[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 8 21:12:40 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
200a1cd6 by security tracker role at 2023-08-08T20:12:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,333 @@
+CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...)
+	TODO: check
+CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
+	TODO: check
+CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
+	TODO: check
+CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 i ...)
+	TODO: check
+CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...)
+	TODO: check
+CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...)
+	TODO: check
+CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...)
+	TODO: check
+CVE-2023-39518 (social-media-skeleton is an uncompleted social media project implement ...)
+	TODO: check
+CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...)
+	TODO: check
+CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
+	TODO: check
+CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...)
+	TODO: check
+CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow  ...)
+	TODO: check
+CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...)
+	TODO: check
+CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...)
+	TODO: check
+CVE-2023-38815
+	REJECTED
+CVE-2023-38814
+	REJECTED
+CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...)
+	TODO: check
+CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...)
+	TODO: check
+CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...)
+	TODO: check
+CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...)
+	TODO: check
+CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
+	TODO: check
+CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
+	TODO: check
+CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+	TODO: check
+CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+	TODO: check
+CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+	TODO: check
+CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All versions  ...)
+	TODO: check
+CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...)
+	TODO: check
+CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability)
+	TODO: check
+CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+	TODO: check
+CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability)
+	TODO: check
+CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...)
+	TODO: check
+CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
+	TODO: check
+CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
+	TODO: check
+CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
+	TODO: check
+CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
+	TODO: check
+CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
+	TODO: check
+CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
+	TODO: check
+CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
+	TODO: check
+CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
+	TODO: check
+CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
+	TODO: check
+CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...)
+	TODO: check
+CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...)
+	TODO: check
+CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+	TODO: check
+CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+	TODO: check
+CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass  ...)
+	TODO: check
+CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-36911 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36910 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36907 (Windows Cryptographic Services Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36906 (Windows Cryptographic Services Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...)
+	TODO: check
+CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+	TODO: check
+CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
+CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code Execution V ...)
+	TODO: check
+CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+	TODO: check
+CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability)
+	TODO: check
+CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...)
+	TODO: check
+CVE-2023-36873 (.NET Framework Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...)
+	TODO: check
+CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to execute arbitr ...)
+	TODO: check
+CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client  ...)
+	TODO: check
+CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client for Win ...)
+	TODO: check
+CVE-2023-36535 (Client-side enforcement of server-side security in Zoom clients before ...)
+	TODO: check
+CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before 5.14.7 may al ...)
+	TODO: check
+CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow ...)
+	TODO: check
+CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...)
+	TODO: check
+CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...)
+	TODO: check
+CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...)
+	TODO: check
+CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyz ...)
+	TODO: check
+CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...)
+	TODO: check
+CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability)
+	TODO: check
+CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability)
+	TODO: check
+CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...)
+	TODO: check
+CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of  ...)
+	TODO: check
+CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix ...)
+	TODO: check
+CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...)
+	TODO: check
+CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
+	TODO: check
 CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
@@ -148,7 +478,7 @@ CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v
 	NOT-FOR-US: Netgear
 CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain ...)
 	NOT-FOR-US: Netgear
-CVE-2023-38704 (`import-in-the-middle` is a module loading interceptor specifically fo ...)
+CVE-2023-38704 (import-in-the-middle is a module loading interceptor specifically for  ...)
 	TODO: check
 CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer o ...)
 	NOT-FOR-US: Netgear
@@ -889,7 +1219,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
 CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox  ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -899,7 +1229,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Fir
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
 CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -931,7 +1261,7 @@ CVE-2023-4051 (A website could have obscured the full screen notification by usi
 	- firefox 116.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer  ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -941,7 +1271,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack bu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
 CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -951,7 +1281,7 @@ CVE-2023-4049 (Race conditions in reference counting code were found through cod
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
 CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -961,7 +1291,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
 CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -971,7 +1301,7 @@ CVE-2023-4047 (A bug in popup notifications delay calculation could have made it
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
 CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -981,7 +1311,7 @@ CVE-2023-4046 (In some circumstances, a stale value could have been used for a g
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
 CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
-	{DSA-5469-1 DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -2715,7 +3045,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer over
 CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...)
