Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ac887516 by security tracker role at 2023-07-04T08:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,17 @@ +CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) + TODO: check +CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...) + TODO: check +CVE-2023-3133 (The Tutor LMS WordPress plugin before 2.2.1 does not implement adequat ...) + TODO: check +CVE-2023-2333 (The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, ...) + TODO: check +CVE-2023-2324 (The Elementor Forms Google Sheet Connector WordPress plugin before 1.0 ...) + TODO: check +CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gshe ...) + TODO: check +CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...) + TODO: check CVE-2023-36813 [Multiple Authenticated SQL Injections] - kanboard 1.2.31+ds-1 (bug #1040265) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx @@ -6841,8 +6855,8 @@ CVE-2023-30992 RESERVED CVE-2023-30991 RESERVED -CVE-2023-30990 - RESERVED +CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...) + TODO: check CVE-2023-30989 RESERVED CVE-2023-30988 @@ -8483,8 +8497,8 @@ CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Polluti NOT-FOR-US: SheetJS CVE-2023-2011 RESERVED -CVE-2023-2010 - RESERVED +CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...) + TODO: check CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...) @@ -14377,10 +14391,10 @@ CVE-2023-28544 RESERVED CVE-2023-28543 RESERVED -CVE-2023-28542 - RESERVED -CVE-2023-28541 - RESERVED +CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.) + TODO: check +CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) + TODO: check CVE-2023-28540 RESERVED CVE-2023-28539 @@ -16533,8 +16547,8 @@ CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCode NOT-FOR-US: SourceCodester Phone Shop Sales Managements System CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) NOT-FOR-US: WordPress plugin -CVE-2023-1273 - RESERVED +CVE-2023-1273 (The ND Shortcodes WordPress plugin before 7.0 does not validate some s ...) + TODO: check CVE-2023-1272 RESERVED CVE-2023-1271 @@ -23597,22 +23611,21 @@ CVE-2023-25525 RESERVED CVE-2023-25524 RESERVED -CVE-2023-25523 - RESERVED -CVE-2023-25522 - RESERVED -CVE-2023-25521 - RESERVED +CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) + TODO: check +CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) + TODO: check +CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) + TODO: check CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...) TODO: check CVE-2023-25519 RESERVED CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) TODO: check -CVE-2023-25517 - RESERVED -CVE-2023-25516 - RESERVED +CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + TODO: check +CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686) [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported) - nvidia-graphics-drivers-tesla <unfixed> (bug #1039685) @@ -23636,7 +23649,7 @@ CVE-2023-25516 [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 -CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) +CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686) [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported) - nvidia-graphics-drivers-tesla <unfixed> (bug #1039685) @@ -25409,14 +25422,14 @@ CVE-2023-0601 RESERVED CVE-2023-24855 RESERVED -CVE-2023-24854 - RESERVED +CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...) + TODO: check CVE-2023-24853 RESERVED CVE-2023-24852 RESERVED -CVE-2023-24851 - RESERVED +CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...) + TODO: check CVE-2023-24850 RESERVED CVE-2023-24849 @@ -31471,8 +31484,8 @@ CVE-2023-XXXX [kodi: VideoPlayerCodec: Stop dividing by zero] NOTE: https://github.com/xbmc/xbmc/pull/22391 CVE-2023-22907 RESERVED -CVE-2023-22906 - RESERVED +CVE-2023-22906 (Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with roo ...) + TODO: check CVE-2023-22905 RESERVED CVE-2023-22904 @@ -32378,8 +32391,8 @@ CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-22668 RESERVED -CVE-2023-22667 - RESERVED +CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...) + TODO: check CVE-2023-22666 RESERVED CVE-2023-0094 @@ -34709,10 +34722,10 @@ CVE-2021-4275 (A vulnerability, which was classified as problematic, was found i NOT-FOR-US: pyambic-pentameter CVE-2023-22388 RESERVED -CVE-2023-22387 - RESERVED -CVE-2023-22386 - RESERVED +CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...) + TODO: check +CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...) + TODO: check CVE-2023-22385 RESERVED CVE-2023-22384 @@ -34777,8 +34790,8 @@ CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not vali NOT-FOR-US: WordPress plugin CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...) NOT-FOR-US: WordPress plugin -CVE-2022-4623 - RESERVED +CVE-2022-4623 (The ND Shortcodes WordPress plugin before 7.0 does not validate and es ...) + TODO: check CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) @@ -39409,8 +39422,8 @@ CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote NOT-FOR-US: CODESYS CVE-2023-21673 RESERVED -CVE-2023-21672 - RESERVED +CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...) + TODO: check CVE-2023-21671 RESERVED CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...) @@ -39471,32 +39484,32 @@ CVE-2023-21643 RESERVED CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...) NOT-FOR-US: Qualcomm -CVE-2023-21641 - RESERVED -CVE-2023-21640 - RESERVED -CVE-2023-21639 - RESERVED -CVE-2023-21638 - RESERVED -CVE-2023-21637 - RESERVED +CVE-2023-21641 (An app with non-privileged access can change global system brightness ...) + TODO: check +CVE-2023-21640 (Memory corruption in Linux when the file upload API is called with par ...) + TODO: check +CVE-2023-21639 (Memory corruption in Audio while processing sva_model_serializer using ...) + TODO: check +CVE-2023-21638 (Memory corruption in Video while calling APIs with different instance ...) + TODO: check +CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.) + TODO: check CVE-2023-21636 RESERVED -CVE-2023-21635 - RESERVED +CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...) + TODO: check CVE-2023-21634 RESERVED -CVE-2023-21633 - RESERVED +CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...) + TODO: check CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.) NOT-FOR-US: Qualcomm -CVE-2023-21631 - RESERVED +CVE-2023-21631 (Weak Configuration due to improper input validation in Modem while pro ...) + TODO: check CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflow when ...) NOT-FOR-US: Qualcomm -CVE-2023-21629 - RESERVED +CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the PKCS15 ...) + TODO: check CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...) NOT-FOR-US: Qualcomm CVE-2023-21627 @@ -39505,8 +39518,8 @@ CVE-2023-21626 RESERVED CVE-2023-21625 RESERVED -CVE-2023-21624 - RESERVED +CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.) + TODO: check CVE-2022-46750 REJECTED CVE-2022-46749 @@ -48623,26 +48636,26 @@ CVE-2023-20777 RESERVED CVE-2023-20776 RESERVED -CVE-2023-20775 - RESERVED -CVE-2023-20774 - RESERVED -CVE-2023-20773 - RESERVED -CVE-2023-20772 - RESERVED -CVE-2023-20771 - RESERVED +CVE-2023-20775 (In display, there is a possible out of bounds write due to a missing b ...) + TODO: check +CVE-2023-20774 (In display, there is a possible out of bounds read due to a missing bo ...) + TODO: check +CVE-2023-20773 (In vow, there is a possible escalation of privilege due to a missing p ...) + TODO: check +CVE-2023-20772 (In vow, there is a possible escalation of privilege due to a missing p ...) + TODO: check +CVE-2023-20771 (In display, there is a possible memory corruption due to a race condit ...) + TODO: check CVE-2023-20770 RESERVED CVE-2023-20769 RESERVED -CVE-2023-20768 - RESERVED -CVE-2023-20767 - RESERVED -CVE-2023-20766 - RESERVED +CVE-2023-20768 (In ion, there is a possible out of bounds read due to type confusion. ...) + TODO: check +CVE-2023-20767 (In pqframework, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-20766 (In gps, there is a possible out of bounds write due to a missing bound ...) + TODO: check CVE-2023-20765 RESERVED CVE-2023-20764 @@ -48651,24 +48664,24 @@ CVE-2023-20763 RESERVED CVE-2023-20762 RESERVED -CVE-2023-20761 - RESERVED -CVE-2023-20760 - RESERVED -CVE-2023-20759 - RESERVED -CVE-2023-20758 - RESERVED -CVE-2023-20757 - RESERVED -CVE-2023-20756 - RESERVED -CVE-2023-20755 - RESERVED -CVE-2023-20754 - RESERVED -CVE-2023-20753 - RESERVED +CVE-2023-20761 (In ril, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2023-20760 (In apu, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2023-20759 (In cmdq, there is a possible memory corruption due to a missing bounds ...) + TODO: check +CVE-2023-20758 (In cmdq, there is a possible memory corruption due to a missing bounds ...) + TODO: check +CVE-2023-20757 (In cmdq, there is a possible out of bounds write due to a missing boun ...) + TODO: check +CVE-2023-20756 (In keyinstall, there is a possible out of bounds write due to an integ ...) + TODO: check +CVE-2023-20755 (In keyinstall, there is a possible out of bounds write due to an integ ...) + TODO: check +CVE-2023-20754 (In keyinstall, there is a possible out of bounds write due to an integ ...) + TODO: check +CVE-2023-20753 (In rpmb, there is a possible out of bounds write due to a logic error. ...) + TODO: check CVE-2023-20752 (In keymange, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20751 (In keymange, there is a possible out of bounds write due to a missing ...) @@ -48677,8 +48690,8 @@ CVE-2023-20750 (In swpm, there is a possible out of bounds write due to a race c NOT-FOR-US: Mediatek CVE-2023-20749 (In swpm, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek -CVE-2023-20748 - RESERVED +CVE-2023-20748 (In display, there is a possible out of bounds read due to a missing bo ...) + TODO: check CVE-2023-20747 (In vcu, there is a possible memory corruption due to type confusion. T ...) NOT-FOR-US: Mediatek CVE-2023-20746 (In vcu, there is a possible out of bounds write due to improper lockin ...) @@ -48787,16 +48800,16 @@ CVE-2023-20695 (In preloader, there is a possible out of bounds write due to a m NOT-FOR-US: Mediatek CVE-2023-20694 (In preloader, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek -CVE-2023-20693 - RESERVED -CVE-2023-20692 - RESERVED -CVE-2023-20691 - RESERVED -CVE-2023-20690 - RESERVED -CVE-2023-20689 - RESERVED +CVE-2023-20693 (In wlan firmware, there is possible system crash due to an uncaught ex ...) + TODO: check +CVE-2023-20692 (In wlan firmware, there is possible system crash due to an uncaught ex ...) + TODO: check +CVE-2023-20691 (In wlan firmware, there is possible system crash due to an integer ove ...) + TODO: check +CVE-2023-20690 (In wlan firmware, there is possible system crash due to an integer ove ...) + TODO: check +CVE-2023-20689 (In wlan firmware, there is possible system crash due to an integer ove ...) + TODO: check CVE-2023-20688 (In power, there is a possible out of bounds read due to a missing boun ...) NOT-FOR-US: MediaTek CVE-2023-20687 (In display drm, there is a possible double free due to a race conditio ...) @@ -81025,8 +81038,8 @@ CVE-2022-32668 REJECTED CVE-2022-32667 REJECTED -CVE-2022-32666 - RESERVED +CVE-2022-32666 (In Wi-Fi, there is a possible low throughput due to misrepresentation ...) + TODO: check CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...) NOT-FOR-US: MediaTek CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...) @@ -95458,7 +95471,7 @@ CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise an NOT-FOR-US: WordPress plugin CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...) NOT-FOR-US: WordPress plugin -CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have authorisation a ...) +CVE-2022-1092 (The myCred WordPress plugin before 2.4.3.1 does not have authorisation ...) NOT-FOR-US: WordPress plugin CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...) NOT-FOR-US: WordPress plugin @@ -106116,7 +106129,7 @@ CVE-2022-0452 (Use after free in Safe Browsing in Google Chrome prior to 98.0.47 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...) NOT-FOR-US: Dart SDK -CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not ...) +CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac887516b01227d3bb3db535d2133926133445ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac887516b01227d3bb3db535d2133926133445ad You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits