[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 12 09:26:36 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72098f8b by Salvatore Bonaccorso at 2023-08-12T10:26:05+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1060,7 +1060,7 @@ CVE-2023-38157 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerab
CVE-2023-38045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Joomla advcomsys.com oneVote component
CVE-2023-38044 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Jooma extension
CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer over ...)
NOT-FOR-US: Netgear
CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a r ...)
@@ -17936,13 +17936,13 @@ CVE-2023-28717
CVE-2023-28711 (Insufficient control flow management in the Hyperscan Library maintain ...)
TODO: check
CVE-2023-28405 (Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28380 (Uncontrolled search path for the Intel(R) AI Hackathon software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27883
RESERVED
CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24592
RESERVED
CVE-2023-24591
@@ -18078,7 +18078,7 @@ CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mu
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29097
@@ -18640,7 +18640,7 @@ CVE-2023-28738
CVE-2023-28721
RESERVED
CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27517
RESERVED
CVE-2023-26589
@@ -18716,13 +18716,13 @@ CVE-2022-4934 (A post-auth command injection vulnerability in the exception wiza
CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of Sophos W ...)
NOT-FOR-US: Sophos
CVE-2023-28934 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28931 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28930
RESERVED
CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to ...)
@@ -19255,7 +19255,7 @@ CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimat
CVE-2023-28780
RESERVED
CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28777
@@ -19267,7 +19267,7 @@ CVE-2023-28775
CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -19513,7 +19513,7 @@ CVE-2023-28723
CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform certain ac ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28714 (Improper access control in firmware for some Intel(R) PROSet/Wireless ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28712 (Osprey Pump Controller version 1.01 contains an unauthenticated comman ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28710 (Improper Input Validation vulnerability in Apache Software Foundation ...)
@@ -19543,7 +19543,7 @@ CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an unauthenticat
CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak session to ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite for Wind ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28376
RESERVED
CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...)
@@ -20069,9 +20069,9 @@ CVE-2023-28578
CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no ch ...)
TODO: check
CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28574
RESERVED
CVE-2023-28573
@@ -20099,7 +20099,7 @@ CVE-2023-28563
CVE-2023-28562
RESERVED
CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28560
RESERVED
CVE-2023-28559
@@ -20111,7 +20111,7 @@ CVE-2023-28557
CVE-2023-28556
RESERVED
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28554
RESERVED
CVE-2023-28553
@@ -20147,7 +20147,7 @@ CVE-2023-28539
CVE-2023-28538
RESERVED
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28536
RESERVED
CVE-2023-28535
@@ -21704,7 +21704,7 @@ CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to t
CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...)
NOT-FOR-US: Gaia Portal
CVE-2023-28129 (Desktop & Server Management (DSM) may have a possible execution of arb ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
NOT-FOR-US: Avalanche
CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version 6.3.x and b ...)
@@ -23242,7 +23242,7 @@ CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-27628
RESERVED
CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27626
RESERVED
CVE-2023-27625
@@ -23421,17 +23421,17 @@ CVE-2023-27562 (The n8n package 0.218.0 for Node.js allows Directory Traversal.)
CVE-2023-27528
RESERVED
CVE-2023-27392 (Incorrect default permissions in the Intel(R) Support android applicat ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Intel(R) N ...)
NOT-FOR-US: Intel
CVE-2023-26587 (Improper input validation for the Intel(R) Easy Streaming Wizard softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-26586
RESERVED
CVE-2023-25951
RESERVED
CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25174
RESERVED
CVE-2023-24596
@@ -23651,13 +23651,13 @@ CVE-2023-27520 (Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON p
CVE-2023-27511
RESERVED
CVE-2023-27509 (Improper access control in some Intel(R) ISPC software installers befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27508
RESERVED
CVE-2023-27506 (Improper buffer restrictions in the Intel(R) Optimization for Tensorfl ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27505 (Incorrect default permissions in some Intel(R) Advanced Link Analyzer ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, ...)
NOT-FOR-US: SAP
CVE-2023-27500 (An attacker with non-administrative authorizations can exploit a direc ...)
@@ -23883,9 +23883,9 @@ CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy a
CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27422 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27421 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
NOT-FOR-US: WordPress theme
CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
@@ -23895,17 +23895,17 @@ CVE-2023-27418
CVE-2023-27417
RESERVED
CVE-2023-27416 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27412 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-27411 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
@@ -25108,7 +25108,7 @@ CVE-2023-26963
CVE-2023-26962
RESERVED
CVE-2023-26961 (Alteryx Server 2022.1.1.42590 does not employ file type verification f ...)
- TODO: check
+ NOT-FOR-US: Alteryx
CVE-2023-26960
RESERVED
CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL I ...)
@@ -26322,7 +26322,7 @@ CVE-2023-26466 (A user with non-Admin access can change a configuration file on
CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.)
NOT-FOR-US: Pega Platform
CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25779
RESERVED
CVE-2023-25777
@@ -27734,7 +27734,7 @@ CVE-2023-25986
CVE-2023-25985
RESERVED
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25983
RESERVED
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -27854,15 +27854,15 @@ CVE-2023-23904
CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...)
NOT-FOR-US: Intel
CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22444 (Improper initialization in some Intel(R) NUC 13 Extreme Compute Elemen ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22351
RESERVED
CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22329
RESERVED
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...)
@@ -27934,7 +27934,7 @@ CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versio
CVE-2023-0872
RESERVED
CVE-2023-0871 (XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and ver ...)
- TODO: check
+ NOT-FOR-US: OpenMNS
CVE-2023-0870 (A form can be manipulated with cross-site request forgery in multiple ...)
NOT-FOR-US: OpenNMS
CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of OpenNM ...)
@@ -28308,7 +28308,7 @@ CVE-2023-25780 (It is identified a vulnerability of insufficient authentication
CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
NOT-FOR-US: Intel
CVE-2023-25773 (Improper access control in the Intel(R) Unite(R) Hub software installe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-25767 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Cre ...)
@@ -28328,7 +28328,7 @@ CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not es
CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC firmwar ...)
NOT-FOR-US: Intel
CVE-2023-25182 (Uncontrolled search path element in the Intel(R) Unite(R) Client softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R) android app ...)
NOT-FOR-US: Intel
CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
@@ -29713,7 +29713,7 @@ CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25459 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25457
@@ -30702,7 +30702,7 @@ CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin
CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25063 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25062 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25061 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -31252,7 +31252,7 @@ CVE-2023-24857 (Microsoft PostScript and PCL6 Class Printer Driver Information D
CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
NOT-FOR-US: Microsoft
CVE-2023-24016 (Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and Collector sof ...)
NOT-FOR-US: Intel
CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...)
@@ -31308,7 +31308,7 @@ CVE-2023-24847
CVE-2023-24846
RESERVED
CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-24844
RESERVED
CVE-2023-24843
@@ -32151,13 +32151,13 @@ CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R) Xeon(R)
CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...)
NOT-FOR-US: Intel
CVE-2023-23577 (Uncontrolled search path element for some ITE Tech consumer infrared d ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-23544
RESERVED
CVE-2023-22841 (Unquoted search path in the software installer for the System Firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22840 (Improper neutralization in software for the Intel(R) oneVPL GPU softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22655
RESERVED
CVE-2023-22431
@@ -32821,7 +32821,7 @@ CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud
CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24412
RESERVED
CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -32829,7 +32829,7 @@ CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-24410
RESERVED
CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24407
@@ -32861,15 +32861,15 @@ CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterso
CVE-2023-24394
RESERVED
CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24391 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24390 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24389 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in bran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking ca ...)
NOT-FOR-US: WpDevArt Booking calendar, Appointment Booking System plugin
CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...)
@@ -33792,7 +33792,7 @@ CVE-2023-24011
CVE-2023-24010
RESERVED
CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...)
@@ -34121,7 +34121,7 @@ CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and
CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...)
NOT-FOR-US: open.rocket.chat
CVE-2023-23900 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -34161,13 +34161,13 @@ CVE-2023-23882
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23877 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23876 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hima ...)