 	NOT-FOR-US: Knowage
 CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...)
-	{DLA-3515-1}
+	{DSA-5472-1 DLA-3515-1}
 	- cjose 0.6.2.2-1 (bug #1041423)
 	NOTE: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
 	NOTE: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2)
@@ -3444,7 +3774,7 @@ CVE-2023-37247 (A vulnerability has been identified in Tecnomatix Plant Simulati
 	NOT-FOR-US: Siemens
 CVE-2023-37246 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
 	NOT-FOR-US: Siemens
-CVE-2023-36884 (Microsoft is investigating reports of a series of remote code executio ...)
+CVE-2023-36884 (Windows Search Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-36874 (Windows Error Reporting Service Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -8017,7 +8347,7 @@ CVE-2023-33960 (OpenProject is web-based project management software. For any Op
 	NOT-FOR-US: OpenProject
 CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...)
 	NOT-FOR-US: eMedia Consulting simpleRedak
-CVE-2023-33756
+CVE-2023-33756 (An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and belo ...)
 	- foswiki <itp> (bug #509864)
 CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...)
 	NOT-FOR-US: Inpiazza Cloud WiFi
@@ -10980,8 +11310,8 @@ CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to
 	NOT-FOR-US: WP Activity Log Premium plugin for WordPress
 CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing Servic ...)
 	NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima
-CVE-2023-31221
-	RESERVED
+CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...)
+	TODO: check
 CVE-2023-31220
 	RESERVED
 CVE-2023-31219
@@ -11774,7 +12104,7 @@ CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...)
 	NOT-FOR-US: MAXTECH
 CVE-2023-2230
-	RESERVED
+	REJECTED
 CVE-2023-2229
 	RESERVED
 CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
@@ -12166,10 +12496,10 @@ CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framewo
 	NOTE: https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
 CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...)
 	NOT-FOR-US: Netflix Lemur
-CVE-2023-30796
-	RESERVED
-CVE-2023-30795
-	RESERVED
+CVE-2023-30796 (A vulnerability has been identified in JT Open (All versions < V11.4), ...)
+	TODO: check
+CVE-2023-30795 (A vulnerability has been identified in JT Open (All versions < V11.4), ...)
+	TODO: check
 CVE-2023-2166 (A null pointer dereference issue was found in can protocol in net/can/ ...)
 	- linux 6.1.4-1
 	[bullseye] - linux 5.10.162-1
@@ -13445,8 +13775,8 @@ CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30483
 	RESERVED
-CVE-2023-30482
-	RESERVED
+CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-30481
 	RESERVED
 CVE-2023-30480
@@ -16463,12 +16793,12 @@ CVE-2023-29332
 	RESERVED
 CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
-CVE-2023-29330
-	RESERVED
+CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability)
+	TODO: check
 CVE-2023-29329
 	RESERVED
-CVE-2023-29328
-	RESERVED
+CVE-2023-29328 (Microsoft Teams Remote Code Execution Vulnerability)
+	TODO: check
 CVE-2023-29327
 	RESERVED
 CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
@@ -17137,8 +17467,8 @@ CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mu
 	NOT-FOR-US: Muffingroup
 CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-29099
-	RESERVED
+CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-29097
@@ -17775,14 +18105,14 @@ CVE-2022-4934 (A post-auth command injection vulnerability in the exception wiza
 	NOT-FOR-US: Sophos
 CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of Sophos W ...)
 	NOT-FOR-US: Sophos
-CVE-2023-28934
-	RESERVED
+CVE-2023-28934 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
+	TODO: check
 CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28931
-	RESERVED
+CVE-2023-28931 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neve ...)
+	TODO: check
 CVE-2023-28930
 	RESERVED
 CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to ...)
@@ -18176,8 +18506,8 @@ CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
 	NOT-FOR-US: Siemens
 CVE-2023-28831
 	RESERVED
-CVE-2023-28830
-	RESERVED
+CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
+	TODO: check
 CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...)
 	NOT-FOR-US: Siemens
 CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
@@ -18326,8 +18656,8 @@ CVE-2023-28775
 	RESERVED
 CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28773
-	RESERVED
+CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
@@ -19126,12 +19456,12 @@ CVE-2023-28579
 	RESERVED
 CVE-2023-28578
 	RESERVED
-CVE-2023-28577
-	RESERVED
-CVE-2023-28576
-	RESERVED
-CVE-2023-28575
-	RESERVED
+CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no ch ...)
+	TODO: check
+CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may ...)
+	TODO: check
+CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...)
+	TODO: check
 CVE-2023-28574
 	RESERVED
 CVE-2023-28573
@@ -19158,8 +19488,8 @@ CVE-2023-28563
 	RESERVED
 CVE-2023-28562
 	RESERVED
-CVE-2023-28561
-	RESERVED
+CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...)
+	TODO: check
 CVE-2023-28560
 	RESERVED
 CVE-2023-28559
@@ -19170,8 +19500,8 @@ CVE-2023-28557
 	RESERVED
 CVE-2023-28556
 	RESERVED
-CVE-2023-28555
-	RESERVED
+CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...)
+	TODO: check
 CVE-2023-28554
 	RESERVED
 CVE-2023-28553
@@ -19206,8 +19536,8 @@ CVE-2023-28539
 	RESERVED
 CVE-2023-28538
 	RESERVED
-CVE-2023-28537
-	RESERVED
+CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
+	TODO: check
 CVE-2023-28536
 	RESERVED
 CVE-2023-28535
@@ -22301,8 +22631,8 @@ CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27628
 	RESERVED
-CVE-2023-27627
-	RESERVED
+CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...)
+	TODO: check
 CVE-2023-27626
 	RESERVED
 CVE-2023-27625
@@ -22942,10 +23272,10 @@ CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy a
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-27422
-	RESERVED
-CVE-2023-27421
-	RESERVED
+CVE-2023-27422 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...)
+	TODO: check
+CVE-2023-27421 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest  ...)
+	TODO: check
 CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest  ...)
 	NOT-FOR-US: WordPress theme
 CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest  ...)
@@ -22954,18 +23284,18 @@ CVE-2023-27418
 	RESERVED
 CVE-2023-27417
 	RESERVED
-CVE-2023-27416
-	RESERVED
-CVE-2023-27415
-	RESERVED
+CVE-2023-27416 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deco ...)
+	TODO: check
+CVE-2023-27415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...)
+	TODO: check
 CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-27412
-	RESERVED
-CVE-2023-27411
-	RESERVED
+CVE-2023-27412 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest  ...)
+	TODO: check
+CVE-2023-27411 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+	TODO: check
 CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions  ...)
 	NOT-FOR-US: Siemens
 CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions  ...)
@@ -24167,8 +24497,8 @@ CVE-2023-26963
 	RESERVED
 CVE-2023-26962
 	RESERVED
-CVE-2023-26961
-	RESERVED
+CVE-2023-26961 (Alteryx Server 2022.1.1.42590 does not employ file type verification f ...)
+	TODO: check
 CVE-2023-26960
 	RESERVED
 CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL I ...)
@@ -26792,8 +27122,8 @@ CVE-2023-25986
 	RESERVED
 CVE-2023-25985
 	RESERVED
-CVE-2023-25984
-	RESERVED
+CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...)
+	TODO: check
 CVE-2023-25983
 	RESERVED
 CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -28771,8 +29101,8 @@ CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25459
-	RESERVED
+CVE-2023-25459 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Post ...)
+	TODO: check
 CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25457
@@ -29760,8 +30090,8 @@ CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25063
-	RESERVED
+CVE-2023-25063 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anad ...)
+	TODO: check
 CVE-2023-25062 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25061 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -30366,8 +30696,8 @@ CVE-2023-24847
 	RESERVED
 CVE-2023-24846
 	RESERVED
-CVE-2023-24845
-	RESERVED
+CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
+	TODO: check
 CVE-2023-24844
 	RESERVED
 CVE-2023-24843
@@ -30790,8 +31120,7 @@ CVE-2023-24700
 	RESERVED
 CVE-2023-24699
 	RESERVED
-CVE-2023-24698
-	RESERVED
+CVE-2023-24698 (Insufficient parameter validation in the Foswiki::Sandbox component of ...)
