Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e74dc6f7 by security tracker role at 2024-05-17T08:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,244 @@
-CVE-2024-21823
+CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for
WooCommerce plu ...)
+ TODO: check
+CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-3551 (The Penci Soledad Data Migrator plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-3231 (The Popup4Phone WordPress plugin through 1.3.2 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-3134 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
+ TODO: check
+CVE-2024-35110 (A reflected XSS vulnerability has been found in YzmCMS 7.1.
The vulner ...)
+ TODO: check
+CVE-2024-34757 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34752 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34575 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34567 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-33556 (Unrestricted Upload of File with Dangerous Type vulnerability
in 8them ...)
+ TODO: check
+CVE-2024-32800 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-31351 (Unrestricted Upload of File with Dangerous Type vulnerability
in Copym ...)
+ TODO: check
+CVE-2024-30060 (Azure Monitor Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-2744 (The NextGEN Gallery WordPress plugin before 3.59.1 does not
sanitise ...)
+ TODO: check
+CVE-2024-2697 (The socialdriver-framework WordPress plugin before 2024.0.0
does not v ...)
+ TODO: check
+CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is
vulnerable to H ...)
+ TODO: check
+CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI
firmware fo ...)
+ TODO: check
+CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI
firmware ...)
+ TODO: check
+CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in
UEFI firm ...)
+ TODO: check
+CVE-2024-22476 (Improper input validation in some Intel(R) Neural Compressor
software ...)
+ TODO: check
+CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA
products ...)
+ TODO: check
+CVE-2024-22384 (Out-of-bounds read for some Intel(R) Trace Analyzer and
Collector soft ...)
+ TODO: check
+CVE-2024-22382 (Improper input validation in PprRequestLog module in UEFI
firmware for ...)
+ TODO: check
+CVE-2024-22379 (Uncontrolled search path in some Intel(R) Inspector software
before ve ...)
+ TODO: check
+CVE-2024-22095 (Improper input validation in PlatformVariableInitDxe driver in
UEFI fi ...)
+ TODO: check
+CVE-2024-22015 (Improper input validation for some Intel(R) DLB driver
software before ...)
+ TODO: check
+CVE-2024-21864 (Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe
Graphics ...)
+ TODO: check
+CVE-2024-21862 (Uncontrolled search path in some Intel(R) Quartus(R) Prime
Standard Ed ...)
+ TODO: check
+CVE-2024-21861 (Uncontrolled search path in some Intel(R) GPA Framework
software befor ...)
+ TODO: check
+CVE-2024-21843 (Uncontrolled search path for some Intel(R) Computing
Improvement Progr ...)
+ TODO: check
+CVE-2024-21841 (Uncontrolled search path for some Intel(R) Distribution for
GDB softwa ...)
+ TODO: check
+CVE-2024-21837 (Uncontrolled search path in some Intel(R) Quartus(R) Prime
Lite Editio ...)
+ TODO: check
+CVE-2024-21835 (Insecure inherited permissions in some Intel(R) XTU software
before ve ...)
+ TODO: check
+CVE-2024-21831 (Uncontrolled search path in some Intel(R) Processor Diagnostic
Tool so ...)
+ TODO: check
+CVE-2024-21828 (Improper access control in some Intel(R) Ethernet Controller
Administr ...)
+ TODO: check
+CVE-2024-21818 (Uncontrolled search path in some Intel(R) PCM software before
version ...)
+ TODO: check
+CVE-2024-21814 (Uncontrolled search path for some Intel(R) Chipset Device
Software bef ...)
+ TODO: check
+CVE-2024-21813 (Exposure of resource to wrong sphere in some Intel(R) DTT
software ins ...)
+ TODO: check
+CVE-2024-21809 (Improper conditions check for some Intel(R) Quartus(R) Prime
Lite Edit ...)
+ TODO: check
+CVE-2024-21792 (Time-of-check Time-of-use race condition in Intel(R) Neural
Compressor ...)
+ TODO: check
+CVE-2024-21788 (Uncontrolled search path in some Intel(R) GPA software before
version ...)
+ TODO: check
+CVE-2024-21777 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro
Edition ...)
+ TODO: check
+CVE-2024-21774 (Uncontrolled search path in some Intel(R) Processor
Identification Uti ...)
+ TODO: check
+CVE-2024-21772 (Uncontrolled search path in some Intel(R) Advisor software
before vers ...)
+ TODO: check
+CVE-2023-49614 (Out of bounds write in firmware for some Intel(R) FPGA
products before ...)
+ TODO: check
+CVE-2023-48727 (NULL pointer dereference in some Intel(R) oneVPL software
before versi ...)
+ TODO: check
+CVE-2023-48368 (Improper input validation in Intel(R) Media SDK software all
versions ...)
+ TODO: check
+CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth
products ...)
+ TODO: check
+CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and
some Intel( ...)
+ TODO: check
+CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi softw ...)
+ TODO: check
+CVE-2023-47169 (Improper buffer restrictions in Intel(R) Media SDK software
all versio ...)
+ TODO: check
+CVE-2023-47165 (Improper conditions check in the Intel(R) Data Center GPU Max
Series 1 ...)
+ TODO: check
+CVE-2023-46691 (Use after free in Intel(R) Power Gadget software for Windows
all versi ...)
+ TODO: check
+CVE-2023-46689 (Improper neutralization in Intel(R) Power Gadget software for
macOS al ...)
+ TODO: check
+CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS
all ver ...)
+ TODO: check
+CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless
Bluetooth(R) prod ...)
+ TODO: check
+CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software
uninstallers be ...)
+ TODO: check
+CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget
software for W ...)
+ TODO: check
+CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM)
Profiler s ...)
+ TODO: check
+CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software
for Win ...)
+ TODO: check
+CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all
versions may al ...)
+ TODO: check
+CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for
Windows ...)
+ TODO: check
+CVE-2023-43751 (Uncontrolled search path in Intel(R) Graphics Command Center
Service b ...)
+ TODO: check
+CVE-2023-43748 (Improper access control in some Intel(R) GPA Framework
software instal ...)
+ TODO: check
+CVE-2023-43745 (Improper input validation in some Intel(R) CBI software before
version ...)
+ TODO: check
+CVE-2023-43629 (Incorrect default permissions in some Intel(R) GPA software
installers ...)
+ TODO: check
+CVE-2023-43487 (Improper access control in some Intel(R) CST before version
2.1.10300 ...)
+ TODO: check
+CVE-2023-42773 (Improper neutralization in Intel(R) Power Gadget software for
Windows ...)
+ TODO: check
+CVE-2023-42668 (Incorrect default permissions in some onboard video driver
software be ...)
+ TODO: check
+CVE-2023-42433 (Incorrect default permissions in some Endurance Gaming Mode
software i ...)
+ TODO: check
+CVE-2023-41961 (Uncontrolled search path in some Intel(R) GPA software before
version ...)
+ TODO: check
+CVE-2023-41957 (Improper Privilege Management vulnerability in smp7,
wp.Insider Simple ...)
+ TODO: check
+CVE-2023-41956 (Improper Authentication vulnerability in smp7, wp.Insider
Simple Membe ...)
+ TODO: check
+CVE-2023-41955 (Improper Privilege Management vulnerability in WPDeveloper
Essential A ...)
+ TODO: check
+CVE-2023-41954 (Improper Privilege Management vulnerability in ProfilePress
Membership ...)
+ TODO: check
+CVE-2023-41665 (Improper Privilege Management vulnerability in GiveWP allows
Privilege ...)
+ TODO: check
+CVE-2023-41243 (Improper Privilege Management vulnerability in WPvivid Team
WPvivid Ba ...)
+ TODO: check
+CVE-2023-41234 (NULL pointer dereference in Intel(R) Power Gadget software for
Windows ...)
+ TODO: check
+CVE-2023-41092 (Unchecked return value in SDM firmware for Intel(R) Stratix 10
and Int ...)
+ TODO: check
+CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before
version ...)
+ TODO: check
+CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi
software fo ...)
+ TODO: check
+CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before
version ...)
+ TODO: check
+CVE-2023-40071 (Improper access control in some Intel(R) GPA software
installers befor ...)
+ TODO: check
+CVE-2023-40070 (Improper access control in some Intel(R) Power Gadget software
for mac ...)
+ TODO: check
+CVE-2023-39929 (Uncontrolled search path in some Libva software maintained by
Intel(R) ...)
+ TODO: check
+CVE-2023-39433 (Improper access control for some Intel(R) CST software before
version ...)
+ TODO: check
+CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-38654 (Improper input validation for some some Intel(R)
PROSet/Wireless WiFi ...)
+ TODO: check
+CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows
all vers ...)
+ TODO: check
+CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software
for macOS ...)
+ TODO: check
+CVE-2023-38417 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi softw ...)
+ TODO: check
+CVE-2023-38399 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-37999 (Improper Privilege Management vulnerability in HasThemes HT
Mega allow ...)
+ TODO: check
+CVE-2023-37888 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-37866 (Improper Privilege Management vulnerability in Crocoblock
JetFormBuild ...)
+ TODO: check
+CVE-2023-37389 (Improper Privilege Management vulnerability in SAASPROJECT
Booking Pac ...)
+ TODO: check
+CVE-2023-37385 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-35881 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-35192 (Uncontrolled search path in some Intel(R) GPA Framework
software befor ...)
+ TODO: check
+CVE-2023-34186 (Missing Authorization vulnerability in Imran Sayed Headless
CMS.This i ...)
+ TODO: check
+CVE-2023-33321 (Missing Authorization vulnerability in Metagauss EventPrime
allows Exp ...)
+ TODO: check
+CVE-2023-33310 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-32297 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-32244 (Improper Privilege Management vulnerability in XTemos Woodmart
Core al ...)
+ TODO: check
+CVE-2023-32129 (Missing Authorization vulnerability in Sparkle WP Editorialmag
editori ...)
+ TODO: check
+CVE-2023-32110 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-28402 (Improper input validation in some Intel(R) BIOS Guard firmware
may all ...)
+ TODO: check
+CVE-2023-28383 (Improper conditions check in some Intel(R) BIOS PPAM firmware
may allo ...)
+ TODO: check
+CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware
may all ...)
+ TODO: check
+CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware
for som ...)
+ TODO: check
+CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R)
DSA and In ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html
-CVE-2023-47855 [Intel-SA-01036]
+CVE-2023-47855 (Improper input validation in some Intel(R) TDX module software
before ...)
- intel-microcode 3.20240514.1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
-CVE-2023-45745 [Intel-SA-01036]
+CVE-2023-45745 (Improper input validation in some Intel(R) TDX module software
before ...)
- intel-microcode 3.20240514.1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
-CVE-2023-46103 [INTEL-SA-01052]
+CVE-2023-46103 (Sequence of processor instructions leads to unexpected
behavior in Int ...)
- intel-microcode 3.20240514.1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
-CVE-2023-45733 [INTEL-SA-01051]
+CVE-2023-45733 (Hardware logic contains race conditions in some Intel(R)
Processors ma ...)
- intel-microcode 3.20240514.1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
@@ -77772,7 +77996,7 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on
pathnames under TMPDIR (typically
NOTE: Neutralised by kernel hardening
CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor
Hub (ISH ...)
NOT-FOR-US: Intel
-CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) &
Iris(R) Xe ...)
+CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM)
Control softw ...)
NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
NOT-FOR-US: Intel
@@ -83482,9 +83706,9 @@ CVE-2023-27502 (Insertion of sensitive information into
log file for some Intel(
NOT-FOR-US: Intel
CVE-2023-27306 (Improper Initialization in firmware for some Intel(R)
Optane(TM) SSD p ...)
NOT-FOR-US: Intel
-CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) &
Iris(R) Xe Gr ...)
+CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) Control
softwar ...)
NOT-FOR-US: Intel
-CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe
Graphics - W ...)
+CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) Control software
before v ...)
NOT-FOR-US: Intel
CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in
firmware ...)
NOT-FOR-US: Intel
@@ -84808,8 +85032,8 @@ CVE-2023-27298 (Uncontrolled search path in the WULT
software maintained by Inte
NOT-FOR-US: Intel
CVE-2023-25772 (Improper input validation in the Intel(R) Retail Edge Mobile
Android a ...)
NOT-FOR-US: Intel
-CVE-2023-24460
- RESERVED
+CVE-2023-24460 (Incorrect default permissions in some Intel(R) GPA software
installers ...)
+ TODO: check
CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON
printers/network int ...)
NOT-FOR-US: Epson
CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical
Records ...)
@@ -86466,7 +86690,7 @@ CVE-2023-26864 (SQL injection vulnerability found in
PrestaShop smplredirections
CVE-2023-26863
REJECTED
CVE-2023-26862
- RESERVED
+ REJECTED
CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet
v.1.7.10 an ...)
NOT-FOR-US: PrestaShop module
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget
v.1.0.3 and b ...)
@@ -87236,8 +87460,8 @@ CVE-2023-26542 (Cross-Site Request Forgery (CSRF)
vulnerability in Exeebit phpin
NOT-FOR-US: WordPress plugin
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26540
- RESERVED
+CVE-2023-26540 (Improper Privilege Management vulnerability in Favethemes
Houzez allow ...)
+ TODO: check
CVE-2023-26539 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Max ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kamy ...)
@@ -87264,8 +87488,8 @@ CVE-2023-26528 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPIn ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26526
- RESERVED
+CVE-2023-26526 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech
Quiz An ...)
@@ -88862,8 +89086,8 @@ CVE-2023-26011 (Cross-Site Request Forgery (CSRF)
vulnerability in Tim Eckel Rea
NOT-FOR-US: WordPress plugin
CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPMo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26009
- RESERVED
+CVE-2023-26009 (Improper Privilege Management vulnerability in favethemes
Houzez Login ...)
+ TODO: check
CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Ajay ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26007
@@ -89830,8 +90054,8 @@ CVE-2023-25703
RESERVED
CVE-2023-25702 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in Full ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25701
- RESERVED
+CVE-2023-25701 (Improper Privilege Management vulnerability in WhatArmy
WatchTowerHQ a ...)
+ TODO: check
CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25699 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
@@ -90941,8 +91165,8 @@ CVE-2023-25446
RESERVED
CVE-2023-25445
RESERVED
-CVE-2023-25444
- RESERVED
+CVE-2023-25444 (Unrestricted Upload of File with Dangerous Type vulnerability
in JS He ...)
+ TODO: check
CVE-2023-25443 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company
Button ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in Marc ...)
@@ -91927,8 +92151,8 @@ CVE-2023-25052 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua
Comment Re ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25050
- RESERVED
+CVE-2023-25050 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in impl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25048
@@ -94100,8 +94324,8 @@ CVE-2023-24381 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24380 (Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke
Simple Wp ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24379
- RESERVED
+CVE-2023-24379 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid
Ecommerce Ecw ...)
@@ -95051,12 +95275,12 @@ CVE-2023-23992 (Cross-Site Request Forgery (CSRF)
vulnerability in AutomatorWP p
NOT-FOR-US: WordPress plugin
CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23990
- RESERVED
+CVE-2023-23990 (Improper Privilege Management vulnerability in Qube One Ltd.
Redirecti ...)
+ TODO: check
CVE-2023-23989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23988
- RESERVED
+CVE-2023-23988 (Missing Authorization vulnerability in Joseph C Dolson My
Tickets.This ...)
+ TODO: check
CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPEv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23986
@@ -95365,8 +95589,8 @@ CVE-2023-23890 (Cross-Site Request Forgery (CSRF)
vulnerability in LJ Apps WP Ai
NOT-FOR-US: WordPress plugin
CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23888
- RESERVED
+CVE-2023-23888 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-23887
RESERVED
CVE-2023-23886
@@ -95397,8 +95621,8 @@ CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23872
- RESERVED
+CVE-2023-23872 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Webd ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in wpde ...)
@@ -95955,8 +96179,8 @@ CVE-2023-23702 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23700
- RESERVED
+CVE-2023-23700 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact
sensitive PEM k ...)
@@ -96112,8 +96336,8 @@ CVE-2023-23647 (Auth. (author+) Stored Cross-Site
Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2023-23646 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life
Album Gal ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23645
- RESERVED
+CVE-2023-23645 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
CVE-2023-23644
RESERVED
CVE-2023-23643
@@ -98140,8 +98364,8 @@ CVE-2023-22926
RESERVED
CVE-2023-22925
RESERVED
-CVE-2023-22656
- RESERVED
+CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R)
oneVPL soft ...)
+ TODO: check
CVE-2023-22433
RESERVED
CVE-2023-22426
@@ -100190,7 +100414,7 @@ CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in
GitHub repository linagora
NOT-FOR-US: linagora/Twake
CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0
for Robot ...)
NOT-FOR-US: ros ntpd driver
-CVE-2022-48197 (Reflected cross-site scripting (XSS) exists in the TreeView of
YUI2 th ...)
+CVE-2022-48197 (Reflected cross-site scripting (XSS) exists in Sandbox
examples in the ...)
NOT-FOR-US: TreeView of YUI2
CVE-2018-25061 (A vulnerability was found in rgb2hex up to 0.1.5. It has been
rated as ...)
NOT-FOR-US: rgb2hex
@@ -106911,7 +107135,7 @@ CVE-2022-4312 (A cleartext storage of sensitive
information vulnerability exists
NOT-FOR-US: PcVue
CVE-2022-4311 (An insertion of sensitive information into log file
vulnerability exis ...)
NOT-FOR-US: PcVue
-CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe
Graphic ...)
+CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) Control
software bef ...)
NOT-FOR-US: Intel
CVE-2022-42700
RESERVED
@@ -111091,8 +111315,8 @@ CVE-2022-45376 (Cross-Site Request Forgery (CSRF)
vulnerability in XootiX Side C
NOT-FOR-US: WordPress plugin
CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45374
- RESERVED
+CVE-2022-45374 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer
Product Ga ...)
@@ -111103,8 +111327,8 @@ CVE-2022-45370 (Improper Neutralization of Formula
Elements in a CSV File vulner
NOT-FOR-US: WordPress plugin
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in
Plugin for ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45368
- RESERVED
+CVE-2022-45368 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Cus ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jason Cr ...)
@@ -111906,8 +112130,8 @@ CVE-2022-45072 (Cross-Site Request Forgery (CSRF)
vulnerability in WPML Multilin
NOT-FOR-US: WordPress plugin
CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML
Multilingual C ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45070
- RESERVED
+CVE-2022-45070 (Missing Authorization vulnerability in FmeAddons Conditional
Checkout ...)
+ TODO: check
CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in
Crowdsignal ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado
Pago Mercad ...)
@@ -114430,8 +114654,8 @@ CVE-2022-44583 (Unauth. Arbitrary File Download
vulnerability in WatchTowerHQ pl
NOT-FOR-US: WordPress plugin
CVE-2022-44582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Appt ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44581
- RESERVED
+CVE-2022-44581 (Insecure Storage of Sensitive Information vulnerability in
WPMU DEV De ...)
+ TODO: check
CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for
Google Re ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44579
@@ -124070,8 +124294,8 @@ CVE-2022-40207 (Improper access control in the
Intel(R) SUR software before vers
NOT-FOR-US: Intel
CVE-2022-38101 (Uncontrolled search path in some Intel(R) NUC Chaco Canyon
BIOS update ...)
NOT-FOR-US: Intel
-CVE-2022-37410
- RESERVED
+CVE-2022-37410 (Improper access control for some Intel(R) Thunderbolt driver
software ...)
+ TODO: check
CVE-2022-37409 (Insufficient control flow management for the Intel(R) IPP
Cryptography ...)
NOT-FOR-US: Intel
CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a
vulnerability in t ...)
@@ -136067,8 +136291,8 @@ CVE-2022-37348 (Trend Micro Security 2021 and 2022
(Consumer) is vulnerable to a
NOT-FOR-US: Trend Micro
CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to
an Out- ...)
NOT-FOR-US: Trend Micro
-CVE-2022-37341
- RESERVED
+CVE-2022-37341 (Improper access control in some Intel(R) Ethernet Adapters and
Intel(R ...)
+ TODO: check
CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for
Windows befo ...)
NOT-FOR-US: Intel
CVE-2022-37326 (Docker Desktop for Windows before 4.6.0 allows attackers to
delete (or ...)
@@ -209793,7 +210017,7 @@ CVE-2021-37386 (Furukawa Electric LatAm 423-41W/AC
before v1.1.4 and LD421-21W b
NOT-FOR-US: Furukawa
CVE-2021-37385
RESERVED
-CVE-2021-37384 (A remote command execution (RCE) vulnerability in the web
interface co ...)
+CVE-2021-37384 (RCE (Remote Code Execution) vulnerability was found in some
Furukawa O ...)
NOT-FOR-US: Furukawa
CVE-2021-37383
RESERVED
@@ -220194,18 +220418,18 @@ CVE-2021-33164 (Improper access control in BIOS
firmware for some Intel(R) NUCs
NOT-FOR-US: Intel
CVE-2021-33163
REJECTED
-CVE-2021-33162
- REJECTED
-CVE-2021-33161
- REJECTED
+CVE-2021-33162 (Improper access control in some Intel(R) Ethernet Adapters and
Intel(R ...)
+ TODO: check
+CVE-2021-33161 (Improper input validation in some Intel(R) Ethernet Adapters
and Intel ...)
+ TODO: check
CVE-2021-33160
REJECTED
CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before
versions ...)
NOT-FOR-US: Intel
-CVE-2021-33158
- REJECTED
-CVE-2021-33157
- REJECTED
+CVE-2021-33158 (Improper neutralization in some Intel(R) Ethernet Adapters and
Intel(R ...)
+ TODO: check
+CVE-2021-33157 (Insufficient control flow management in some Intel(R) Ethernet
Adapter ...)
+ TODO: check
CVE-2021-33156
REJECTED
CVE-2021-33155 (Improper input validation in firmware for some Intel(R)
Wireless Bluet ...)
@@ -220226,18 +220450,18 @@ CVE-2021-33148
REJECTED
CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library
before ve ...)
NOT-FOR-US: Intel
-CVE-2021-33146
- REJECTED
-CVE-2021-33145
- REJECTED
+CVE-2021-33146 (Improper input validation in some Intel(R) Ethernet Adapters
and Intel ...)
+ TODO: check
+CVE-2021-33145 (Uncaught exception in some Intel(R) Ethernet Adapters and
Intel(R) Eth ...)
+ TODO: check
CVE-2021-33144
REJECTED
CVE-2021-33143
REJECTED
-CVE-2021-33142
- REJECTED
-CVE-2021-33141
- REJECTED
+CVE-2021-33142 (Improper input validation in some Intel(R) Ethernet Adapters
and Intel ...)
+ TODO: check
+CVE-2021-33141 (Improper input validation in some Intel(R) Ethernet Adapters
and Intel ...)
+ TODO: check
CVE-2021-33140
REJECTED
CVE-2021-33139 (Improper conditions check in firmware for some Intel(R)
Wireless Bluet ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e74dc6f70924dd21b2634e35f24bcf520919413b
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e74dc6f70924dd21b2634e35f24bcf520919413b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