@@ -34179,7 +34179,7 @@ CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23872
RESERVED
CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webd ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
@@ -34321,13 +34321,13 @@ CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pier ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23828 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23826 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23825
RESERVED
CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 versions.)
@@ -34383,7 +34383,7 @@ CVE-2023-23800
CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23796
@@ -34558,9 +34558,9 @@ CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterpri
CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...)
NOT-FOR-US: Facebook fizz
CVE-2023-23758 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2023-23757 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Joomla addon
CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...)
@@ -35936,9 +35936,9 @@ CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0
CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual edit of a ...)
NOT-FOR-US: HCL
CVE-2023-23347 (HCL DRYiCE iAutomate is affected by the use of a broken cryptographic ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-23346 (HCL DRYiCE MyCloud is affected by the use of a broken cryptographic al ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-23345
RESERVED
CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allows an ...)
@@ -35946,7 +35946,7 @@ CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allo
CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server v ...)
NOT-FOR-US: BigFix
CVE-2023-23342 (If certain local files are manipulated in a certain manner, the valida ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-23341
RESERVED
CVE-2023-23340
@@ -36848,11 +36848,11 @@ CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainm
CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoo ...)
NOT-FOR-US: Syracom Secure Login plugin
CVE-2023-22957 (An issue was discovered in libac_des3.so on AudioCodes VoIP desk phone ...)
- TODO: check
+ NOT-FOR-US: AudioCodes VoIP desk phones
CVE-2023-22956 (An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes VoIP desk phones
CVE-2023-22955 (An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes VoIP desk phones
CVE-2023-22954
RESERVED
CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be achieve ...)
@@ -37867,7 +37867,7 @@ CVE-2023-22430
CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22337
RESERVED
CVE-2023-22292
@@ -43502,7 +43502,7 @@ CVE-2023-21711
CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21709 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21708 (Remote Procedure Call Runtime Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability)
@@ -45363,17 +45363,17 @@ CVE-2023-21654
CVE-2023-21653
RESERVED
CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21650 (Memory Corruption in GPS HLOS Driver when injectFdclData receives data ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21649 (Memory corruption in WLAN while running doDriverCmd for an unspecific ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21646
RESERVED
CVE-2023-21645
@@ -45381,7 +45381,7 @@ CVE-2023-21645
CVE-2023-21644
RESERVED
CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
NOT-FOR-US: Qualcomm
CVE-2023-21641 (An app with non-privileged access can change global system brightness ...)
@@ -45413,11 +45413,11 @@ CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the
CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...)
NOT-FOR-US: Qualcomm
CVE-2023-21627 (Memory corruption in Trusted Execution Environment while calling servi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21626 (Cryptographic issue in HLOS due to improper authentication while perfo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21625 (Information disclosure in Network Services due to buffer over-read whi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.)
NOT-FOR-US: Qualcomm
CVE-2022-46750
@@ -45572,7 +45572,7 @@ CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus A
CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...)
NOT-FOR-US: Intel
CVE-2022-45112 (Improper access control in some Intel(R) VROC software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-44607
RESERVED
CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions prior t ...)
@@ -48186,7 +48186,7 @@ CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugin
CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45821 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45820 (SQL Injection (SQLi) vulnerability inLearnPress \u2013 WordPress LMS P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45819
@@ -50444,11 +50444,11 @@ CVE-2022-45114
CVE-2022-45109
RESERVED
CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM) software bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43477
RESERVED
CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...)
@@ -51294,7 +51294,7 @@ CVE-2022-43475 (Insecure storage of sensitive information in the Intel(R) DCM so
CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all versions may a ...)
NOT-FOR-US: Intel
CVE-2022-43456 (Uncontrolled search path in some Intel(R) RST software before versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before version 5 ...)
NOT-FOR-US: Intel
CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
@@ -52762,7 +52762,7 @@ CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability
CVE-2022-44630
RESERVED
CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cata ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jump ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72098f8baf13ec3ad0e859bf855f8bfee406bb42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72098f8baf13ec3ad0e859bf855f8bfee406bb42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230812/e0edac1e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list