Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a21633b by Salvatore Bonaccorso at 2023-03-26T21:13:41+02:00
Process NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1359,7 +1359,7 @@ CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c
in the Linux kernel thro
CVE-2023-28449
RESERVED
CVE-2023-28448 (Versionize is a framework for version tolerant
serializion/deserializa ...)
- TODO: check
+ NOT-FOR-US: Versionize (firecracker-microvm / framework for version
tolerant serializion/deserialization of Rust data structures)
CVE-2023-28447
RESERVED
CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and
TypeScr ...)
@@ -14833,7 +14833,7 @@ CVE-2023-23709
CVE-2023-23708
RESERVED
CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23706
RESERVED
CVE-2023-23705
@@ -28320,13 +28320,13 @@ CVE-2022-45639 (** DISPUTED ** OS Command injection
vulnerability in sleuthkit f
CVE-2022-45638
RESERVED
CVE-2022-45637 (An insecure password reset issue discovered in MEGAFEIS, BOFEI
DBD+ Ap ...)
- TODO: check
+ NOT-FOR-US: MEGAFEIS
CVE-2022-45636 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for
IOS & ...)
- TODO: check
+ NOT-FOR-US: MEGAFEIS
CVE-2022-45635 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for
IOS & ...)
- TODO: check
+ NOT-FOR-US: MEGAFEIS
CVE-2022-45634 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for
IOS & ...)
- TODO: check
+ NOT-FOR-US: MEGAFEIS
CVE-2022-45633
RESERVED
CVE-2022-45632
@@ -30493,9 +30493,9 @@ CVE-2022-45006
CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a
command injec ...)
NOT-FOR-US: IP-COM EW9
CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: Gophish
CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of
Service ( ...)
- TODO: check
+ NOT-FOR-US: Gophish
CVE-2022-45002
RESERVED
CVE-2022-45001
@@ -31059,7 +31059,7 @@ CVE-2022-44744 (Local privilege escalation due to DLL
hijacking vulnerability. T
CVE-2022-44743
RESERVED
CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in
Yannick Le ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Creative ...)
@@ -31827,229 +31827,229 @@ CVE-2023-21081
CVE-2023-21080
RESERVED
CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21078 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21077 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21076 (In createTransmitFollowupRequest of nan.cpp, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21075 (In get_svc_hash of nan.cpp, there is a possible out of bounds
write du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21074
RESERVED
CVE-2023-21073 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21072 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21071 (In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21070 (In add_roam_cache_list of wl_roam.c, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21069 (In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21068 (In (TBD) of (TBD), there is a possible way to boot with a
hidden debug ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21067 (Product: AndroidVersions: Android kernelAndroid ID:
A-254114726Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21066
RESERVED
CVE-2023-21065 (In fdt_next_tag of fdt.c, there is a possible out of bounds
write due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21064 (In DoSetPinControl of miscservice.cpp, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21063 (In ParseWithAuthType of simdata.cpp, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21062 (In DoSetTempEcc of imsservice.cpp, there is a possible out of
bounds r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21061 (Product: AndroidVersions: Android kernelAndroid ID:
A-229255400Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21060 (In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21059 (In EUTRAN_LCS_DecodeFacilityInformationElement of
LPP_LcsManagement.c, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21058 (In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21057 (In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21056 (In lwis_slc_buffer_free of lwis_device_slc.c, there is a
possible memo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21055 (In dit_hal_ioctl of dit.c, there is a possible use after free
due to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21054 (In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21053 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21052 (In setToExternal of ril_external_client.cpp, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21051 (In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21050 (In load_png_image of ExynosHWCHelper.cpp, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21049 (In append_camera_metadata of camera_metadata.c, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21048 (In handleEvent of nan.cpp, there is a possible out of bounds
read due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21047 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21046 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21045 (When cpif handles probe failures, there is a possible out of
bounds re ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21044 (In init of VendorGraphicBufferMeta, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21043 (In (TBD) of (TBD), there is a possible way to corrupt memory
due to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21042 (In (TBD) of (TBD), there is a possible way to corrupt memory
due to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21041 (In append_to_params of param_util.c, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21040 (In buildCommand of bluetooth_ccc.cc, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21039 (In dumpstateBoard of Dumpstate.cpp, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21038 (In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21037
RESERVED
CVE-2023-21036 (In BitmapExport.java, there is a possible failure to truncate
images d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21035 (In multiple functions of BackupHelper.java, there is a
possible way fo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21034 (In multiple functions of SensorService.cpp, there is a
possible access ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21033 (In addNetwork of WifiManager.java, there is a possible way to
trigger ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21032 (In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21031 (In Display::setPowerMode of HWC2.cpp, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21030 (In Confirmation of keystore_cli_v2.cpp, there is a possible
way to cor ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21029 (In register of UidObserverController.java, there is a missing
permissi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21028 (In parse_printerAttributes of ipphelper.c, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21027 (In serializePasspointConfiguration of PasspointXmlUtils.java,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21026 (In updateInputChannel of WindowManagerService.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21025 (In ufdt_local_fixup_prop of ufdt_overlay.c, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21024 (In maybeFinish of FallbackHome.java, there is a possible delay
of lock ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21023
RESERVED
CVE-2023-21022 (In BufferBlock of Suballocation.cpp, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21021 (In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21020 (In registerSignalHandlers of main.c, there is a possible local
arbitra ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21019 (In ih264e_init_proc_ctxt of ih264e_process.c, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21018 (In UnwindingWorker of unwinding.cc, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21017 (In InstallStart of InstallStart.java, there is a possible way
to chang ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21016 (In AccountTypePreference of AccountTypePreference.java, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21015 (In getAvailabilityStatus of several Transcode Permission
Controllers, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21014 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21013 (In forceStaDisconnection of hostapd.cpp, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21012 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21011 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21010 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21009 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21008 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21007 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21006 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21005 (In getAvailabilityStatus of several Transcode Permission
Controllers, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21004 (In getAvailabilityStatus of several Transcode Permission
Controllers, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21003 (In getAvailabilityStatus of several Transcode Permission
Controllers, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21002 (In getAvailabilityStatus of several Transcode Permission
Controllers, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21001 (In onContextItemSelected of NetworkProviderSettings.java,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21000 (In MediaCodec.cpp, there is a possible use after free due to
improper ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20999 (In multiple locations, there is a possible way to trigger a
persistent ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20998 (In multiple locations, there is a possible way to trigger a
persistent ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20997 (In multiple locations, there is a possible way to trigger a
persistent ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20996 (In multiple locations, there is a possible way to trigger a
persistent ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20995 (In captureImage of CustomizedSensor.cpp, there is a possible
way to by ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20994 (In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20993 (In multiple functions of SnoozeHelper.java, there is a
possible failur ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20992 (In on_iso_link_quality_read of btm_iso_impl.h, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20991 (In btm_ble_process_periodic_adv_sync_lost_evt of
ble_scanner_hci_inter ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20990 (In btm_read_local_oob_complete of btm_sec.cc, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20989 (In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20988 (In btm_read_rssi_complete of btm_acl.cc, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20987 (In btm_read_link_quality_complete of btm_acl.cc, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20986 (In btm_ble_clear_resolving_list_complete of
btm_ble_privacy.cc, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20985 (In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20984 (In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20983 (In btm_ble_rand_enc_complete of btm_sec.cc, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20982 (In btm_read_tx_power_complete of btm_acl.cc, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20981 (In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20980 (In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20979 (In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20978
RESERVED
CVE-2023-20977 (In btm_ble_read_remote_features_complete of btm_ble_gap.cc,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20976 (In getConfirmationMessage of DefaultAutofillPicker.java, there
is a po ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20975 (In getAvailabilityStatus of
EnableContentCapturePreferenceController.j ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20974 (In btm_ble_add_resolving_list_entry_complete of
btm_ble_privacy.cc, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20973 (In btm_create_conn_cancel_complete of btm_sec.cc, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20972 (In btm_vendor_specific_evt of btm_devctl.cc, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20971 (In updatePermissionTreeSourcePackage of
PermissionManagerServiceImpl.j ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20970 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20969 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20968 (In multiple locations of p2p_iface.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20967
RESERVED
CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds
write due t ...)
@@ -35621,9 +35621,9 @@ CVE-2023-20115
CVE-2023-20114
RESERVED
CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could
allow an una ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20111
RESERVED
CVE-2023-20110
@@ -35633,7 +35633,7 @@ CVE-2023-20109
CVE-2023-20108
RESERVED
CVE-2023-20107 (A vulnerability in the deterministic random bit generator
(DRBG), also ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20106
RESERVED
CVE-2023-20105
@@ -35647,13 +35647,13 @@ CVE-2023-20102
CVE-2023-20101
RESERVED
CVE-2023-20100 (A vulnerability in the access point (AP) joining process of
the Contro ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20099
RESERVED
CVE-2023-20098
RESERVED
CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could
allow an au ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20096
RESERVED
CVE-2023-20095
@@ -35683,11 +35683,11 @@ CVE-2023-20084
CVE-2023-20083
RESERVED
CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst
9300 Serie ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20081 (A vulnerability in the IPv6 DHCP (DHCPv6) client module of
Cisco Adapt ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20080 (A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and
server f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface
of cert ...)
NOT-FOR-US: Cisco
CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface
of cert ...)
@@ -35703,7 +35703,7 @@ CVE-2023-20074
CVE-2023-20073
RESERVED
CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel
protocol ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20071
RESERVED
CVE-2023-20070
@@ -35713,11 +35713,11 @@ CVE-2023-20069 (A vulnerability in the web-based
management interface of Cisco P
CVE-2023-20068
RESERVED
CVE-2023-20067 (A vulnerability in the HTTP-based client profiling feature of
Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20066 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20065 (A vulnerability in the Cisco IOx application hosting subsystem
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for
Cisco IOS X ...)
NOT-FOR-US: Cisco's use of GRUB
CVE-2023-20063
@@ -35729,15 +35729,15 @@ CVE-2023-20061 (Multiple vulnerabilities in Cisco
Unified Intelligence Center co
CVE-2023-20060
RESERVED
CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network
Plug-and-Pl ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco
AsyncOS Softwa ...)
NOT-FOR-US: Cisco
CVE-2023-20056 (A vulnerability in the management CLI of Cisco access point
(AP) softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20055 (A vulnerability in the management API of Cisco DNA Center
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20054
RESERVED
CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco
Nexus D ...)
@@ -35780,7 +35780,7 @@ CVE-2023-20037 (A vulnerability in Cisco Industrial
Network Director could allow
CVE-2023-20036
RESERVED
CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20034
RESERVED
CVE-2023-20033
@@ -35796,11 +35796,11 @@ CVE-2023-20031
CVE-2023-20030
RESERVED
CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS
XE Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20028
RESERVED
CVE-2023-20027 (A vulnerability in the implementation of the IPv4 Virtual
Fragmentatio ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco
Small B ...)
@@ -37106,7 +37106,7 @@ CVE-2022-43463 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP
Blacklist ...)
NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-43461 (Stored Cross-Site Scripting (XSS) vulnerability in John West
Slideshow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by
CaptainFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43458
@@ -37149,7 +37149,7 @@ CVE-2022-42497 (Arbitrary Code Execution vulnerability
in Api2Cart Bridge Connec
CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One
SEO Pro ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Galax ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42479
RESERVED
CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel
Ahmed's ...)
@@ -37179,7 +37179,7 @@ CVE-2022-41840 (Unauth. Directory Traversal
vulnerability in Welcart eCommerce p
CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress
plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41831 (Auth. (contributor+) Cross-Site Scripting vulnerability in
TCBarrett W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for
WooComm ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid
plugin ...)
@@ -37191,7 +37191,7 @@ CVE-2022-41788 (Auth. (subscriber+) Cross-Site
Scripting (XSS) vulnerability in
CVE-2022-41786
RESERVED
CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability
in Gall ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite
plugin & ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41698
@@ -37207,7 +37207,7 @@ CVE-2022-41652 (Bypass vulnerability in Quiz And Survey
Master plugin <= 7.3.
CVE-2022-41619
RESERVED
CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West
Slideshow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb
Amazon Affil ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerabili ...)
@@ -37223,7 +37223,7 @@ CVE-2022-40687 (Cross-Site Request Forgery (CSRF)
vulnerability in Creative Mail
CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative
Mail plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft
Post For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38716
RESERVED
CVE-2022-38702
@@ -38739,7 +38739,7 @@ CVE-2022-42949 (Silverstripe silverstripe/subsites
through 2.6.0 has Insecure Pe
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in
releases ...)
NOT-FOR-US: Mikrotik
CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when
they are d ...)
- TODO: check
+ NOT-FOR-US: Cobalt Strike
CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk
Maya 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force
Autodesk Maya ...)
@@ -39968,7 +39968,7 @@ CVE-2022-42530 (In Pixel firmware, there is a possible
out of bounds read due to
CVE-2022-42529 (Product: AndroidVersions: Android kernelAndroid ID:
A-235292841Referen ...)
NOT-FOR-US: Android
CVE-2022-42528 (In ffa_mrd_prot of shared_mem.c, there is a possible ID due to
a logic ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42527 (In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash
due to a m ...)
NOT-FOR-US: Android
CVE-2022-42526 (In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a
possible out o ...)
@@ -40024,11 +40024,11 @@ CVE-2022-42502 (In FacilityLock::Parse of
simdata.cpp, there is a possible out o
CVE-2022-42501 (In HexString2Value of util.cpp, there is a possible out of
bounds writ ...)
NOT-FOR-US: Android
CVE-2022-42500 (In OEM_OnRequest of sced.cpp, there is a possible shell
command execut ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42499 (In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42498 (In Pixel cellular firmware, there is a possible out of bounds
write du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON
input. ...)
- haskell-aeson 2.0.3.0-1 (bug #1009678)
[bullseye] - haskell-aeson <no-dsa> (Minor issue)
@@ -42507,7 +42507,7 @@ CVE-2022-40702
CVE-2022-40700
RESERVED
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr
– ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in 3com ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in News ...)
@@ -42537,7 +42537,7 @@ CVE-2022-38456 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
CVE-2022-38141
RESERVED
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social
Login WP plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38057
RESERVED
CVE-2022-38055
@@ -50021,15 +50021,15 @@ CVE-2022-38706
CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote
attacker t ...)
NOT-FOR-US: IBM
CVE-2022-38458 (A cleartext transmission vulnerability exists in the Remote
Management ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-38394 (Use of hard-coded credentials for the telnet server of
CentreCOM AR260 ...)
NOT-FOR-US: CentreCOM AR260S
CVE-2022-38094 (OS command injection vulnerability in the telnet function of
CentreCOM ...)
NOT-FOR-US: CentreCOM AR260S
CVE-2022-37337 (A command execution vulnerability exists in the access control
functio ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-36429 (A command execution vulnerability exists in the ubus backend
communica ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-35273 (OS command injection vulnerability in GUI setting page of
CentreCOM AR ...)
NOT-FOR-US: CentreCOM AR260S
CVE-2022-34869 (Undocumented hidden command that can be executed from the
telnet funct ...)
@@ -50712,7 +50712,7 @@ CVE-2022-38472 (An attacker could have abused XSLT
error handling to associate a
CVE-2022-38471
RESERVED
CVE-2022-38452 (A command execution vulnerability exists in the hidden telnet
service ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-2920
RESERVED
CVE-2022-2919
@@ -56272,7 +56272,7 @@ CVE-2022-36415 (A DLL hijacking vulnerability exists in
the uninstaller in Scoot
CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in
the Windo ...)
NOT-FOR-US: Scooter Beyond Compare
CVE-2022-36413 (Zoho ManageEngine ADSelfService Plus through 6203 is
vulnerable to a b ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API
requests ...)
NOT-FOR-US: Zoho
CVE-2022-36411
@@ -60650,7 +60650,7 @@ CVE-2022-34155
CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth
Server plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33974
RESERVED
CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
in Osama ...)
@@ -74320,7 +74320,7 @@ CVE-2022-30039
CVE-2022-30038
RESERVED
CVE-2022-30037 (XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and
CMS PHP fi ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2022-30036 (MA Lighting grandMA2 Light has a password of root for the root
account ...)
NOT-FOR-US: MA Lighting grandMA2 Light
CVE-2022-30035
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a21633b3859934c2e1f4ef7a1825e1cb009ebee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a21633b3859934c2e1f4ef7a1825e1cb009ebee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
