[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 14 20:12:17 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
378a0478 by security tracker role at 2023-11-14T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,298 @@
+CVE-2023-6131 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...)
+ TODO: check
+CVE-2023-6130 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...)
+ TODO: check
+CVE-2023-6128 (Cross-site Scripting (XSS) - Reflected in GitHub repository salesagili ...)
+ TODO: check
+CVE-2023-6127 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...)
+ TODO: check
+CVE-2023-6126 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...)
+ TODO: check
+CVE-2023-6125 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...)
+ TODO: check
+CVE-2023-6124 (Server-Side Request Forgery (SSRF) in GitHub repository salesagility/s ...)
+ TODO: check
+CVE-2023-6111 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ TODO: check
+CVE-2023-48094 (A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows a ...)
+ TODO: check
+CVE-2023-48021 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-48020 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-47660 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP W ...)
+ TODO: check
+CVE-2023-47659 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47658 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47656 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mar ...)
+ TODO: check
+CVE-2023-47654 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47653 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu ...)
+ TODO: check
+CVE-2023-47646 (Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK ...)
+ TODO: check
+CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...)
+ TODO: check
+CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...)
+ TODO: check
+CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via physical acc ...)
+ TODO: check
+CVE-2023-47127 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2023-47126 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2023-46601 (A vulnerability has been identified in COMOS (All versions). The affec ...)
+ TODO: check
+CVE-2023-46590 (A vulnerability has been identified in Siemens OPC UA Modelling Editor ...)
+ TODO: check
+CVE-2023-46099 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...)
+ TODO: check
+CVE-2023-46098 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...)
+ TODO: check
+CVE-2023-46097 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...)
+ TODO: check
+CVE-2023-46096 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...)
+ TODO: check
+CVE-2023-45794 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
+CVE-2023-45684 (Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. ...)
+ TODO: check
+CVE-2023-45585 (An insertion of sensitive information into log file vulnerability [CWE ...)
+ TODO: check
+CVE-2023-45582 (An improper restriction of excessive authentication attempts vulnerabi ...)
+ TODO: check
+CVE-2023-44374 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44373 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44322 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44321 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44320 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44319 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44318 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44317 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...)
+ TODO: check
+CVE-2023-44248 (An improper access control vulnerability [CWE-284] inFortiEDRCollector ...)
+ TODO: check
+CVE-2023-43505 (A vulnerability has been identified in COMOS (All versions). The affec ...)
+ TODO: check
+CVE-2023-43504 (A vulnerability has been identified in COMOS (All versions < V10.4.4). ...)
+ TODO: check
+CVE-2023-43503 (A vulnerability has been identified in COMOS (All versions < V10.4.4). ...)
+ TODO: check
+CVE-2023-42783 (A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8 ...)
+ TODO: check
+CVE-2023-41840 (A untrusted search path vulnerability in Fortinet FortiClientWindows 7 ...)
+ TODO: check
+CVE-2023-41676 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
+ TODO: check
+CVE-2023-40719 (A use of hard-coded credentials vulnerability in Fortinet FortiAnalyze ...)
+ TODO: check
+CVE-2023-40540 (Non-Transparent Sharing of Microarchitectural Resources in some Intel( ...)
+ TODO: check
+CVE-2023-40220 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...)
+ TODO: check
+CVE-2023-39412 (Cross-site request forgery in some Intel Unison software may allow an ...)
+ TODO: check
+CVE-2023-39411 (Improper input validationation for some Intel Unison software may allo ...)
+ TODO: check
+CVE-2023-39230 (Insecure inherited permissions in some Intel Rapid Storage Technology ...)
+ TODO: check
+CVE-2023-39228 (Improper access control for some Intel Unison software may allow an un ...)
+ TODO: check
+CVE-2023-39221 (Improper access control for some Intel Unison software may allow an au ...)
+ TODO: check
+CVE-2023-38570 (Access of memory location after end of buffer for some Intel Unison so ...)
+ TODO: check
+CVE-2023-38411 (Improper access control in the Intel Smart Campus android application ...)
+ TODO: check
+CVE-2023-38177 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-38151 (Microsoft Host Integration Server 2020 Remote Code Execution Vulnerabi ...)
+ TODO: check
+CVE-2023-38131 (Improper input validationation for some Intel Unison software may allo ...)
+ TODO: check
+CVE-2023-36860 (Improper input validation for some Intel Unison software may allow an ...)
+ TODO: check
+CVE-2023-36719 (Microsoft Speech Application Programming Interface (SAPI) Elevation of ...)
+ TODO: check
+CVE-2023-36705 (Windows Installer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36641 (A numeric truncation error in Fortinet FortiProxy version 7.2.0 throug ...)
+ TODO: check
+CVE-2023-36633 (An improper authorization vulnerability [CWE-285] in FortiMail webmail ...)
+ TODO: check
+CVE-2023-36560 (ASP.NET Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36553 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-36439 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36428 (Microsoft Local Security Authority Subsystem Service Information Discl ...)
+ TODO: check
+CVE-2023-36427 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36425 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...)
+ TODO: check
+CVE-2023-36424 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2023-36423 (Microsoft Remote Registry Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36422 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36410 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-36408 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36407 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36406 (Windows Hyper-V Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36405 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36404 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36403 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36402 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-36401 (Microsoft Remote Registry Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36400 (Windows HMAC Key Derivation Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36399 (Windows Storage Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36398 (Windows NTFS Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36397 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-36396 (Windows Compressed Folder Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36395 (Windows Deployment Services Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36394 (Windows Search Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36393 (Windows User Interface Application Core Remote Code Execution Vulnerab ...)
+ TODO: check
+CVE-2023-36392 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36052 (Azure CLI REST Command Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36050 (Microsoft Exchange Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36047 (Windows Authentication Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36046 (Windows Authentication Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36045 (Microsoft Office Graphics Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36043 (Open Management Infrastructure Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36042 (Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36041 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36039 (Microsoft Exchange Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36037 (Microsoft Excel Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2023-36035 (Microsoft Exchange Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36031 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-36030 (Microsoft Dynamics 365 Sales Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36028 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
+ TODO: check
+CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36021 (Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36018 (Visual Studio Code Jupyter Extension Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36017 (Windows Scripting Engine Memory Corruption Vulnerability)
+ TODO: check
+CVE-2023-36016 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-34997 (Insecure inherited permissions in the installer for some Intel Server ...)
+ TODO: check
+CVE-2023-34991 (A improper neutralization of special elements used in an sql command ( ...)
+ TODO: check
+CVE-2023-34431 (Improper input validation in some Intel(R) Server Board BIOS firmware ...)
+ TODO: check
+CVE-2023-34430 (Uncontrolled search path in some Intel Battery Life Diagnostic Tool so ...)
+ TODO: check
+CVE-2023-34350 (Uncontrolled search path element in some Intel(R) XTU software before ...)
+ TODO: check
+CVE-2023-34314 (Insecure inherited permissions in some Intel(R) Simics Simulator softw ...)
+ TODO: check
+CVE-2023-33878 (Path transversal in some Intel(R) NUC P14E Laptop Element Audio Instal ...)
+ TODO: check
+CVE-2023-33874 (Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - ...)
+ TODO: check
+CVE-2023-33872 (Improper access control in the Intel Support android application all v ...)
+ TODO: check
+CVE-2023-33304 (A use of hard-coded credentials vulnerability in Fortinet FortiClient ...)
+ TODO: check
+CVE-2023-32701 (Improper Input Validation in the Networking Stack of QNX SDP version(s ...)
+ TODO: check
+CVE-2023-32662 (Improper authorization in some Intel Battery Life Diagnostic Tool inst ...)
+ TODO: check
+CVE-2023-32661 (Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJY ...)
+ TODO: check
+CVE-2023-32660 (Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbol ...)
+ TODO: check
+CVE-2023-32658 (Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC ...)
+ TODO: check
+CVE-2023-32655 (Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NU ...)
+ TODO: check
+CVE-2023-32641 (Improper input validation in firmware for Intel(R) QAT before version ...)
+ TODO: check
+CVE-2023-32638 (Incorrect default permissions in some Intel Arc RGB Controller softwar ...)
+ TODO: check
+CVE-2023-32283 (Insertion of sensitive information into log file in some Intel(R) On D ...)
+ TODO: check
+CVE-2023-32279 (Improper access control in user mode driver for some Intel(R) Connecti ...)
+ TODO: check
+CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel ...)
+ TODO: check
+CVE-2023-32204 (Improper access control in some Intel(R) OFU software before version 1 ...)
+ TODO: check
+CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display driver ...)
+ TODO: check
+CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before version ...)
+ TODO: check
+CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server Host heade ...)
+ TODO: check
+CVE-2023-31203 (Improper input validation in some OpenVINO Model Server software befor ...)
+ TODO: check
+CVE-2023-29161 (Uncontrolled search path in some Intel(R) OFU software before version ...)
+ TODO: check
+CVE-2023-29157 (Improper access control in some Intel(R) OFU software before version 1 ...)
+ TODO: check
+CVE-2023-28377 (Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware ...)
+ TODO: check
+CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA products before ...)
+ TODO: check
CVE-2023-5528
- kubernetes <not-affected> (Windows-specific)
-CVE-2023-23583 [INTEL-SA-00950]
+CVE-2023-23583 (Sequence of processor instructions leads to unexpected behavior for so ...)
- intel-microcode <unfixed>
[bookworm] - intel-microcode <postponed> (Wait for exposure in unstable)
[bullseye] - intel-microcode <postponed> (Wait for exposure in unstable)
@@ -344,7 +636,7 @@ CVE-2023-39295 (An OS command injection vulnerability has been reported to affec
CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-5870
- {DSA-5554-1 DSA-5553-1}
+ {DSA-5554-1 DSA-5553-1 DLA-3651-1}
- postgresql-16 16.1-1
- postgresql-15 <unfixed>
- postgresql-13 <removed>
@@ -352,7 +644,7 @@ CVE-2023-5870
NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/
NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
CVE-2023-5869
- {DSA-5554-1 DSA-5553-1}
+ {DSA-5554-1 DSA-5553-1 DLA-3651-1}
- postgresql-16 16.1-1
- postgresql-15 <unfixed>
- postgresql-13 <removed>
@@ -360,7 +652,7 @@ CVE-2023-5869
NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/
NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
CVE-2023-5868
- {DSA-5554-1 DSA-5553-1}
+ {DSA-5554-1 DSA-5553-1 DLA-3651-1}
- postgresql-16 16.1-1
- postgresql-15 <unfixed>
- postgresql-13 <removed>
@@ -14377,7 +14669,8 @@ CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized
NOT-FOR-US: EmbedPress plugin for WordPress
CVE-2023-4275
REJECTED
-CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifiers ( ...)
+CVE-2023-4128
+ REJECTED
{DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5)
@@ -19560,6 +19853,7 @@ CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environment
NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...)
+ {DLA-3652-1}
- ruby-sanitize <unfixed> (bug #1041430)
NOTE: https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 (v6.0.2)
NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
@@ -26548,12 +26842,12 @@ CVE-2023-28822
RESERVED
CVE-2023-28745
RESERVED
-CVE-2023-28737
- RESERVED
+CVE-2023-28737 (Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integr ...)
+ TODO: check
CVE-2023-28719
RESERVED
-CVE-2023-28378
- RESERVED
+CVE-2023-28378 (Improper authorization in some Intel(R) QAT drivers for Windows - HW V ...)
+ TODO: check
CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...)
NOT-FOR-US: Vuforia
CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
@@ -28299,26 +28593,26 @@ CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-wri
[bullseye] - libarchive <no-dsa> (Minor issue)
[buster] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/1876
-CVE-2023-29504
- RESERVED
+CVE-2023-29504 (Uncontrolled search path element in some Intel(R) RealSense(TM) Dynami ...)
+ TODO: check
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...)
NOT-FOR-US: Intel
CVE-2023-29162
RESERVED
-CVE-2023-28740
- RESERVED
+CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...)
+ TODO: check
CVE-2023-28722
RESERVED
CVE-2023-28407
RESERVED
-CVE-2023-28388
- RESERVED
+CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...)
+ TODO: check
CVE-2023-27885
RESERVED
CVE-2023-27880
RESERVED
-CVE-2023-27513
- RESERVED
+CVE-2023-27513 (Uncontrolled search path element in some Intel(R) Server Information R ...)
+ TODO: check
CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver ConnectionAc ...)
NOT-FOR-US: SoftEther VPN
CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -31227,24 +31521,24 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically
NOTE: Neutralised by kernel hardening
CVE-2023-29244
RESERVED
-CVE-2023-29165
- RESERVED
+CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe ...)
+ TODO: check
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
-CVE-2023-28741
- RESERVED
+CVE-2023-28741 (Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version ...)
+ TODO: check
CVE-2023-28715
RESERVED
-CVE-2023-28397
- RESERVED
+CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
+ TODO: check
CVE-2023-28396
RESERVED
CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
-CVE-2023-22313
- RESERVED
-CVE-2023-22310
- RESERVED
+CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library software bef ...)
+ TODO: check
+CVE-2023-22310 (Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...)
+ TODO: check
CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.11.11+ds1-1
CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication bypass, ...)
@@ -32394,8 +32688,8 @@ CVE-2023-29179
RESERVED
CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...)
NOT-FOR-US: Fortinet
-CVE-2023-29177
- RESERVED
+CVE-2023-29177 (Multiple buffer copy without checking size of input ('classic buffer o ...)
+ TODO: check
CVE-2023-29176
RESERVED
CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
@@ -32474,8 +32768,8 @@ CVE-2023-27883
RESERVED
CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before versio ...)
NOT-FOR-US: Intel
-CVE-2023-24592
- RESERVED
+CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and Component soft ...)
+ TODO: check
CVE-2023-24591
RESERVED
CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...)
@@ -33173,16 +33467,16 @@ CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software
NOT-FOR-US: Intel
CVE-2023-27517
RESERVED
-CVE-2023-26589
- RESERVED
-CVE-2023-25949
- RESERVED
+CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...)
+ TODO: check
+CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmw ...)
+ TODO: check
CVE-2023-25945
RESERVED
CVE-2023-25778
RESERVED
-CVE-2023-22305
- RESERVED
+CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator To ...)
+ TODO: check
CVE-2023-1690 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Earnings and Expense Tracker App
CVE-2023-1689 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -33653,8 +33947,8 @@ CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All version
NOT-FOR-US: Siemens
CVE-2023-28827
RESERVED
-CVE-2023-28379
- RESERVED
+CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server form bound ...)
+ TODO: check
CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...)
NOT-FOR-US: SoftEther VPN
CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister DDNS_RPC_MA ...)
@@ -33955,8 +34249,8 @@ CVE-2023-28732 (Missing access control inAnyMailing Joomla Plugin allows to list
NOT-FOR-US: Joomla Plugin
CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable tounauthenticated remote code e ...)
NOT-FOR-US: Joomla Plugin
-CVE-2023-27882
- RESERVED
+CVE-2023-27882 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...)
+ TODO: check
CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in io_uring ...)
- linux 6.1.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -34037,8 +34331,8 @@ CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote atta
NOT-FOR-US: Panasonic AiSEG2
CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as distributed ...)
NOT-FOR-US: General Bytes Crypto Application Server (CAS)
-CVE-2023-28723
- RESERVED
+CVE-2023-28723 (Exposure of sensitive information to an unauthorized actor in some Int ...)
+ TODO: check
CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform certain ac ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28714 (Improper access control in firmware for some Intel(R) PROSet/Wireless ...)
@@ -34061,28 +34355,28 @@ CVE-2023-28410 (Improper restriction of operations within the bounds of a memory
NOTE: Fixed by: https://git.kernel.org/linus/661412e301e2ca86799aa4f400d1cf0bd38c57c6 (5.19-rc1)
NOTE: http://blog.pi3.com.pl/?p=931
NOTE: http://site.pi3.com.pl/adv/CVE-2023-28410_i915.txt
-CVE-2023-28404
- RESERVED
+CVE-2023-28404 (Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQ ...)
+ TODO: check
CVE-2023-28403
RESERVED
-CVE-2023-28401
- RESERVED
+CVE-2023-28401 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...)
+ TODO: check
CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an unauthenticated use ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak session to ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite for Wind ...)
NOT-FOR-US: Intel
-CVE-2023-28376
- RESERVED
+CVE-2023-28376 (Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Con ...)
+ TODO: check
CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-27886 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-27394 (Osprey Pump Controller version 1.01 is vulnerable an unauthenticated O ...)
NOT-FOR-US: Osprey Pump Controller
-CVE-2023-25071
- RESERVED
+CVE-2023-25071 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...)
+ TODO: check
CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1553
@@ -34366,8 +34660,8 @@ CVE-2023-28619
RESERVED
CVE-2023-28618 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou E ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28391
- RESERVED
+CVE-2023-28391 (A memory corruption vulnerability exists in the HTTP Server header par ...)
+ TODO: check
CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...)
NOT-FOR-US: SAUTER
CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...)
@@ -36624,8 +36918,8 @@ CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability e
NOT-FOR-US: Schneider
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...)
NOT-FOR-US: Schneider
-CVE-2023-28002
- RESERVED
+CVE-2023-28002 (An improper validation of integrity check value vulnerability [CWE-354 ...)
+ TODO: check
CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 ...)
NOT-FOR-US: Fortinet
CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...)
@@ -36905,22 +37199,22 @@ CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD
NOT-FOR-US: Autodesk
CVE-2023-27884
RESERVED
-CVE-2023-27879
- RESERVED
-CVE-2023-27519
- RESERVED
+CVE-2023-27879 (Improper access control in firmware for some Intel(R) Optane(TM) SSD p ...)
+ TODO: check
+CVE-2023-27519 (Improper input validation in firmware for some Intel(R) Optane(TM) SSD ...)
+ TODO: check
CVE-2023-27502
RESERVED
-CVE-2023-27306
- RESERVED
-CVE-2023-27305
- RESERVED
-CVE-2023-25952
- RESERVED
-CVE-2023-24588
- RESERVED
-CVE-2023-24587
- RESERVED
+CVE-2023-27306 (Improper Initialization in firmware for some Intel(R) Optane(TM) SSD p ...)
+ TODO: check
+CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Gr ...)
+ TODO: check
+CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...)
+ TODO: check
+CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in firmware ...)
+ TODO: check
+CVE-2023-24587 (Insufficient control flow management in firmware for some Intel(R) Opt ...)
+ TODO: check
CVE-2023-22434
RESERVED
CVE-2023-1266
@@ -38483,8 +38777,8 @@ CVE-2023-27399 (A vulnerability has been identified in Tecnomatix Plant Simulati
NOT-FOR-US: Siemens
CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Siemens
-CVE-2023-27383
- RESERVED
+CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023. ...)
+ TODO: check
CVE-2023-27307
RESERVED
CVE-2023-27303
@@ -38495,8 +38789,8 @@ CVE-2023-26592
RESERVED
CVE-2023-26591
RESERVED
-CVE-2023-25080
- RESERVED
+CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of OpenVINO ...)
+ TODO: check
CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...)
NOT-FOR-US: Intel
CVE-2023-24463
@@ -40887,8 +41181,8 @@ CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bb6d73d9add68ad270888db327514384dfa44958
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
-CVE-2023-25075
- RESERVED
+CVE-2023-25075 (Unquoted search path in the installer for some Intel Server Configurat ...)
+ TODO: check
CVE-2023-25073
RESERVED
CVE-2023-24542
@@ -41561,8 +41855,8 @@ CVE-2023-26224
RESERVED
CVE-2023-26223
RESERVED
-CVE-2023-26222
- RESERVED
+CVE-2023-26222 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...)
+ TODO: check
CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...)
NOT-FOR-US: Spotfire Connectors component of TIBCO
CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...)
@@ -41665,8 +41959,8 @@ CVE-2023-26207 (An insertion of sensitive information into log file vulnerabilit
NOT-FOR-US: Fortinet
CVE-2023-26206
RESERVED
-CVE-2023-26205
- RESERVED
+CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...)
+ TODO: check
CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)
NOT-FOR-US: Fortinet
CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...)
@@ -42417,8 +42711,8 @@ CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of c
NOT-FOR-US: Dell
CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...)
NOT-FOR-US: Facebook Hermes
-CVE-2023-25756
- RESERVED
+CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R) Processors m ...)
+ TODO: check
CVE-2023-25546
RESERVED
CVE-2023-23904
@@ -42435,8 +42729,8 @@ CVE-2023-22351
RESERVED
CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...)
NOT-FOR-US: Intel
-CVE-2023-22329
- RESERVED
+CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
+ TODO: check
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...)
NOT-FOR-US: Kron Tech Single Connect
CVE-2023-0881
@@ -42925,8 +43219,8 @@ CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remote
NOT-FOR-US: Node markdown-pdf
CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
NOT-FOR-US: HYPR Workforce Access on MacOS
-CVE-2023-25181
- RESERVED
+CVE-2023-25181 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...)
+ TODO: check
CVE-2023-0833 (A flaw was found in Red Hat's AMQ-Streams, which ships a version of th ...)
NOT-FOR-US: Red Hat's AMQ-Streams
CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...)
@@ -43133,8 +43427,8 @@ CVE-2023-25728 (The <code>Content-Security-Policy-Report-Only</code> header coul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25728
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728
-CVE-2023-24585
- RESERVED
+CVE-2023-24585 (An out-of-bounds write vulnerability exists in the HTTP Server functio ...)
+ TODO: check
CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...)
@@ -43752,8 +44046,8 @@ CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.
NOT-FOR-US: Fortinet
CVE-2023-25604 (An insertion of sensitive information into log file vulnerability in F ...)
NOT-FOR-US: Fortinet
-CVE-2023-25603
- RESERVED
+CVE-2023-25603 (A permissive cross-domain policy with untrusted domains vulnerability ...)
+ TODO: check
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
NOT-FOR-US: FortiGuard
CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gatew ...)
@@ -52456,10 +52750,10 @@ CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandle
NOTE: https://www.openwall.com/lists/oss-security/2023/01/19/1
CVE-2023-22808 (An issue was discovered in the Arm Android Gralloc Module. A non-privi ...)
NOT-FOR-US: Arm Android Gralloc Module
-CVE-2023-22663
- RESERVED
-CVE-2023-22448
- RESERVED
+CVE-2023-22663 (Improper authentication for some Intel Unison software may allow an au ...)
+ TODO: check
+CVE-2023-22448 (Improper access control for some Intel Unison software may allow a pri ...)
+ TODO: check
CVE-2023-22445
RESERVED
CVE-2023-22430
@@ -52468,14 +52762,14 @@ CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and com
NOT-FOR-US: Intel
CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before version ...)
NOT-FOR-US: Intel
-CVE-2023-22337
- RESERVED
-CVE-2023-22292
- RESERVED
-CVE-2023-22290
- RESERVED
-CVE-2023-22285
- RESERVED
+CVE-2023-22337 (Improper input validation for some Intel Unison software may allow an ...)
+ TODO: check
+CVE-2023-22292 (Uncaught exception for some Intel Unison software may allow an authent ...)
+ TODO: check
+CVE-2023-22290 (Uncaught exception for some Intel Unison software may allow an authent ...)
+ TODO: check
+CVE-2023-22285 (Improper access control for some Intel Unison software may allow an un ...)
+ TODO: check
CVE-2023-0112 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2023-0111 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
@@ -60265,8 +60559,8 @@ CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists
NOT-FOR-US: PcVue
CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
NOT-FOR-US: PcVue
-CVE-2022-42879
- RESERVED
+CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...)
+ TODO: check
CVE-2022-42700
RESERVED
CVE-2022-46674
@@ -60343,10 +60637,10 @@ CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid
NOT-FOR-US: ALEOS
CVE-2022-46649 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...)
NOT-FOR-US: ALEOS
-CVE-2022-46647
- RESERVED
-CVE-2022-46646
- RESERVED
+CVE-2022-46647 (Insertion of sensitive information into log file for some Intel Unison ...)
+ TODO: check
+CVE-2022-46646 (Exposure of sensitive information to an unauthorized actor for some In ...)
+ TODO: check
CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...)
{DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
@@ -60354,20 +60648,20 @@ CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless W
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
NOTE: Fixed upstream in linux-firmware/20230804
-CVE-2022-46301
- RESERVED
-CVE-2022-46299
- RESERVED
-CVE-2022-46298
- RESERVED
+CVE-2022-46301 (Improper Initialization for some Intel Unison software may allow a pri ...)
+ TODO: check
+CVE-2022-46299 (Insufficient control flow management for some Intel Unison software ma ...)
+ TODO: check
+CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a privileg ...)
+ TODO: check
CVE-2022-46283
RESERVED
CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier allows a lo ...)
NOT-FOR-US: CX-Drive
-CVE-2022-45469
- RESERVED
-CVE-2022-43666
- RESERVED
+CVE-2022-45469 (Improper input validation for some Intel Unison software may allow an ...)
+ TODO: check
+CVE-2022-43666 (Exposure of sensitive system information due to uncleared debug inform ...)
+ TODO: check
CVE-2022-43496
RESERVED
CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the Add UCS ...)
@@ -65136,20 +65430,20 @@ CVE-2022-45117
RESERVED
CVE-2022-45114
RESERVED
-CVE-2022-45109
- RESERVED
+CVE-2022-45109 (Improper initialization for some Intel Unison software may allow an au ...)
+ TODO: check
CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM) software bef ...)
NOT-FOR-US: Intel
CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
NOT-FOR-US: Intel
CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for some Int ...)
NOT-FOR-US: Intel
-CVE-2022-43477
- RESERVED
+CVE-2022-43477 (Incomplete cleanup for some Intel Unison software may allow an authent ...)
+ TODO: check
CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...)
NOT-FOR-US: Intel
-CVE-2022-41659
- RESERVED
+CVE-2022-41659 (Improper access control for some Intel Unison software may allow a pri ...)
+ TODO: check
CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
NOT-FOR-US: Listingo WordPress theme
CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...)
@@ -69735,8 +70029,8 @@ CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics
NOT-FOR-US: AMD
CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)
NOT-FOR-US: AMD
-CVE-2023-20596
- RESERVED
+CVE-2023-20596 (Improper input validation in the SMM Supervisor may allow an attacker ...)
+ TODO: check
CVE-2023-20595
RESERVED
CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...)
@@ -69754,8 +70048,8 @@ CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitec
NOTE: under the CVE entry.
NOTE: 3.20230719.1 ships the first batch of fixes, only for 2nd gen Epyc CPUs, further
NOTE: CPUs to follow in later releases
-CVE-2023-20592
- RESERVED
+CVE-2023-20592 (Improper or unexpected behavior of the INVD instruction in some AMD CP ...)
+ TODO: check
CVE-2023-20591
RESERVED
CVE-2023-20590
@@ -69807,8 +70101,8 @@ CVE-2023-20573
RESERVED
CVE-2023-20572
RESERVED
-CVE-2023-20571
- RESERVED
+CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
+ TODO: check
CVE-2023-20570
RESERVED
CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...)
@@ -69833,18 +70127,18 @@ CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow a
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005
NOTE: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/4
-CVE-2023-20568
- RESERVED
-CVE-2023-20567
- RESERVED
-CVE-2023-20566
- RESERVED
-CVE-2023-20565
- RESERVED
+CVE-2023-20568 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...)
+ TODO: check
+CVE-2023-20567 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...)
+ TODO: check
+CVE-2023-20566 (Improper address validation in ASP with SNP enabled may potentially al ...)
+ TODO: check
+CVE-2023-20565 (Insufficient protections in System Management Mode (SMM) code may allo ...)
+ TODO: check
CVE-2023-20564 (Insufficient validation in the IOCTL (Input Output Control) input buff ...)
NOT-FOR-US: AMD
-CVE-2023-20563
- RESERVED
+CVE-2023-20563 (Insufficient protections in System Management Mode (SMM) code may allo ...)
+ TODO: check
CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) input buff ...)
NOT-FOR-US: AMD
CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) input buff ...)
@@ -69903,8 +70197,8 @@ CVE-2023-20535
RESERVED
CVE-2023-20534
RESERVED
-CVE-2023-20533
- RESERVED
+CVE-2023-20533 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+ TODO: check
CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...)
NOT-FOR-US: AMD
CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...)
@@ -69917,8 +70211,8 @@ CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical at
NOT-FOR-US: AMD
CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...)
NOT-FOR-US: AMD
-CVE-2023-20526
- RESERVED
+CVE-2023-20526 (Insufficient input validation in the ASP Bootloader may enable a privi ...)
+ TODO: check
CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
NOT-FOR-US: AMD
CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...)
@@ -69927,12 +70221,12 @@ CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond
NOT-FOR-US: AMD
CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...)
NOT-FOR-US: AMD
-CVE-2023-20521
- RESERVED
+CVE-2023-20521 (TOCTOU in the ASP Bootloader may allow an attacker with physical acces ...)
+ TODO: check
CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...)
NOT-FOR-US: AMD
-CVE-2023-20519
- RESERVED
+CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...)
+ TODO: check
CVE-2023-20518
RESERVED
CVE-2023-20517
@@ -77343,8 +77637,8 @@ CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One co
NOT-FOR-US: Trend Micro
CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...)
NOT-FOR-US: Trend Micro
-CVE-2022-41700
- RESERVED
+CVE-2022-41700 (Insecure inherited permissions in some Intel(R) NUC Pro Software Suite ...)
+ TODO: check
CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP Cryptography ...)
NOT-FOR-US: Intel
CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for some Intel ...)
@@ -77536,8 +77830,8 @@ CVE-2022-41703 (A vulnerability in the SQL Alchemy connector of Apache Superset
NOT-FOR-US: Apache Superset
CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS applica ...)
NOT-FOR-US: Intel
-CVE-2022-41689
- RESERVED
+CVE-2022-41689 (Improper access control in some Intel In-Band Manageability software b ...)
+ TODO: check
CVE-2022-41682
RESERVED
CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...)
@@ -77564,8 +77858,8 @@ CVE-2022-40688
RESERVED
CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA products ...)
NOT-FOR-US: Intel
-CVE-2022-38786
- RESERVED
+CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic Tool sof ...)
+ TODO: check
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...)
NOT-FOR-US: Open5GS
CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack that affec ...)
@@ -80102,8 +80396,8 @@ CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 m
NOT-FOR-US: Fortinet
CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...)
NOT-FOR-US: Fortinet
-CVE-2022-40681
- RESERVED
+CVE-2022-40681 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...)
+ TODO: check
CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-40679 (An improper neutralization of special elements used in an OS command v ...)
@@ -84002,7 +84296,7 @@ CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linu
NOTE: https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15
CVE-2022-39159
REJECTED
-CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
+CVE-2022-39158 (Affected devices improperly handle partial HTTP requests which makes t ...)
NOT-FOR-US: Siemens
CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
NOT-FOR-US: Siemens
@@ -91694,14 +91988,14 @@ CVE-2022-36408
REJECTED
CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool ...)
NOT-FOR-US: Intel
-CVE-2022-36396
- RESERVED
+CVE-2022-36396 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
+ TODO: check
CVE-2022-36395
RESERVED
-CVE-2022-36377 (Incorrect default permissions in the installer software for some Intel ...)
+CVE-2022-36377 (Insecure inherited permissions in some Intel(R) Wireless Adapter Drive ...)
NOT-FOR-US: Intel
-CVE-2022-36374
- RESERVED
+CVE-2022-36374 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
+ TODO: check
CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...)
NOT-FOR-US: Intel
CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
@@ -98668,8 +98962,8 @@ CVE-2022-33976
RESERVED
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...)
NOT-FOR-US: Intel
-CVE-2022-33898
- RESERVED
+CVE-2022-33898 (Insecure inherited permissions in some Intel(R) NUC Watchdog Timer ins ...)
+ TODO: check
CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
NOT-FOR-US: Intel
CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC Boards, Inte ...)
@@ -98808,8 +99102,8 @@ CVE-2022-33951
RESERVED
CVE-2022-33950
RESERVED
-CVE-2022-33945
- RESERVED
+CVE-2022-33945 (Improper input validation in some Intel(R) Server board and Intel(R) S ...)
+ TODO: check
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
NOT-FOR-US: Intel
CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...)
@@ -111462,8 +111756,8 @@ CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-1407 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29510
- RESERVED
+CVE-2022-29510 (Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB B ...)
+ TODO: check
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for Windows ...)
NOT-FOR-US: LINE for Windows
CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library maintained by In ...)
@@ -111472,8 +111766,8 @@ CVE-2022-29469
RESERVED
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before version ...)
NOT-FOR-US: Intel
-CVE-2022-29262
- RESERVED
+CVE-2022-29262 (Improper buffer restrictions in some Intel(R) Server Board BIOS firmwa ...)
+ TODO: check
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...)
NOT-FOR-US: Intel
CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before version 1 ...)
@@ -114992,8 +115286,8 @@ CVE-2021-46776
RESERVED
CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical ...)
NOT-FOR-US: AMD
-CVE-2021-46774
- RESERVED
+CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+ TODO: check
CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...)
NOT-FOR-US: AMD
CVE-2021-46772
@@ -115008,8 +115302,8 @@ CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attac
NOT-FOR-US: AMD
CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
NOT-FOR-US: AMD
-CVE-2021-46766
- RESERVED
+CVE-2021-46766 (Improper clearing of sensitive data in the ASP Bootloader may expose s ...)
+ TODO: check
CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...)
NOT-FOR-US: AMD
CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to ...)
@@ -115024,8 +115318,8 @@ CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed syst
NOT-FOR-US: AMD
CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...)
NOT-FOR-US: AMD
-CVE-2021-46758
- RESERVED
+CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure ...)
+ TODO: check
CVE-2021-46757
RESERVED
CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...)
@@ -115044,8 +115338,8 @@ CVE-2021-46750
RESERVED
CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
NOT-FOR-US: AMD
-CVE-2021-46748
- RESERVED
+CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...)
+ TODO: check
CVE-2021-46747
RESERVED
CVE-2021-46746
@@ -117354,8 +117648,8 @@ CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android a
NOT-FOR-US: Intel
CVE-2022-27233 (XML injection in the Quartus(R) Prime Programmer included in the Intel ...)
NOT-FOR-US: Intel
-CVE-2022-27229
- RESERVED
+CVE-2022-27229 (Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7D ...)
+ TODO: check
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
NOT-FOR-US: Splunk
CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software before vers ...)
@@ -126637,8 +126931,8 @@ CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM adver
NOT-FOR-US: TETRA
CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...)
NOT-FOR-US: Intel
-CVE-2022-24379
- RESERVED
+CVE-2022-24379 (Improper input validation in some Intel(R) Server System M70KLP Family ...)
+ TODO: check
CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...)
NOT-FOR-US: Intel
CVE-2022-23917
@@ -129144,8 +129438,8 @@ CVE-2022-23832
REJECTED
CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcProf ma ...)
NOT-FOR-US: AMD
-CVE-2022-23830
- RESERVED
+CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...)
+ TODO: check
CVE-2022-23829
RESERVED
CVE-2022-23828
@@ -129178,10 +129472,10 @@ CVE-2022-23823 (A potential vulnerability in some AMD processors using frequency
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038
CVE-2022-23822 (In this physical attack, an attacker may potentially exploit the Zynq- ...)
NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL)
-CVE-2022-23821
- RESERVED
-CVE-2022-23820
- RESERVED
+CVE-2022-23821 (Improper access control in System Management Mode (SMM) may allow an a ...)
+ TODO: check
+CVE-2022-23820 (Failure to validate the AMD SMM communication buffer may allow an atta ...)
+ TODO: check
CVE-2022-23819
RESERVED
CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...)
@@ -191181,8 +191475,8 @@ CVE-2021-26347 (Failure to validate the integer operand in ASP (AMD Secure Proce
CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Processor) ...)
NOT-FOR-US: AMD
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
-CVE-2021-26345
- RESERVED
+CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged attacker ...)
+ TODO: check
CVE-2021-26344
RESERVED
CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378a04787078c220712a1ddbd4600a71d33318b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378a04787078c220712a1ddbd4600a71d33318b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231114/40ff0159/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list