[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 14 20:54:25 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc78768d by Salvatore Bonaccorso at 2023-11-14T21:54:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104,197 +104,197 @@ CVE-2023-41676 (An exposure of sensitive information to an unauthorized actor [C
CVE-2023-40719 (A use of hard-coded credentials vulnerability in Fortinet FortiAnalyze ...)
NOT-FOR-US: FortiGuard
CVE-2023-40540 (Non-Transparent Sharing of Microarchitectural Resources in some Intel( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40220 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39412 (Cross-site request forgery in some Intel Unison software may allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39411 (Improper input validationation for some Intel Unison software may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39230 (Insecure inherited permissions in some Intel Rapid Storage Technology ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39228 (Improper access control for some Intel Unison software may allow an un ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39221 (Improper access control for some Intel Unison software may allow an au ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38570 (Access of memory location after end of buffer for some Intel Unison so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38411 (Improper access control in the Intel Smart Campus android application ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38177 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38151 (Microsoft Host Integration Server 2020 Remote Code Execution Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38131 (Improper input validationation for some Intel Unison software may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36860 (Improper input validation for some Intel Unison software may allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36719 (Microsoft Speech Application Programming Interface (SAPI) Elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36705 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36641 (A numeric truncation error in Fortinet FortiProxy version 7.2.0 throug ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36633 (An improper authorization vulnerability [CWE-285] in FortiMail webmail ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36560 (ASP.NET Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36553 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36439 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36428 (Microsoft Local Security Authority Subsystem Service Information Discl ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36427 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36425 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36424 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36423 (Microsoft Remote Registry Service Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36422 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36410 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36408 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36407 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36406 (Windows Hyper-V Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36405 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36404 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36403 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36402 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36401 (Microsoft Remote Registry Service Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36400 (Windows HMAC Key Derivation Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36399 (Windows Storage Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36398 (Windows NTFS Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36397 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36396 (Windows Compressed Folder Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36395 (Windows Deployment Services Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36394 (Windows Search Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36393 (Windows User Interface Application Core Remote Code Execution Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36392 (DHCP Server Service Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36052 (Azure CLI REST Command Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36050 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36047 (Windows Authentication Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36046 (Windows Authentication Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36045 (Microsoft Office Graphics Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36043 (Open Management Infrastructure Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36042 (Visual Studio Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36041 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36039 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36037 (Microsoft Excel Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36035 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36031 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36030 (Microsoft Dynamics 365 Sales Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36028 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36021 (Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36018 (Visual Studio Code Jupyter Extension Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36017 (Windows Scripting Engine Memory Corruption Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36016 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-34997 (Insecure inherited permissions in the installer for some Intel Server ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34991 (A improper neutralization of special elements used in an sql command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-34431 (Improper input validation in some Intel(R) Server Board BIOS firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34430 (Uncontrolled search path in some Intel Battery Life Diagnostic Tool so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34350 (Uncontrolled search path element in some Intel(R) XTU software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34314 (Insecure inherited permissions in some Intel(R) Simics Simulator softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33878 (Path transversal in some Intel(R) NUC P14E Laptop Element Audio Instal ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33874 (Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33872 (Improper access control in the Intel Support android application all v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33304 (A use of hard-coded credentials vulnerability in Fortinet FortiClient ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-32701 (Improper Input Validation in the Networking Stack of QNX SDP version(s ...)
- TODO: check
+ NOT-FOR-US: QNX SDP
CVE-2023-32662 (Improper authorization in some Intel Battery Life Diagnostic Tool inst ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32661 (Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJY ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32660 (Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbol ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32658 (Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32655 (Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NU ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32641 (Improper input validation in firmware for Intel(R) QAT before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32638 (Incorrect default permissions in some Intel Arc RGB Controller softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32283 (Insertion of sensitive information into log file in some Intel(R) On D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32279 (Improper access control in user mode driver for some Intel(R) Connecti ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32204 (Improper access control in some Intel(R) OFU software before version 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display driver ...)
TODO: check
CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server Host heade ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-31203 (Improper input validation in some OpenVINO Model Server software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29161 (Uncontrolled search path in some Intel(R) OFU software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29157 (Improper access control in some Intel(R) OFU software before version 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28377 (Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA products before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-5528
- kubernetes <not-affected> (Windows-specific)
CVE-2023-23583 (Sequence of processor instructions leads to unexpected behavior for so ...)
@@ -26848,11 +26848,11 @@ CVE-2023-28822
CVE-2023-28745
RESERVED
CVE-2023-28737 (Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28719
RESERVED
CVE-2023-28378 (Improper authorization in some Intel(R) QAT drivers for Windows - HW V ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...)
NOT-FOR-US: Vuforia
CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
@@ -28599,25 +28599,25 @@ CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-wri
[buster] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/1876
CVE-2023-29504 (Uncontrolled search path element in some Intel(R) RealSense(TM) Dynami ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...)
NOT-FOR-US: Intel
CVE-2023-29162
RESERVED
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28722
RESERVED
CVE-2023-28407
RESERVED
CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27885
RESERVED
CVE-2023-27880
RESERVED
CVE-2023-27513 (Uncontrolled search path element in some Intel(R) Server Information R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver ConnectionAc ...)
NOT-FOR-US: SoftEther VPN
CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -31527,23 +31527,23 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically
CVE-2023-29244
RESERVED
CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
CVE-2023-28741 (Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28715
RESERVED
CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28396
RESERVED
CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library software bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22310 (Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.11.11+ds1-1
CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication bypass, ...)
@@ -32694,7 +32694,7 @@ CVE-2023-29179
CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...)
NOT-FOR-US: Fortinet
CVE-2023-29177 (Multiple buffer copy without checking size of input ('classic buffer o ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-29176
RESERVED
CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
@@ -32774,7 +32774,7 @@ CVE-2023-27883
CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before versio ...)
NOT-FOR-US: Intel
CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and Component soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24591
RESERVED
CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...)
@@ -33473,15 +33473,15 @@ CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software
CVE-2023-27517
RESERVED
CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25945
RESERVED
CVE-2023-25778
RESERVED
CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator To ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1690 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Earnings and Expense Tracker App
CVE-2023-1689 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -33953,7 +33953,7 @@ CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All version
CVE-2023-28827
RESERVED
CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server form bound ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...)
NOT-FOR-US: SoftEther VPN
CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister DDNS_RPC_MA ...)
@@ -34255,7 +34255,7 @@ CVE-2023-28732 (Missing access control inAnyMailing Joomla Plugin allows to list
CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable tounauthenticated remote code e ...)
NOT-FOR-US: Joomla Plugin
CVE-2023-27882 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in io_uring ...)
- linux 6.1.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -34337,7 +34337,7 @@ CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote atta
CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as distributed ...)
NOT-FOR-US: General Bytes Crypto Application Server (CAS)
CVE-2023-28723 (Exposure of sensitive information to an unauthorized actor in some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform certain ac ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28714 (Improper access control in firmware for some Intel(R) PROSet/Wireless ...)
@@ -34361,11 +34361,11 @@ CVE-2023-28410 (Improper restriction of operations within the bounds of a memory
NOTE: http://blog.pi3.com.pl/?p=931
NOTE: http://site.pi3.com.pl/adv/CVE-2023-28410_i915.txt
CVE-2023-28404 (Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQ ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28403
RESERVED
CVE-2023-28401 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an unauthenticated use ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak session to ...)
@@ -34373,7 +34373,7 @@ CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak sess
CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite for Wind ...)
NOT-FOR-US: Intel
CVE-2023-28376 (Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Con ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-27886 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...)
@@ -34381,7 +34381,7 @@ CVE-2023-27886 (Osprey Pump Controller version 1.01 is vulnerable to an unauthen
CVE-2023-27394 (Osprey Pump Controller version 1.01 is vulnerable an unauthenticated O ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-25071 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1553
@@ -34666,7 +34666,7 @@ CVE-2023-28619
CVE-2023-28618 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou E ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28391 (A memory corruption vulnerability exists in the HTTP Server header par ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...)
NOT-FOR-US: SAUTER
CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...)
@@ -36924,7 +36924,7 @@ CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability e
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...)
NOT-FOR-US: Schneider
CVE-2023-28002 (An improper validation of integrity check value vulnerability [CWE-354 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 ...)
NOT-FOR-US: Fortinet
CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...)
@@ -37205,21 +37205,21 @@ CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD
CVE-2023-27884
RESERVED
CVE-2023-27879 (Improper access control in firmware for some Intel(R) Optane(TM) SSD p ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27519 (Improper input validation in firmware for some Intel(R) Optane(TM) SSD ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27502
RESERVED
CVE-2023-27306 (Improper Initialization in firmware for some Intel(R) Optane(TM) SSD p ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Gr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in firmware ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24587 (Insufficient control flow management in firmware for some Intel(R) Opt ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22434
RESERVED
CVE-2023-1266
@@ -38783,7 +38783,7 @@ CVE-2023-27399 (A vulnerability has been identified in Tecnomatix Plant Simulati
CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27307
RESERVED
CVE-2023-27303
@@ -38795,7 +38795,7 @@ CVE-2023-26592
CVE-2023-26591
RESERVED
CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of OpenVINO ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...)
NOT-FOR-US: Intel
CVE-2023-24463
@@ -41187,7 +41187,7 @@ CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA
NOTE: https://git.kernel.org/linus/bb6d73d9add68ad270888db327514384dfa44958
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
CVE-2023-25075 (Unquoted search path in the installer for some Intel Server Configurat ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25073
RESERVED
CVE-2023-24542
@@ -41965,7 +41965,7 @@ CVE-2023-26207 (An insertion of sensitive information into log file vulnerabilit
CVE-2023-26206
RESERVED
CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)
NOT-FOR-US: Fortinet
CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...)
@@ -42717,7 +42717,7 @@ CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of c
CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...)
NOT-FOR-US: Facebook Hermes
CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R) Processors m ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25546
RESERVED
CVE-2023-23904
@@ -42735,7 +42735,7 @@ CVE-2023-22351
CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...)
NOT-FOR-US: Intel
CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...)
NOT-FOR-US: Kron Tech Single Connect
CVE-2023-0881
@@ -43225,7 +43225,7 @@ CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remote
CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
NOT-FOR-US: HYPR Workforce Access on MacOS
CVE-2023-25181 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-0833 (A flaw was found in Red Hat's AMQ-Streams, which ships a version of th ...)
NOT-FOR-US: Red Hat's AMQ-Streams
CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...)
@@ -43433,7 +43433,7 @@ CVE-2023-25728 (The <code>Content-Security-Policy-Report-Only</code> header coul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25728
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728
CVE-2023-24585 (An out-of-bounds write vulnerability exists in the HTTP Server functio ...)
- TODO: check
+ NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...)
@@ -44052,7 +44052,7 @@ CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.
CVE-2023-25604 (An insertion of sensitive information into log file vulnerability in F ...)
NOT-FOR-US: Fortinet
CVE-2023-25603 (A permissive cross-domain policy with untrusted domains vulnerability ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
NOT-FOR-US: FortiGuard
CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gatew ...)
@@ -52756,9 +52756,9 @@ CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandle
CVE-2023-22808 (An issue was discovered in the Arm Android Gralloc Module. A non-privi ...)
NOT-FOR-US: Arm Android Gralloc Module
CVE-2023-22663 (Improper authentication for some Intel Unison software may allow an au ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22448 (Improper access control for some Intel Unison software may allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22445
RESERVED
CVE-2023-22430
@@ -52768,13 +52768,13 @@ CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and com
CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before version ...)
NOT-FOR-US: Intel
CVE-2023-22337 (Improper input validation for some Intel Unison software may allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22292 (Uncaught exception for some Intel Unison software may allow an authent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22290 (Uncaught exception for some Intel Unison software may allow an authent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22285 (Improper access control for some Intel Unison software may allow an un ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-0112 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2023-0111 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
@@ -60565,7 +60565,7 @@ CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists
CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
NOT-FOR-US: PcVue
CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-42700
RESERVED
CVE-2022-46674
@@ -60643,9 +60643,9 @@ CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid
CVE-2022-46649 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...)
NOT-FOR-US: ALEOS
CVE-2022-46647 (Insertion of sensitive information into log file for some Intel Unison ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46646 (Exposure of sensitive information to an unauthorized actor for some In ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...)
{DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
@@ -60654,19 +60654,19 @@ CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless W
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
NOTE: Fixed upstream in linux-firmware/20230804
CVE-2022-46301 (Improper Initialization for some Intel Unison software may allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46299 (Insufficient control flow management for some Intel Unison software ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a privileg ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46283
RESERVED
CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier allows a lo ...)
NOT-FOR-US: CX-Drive
CVE-2022-45469 (Improper input validation for some Intel Unison software may allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43666 (Exposure of sensitive system information due to uncleared debug inform ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43496
RESERVED
CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the Add UCS ...)
@@ -65436,7 +65436,7 @@ CVE-2022-45117
CVE-2022-45114
RESERVED
CVE-2022-45109 (Improper initialization for some Intel Unison software may allow an au ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM) software bef ...)
NOT-FOR-US: Intel
CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
@@ -65444,11 +65444,11 @@ CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R)
CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for some Int ...)
NOT-FOR-US: Intel
CVE-2022-43477 (Incomplete cleanup for some Intel Unison software may allow an authent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...)
NOT-FOR-US: Intel
CVE-2022-41659 (Improper access control for some Intel Unison software may allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
NOT-FOR-US: Listingo WordPress theme
CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...)
@@ -77643,7 +77643,7 @@ CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One co
CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...)
NOT-FOR-US: Trend Micro
CVE-2022-41700 (Insecure inherited permissions in some Intel(R) NUC Pro Software Suite ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP Cryptography ...)
NOT-FOR-US: Intel
CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for some Intel ...)
@@ -77836,7 +77836,7 @@ CVE-2022-41703 (A vulnerability in the SQL Alchemy connector of Apache Superset
CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS applica ...)
NOT-FOR-US: Intel
CVE-2022-41689 (Improper access control in some Intel In-Band Manageability software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41682
RESERVED
CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...)
@@ -77864,7 +77864,7 @@ CVE-2022-40688
CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA products ...)
NOT-FOR-US: Intel
CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic Tool sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...)
NOT-FOR-US: Open5GS
CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack that affec ...)
@@ -80402,7 +80402,7 @@ CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 m
CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...)
NOT-FOR-US: Fortinet
CVE-2022-40681 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-40679 (An improper neutralization of special elements used in an OS command v ...)
@@ -91994,13 +91994,13 @@ CVE-2022-36408
CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool ...)
NOT-FOR-US: Intel
CVE-2022-36396 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36395
RESERVED
CVE-2022-36377 (Insecure inherited permissions in some Intel(R) Wireless Adapter Drive ...)
NOT-FOR-US: Intel
CVE-2022-36374 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...)
NOT-FOR-US: Intel
CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
@@ -98968,7 +98968,7 @@ CVE-2022-33976
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...)
NOT-FOR-US: Intel
CVE-2022-33898 (Insecure inherited permissions in some Intel(R) NUC Watchdog Timer ins ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
NOT-FOR-US: Intel
CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC Boards, Inte ...)
@@ -99108,7 +99108,7 @@ CVE-2022-33951
CVE-2022-33950
RESERVED
CVE-2022-33945 (Improper input validation in some Intel(R) Server board and Intel(R) S ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
NOT-FOR-US: Intel
CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...)
@@ -111762,7 +111762,7 @@ CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before
CVE-2022-1407 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29510 (Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB B ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for Windows ...)
NOT-FOR-US: LINE for Windows
CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library maintained by In ...)
@@ -111772,7 +111772,7 @@ CVE-2022-29469
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before version ...)
NOT-FOR-US: Intel
CVE-2022-29262 (Improper buffer restrictions in some Intel(R) Server Board BIOS firmwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...)
NOT-FOR-US: Intel
CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before version 1 ...)
@@ -117654,7 +117654,7 @@ CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android a
CVE-2022-27233 (XML injection in the Quartus(R) Prime Programmer included in the Intel ...)
NOT-FOR-US: Intel
CVE-2022-27229 (Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
NOT-FOR-US: Splunk
CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software before vers ...)
@@ -126937,7 +126937,7 @@ CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM adver
CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...)
NOT-FOR-US: Intel
CVE-2022-24379 (Improper input validation in some Intel(R) Server System M70KLP Family ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...)
NOT-FOR-US: Intel
CVE-2022-23917
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc78768d1786935bb4a462d6fa509c2d6de7e4a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc78768d1786935bb4a462d6fa509c2d6de7e4a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231114/9ad5f489/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list