[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 10 21:12:21 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ba1fa0e by security tracker role at 2023-08-10T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized loss ...)
+	TODO: check
+CVE-2023-4275
+	REJECTED
+CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifiers ( ...)
+	TODO: check
+CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count bounds chec ...)
+	TODO: check
+CVE-2023-39966 (1Panel is an open source Linux server operation and maintenance manage ...)
+	TODO: check
+CVE-2023-39965 (1Panel is an open source Linux server operation and maintenance manage ...)
+	TODO: check
+CVE-2023-39964 (1Panel is an open source Linux server operation and maintenance manage ...)
+	TODO: check
+CVE-2023-39963 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-39962 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-39961 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-39959 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio calls thr ...)
+	TODO: check
+CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...)
+	TODO: check
+CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
+	TODO: check
+CVE-2023-39953 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
+	TODO: check
+CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2023-39805 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2023-39776 (A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 a ...)
+	TODO: check
+CVE-2023-39314 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa ...)
+	TODO: check
+CVE-2023-38830 (An information leak in PHPJabbers Yacht Listing Script v1.0 allows att ...)
+	TODO: check
+CVE-2023-38397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Egge ...)
+	TODO: check
+CVE-2023-38248 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38247 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38246 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38245 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38244 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38243 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38242 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38241 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38240 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38239 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38238 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38237 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38236 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38235 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38234 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38233 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38232 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38231 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38230 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38229 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38228 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38227 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38226 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38225 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38224 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38223 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38222 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
+CVE-2023-38210 (Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resou ...)
+	TODO: check
+CVE-2023-38034 (A command injection vulnerability in the DHCP Client function of all U ...)
+	TODO: check
+CVE-2023-37988 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative ...)
+	TODO: check
+CVE-2023-37983 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-37734 (EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a ...)
+	TODO: check
+CVE-2023-37625 (A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 all ...)
+	TODO: check
+CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for  ...)
+	TODO: check
+CVE-2023-37388 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudi ...)
+	TODO: check
+CVE-2023-37069 (Code-Projects Online Hospital Management System V1.0 is vulnerable to  ...)
+	TODO: check
+CVE-2023-36530 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smar ...)
+	TODO: check
+CVE-2023-36315 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...)
+	TODO: check
+CVE-2023-36314 (There is a Cross Site Scripting (XSS) vulnerability in the value-text- ...)
+	TODO: check
+CVE-2023-36313 (PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting ...)
+	TODO: check
+CVE-2023-36312 (There is a Cross Site Scripting (XSS) vulnerability in the value-enum- ...)
+	TODO: check
+CVE-2023-36311 (There is a SQL injection (SQLi) vulnerability in the "column" paramete ...)
+	TODO: check
+CVE-2023-36310 (There is a Cross Site Scripting (XSS) vulnerability in the "column" pa ...)
+	TODO: check
+CVE-2023-36309 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...)
+	TODO: check
+CVE-2023-35085 (An integer overflow vulnerability in all UniFi Access Points and Switc ...)
+	TODO: check
+CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rah ...)
+	TODO: check
+CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in  ...)
+	TODO: check
+CVE-2023-32566 (An attacker can send a specially crafted request which could lead to l ...)
+	TODO: check
+CVE-2023-32565 (An attacker can send a specially crafted request which could lead to l ...)
+	TODO: check
+CVE-2023-32564 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+	TODO: check
+CVE-2023-32563 (An unauthenticated attacker could achieve the code execution through a ...)
+	TODO: check
+CVE-2023-32562 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+	TODO: check
+CVE-2023-32561 (A previously generated artifact by an administrator could be accessed  ...)
+	TODO: check
+CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...)
+	TODO: check
 CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
 	- postgresql-15 15.4-1
 	- postgresql-13 <not-affected> (Only affects 15.x)
@@ -656,7 +812,8 @@ CVE-2023-36923 (SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.
 	NOT-FOR-US: SAP
 CVE-2023-33993 (B1i module of SAP Business One - version 10.0, application allows an a ...)
 	NOT-FOR-US: SAP
-CVE-2023-4205 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
+CVE-2023-4205
+	REJECTED
 	- linux <unfixed>
 	NOTE: https://www.spinics.net/lists/kernel/msg4876594.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2228101
@@ -11610,8 +11767,8 @@ CVE-2023-31211
 	RESERVED
 CVE-2023-31210
 	RESERVED
-CVE-2023-31209
-	RESERVED
+CVE-2023-31209 (Improper neutralization of active check command arguments in Checkmk < ...)
+	TODO: check
 CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the RestAP ...)
 	- check-mk <removed>
 CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <= 2.1. ...)
@@ -14055,8 +14212,8 @@ CVE-2023-30483
 	RESERVED
 CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	TODO: check
-CVE-2023-30481
-	RESERVED
+CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...)
+	TODO: check
 CVE-2023-30480
 	RESERVED
 CVE-2023-30479
@@ -17100,8 +17257,8 @@ CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affe
 	NOT-FOR-US: Adobe
 CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...)
 	NOT-FOR-US: Adobe
-CVE-2023-29320
-	RESERVED
+CVE-2023-29320 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
 CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
 	NOT-FOR-US: Adobe
 CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
@@ -17134,16 +17291,16 @@ CVE-2023-29305
 	RESERVED
 CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
 	NOT-FOR-US: Adobe
-CVE-2023-29303
-	RESERVED
+CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
 CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
 	NOT-FOR-US: Adobe
 CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier)  ...)
 	NOT-FOR-US: Adobe
 CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier)  ...)
 	NOT-FOR-US: Adobe
-CVE-2023-29299
-	RESERVED
+CVE-2023-29299 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
+	TODO: check
 CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier)  ...)
