ...)
NOT-FOR-US: Microsoft
CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
@@ -100474,7 +100612,7 @@ CVE-2022-35831 (Windows Remote Access Connection
Manager Information Disclosure
NOT-FOR-US: Microsoft
CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability.)
+CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege
Vulnera ...)
NOT-FOR-US: Microsoft
@@ -100592,7 +100730,7 @@ CVE-2022-35772 (Azure Site Recovery Remote Code
Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35770 (Windows NTLM Spoofing Vulnerability.)
+CVE-2022-35770 (Windows NTLM Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
@@ -103695,7 +103833,7 @@ CVE-2022-34691 (Active Directory Domain Services
Elevation of Privilege Vulnerab
NOT-FOR-US: Microsoft
CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability.)
+CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34688
RESERVED
@@ -106783,7 +106921,7 @@ CVE-2022-33647 (Windows Kerberos Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability.)
+CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -106803,7 +106941,7 @@ CVE-2022-33637 (Microsoft Defender for Endpoint
Tampering Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability.)
+CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33634 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
@@ -126251,7 +126389,7 @@ CVE-2022-26931 (Windows Kerberos Elevation of
Privilege Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-26930 (Windows Remote Access Connection Manager Information
Disclosure Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability.)
+CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -133516,7 +133654,7 @@ CVE-2022-24482 (Windows ALPC Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability.)
+CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of
Privilege Vulner ...)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23bb7f67b106896813a35dcfab6c0f11c9550f18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23bb7f67b106896813a35dcfab6c0f11c9550f18
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
