Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc78768d by Salvatore Bonaccorso at 2023-11-14T21:54:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104,197 +104,197 @@ CVE-2023-41676 (An exposure of sensitive information to
an unauthorized actor [C
CVE-2023-40719 (A use of hard-coded credentials vulnerability in Fortinet
FortiAnalyze ...)
NOT-FOR-US: FortiGuard
CVE-2023-40540 (Non-Transparent Sharing of Microarchitectural Resources in
some Intel( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40220 (Improper buffer restrictions in some Intel(R) NUC BIOS
firmware may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39412 (Cross-site request forgery in some Intel Unison software may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39411 (Improper input validationation for some Intel Unison software
may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39230 (Insecure inherited permissions in some Intel Rapid Storage
Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39228 (Improper access control for some Intel Unison software may
allow an un ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39221 (Improper access control for some Intel Unison software may
allow an au ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38570 (Access of memory location after end of buffer for some Intel
Unison so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38411 (Improper access control in the Intel Smart Campus android
application ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38177 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38151 (Microsoft Host Integration Server 2020 Remote Code Execution
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38131 (Improper input validationation for some Intel Unison software
may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36860 (Improper input validation for some Intel Unison software may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36719 (Microsoft Speech Application Programming Interface (SAPI)
Elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36705 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36641 (A numeric truncation error in Fortinet FortiProxy version
7.2.0 throug ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36633 (An improper authorization vulnerability [CWE-285] in FortiMail
webmail ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36560 (ASP.NET Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36553 (A improper neutralization of special elements used in an os
command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36439 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36428 (Microsoft Local Security Authority Subsystem Service
Information Discl ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36427 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36425 (Windows Distributed File System (DFS) Remote Code Execution
Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36424 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36423 (Microsoft Remote Registry Service Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36422 (Microsoft Windows Defender Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36410 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36408 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36407 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36406 (Windows Hyper-V Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36405 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36404 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36403 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36402 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36401 (Microsoft Remote Registry Service Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36400 (Windows HMAC Key Derivation Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36399 (Windows Storage Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36398 (Windows NTFS Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36397 (Windows Pragmatic General Multicast (PGM) Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36396 (Windows Compressed Folder Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36395 (Windows Deployment Services Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36394 (Windows Search Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36393 (Windows User Interface Application Core Remote Code Execution
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36392 (DHCP Server Service Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36052 (Azure CLI REST Command Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36050 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36047 (Windows Authentication Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36046 (Windows Authentication Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36045 (Microsoft Office Graphics Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36043 (Open Management Infrastructure Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36042 (Visual Studio Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36041 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36039 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36037 (Microsoft Excel Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36035 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36031 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36030 (Microsoft Dynamics 365 Sales Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36028 (Microsoft Protected Extensible Authentication Protocol (PEAP)
Remote C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36021 (Microsoft On-Prem Data Gateway Security Feature Bypass
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36018 (Visual Studio Code Jupyter Extension Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36017 (Windows Scripting Engine Memory Corruption Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36016 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-34997 (Insecure inherited permissions in the installer for some Intel
Server ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34991 (A improper neutralization of special elements used in an sql
command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-34431 (Improper input validation in some Intel(R) Server Board BIOS
firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34430 (Uncontrolled search path in some Intel Battery Life Diagnostic
Tool so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34350 (Uncontrolled search path element in some Intel(R) XTU software
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34314 (Insecure inherited permissions in some Intel(R) Simics
Simulator softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33878 (Path transversal in some Intel(R) NUC P14E Laptop Element
Audio Instal ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33874 (Uncontrolled search path in some Intel(R) NUC 12 Pro Kits &
Mini PCs - ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33872 (Improper access control in the Intel Support android
application all v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33304 (A use of hard-coded credentials vulnerability in Fortinet
FortiClient ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-32701 (Improper Input Validation in the Networking Stack of QNX SDP
version(s ...)
- TODO: check
+ NOT-FOR-US: QNX SDP
CVE-2023-32662 (Improper authorization in some Intel Battery Life Diagnostic
Tool inst ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32661 (Improper authentication in some Intel(R) NUC Kits NUC7PJYH and
NUC7CJY ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32660 (Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK
Thunderbol ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32658 (Unquoted search path in some Intel(R) NUC Kits NUC7i3DN,
NUC7i5DN, NUC ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32655 (Path transversal in some Intel(R) NUC Kits & Mini PCs -
NUC8i7HVK & NU ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32641 (Improper input validation in firmware for Intel(R) QAT before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32638 (Incorrect default permissions in some Intel Arc RGB Controller
softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32283 (Insertion of sensitive information into log file in some
Intel(R) On D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32279 (Improper access control in user mode driver for some Intel(R)
Connecti ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver
for Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32204 (Improper access control in some Intel(R) OFU software before
version 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display
driver ...)
TODO: check
CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server
Host heade ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-31203 (Improper input validation in some OpenVINO Model Server
software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29161 (Uncontrolled search path in some Intel(R) OFU software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29157 (Improper access control in some Intel(R) OFU software before
version 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28377 (Improper authentication in some Intel(R) NUC Kit NUC11PH USB
firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA
products before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-5528
- kubernetes <not-affected> (Windows-specific)
CVE-2023-23583 (Sequence of processor instructions leads to unexpected
behavior for so ...)
@@ -26848,11 +26848,11 @@ CVE-2023-28822
CVE-2023-28745
RESERVED
CVE-2023-28737 (Improper initialization in some Intel(R) Aptio* V UEFI
Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28719
RESERVED
CVE-2023-28378 (Improper authorization in some Intel(R) QAT drivers for
Windows - HW V ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality
to uplo ...)
NOT-FOR-US: Vuforia
CVE-2023-24476 (An attacker with local access to the machine could record the
traffic, ...)
@@ -28599,25 +28599,25 @@ CVE-2023-30571 (Libarchive through 3.6.2 can cause
directories to have world-wri
[buster] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/1876
CVE-2023-29504 (Uncontrolled search path element in some Intel(R)
RealSense(TM) Dynami ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in
BIOS fir ...)
NOT-FOR-US: Intel
CVE-2023-29162
RESERVED
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers
for Wind ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28722
RESERVED
CVE-2023-28407
RESERVED
CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset
Device Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27885
RESERVED
CVE-2023-27880
RESERVED
CVE-2023-27513 (Uncontrolled search path element in some Intel(R) Server
Information R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver
ConnectionAc ...)
NOT-FOR-US: SoftEther VPN
CVE-2023-2077 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -31527,23 +31527,23 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on
pathnames under TMPDIR (typically
CVE-2023-29244
RESERVED
CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) &
Iris(R) Xe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
NOT-FOR-US: Intel
CVE-2023-28741 (Buffer overflow in some Intel(R) QAT drivers for Windows - HW
Version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28715
RESERVED
CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI
Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28396
RESERVED
CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and
component ...)
NOT-FOR-US: Intel
CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library
software bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22310 (Race condition in some Intel(R) Aptio* V UEFI Firmware
Integrator Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.11.11+ds1-1
CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication
bypass, ...)
@@ -32694,7 +32694,7 @@ CVE-2023-29179
CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in
Fortinet ...)
NOT-FOR-US: Fortinet
CVE-2023-29177 (Multiple buffer copy without checking size of input ('classic
buffer o ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-29176
RESERVED
CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in
FortiOS ...)
@@ -32774,7 +32774,7 @@ CVE-2023-27883
CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software
before versio ...)
NOT-FOR-US: Intel
CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and
Component soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24591
RESERVED
CVE-2023-1789 (Improper Input Validation in GitHub repository
firefly-iii/firefly-iii ...)
@@ -33473,15 +33473,15 @@ CVE-2023-28658 (Insecure inherited permissions in
some Intel(R) oneMKL software
CVE-2023-27517
RESERVED
CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware
Integrator Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V
UEFI Firmw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25945
RESERVED
CVE-2023-25778
RESERVED
CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware
Integrator To ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1690 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: SourceCodester Earnings and Expense Tracker App
CVE-2023-1689 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -33953,7 +33953,7 @@ CVE-2023-28828 (A vulnerability has been identified in
Polarion ALM (All version
CVE-2023-28827
RESERVED
CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server
form bound ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the
vpnserver Wpc ...)
NOT-FOR-US: SoftEther VPN
CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister
DDNS_RPC_MA ...)
@@ -34255,7 +34255,7 @@ CVE-2023-28732 (Missing access control inAnyMailing
Joomla Plugin allows to list
CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable tounauthenticated
remote code e ...)
NOT-FOR-US: Joomla Plugin
CVE-2023-27882 (A heap-based buffer overflow vulnerability exists in the HTTP
Server f ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in
io_uring ...)
- linux 6.1.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -34337,7 +34337,7 @@ CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through
2.93A allows remote atta
CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as
distributed ...)
NOT-FOR-US: General Bytes Crypto Application Server (CAS)
CVE-2023-28723 (Exposure of sensitive information to an unauthorized actor in
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform
certain ac ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28714 (Improper access control in firmware for some Intel(R)
PROSet/Wireless ...)
@@ -34361,11 +34361,11 @@ CVE-2023-28410 (Improper restriction of operations
within the bounds of a memory
NOTE: http://blog.pi3.com.pl/?p=931
NOTE: http://site.pi3.com.pl/adv/CVE-2023-28410_i915.txt
CVE-2023-28404 (Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe
Graphics - WHQ ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28403
RESERVED
CVE-2023-28401 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe
Graphics - W ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an
unauthenticated use ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak
session to ...)
@@ -34373,7 +34373,7 @@ CVE-2023-28395 (Osprey Pump Controller version 1.01 is
vulnerable to a weak sess
CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite
for Wind ...)
NOT-FOR-US: Intel
CVE-2023-28376 (Out-of-bounds read in the firmware for some Intel(R) E810
Ethernet Con ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an
unauthenticate ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-27886 (Osprey Pump Controller version 1.01 is vulnerable to an
unauthenticate ...)
@@ -34381,7 +34381,7 @@ CVE-2023-27886 (Osprey Pump Controller version 1.01 is
vulnerable to an unauthen
CVE-2023-27394 (Osprey Pump Controller version 1.01 is vulnerable an
unauthenticated O ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-25071 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe
Graphic ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does
not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1553
@@ -34666,7 +34666,7 @@ CVE-2023-28619
CVE-2023-28618 (Cross-Site Request Forgery (CSRF) vulnerability in Marios
Alexandrou E ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28391 (A memory corruption vulnerability exists in the HTTP Server
header par ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-27927 (An authenticated malicious user could acquire the simple mail
transfer ...)
NOT-FOR-US: SAUTER
CVE-2023-22300 (An unauthenticated remote attacker could force all
authenticated users ...)
@@ -36924,7 +36924,7 @@ CVE-2023-28004 (A CWE-129: Improper validation of an
array index vulnerability e
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability
exists that c ...)
NOT-FOR-US: Schneider
CVE-2023-28002 (An improper validation of integrity check value vulnerability
[CWE-354 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 -
7.0.12 ...)
NOT-FOR-US: Fortinet
CVE-2023-28000 (An improper neutralization of special elements used in an OS
command v ...)
@@ -37205,21 +37205,21 @@ CVE-2023-27906 (A malicious actor may convince a
victim to open a malicious USD
CVE-2023-27884
RESERVED
CVE-2023-27879 (Improper access control in firmware for some Intel(R)
Optane(TM) SSD p ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27519 (Improper input validation in firmware for some Intel(R)
Optane(TM) SSD ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27502
RESERVED
CVE-2023-27306 (Improper Initialization in firmware for some Intel(R)
Optane(TM) SSD p ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) &
Iris(R) Xe Gr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe
Graphics - W ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in
firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24587 (Insufficient control flow management in firmware for some
Intel(R) Opt ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22434
RESERVED
CVE-2023-1266
@@ -38783,7 +38783,7 @@ CVE-2023-27399 (A vulnerability has been identified in
Tecnomatix Plant Simulati
CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC
Toolkit 2023. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27307
RESERVED
CVE-2023-27303
@@ -38795,7 +38795,7 @@ CVE-2023-26592
CVE-2023-26591
RESERVED
CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of
OpenVINO ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R)
software ...)
NOT-FOR-US: Intel
CVE-2023-24463
@@ -41187,7 +41187,7 @@ CVE-2023-25775 (Improper access control in the Intel(R)
Ethernet Controller RDMA
NOTE:
https://git.kernel.org/linus/bb6d73d9add68ad270888db327514384dfa44958
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
CVE-2023-25075 (Unquoted search path in the installer for some Intel Server
Configurat ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25073
RESERVED
CVE-2023-24542
@@ -41965,7 +41965,7 @@ CVE-2023-26207 (An insertion of sensitive information
into log file vulnerabilit
CVE-2023-26206
RESERVED
CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC
automati ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in
FortiSIEM ...)
NOT-FOR-US: Fortinet
CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in
FortiNAC-F ...)
@@ -42717,7 +42717,7 @@ CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an
improper verification of c
CVE-2023-25933 (A type confusion bug in TypedArray prior to commit
e6ed9c1a4b02dc219de ...)
NOT-FOR-US: Facebook Hermes
CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R)
Processors m ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25546
RESERVED
CVE-2023-23904
@@ -42735,7 +42735,7 @@ CVE-2023-22351
CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS
firmware may a ...)
NOT-FOR-US: Intel
CVE-2023-22329 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
NOT-FOR-US: Kron Tech Single Connect
CVE-2023-0881
@@ -43225,7 +43225,7 @@ CVE-2023-0835 (markdown-pdf version 11.0.0 allows an
external attacker to remote
CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
NOT-FOR-US: HYPR Workforce Access on MacOS
CVE-2023-25181 (A heap-based buffer overflow vulnerability exists in the HTTP
Server f ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-0833 (A flaw was found in Red Hat's AMQ-Streams, which ships a
version of th ...)
NOT-FOR-US: Red Hat's AMQ-Streams
CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to
Cross-Sit ...)
@@ -43433,7 +43433,7 @@ CVE-2023-25728 (The
<code>Content-Security-Policy-Report-Only</code> header coul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25728
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728
CVE-2023-24585 (An out-of-bounds write vulnerability exists in the HTTP Server
functio ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several
potentia ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log
Files in m ...)
@@ -44052,7 +44052,7 @@ CVE-2023-25605 (A improper access control vulnerability
in Fortinet FortiSOAR 7.
CVE-2023-25604 (An insertion of sensitive information into log file
vulnerability in F ...)
NOT-FOR-US: Fortinet
CVE-2023-25603 (A permissive cross-domain policy with untrusted domains
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all
versions, F ...)
NOT-FOR-US: FortiGuard
CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's
python gatew ...)
@@ -52756,9 +52756,9 @@ CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit
(aka -e) feature mishandle
CVE-2023-22808 (An issue was discovered in the Arm Android Gralloc Module. A
non-privi ...)
NOT-FOR-US: Arm Android Gralloc Module
CVE-2023-22663 (Improper authentication for some Intel Unison software may
allow an au ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22448 (Improper access control for some Intel Unison software may
allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22445
RESERVED
CVE-2023-22430
@@ -52768,13 +52768,13 @@ CVE-2023-22355 (Uncontrolled search path in some
Intel(R) oneAPI Toolkit and com
CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before
version ...)
NOT-FOR-US: Intel
CVE-2023-22337 (Improper input validation for some Intel Unison software may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22292 (Uncaught exception for some Intel Unison software may allow an
authent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22290 (Uncaught exception for some Intel Unison software may allow an
authent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22285 (Improper access control for some Intel Unison software may
allow an un ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-0112 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
NOT-FOR-US: usememos
CVE-2023-0111 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
@@ -60565,7 +60565,7 @@ CVE-2022-4312 (A cleartext storage of sensitive
information vulnerability exists
CVE-2022-4311 (An insertion of sensitive information into log file
vulnerability exis ...)
NOT-FOR-US: PcVue
CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe
Graphic ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-42700
RESERVED
CVE-2022-46674
@@ -60643,9 +60643,9 @@ CVE-2022-46650 (Acemanager in ALEOS before version 4.16
allows a user with valid
CVE-2022-46649 (Acemanager in ALEOS before version 4.16 allows a user with
valid crede ...)
NOT-FOR-US: ALEOS
CVE-2022-46647 (Insertion of sensitive information into log file for some
Intel Unison ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46646 (Exposure of sensitive information to an unauthorized actor for
some In ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless
WiFi so ...)
{DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
@@ -60654,19 +60654,19 @@ CVE-2022-46329 (Protection mechanism failure for some
Intel(R) PROSet/Wireless W
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
NOTE: Fixed upstream in linux-firmware/20230804
CVE-2022-46301 (Improper Initialization for some Intel Unison software may
allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46299 (Insufficient control flow management for some Intel Unison
software ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a
privileg ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46283
RESERVED
CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier
allows a lo ...)
NOT-FOR-US: CX-Drive
CVE-2022-45469 (Improper input validation for some Intel Unison software may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43666 (Exposure of sensitive system information due to uncleared
debug inform ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43496
RESERVED
CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the
Add UCS ...)
@@ -65436,7 +65436,7 @@ CVE-2022-45117
CVE-2022-45114
RESERVED
CVE-2022-45109 (Improper initialization for some Intel Unison software may
allow an au ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM)
software bef ...)
NOT-FOR-US: Intel
CVE-2022-44611 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
@@ -65444,11 +65444,11 @@ CVE-2022-44611 (Improper input validation in the BIOS
firmware for some Intel(R)
CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for
some Int ...)
NOT-FOR-US: Intel
CVE-2022-43477 (Incomplete cleanup for some Intel Unison software may allow an
authent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT
Driver for L ...)
NOT-FOR-US: Intel
CVE-2022-41659 (Improper access control for some Intel Unison software may
allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate
files to b ...)
NOT-FOR-US: Listingo WordPress theme
CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do
not filt ...)
@@ -77643,7 +77643,7 @@ CVE-2022-41745 (An Out-of-Bounds access vulnerability
in Trend Micro Apex One co
CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro
Apex One ...)
NOT-FOR-US: Trend Micro
CVE-2022-41700 (Insecure inherited permissions in some Intel(R) NUC Pro
Software Suite ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP
Cryptography ...)
NOT-FOR-US: Intel
CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for
some Intel ...)
@@ -77836,7 +77836,7 @@ CVE-2022-41703 (A vulnerability in the SQL Alchemy
connector of Apache Superset
CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS
applica ...)
NOT-FOR-US: Intel
CVE-2022-41689 (Improper access control in some Intel In-Band Manageability
software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41682
RESERVED
CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and
earlier that c ...)
@@ -77864,7 +77864,7 @@ CVE-2022-40688
CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA
products ...)
NOT-FOR-US: Intel
CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic
Tool sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and
classified ...)
NOT-FOR-US: Open5GS
CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack
that affec ...)
@@ -80402,7 +80402,7 @@ CVE-2022-40683 (A double free in Fortinet FortiWeb
version 7.0.0 through 7.0.3 m
CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows)
7.0.0 - 7. ...)
NOT-FOR-US: Fortinet
CVE-2022-40681 (A incorrect authorization in Fortinet FortiClient (Windows)
7.0.0 - 7. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-40680 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-40679 (An improper neutralization of special elements used in an OS
command v ...)
@@ -91994,13 +91994,13 @@ CVE-2022-36408
CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life
Diagnostic Tool ...)
NOT-FOR-US: Intel
CVE-2022-36396 (Improper access control in some Intel(R) Aptio* V UEFI
Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36395
RESERVED
CVE-2022-36377 (Insecure inherited permissions in some Intel(R) Wireless
Adapter Drive ...)
NOT-FOR-US: Intel
CVE-2022-36374 (Improper access control in some Intel(R) Aptio* V UEFI
Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by
Intel befo ...)
NOT-FOR-US: Intel
CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery
Life Diag ...)
@@ -98968,7 +98968,7 @@ CVE-2022-33976
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software
for Win ...)
NOT-FOR-US: Intel
CVE-2022-33898 (Insecure inherited permissions in some Intel(R) NUC Watchdog
Timer ins ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software
before versio ...)
NOT-FOR-US: Intel
CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC
Boards, Inte ...)
@@ -99108,7 +99108,7 @@ CVE-2022-33951
CVE-2022-33950
RESERVED
CVE-2022-33945 (Improper input validation in some Intel(R) Server board and
Intel(R) S ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software
before versi ...)
NOT-FOR-US: Intel
CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus
Prime Pro ...)
@@ -111762,7 +111762,7 @@ CVE-2022-1408 (The VikBooking Hotel Booking Engine &
PMS WordPress plugin before
CVE-2022-1407 (The VikBooking Hotel Booking Engine & PMS WordPress plugin
before 1.5. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29510 (Improper buffer restrictions in some Intel(R) Server Board
M10JNP2SB B ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for
Windows ...)
NOT-FOR-US: LINE for Windows
CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library
maintained by In ...)
@@ -111772,7 +111772,7 @@ CVE-2022-29469
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before
version ...)
NOT-FOR-US: Intel
CVE-2022-29262 (Improper buffer restrictions in some Intel(R) Server Board
BIOS firmwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R)
NUC Lapt ...)
NOT-FOR-US: Intel
CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before
version 1 ...)
@@ -117654,7 +117654,7 @@ CVE-2022-27500 (Incorrect default permissions for the
Intel(R) Support Android a
CVE-2022-27233 (XML injection in the Quartus(R) Prime Programmer included in
the Intel ...)
NOT-FOR-US: Intel
CVE-2022-27229 (Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN,
NUC7i7D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode
allows for a ...)
NOT-FOR-US: Splunk
CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software
before vers ...)
@@ -126937,7 +126937,7 @@ CVE-2022-24400 (A flaw in the TETRA authentication
procecure allows a MITM adver
CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs
may allow ...)
NOT-FOR-US: Intel
CVE-2022-24379 (Improper input validation in some Intel(R) Server System
M70KLP Family ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R)
NUCs may al ...)
NOT-FOR-US: Intel
CVE-2022-23917
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc78768d1786935bb4a462d6fa509c2d6de7e4a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc78768d1786935bb4a462d6fa509c2d6de7e4a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
