Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76a72507 by Salvatore Bonaccorso at 2023-09-06T22:14:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -468,49 +468,49 @@ CVE-2023-39919 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
SAASPROJ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0
allows a r ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Molongui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39162 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
XLPlugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38574 (Open redirect vulnerability in VI Web Client prior to 7.9.6
allows a r ...)
- TODO: check
+ NOT-FOR-US: VI Web Client
CVE-2023-38569 (Stored cross-site scripting vulnerability in SHIRASAGI prior
to v1.18. ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-37393 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Atar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36492 (Reflected cross-site scripting vulnerability in SHIRASAGI
prior to v1. ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jeff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic
(becaus ...)
TODO: check
CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an
integer ...)
- TODO: check
+ NOT-FOR-US: ZPLGFA
CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to
bypass IP res ...)
NOT-FOR-US: IBM
CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is
vulnerab ...)
NOT-FOR-US: IBM
CVE-2023-33021 (Memory corruption in Graphics while processing user packets
for comman ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like
channel out o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33019 (Transient DOS in WLAN Host while doing channel switch
announcement (CS ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33016 (Transient DOS in WLAN firmware while parsing MLO (multi-link
operation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of
a recei ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External
Authentication Ser ...)
NOT-FOR-US: IBM
CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kangu pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand
WordPress th ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-41164
- python-django 3:3.2.21-1 (bug #1051226)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
@@ -15464,7 +15464,7 @@ CVE-2023-31222 (Deserialization of untrusted datain
Microsoft Messaging Queuing
CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rans ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WP-EXPER ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31219
RESERVED
CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site
Scripti ...)
@@ -17042,55 +17042,55 @@ CVE-2023-30732
CVE-2023-30731
RESERVED
CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to
versions 11 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to
version 6.1. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30727
RESERVED
CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to
version 14 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery
prior to v ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30723 (Improper input validation vulnerability in Samsung Health
prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung
Blockchai ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30721 (Insertion of sensitive information into log vulnerability in
Locksetti ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR
Sep-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30719 (Exposure of Sensitive Information vulnerability in
InboundSmsHandler p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30718 (Improper export of android application components
vulnerability in Wif ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR
Sep-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR
Sep-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30714 (Improper authorization vulnerability in
FolderContainerDragDelegate in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30713 (Improper privilege management vulnerability in
FolderLockNotifier in O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR
Sep-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR
SEP-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to
SMR Sep-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR
Sep-2023 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30707 (Improper input validation vulnerability in
FileProviderStatusReceiver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR
Sep-2023 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior
to vers ...)
NOT-FOR-US: Samsung
CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior
to vers ...)
@@ -17909,13 +17909,13 @@ CVE-2023-30499 (Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Fo
CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
CodeFlav ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Simon Ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30496
RESERVED
CVE-2023-30495
RESERVED
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ImageRec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30493
RESERVED
CVE-2023-30492
@@ -17933,7 +17933,7 @@ CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Th
CVE-2023-30486
RESERVED
CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Solwin I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress
Enable Acces ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kiboko L ...)
@@ -20505,7 +20505,7 @@ CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus
before 14105, ServiceDesk Plu
CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows
proxy.html ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Robert H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29440
RESERVED
CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
FooPlugi ...)
@@ -23660,13 +23660,13 @@ CVE-2023-28586
CVE-2023-28585
RESERVED
CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives
invalid chan ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28583
RESERVED
CVE-2023-28582
RESERVED
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK
Keys in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28580
RESERVED
CVE-2023-28579
@@ -23682,7 +23682,7 @@ CVE-2023-28575 (The cam_get_device_priv function does
not check the type of hand
CVE-2023-28574
RESERVED
CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command
parameters.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28572
RESERVED
CVE-2023-28571
@@ -23694,27 +23694,27 @@ CVE-2023-28569
CVE-2023-28568
RESERVED
CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through
WMI inter ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28566
RESERVED
CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams
through W ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters
through ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28563
RESERVED
CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28561 (Memory corruption in QESL while processing payload from
external ESL d ...)
NOT-FOR-US: Qualcomm
CVE-2023-28560 (Memory corruption in WLAN HAL while processing devIndex from
untrusted ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28559 (Memory corruption in WLAN FW while processing command
parameters from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx
status ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28557 (Memory corruption in WLAN HAL while processing command
parameters from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28556
RESERVED
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media
codec d ...)
@@ -23730,9 +23730,9 @@ CVE-2023-28551
CVE-2023-28550
RESERVED
CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in
processing TL ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands
from QDA ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28547
RESERVED
CVE-2023-28546
@@ -23740,9 +23740,9 @@ CVE-2023-28546
CVE-2023-28545
RESERVED
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from
HLOS to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library
due to o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status
information.)
NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer
release ev ...)
@@ -23752,7 +23752,7 @@ CVE-2023-28540
CVE-2023-28539
RESERVED
CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module
in Audi ...)
NOT-FOR-US: Qualcomm
CVE-2023-28536
@@ -25454,7 +25454,7 @@ CVE-2023-28074
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A
locally ...)
NOT-FOR-US: Dell
CVE-2023-28072 (Dell Alienware Command Center, versions prior to 5.5.51.0,
contain a d ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update
versions 4.9. ...)
NOT-FOR-US: Dell
CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and
prior, con ...)
@@ -33338,7 +33338,7 @@ CVE-2023-25467 (Cross-Site Request Forgery (CSRF)
vulnerability in Daniel Mores,
CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Mahlamus ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Stre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25463
@@ -49015,17 +49015,17 @@ CVE-2023-21669 (Information Disclosure in WLAN HOST
while sending DPP action fra
CVE-2023-21668
RESERVED
CVE-2023-21667 (Transient DOS in Bluetooth HOST while passing descriptor to
validate t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer
allocated throu ...)
NOT-FOR-US: Qualcomm
CVE-2023-21665 (Memory corruption in Graphics while importing a file.)
NOT-FOR-US: Qualcomm
CVE-2023-21664 (Memory Corruption in Core Platform while printing the response
buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21663 (Memory Corruption while accessing metadata in Display.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21662 (Memory corruption in Core Platform while printing the response
buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response
frame.)
NOT-FOR-US: Qualcomm
CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information
Elements.)
@@ -49039,11 +49039,11 @@ CVE-2023-21657 (Memoru corruption in Audio when ADSP
sends input during record u
CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event
from firmw ...)
NOT-FOR-US: Qualcomm
CVE-2023-21655 (Memory corruption in Audio while validating and mapping
metadata.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21654 (Memory corruption in Audio during playback session with audio
effects ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21653 (Transient DOS in Modem while processing RRC reconfiguration
message.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to
encrypt/decrypt in ...)
NOT-FOR-US: Qualcomm
CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or
cast in ...)
@@ -49057,11 +49057,11 @@ CVE-2023-21648 (Memory corruption in RIL while trying
to send apdu packet.)
CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is
received du ...)
NOT-FOR-US: Qualcomm
CVE-2023-21646 (Transient DOS in Modem while processing invalid System
Information Blo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21645
RESERVED
CVE-2023-21644 (Memory corruption in RIL due to Integer Overflow while
triggering qcri ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in
automotive d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system
privile ...)
@@ -49077,7 +49077,7 @@ CVE-2023-21638 (Memory corruption in Video while
calling APIs with different ins
CVE-2023-21637 (Memory corruption in Linux while calling system configuration
APIs.)
NOT-FOR-US: Qualcomm
CVE-2023-21636 (Memory Corruption due to improper validation of array index in
Linux w ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when
sim gets d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21634
@@ -66296,7 +66296,7 @@ CVE-2022-41765 (An issue was discovered in MediaWiki
before 1.35.8, 1.36.x and 1
CVE-2022-41764
RESERVED
CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code
Execution exi ...)
- TODO: check
+ NOT-FOR-US: NOKIA AMS
CVE-2022-41762
RESERVED
CVE-2022-41761
@@ -69574,7 +69574,7 @@ CVE-2022-40536 (Transient DOS due to improper
authentication in modem while rece
CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a
packet t ...)
NOT-FOR-US: Qualcomm
CVE-2022-40534 (Memory corruption due to improper validation of array index in
Audio.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core
while sendi ...)
NOT-FOR-US: Qualcomm
CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in
WLAN while ...)
@@ -69594,7 +69594,7 @@ CVE-2022-40526
CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to
unauthorize ...)
NOT-FOR-US: Qualcomm
CVE-2022-40524 (Memory corruption due to buffer over-read in Modem while
processing Se ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40523 (Information disclosure in Kernel due to indirect branch
misprediction.)
NOT-FOR-US: Qualcomm
CVE-2022-40522 (Memory corruption in Linux Networking due to double free while
handlin ...)
@@ -89417,7 +89417,7 @@ CVE-2022-33277 (Memory corruption in modem due to
buffer copy without checking s
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of
input in ...)
NOT-FOR-US: Qualcomm
CVE-2022-33275 (Memory corruption due to improper validation of array index in
WLAN HA ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33274 (Memory corruption in android core due to improper validation
of array ...)
NOT-FOR-US: Qualcomm
CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted
Execution En ...)
@@ -89527,7 +89527,7 @@ CVE-2022-33222 (Information disclosure due to buffer
over-read while parsing DNS
CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to
buffer ...)
NOT-FOR-US: Qualcomm
CVE-2022-33220 (Information disclosure in Automotive multimedia due to buffer
over-rea ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to
buffer over ...)
NOT-FOR-US: Qualcomm
CVE-2022-33218 (Memory corruption in Automotive due to improper input
validation.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a725073f633530e836edde733d123241718878
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a725073f633530e836edde733d123241718878
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
