[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 23 21:15:36 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3512373f by security tracker role at 2023-06-23T20:15:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,215 @@
+CVE-2023-3394 (Session Fixation in GitHub repository fossbilling/fossbilling prior to ...)
+ TODO: check
+CVE-2023-3393 (Code Injection in GitHub repository fossbilling/fossbilling prior to 0 ...)
+ TODO: check
+CVE-2023-3391 (A vulnerability was found in SourceCodester Human Resource Management ...)
+ TODO: check
+CVE-2023-3383 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-3382 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-3381 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-3380 (A vulnerability classified as critical has been found in Wavlink WN579 ...)
+ TODO: check
+CVE-2023-3304 (Improper Access Control in GitHub repository admidio/admidio prior to ...)
+ TODO: check
+CVE-2023-3303 (Improper Access Control in GitHub repository admidio/admidio prior to ...)
+ TODO: check
+CVE-2023-3302 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
+ TODO: check
+CVE-2023-36348 (POS Codekop v2.0 was discovered to contain an authenticated remote cod ...)
+ TODO: check
+CVE-2023-36346 (POS Codekop v2.0 was discovered to contain a reflected cross-site scri ...)
+ TODO: check
+CVE-2023-36345 (A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attacke ...)
+ TODO: check
+CVE-2023-36289 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...)
+ TODO: check
+CVE-2023-36288 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...)
+ TODO: check
+CVE-2023-36287 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...)
+ TODO: check
+CVE-2023-36284 (An unauthenticated Time-Based SQL injection found in Webkul QloApps 1. ...)
+ TODO: check
+CVE-2023-36274 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2023-36273 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2023-36272 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2023-36271 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2023-35931 (Shescape is a simple shell escape library for JavaScript. An attacker ...)
+ TODO: check
+CVE-2023-35925 (FastAsyncWorldEdit (FAWE) is designed for efficient world editing. Thi ...)
+ TODO: check
+CVE-2023-35759 (In Progress WhatsUp Gold before 23.0.0, an SNMP-related application en ...)
+ TODO: check
+CVE-2023-35167 (Remult is a CRUD framework for full-stack TypeScript. If you used the ...)
+ TODO: check
+CVE-2023-35162 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35161 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35160 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35159 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35158 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35157 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35156 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35155 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35153 (XWiki Platform is a generic wiki platform. Starting in version 5.4.4 a ...)
+ TODO: check
+CVE-2023-35152 (XWiki Platform is a generic wiki platform. Starting in version 12.9-rc ...)
+ TODO: check
+CVE-2023-35151 (XWiki Platform is a generic wiki platform. Starting in version 7.3-mil ...)
+ TODO: check
+CVE-2023-35150 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35048 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mage ...)
+ TODO: check
+CVE-2023-34673 (Elenos ETG150 FM transmitter running on version 3.12 was discovered to ...)
+ TODO: check
+CVE-2023-34672 (Improper Access Control leads to adding a high-privilege user affectin ...)
+ TODO: check
+CVE-2023-34671 (Improper Access Control leads to privilege escalation affecting Elenos ...)
+ TODO: check
+CVE-2023-34467 (XWiki Platform is a generic wiki platform. Starting in version 3.5-mil ...)
+ TODO: check
+CVE-2023-34466 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-34465 (XWiki Platform is a generic wiki platform. Starting in version 11.8-rc ...)
+ TODO: check
+CVE-2023-34464 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-34460 (Tauri is a framework for building binaries for all major desktop platf ...)
+ TODO: check
+CVE-2023-34203 (In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explo ...)
+ TODO: check
+CVE-2023-34188 (The HTTP server in Mongoose before 7.10 accepts requests containing ne ...)
+ TODO: check
+CVE-2023-34021 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...)
+ TODO: check
+CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium ...)
+ TODO: check
+CVE-2023-33565 (ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYT ...)
+ TODO: check
+CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...)
+ TODO: check
+CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...)
+ TODO: check
+CVE-2023-32439 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
+CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...)
+ TODO: check
+CVE-2023-32423 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-32422 (This issue was addressed by adding additional SQLite logging restricti ...)
+ TODO: check
+CVE-2023-32420 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32419 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2023-32417 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
+CVE-2023-32415 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2023-32414 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-32413 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2023-32412 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-32411 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
+CVE-2023-32410 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32408 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-32407 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2023-32405 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-32404 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
+CVE-2023-32403 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2023-32402 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32400 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2023-32399 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-32398 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-32397 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2023-32395 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2023-32394 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-32392 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-32391 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-32390 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-32389 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2023-32388 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-32387 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-32386 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
+CVE-2023-32385 (A denial-of-service issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2023-32384 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2023-32382 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32380 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2023-32376 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
+CVE-2023-32375 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32372 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32371 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-32369 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2023-32368 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32367 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
+CVE-2023-32365 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-32363 (A permissions issue was addressed by removing vulnerable code and addi ...)
+ TODO: check
+CVE-2023-32360 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2023-32357 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2023-32355 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2023-32354 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32353 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-32352 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-32351 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email claim. On ...)
- grafana <removed>
CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement author ...)
@@ -269,7 +481,7 @@ CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulner
NOT-FOR-US: SUBNET PowerSYSTEM Center
CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management System 1 ...)
NOT-FOR-US: SourceCodester Resort Management System
-CVE-2023-3317 [wifi: mt76: mt7921: Fix use-after-free in fw features query]
+CVE-2023-3317 (A use-after-free flaw was found in mt7921_check_offload_capability in ...)
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)
CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...)
@@ -1127,7 +1339,7 @@ CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is vu
NOT-FOR-US: WordPress Contact Forms by Cimatti plugin for WordPress
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
-CVE-2023-3212 [gfs2: Don't deref jdesc in evict]
+CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file system in ...)
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2)
CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...)
@@ -3251,14 +3463,14 @@ CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin
NOT-FOR-US: KaiOS
CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...)
NOT-FOR-US: KaiOS
-CVE-2023-32409
+CVE-2023-32409 (The issue was addressed with improved bounds checks. This issue is fix ...)
- webkit2gtk <unfixed> (unimportant)
- wpewebkit <unfixed> (unimportant)
NOTE: Affects the GPU process which is not supported by the GTK and WPE ports
NOTE: https://bugs.webkit.org/show_bug.cgi?id=255350
NOTE: https://github.com/WebKit/WebKit/pull/12660
NOTE: https://github.com/WebKit/WebKit/commit/54408f5746f2401721bd56d71de132a22b6f9856
-CVE-2023-32373
+CVE-2023-32373 (A use-after-free issue was addressed with improved memory management. ...)
{DSA-5427-1}
- webkit2gtk 2.40.2-1
- wpewebkit 2.40.2-2
@@ -7883,8 +8095,8 @@ CVE-2023-30364
RESERVED
CVE-2023-30363 (vConsole v3.15.0 was discovered to contain a prototype pollution due t ...)
NOT-FOR-US: Tencent vConsole
-CVE-2023-30362
- RESERVED
+CVE-2023-30362 (Buffer Overflow vulnerability in coap_send function in libcoap library ...)
+ TODO: check
CVE-2023-30361
RESERVED
CVE-2023-30360
@@ -8091,12 +8303,12 @@ CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpac
NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services
CVE-2023-30261
RESERVED
-CVE-2023-30260
- RESERVED
+CVE-2023-30260 (Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earl ...)
+ TODO: check
CVE-2023-30259
RESERVED
-CVE-2023-30258
- RESERVED
+CVE-2023-30258 (Command Injection vulnerability in MagnusSolution magnusbilling 6.x an ...)
+ TODO: check
CVE-2023-30257 (A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build ...)
NOT-FOR-US: FiiO M6
CVE-2023-30256 (Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 all ...)
@@ -8932,8 +9144,8 @@ CVE-2023-29862 (An issue found in Agasio-Camera device version not specified all
NOT-FOR-US: Agasio-Camera
CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a remote att ...)
NOT-FOR-US: FLIR-DVTEL
-CVE-2023-29860
- RESERVED
+CVE-2023-29860 (An insecure permissions in /Taier/API/tenant/listTenant interface in D ...)
+ TODO: check
CVE-2023-29859
RESERVED
CVE-2023-29858
@@ -11177,8 +11389,8 @@ CVE-2023-29102
RESERVED
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
NOT-FOR-US: Muffingroup
-CVE-2023-29100
- RESERVED
+CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
+ TODO: check
CVE-2023-29099
RESERVED
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
@@ -12521,8 +12733,8 @@ CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a Time-of
CVE-2023-1584
RESERVED
NOT-FOR-US: Quarkus
-CVE-2023-28751
- RESERVED
+CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpme ...)
+ TODO: check
CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...)
TODO: check
CVE-2023-28749
@@ -14462,8 +14674,7 @@ CVE-2023-28205 (A use after free issue was addressed with improved memory manage
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
-CVE-2023-28204
- RESERVED
+CVE-2023-28204 (An out-of-bounds read was addressed with improved input validation. Th ...)
{DSA-5427-1}
- webkit2gtk 2.40.2-1
- wpewebkit 2.40.2-2
@@ -14473,8 +14684,8 @@ CVE-2023-28204
NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
CVE-2023-28203
RESERVED
-CVE-2023-28202
- RESERVED
+CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...)
+ TODO: check
CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...)
NOT-FOR-US: Apple
CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...)
@@ -14495,8 +14706,8 @@ CVE-2023-28193
RESERVED
CVE-2023-28192 (A permissions issue was addressed with improved validation. This issue ...)
NOT-FOR-US: Apple
-CVE-2023-28191
- RESERVED
+CVE-2023-28191 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more secur ...)
NOT-FOR-US: Apple
CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...)
@@ -14945,12 +15156,12 @@ CVE-2023-28075
RESERVED
CVE-2023-28074
RESERVED
-CVE-2023-28073
- RESERVED
+CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
+ TODO: check
CVE-2023-28072
RESERVED
-CVE-2023-28071
- RESERVED
+CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...)
+ TODO: check
CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...)
NOT-FOR-US: Alienware
CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
@@ -14961,38 +15172,38 @@ CVE-2023-28067
RESERVED
CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...)
NOT-FOR-US: Dell
-CVE-2023-28065
- RESERVED
-CVE-2023-28064
- RESERVED
+CVE-2023-28065 (Dell Command | Update, Dell Update, and Alienware Update versions 4.8. ...)
+ TODO: check
+CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenti ...)
+ TODO: check
CVE-2023-28063
RESERVED
CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access ...)
NOT-FOR-US: Dell
-CVE-2023-28061
- RESERVED
-CVE-2023-28060
- RESERVED
-CVE-2023-28059
- RESERVED
-CVE-2023-28058
- RESERVED
+CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28060 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28059 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28058 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28057
RESERVED
-CVE-2023-28056
- RESERVED
+CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28055
RESERVED
-CVE-2023-28054
- RESERVED
+CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28053
RESERVED
-CVE-2023-28052
- RESERVED
+CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Improper Acce ...)
NOT-FOR-US: Dell
-CVE-2023-28050
- RESERVED
+CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28049
RESERVED
CVE-2023-28048
@@ -15003,44 +15214,44 @@ CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbi
NOT-FOR-US: Dell
CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encryption of ...)
NOT-FOR-US: Dell
-CVE-2023-28044
- RESERVED
+CVE-2023-28044 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during ...)
NOT-FOR-US: Dell
-CVE-2023-28042
- RESERVED
-CVE-2023-28041
- RESERVED
-CVE-2023-28040
- RESERVED
-CVE-2023-28039
- RESERVED
+CVE-2023-28042 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28041 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28040 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28039 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-28038
RESERVED
CVE-2023-28037
RESERVED
-CVE-2023-28036
- RESERVED
-CVE-2023-28035
- RESERVED
-CVE-2023-28034
- RESERVED
-CVE-2023-28033
- RESERVED
-CVE-2023-28032
- RESERVED
-CVE-2023-28031
- RESERVED
-CVE-2023-28030
- RESERVED
-CVE-2023-28029
- RESERVED
-CVE-2023-28028
- RESERVED
-CVE-2023-28027
- RESERVED
-CVE-2023-28026
- RESERVED
+CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28032 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28031 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-28026 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-1346 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
CVE-2023-1345 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
@@ -15321,8 +15532,8 @@ CVE-2023-27966 (The issue was addressed with improved checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2023-27965 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
-CVE-2023-27964
- RESERVED
+CVE-2023-27964 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
CVE-2023-27963 (The issue was addressed with additional permissions checks. This issue ...)
NOT-FOR-US: Apple
CVE-2023-27962 (A logic issue was addressed with improved checks. This issue is fixed ...)
@@ -15372,8 +15583,8 @@ CVE-2023-27942 (The issue was addressed with improved checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2023-27941 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
-CVE-2023-27940
- RESERVED
+CVE-2023-27940 (The issue was addressed with additional permissions checks. This issue ...)
+ TODO: check
CVE-2023-27939
RESERVED
CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...)
@@ -15395,8 +15606,8 @@ CVE-2023-27932 (This issue was addressed with improved state management. This is
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This issue i ...)
NOT-FOR-US: Apple
-CVE-2023-27930
- RESERVED
+CVE-2023-27930 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
CVE-2023-27929 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2023-27928 (A privacy issue was addressed with improved private data redaction for ...)
@@ -15457,8 +15668,8 @@ CVE-2023-27910 (A user may be tricked into opening a malicious FBX file that may
NOT-FOR-US: Autodesk
CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk\xae FBX\xae SDK versi ...)
NOT-FOR-US: Autodesk
-CVE-2023-27908
- RESERVED
+CVE-2023-27908 (A maliciously crafted DLL file can be forced to write beyond allocated ...)
+ TODO: check
CVE-2023-27907 (A malicious actor may convince a victim to open a malicious USD file t ...)
NOT-FOR-US: Autodesk
CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD file t ...)
@@ -16972,8 +17183,8 @@ CVE-2023-27429 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
TODO: check
CVE-2023-27428
RESERVED
-CVE-2023-27427
- RESERVED
+CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZA ...)
+ TODO: check
CVE-2023-27426
RESERVED
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...)
@@ -20907,12 +21118,12 @@ CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link res
NOT-FOR-US: Dell
CVE-2023-25939
RESERVED
-CVE-2023-25938
- RESERVED
-CVE-2023-25937
- RESERVED
-CVE-2023-25936
- RESERVED
+CVE-2023-25938 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-25937 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2023-25936 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2023-25935
RESERVED
CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...)
@@ -22465,18 +22676,18 @@ CVE-2023-25522
RESERVED
CVE-2023-25521
RESERVED
-CVE-2023-25520
- RESERVED
+CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...)
+ TODO: check
CVE-2023-25519
RESERVED
-CVE-2023-25518
- RESERVED
+CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
+ TODO: check
CVE-2023-25517
RESERVED
CVE-2023-25516
RESERVED
-CVE-2023-25515
- RESERVED
+CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
+ TODO: check
CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug #1034799)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
@@ -23813,8 +24024,8 @@ CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allo
NOT-FOR-US: Autodesk
CVE-2023-25004
RESERVED
-CVE-2023-25003
- RESERVED
+CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...)
+ TODO: check
CVE-2023-25002
RESERVED
CVE-2023-25001
@@ -27735,8 +27946,8 @@ CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23679
- RESERVED
+CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability in JS H ...)
+ TODO: check
CVE-2023-23678
RESERVED
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...)
@@ -28285,8 +28496,8 @@ CVE-2023-23541 (A privacy issue was addressed with improved private data redacti
NOT-FOR-US: Apple
CVE-2023-23540 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
-CVE-2023-23539
- RESERVED
+CVE-2023-23539 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
CVE-2023-23538 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2023-23537 (A privacy issue was addressed with improved private data redaction for ...)
@@ -28340,8 +28551,8 @@ CVE-2023-23517 (The issue was addressed with improved memory handling. This issu
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
NOTE: https://webkitgtk.org/security/WSA-2023-0001.html
-CVE-2023-23516
- RESERVED
+CVE-2023-23516 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
CVE-2023-23515
RESERVED
CVE-2023-23514 (A use after free issue was addressed with improved memory management. ...)
@@ -34272,8 +34483,8 @@ CVE-2022-47616 (Hitron CODA-5310 has insufficient filtering for specific paramet
NOT-FOR-US: Hitron
CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013 WordPress LMS P ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47614
- RESERVED
+CVE-2022-47614 (Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plu ...)
+ TODO: check
CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
@@ -38353,14 +38564,14 @@ CVE-2022-46720 (An integer overflow was addressed with improved input validation
NOT-FOR-US: Apple
CVE-2022-46719
REJECTED
-CVE-2022-46718
- RESERVED
+CVE-2022-46718 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
-CVE-2022-46715
- RESERVED
+CVE-2022-46715 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
CVE-2022-46714
RESERVED
CVE-2022-46713 (A race condition was addressed with additional validation. This issue ...)
@@ -52401,8 +52612,8 @@ CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This i
NOT-FOR-US: Apple
CVE-2022-42861 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2022-42860
- RESERVED
+CVE-2022-42860 (This issue was addressed with improved checks to prevent unauthorized ...)
+ TODO: check
CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...)
NOT-FOR-US: Apple
CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...)
@@ -52459,8 +52670,8 @@ CVE-2022-42836
RESERVED
CVE-2022-42835
REJECTED
-CVE-2022-42834
- RESERVED
+CVE-2022-42834 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
CVE-2022-42833 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2022-42832 (A race condition was addressed with improved locking. This issue is fi ...)
@@ -52522,8 +52733,8 @@ CVE-2022-42809 (The issue was addressed with improved memory handling. This issu
NOT-FOR-US: Apple
CVE-2022-42808 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
-CVE-2022-42807
- RESERVED
+CVE-2022-42807 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2022-42806 (A race condition was addressed with improved locking. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-42805 (An integer overflow was addressed with improved input validation. This ...)
@@ -52555,8 +52766,8 @@ CVE-2022-42794
REJECTED
CVE-2022-42793 (An issue in code signature validation was addressed with improved chec ...)
NOT-FOR-US: Apple
-CVE-2022-42792
- RESERVED
+CVE-2022-42792 (This issue was addressed with improved data protection. This issue is ...)
+ TODO: check
CVE-2022-42791 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2022-42790 (A logic issue was addressed with improved state management. This issue ...)
@@ -111389,8 +111600,8 @@ CVE-2022-22632 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
-CVE-2022-22630
- RESERVED
+CVE-2022-22630 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
CVE-2022-22629 (A buffer overflow issue was addressed with improved memory handling. T ...)
{DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512373f784a496d01ee82e7dba77dad98eb2847
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512373f784a496d01ee82e7dba77dad98eb2847
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230623/ad2e551d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list