[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 6 21:14:36 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76a72507 by Salvatore Bonaccorso at 2023-09-06T22:14:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -468,49 +468,49 @@ CVE-2023-39919 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a r ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39162 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38574 (Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a r ...)
- TODO: check
+ NOT-FOR-US: VI Web Client
CVE-2023-38569 (Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18. ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-37393 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36492 (Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1. ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...)
TODO: check
CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer ...)
- TODO: check
+ NOT-FOR-US: ZPLGFA
CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP res ...)
NOT-FOR-US: IBM
CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...)
NOT-FOR-US: IBM
CVE-2023-33021 (Memory corruption in Graphics while processing user packets for comman ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like channel out o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33019 (Transient DOS in WLAN Host while doing channel switch announcement (CS ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33016 (Transient DOS in WLAN firmware while parsing MLO (multi-link operation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of a recei ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External Authentication Ser ...)
NOT-FOR-US: IBM
CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-41164
- python-django 3:3.2.21-1 (bug #1051226)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
@@ -15464,7 +15464,7 @@ CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing
CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPER ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31219
RESERVED
CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
@@ -17042,55 +17042,55 @@ CVE-2023-30732
CVE-2023-30731
RESERVED
CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30727
RESERVED
CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery prior to v ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30723 (Improper input validation vulnerability in Samsung Health prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchai ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30721 (Insertion of sensitive information into log vulnerability in Locksetti ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30719 (Exposure of Sensitive Information vulnerability in InboundSmsHandler p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30718 (Improper export of android application components vulnerability in Wif ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR Sep-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR Sep-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30714 (Improper authorization vulnerability in FolderContainerDragDelegate in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30713 (Improper privilege management vulnerability in FolderLockNotifier in O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR Sep-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR SEP-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to SMR Sep-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR Sep-2023 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30707 (Improper input validation vulnerability in FileProviderStatusReceiver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...)
NOT-FOR-US: Samsung
CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...)
@@ -17909,13 +17909,13 @@ CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fo
CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30496
RESERVED
CVE-2023-30495
RESERVED
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30493
RESERVED
CVE-2023-30492
@@ -17933,7 +17933,7 @@ CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Th
CVE-2023-30486
RESERVED
CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...)
@@ -20505,7 +20505,7 @@ CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plu
CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29440
RESERVED
CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
@@ -23660,13 +23660,13 @@ CVE-2023-28586
CVE-2023-28585
RESERVED
CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28583
RESERVED
CVE-2023-28582
RESERVED
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28580
RESERVED
CVE-2023-28579
@@ -23682,7 +23682,7 @@ CVE-2023-28575 (The cam_get_device_priv function does not check the type of hand
CVE-2023-28574
RESERVED
CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28572
RESERVED
CVE-2023-28571
@@ -23694,27 +23694,27 @@ CVE-2023-28569
CVE-2023-28568
RESERVED
CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28566
RESERVED
CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28563
RESERVED
CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...)
NOT-FOR-US: Qualcomm
CVE-2023-28560 (Memory corruption in WLAN HAL while processing devIndex from untrusted ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28559 (Memory corruption in WLAN FW while processing command parameters from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx status ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28556
RESERVED
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...)
@@ -23730,9 +23730,9 @@ CVE-2023-28551
CVE-2023-28550
RESERVED
CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in processing TL ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28547
RESERVED
CVE-2023-28546
@@ -23740,9 +23740,9 @@ CVE-2023-28546
CVE-2023-28545
RESERVED
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.)
NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
@@ -23752,7 +23752,7 @@ CVE-2023-28540
CVE-2023-28539
RESERVED
CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
NOT-FOR-US: Qualcomm
CVE-2023-28536
@@ -25454,7 +25454,7 @@ CVE-2023-28074
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
NOT-FOR-US: Dell
CVE-2023-28072 (Dell Alienware Command Center, versions prior to 5.5.51.0, contain a d ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...)
NOT-FOR-US: Dell
CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...)
@@ -33338,7 +33338,7 @@ CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores,
CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamus ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25463
@@ -49015,17 +49015,17 @@ CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action fra
CVE-2023-21668
RESERVED
CVE-2023-21667 (Transient DOS in Bluetooth HOST while passing descriptor to validate t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer allocated throu ...)
NOT-FOR-US: Qualcomm
CVE-2023-21665 (Memory corruption in Graphics while importing a file.)
NOT-FOR-US: Qualcomm
CVE-2023-21664 (Memory Corruption in Core Platform while printing the response buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21663 (Memory Corruption while accessing metadata in Display.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21662 (Memory corruption in Core Platform while printing the response buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response frame.)
NOT-FOR-US: Qualcomm
CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information Elements.)
@@ -49039,11 +49039,11 @@ CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record u
CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event from firmw ...)
NOT-FOR-US: Qualcomm
CVE-2023-21655 (Memory corruption in Audio while validating and mapping metadata.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21654 (Memory corruption in Audio during playback session with audio effects ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21653 (Transient DOS in Modem while processing RRC reconfiguration message.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...)
NOT-FOR-US: Qualcomm
CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in ...)
@@ -49057,11 +49057,11 @@ CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.)
CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...)
NOT-FOR-US: Qualcomm
CVE-2023-21646 (Transient DOS in Modem while processing invalid System Information Blo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21645
RESERVED
CVE-2023-21644 (Memory corruption in RIL due to Integer Overflow while triggering qcri ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
@@ -49077,7 +49077,7 @@ CVE-2023-21638 (Memory corruption in Video while calling APIs with different ins
CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.)
NOT-FOR-US: Qualcomm
CVE-2023-21636 (Memory Corruption due to improper validation of array index in Linux w ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21634
@@ -66296,7 +66296,7 @@ CVE-2022-41765 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1
CVE-2022-41764
RESERVED
CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exi ...)
- TODO: check
+ NOT-FOR-US: NOKIA AMS
CVE-2022-41762
RESERVED
CVE-2022-41761
@@ -69574,7 +69574,7 @@ CVE-2022-40536 (Transient DOS due to improper authentication in modem while rece
CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...)
NOT-FOR-US: Qualcomm
CVE-2022-40534 (Memory corruption due to improper validation of array index in Audio.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core while sendi ...)
NOT-FOR-US: Qualcomm
CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in WLAN while ...)
@@ -69594,7 +69594,7 @@ CVE-2022-40526
CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to unauthorize ...)
NOT-FOR-US: Qualcomm
CVE-2022-40524 (Memory corruption due to buffer over-read in Modem while processing Se ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40523 (Information disclosure in Kernel due to indirect branch misprediction.)
NOT-FOR-US: Qualcomm
CVE-2022-40522 (Memory corruption in Linux Networking due to double free while handlin ...)
@@ -89417,7 +89417,7 @@ CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking s
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
NOT-FOR-US: Qualcomm
CVE-2022-33275 (Memory corruption due to improper validation of array index in WLAN HA ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...)
NOT-FOR-US: Qualcomm
CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted Execution En ...)
@@ -89527,7 +89527,7 @@ CVE-2022-33222 (Information disclosure due to buffer over-read while parsing DNS
CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to buffer ...)
NOT-FOR-US: Qualcomm
CVE-2022-33220 (Information disclosure in Automotive multimedia due to buffer over-rea ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...)
NOT-FOR-US: Qualcomm
CVE-2022-33218 (Memory corruption in Automotive due to improper input validation.)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a725073f633530e836edde733d123241718878
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a725073f633530e836edde733d123241718878
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/00a42743/attachment.htm>
More information about the debian-security-tracker-commits
mailing list