 	- foswiki <itp> (bug #509864)
 CVE-2023-24697
 	RESERVED
@@ -31880,16 +32209,16 @@ CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-24413
-	RESERVED
+CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+	TODO: check
 CVE-2023-24412
 	RESERVED
 CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24410
 	RESERVED
-CVE-2023-24409
-	RESERVED
+CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+	TODO: check
 CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24407
@@ -33220,14 +33549,14 @@ CVE-2023-23882
 	RESERVED
 CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23880
-	RESERVED
+CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23877
-	RESERVED
+CVE-2023-23877 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-23876 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hima ...)
@@ -33380,8 +33709,8 @@ CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23829
-	RESERVED
+CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pier ...)
+	TODO: check
 CVE-2023-23828
 	RESERVED
 CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...)
@@ -37332,8 +37661,8 @@ CVE-2023-22668
 	RESERVED
 CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the  ...)
 	NOT-FOR-US: Qualcomm
-CVE-2023-22666
-	RESERVED
+CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...)
+	TODO: check
 CVE-2023-0094
 	RESERVED
 CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are  ...)
@@ -42561,8 +42890,8 @@ CVE-2023-21711
 	RESERVED
 CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-21709
-	RESERVED
+CVE-2023-21709 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
+	TODO: check
 CVE-2023-21708 (Remote Procedure Call Runtime Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability)
@@ -44417,26 +44746,26 @@ CVE-2023-21654
 	RESERVED
 CVE-2023-21653
 	RESERVED
-CVE-2023-21652
-	RESERVED
-CVE-2023-21651
-	RESERVED
-CVE-2023-21650
-	RESERVED
-CVE-2023-21649
-	RESERVED
-CVE-2023-21648
-	RESERVED
-CVE-2023-21647
-	RESERVED
+CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...)
+	TODO: check
+CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in  ...)
+	TODO: check
+CVE-2023-21650 (Memory Corruption in GPS HLOS Driver when injectFdclData receives data ...)
+	TODO: check
+CVE-2023-21649 (Memory corruption in WLAN while running doDriverCmd for an unspecific  ...)
+	TODO: check
+CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.)
+	TODO: check
+CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...)
+	TODO: check
 CVE-2023-21646
 	RESERVED
 CVE-2023-21645
 	RESERVED
 CVE-2023-21644
 	RESERVED
-CVE-2023-21643
-	RESERVED
+CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...)
+	TODO: check
 CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-21641 (An app with non-privileged access can change global system brightness  ...)
@@ -44467,12 +44796,12 @@ CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the
 	NOT-FOR-US: Qualcomm
 CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM  ...)
 	NOT-FOR-US: Qualcomm
-CVE-2023-21627
-	RESERVED
-CVE-2023-21626
-	RESERVED
-CVE-2023-21625
-	RESERVED
+CVE-2023-21627 (Memory corruption in Trusted Execution Environment while calling servi ...)
+	TODO: check
+CVE-2023-21626 (Cryptographic issue in HLOS due to improper authentication while perfo ...)
+	TODO: check
+CVE-2023-21625 (Information disclosure in Network Services due to buffer over-read whi ...)
+	TODO: check
 CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.)
 	NOT-FOR-US: Qualcomm
 CVE-2022-46750
@@ -46884,7 +47213,7 @@ CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
 CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies microeisbss th ...)
 	NOT-FOR-US: Comcast Defined Technologies microeisbss
-CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
+CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Siemens
 CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...)
 	NOT-FOR-US: Siemens
@@ -47201,8 +47530,8 @@ CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugin
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45821
-	RESERVED
+CVE-2022-45821 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2022-45820 (SQL Injection (SQLi) vulnerability inLearnPress \u2013 WordPress LMS P ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45819
@@ -54057,14 +54386,14 @@ CVE-2023-20591
 	RESERVED
 CVE-2023-20590
 	RESERVED
-CVE-2023-20589
-	RESERVED
-CVE-2023-20588
-	RESERVED
+CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...)
+	TODO: check
+CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...)
+	TODO: check
 CVE-2023-20587
 	RESERVED
-CVE-2023-20586
-	RESERVED
+CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...)
+	TODO: check
 CVE-2023-20585
 	RESERVED
 CVE-2023-20584
@@ -54097,8 +54426,7 @@ CVE-2023-20571
 	RESERVED
 CVE-2023-20570
 	RESERVED
-CVE-2023-20569
-	RESERVED
+CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...)
 	- amd64-microcode 3.20230719.1
 	[bookworm] - amd64-microcode 3.20230719.1~deb12u1
 	[bullseye] - amd64-microcode 3.20230719.1~deb11u1
@@ -54124,10 +54452,10 @@ CVE-2023-20564
 	RESERVED
 CVE-2023-20563
 	RESERVED
-CVE-2023-20562
-	RESERVED
-CVE-2023-20561
-	RESERVED
+CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) input buff ...)
+	TODO: check
+CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) input buff ...)
+	TODO: check
 CVE-2023-20560
 	RESERVED
 CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may allow a  ...)
@@ -54136,10 +54464,10 @@ CVE-2023-20558 (Insufficient control flow management in AmdCpmOemSmm may allow a
 	NOT-FOR-US: AMD
 CVE-2023-20557
 	RESERVED
-CVE-2023-20556
-	RESERVED
-CVE-2023-20555
-	RESERVED
+CVE-2023-20556 (Insufficient validation of the IOCTL (Input Output Control) input buff ...)
+	TODO: check
+CVE-2023-20555 (Insufficient input validation in CpmDisplayFeatureSmm may allow an att ...)
+	TODO: check
 CVE-2023-20554
 	RESERVED
 CVE-2023-20553
@@ -64865,8 +65193,8 @@ CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while pro
 	NOT-FOR-US: Snapdragon
 CVE-2022-40511
 	RESERVED
-CVE-2022-40510
-	RESERVED
+CVE-2022-40510 (Memory corruption due to buffer copy without checking size of input in ...)
+	TODO: check
 CVE-2022-40509
 	RESERVED
 CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while processing con ...)
@@ -68468,8 +68796,8 @@ CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) fr
 	NOT-FOR-US: Ikea
 CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...)
 	NOT-FOR-US: Open5GS UPF
-CVE-2022-39062
-	RESERVED
+CVE-2022-39062 (A vulnerability has been identified in SICAM TOOLBOX II (All versions  ...)
+	TODO: check
 CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a vulnerability of Out ...)
 	NOT-FOR-US: ChangingTech MegaServiSignAdapter
 CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a vulnerability of imp ...)
@@ -136371,8 +136699,8 @@ CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All
 	NOT-FOR-US: Siemens
 CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...)
 	NOT-FOR-US: Siemens
-CVE-2021-41544
-	RESERVED
+CVE-2021-41544 (A vulnerability has been identified in Siemens Software Center (All ve ...)
+	TODO: check
 CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
@@ -177136,7 +177464,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command
 	NOT-FOR-US: Node async-git
 CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
 	NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2021-25677 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...)
 	NOT-FOR-US: Siemens
@@ -199801,7 +200129,7 @@ CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (
 	NOT-FOR-US: Siemens
 CVE-2020-28389
 	RESERVED
-CVE-2020-28388 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
+CVE-2020-28388 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
@@ -203372,11 +203700,11 @@ CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit throug
 	- webcit <removed> (bug #973385)
 	[buster] - webcit <ignored> (Minor issue)
 	[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2020-27738 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2020-27737 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2020-27736 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
 	NOT-FOR-US: Wing FTP
@@ -205454,7 +205782,7 @@ CVE-2020-27011
 	RESERVED
 CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
 	NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All versions < V5. ...)
+CVE-2020-27009 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions < V13.1.0.1 ...)
 	NOT-FOR-US: JT2Go
@@ -230628,7 +230956,7 @@ CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All
 	NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
 	NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All versions < V5. ...)
+CVE-2020-15795 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions).  ...)
 	NOT-FOR-US: Desigo Insight



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200a1cd6bfde7ec6ac01a3594afcd4f05fc31373

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200a1cd6bfde7ec6ac01a3594afcd4f05fc31373
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230808/762321f6/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list