Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
200a1cd6 by security tracker role at 2023-08-08T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,333 @@
+CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment
System ...)
+ TODO: check
+CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are
affect ...)
+ TODO: check
+CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are
affect ...)
+ TODO: check
+CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to
6.0.17 i ...)
+ TODO: check
+CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be
vulnera ...)
+ TODO: check
+CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking
Stack. Pri ...)
+ TODO: check
+CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of
arbitrar ...)
+ TODO: check
+CVE-2023-39518 (social-media-skeleton is an uncompleted social media project
implement ...)
+ TODO: check
+CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39342 (Dangerzone is software for converting potentially dangerous
PDFs, offi ...)
+ TODO: check
+CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
+ TODO: check
+CVE-2023-39218 (Client-side enforcement of server-side security in Zoom
clients before ...)
+ TODO: check
+CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10
may allow ...)
+ TODO: check
+CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows
before 5. ...)
+ TODO: check
+CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit
sensitiv ...)
+ TODO: check
+CVE-2023-38815
+ REJECTED
+CVE-2023-38814
+ REJECTED
+CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0
allows a ...)
+ TODO: check
+CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0
allows a ...)
+ TODO: check
+CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger
Project wger W ...)
+ TODO: check
+CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger
Workout Manage ...)
+ TODO: check
+CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions <
V14.2.0.5 ...)
+ TODO: check
+CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions <
V14.2.0.5 ...)
+ TODO: check
+CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
+ TODO: check
+CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
+ TODO: check
+CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
+ TODO: check
+CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
+ TODO: check
+CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
+ TODO: check
+CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Syntacti ...)
+ TODO: check
+CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability)
+ TODO: check
+CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote
Code Execu ...)
+ TODO: check
+CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege
Vulnerabili ...)
+ TODO: check
+CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a
SQL inj ...)
+ TODO: check
+CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a
SQL inj ...)
+ TODO: check
+CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a
SQL inj ...)
+ TODO: check
+CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File
Opener v ...)
+ TODO: check
+CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center
Management Suit d ...)
+ TODO: check
+CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
+ TODO: check
+CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
+ TODO: check
+CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature
Bypass ...)
+ TODO: check
+CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36911 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36910 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36907 (Windows Cryptographic Services Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-36906 (Windows Cryptographic Services Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc)
Information Discl ...)
+ TODO: check
+CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code
Execution V ...)
+ TODO: check
+CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
+ TODO: check
+CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability)
+ TODO: check
+CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation
of Privil ...)
+ TODO: check
+CVE-2023-36873 (.NET Framework Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Chri ...)
+ TODO: check
+CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to
execute arbitr ...)
+ TODO: check
+CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop
Client ...)
+ TODO: check
+CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client
for Win ...)
+ TODO: check
+CVE-2023-36535 (Client-side enforcement of server-side security in Zoom
clients before ...)
+ TODO: check
+CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before
5.14.7 may al ...)
+ TODO: check
+CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7
may allow ...)
+ TODO: check
+CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an
unauthentic ...)
+ TODO: check
+CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V,
S3NSEN4, SEN8 ...)
+ TODO: check
+CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and
before al ...)
+ TODO: check
+CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon
LogAnalyz ...)
+ TODO: check
+CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the
passwor ...)
+ TODO: check
+CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability)
+ TODO: check
+CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability)
+ TODO: check
+CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure
Vulnerab ...)
+ TODO: check
+CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng)
Elevation of ...)
+ TODO: check
+CVE-2023-35378 (Windows Projected File System Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
GTmetrix ...)
+ TODO: check
+CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in GetB ...)
+ TODO: check
+CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor
PowerF ...)
+ TODO: check
CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
@@ -148,7 +478,7 @@ CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001
v0.4.1.1, and XAVN2001v2 v
NOT-FOR-US: Netgear
CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to
contain ...)
NOT-FOR-US: Netgear
-CVE-2023-38704 (`import-in-the-middle` is a module loading interceptor
specifically fo ...)
+CVE-2023-38704 (import-in-the-middle is a module loading interceptor
specifically for ...)
TODO: check
CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple
buffer o ...)
NOT-FOR-US: Netgear
@@ -889,7 +1219,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115,
Firefox ESR 115.0, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0,
Firefox ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -899,7 +1229,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115,
Firefox ESR 115.0, Fir
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
CVE-2023-4055 (When the number of cookies per domain was exceeded in
`document.cookie ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -931,7 +1261,7 @@ CVE-2023-4051 (A website could have obscured the full
screen notification by usi
- firefox 116.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack
buffer ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -941,7 +1271,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream
was copied to a stack bu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
CVE-2023-4049 (Race conditions in reference counting code were found through
code ins ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -951,7 +1281,7 @@ CVE-2023-4049 (Race conditions in reference counting code
were found through cod
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash
when pars ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -961,7 +1291,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an
exploitable crash when
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
CVE-2023-4047 (A bug in popup notifications delay calculation could have made
it poss ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -971,7 +1301,7 @@ CVE-2023-4047 (A bug in popup notifications delay
calculation could have made it
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
CVE-2023-4046 (In some circumstances, a stale value could have been used for a
global ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -981,7 +1311,7 @@ CVE-2023-4046 (In some circumstances, a stale value could
have been used for a g
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
- {DSA-5469-1 DSA-5464-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -2715,7 +3045,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered
to contain a buffer over
CVE-2023-37472 (Knowage is an open source suite for business analytics. The
applicatio ...)
NOT-FOR-US: Knowage
CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript
Object Signin ...)
- {DLA-3515-1}
+ {DSA-5472-1 DLA-3515-1}
- cjose 0.6.2.2-1 (bug #1041423)
NOTE:
https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
NOTE:
https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e
(v0.6.2.2)
@@ -3444,7 +3774,7 @@ CVE-2023-37247 (A vulnerability has been identified in
Tecnomatix Plant Simulati
NOT-FOR-US: Siemens
CVE-2023-37246 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
NOT-FOR-US: Siemens
-CVE-2023-36884 (Microsoft is investigating reports of a series of remote code
executio ...)
+CVE-2023-36884 (Windows Search Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36874 (Windows Error Reporting Service Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
@@ -8017,7 +8347,7 @@ CVE-2023-33960 (OpenProject is web-based project
management software. For any Op
NOT-FOR-US: OpenProject
CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered
to cont ...)
NOT-FOR-US: eMedia Consulting simpleRedak
-CVE-2023-33756
+CVE-2023-33756 (An issue in the SpreadSheetPlugin component of Foswiki v2.1.7
and belo ...)
- foswiki <itp> (bug #509864)
CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to
v4.2.17 do ...)
NOT-FOR-US: Inpiazza Cloud WiFi
@@ -10980,8 +11310,8 @@ CVE-2023-2284 (The WP Activity Log Premium plugin for
WordPress is vulnerable to
NOT-FOR-US: WP Activity Log Premium plugin for WordPress
CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging
Queuing Servic ...)
NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart
Optima
-CVE-2023-31221
- RESERVED
+CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rans ...)
+ TODO: check
CVE-2023-31220
RESERVED
CVE-2023-31219
@@ -11774,7 +12104,7 @@ CVE-2023-2232 (An issue has been discovered in GitLab
affecting all versions sta
CVE-2023-2231 (A vulnerability, which was classified as critical, was found in
MAXTEC ...)
NOT-FOR-US: MAXTECH
CVE-2023-2230
- RESERVED
+ REJECTED
CVE-2023-2229
RESERVED
CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
@@ -12166,10 +12496,10 @@ CVE-2023-30798 (There MultipartParser usage in
Encode's Starlette python framewo
NOTE:
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random
values w ...)
NOT-FOR-US: Netflix Lemur
-CVE-2023-30796
- RESERVED
-CVE-2023-30795
- RESERVED
+CVE-2023-30796 (A vulnerability has been identified in JT Open (All versions <
V11.4), ...)
+ TODO: check
+CVE-2023-30795 (A vulnerability has been identified in JT Open (All versions <
V11.4), ...)
+ TODO: check
CVE-2023-2166 (A null pointer dereference issue was found in can protocol in
net/can/ ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.162-1
@@ -13445,8 +13775,8 @@ CVE-2023-30484 (Cross-Site Request Forgery (CSRF)
vulnerability in uPress Enable
NOT-FOR-US: WordPress plugin
CVE-2023-30483
RESERVED
-CVE-2023-30482
- RESERVED
+CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-30481
RESERVED
CVE-2023-30480
@@ -16463,12 +16793,12 @@ CVE-2023-29332
RESERVED
CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service
Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2023-29330
- RESERVED
+CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29329
RESERVED
-CVE-2023-29328
- RESERVED
+CVE-2023-29328 (Microsoft Teams Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29327
RESERVED
CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
@@ -17137,8 +17467,8 @@ CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Mu
NOT-FOR-US: Muffingroup
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Dream-Th ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29099
- RESERVED
+CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ArtistSc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29097
@@ -17775,14 +18105,14 @@ CVE-2022-4934 (A post-auth command injection
vulnerability in the exception wiza
NOT-FOR-US: Sophos
CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of
Sophos W ...)
NOT-FOR-US: Sophos
-CVE-2023-28934
- RESERVED
+CVE-2023-28934 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mamm ...)
+ TODO: check
CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in StPe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPMo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28931
- RESERVED
+CVE-2023-28931 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Neve ...)
+ TODO: check
CVE-2023-28930
RESERVED
CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are
vulnerable to ...)
@@ -18176,8 +18506,8 @@ CVE-2023-28832 (A vulnerability has been identified in
SIMATIC Cloud Connect 7 C
NOT-FOR-US: Siemens
CVE-2023-28831
RESERVED
-CVE-2023-28830
- RESERVED
+CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions <
V14.2.0.5 ...)
+ TODO: check
CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software
V14 (Al ...)
NOT-FOR-US: Siemens
CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All
versions < V2 ...)
@@ -18326,8 +18656,8 @@ CVE-2023-28775
RESERVED
CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Grad ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28773
- RESERVED
+CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3.
lib/seq_buf ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -19126,12 +19456,12 @@ CVE-2023-28579
RESERVED
CVE-2023-28578
RESERVED
-CVE-2023-28577
- RESERVED
-CVE-2023-28576
- RESERVED
-CVE-2023-28575
- RESERVED
+CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there
is no ch ...)
+ TODO: check
+CVE-2023-28576 (The buffer obtained from kernel APIs such as
cam_mem_get_cpu_buf() may ...)
+ TODO: check
+CVE-2023-28575 (The cam_get_device_priv function does not check the type of
handle bei ...)
+ TODO: check
CVE-2023-28574
RESERVED
CVE-2023-28573
@@ -19158,8 +19488,8 @@ CVE-2023-28563
RESERVED
CVE-2023-28562
RESERVED
-CVE-2023-28561
- RESERVED
+CVE-2023-28561 (Memory corruption in QESL while processing payload from
external ESL d ...)
+ TODO: check
CVE-2023-28560
RESERVED
CVE-2023-28559
@@ -19170,8 +19500,8 @@ CVE-2023-28557
RESERVED
CVE-2023-28556
RESERVED
-CVE-2023-28555
- RESERVED
+CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media
codec d ...)
+ TODO: check
CVE-2023-28554
RESERVED
CVE-2023-28553
@@ -19206,8 +19536,8 @@ CVE-2023-28539
RESERVED
CVE-2023-28538
RESERVED
-CVE-2023-28537
- RESERVED
+CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module
in Audi ...)
+ TODO: check
CVE-2023-28536
RESERVED
CVE-2023-28535
@@ -22301,8 +22631,8 @@ CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-27628
RESERVED
-CVE-2023-27627
- RESERVED
+CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
eggemplo ...)
+ TODO: check
CVE-2023-27626
RESERVED
CVE-2023-27625
@@ -22942,10 +23272,10 @@ CVE-2023-27424 (Cross-Site Request Forgery (CSRF)
vulnerability in Korol Yuriy a
NOT-FOR-US: WordPress plugin
CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon
Fincken Auto ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27422
- RESERVED
-CVE-2023-27421
- RESERVED
+CVE-2023-27422 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in NsTh ...)
