Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 717f80a8 by Moritz Muehlenhoff at 2023-05-19T11:24:16+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,13 +1,13 @@ CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...) - TODO: check + NOT-FOR-US: Foxit CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...) - TODO: check + NOT-FOR-US: Metabase CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authentica ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...) NOT-FOR-US: WordPress plugin CVE-2023-32322 (Ombi is an open source application which allows users to request speci ...) - TODO: check + NOT-FOR-US: Ombi CVE-2023-32100 (Compiler removal of buffer clearing in sli_se_driver_mac_compute in ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-32099 (Compiler removal of buffer clearing in sli_se_sign_hashin Sili ...) @@ -19,15 +19,15 @@ CVE-2023-32097 (Compiler removal of buffer clearing in sli_crypto_transpar CVE-2023-32096 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that allows ...) - TODO: check + NOT-FOR-US: OpenText Documentum Content Server CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation violation.) TODO: check CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...) - zammad <itp> (bug #841355) CVE-2023-2800 (Insecure Temporary File in GitHub repository huggingface/transformers ...) - TODO: check + NOT-FOR-US: Transformers CVE-2023-2799 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: OA CVE-2023-2790 (A vulnerability classified as problematic has been found in TOTOLINK N ...) NOT-FOR-US: TOTOLINK CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated as probl ...) @@ -1430,7 +1430,7 @@ CVE-2023-31235 CVE-2023-31234 RESERVED CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31232 RESERVED CVE-2023-31231 @@ -1720,7 +1720,7 @@ CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO ...) NOT-FOR-US: PostgresNIO CVE-2023-31135 (Dgraph is an open source distributed GraphQL database. Existing Dgraph ...) - TODO: check + NOT-FOR-US: Dgraph CVE-2023-31134 (Tauri is software for building applications for multi-platform deploym ...) NOT-FOR-US: Tauri CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...) @@ -2492,7 +2492,7 @@ CVE-2023-30870 CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Chri ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30867 RESERVED CVE-2023-30866 @@ -2842,7 +2842,7 @@ CVE-2023-30782 CVE-2023-30781 RESERVED CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30779 RESERVED CVE-2023-30778 @@ -3534,9 +3534,9 @@ CVE-2023-2027 (The ZM Ajax Login & Register plugin for WordPress is vulnerable t CVE-2023-2026 RESERVED CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 ...) - TODO: check + NOT-FOR-US: OpenBlue Enterprise Manager Data Collector CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...) - TODO: check + NOT-FOR-US: OpenBlue Enterprise Manager Data Collector CVE-2023-2023 RESERVED CVE-2023-2022 @@ -3907,7 +3907,7 @@ CVE-2023-30489 CVE-2023-30488 RESERVED CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30486 RESERVED CVE-2023-30485 @@ -3941,7 +3941,7 @@ CVE-2023-30472 CVE-2023-30471 RESERVED CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.25-1 @@ -4317,7 +4317,7 @@ CVE-2023-30335 CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...) NOT-FOR-US: AsmBB CVE-2023-30333 (An arbitrary file upload vulnerability in the component /admin/ThemeCo ...) - TODO: check + NOT-FOR-US: PerfreeBlog CVE-2023-30332 RESERVED CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...) @@ -4739,7 +4739,7 @@ CVE-2023-30126 CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Eyoucms CVE-2023-30124 (LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).) - TODO: check + NOT-FOR-US: LavaLite CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...) NOT-FOR-US: wuzhicms CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...) @@ -5024,7 +5024,7 @@ CVE-2023-29987 CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibl ...) NOT-FOR-US: spring-boot-actuator-logview CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System v1.0 admin\ ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2023-29984 RESERVED CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...) @@ -5313,7 +5313,7 @@ CVE-2023-29859 CVE-2023-29858 RESERVED CVE-2023-29857 (An issue in Teslamate v1.27.1 allows attackers to obtain sensitive inf ...) - TODO: check + NOT-FOR-US: Teslamate CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...) NOT-FOR-US: D-Link CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...) @@ -5594,7 +5594,7 @@ CVE-2023-29722 CVE-2023-29721 RESERVED CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...) - TODO: check + NOT-FOR-US: SofaWiki CVE-2023-29719 RESERVED CVE-2023-29718 @@ -8531,7 +8531,7 @@ CVE-2023-1620 CVE-2023-1619 RESERVED CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...) NOT-FOR-US: B&R Industrial Automation CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...) @@ -9956,7 +9956,7 @@ CVE-2023-28387 CVE-2023-28382 RESERVED CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...) - TODO: check + NOT-FOR-US: Brother CVE-2023-28367 RESERVED CVE-2023-27926 @@ -11124,7 +11124,7 @@ CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HP CVE-2023-28082 RESERVED CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-28080 RESERVED CVE-2023-28079 @@ -13006,7 +13006,7 @@ CVE-2023-1134 (Delta Electronics InfraSuite Device Master versions prior to 1.0. CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) NOT-FOR-US: Delta Electronics CVE-2023-1132 (Compiler removal of buffer clearing in sli_se_driver_key_agreement ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts Sales ...) NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2023-1130 (A vulnerability, which was classified as critical, was found in Source ...) @@ -13153,7 +13153,7 @@ CVE-2023-27432 CVE-2023-27431 RESERVED CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27429 RESERVED CVE-2023-27428 @@ -13167,7 +13167,7 @@ CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-27424 RESERVED CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27422 RESERVED CVE-2023-27421 @@ -13820,7 +13820,7 @@ CVE-2023-27219 CVE-2023-27218 RESERVED CVE-2023-27217 (A stack-based buffer overflow in the ChangeFriendlyName() function of ...) - TODO: check + NOT-FOR-US: Belkin CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...) NOT-FOR-US: D-Link CVE-2023-27215 @@ -15985,7 +15985,7 @@ CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-0965 (Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_a ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-0964 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) @@ -17072,7 +17072,7 @@ CVE-2023-25935 CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...) NOT-FOR-US: Dell CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-25756 RESERVED CVE-2023-25546 @@ -17891,7 +17891,7 @@ CVE-2023-25700 CVE-2023-25699 RESERVED CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25697 RESERVED CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hive Pro ...) @@ -18461,7 +18461,7 @@ CVE-2023-25570 (Apollo is a configuration management system. Prior to version 2. CVE-2023-25569 (Apollo is a configuration management system. Prior to version 2.1.0, a ...) NOT-FOR-US: Apollo CVE-2023-25568 (Boxo, formerly known as go-libipfs, is a library for building IPFS app ...) - TODO: check + NOT-FOR-US: Boxo CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp <no-dsa> (Minor issue) @@ -20419,9 +20419,9 @@ CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can NOTE: https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa (v1.5.4) NOTE: Introduced by https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726 (v1.4.7) CVE-2023-24833 (A use-after-free in BigIntPrimitive addition in Hermes prior to commit ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-24832 (A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...) NOT-FOR-US: Trend Micro CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...) @@ -22818,7 +22818,7 @@ CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-24000 RESERVED CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) NOT-FOR-US: WordPress plugin CVE-2023-23997 @@ -23559,7 +23559,7 @@ CVE-2023-23761 (An improper authentication vulnerability was identified in GitHu CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...) - TODO: check + NOT-FOR-US: Facebook fizz CVE-2023-23758 RESERVED CVE-2023-23757 @@ -23850,7 +23850,7 @@ CVE-2023-23669 CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23666 RESERVED CVE-2023-23665 @@ -24366,9 +24366,9 @@ CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the L CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...) - eternal-terminal <itp> (bug #861635) CVE-2023-23557 (An error in Hermes' algorithm for copying objects properties prior to ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-23556 (An error in BigInt conversion to Number in Hermes prior to commit a6dc ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...) NOT-FOR-US: F5 BIG-IP CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site scripting ...) @@ -33051,7 +33051,7 @@ CVE-2022-47159 CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...) NOT-FOR-US: WordPress plugin CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47156 RESERVED CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...) @@ -33623,7 +33623,7 @@ CVE-2022-4420 CVE-2022-4419 RESERVED CVE-2022-4418 (Local privilege escalation due to unrestricted loading of unsigned lib ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...) @@ -38036,11 +38036,11 @@ CVE-2022-4038 CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab <unfixed> CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45457 (Sensitive information disclosure and manipulation due to improper cert ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...) NOT-FOR-US: Acronis CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...) @@ -38048,13 +38048,13 @@ CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation clea CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...) NOT-FOR-US: Acronis CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are affecte ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45451 RESERVED CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45449 RESERVED CVE-2022-45448 @@ -44693,7 +44693,7 @@ CVE-2023-20191 CVE-2023-20190 RESERVED CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20188 RESERVED CVE-2023-20187 @@ -44703,11 +44703,11 @@ CVE-2023-20186 CVE-2023-20185 RESERVED CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20181 RESERVED CVE-2023-20180 @@ -44723,13 +44723,13 @@ CVE-2023-20176 CVE-2023-20175 RESERVED CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20170 RESERVED CVE-2023-20169 @@ -44737,29 +44737,29 @@ CVE-2023-20169 CVE-2023-20168 RESERVED CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20165 RESERVED CVE-2023-20164 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20163 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20162 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20161 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20160 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20159 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20158 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20155 RESERVED CVE-2023-20154 @@ -44851,7 +44851,7 @@ CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow CVE-2023-20111 RESERVED CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20109 RESERVED CVE-2023-20108 @@ -44859,7 +44859,7 @@ CVE-2023-20108 CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...) NOT-FOR-US: Cisco CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20105 RESERVED CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...) @@ -44897,7 +44897,7 @@ CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feat CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...) NOT-FOR-US: Cisco CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20086 RESERVED CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...) @@ -44917,7 +44917,7 @@ CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface o CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2023-20077 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...) NOT-FOR-US: Cisco CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...) @@ -45030,7 +45030,7 @@ CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco S CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20024 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) @@ -45072,7 +45072,7 @@ CVE-2023-20005 CVE-2023-20004 RESERVED CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...) NOT-FOR-US: Cisco CVE-2023-20001 @@ -65906,11 +65906,11 @@ CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware versi CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...) NOT-FOR-US: Western Digital CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: Western Digital CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: Western Digital CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that could ar ...) - TODO: check + NOT-FOR-US: Western Digital CVE-2022-36325 (Affected devices do not properly sanitize data introduced by an user w ...) NOT-FOR-US: Siemens CVE-2022-36324 (Affected devices do not properly handle the renegotiation of SSL/TLS p ...) @@ -67369,7 +67369,7 @@ CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This C CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability.) NOT-FOR-US: Microsoft CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.) @@ -164676,7 +164676,7 @@ CVE-2021-26367 CVE-2021-26366 (An attacker, who gained elevated privileges via some other vulnerabili ...) NOT-FOR-US: AMD CVE-2021-26365 (Certain size values in firmware binary headers could trigger out of bo ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could allow an ...) NOT-FOR-US: AMD CVE-2021-26363 (A malicious or compromised UApp or ABL could potentially change the va ...) @@ -189862,7 +189862,7 @@ CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a mis ...) NOT-FOR-US: Imagination Technologies components for Android CVE-2021-0877 (Product: AndroidVersions: Android SoCAndroid ID: A-273754094) - TODO: check + NOT-FOR-US: Imagination Technologies components for Android CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driv ...) NOT-FOR-US: Imagination Technologies components for Android CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717f80a8f7e93f30d7a6f9f184903c1526d1e517 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/717f80a8f7e93f30d7a6f9f184903c1526d1e517 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits