[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 4 09:12:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac887516 by security tracker role at 2023-07-04T08:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...)
+ TODO: check
+CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...)
+ TODO: check
+CVE-2023-3133 (The Tutor LMS WordPress plugin before 2.2.1 does not implement adequat ...)
+ TODO: check
+CVE-2023-2333 (The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, ...)
+ TODO: check
+CVE-2023-2324 (The Elementor Forms Google Sheet Connector WordPress plugin before 1.0 ...)
+ TODO: check
+CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gshe ...)
+ TODO: check
+CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...)
+ TODO: check
CVE-2023-36813 [Multiple Authenticated SQL Injections]
- kanboard 1.2.31+ds-1 (bug #1040265)
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
@@ -6841,8 +6855,8 @@ CVE-2023-30992
RESERVED
CVE-2023-30991
RESERVED
-CVE-2023-30990
- RESERVED
+CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...)
+ TODO: check
CVE-2023-30989
RESERVED
CVE-2023-30988
@@ -8483,8 +8497,8 @@ CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Polluti
NOT-FOR-US: SheetJS
CVE-2023-2011
RESERVED
-CVE-2023-2010
- RESERVED
+CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...)
+ TODO: check
CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...)
@@ -14377,10 +14391,10 @@ CVE-2023-28544
RESERVED
CVE-2023-28543
RESERVED
-CVE-2023-28542
- RESERVED
-CVE-2023-28541
- RESERVED
+CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.)
+ TODO: check
+CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
+ TODO: check
CVE-2023-28540
RESERVED
CVE-2023-28539
@@ -16533,8 +16547,8 @@ CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCode
NOT-FOR-US: SourceCodester Phone Shop Sales Managements System
CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1273
- RESERVED
+CVE-2023-1273 (The ND Shortcodes WordPress plugin before 7.0 does not validate some s ...)
+ TODO: check
CVE-2023-1272
RESERVED
CVE-2023-1271
@@ -23597,22 +23611,21 @@ CVE-2023-25525
RESERVED
CVE-2023-25524
RESERVED
-CVE-2023-25523
- RESERVED
-CVE-2023-25522
- RESERVED
-CVE-2023-25521
- RESERVED
+CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
+ TODO: check
+CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...)
+ TODO: check
+CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...)
+ TODO: check
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...)
TODO: check
CVE-2023-25519
RESERVED
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
TODO: check
-CVE-2023-25517
- RESERVED
-CVE-2023-25516
- RESERVED
+CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
- nvidia-graphics-drivers-tesla <unfixed> (bug #1039685)
@@ -23636,7 +23649,7 @@ CVE-2023-25516
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
-CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
+CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
- nvidia-graphics-drivers-tesla <unfixed> (bug #1039685)
@@ -25409,14 +25422,14 @@ CVE-2023-0601
RESERVED
CVE-2023-24855
RESERVED
-CVE-2023-24854
- RESERVED
+CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...)
+ TODO: check
CVE-2023-24853
RESERVED
CVE-2023-24852
RESERVED
-CVE-2023-24851
- RESERVED
+CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
+ TODO: check
CVE-2023-24850
RESERVED
CVE-2023-24849
@@ -31471,8 +31484,8 @@ CVE-2023-XXXX [kodi: VideoPlayerCodec: Stop dividing by zero]
NOTE: https://github.com/xbmc/xbmc/pull/22391
CVE-2023-22907
RESERVED
-CVE-2023-22906
- RESERVED
+CVE-2023-22906 (Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with roo ...)
+ TODO: check
CVE-2023-22905
RESERVED
CVE-2023-22904
@@ -32378,8 +32391,8 @@ CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-22668
RESERVED
-CVE-2023-22667
- RESERVED
+CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...)
+ TODO: check
CVE-2023-22666
RESERVED
CVE-2023-0094
@@ -34709,10 +34722,10 @@ CVE-2021-4275 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: pyambic-pentameter
CVE-2023-22388
RESERVED
-CVE-2023-22387
- RESERVED
-CVE-2023-22386
- RESERVED
+CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...)
+ TODO: check
+CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
+ TODO: check
CVE-2023-22385
RESERVED
CVE-2023-22384
@@ -34777,8 +34790,8 @@ CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4623
- RESERVED
+CVE-2022-4623 (The ND Shortcodes WordPress plugin before 7.0 does not validate and es ...)
+ TODO: check
CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...)
NOT-FOR-US: VISAM VBASE Automation Base
CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...)
@@ -39409,8 +39422,8 @@ CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote
NOT-FOR-US: CODESYS
CVE-2023-21673
RESERVED
-CVE-2023-21672
- RESERVED
+CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
+ TODO: check
CVE-2023-21671
RESERVED
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...)
@@ -39471,32 +39484,32 @@ CVE-2023-21643
RESERVED
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21641
- RESERVED
-CVE-2023-21640
- RESERVED
-CVE-2023-21639
- RESERVED
-CVE-2023-21638
- RESERVED
-CVE-2023-21637
- RESERVED
+CVE-2023-21641 (An app with non-privileged access can change global system brightness ...)
+ TODO: check
+CVE-2023-21640 (Memory corruption in Linux when the file upload API is called with par ...)
+ TODO: check
+CVE-2023-21639 (Memory corruption in Audio while processing sva_model_serializer using ...)
+ TODO: check
+CVE-2023-21638 (Memory corruption in Video while calling APIs with different instance ...)
+ TODO: check
+CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.)
+ TODO: check
CVE-2023-21636
RESERVED
-CVE-2023-21635
- RESERVED
+CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...)
+ TODO: check
CVE-2023-21634
RESERVED
-CVE-2023-21633
- RESERVED
+CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...)
+ TODO: check
CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.)
NOT-FOR-US: Qualcomm
-CVE-2023-21631
- RESERVED
+CVE-2023-21631 (Weak Configuration due to improper input validation in Modem while pro ...)
+ TODO: check
CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflow when ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21629
- RESERVED
+CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the PKCS15 ...)
+ TODO: check
CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...)
NOT-FOR-US: Qualcomm
CVE-2023-21627
@@ -39505,8 +39518,8 @@ CVE-2023-21626
RESERVED
CVE-2023-21625
RESERVED
-CVE-2023-21624
- RESERVED
+CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.)
+ TODO: check
CVE-2022-46750
REJECTED
CVE-2022-46749
@@ -48623,26 +48636,26 @@ CVE-2023-20777
RESERVED
CVE-2023-20776
RESERVED
-CVE-2023-20775
- RESERVED
-CVE-2023-20774
- RESERVED
-CVE-2023-20773
- RESERVED
-CVE-2023-20772
- RESERVED
-CVE-2023-20771
- RESERVED
+CVE-2023-20775 (In display, there is a possible out of bounds write due to a missing b ...)
+ TODO: check
+CVE-2023-20774 (In display, there is a possible out of bounds read due to a missing bo ...)
+ TODO: check
+CVE-2023-20773 (In vow, there is a possible escalation of privilege due to a missing p ...)
+ TODO: check
+CVE-2023-20772 (In vow, there is a possible escalation of privilege due to a missing p ...)
+ TODO: check
+CVE-2023-20771 (In display, there is a possible memory corruption due to a race condit ...)
+ TODO: check
CVE-2023-20770
RESERVED
CVE-2023-20769
RESERVED
-CVE-2023-20768
- RESERVED
-CVE-2023-20767
- RESERVED
-CVE-2023-20766
- RESERVED
+CVE-2023-20768 (In ion, there is a possible out of bounds read due to type confusion. ...)
+ TODO: check
+CVE-2023-20767 (In pqframework, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2023-20766 (In gps, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2023-20765
RESERVED
CVE-2023-20764
@@ -48651,24 +48664,24 @@ CVE-2023-20763
RESERVED
CVE-2023-20762
RESERVED
-CVE-2023-20761
- RESERVED
-CVE-2023-20760
- RESERVED
-CVE-2023-20759
- RESERVED
-CVE-2023-20758
- RESERVED
-CVE-2023-20757
- RESERVED
-CVE-2023-20756
- RESERVED
-CVE-2023-20755
- RESERVED
-CVE-2023-20754
- RESERVED
-CVE-2023-20753
- RESERVED
+CVE-2023-20761 (In ril, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20760 (In apu, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20759 (In cmdq, there is a possible memory corruption due to a missing bounds ...)
+ TODO: check
+CVE-2023-20758 (In cmdq, there is a possible memory corruption due to a missing bounds ...)
+ TODO: check
+CVE-2023-20757 (In cmdq, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
+CVE-2023-20756 (In keyinstall, there is a possible out of bounds write due to an integ ...)
+ TODO: check
+CVE-2023-20755 (In keyinstall, there is a possible out of bounds write due to an integ ...)
+ TODO: check
+CVE-2023-20754 (In keyinstall, there is a possible out of bounds write due to an integ ...)
+ TODO: check
+CVE-2023-20753 (In rpmb, there is a possible out of bounds write due to a logic error. ...)
+ TODO: check
CVE-2023-20752 (In keymange, there is a possible out of bounds write due to a missing ...)
NOT-FOR-US: Mediatek
CVE-2023-20751 (In keymange, there is a possible out of bounds write due to a missing ...)
@@ -48677,8 +48690,8 @@ CVE-2023-20750 (In swpm, there is a possible out of bounds write due to a race c
NOT-FOR-US: Mediatek
CVE-2023-20749 (In swpm, there is a possible out of bounds write due to a missing boun ...)
NOT-FOR-US: Mediatek
-CVE-2023-20748
- RESERVED
+CVE-2023-20748 (In display, there is a possible out of bounds read due to a missing bo ...)
+ TODO: check
CVE-2023-20747 (In vcu, there is a possible memory corruption due to type confusion. T ...)
NOT-FOR-US: Mediatek
CVE-2023-20746 (In vcu, there is a possible out of bounds write due to improper lockin ...)
@@ -48787,16 +48800,16 @@ CVE-2023-20695 (In preloader, there is a possible out of bounds write due to a m
NOT-FOR-US: Mediatek
CVE-2023-20694 (In preloader, there is a possible out of bounds write due to a missing ...)
NOT-FOR-US: Mediatek
-CVE-2023-20693
- RESERVED
-CVE-2023-20692
- RESERVED
-CVE-2023-20691
- RESERVED
-CVE-2023-20690
- RESERVED
-CVE-2023-20689
- RESERVED
+CVE-2023-20693 (In wlan firmware, there is possible system crash due to an uncaught ex ...)
+ TODO: check
+CVE-2023-20692 (In wlan firmware, there is possible system crash due to an uncaught ex ...)
+ TODO: check
+CVE-2023-20691 (In wlan firmware, there is possible system crash due to an integer ove ...)
+ TODO: check
+CVE-2023-20690 (In wlan firmware, there is possible system crash due to an integer ove ...)
+ TODO: check
+CVE-2023-20689 (In wlan firmware, there is possible system crash due to an integer ove ...)
+ TODO: check
CVE-2023-20688 (In power, there is a possible out of bounds read due to a missing boun ...)
NOT-FOR-US: MediaTek
CVE-2023-20687 (In display drm, there is a possible double free due to a race conditio ...)
@@ -81025,8 +81038,8 @@ CVE-2022-32668
REJECTED
CVE-2022-32667
REJECTED
-CVE-2022-32666
- RESERVED
+CVE-2022-32666 (In Wi-Fi, there is a possible low throughput due to misrepresentation ...)
+ TODO: check
CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...)
NOT-FOR-US: MediaTek
CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...)
@@ -95458,7 +95471,7 @@ CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise an
NOT-FOR-US: WordPress plugin
CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have authorisation a ...)
+CVE-2022-1092 (The myCred WordPress plugin before 2.4.3.1 does not have authorisation ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...)
NOT-FOR-US: WordPress plugin
@@ -106116,7 +106129,7 @@ CVE-2022-0452 (Use after free in Safe Browsing in Google Chrome prior to 98.0.47
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
NOT-FOR-US: Dart SDK
-CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not ...)
+CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac887516b01227d3bb3db535d2133926133445ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac887516b01227d3bb3db535d2133926133445ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230704/90df7df5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list