Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f94b4b62 by Moritz Muehlenhoff at 2023-05-09T11:26:48+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -15,7 +15,7 @@ CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.) - TODO: check + NOT-FOR-US: jsreport CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...) NOT-FOR-US: Strikingly CMS CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) @@ -27,7 +27,8 @@ CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are a CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) NOT-FOR-US: OpenEMR CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2023-2565 (A vulnerability has been found in SourceCodester Multi Language Hotel ...) NOT-FOR-US: SourceCodester Multi Language Hotel Management Software CVE-2023-2564 (OS Command Injection in GitHub repository sbs20/scanservjs prior to v2 ...) @@ -759,9 +760,9 @@ CVE-2023-31143 CVE-2023-31142 RESERVED CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...) - TODO: check + NOT-FOR-US: OpenSearch CVE-2023-31140 (OpenProject is open source project management software. Starting with ...) - TODO: check + NOT-FOR-US: OpenProject CVE-2023-31139 RESERVED CVE-2023-31138 @@ -787,11 +788,11 @@ CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be tr CVE-2023-31128 RESERVED CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...) - TODO: check + NOT-FOR-US: libspdm CVE-2023-31126 RESERVED CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...) - TODO: check + NOT-FOR-US: Engine.IO CVE-2023-31124 RESERVED CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...) @@ -1059,7 +1060,7 @@ CVE-2023-31040 CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: SourceCodester CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms allows at ...) - TODO: check + NOT-FOR-US: Apache bRPC CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send log mess ...) TODO: check CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been declared as ...) @@ -1653,7 +1654,7 @@ CVE-2023-30842 CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning integration ...) NOT-FOR-US: Baremetal Operator (BMO) CVE-2023-30840 (Fluid is an open source Kubernetes-native distributed dataset orchestr ...) - TODO: check + NOT-FOR-US: Fluid CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...) NOT-FOR-US: PrestaShop CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) @@ -2087,15 +2088,15 @@ CVE-2023-30746 CVE-2023-30745 RESERVED CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-30742 (SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4F ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Business Int ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-30739 RESERVED CVE-2023-30738 @@ -2722,7 +2723,7 @@ CVE-2023-30553 (Archery is an open source SQL audit platform. The Archery projec CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30551 (Rekor is an open source software supply chain transparency log. Rekor ...) - TODO: check + NOT-FOR-US: Rekor CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...) NOT-FOR-US: MeterSphere CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...) @@ -3347,7 +3348,7 @@ CVE-2023-30336 CVE-2023-30335 RESERVED CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...) - TODO: check + NOT-FOR-US: AsmBB CVE-2023-30333 RESERVED CVE-2023-30332 @@ -3545,7 +3546,7 @@ CVE-2023-30239 CVE-2023-30238 RESERVED CVE-2023-30237 (CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to co ...) - TODO: check + NOT-FOR-US: CyberGhostVPN CVE-2023-30236 RESERVED CVE-2023-30235 @@ -6050,7 +6051,7 @@ CVE-2023-29249 CVE-2023-29248 RESERVED CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored XSS.Thi ...) - TODO: check + - airflow <itp> (bug #819700) CVE-2023-29246 RESERVED CVE-2023-29239 @@ -6279,7 +6280,7 @@ CVE-2023-29190 CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, ...) NOT-FOR-US: SAP CVE-2023-29188 (SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4 ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...) NOT-FOR-US: SAP CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...) @@ -6560,7 +6561,7 @@ CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cro CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Akbim Computer Panon CVE-2023-29092 (An issue was discovered in Exynos Mobile Processor and Modem for Exyno ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) @@ -7753,11 +7754,11 @@ CVE-2023-XXXX [RUSTSEC-2022-0092] CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...) NOT-FOR-US: SAP CVE-2023-28764 (SAP BusinessObjects Platform - versions 420, 430, Information design t ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) NOT-FOR-US: SAP CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthenticated at ...) NOT-FOR-US: SAP CVE-2023-28760 @@ -9676,9 +9677,9 @@ CVE-2023-28203 CVE-2023-28202 RESERVED CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28199 RESERVED CVE-2023-28198 @@ -9690,17 +9691,17 @@ CVE-2023-28196 CVE-2023-28195 RESERVED CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28193 RESERVED CVE-2023-28192 (A permissions issue was addressed with improved validation. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28191 RESERVED CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more secur ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28188 RESERVED CVE-2023-28187 @@ -9714,15 +9715,15 @@ CVE-2023-28184 CVE-2023-28183 RESERVED CVE-2023-28182 (The issue was addressed with improved authentication. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28181 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28180 (A denial-of-service issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28179 RESERVED CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28177 RESERVED - firefox 111.0-1 @@ -9865,49 +9866,49 @@ CVE-2022-48391 CVE-2022-48390 RESERVED CVE-2022-48389 (In modem control device, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48388 (In powerEx service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48387 (the apipe driver, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48386 (the apipe driver, there is a possible use after free due to a logic er ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48385 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48384 (In srtd service, there is a possible missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48383 (.In srtd service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48382 (In log service, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48381 (In modem control device, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48380 (In modem control device, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48379 (In dialer service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48378 (In engineermode service, there is a possible missing permission check. ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48377 (In dialer service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48376 (In dialer service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48375 (In contacts service, there is a possible missing permission check. Thi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48374 (In tee service, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48373 (In tee service, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48372 (In bootcp service, there is a possible out of bounds write due to a mi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48371 (In dialer service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48370 (In dialer service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48369 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48368 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-1360 (A vulnerability was found in SourceCodester Employee Payslip Generator ...) NOT-FOR-US: SourceCodester Employee Payslip Generator with Sending Mail CVE-2023-1359 (A vulnerability has been found in SourceCodester Gadget Works Online O ...) @@ -10503,97 +10504,97 @@ CVE-2014-125093 (A vulnerability has been found in Ad Blocking Detector Plugin u CVE-2013-10020 (A vulnerability, which was classified as problematic, was found in MMD ...) NOT-FOR-US: MMDeveloper CVE-2023-27970 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27969 (A use after free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27968 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27967 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27966 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27965 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27964 RESERVED CVE-2023-27963 (The issue was addressed with additional permissions checks. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27962 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27961 (Multiple validation issues were addressed with improved input sanitiza ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27960 (This issue was addressed by removing the vulnerable code. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27959 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27958 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27957 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27956 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27955 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27954 (The issue was addressed by removing origin information. This issue is ...) {DSA-5397-1 DSA-5396-1} - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-27953 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27952 (A race condition was addressed with improved locking. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27950 RESERVED CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27948 RESERVED CVE-2023-27947 RESERVED CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27945 (This issue was addressed with improved entitlements. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27944 (This issue was addressed with a new entitlement. This issue is fixed i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27943 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27942 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27941 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27940 RESERVED CVE-2023-27939 RESERVED CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27937 (An integer overflow was addressed with improved input validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27936 (An out-of-bounds write issue was addressed with improved input validat ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27935 (The issue was addressed with improved bounds checks. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27934 (A memory initialization issue was addressed. This issue is fixed in ma ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27933 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27932 (This issue was addressed with improved state management. This issue is ...) {DSA-5397-1 DSA-5396-1} - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27930 RESERVED CVE-2023-27929 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-27928 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-1276 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SUL1SS_shop CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester ...) @@ -12515,7 +12516,7 @@ CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1) CVE-2023-1094 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) - TODO: check + NOT-FOR-US: MonicaHQ CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...) @@ -14327,7 +14328,7 @@ CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpa NOTE: https://lkml.org/lkml/2023/2/20/128 NOTE: NTFS3 driver not enabled in Debian. CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) - TODO: check + NOT-FOR-US: MonicaHQ CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) NOT-FOR-US: SourceCodester Online BoatReservation System CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) @@ -16631,7 +16632,7 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-D NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3 NOTE: https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7 CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Software Fou ...) - TODO: check + - airflow <itp> (bug #819700) CVE-2023-25753 RESERVED CVE-2023-25752 @@ -20504,11 +20505,11 @@ CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with b CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...) NOT-FOR-US: Baicells CVE-2023-24507 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Insecure File Upload -Vulnerab ...) - TODO: check + NOT-FOR-US: AgilePoint CVE-2023-24506 (Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through a ...) - TODO: check + NOT-FOR-US: Milesight CVE-2023-24505 (Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive informati ...) - TODO: check + NOT-FOR-US: Milesight CVE-2023-24504 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) NOT-FOR-US: Electra Central CVE-2023-24503 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) @@ -20905,7 +20906,7 @@ CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...) NOT-FOR-US: WordPress plugin CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Nico ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24375 RESERVED CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -22129,7 +22130,7 @@ CVE-2023-23896 CVE-2023-23895 RESERVED CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23893 RESERVED CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -22191,7 +22192,7 @@ CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plug CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...) NOT-FOR-US: WordPress plugin CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23862 RESERVED CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...) @@ -23370,29 +23371,29 @@ CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1 CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are vulnerable to co ...) NOT-FOR-US: Control By Web X-600M devices CVE-2023-23543 (The issue was addressed with additional restrictions on the observabil ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23542 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23541 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23540 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23539 RESERVED CVE-2023-23538 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23537 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23536 (The issue was addressed with improved bounds checks. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23535 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23534 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23533 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23532 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23531 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23530 (The issue was addressed with improved memory handling. This issue is f ...) @@ -23403,17 +23404,17 @@ CVE-2023-23529 (A type confusion issue was addressed with improved checks. This - wpewebkit 2.38.5-1 NOTE: https://webkitgtk.org/security/WSA-2023-0002.html CVE-2023-23528 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23527 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23526 (This was addressed with additional checks by Gatekeeper on files downl ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23525 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23524 (A denial-of-service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2023-23523 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23522 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-23521 @@ -23477,7 +23478,7 @@ CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixe CVE-2023-23495 RESERVED CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14. ...) @@ -25556,45 +25557,45 @@ CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...) NOT-FOR-US: Kaltura CVE-2022-48250 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48249 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48248 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48247 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48246 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48245 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48244 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48243 (In audio service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48242 (In telephony service, there is a possible missing permission check. Th ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48241 (In telephony service, there is a possible missing permission check. Th ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48240 (In camera driver, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48239 (In camera driver, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48238 (In Image filter, there is a possible out of bounds write due to a miss ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48237 (In Image filter, there is a possible out of bounds write due to a miss ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48236 (In MP3 encoder, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48235 (In MP3 encoder, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48234 (In FM service , there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48233 (In FM service , there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48232 (In FM service , there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48231 (In soter service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...) NOT-FOR-US: Huawei CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...) @@ -25815,7 +25816,7 @@ CVE-2023-22815 CVE-2023-22814 RESERVED CVE-2023-22813 (A device API endpoint was missing access controls onWestern Digital My ...) - TODO: check + NOT-FOR-US: Western Digital CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 ...) NOT-FOR-US: SanDisk PrivateAccess CVE-2023-22811 @@ -25928,31 +25929,31 @@ CVE-2023-22792 (A regular expression based DoS vulnerability in Action Dispatch NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115 NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable) CVE-2023-22791 (A vulnerability exists in Aruba InstantOS and ArubaOS 10where an edge- ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22790 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22789 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22788 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22787 (An unauthenticated Denial of Service (DoS) vulnerability exists in a s ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22786 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22785 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22784 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22783 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22782 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22781 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22780 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22779 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could allow an ...) NOT-FOR-US: Aruba CVE-2023-22777 (An authenticated information disclosure vulnerability exists in the Ar ...) @@ -26108,7 +26109,7 @@ CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-22711 RESERVED CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22709 RESERVED CVE-2023-22708 @@ -30848,7 +30849,7 @@ CVE-2022-4539 CVE-2022-4538 RESERVED CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4536 RESERVED CVE-2022-4535 @@ -30914,35 +30915,35 @@ CVE-2022-47501 (Arbitrary file reading vulnerability in Apache Software Foundati CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...) NOT-FOR-US: Apache Helix CVE-2022-47499 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47498 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47497 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47496 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47495 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47494 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47493 (In soter service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47492 (In soter service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47491 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47490 (In soter service, there is a possible missing permission check. This c ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47489 (In soter service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47488 (In spipe drive, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47487 (In thermal service, there is a possible out of bounds write due to a m ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47486 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47485 (In modem control device, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...) @@ -30972,9 +30973,9 @@ CVE-2022-47472 (In telephony service, there is a missing permission check. This CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47470 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47469 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...) @@ -31617,7 +31618,7 @@ CVE-2022-47342 (In engineermode services, there is a missing permission check. T CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47340 (In h265 codec firmware, there is a possible out of bounds write due to ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...) NOT-FOR-US: Unisoc CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...) @@ -31629,7 +31630,7 @@ CVE-2022-47336 (In telecom service, there is a missing permission check. This co CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47334 (In phasecheck server, there is a possible out of bounds read due to a ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...) @@ -33360,7 +33361,7 @@ CVE-2022-46722 CVE-2022-46721 RESERVED CVE-2022-46720 (An integer overflow was addressed with improved input validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-46719 REJECTED CVE-2022-46718 @@ -39290,7 +39291,7 @@ CVE-2023-21406 CVE-2023-21405 RESERVED CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...) - TODO: check + NOT-FOR-US: AXIS OS CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...) NOT-FOR-US: KNIME CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...) @@ -41293,7 +41294,7 @@ CVE-2022-44435 (In messaging service, there is a missing permission check. This CVE-2022-44434 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44433 (In phoneEx service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This could l ...) @@ -41319,9 +41320,9 @@ CVE-2022-44422 (In music service, there is a missing permission check. This coul CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-44420 (In modem, there is a possible missing verification of HashMME value in ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-44419 (In modem, there is a possible missing verification of NAS Security Mod ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mia-Med CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -57066,7 +57067,7 @@ CVE-2022-39091 (In power management service, there is a missing permission check CVE-2022-39090 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39089 (In mlog service, there is a possible out of bounds read due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-39088 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39087 (In network service, there is a missing permission check. This could le ...) @@ -58407,7 +58408,7 @@ CVE-2022-38687 (In messaging service, there is a missing permission check. This CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38685 (In bluetooth service, there is a possible missing permission check. Th ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94b4b62c7a4b1e752b392533b558741557fb897 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94b4b62c7a4b1e752b392533b558741557fb897 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits