Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f94b4b62 by Moritz Muehlenhoff at 2023-05-09T11:26:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2023-2590 (Missing Authorization in GitHub repository
answerdev/answer prior
CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to
3.11.3.)
- TODO: check
+ NOT-FOR-US: jsreport
CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS
which can ...)
NOT-FOR-US: Strikingly CMS
CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are
affect ...)
@@ -27,7 +27,8 @@ CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices
through 1.21 are a
CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository
openemr/opene ...)
NOT-FOR-US: OpenEMR
CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8
(Websocket API ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which
forked from 6.x
CVE-2023-2565 (A vulnerability has been found in SourceCodester Multi Language
Hotel ...)
NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
CVE-2023-2564 (OS Command Injection in GitHub repository sbs20/scanservjs
prior to v2 ...)
@@ -759,9 +760,9 @@ CVE-2023-31143
CVE-2023-31142
RESERVED
CVE-2023-31141 (OpenSearch is open-source software suite for search,
analytics, and ob ...)
- TODO: check
+ NOT-FOR-US: OpenSearch
CVE-2023-31140 (OpenProject is open source project management software.
Starting with ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2023-31139
RESERVED
CVE-2023-31138
@@ -787,11 +788,11 @@ CVE-2023-31129 (The Contiki-NG operating system versions
4.8 and prior can be tr
CVE-2023-31128
RESERVED
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM
specific ...)
- TODO: check
+ NOT-FOR-US: libspdm
CVE-2023-31126
RESERVED
CVE-2023-31125 (Engine.IO is the implementation of transport-based
cross-browser/cross ...)
- TODO: check
+ NOT-FOR-US: Engine.IO
CVE-2023-31124
RESERVED
CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal
platform ...)
@@ -1059,7 +1060,7 @@ CVE-2023-31040
CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza
Ordering ...)
NOT-FOR-US: SourceCodester
CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms
allows at ...)
- TODO: check
+ NOT-FOR-US: Apache bRPC
CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send
log mess ...)
TODO: check
CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been
declared as ...)
@@ -1653,7 +1654,7 @@ CVE-2023-30842
CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning
integration ...)
NOT-FOR-US: Baremetal Operator (BMO)
CVE-2023-30840 (Fluid is an open source Kubernetes-native distributed dataset
orchestr ...)
- TODO: check
+ NOT-FOR-US: Fluid
CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application.
Versions prio ...)
NOT-FOR-US: PrestaShop
CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior
to vers ...)
@@ -2087,15 +2088,15 @@ CVE-2023-30746
CVE-2023-30745
RESERVED
CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW
7.50, C ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions
SAP_UI 75 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30742 (SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND
104, S4F ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects
Business Int ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions
420, 430 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30739
RESERVED
CVE-2023-30738
@@ -2722,7 +2723,7 @@ CVE-2023-30553 (Archery is an open source SQL audit
platform. The Archery projec
CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery
project cont ...)
NOT-FOR-US: Archery
CVE-2023-30551 (Rekor is an open source software supply chain transparency
log. Rekor ...)
- TODO: check
+ NOT-FOR-US: Rekor
CVE-2023-30550 (MeterSphere is an open source continuous testing platform,
covering fu ...)
NOT-FOR-US: MeterSphere
CVE-2023-30549 (Apptainer is an open source container platform for Linux.
There is an ...)
@@ -3347,7 +3348,7 @@ CVE-2023-30336
CVE-2023-30335
RESERVED
CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site
scripting ( ...)
- TODO: check
+ NOT-FOR-US: AsmBB
CVE-2023-30333
RESERVED
CVE-2023-30332
@@ -3545,7 +3546,7 @@ CVE-2023-30239
CVE-2023-30238
RESERVED
CVE-2023-30237 (CyberGhostVPN Windows Client before v8.3.10.10015 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: CyberGhostVPN
CVE-2023-30236
RESERVED
CVE-2023-30235
@@ -6050,7 +6051,7 @@ CVE-2023-29249
CVE-2023-29248
RESERVED
CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored
XSS.Thi ...)
- TODO: check
+ - airflow <itp> (bug #819700)
CVE-2023-29246
RESERVED
CVE-2023-29239
@@ -6279,7 +6280,7 @@ CVE-2023-29190
CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105,
106, 107, ...)
NOT-FOR-US: SAP
CVE-2023-29188 (SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND
103, S4 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL
hijacki ...)
NOT-FOR-US: SAP
CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747,
757, an att ...)
@@ -6560,7 +6561,7 @@ CVE-2023-1766 (Improper Neutralization of Input During
Web Page Generation ('Cro
CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Akbim Computer Panon
CVE-2023-29092 (An issue was discovered in Exynos Mobile Processor and Modem
for Exyno ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
@@ -7753,11 +7754,11 @@ CVE-2023-XXXX [RUSTSEC-2022-0092]
CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects
Business Inte ...)
NOT-FOR-US: SAP
CVE-2023-28764 (SAP BusinessObjects Platform - versions 420, 430, Information
design t ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740,
750, 751, ...)
NOT-FOR-US: SAP
CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions
420, 430 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an
unauthenticated at ...)
NOT-FOR-US: SAP
CVE-2023-28760
@@ -9676,9 +9677,9 @@ CVE-2023-28203
CVE-2023-28202
RESERVED
CVE-2023-28201 (This issue was addressed with improved state management. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28200 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28199
RESERVED
CVE-2023-28198
@@ -9690,17 +9691,17 @@ CVE-2023-28196
CVE-2023-28195
RESERVED
CVE-2023-28194 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28193
RESERVED
CVE-2023-28192 (A permissions issue was addressed with improved validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28191
RESERVED
CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a
more secur ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28189 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28188
RESERVED
CVE-2023-28187
@@ -9714,15 +9715,15 @@ CVE-2023-28184
CVE-2023-28183
RESERVED
CVE-2023-28182 (The issue was addressed with improved authentication. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28181 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28180 (A denial-of-service issue was addressed with improved memory
handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28179
RESERVED
CVE-2023-28178 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28177
RESERVED
- firefox 111.0-1
@@ -9865,49 +9866,49 @@ CVE-2022-48391
CVE-2022-48390
RESERVED
CVE-2022-48389 (In modem control device, there is a possible out of bounds
write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48388 (In powerEx service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48387 (the apipe driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48386 (the apipe driver, there is a possible use after free due to a
logic er ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48385 (In cp_dump driver, there is a possible out of bounds write due
to a mi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48384 (In srtd service, there is a possible missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48383 (.In srtd service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48382 (In log service, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48381 (In modem control device, there is a possible out of bounds
write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48380 (In modem control device, there is a possible out of bounds
write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48379 (In dialer service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48378 (In engineermode service, there is a possible missing
permission check. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48377 (In dialer service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48376 (In dialer service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48375 (In contacts service, there is a possible missing permission
check. Thi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48374 (In tee service, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48373 (In tee service, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48372 (In bootcp service, there is a possible out of bounds write due
to a mi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48371 (In dialer service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48370 (In dialer service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48369 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48368 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-1360 (A vulnerability was found in SourceCodester Employee Payslip
Generator ...)
NOT-FOR-US: SourceCodester Employee Payslip Generator with Sending Mail
CVE-2023-1359 (A vulnerability has been found in SourceCodester Gadget Works
Online O ...)
@@ -10503,97 +10504,97 @@ CVE-2014-125093 (A vulnerability has been found in Ad
Blocking Detector Plugin u
CVE-2013-10020 (A vulnerability, which was classified as problematic, was
found in MMD ...)
NOT-FOR-US: MMDeveloper
CVE-2023-27970 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27969 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27968 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27967 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27966 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27965 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27964
RESERVED
CVE-2023-27963 (The issue was addressed with additional permissions checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27962 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27961 (Multiple validation issues were addressed with improved input
sanitiza ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27960 (This issue was addressed by removing the vulnerable code. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27959 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27958 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27957 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27956 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27955 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27954 (The issue was addressed by removing origin information. This
issue is ...)
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-27953 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27952 (A race condition was addressed with improved locking. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27951 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27950
RESERVED
CVE-2023-27949 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27948
RESERVED
CVE-2023-27947
RESERVED
CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27945 (This issue was addressed with improved entitlements. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27944 (This issue was addressed with a new entitlement. This issue is
fixed i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27943 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27942 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27941 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27940
RESERVED
CVE-2023-27939
RESERVED
CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input
validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27937 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27936 (An out-of-bounds write issue was addressed with improved input
validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27935 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27934 (A memory initialization issue was addressed. This issue is
fixed in ma ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27933 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27932 (This issue was addressed with improved state management. This
issue is ...)
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27930
RESERVED
CVE-2023-27929 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27928 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-1276 (A vulnerability, which was classified as critical, has been
found in S ...)
NOT-FOR-US: SUL1SS_shop
CVE-2023-1275 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -12515,7 +12516,7 @@ CVE-2023-1095 (In nf_tables_updtable, if
nf_tables_table_enable returns an error
[buster] - linux 4.19.260-1
NOTE:
https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1)
CVE-2023-1094 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2,
OAuth Si ...)
@@ -14327,7 +14328,7 @@ CVE-2023-26544 (In the Linux kernel 6.0.8, there is a
use-after-free in run_unpa
NOTE: https://lkml.org/lkml/2023/2/20/128
NOTE: NTFS3 driver not enabled in Debian.
CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat
Reservati ...)
NOT-FOR-US: SourceCodester Online BoatReservation System
CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to
Cross-Site Reque ...)
@@ -16631,7 +16632,7 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository
gpac/gpac prior to v2.3.0-D
NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
NOTE:
https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7
CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache
Software Fou ...)
- TODO: check
+ - airflow <itp> (bug #819700)
CVE-2023-25753
RESERVED
CVE-2023-25752
@@ -20504,11 +20505,11 @@ CVE-2023-24509 (On affected modular platforms running
Arista EOS equipped with b
CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and
Nova 246 ...)
NOT-FOR-US: Baicells
CVE-2023-24507 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Insecure File Upload
-Vulnerab ...)
- TODO: check
+ NOT-FOR-US: AgilePoint
CVE-2023-24506 (Milesight NCR/camera version 71.8.0.6-r5 exposes credentials
through a ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-24505 (Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive
informati ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-24504 (Electra Central AC unit \u2013 Adjacent attacker may cause the
unit to ...)
NOT-FOR-US: Electra Central
CVE-2023-24503 (Electra Central AC unit \u2013 Adjacent attacker may cause the
unit to ...)
@@ -20905,7 +20906,7 @@ CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid
Ecommerce Ecw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilityin Nico ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24375
RESERVED
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -22129,7 +22130,7 @@ CVE-2023-23896
CVE-2023-23895
RESERVED
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23893
RESERVED
CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -22191,7 +22192,7 @@ CVE-2023-23865 (Cross-Site Request Forgery (CSRF)
vulnerability in Checkout Plug
CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Micha ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Blac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23862
RESERVED
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German
Mesky GMAce ...)
@@ -23370,29 +23371,29 @@ CVE-2023-23552 (On versions 17.0.x before 17.0.0.2,
16.1.x before 16.1.3.3, 15.1
CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are
vulnerable to co ...)
NOT-FOR-US: Control By Web X-600M devices
CVE-2023-23543 (The issue was addressed with additional restrictions on the
observabil ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23542 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23541 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23540 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23539
RESERVED
CVE-2023-23538 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23537 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23536 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23535 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23534 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23533 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23532 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23531 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-23530 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -23403,17 +23404,17 @@ CVE-2023-23529 (A type confusion issue was addressed
with improved checks. This
- wpewebkit 2.38.5-1
NOTE: https://webkitgtk.org/security/WSA-2023-0002.html
CVE-2023-23528 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23527 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23526 (This was addressed with additional checks by Gatekeeper on
files downl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23525 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23524 (A denial-of-service issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2023-23523 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23522 (A privacy issue was addressed with improved handling of
temporary file ...)
NOT-FOR-US: Apple
CVE-2023-23521
@@ -23477,7 +23478,7 @@ CVE-2023-23496 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-23495
RESERVED
CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23493 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before
15.1.8.1, 14. ...)
@@ -25556,45 +25557,45 @@ CVE-2022-4883 (A flaw was found in libXpm. When
processing files with .Z or .gz
CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has
been r ...)
NOT-FOR-US: Kaltura
CVE-2022-48250 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48249 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48248 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48247 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48246 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48245 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48244 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48243 (In audio service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48242 (In telephony service, there is a possible missing permission
check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48241 (In telephony service, there is a possible missing permission
check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48240 (In camera driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48239 (In camera driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48238 (In Image filter, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48237 (In Image filter, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48236 (In MP3 encoder, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48235 (In MP3 encoder, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48234 (In FM service , there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48233 (In FM service , there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48232 (In FM service , there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48231 (In soter service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48230 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a
file with ...)
@@ -25815,7 +25816,7 @@ CVE-2023-22815
CVE-2023-22814
RESERVED
CVE-2023-22813 (A device API endpoint was missing access controls onWestern
Digital My ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure
TLS 1.0 ...)
NOT-FOR-US: SanDisk PrivateAccess
CVE-2023-22811
@@ -25928,31 +25929,31 @@ CVE-2023-22792 (A regular expression based DoS
vulnerability in Action Dispatch
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
NOTE:
https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f
(6-1-stable)
CVE-2023-22791 (A vulnerability exists in Aruba InstantOS and ArubaOS 10where
an edge- ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22790 (Multiple authenticated command injection vulnerabilitiesexist
in the A ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22789 (Multiple authenticated command injection vulnerabilitiesexist
in the A ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22788 (Multiple authenticated command injection vulnerabilitiesexist
in the A ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22787 (An unauthenticated Denial of Service (DoS) vulnerability
exists in a s ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22786 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22785 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22784 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22783 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22782 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22781 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22780 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22779 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could
allow an ...)
NOT-FOR-US: Aruba
CVE-2023-22777 (An authenticated information disclosure vulnerability exists
in the Ar ...)
@@ -26108,7 +26109,7 @@ CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-22711
RESERVED
CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
chilidev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22709
RESERVED
CVE-2023-22708
@@ -30848,7 +30849,7 @@ CVE-2022-4539
CVE-2022-4538
RESERVED
CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4536
RESERVED
CVE-2022-4535
@@ -30914,35 +30915,35 @@ CVE-2022-47501 (Arbitrary file reading vulnerability
in Apache Software Foundati
CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
NOT-FOR-US: Apache Helix
CVE-2022-47499 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47498 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47497 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47496 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47495 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47494 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47493 (In soter service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47492 (In soter service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47491 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47490 (In soter service, there is a possible missing permission
check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47489 (In soter service, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47488 (In spipe drive, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47487 (In thermal service, there is a possible out of bounds write
due to a m ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47486 (In ext4fsfilter driver, there is a possible out of bounds read
due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47485 (In modem control device, there is a possible out of bounds
write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47484 (In telephony service, there is a missing permission check.
This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47483 (In telephony service, there is a missing permission check.
This could ...)
@@ -30972,9 +30973,9 @@ CVE-2022-47472 (In telephony service, there is a
missing permission check. This
CVE-2022-47471 (In telephony service, there is a missing permission check.
This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47470 (In ext4fsfilter driver, there is a possible out of bounds read
due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47469 (In ext4fsfilter driver, there is a possible out of bounds read
due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47468 (In telecom service, there is a missing permission check. This
could le ...)
NOT-FOR-US: Unisoc
CVE-2022-47467 (In telecom service, there is a missing permission check. This
could le ...)
@@ -31617,7 +31618,7 @@ CVE-2022-47342 (In engineermode services, there is a
missing permission check. T
CVE-2022-47341 (In engineermode services, there is a missing permission check.
This co ...)
NOT-FOR-US: Unisoc
CVE-2022-47340 (In h265 codec firmware, there is a possible out of bounds
write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to
missing ...)
NOT-FOR-US: Unisoc
CVE-2022-47338 (In telecom service, there is a missing permission check. This
could le ...)
@@ -31629,7 +31630,7 @@ CVE-2022-47336 (In telecom service, there is a missing
permission check. This co
CVE-2022-47335 (In telecom service, there is a missing permission check. This
could le ...)
NOT-FOR-US: Unisoc
CVE-2022-47334 (In phasecheck server, there is a possible out of bounds read
due to a ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47333 (In wlan driver, there is a possible missing permission check.
This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-47332 (In wlan driver, there is a possible missing permission check.
This cou ...)
@@ -33360,7 +33361,7 @@ CVE-2022-46722
CVE-2022-46721
RESERVED
CVE-2022-46720 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46719
REJECTED
CVE-2022-46718
@@ -39290,7 +39291,7 @@ CVE-2023-21406
CVE-2023-21405
RESERVED
CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy
LUA-components ...)
- TODO: check
+ NOT-FOR-US: AXIS OS
CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive
extraction rout ...)
NOT-FOR-US: KNIME
CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive
extraction rout ...)
@@ -41293,7 +41294,7 @@ CVE-2022-44435 (In messaging service, there is a
missing permission check. This
CVE-2022-44434 (In messaging service, there is a missing permission check.
This could ...)
NOT-FOR-US: Unisoc
CVE-2022-44433 (In phoneEx service, there is a possible missing permission
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This
could l ...)
NOT-FOR-US: Unisoc
CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This
could l ...)
@@ -41319,9 +41320,9 @@ CVE-2022-44422 (In music service, there is a missing
permission check. This coul
CVE-2022-44421 (In wlan driver, there is a possible missing permission check.
This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-44420 (In modem, there is a possible missing verification of HashMME
value in ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44419 (In modem, there is a possible missing verification of NAS
Security Mod ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -57066,7 +57067,7 @@ CVE-2022-39091 (In power management service, there is a
missing permission check
CVE-2022-39090 (In power management service, there is a missing permission
check. This ...)
NOT-FOR-US: Unisoc
CVE-2022-39089 (In mlog service, there is a possible out of bounds read due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39088 (In network service, there is a missing permission check. This
could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39087 (In network service, there is a missing permission check. This
could le ...)
@@ -58407,7 +58408,7 @@ CVE-2022-38687 (In messaging service, there is a
missing permission check. This
CVE-2022-38686 (In wlan driver, there is a possible missing params check. This
could l ...)
NOT-FOR-US: Unisoc
CVE-2022-38685 (In bluetooth service, there is a possible missing permission
check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38684 (In contacts service, there is a missing permission check. This
could l ...)
NOT-FOR-US: Unisoc
CVE-2022-38683 (In contacts service, there is a missing permission check. This
could l ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94b4b62c7a4b1e752b392533b558741557fb897
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94b4b62c7a4b1e752b392533b558741557fb897
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
