Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 76a72507 by Salvatore Bonaccorso at 2023-09-06T22:14:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -468,49 +468,49 @@ CVE-2023-39919 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJ ...) NOT-FOR-US: WordPress plugin CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a r ...) - TODO: check + NOT-FOR-US: SHIRASAGI CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-39162 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38574 (Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a r ...) - TODO: check + NOT-FOR-US: VI Web Client CVE-2023-38569 (Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18. ...) - TODO: check + NOT-FOR-US: SHIRASAGI CVE-2023-37393 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36492 (Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1. ...) - TODO: check + NOT-FOR-US: SHIRASAGI CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...) TODO: check CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer ...) - TODO: check + NOT-FOR-US: ZPLGFA CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP res ...) NOT-FOR-US: IBM CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...) NOT-FOR-US: IBM CVE-2023-33021 (Memory corruption in Graphics while processing user packets for comman ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like channel out o ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33019 (Transient DOS in WLAN Host while doing channel switch announcement (CS ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33016 (Transient DOS in WLAN firmware while parsing MLO (multi-link operation ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of a recei ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External Authentication Ser ...) NOT-FOR-US: IBM CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu pa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-41164 - python-django 3:3.2.21-1 (bug #1051226) NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1 @@ -15464,7 +15464,7 @@ CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...) NOT-FOR-US: WordPress plugin CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPER ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31219 RESERVED CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) @@ -17042,55 +17042,55 @@ CVE-2023-30732 CVE-2023-30731 RESERVED CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30727 RESERVED CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery prior to v ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30723 (Improper input validation vulnerability in Samsung Health prior to ver ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchai ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30721 (Insertion of sensitive information into log vulnerability in Locksetti ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30719 (Exposure of Sensitive Information vulnerability in InboundSmsHandler p ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30718 (Improper export of android application components vulnerability in Wif ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior to SMR ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR Sep-202 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR Sep-2023 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30714 (Improper authorization vulnerability in FolderContainerDragDelegate in ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30713 (Improper privilege management vulnerability in FolderLockNotifier in O ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR Sep-202 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR SEP-2023 Re ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to SMR Sep-20 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR Sep-2023 Releas ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30707 (Improper input validation vulnerability in FileProviderStatusReceiver ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Relea ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...) NOT-FOR-US: Samsung CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...) @@ -17909,13 +17909,13 @@ CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fo CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...) NOT-FOR-US: WordPress Plugin CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30496 RESERVED CVE-2023-30495 RESERVED CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30493 RESERVED CVE-2023-30492 @@ -17933,7 +17933,7 @@ CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Th CVE-2023-30486 RESERVED CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...) NOT-FOR-US: WordPress plugin CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...) @@ -20505,7 +20505,7 @@ CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plu CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29440 RESERVED CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) @@ -23660,13 +23660,13 @@ CVE-2023-28586 CVE-2023-28585 RESERVED CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28583 RESERVED CVE-2023-28582 RESERVED CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28580 RESERVED CVE-2023-28579 @@ -23682,7 +23682,7 @@ CVE-2023-28575 (The cam_get_device_priv function does not check the type of hand CVE-2023-28574 RESERVED CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28572 RESERVED CVE-2023-28571 @@ -23694,27 +23694,27 @@ CVE-2023-28569 CVE-2023-28568 RESERVED CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28566 RESERVED CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28563 RESERVED CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...) NOT-FOR-US: Qualcomm CVE-2023-28560 (Memory corruption in WLAN HAL while processing devIndex from untrusted ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28559 (Memory corruption in WLAN FW while processing command parameters from ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx status ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28556 RESERVED CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...) @@ -23730,9 +23730,9 @@ CVE-2023-28551 CVE-2023-28550 RESERVED CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in processing TL ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28547 RESERVED CVE-2023-28546 @@ -23740,9 +23740,9 @@ CVE-2023-28546 CVE-2023-28545 RESERVED CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.) NOT-FOR-US: Qualcomm CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) @@ -23752,7 +23752,7 @@ CVE-2023-28540 CVE-2023-28539 RESERVED CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...) NOT-FOR-US: Qualcomm CVE-2023-28536 @@ -25454,7 +25454,7 @@ CVE-2023-28074 CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...) NOT-FOR-US: Dell CVE-2023-28072 (Dell Alienware Command Center, versions prior to 5.5.51.0, contain a d ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...) NOT-FOR-US: Dell CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...) @@ -33338,7 +33338,7 @@ CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamus ...) NOT-FOR-US: WordPress plugin CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...) NOT-FOR-US: WordPress plugin CVE-2023-25463 @@ -49015,17 +49015,17 @@ CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action fra CVE-2023-21668 RESERVED CVE-2023-21667 (Transient DOS in Bluetooth HOST while passing descriptor to validate t ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer allocated throu ...) NOT-FOR-US: Qualcomm CVE-2023-21665 (Memory corruption in Graphics while importing a file.) NOT-FOR-US: Qualcomm CVE-2023-21664 (Memory Corruption in Core Platform while printing the response buffer ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21663 (Memory Corruption while accessing metadata in Display.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21662 (Memory corruption in Core Platform while printing the response buffer ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response frame.) NOT-FOR-US: Qualcomm CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information Elements.) @@ -49039,11 +49039,11 @@ CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record u CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event from firmw ...) NOT-FOR-US: Qualcomm CVE-2023-21655 (Memory corruption in Audio while validating and mapping metadata.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21654 (Memory corruption in Audio during playback session with audio effects ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21653 (Transient DOS in Modem while processing RRC reconfiguration message.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...) NOT-FOR-US: Qualcomm CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in ...) @@ -49057,11 +49057,11 @@ CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.) CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...) NOT-FOR-US: Qualcomm CVE-2023-21646 (Transient DOS in Modem while processing invalid System Information Blo ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21645 RESERVED CVE-2023-21644 (Memory corruption in RIL due to Integer Overflow while triggering qcri ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...) NOT-FOR-US: Qualcomm CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...) @@ -49077,7 +49077,7 @@ CVE-2023-21638 (Memory corruption in Video while calling APIs with different ins CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.) NOT-FOR-US: Qualcomm CVE-2023-21636 (Memory Corruption due to improper validation of array index in Linux w ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...) NOT-FOR-US: Qualcomm CVE-2023-21634 @@ -66296,7 +66296,7 @@ CVE-2022-41765 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1 CVE-2022-41764 RESERVED CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exi ...) - TODO: check + NOT-FOR-US: NOKIA AMS CVE-2022-41762 RESERVED CVE-2022-41761 @@ -69574,7 +69574,7 @@ CVE-2022-40536 (Transient DOS due to improper authentication in modem while rece CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...) NOT-FOR-US: Qualcomm CVE-2022-40534 (Memory corruption due to improper validation of array index in Audio.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core while sendi ...) NOT-FOR-US: Qualcomm CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in WLAN while ...) @@ -69594,7 +69594,7 @@ CVE-2022-40526 CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to unauthorize ...) NOT-FOR-US: Qualcomm CVE-2022-40524 (Memory corruption due to buffer over-read in Modem while processing Se ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40523 (Information disclosure in Kernel due to indirect branch misprediction.) NOT-FOR-US: Qualcomm CVE-2022-40522 (Memory corruption in Linux Networking due to double free while handlin ...) @@ -89417,7 +89417,7 @@ CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking s CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...) NOT-FOR-US: Qualcomm CVE-2022-33275 (Memory corruption due to improper validation of array index in WLAN HA ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...) NOT-FOR-US: Qualcomm CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted Execution En ...) @@ -89527,7 +89527,7 @@ CVE-2022-33222 (Information disclosure due to buffer over-read while parsing DNS CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to buffer ...) NOT-FOR-US: Qualcomm CVE-2022-33220 (Information disclosure in Automotive multimedia due to buffer over-rea ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...) NOT-FOR-US: Qualcomm CVE-2022-33218 (Memory corruption in Automotive due to improper input validation.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a725073f633530e836edde733d123241718878 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a725073f633530e836edde733d123241718878 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits