[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 13 20:12:21 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40d9d1ae by security tracker role at 2024-02-13T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,281 @@
-CVE-2023-4408
+CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...)
+ TODO: check
+CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-24923 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-24922 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...)
+ TODO: check
+CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...)
+ TODO: check
+CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...)
+ TODO: check
+CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...)
+ TODO: check
+CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...)
+ TODO: check
+CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
+ TODO: check
+CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
+ TODO: check
+CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
+ TODO: check
+CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
+ TODO: check
+CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...)
+ TODO: check
+CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...)
+ TODO: check
+CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...)
+ TODO: check
+CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
+ TODO: check
+CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...)
+ TODO: check
+CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21404 (.NET Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...)
+ TODO: check
+CVE-2024-21402 (Microsoft Outlook Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21401 (Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vuln ...)
+ TODO: check
+CVE-2024-21397 (Microsoft Azure File Sync Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21396 (Dynamics 365 Sales Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21395 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2024-21394 (Dynamics 365 Field Service Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21393 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2024-21391 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21389 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2024-21386 (.NET Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-21384 (Microsoft Office OneNote Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21381 (Microsoft Azure Active Directory B2C Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21380 (Microsoft Dynamics Business Central/NAV Information Disclosure Vulnera ...)
+ TODO: check
+CVE-2024-21379 (Microsoft Word Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21378 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21377 (Windows DNS Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-21376 (Microsoft Azure Kubernetes Service Confidential Container Remote Code ...)
+ TODO: check
+CVE-2024-21375 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21374 (Microsoft Teams for Android Information Disclosure)
+ TODO: check
+CVE-2024-21372 (Windows OLE Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21371 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21370 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21369 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21368 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21367 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21366 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21365 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21364 (Microsoft Azure Site Recovery Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21363 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21362 (Windows Kernel Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-21361 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21360 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21359 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21357 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2024-21356 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...)
+ TODO: check
+CVE-2024-21355 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21354 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21353 (Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21352 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21351 (Windows SmartScreen Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-21350 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-21349 (Microsoft ActiveX Data Objects Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21348 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-21347 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21346 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21345 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21344 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
+ TODO: check
+CVE-2024-21343 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
+ TODO: check
+CVE-2024-21342 (Windows DNS Client Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-21341 (Windows Kernel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21340 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-21339 (Windows USB Generic Parent Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21338 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21329 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21328 (Dynamics 365 Sales Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21327 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+ TODO: check
+CVE-2024-21315 (Microsoft Defender for Endpoint Protection Elevation of Privilege Vuln ...)
+ TODO: check
+CVE-2024-21304 (Trusted Compute Base Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20695 (Skype for Business Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-20684 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-20679 (Azure Stack Hub Spoofing Vulnerability)
+ TODO: check
+CVE-2024-20673 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-20667 (Azure DevOps Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-1378 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1374 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1372 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1369 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1359 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1355 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1354 (A command injection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niagara F ...)
+ TODO: check
+CVE-2024-1216 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...)
+ TODO: check
+CVE-2024-1163 (Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44.)
+ TODO: check
+CVE-2024-1160 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-1159 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-1157 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-1140 (Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnera ...)
+ TODO: check
+CVE-2024-1096 (Twister Antivirus v8.17 allows Elevation of Privileges on the computer ...)
+ TODO: check
+CVE-2024-1084 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
+ TODO: check
+CVE-2024-1082 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
+CVE-2024-0707
+ REJECTED
+CVE-2023-6072 (A cross-site scripting vulnerability in Trellix Central Management (CM ...)
+ TODO: check
+CVE-2023-5680 (If a resolver cache has a very large number of ECS records stored for ...)
+ TODO: check
+CVE-2023-51440 (A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30 ...)
+ TODO: check
+CVE-2023-50808 (Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based ...)
+ TODO: check
+CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
+ TODO: check
+CVE-2023-49125 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
+ TODO: check
+CVE-2023-48432 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
+ TODO: check
+CVE-2023-48364 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...)
+ TODO: check
+CVE-2023-48363 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...)
+ TODO: check
+CVE-2023-45207 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
+ TODO: check
+CVE-2023-45206 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
+ TODO: check
+CVE-2023-31347 (Due to a code bug in Secure_TSC, SEV firmware may allow an attacker wi ...)
+ TODO: check
+CVE-2023-31346 (Failure to initialize memory in SEV Firmware may allow a privileged at ...)
+ TODO: check
+CVE-2023-4408 (The DNS message parsing code in `named` includes a section whose compu ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-4408
-CVE-2023-5517
+CVE-2023-5517 (A flaw in query-handling code can cause `named` to exit prematurely wi ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-5517
-CVE-2023-5679
+CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause `named` to c ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-5679
-CVE-2023-6516
+CVE-2023-6516 (To keep its cache database efficient, `named` running as a recursive r ...)
- bind9 1:9.17.19-1
[buster] - bind9 <not-affected> (Vulnerable code only in 9.16.y series)
NOTE: https://kb.isc.org/docs/cve-2023-6516
@@ -959,9 +1227,9 @@ CVE-2024-24593 (A cross-site request forgery (CSRF) vulnerability in all version
NOT-FOR-US: Allegro AI's ClearML platform
CVE-2024-24592 (Lack of authentication in all versions of the fileserver component of ...)
NOT-FOR-US: Allegro AI's ClearML platform
-CVE-2024-24591 (A path traversal vulnerability in version 1.4.0 or newer of Allegro AI ...)
+CVE-2024-24591 (A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the clie ...)
NOT-FOR-US: Allegro AI's ClearML platform
-CVE-2024-24590 (Deserialization of untrusted data can occur in version 0.17.0 or newer ...)
+CVE-2024-24590 (Deserialization of untrusted data can occur in versions 0.17.0 to 1.14 ...)
NOT-FOR-US: Allegro AI's ClearML platform
CVE-2024-24291 (An issue in the component /member/index/login of yzmcms v7.0 allows at ...)
NOT-FOR-US: yzmcms
@@ -12109,9 +12377,9 @@ CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS service
NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS ...)
NOT-FOR-US: ELECOM
-CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
+CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
-CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
+CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body request p ...)
- mattermost-server <itp> (bug #823556)
@@ -12141,15 +12409,15 @@ CVE-2023-46455 (In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible
NOT-FOR-US: GL.iNET GL-AR300M routers
CVE-2023-46454 (In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to i ...)
NOT-FOR-US: GL.iNET GL-AR300M routers
-CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All versions) ...)
+CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Siemens
-CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All versions) ...)
+CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Siemens
-CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All versions) ...)
+CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Siemens
-CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All versions) ...)
+CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Siemens
-CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All versions) ...)
+CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-46156 (Affected devices improperly handle specially crafted packets sent to p ...)
NOT-FOR-US: Siemens
@@ -16677,19 +16945,19 @@ CVE-2023-45582 (An improper restriction of excessive authentication attempts vul
NOT-FOR-US: FortiGuard
CVE-2023-44374 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44373 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
+CVE-2023-44373 (Affected devices do not properly sanitize an input field. This could ...)
NOT-FOR-US: Siemens
-CVE-2023-44322 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
+CVE-2023-44322 (Affected devices can be configured to send emails when certain events ...)
NOT-FOR-US: Siemens
-CVE-2023-44321 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
+CVE-2023-44321 (Affected devices do not properly validate the length of inputs when pe ...)
NOT-FOR-US: Siemens
-CVE-2023-44320 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
+CVE-2023-44320 (Affected devices do not properly validate the authentication when perf ...)
NOT-FOR-US: Siemens
-CVE-2023-44319 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
+CVE-2023-44319 (Affected devices use a weak checksum algorithm to protect the configur ...)
NOT-FOR-US: Siemens
CVE-2023-44318 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44317 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...)
+CVE-2023-44317 (Affected products do not properly validate the content of uploaded X50 ...)
NOT-FOR-US: Siemens
CVE-2023-44248 (An improper access control vulnerability [CWE-284] inFortiEDRCollector ...)
NOT-FOR-US: FortiGuard
@@ -57745,8 +58013,8 @@ CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable t
NOT-FOR-US: Syncfusion
CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...)
NOT-FOR-US: Syncfusion
-CVE-2023-26562
- RESERVED
+CVE-2023-26562 (In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2 ...)
+ TODO: check
CVE-2023-26561
RESERVED
CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of aut ...)
@@ -70347,7 +70615,7 @@ CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The
NOT-FOR-US: SecurePoint UTM
CVE-2023-22619
RESERVED
-CVE-2023-0076 (The Download Attachments WordPress plugin through 1.2.24 does not vali ...)
+CVE-2023-0076 (The Download Attachments WordPress plugin before 1.3 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
@@ -87119,8 +87387,8 @@ CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially
NOTE: https://git.kernel.org/linus/f58d6fbcb7c848b7f2469be339bc571f2e9d245b
NOTE: https://xenbits.xen.org/xsa/advisory-439.html
NOTE: https://github.com/xen-project/xen/commit/d7b78041dc819efde0350f27754a61cb01a93496
-CVE-2023-20587
- RESERVED
+CVE-2023-20587 (Improper Access Control in System Management Mode (SMM) may allow an a ...)
+ TODO: check
CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...)
NOT-FOR-US: AMD
CVE-2023-20585
@@ -87135,8 +87403,8 @@ CVE-2023-20581
RESERVED
CVE-2023-20580
RESERVED
-CVE-2023-20579
- RESERVED
+CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a ...)
+ TODO: check
CVE-2023-20578
RESERVED
CVE-2023-20577
@@ -87153,8 +87421,8 @@ CVE-2023-20572
RESERVED
CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
NOT-FOR-US: AMD
-CVE-2023-20570
- RESERVED
+CVE-2023-20570 (Insufficient verification of data authenticity in the configuration st ...)
+ TODO: check
CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...)
{DSA-5475-1 DLA-3525-1}
- amd64-microcode 3.20230719.1
@@ -132402,8 +132670,8 @@ CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution
NOT-FOR-US: AMD
CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure ...)
NOT-FOR-US: AMD
-CVE-2021-46757
- RESERVED
+CVE-2021-46757 (Insufficient checking of memory buffer in ASP Secure OS may allow an a ...)
+ TODO: check
CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...)
NOT-FOR-US: AMD
CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the ASP (AM ...)
@@ -210551,9 +210819,9 @@ CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (I
NOT-FOR-US: Siemens
CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
NOT-FOR-US: Siemens
-CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2021-25664 (A vulnerability has been identified in Capital Embedded AR Classic 431 ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2021-25663 (A vulnerability has been identified in Capital Embedded AR Classic 431 ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
@@ -323601,7 +323869,7 @@ CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions < V1
NOT-FOR-US: Siemens
CVE-2019-13940 (A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP ...)
NOT-FOR-US: Siemens
-CVE-2019-13939 (A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All ve ...)
+CVE-2019-13939 (A vulnerability has been identified in Capital Embedded AR Classic 431 ...)
NOT-FOR-US: Nucleus
CVE-2019-13938
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d9d1ae13c1f6b3185b4f0e7179dbacdc989541
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d9d1ae13c1f6b3185b4f0e7179dbacdc989541
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240213/7897743f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list