[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 9 10:32:45 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f94b4b62 by Moritz Muehlenhoff at 2023-05-09T11:26:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior
CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.)
- TODO: check
+ NOT-FOR-US: jsreport
CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...)
NOT-FOR-US: Strikingly CMS
CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
@@ -27,7 +27,8 @@ CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are a
CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...)
NOT-FOR-US: OpenEMR
CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x
CVE-2023-2565 (A vulnerability has been found in SourceCodester Multi Language Hotel ...)
NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
CVE-2023-2564 (OS Command Injection in GitHub repository sbs20/scanservjs prior to v2 ...)
@@ -759,9 +760,9 @@ CVE-2023-31143
CVE-2023-31142
RESERVED
CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
- TODO: check
+ NOT-FOR-US: OpenSearch
CVE-2023-31140 (OpenProject is open source project management software. Starting with ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2023-31139
RESERVED
CVE-2023-31138
@@ -787,11 +788,11 @@ CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be tr
CVE-2023-31128
RESERVED
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
- TODO: check
+ NOT-FOR-US: libspdm
CVE-2023-31126
RESERVED
CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
- TODO: check
+ NOT-FOR-US: Engine.IO
CVE-2023-31124
RESERVED
CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...)
@@ -1059,7 +1060,7 @@ CVE-2023-31040
CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
NOT-FOR-US: SourceCodester
CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms allows at ...)
- TODO: check
+ NOT-FOR-US: Apache bRPC
CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send log mess ...)
TODO: check
CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been declared as ...)
@@ -1653,7 +1654,7 @@ CVE-2023-30842
CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning integration ...)
NOT-FOR-US: Baremetal Operator (BMO)
CVE-2023-30840 (Fluid is an open source Kubernetes-native distributed dataset orchestr ...)
- TODO: check
+ NOT-FOR-US: Fluid
CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...)
NOT-FOR-US: PrestaShop
CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
@@ -2087,15 +2088,15 @@ CVE-2023-30746
CVE-2023-30745
RESERVED
CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30742 (SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4F ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Business Int ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-30739
RESERVED
CVE-2023-30738
@@ -2722,7 +2723,7 @@ CVE-2023-30553 (Archery is an open source SQL audit platform. The Archery projec
CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery project cont ...)
NOT-FOR-US: Archery
CVE-2023-30551 (Rekor is an open source software supply chain transparency log. Rekor ...)
- TODO: check
+ NOT-FOR-US: Rekor
CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...)
NOT-FOR-US: MeterSphere
CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...)
@@ -3347,7 +3348,7 @@ CVE-2023-30336
CVE-2023-30335
RESERVED
CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...)
- TODO: check
+ NOT-FOR-US: AsmBB
CVE-2023-30333
RESERVED
CVE-2023-30332
@@ -3545,7 +3546,7 @@ CVE-2023-30239
CVE-2023-30238
RESERVED
CVE-2023-30237 (CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to co ...)
- TODO: check
+ NOT-FOR-US: CyberGhostVPN
CVE-2023-30236
RESERVED
CVE-2023-30235
@@ -6050,7 +6051,7 @@ CVE-2023-29249
CVE-2023-29248
RESERVED
CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored XSS.Thi ...)
- TODO: check
+ - airflow <itp> (bug #819700)
CVE-2023-29246
RESERVED
CVE-2023-29239
@@ -6279,7 +6280,7 @@ CVE-2023-29190
CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, ...)
NOT-FOR-US: SAP
CVE-2023-29188 (SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...)
NOT-FOR-US: SAP
CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...)
@@ -6560,7 +6561,7 @@ CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cro
CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Akbim Computer Panon
CVE-2023-29092 (An issue was discovered in Exynos Mobile Processor and Modem for Exyno ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
@@ -7753,11 +7754,11 @@ CVE-2023-XXXX [RUSTSEC-2022-0092]
CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...)
NOT-FOR-US: SAP
CVE-2023-28764 (SAP BusinessObjects Platform - versions 420, 430, Information design t ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...)
NOT-FOR-US: SAP
CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthenticated at ...)
NOT-FOR-US: SAP
CVE-2023-28760
@@ -9676,9 +9677,9 @@ CVE-2023-28203
CVE-2023-28202
RESERVED
CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28199
RESERVED
CVE-2023-28198
@@ -9690,17 +9691,17 @@ CVE-2023-28196
CVE-2023-28195
RESERVED
CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28193
RESERVED
CVE-2023-28192 (A permissions issue was addressed with improved validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28191
RESERVED
CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more secur ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28188
RESERVED
CVE-2023-28187
@@ -9714,15 +9715,15 @@ CVE-2023-28184
CVE-2023-28183
RESERVED
CVE-2023-28182 (The issue was addressed with improved authentication. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28181 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28180 (A denial-of-service issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28179
RESERVED
CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28177
RESERVED
- firefox 111.0-1
@@ -9865,49 +9866,49 @@ CVE-2022-48391
CVE-2022-48390
RESERVED
CVE-2022-48389 (In modem control device, there is a possible out of bounds write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48388 (In powerEx service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48387 (the apipe driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48386 (the apipe driver, there is a possible use after free due to a logic er ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48385 (In cp_dump driver, there is a possible out of bounds write due to a mi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48384 (In srtd service, there is a possible missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48383 (.In srtd service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48382 (In log service, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48381 (In modem control device, there is a possible out of bounds write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48380 (In modem control device, there is a possible out of bounds write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48379 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48378 (In engineermode service, there is a possible missing permission check. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48377 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48376 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48375 (In contacts service, there is a possible missing permission check. Thi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48374 (In tee service, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48373 (In tee service, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48372 (In bootcp service, there is a possible out of bounds write due to a mi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48371 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48370 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48369 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48368 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-1360 (A vulnerability was found in SourceCodester Employee Payslip Generator ...)
NOT-FOR-US: SourceCodester Employee Payslip Generator with Sending Mail
CVE-2023-1359 (A vulnerability has been found in SourceCodester Gadget Works Online O ...)
@@ -10503,97 +10504,97 @@ CVE-2014-125093 (A vulnerability has been found in Ad Blocking Detector Plugin u
CVE-2013-10020 (A vulnerability, which was classified as problematic, was found in MMD ...)
NOT-FOR-US: MMDeveloper
CVE-2023-27970 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27969 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27968 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27967 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27966 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27965 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27964
RESERVED
CVE-2023-27963 (The issue was addressed with additional permissions checks. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27962 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27961 (Multiple validation issues were addressed with improved input sanitiza ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27960 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27959 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27958 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27957 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27956 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27955 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27954 (The issue was addressed by removing origin information. This issue is ...)
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-27953 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27952 (A race condition was addressed with improved locking. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27950
RESERVED
CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27948
RESERVED
CVE-2023-27947
RESERVED
CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27945 (This issue was addressed with improved entitlements. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27944 (This issue was addressed with a new entitlement. This issue is fixed i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27943 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27942 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27941 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27940
RESERVED
CVE-2023-27939
RESERVED
CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27937 (An integer overflow was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27936 (An out-of-bounds write issue was addressed with improved input validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27935 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27934 (A memory initialization issue was addressed. This issue is fixed in ma ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27933 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27932 (This issue was addressed with improved state management. This issue is ...)
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27930
RESERVED
CVE-2023-27929 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27928 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-1276 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SUL1SS_shop
CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -12515,7 +12516,7 @@ CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error
[buster] - linux 4.19.260-1
NOTE: https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1)
CVE-2023-1094 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...)
@@ -14327,7 +14328,7 @@ CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpa
NOTE: https://lkml.org/lkml/2023/2/20/128
NOTE: NTFS3 driver not enabled in Debian.
CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...)
NOT-FOR-US: SourceCodester Online BoatReservation System
CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...)
@@ -16631,7 +16632,7 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-D
NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
NOTE: https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7
CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Software Fou ...)
- TODO: check
+ - airflow <itp> (bug #819700)
CVE-2023-25753
RESERVED
CVE-2023-25752
@@ -20504,11 +20505,11 @@ CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with b
CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...)
NOT-FOR-US: Baicells
CVE-2023-24507 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Insecure File Upload -Vulnerab ...)
- TODO: check
+ NOT-FOR-US: AgilePoint
CVE-2023-24506 (Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through a ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-24505 (Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive informati ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-24504 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...)
NOT-FOR-US: Electra Central
CVE-2023-24503 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...)
@@ -20905,7 +20906,7 @@ CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Nico ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24375
RESERVED
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -22129,7 +22130,7 @@ CVE-2023-23896
CVE-2023-23895
RESERVED
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23893
RESERVED
CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -22191,7 +22192,7 @@ CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plug
CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23862
RESERVED
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
@@ -23370,29 +23371,29 @@ CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1
CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are vulnerable to co ...)
NOT-FOR-US: Control By Web X-600M devices
CVE-2023-23543 (The issue was addressed with additional restrictions on the observabil ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23542 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23541 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23540 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23539
RESERVED
CVE-2023-23538 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23537 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23536 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23535 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23534 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23533 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23532 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23531 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-23530 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -23403,17 +23404,17 @@ CVE-2023-23529 (A type confusion issue was addressed with improved checks. This
- wpewebkit 2.38.5-1
NOTE: https://webkitgtk.org/security/WSA-2023-0002.html
CVE-2023-23528 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23527 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23526 (This was addressed with additional checks by Gatekeeper on files downl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23525 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23524 (A denial-of-service issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2023-23523 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23522 (A privacy issue was addressed with improved handling of temporary file ...)
NOT-FOR-US: Apple
CVE-2023-23521
@@ -23477,7 +23478,7 @@ CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-23495
RESERVED
CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14. ...)
@@ -25556,45 +25557,45 @@ CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz
CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...)
NOT-FOR-US: Kaltura
CVE-2022-48250 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48249 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48248 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48247 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48246 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48245 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48244 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48243 (In audio service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48242 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48241 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48240 (In camera driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48239 (In camera driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48238 (In Image filter, there is a possible out of bounds write due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48237 (In Image filter, there is a possible out of bounds write due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48236 (In MP3 encoder, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48235 (In MP3 encoder, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48234 (In FM service , there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48233 (In FM service , there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48232 (In FM service , there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48231 (In soter service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
@@ -25815,7 +25816,7 @@ CVE-2023-22815
CVE-2023-22814
RESERVED
CVE-2023-22813 (A device API endpoint was missing access controls onWestern Digital My ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 ...)
NOT-FOR-US: SanDisk PrivateAccess
CVE-2023-22811
@@ -25928,31 +25929,31 @@ CVE-2023-22792 (A regular expression based DoS vulnerability in Action Dispatch
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable)
CVE-2023-22791 (A vulnerability exists in Aruba InstantOS and ArubaOS 10where an edge- ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22790 (Multiple authenticated command injection vulnerabilitiesexist in the A ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22789 (Multiple authenticated command injection vulnerabilitiesexist in the A ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22788 (Multiple authenticated command injection vulnerabilitiesexist in the A ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22787 (An unauthenticated Denial of Service (DoS) vulnerability exists in a s ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22786 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22785 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22784 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22783 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22782 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22781 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22780 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22779 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could allow an ...)
NOT-FOR-US: Aruba
CVE-2023-22777 (An authenticated information disclosure vulnerability exists in the Ar ...)
@@ -26108,7 +26109,7 @@ CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-22711
RESERVED
CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22709
RESERVED
CVE-2023-22708
@@ -30848,7 +30849,7 @@ CVE-2022-4539
CVE-2022-4538
RESERVED
CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4536
RESERVED
CVE-2022-4535
@@ -30914,35 +30915,35 @@ CVE-2022-47501 (Arbitrary file reading vulnerability in Apache Software Foundati
CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
NOT-FOR-US: Apache Helix
CVE-2022-47499 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47498 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47497 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47496 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47495 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47494 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47493 (In soter service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47492 (In soter service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47491 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47490 (In soter service, there is a possible missing permission check. This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47489 (In soter service, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47488 (In spipe drive, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47487 (In thermal service, there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47486 (In ext4fsfilter driver, there is a possible out of bounds read due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47485 (In modem control device, there is a possible out of bounds write due t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...)
@@ -30972,9 +30973,9 @@ CVE-2022-47472 (In telephony service, there is a missing permission check. This
CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47470 (In ext4fsfilter driver, there is a possible out of bounds read due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47469 (In ext4fsfilter driver, there is a possible out of bounds read due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...)
@@ -31617,7 +31618,7 @@ CVE-2022-47342 (In engineermode services, there is a missing permission check. T
CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...)
NOT-FOR-US: Unisoc
CVE-2022-47340 (In h265 codec firmware, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...)
NOT-FOR-US: Unisoc
CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...)
@@ -31629,7 +31630,7 @@ CVE-2022-47336 (In telecom service, there is a missing permission check. This co
CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-47334 (In phasecheck server, there is a possible out of bounds read due to a ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...)
@@ -33360,7 +33361,7 @@ CVE-2022-46722
CVE-2022-46721
RESERVED
CVE-2022-46720 (An integer overflow was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46719
REJECTED
CVE-2022-46718
@@ -39290,7 +39291,7 @@ CVE-2023-21406
CVE-2023-21405
RESERVED
CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...)
- TODO: check
+ NOT-FOR-US: AXIS OS
CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
NOT-FOR-US: KNIME
CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
@@ -41293,7 +41294,7 @@ CVE-2022-44435 (In messaging service, there is a missing permission check. This
CVE-2022-44434 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-44433 (In phoneEx service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This could l ...)
@@ -41319,9 +41320,9 @@ CVE-2022-44422 (In music service, there is a missing permission check. This coul
CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-44420 (In modem, there is a possible missing verification of HashMME value in ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44419 (In modem, there is a possible missing verification of NAS Security Mod ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -57066,7 +57067,7 @@ CVE-2022-39091 (In power management service, there is a missing permission check
CVE-2022-39090 (In power management service, there is a missing permission check. This ...)
NOT-FOR-US: Unisoc
CVE-2022-39089 (In mlog service, there is a possible out of bounds read due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39088 (In network service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39087 (In network service, there is a missing permission check. This could le ...)
@@ -58407,7 +58408,7 @@ CVE-2022-38687 (In messaging service, there is a missing permission check. This
CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-38685 (In bluetooth service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94b4b62c7a4b1e752b392533b558741557fb897
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94b4b62c7a4b1e752b392533b558741557fb897
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230509/59ae155b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list