 	NOT-FOR-US: Adobe
 CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
@@ -18927,8 +19084,8 @@ CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimat
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28780
 	RESERVED
-CVE-2023-28779
-	RESERVED
+CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir ...)
+	TODO: check
 CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28777
@@ -21376,8 +21533,8 @@ CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to t
 	NOT-FOR-US: expo.io
 CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...)
 	NOT-FOR-US: Gaia Portal
-CVE-2023-28129
-	RESERVED
+CVE-2023-28129 (Desktop & Server Management (DSM) may have a possible execution of arb ...)
+	TODO: check
 CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
 	NOT-FOR-US: Avalanche
 CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version 6.3.x and b ...)
@@ -26447,12 +26604,12 @@ CVE-2023-26313
 	RESERVED
 CVE-2023-26312
 	RESERVED
-CVE-2023-26311
-	RESERVED
+CVE-2023-26311 (A remote code execution vulnerability in the webview component of OPPO ...)
+	TODO: check
 CVE-2023-26310 (There is a command injection problem in the old version of the mobile  ...)
 	TODO: check
-CVE-2023-26309
-	RESERVED
+CVE-2023-26309 (A remote code execution vulnerability in the webview component of OneP ...)
+	TODO: check
 CVE-2023-26308
 	RESERVED
 CVE-2023-26307
@@ -31817,6 +31974,7 @@ CVE-2023-24543
 	RESERVED
 CVE-2023-23908
 	RESERVED
+	{DSA-5474-1}
 	- intel-microcode 3.20230808.1 (bug #1043305)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -32532,16 +32690,16 @@ CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterso
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24394
 	RESERVED
-CVE-2023-24393
-	RESERVED
+CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
+	TODO: check
 CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-24391
-	RESERVED
+CVE-2023-24391 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spid ...)
+	TODO: check
 CVE-2023-24390 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSe ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-24389
-	RESERVED
+CVE-2023-24389 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in bran ...)
+	TODO: check
 CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking ca ...)
 	NOT-FOR-US: WpDevArt Booking calendar, Appointment Booking System plugin
 CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...)
@@ -33463,8 +33621,8 @@ CVE-2023-24011
 	RESERVED
 CVE-2023-24010
 	RESERVED
-CVE-2023-24009
-	RESERVED
+CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...)
+	TODO: check
 CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...)
@@ -33792,8 +33950,8 @@ CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and
 	NOT-FOR-US: EdgeRouters
 CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...)
 	NOT-FOR-US: open.rocket.chat
-CVE-2023-23900
-	RESERVED
+CVE-2023-23900 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, I ...)
+	TODO: check
 CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -33850,8 +34008,8 @@ CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23872
 	RESERVED
-CVE-2023-23871
-	RESERVED
+CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webd ...)
+	TODO: check
 CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
@@ -33994,12 +34152,12 @@ CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pr
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pier ...)
 	TODO: check
-CVE-2023-23828
-	RESERVED
+CVE-2023-23828 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23826
-	RESERVED
+CVE-2023-23826 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-23825
 	RESERVED
 CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 versions.)
@@ -34054,8 +34212,8 @@ CVE-2023-23800
 	RESERVED
 CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leon ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23798
-	RESERVED
+CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23796
@@ -35617,8 +35775,8 @@ CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allo
 	NOT-FOR-US: BigFix
 CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server v ...)
 	NOT-FOR-US: BigFix
-CVE-2023-23342
-	RESERVED
+CVE-2023-23342 (If certain local files are manipulated in a certain manner, the valida ...)
+	TODO: check
 CVE-2023-23341
 	RESERVED
 CVE-2023-23340
@@ -40986,8 +41144,8 @@ CVE-2022-47638
 	RESERVED
 CVE-2022-47637
 	RESERVED
-CVE-2022-47636
-	RESERVED
+CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in OutSystems Servic ...)
+	TODO: check
 CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)
 	NOT-FOR-US: Wildix CMS
 CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17 ...)
@@ -52433,8 +52591,8 @@ CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44630
 	RESERVED
-CVE-2022-44629
-	RESERVED
+CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cata ...)
+	TODO: check
 CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jump ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
@@ -54761,6 +54919,7 @@ CVE-2023-20571
 CVE-2023-20570
 	RESERVED
 CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...)
+	{DSA-5475-1 DLA-3525-1}
 	- amd64-microcode 3.20230719.1
 	[bookworm] - amd64-microcode 3.20230719.1~deb12u1
 	[bullseye] - amd64-microcode 3.20230719.1~deb11u1
@@ -62069,6 +62228,7 @@ CVE-2022-41815
 	RESERVED
 CVE-2022-41804
 	RESERVED
+	{DSA-5474-1}
 	- intel-microcode 3.20230808.1 (bug #1043305)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -62816,6 +62976,7 @@ CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter instal
 	NOT-FOR-US: Intel
 CVE-2022-40982
 	RESERVED
+	{DSA-5475-1 DSA-5474-1 DLA-3525-1 DLA-3524-1}
 	- linux 6.4.4-3
 	- intel-microcode 3.20230808.1 (bug #1043305)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/5
@@ -101277,8 +101438,8 @@ CVE-2022-27863 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Bo
 	NOT-FOR-US: Vikbooking
 CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Bo ...)
 	NOT-FOR-US: Vikbooking
-CVE-2022-27861
-	RESERVED
+CVE-2022-27861 (Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <=4 ...)
+	TODO: check
 CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ba1fa0eb6e0c384bc8f50ccd4ad74dcf7a2927d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ba1fa0eb6e0c384bc8f50ccd4ad74dcf7a2927d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/d63cda8f/attachment.htm>


More information about the debian-security-tracker-commits mailing list