Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
46894de1 by security tracker role at 2023-05-31T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository
mkucej/i-libr ...)
+ TODO: check
+CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository
mkucej/i-l ...)
+ TODO: check
+CVE-2023-3018 (A vulnerability was found in SourceCodester Lost and Found
Information ...)
+ TODO: check
+CVE-2023-3017 (A vulnerability was found in SourceCodester Lost and Found
Information ...)
+ TODO: check
+CVE-2023-3016 (A vulnerability was found in yiwent Vip Video Analysis 1.0 and
classif ...)
+ TODO: check
+CVE-2023-3015 (A vulnerability has been found in yiwent Vip Video Analysis 1.0
and cl ...)
+ TODO: check
+CVE-2023-3014 (A vulnerability, which was classified as problematic, was found
in Bei ...)
+ TODO: check
+CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to
2.2.2.)
+ TODO: check
+CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.2.2 ...)
+ TODO: check
+CVE-2023-3009 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
+ TODO: check
+CVE-2023-3008 (A vulnerability classified as critical has been found in
ningzichun St ...)
+ TODO: check
+CVE-2023-3007 (A vulnerability was found in ningzichun Student Management
System 1.0. ...)
+ TODO: check
+CVE-2023-3006 (A known cache speculation vulnerability, known as Branch
History Injec ...)
+ TODO: check
+CVE-2023-3005 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2023-3004 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-3003 (A vulnerability classified as critical was found in
SourceCodester Tra ...)
+ TODO: check
+CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The
agent's conf ...)
+ TODO: check
+CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The
agent's con ...)
+ TODO: check
+CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3.
There is an ...)
+ TODO: check
+CVE-2023-34255 (An issue was discovered in the Linux kernel through 6.3.5.
There is a ...)
+ TODO: check
+CVE-2023-34229 (In JetBrains TeamCity before 2023.05 stored XSS in GitLab
Connection p ...)
+ TODO: check
+CVE-2023-34228 (In JetBrains TeamCity before 2023.05 authentication checks
were missin ...)
+ TODO: check
+CVE-2023-34227 (In JetBrains TeamCity before 2023.05 a specific endpoint was
vulnerabl ...)
+ TODO: check
+CVE-2023-34226 (In JetBrains TeamCity before 2023.05 reflected XSS in the
Subscription ...)
+ TODO: check
+CVE-2023-34225 (In JetBrains TeamCity before 2023.05 stored XSS in the NuGet
feed page ...)
+ TODO: check
+CVE-2023-34224 (In JetBrains TeamCity before 2023.05 open redirect during
oAuth config ...)
+ TODO: check
+CVE-2023-34223 (In JetBrains TeamCity before 2023.05 parameters of the
"password" type ...)
+ TODO: check
+CVE-2023-34222 (In JetBrains TeamCity before 2023.05 possible XSS in the
Plugin Vendor ...)
+ TODO: check
+CVE-2023-34221 (In JetBrains TeamCity before 2023.05 stored XSS in the Show
Connection ...)
+ TODO: check
+CVE-2023-34220 (In JetBrains TeamCity before 2023.05 stored XSS in the Commit
Status P ...)
+ TODO: check
+CVE-2023-34219 (In JetBrains TeamCity before 2023.05 improper permission
checks allowe ...)
+ TODO: check
+CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission
checks allow ...)
+ TODO: check
+CVE-2023-34088 (Collabora Online is a collaborative online office suite. A
stored cros ...)
+ TODO: check
+CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A
vulnera ...)
+ TODO: check
+CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom
forms and ...)
+ TODO: check
+CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL
injecti ...)
+ TODO: check
+CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno
1.34.0 and de ...)
+ TODO: check
+CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain
protocol ...)
+ TODO: check
+CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in
Dcat-Admin v2.1.3 ...)
+ TODO: check
+CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote
command exe ...)
+ TODO: check
+CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in
Microworld Techno ...)
+ TODO: check
+CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in
Microworld ...)
+ TODO: check
+CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an
authenticated rem ...)
+ TODO: check
+CVE-2023-33718 (mp4v2 v2.1.3 was discovered to contain a memory leak via
MP4File::Read ...)
+ TODO: check
+CVE-2023-33509 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to SQL
Injection.)
+ TODO: check
+CVE-2023-33508 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to
unauthenticated file ...)
+ TODO: check
+CVE-2023-33507 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to
Unauthenticated arbi ...)
+ TODO: check
+CVE-2023-33487 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
+CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
+CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
+CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the
Inline Table ...)
+ TODO: check
+CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3,
IdentityIQ 8.2 ...)
+ TODO: check
+CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the
FundRaiserEdi ...)
+ TODO: check
+CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing
an att ...)
+ TODO: check
+CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS
HMI Syste ...)
+ TODO: check
+CVE-2023-2749 (Download Center fails to properly validate the file path
submitted by ...)
+ TODO: check
+CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The
ntfs3 subs ...)
+ TODO: check
+CVE-2015-10108 (A vulnerability was found in meitar Inline Google Spreadsheet
Viewer P ...)
+ TODO: check
CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine.
Prior to ver ...)
NOT-FOR-US: JStachio
CVE-2023-33961 (Leantime is a lean open source project management system.
Starting in ...)
@@ -108,6 +224,7 @@ CVE-2023-2972 (Prototype Pollution in GitHub repository
antfu/utils prior to 0.7
CVE-2023-2968 (A remote attacker can trigger a denial of service in the
socket.remote ...)
TODO: check
CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object
identifi ...)
+ {DSA-5417-1}
- openssl 3.0.9-1
NOTE: https://www.openssl.org/news/secadv/20230530.txt
NOTE:
https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
(OpenSSL_1_1_1u)
@@ -231,7 +348,7 @@ CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting
(XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
One Rank ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10106 (A vulnerability classified as critical was found in mback2k
mh_httpbl ...)
+CVE-2015-10106 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
NOT-FOR-US: Typo3 extension
CVE-2014-125101 (A vulnerability classified as critical has been found in
Portfolio Gal ...)
NOT-FOR-US: WordPress plugin
@@ -4815,7 +4932,7 @@ CVE-2023-2000 (Mattermost Desktop App fails to validate a
mattermost server redi
NOT-FOR-US: Mattermost Desktop App
CVE-2023-1999
RESERVED
- {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
+ {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3439-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -5463,8 +5580,8 @@ CVE-2023-30287
RESERVED
CVE-2023-30286
RESERVED
-CVE-2023-30285
- RESERVED
+CVE-2023-30285 (An issue in Deviniti Issue Sync Synchronization v3.5.2 for
Jira allows ...)
+ TODO: check
CVE-2023-30284
RESERVED
CVE-2023-30283
@@ -6588,8 +6705,8 @@ CVE-2023-29749
RESERVED
CVE-2023-29748
RESERVED
-CVE-2023-29747
- RESERVED
+CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for
Android exists ...)
+ TODO: check
CVE-2023-29746
RESERVED
CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows
unauthorized ...)
@@ -15751,8 +15868,8 @@ CVE-2023-26844
RESERVED
CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM
4.5.3 a ...)
NOT-FOR-US: ChurchCRM
-CVE-2023-26842
- RESERVED
+CVE-2023-26842 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM
4.5.3 a ...)
+ TODO: check
CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM
v4.5.3 ...)
NOT-FOR-US: ChurchCRM
CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM
v4.5.3 ...)
@@ -17254,10 +17371,10 @@ CVE-2023-26280
RESERVED
CVE-2023-26279
RESERVED
-CVE-2023-26278
- RESERVED
-CVE-2023-26277
- RESERVED
+CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a
local au ...)
+ TODO: check
+CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a
local use ...)
+ TODO: check
CVE-2023-26276
RESERVED
CVE-2023-26275
@@ -22847,18 +22964,21 @@ CVE-2023-0468 (A use-after-free flaw was found in
io_uring/poll.c in io_poll_che
CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not
properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to
implicit ...)
+ {DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
(OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying
certificates ...)
+ {DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
(OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported
versions ...)
+ {DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230322.txt
@@ -68534,11 +68654,11 @@ CVE-2022-35829 (Service Fabric Explorer Spoofing
Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege
Vulnera ...)
NOT-FOR-US: Microsoft
-CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
@@ -68546,164 +68666,164 @@ CVE-2022-35823 (Microsoft SharePoint Remote Code
Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass
Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability.)
+CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability.)
+CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability.)
+CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability.)
+CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability.)
+CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege
Vulnerability.)
+CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35794 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
+CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35778
RESERVED
-CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability.)
+CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
+CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability ...)
+CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35770 (Windows NTLM Spoofing Vulnerability.)
NOT-FOR-US: Microsoft
-CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service
Vulnerability. ...)
+CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35767 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
NOT-FOR-US: Microsoft
CVE-2022-35766 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege
Vulnerability.)
+CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-35759
- RESERVED
-CVE-2022-35758
- RESERVED
-CVE-2022-35757
- RESERVED
-CVE-2022-35756
- RESERVED
-CVE-2022-35755
- RESERVED
-CVE-2022-35754
- RESERVED
-CVE-2022-35753
- RESERVED
-CVE-2022-35752
- RESERVED
-CVE-2022-35751
- RESERVED
-CVE-2022-35750
- RESERVED
-CVE-2022-35749
- RESERVED
-CVE-2022-35748
- RESERVED
-CVE-2022-35747
- RESERVED
-CVE-2022-35746
- RESERVED
-CVE-2022-35745
- RESERVED
-CVE-2022-35744
- RESERVED
-CVE-2022-35743
- RESERVED
+CVE-2022-35759 (Windows Local Security Authority (LSA) Denial of Service
Vulnerability)
+ TODO: check
+CVE-2022-35758 (Windows Kernel Memory Information Disclosure Vulnerability)
+ TODO: check
+CVE-2022-35757 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2022-35756 (Windows Kerberos Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35755 (Windows Print Spooler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35754 (Unified Write Filter Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35753 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-35752 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-35751 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35750 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2022-35749 (Windows Digital Media Receiver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2022-35748 (HTTP.sys Denial of Service Vulnerability)
+ TODO: check
+CVE-2022-35747 (Windows Point-to-Point Protocol (PPP) Denial of Service
Vulnerability)
+ TODO: check
+CVE-2022-35746 (Windows Digital Media Receiver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2022-35745 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) Remote Code Execution
Vulnerabil ...)
+ TODO: check
+CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution ...)
+ TODO: check
CVE-2022-35742
RESERVED
CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user
logged into ...)
@@ -71679,33 +71799,33 @@ CVE-2022-34719 (Windows Distributed File System (DFS)
Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability.)
+CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34716 (.NET Spoofing Vulnerability.)
+CVE-2022-34716 (.NET Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34715 (Windows Network File System Remote Code Execution
Vulnerability.)
+CVE-2022-34715 (Windows Network File System Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
NOT-FOR-US: Microsoft
CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure
Vulnerability ...)
+CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability ...)
+CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure
Vulnerability ...)
+CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass
Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability. This CVE
ID is un ...)
+CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability ...)
+CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure
Vulnerability ...)
+CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege
Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -71715,13 +71835,13 @@ CVE-2022-34701 (Windows Secure Socket Tunneling
Protocol (SSTP) Denial of Servic
NOT-FOR-US: Microsoft
CVE-2022-34700 (Microsoft Dynamics CRM (on-premises) Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability.)
+CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34698
RESERVED
CVE-2022-34697
RESERVED
-CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability.)
+CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34695
RESERVED
@@ -71729,17 +71849,17 @@ CVE-2022-34694
RESERVED
CVE-2022-34693
RESERVED
-CVE-2022-34692 (Microsoft Exchange Information Disclosure Vulnerability. This
CVE ID i ...)
+CVE-2022-34692 (Microsoft Exchange Server Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege
Vulnerability.)
+CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability.)
+CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-34688
RESERVED
-CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability.
This CVE ...)
NOT-FOR-US: Microsoft
@@ -74807,9 +74927,9 @@ CVE-2022-33651 (Azure Site Recovery Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability.)
+CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability.)
+CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -74833,7 +74953,7 @@ CVE-2022-33638 (Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability.)
+CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
@@ -74843,7 +74963,7 @@ CVE-2022-33633 (Skype for Business and Lync Remote Code
Execution Vulnerability)
NOT-FOR-US: Skype for Business and Lync
CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability.)
+CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-33630
RESERVED
@@ -84521,13 +84641,13 @@ CVE-2022-30199
RESERVED
CVE-2022-30198 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE
ID is un ...)
+CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30195
RESERVED
-CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution
Vulnerability.)
+CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
@@ -84563,9 +84683,9 @@ CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code
Execution Vulnerability. This
NOT-FOR-US: Microsoft
CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
NOT-FOR-US: Microsoft
-CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
@@ -84627,7 +84747,7 @@ CVE-2022-30146 (Windows Lightweight Directory Access
Protocol (LDAP) Remote Code
NOT-FOR-US: Microsoft
CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability.)
+CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote
Code Execu ...)
NOT-FOR-US: Microsoft
@@ -84647,7 +84767,7 @@ CVE-2022-30136 (Windows Network File System Remote Code
Execution Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability.)
NOT-FOR-US: Microsoft
-CVE-2022-30134 (Microsoft Exchange Information Disclosure Vulnerability. This
CVE ID i ...)
+CVE-2022-30134 (Microsoft Exchange Server Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution
Vulnerabil ...)
NOT-FOR-US: Microsoft
@@ -113750,8 +113870,8 @@ CVE-2022-0010 (Insertion of Sensitive Information
into Log File vulnerability in
NOT-FOR-US: ABB
CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x
through 2 ...)
NOT-FOR-US: spatie/laravel-medialibrary
-CVE-2021-45039
- RESERVED
+CVE-2021-45039 (Multiple models of the Uniview IP Camera (e.g., IPC_G6103
B6103.16.10. ...)
+ TODO: check
CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
@@ -265471,6 +265591,7 @@ CVE-2019-18606
CVE-2019-18605
RESERVED
CVE-2019-18604 (In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b,
as distr ...)
+ {DLA-3427-2}
- texlive-bin 2020.20200327.54578-2
[stretch] - texlive-bin <not-affected> (Vulnerable code not present)
[jessie] - texlive-bin <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46894de127f0676e912b24c3b1e0630155ab8eeb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46894de127f0676e912b24c3b1e0630155ab8eeb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