+ TODO: check
+CVE-2023-27421 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Everest ...)
+ TODO: check
CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Everest ...)
NOT-FOR-US: WordPress theme
CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Everest ...)
@@ -22954,18 +23284,18 @@ CVE-2023-27418
RESERVED
CVE-2023-27417
RESERVED
-CVE-2023-27416
- RESERVED
-CVE-2023-27415
- RESERVED
+CVE-2023-27416 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Deco ...)
+ TODO: check
+CVE-2023-27415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Them ...)
+ TODO: check
CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Popup Bo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27412
- RESERVED
-CVE-2023-27411
- RESERVED
+CVE-2023-27412 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Everest ...)
+ TODO: check
+CVE-2023-27411 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
+ TODO: check
CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All
versions ...)
@@ -24167,8 +24497,8 @@ CVE-2023-26963
RESERVED
CVE-2023-26962
RESERVED
-CVE-2023-26961
- RESERVED
+CVE-2023-26961 (Alteryx Server 2022.1.1.42590 does not employ file type
verification f ...)
+ TODO: check
CVE-2023-26960
RESERVED
CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable
to SQL I ...)
@@ -26792,8 +27122,8 @@ CVE-2023-25986
RESERVED
CVE-2023-25985
RESERVED
-CVE-2023-25984
- RESERVED
+CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rigo ...)
+ TODO: check
CVE-2023-25983
RESERVED
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -28771,8 +29101,8 @@ CVE-2023-25461 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Code ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25459
- RESERVED
+CVE-2023-25459 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Post ...)
+ TODO: check
CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in GMO ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25457
@@ -29760,8 +30090,8 @@ CVE-2023-25065 (Cross-Site Request Forgery (CSRF)
vulnerability in ShapedPlugin
NOT-FOR-US: WordPress plugin
CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Matt ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25063
- RESERVED
+CVE-2023-25063 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Anad ...)
+ TODO: check
CVE-2023-25062 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in PINP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25061 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -30366,8 +30696,8 @@ CVE-2023-24847
RESERVED
CVE-2023-24846
RESERVED
-CVE-2023-24845
- RESERVED
+CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
+ TODO: check
CVE-2023-24844
RESERVED
CVE-2023-24843
@@ -30790,8 +31120,7 @@ CVE-2023-24700
RESERVED
CVE-2023-24699
RESERVED
-CVE-2023-24698
- RESERVED
+CVE-2023-24698 (Insufficient parameter validation in the Foswiki::Sandbox
component of ...)
- foswiki <itp> (bug #509864)
CVE-2023-24697
RESERVED
@@ -31880,16 +32209,16 @@ CVE-2023-24415 (Cross-Site Request Forgery (CSRF)
vulnerability in QuantumCloud
NOT-FOR-US: WordPress plugin
CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft
Photo Gall ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24413
- RESERVED
+CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
+ TODO: check
CVE-2023-24412
RESERVED
CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24410
RESERVED
-CVE-2023-24409
- RESERVED
+CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
+ TODO: check
CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24407
@@ -33220,14 +33549,14 @@ CVE-2023-23882
RESERVED
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gree ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23880
- RESERVED
+CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh
PHP Exe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in fli ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23877
- RESERVED
+CVE-2023-23877 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23876 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Hima ...)
@@ -33380,8 +33709,8 @@ CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ProfileP ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23829
- RESERVED
+CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pier ...)
+ TODO: check
CVE-2023-23828
RESERVED
CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Googl ...)
@@ -37332,8 +37661,8 @@ CVE-2023-22668
RESERVED
CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer
during the ...)
NOT-FOR-US: Qualcomm
-CVE-2023-22666
- RESERVED
+CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with
modified ...)
+ TODO: check
CVE-2023-0094
RESERVED
CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through
1.65.0 are ...)
@@ -42561,8 +42890,8 @@ CVE-2023-21711
RESERVED
CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21709
- RESERVED
+CVE-2023-21709 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-21708 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability)
@@ -44417,26 +44746,26 @@ CVE-2023-21654
RESERVED
CVE-2023-21653
RESERVED
-CVE-2023-21652
- RESERVED
-CVE-2023-21651
- RESERVED
-CVE-2023-21650
- RESERVED
-CVE-2023-21649
- RESERVED
-CVE-2023-21648
- RESERVED
-CVE-2023-21647
- RESERVED
+CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to
encrypt/decrypt in ...)
+ TODO: check
+CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or
cast in ...)
+ TODO: check
+CVE-2023-21650 (Memory Corruption in GPS HLOS Driver when injectFdclData
receives data ...)
+ TODO: check
+CVE-2023-21649 (Memory corruption in WLAN while running doDriverCmd for an
unspecific ...)
+ TODO: check
+CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.)
+ TODO: check
+CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is
received du ...)
+ TODO: check
CVE-2023-21646
RESERVED
CVE-2023-21645
RESERVED
CVE-2023-21644
RESERVED
-CVE-2023-21643
- RESERVED
+CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in
automotive d ...)
+ TODO: check
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system
privile ...)
NOT-FOR-US: Qualcomm
CVE-2023-21641 (An app with non-privileged access can change global system
brightness ...)
@@ -44467,12 +44796,12 @@ CVE-2023-21629 (Memory Corruption in Modem due to
double free while parsing the
NOT-FOR-US: Qualcomm
CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command
or FTM ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21627
- RESERVED
-CVE-2023-21626
- RESERVED
-CVE-2023-21625
- RESERVED
+CVE-2023-21627 (Memory corruption in Trusted Execution Environment while
calling servi ...)
+ TODO: check
+CVE-2023-21626 (Cryptographic issue in HLOS due to improper authentication
while perfo ...)
+ TODO: check
+CVE-2023-21625 (Information disclosure in Network Services due to buffer
over-read whi ...)
+ TODO: check
CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic
module.)
NOT-FOR-US: Qualcomm
CVE-2022-46750
@@ -46884,7 +47213,7 @@ CVE-2022-45939 (GNU Emacs through 28.2 allows attackers
to execute commands via
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies
microeisbss th ...)
NOT-FOR-US: Comcast Defined Technologies microeisbss
-CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series
(BACnet) (All ...)
+CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Siemens
CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector
(All ver ...)
NOT-FOR-US: Siemens
@@ -47201,8 +47530,8 @@ CVE-2022-45823 (Cross-Site Request Forgery (CSRF)
vulnerability in GalleryPlugin
NOT-FOR-US: WordPress plugin
CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking
Calenda ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45821
- RESERVED
+CVE-2022-45821 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2022-45820 (SQL Injection (SQLi) vulnerability inLearnPress \u2013
WordPress LMS P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45819
@@ -54057,14 +54386,14 @@ CVE-2023-20591
RESERVED
CVE-2023-20590
RESERVED
-CVE-2023-20589
- RESERVED
-CVE-2023-20588
- RESERVED
+CVE-2023-20589 (An attacker with specialized hardware and physical access to
an impact ...)
+ TODO: check
+CVE-2023-20588 (A division-by-zero error on some AMD processors can
potentially return ...)
+ TODO: check
CVE-2023-20587
RESERVED
-CVE-2023-20586
- RESERVED
+CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122
Software Crimso ...)
+ TODO: check
CVE-2023-20585
RESERVED
CVE-2023-20584
@@ -54097,8 +54426,7 @@ CVE-2023-20571
RESERVED
CVE-2023-20570
RESERVED
-CVE-2023-20569
- RESERVED
+CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow
an atta ...)
- amd64-microcode 3.20230719.1
[bookworm] - amd64-microcode 3.20230719.1~deb12u1
[bullseye] - amd64-microcode 3.20230719.1~deb11u1
@@ -54124,10 +54452,10 @@ CVE-2023-20564
RESERVED
CVE-2023-20563
RESERVED
-CVE-2023-20562
- RESERVED
-CVE-2023-20561
- RESERVED
+CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control)
input buff ...)
+ TODO: check
+CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control)
input buff ...)
+ TODO: check
CVE-2023-20560
RESERVED
CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may
allow a ...)
@@ -54136,10 +54464,10 @@ CVE-2023-20558 (Insufficient control flow management
in AmdCpmOemSmm may allow a
NOT-FOR-US: AMD
CVE-2023-20557
RESERVED
-CVE-2023-20556
- RESERVED
-CVE-2023-20555
- RESERVED
+CVE-2023-20556 (Insufficient validation of the IOCTL (Input Output Control)
input buff ...)
+ TODO: check
+CVE-2023-20555 (Insufficient input validation in CpmDisplayFeatureSmm may
allow an att ...)
+ TODO: check
CVE-2023-20554
RESERVED
CVE-2023-20553
@@ -64865,8 +65193,8 @@ CVE-2022-40512 (Transient DOS in WLAN Firmware due to
buffer over-read while pro
NOT-FOR-US: Snapdragon
CVE-2022-40511
RESERVED
-CVE-2022-40510
- RESERVED
+CVE-2022-40510 (Memory corruption due to buffer copy without checking size of
input in ...)
+ TODO: check
CVE-2022-40509
RESERVED
CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while
processing con ...)
@@ -68468,8 +68796,8 @@ CVE-2022-39064 (An attacker sending a single malformed
IEEE 802.15.4 (Zigbee) fr
NOT-FOR-US: Ikea
CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment
Request, it sto ...)
NOT-FOR-US: Open5GS UPF
-CVE-2022-39062
- RESERVED
+CVE-2022-39062 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
+ TODO: check
CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a
vulnerability of Out ...)
NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a
vulnerability of imp ...)
@@ -136371,8 +136699,8 @@ CVE-2021-41546 (A vulnerability has been identified
in RUGGEDCOM ROX MX5000 (All
NOT-FOR-US: Siemens
CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All
versions < V01 ...)
NOT-FOR-US: Siemens
-CVE-2021-41544
- RESERVED
+CVE-2021-41544 (A vulnerability has been identified in Siemens Software Center
(All ve ...)
+ TODO: check
CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
NOT-FOR-US: Siemens
CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
@@ -177136,7 +177464,7 @@ CVE-2021-3190 (The async-git package before 1.13.2
for Node.js allows OS Command
NOT-FOR-US: Node async-git
CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All
versions ...)
NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
+CVE-2021-25677 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224
(V6.3), SCALAN ...)
NOT-FOR-US: Siemens
@@ -199801,7 +200129,7 @@ CVE-2020-28390 (A vulnerability has been identified
in Opcenter Execution Core (
NOT-FOR-US: Siemens
CVE-2020-28389
RESERVED
-CVE-2020-28388 (A vulnerability has been identified in APOGEE PXC Series
(BACnet) (All ...)
+CVE-2020-28388 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Siemens
CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
@@ -203372,11 +203700,11 @@ CVE-2020-27739 (A Weak Session Management
vulnerability in Citadel WebCit throug
- webcit <removed> (bug #973385)
[buster] - webcit <ignored> (Minor issue)
[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
+CVE-2020-27738 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
+CVE-2020-27737 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
+CVE-2020-27736 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary
IFRAME ele ...)
NOT-FOR-US: Wing FTP
@@ -205454,7 +205782,7 @@ CVE-2020-27011
RESERVED
CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro
InterScan We ...)
NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All
versions < V5. ...)
+CVE-2020-27009 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions <
V13.1.0.1 ...)
NOT-FOR-US: JT2Go
@@ -230628,7 +230956,7 @@ CVE-2020-15797 (A vulnerability has been identified
in DCA Vantage Analyzer (All
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open
Controlle ...)
NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All
versions < V5. ...)
+CVE-2020-15795 (A vulnerability has been identified in APOGEE PXC Compact
(BACnet) (Al ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All
versions). ...)
NOT-FOR-US: Desigo Insight
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200a1cd6bfde7ec6ac01a3594afcd4f05fc31373
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200a1cd6bfde7ec6ac01a3594afcd4f05fc31373
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
