[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 9 21:17:12 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cec67343 by security tracker role at 2023-05-09T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-32071 (XWiki Platform is a generic wiki platform. Starting in versions 2.2-mi ...)
+ TODO: check
+CVE-2023-32069 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...)
+ TODO: check
+CVE-2023-32066 (Time Tracker is an open source time tracking system. The week view plu ...)
+ TODO: check
+CVE-2023-32060 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...)
+ TODO: check
+CVE-2023-31982 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...)
+ TODO: check
+CVE-2023-31981 (Sngrep v1.6.0 was discovered to contain a stack buffer overflow via th ...)
+ TODO: check
+CVE-2023-31979 (Catdoc v0.95 was discovered to contain a global buffer overflow via th ...)
+ TODO: check
+CVE-2023-31976 (libming v0.4.8 was discovered to contain a stack buffer overflow via t ...)
+ TODO: check
+CVE-2023-31975 (yasm v1.3.0 was discovered to contain a memory leak via the function y ...)
+ TODO: check
+CVE-2023-31974 (yasm v1.3.0 was discovered to contain a use after free via the functio ...)
+ TODO: check
+CVE-2023-31973 (yasm v1.3.0 was discovered to contain a use after free via the functio ...)
+ TODO: check
+CVE-2023-31972 (yasm v1.3.0 was discovered to contain a use after free via the functio ...)
+ TODO: check
+CVE-2023-31807 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31806 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31805 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31804 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31803 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31802 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31801 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31800 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
+ TODO: check
+CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
+ TODO: check
+CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
+ TODO: check
+CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware before 3.2 ...)
+ TODO: check
+CVE-2023-31474 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...)
+ TODO: check
+CVE-2023-31472 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...)
+ TODO: check
+CVE-2023-2609 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.153 ...)
+ TODO: check
+CVE-2023-2596 (A vulnerability was found in SourceCodester Online Reviewer System 1.0 ...)
+ TODO: check
+CVE-2023-2595 (A vulnerability has been found in SourceCodester Billing Management Sy ...)
+ TODO: check
+CVE-2023-2594 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-2591 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...)
+ TODO: check
CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attack ...)
NOT-FOR-US: SAP
CVE-2023-32112 (Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APP ...)
@@ -753,28 +815,28 @@ CVE-2023-31146
RESERVED
CVE-2023-31145
RESERVED
-CVE-2023-31144
- RESERVED
-CVE-2023-31143
- RESERVED
+CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...)
+ TODO: check
+CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
+ TODO: check
CVE-2023-31142
RESERVED
CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
NOT-FOR-US: OpenSearch
CVE-2023-31140 (OpenProject is open source project management software. Starting with ...)
NOT-FOR-US: OpenProject
-CVE-2023-31139
- RESERVED
-CVE-2023-31138
- RESERVED
-CVE-2023-31137
- RESERVED
-CVE-2023-31136
- RESERVED
+CVE-2023-31139 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...)
+ TODO: check
+CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...)
+ TODO: check
+CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name System ...)
+ TODO: check
+CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO ...)
+ TODO: check
CVE-2023-31135
RESERVED
-CVE-2023-31134
- RESERVED
+CVE-2023-31134 (Tauri is software for building applications for multi-platform deploym ...)
+ TODO: check
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...)
NOT-FOR-US: Ghost CMS
CVE-2023-31132
@@ -789,8 +851,8 @@ CVE-2023-31128
RESERVED
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
NOT-FOR-US: libspdm
-CVE-2023-31126
- RESERVED
+CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the op ...)
+ TODO: check
CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
NOT-FOR-US: Engine.IO
CVE-2023-31124
@@ -1185,10 +1247,10 @@ CVE-2023-30988
RESERVED
CVE-2023-30987
RESERVED
-CVE-2023-30986
- RESERVED
-CVE-2023-30985
- RESERVED
+CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+ TODO: check
+CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+ TODO: check
CVE-2023-30984
RESERVED
CVE-2023-30983
@@ -1455,10 +1517,10 @@ CVE-2023-30901
RESERVED
CVE-2023-30900
RESERVED
-CVE-2023-30899
- RESERVED
-CVE-2023-30898
- RESERVED
+CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
+ TODO: check
+CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
+ TODO: check
CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...)
NOT-FOR-US: HashiCorp Vault
CVE-2023-2196
@@ -3847,18 +3909,18 @@ CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file upl
NOT-FOR-US: Semcms Shop
CVE-2023-30089
RESERVED
-CVE-2023-30088
- RESERVED
-CVE-2023-30087
- RESERVED
-CVE-2023-30086
- RESERVED
-CVE-2023-30085
- RESERVED
-CVE-2023-30084
- RESERVED
-CVE-2023-30083
- RESERVED
+CVE-2023-30088 (An issue found in Cesanta MJS v.1.26 allows a local attacker to cause ...)
+ TODO: check
+CVE-2023-30087 (Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a loc ...)
+ TODO: check
+CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local ...)
+ TODO: check
+CVE-2023-30085 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...)
+ TODO: check
+CVE-2023-30084 (An issue found in libming swftophp v.0.4.8 allows a local attacker to ...)
+ TODO: check
+CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...)
+ TODO: check
CVE-2023-30082
RESERVED
CVE-2023-30081
@@ -5376,12 +5438,12 @@ CVE-2023-29464
RESERVED
CVE-2023-29463
RESERVED
-CVE-2023-29462
- RESERVED
-CVE-2023-29461
- RESERVED
-CVE-2023-29460
- RESERVED
+CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
+ TODO: check
CVE-2023-29459
RESERVED
CVE-2023-29458
@@ -5810,28 +5872,28 @@ CVE-2023-29345
RESERVED
CVE-2023-29344
RESERVED
-CVE-2023-29343
- RESERVED
+CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-29342
RESERVED
-CVE-2023-29341
- RESERVED
-CVE-2023-29340
- RESERVED
+CVE-2023-29341 (AV1 Video Extension Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29340 (AV1 Video Extension Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29339
RESERVED
-CVE-2023-29338
- RESERVED
+CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability)
+ TODO: check
CVE-2023-29337
RESERVED
-CVE-2023-29336
- RESERVED
-CVE-2023-29335
- RESERVED
+CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability)
+ TODO: check
CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-29333
- RESERVED
+CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability)
+ TODO: check
CVE-2023-29332
RESERVED
CVE-2023-29331
@@ -5846,10 +5908,10 @@ CVE-2023-29327
RESERVED
CVE-2023-29326
RESERVED
-CVE-2023-29325
- RESERVED
-CVE-2023-29324
- RESERVED
+CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
+ TODO: check
CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...)
- opensmtpd <unfixed> (bug #1034178)
[bookworm] - opensmtpd <no-dsa> (Minor issue)
@@ -6452,8 +6514,8 @@ CVE-2023-29130
RESERVED
CVE-2023-29129
RESERVED
-CVE-2023-29128
- RESERVED
+CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
CVE-2023-29127
RESERVED
CVE-2023-29126
@@ -6494,16 +6556,16 @@ CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - ve
NOT-FOR-US: SAP
CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDI ...)
NOT-FOR-US: SAP
-CVE-2023-29107
- RESERVED
-CVE-2023-29106
- RESERVED
-CVE-2023-29105
- RESERVED
-CVE-2023-29104
- RESERVED
-CVE-2023-29103
- RESERVED
+CVE-2023-29107 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
+CVE-2023-29106 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
+CVE-2023-29105 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
+CVE-2023-29104 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
+CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
CVE-2023-29102
RESERVED
CVE-2023-29101
@@ -7520,8 +7582,8 @@ CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcl
- nextcloud-server <itp> (bug #941708)
CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In affec ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2023-28832
- RESERVED
+CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
+ TODO: check
CVE-2023-28831
RESERVED
CVE-2023-28830
@@ -7690,7 +7752,7 @@ CVE-2023-28768
RESERVED
CVE-2023-28767
RESERVED
-CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All v ...)
+CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2023-25180
RESERVED
@@ -9430,8 +9492,8 @@ CVE-2023-28292 (Raw Image Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28291 (Raw Image Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28290
- RESERVED
+CVE-2023-28290 (Microsoft Remote Desktop app for Windows Information Disclosure Vulner ...)
+ TODO: check
CVE-2023-28289
RESERVED
CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability)
@@ -9444,8 +9506,8 @@ CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28284 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28283
- RESERVED
+CVE-2023-28283 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+ TODO: check
CVE-2023-28282
RESERVED
CVE-2023-28281
@@ -9508,8 +9570,8 @@ CVE-2023-28253 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28252 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2023-28251
- RESERVED
+CVE-2023-28251 (Windows Driver Revocation List Security Feature Bypass Vulnerability)
+ TODO: check
CVE-2023-28250 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2023-28249 (Windows Boot Manager Security Feature Bypass Vulnerability)
@@ -12197,14 +12259,14 @@ CVE-2023-27412
RESERVED
CVE-2023-27411
RESERVED
-CVE-2023-27410
- RESERVED
-CVE-2023-27409
- RESERVED
-CVE-2023-27408
- RESERVED
-CVE-2023-27407
- RESERVED
+CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
+ TODO: check
+CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
+ TODO: check
+CVE-2023-27408 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
+ TODO: check
+CVE-2023-27407 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
+ TODO: check
CVE-2023-27406 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-27405 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
@@ -15093,7 +15155,7 @@ CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arb
- mono 6.8.0.105+dfsg-3.3 (bug #972146)
[bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
-CVE-2023-26293 (A vulnerability has been identified in TIA Portal V15 (All versions), ...)
+CVE-2023-26293 (A vulnerability has been identified in Totally Integrated Automation P ...)
NOT-FOR-US: TIA Portal V15
CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Forcepoint
@@ -16376,18 +16438,18 @@ CVE-2023-25836
RESERVED
CVE-2023-25835
RESERVED
-CVE-2023-25834
- RESERVED
+CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...)
+ TODO: check
CVE-2023-25833
RESERVED
CVE-2023-25832
RESERVED
CVE-2023-25831
RESERVED
-CVE-2023-25830
- RESERVED
-CVE-2023-25829
- RESERVED
+CVE-2023-25830 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+ TODO: check
+CVE-2023-25829 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+ TODO: check
CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...)
NOT-FOR-US: Pluck CMS
CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...)
@@ -19100,40 +19162,40 @@ CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 1
NOT-FOR-US: IBM
CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Forget Heart Message Box
-CVE-2023-24955
- RESERVED
-CVE-2023-24954
- RESERVED
-CVE-2023-24953
- RESERVED
+CVE-2023-24955 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-24954 (Microsoft SharePoint Server Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-24953 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-24952
RESERVED
CVE-2023-24951
RESERVED
-CVE-2023-24950
- RESERVED
-CVE-2023-24949
- RESERVED
-CVE-2023-24948
- RESERVED
-CVE-2023-24947
- RESERVED
-CVE-2023-24946
- RESERVED
-CVE-2023-24945
- RESERVED
-CVE-2023-24944
- RESERVED
-CVE-2023-24943
- RESERVED
-CVE-2023-24942
- RESERVED
-CVE-2023-24941
- RESERVED
-CVE-2023-24940
- RESERVED
-CVE-2023-24939
- RESERVED
+CVE-2023-24950 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-24949 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-24948 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-24947 (Windows Bluetooth Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-24946 (Windows Backup Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-24945 (Windows iSCSI Target Service Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-24944 (Windows Bluetooth Driver Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-24943 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-24942 (Remote Procedure Call Runtime Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-24941 (Windows Network File System Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-24940 (Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerabil ...)
+ TODO: check
+CVE-2023-24939 (Server for NFS Denial of Service Vulnerability)
+ TODO: check
CVE-2023-24938
RESERVED
CVE-2023-24937
@@ -19146,8 +19208,8 @@ CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24933
RESERVED
-CVE-2023-24932
- RESERVED
+CVE-2023-24932 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
CVE-2023-24931 (Windows Secure Channel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24930 (Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability)
@@ -19200,22 +19262,22 @@ CVE-2023-24907 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code E
NOT-FOR-US: Microsoft
CVE-2023-24906 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
NOT-FOR-US: Microsoft
-CVE-2023-24905
- RESERVED
-CVE-2023-24904
- RESERVED
-CVE-2023-24903
- RESERVED
-CVE-2023-24902
- RESERVED
-CVE-2023-24901
- RESERVED
-CVE-2023-24900
- RESERVED
-CVE-2023-24899
- RESERVED
-CVE-2023-24898
- RESERVED
+CVE-2023-24905 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-24904 (Windows Installer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-24903 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2023-24902 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-24901 (Windows NFS Portmapper Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-24900 (Windows NTLM Security Support Provider Information Disclosure Vulnerab ...)
+ TODO: check
+CVE-2023-24899 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-24898 (Windows SMB Denial of Service Vulnerability)
+ TODO: check
CVE-2023-24897
RESERVED
CVE-2023-24896
@@ -20916,8 +20978,8 @@ CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-24373
RESERVED
-CVE-2023-24372
- RESERVED
+CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB ...)
+ TODO: check
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...)
NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22846 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
@@ -22152,10 +22214,10 @@ CVE-2023-23886
RESERVED
CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23884
- RESERVED
-CVE-2023-23883
- RESERVED
+CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...)
+ TODO: check
+CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...)
+ TODO: check
CVE-2023-23882
RESERVED
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
@@ -22196,8 +22258,8 @@ CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23862
- RESERVED
+CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23550
@@ -22392,8 +22454,8 @@ CVE-2023-23795
RESERVED
CVE-2023-23794
RESERVED
-CVE-2023-23793
- RESERVED
+CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
+ TODO: check
CVE-2023-23792
RESERVED
CVE-2023-23791
@@ -22664,12 +22726,12 @@ CVE-2023-23736
RESERVED
CVE-2023-23735
RESERVED
-CVE-2023-23734
- RESERVED
-CVE-2023-23733
- RESERVED
-CVE-2023-23732
- RESERVED
+CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
+ TODO: check
+CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
+ TODO: check
+CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
+ TODO: check
CVE-2023-23731
RESERVED
CVE-2023-23730
@@ -22851,8 +22913,8 @@ CVE-2023-23666
RESERVED
CVE-2023-23665
RESERVED
-CVE-2023-23664
- RESERVED
+CVE-2023-23664 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23663
RESERVED
CVE-2023-23662
@@ -22885,8 +22947,8 @@ CVE-2023-23649
RESERVED
CVE-2023-23648
RESERVED
-CVE-2023-23647
- RESERVED
+CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
+ TODO: check
CVE-2023-23646
RESERVED
CVE-2023-23645
@@ -32828,8 +32890,8 @@ CVE-2022-46866
RESERVED
CVE-2022-46865
RESERVED
-CVE-2022-46864
- RESERVED
+CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...)
+ TODO: check
CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
@@ -32840,8 +32902,8 @@ CVE-2022-46860
RESERVED
CVE-2022-46859
RESERVED
-CVE-2022-46858
- RESERVED
+CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...)
+ TODO: check
CVE-2022-46857
RESERVED
CVE-2022-46856
@@ -32868,8 +32930,8 @@ CVE-2022-46846
RESERVED
CVE-2022-46845
RESERVED
-CVE-2022-46844
- RESERVED
+CVE-2022-46844 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin ...)
@@ -32975,8 +33037,8 @@ CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in
- intellij-idea <itp> (bug #747616)
CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 compatibl ...)
NOT-FOR-US: Siemens
-CVE-2022-46822
- RESERVED
+CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Devel ...)
+ TODO: check
CVE-2022-46821
RESERVED
CVE-2022-46820
@@ -38551,7 +38613,7 @@ CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 all
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3884 (Incorrect Default Permissions vulnerability in Hitachi Ops Center Anal ...)
NOT-FOR-US: Hitachi
-CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
+CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
NOT-FOR-US: WordPress plugin
@@ -43002,16 +43064,16 @@ CVE-2023-20526
RESERVED
CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
NOT-FOR-US: AMD
-CVE-2023-20524
- RESERVED
+CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...)
+ TODO: check
CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond the bu ...)
NOT-FOR-US: AMD
CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...)
NOT-FOR-US: AMD
CVE-2023-20521
RESERVED
-CVE-2023-20520
- RESERVED
+CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...)
+ TODO: check
CVE-2023-20519
RESERVED
CVE-2023-20518
@@ -43856,8 +43918,8 @@ CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the
NOT-FOR-US: Cisco
CVE-2023-20099
RESERVED
-CVE-2023-20098
- RESERVED
+CVE-2023-20098 (A vulnerability in the CLI of Cisco SDWAN vManage Software could allow ...)
+ TODO: check
CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...)
NOT-FOR-US: Cisco
CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -43963,8 +44025,8 @@ CVE-2023-20048
RESERVED
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
NOT-FOR-US: Cisco
-CVE-2023-20046
- RESERVED
+CVE-2023-20046 (A vulnerability in the key-based SSH authentication feature of Cisco S ...)
+ TODO: check
CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...)
@@ -50654,8 +50716,8 @@ CVE-2022-41647
RESERVED
CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41640
- RESERVED
+CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41635
@@ -52119,7 +52181,7 @@ CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
NOT-FOR-US: Microsoft
-CVE-2022-41120 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability.)
+CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
@@ -82157,12 +82219,12 @@ CVE-2021-46796
REJECTED
CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an ...)
NOT-FOR-US: AMD
-CVE-2021-46794
- RESERVED
+CVE-2021-46794 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
+ TODO: check
CVE-2021-46793
REJECTED
-CVE-2021-46792
- RESERVED
+CVE-2021-46792 (Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow a ...)
+ TODO: check
CVE-2021-46791 (Insufficient input validation during parsing of the System Management ...)
NOT-FOR-US: AMD
CVE-2022-30227
@@ -87784,60 +87846,60 @@ CVE-2021-46777
RESERVED
CVE-2021-46776
RESERVED
-CVE-2021-46775
- RESERVED
+CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical ...)
+ TODO: check
CVE-2021-46774
RESERVED
-CVE-2021-46773
- RESERVED
+CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...)
+ TODO: check
CVE-2021-46772
RESERVED
CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...)
NOT-FOR-US: AMD
CVE-2021-46770
RESERVED
-CVE-2021-46769
- RESERVED
+CVE-2021-46769 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
+ TODO: check
CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...)
NOT-FOR-US: AMD
CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
NOT-FOR-US: AMD
CVE-2021-46766
RESERVED
-CVE-2021-46765
- RESERVED
-CVE-2021-46764
- RESERVED
-CVE-2021-46763
- RESERVED
-CVE-2021-46762
- RESERVED
+CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...)
+ TODO: check
+CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to ...)
+ TODO: check
+CVE-2021-46763 (Insufficient input validation in the SMU may enable a privileged attac ...)
+ TODO: check
+CVE-2021-46762 (Insufficient input validation in the SMU may allow an attacker to corr ...)
+ TODO: check
CVE-2021-46761
REJECTED
-CVE-2021-46760
- RESERVED
-CVE-2021-46759
- RESERVED
+CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed system cal ...)
+ TODO: check
+CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...)
+ TODO: check
CVE-2021-46758
RESERVED
CVE-2021-46757
RESERVED
-CVE-2021-46756
- RESERVED
-CVE-2021-46755
- RESERVED
-CVE-2021-46754
- RESERVED
-CVE-2021-46753
- RESERVED
+CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...)
+ TODO: check
+CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the ASP (AM ...)
+ TODO: check
+CVE-2021-46754 (Insufficient input validation in the ASP (AMD Secure Processor) bootlo ...)
+ TODO: check
+CVE-2021-46753 (Failure to validate the length fields of the ASP (AMD Secure Processor ...)
+ TODO: check
CVE-2021-46752
RESERVED
CVE-2021-46751
RESERVED
CVE-2021-46750
RESERVED
-CVE-2021-46749
- RESERVED
+CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
+ TODO: check
CVE-2021-46748
RESERVED
CVE-2021-46747
@@ -101917,8 +101979,8 @@ CVE-2022-23820
RESERVED
CVE-2022-23819
RESERVED
-CVE-2022-23818
- RESERVED
+CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...)
+ TODO: check
CVE-2022-23817
RESERVED
CVE-2022-23816
@@ -149962,8 +150024,8 @@ CVE-2021-31713
RESERVED
CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
NOT-FOR-US: react-draft-wysiwyg
-CVE-2021-31711
- RESERVED
+CVE-2021-31711 (Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanag ...)
+ TODO: check
CVE-2021-31710
RESERVED
CVE-2021-31709
@@ -151136,8 +151198,8 @@ CVE-2021-31242
RESERVED
CVE-2021-31241
RESERVED
-CVE-2021-31240
- RESERVED
+CVE-2021-31240 (An issue found in libming v.0.4.8 allows a local attacker to execute a ...)
+ TODO: check
CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacke ...)
TODO: check
CVE-2021-31238
@@ -163512,8 +163574,8 @@ CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy f
NOT-FOR-US: AMD
CVE-2021-26407 (A randomly generated Initialization Vector (IV) may lead to a collisio ...)
NOT-FOR-US: AMD
-CVE-2021-26406
- RESERVED
+CVE-2021-26406 (Insufficient validation in parsing Owner's Certificate Authority (OCA) ...)
+ TODO: check
CVE-2021-26405
REJECTED
CVE-2021-26404 (Improper input validation and bounds checking in SEV firmware may leak ...)
@@ -163535,8 +163597,8 @@ CVE-2021-26399
REJECTED
CVE-2021-26398 (Insufficient input validation in SYS_KEY_DERIVE system call in a compr ...)
NOT-FOR-US: AMD
-CVE-2021-26397
- RESERVED
+CVE-2021-26397 (Insufficient address validation, may allow an attacker with a compromi ...)
+ TODO: check
CVE-2021-26396 (Insufficient validation of address mapping to IO in ASP (AMD Secure Pr ...)
NOT-FOR-US: AMD
CVE-2021-26395
@@ -163571,8 +163633,8 @@ CVE-2021-26381
RESERVED
CVE-2021-26380
RESERVED
-CVE-2021-26379
- RESERVED
+CVE-2021-26379 (Insufficient input validation of mailbox data in the SMU may allow an ...)
+ TODO: check
CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU) may resu ...)
NOT-FOR-US: AMD
CVE-2021-26377
@@ -163587,8 +163649,8 @@ CVE-2021-26373 (Insufficient bound checks in the System Management Unit (SMU) ma
NOT-FOR-US: AMD
CVE-2021-26372 (Insufficient bound checks related to PCIE in the System Management Uni ...)
NOT-FOR-US: AMD
-CVE-2021-26371
- RESERVED
+CVE-2021-26371 (A compromised or malicious ABL or UApp could send a SHA256 system call ...)
+ TODO: check
CVE-2021-26370 (Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INS ...)
NOT-FOR-US: AMD
CVE-2021-26369 (A malicious or compromised UApp or ABL may be used by an attacker to s ...)
@@ -163599,8 +163661,8 @@ CVE-2021-26367
RESERVED
CVE-2021-26366 (An attacker, who gained elevated privileges via some other vulnerabili ...)
NOT-FOR-US: AMD
-CVE-2021-26365
- RESERVED
+CVE-2021-26365 (Certain size values in firmware binary headers could trigger out of bo ...)
+ TODO: check
CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could allow an ...)
NOT-FOR-US: AMD
CVE-2021-26363 (A malicious or compromised UApp or ABL could potentially change the va ...)
@@ -163617,12 +163679,12 @@ CVE-2021-26358
REJECTED
CVE-2021-26357
REJECTED
-CVE-2021-26356
- RESERVED
+CVE-2021-26356 (A TOCTOU in ASP bootloader may allow an attacker to tamper with the SP ...)
+ TODO: check
CVE-2021-26355 (Insufficient fencing and checks in System Management Unit (SMU) may re ...)
NOT-FOR-US: AMD
-CVE-2021-26354
- RESERVED
+CVE-2021-26354 (Insufficient bounds checking in ASP may allow an attacker to issue a s ...)
+ TODO: check
CVE-2021-26353 (Failure to validate inputs in SMM may allow an attacker to create a mi ...)
NOT-FOR-US: AMD
CVE-2021-26352 (Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plu ...)
@@ -202613,10 +202675,10 @@ CVE-2020-23365
RESERVED
CVE-2020-23364
RESERVED
-CVE-2020-23363
- RESERVED
-CVE-2020-23362
- RESERVED
+CVE-2020-23363 (Cross Site Request Forgery (CSRF) vulnerability found in Verytops Very ...)
+ TODO: check
+CVE-2020-23362 (Insecure Permissons vulnerability found in Shop_CMS YerShop all versio ...)
+ TODO: check
CVE-2020-23361 (phpList 3.5.3 allows type juggling for login bypass because == is used ...)
- phplist <itp> (bug #612288)
CVE-2020-23360 (oscommerce v2.3.4.1 has a functional problem in user registration and ...)
@@ -213459,8 +213521,8 @@ CVE-2020-18282 (Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows
NOT-FOR-US: NoneCms
CVE-2020-18281
RESERVED
-CVE-2020-18280
- RESERVED
+CVE-2020-18280 (Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a ...)
+ TODO: check
CVE-2020-18279
RESERVED
CVE-2020-18278
@@ -287905,7 +287967,7 @@ CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with C
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
NOT-FOR-US: SIMATIC TDC CP51M1
-CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+CVE-2019-10936 (A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP ...)
NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -287931,7 +287993,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC MV400 family (All
NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...)
+CVE-2019-10923 (A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP ...)
NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -327019,9 +327081,9 @@ CVE-2018-16559 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All
NOT-FOR-US: Siemens
CVE-2018-16558 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All versio ...)
NOT-FOR-US: Siemens
-CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 H V4.5 and below ...)
+CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...)
NOT-FOR-US: Siemens
-CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 H V4.5 and below ...)
+CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...)
NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions < V ...)
NOT-FOR-US: Siemens
@@ -359731,7 +359793,7 @@ CVE-2018-4845 (A vulnerability has been identified in RAPIDLab 1200 systems / RA
NOT-FOR-US: RAPIDLab
CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
NOT-FOR-US: SIMATIC
-CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...)
+CVE-2018-4843 (A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP ...)
NOT-FOR-US: SIMATIC
CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch family ...)
NOT-FOR-US: Siemens SCALANCE X switches
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec67343bec7ec5873941c05bbbe693cf9e9e941
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec67343bec7ec5873941c05bbbe693cf9e9e941
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230509/42b689ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list