[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 14 20:20:16 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40d98bb8 by security tracker role at 2024-02-14T20:20:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,301 @@
+CVE-2024-25301 (Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
+CVE-2024-25300 (A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows at ...)
+ TODO: check
+CVE-2024-25226 (A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v ...)
+ TODO: check
+CVE-2024-25225 (A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v ...)
+ TODO: check
+CVE-2024-25224 (A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v ...)
+ TODO: check
+CVE-2024-25223 (Simple Admin Panel App v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2024-25222 (Task Manager App v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2024-25221 (A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 al ...)
+ TODO: check
+CVE-2024-25220 (Task Manager App v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2024-25219 (A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 al ...)
+ TODO: check
+CVE-2024-25218 (A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 al ...)
+ TODO: check
+CVE-2024-25217 (Online Medicine Ordering System v1.0 was discovered to contain a SQL i ...)
+ TODO: check
+CVE-2024-25216 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2024-25215 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2024-25214 (An issue in Employee Managment System v1.0 allows attackers to bypass ...)
+ TODO: check
+CVE-2024-25213 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2024-25212 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2024-25211 (Simple Expense Tracker v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2024-25210 (Simple Expense Tracker v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2024-25209 (Barangay Population Monitoring System 1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2024-25208 (Barangay Population Monitoring System v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2024-25207 (Barangay Population Monitoring System v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2024-25165 (A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, i ...)
+ TODO: check
+CVE-2024-24990 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
+ TODO: check
+CVE-2024-24989 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
+ TODO: check
+CVE-2024-24966 (When LDAP remote authentication is configured on F5OS, a remote user w ...)
+ TODO: check
+CVE-2024-24775 (When a virtual server is enabled with VLAN group and SNAT listener is ...)
+ TODO: check
+CVE-2024-23982 (When a BIG-IP PEM classification profile is configured on a UDP virtua ...)
+ TODO: check
+CVE-2024-23979 (When SSL Client Certificate LDAP or Certificate Revocation List Distri ...)
+ TODO: check
+CVE-2024-23976 (When running in Appliance mode, an authenticated attacker assigned the ...)
+ TODO: check
+CVE-2024-23805 (Undisclosed requests can cause the Traffic Management Microkernel (TMM ...)
+ TODO: check
+CVE-2024-23789 (Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver. ...)
+ TODO: check
+CVE-2024-23788 (Server-side request forgery vulnerability in Energy Management Control ...)
+ TODO: check
+CVE-2024-23787 (Path traversal vulnerability in Energy Management Controller with Clou ...)
+ TODO: check
+CVE-2024-23786 (Cross-site scripting vulnerability in Energy Management Controller wit ...)
+ TODO: check
+CVE-2024-23785 (Cross-site request forgery vulnerability in Energy Management Controll ...)
+ TODO: check
+CVE-2024-23784 (Improper access control vulnerability exists in Energy Management Cont ...)
+ TODO: check
+CVE-2024-23783 (Improper authentication vulnerability in Energy Management Controller ...)
+ TODO: check
+CVE-2024-23607 (A directory traversal vulnerability exists in the F5OS QKView utility ...)
+ TODO: check
+CVE-2024-23603 (An SQL injection vulnerability exists in an undisclosed page of the BI ...)
+ TODO: check
+CVE-2024-23314 (When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisc ...)
+ TODO: check
+CVE-2024-23308 (When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Ha ...)
+ TODO: check
+CVE-2024-23306 (A vulnerability exists in BIG-IP Next CNF and SPK systems that may all ...)
+ TODO: check
+CVE-2024-22389 (When BIG-IP is deployed in high availability (HA) and an iControl REST ...)
+ TODO: check
+CVE-2024-22093 (When running in appliance mode, an authenticated remote command inject ...)
+ TODO: check
+CVE-2024-21849 (When an Advanced WAF/ASM security policy and a Websockets profile are ...)
+ TODO: check
+CVE-2024-21789 (When a BIG-IP ASM/Advanced WAF security policy is configured on a virt ...)
+ TODO: check
+CVE-2024-21782 (BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who ...)
+ TODO: check
+CVE-2024-21771 (For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an e ...)
+ TODO: check
+CVE-2024-21763 (When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN ...)
+ TODO: check
+CVE-2024-0568 (CWE-287: Improper Authentication vulnerability exists that could cause ...)
+ TODO: check
+CVE-2024-0011 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...)
+ TODO: check
+CVE-2024-0010 (A reflected cross-site scripting (XSS) vulnerability in the GlobalProt ...)
+ TODO: check
+CVE-2024-0009 (An improper verification vulnerability in the GlobalProtect gateway fe ...)
+ TODO: check
+CVE-2024-0008 (Web sessions in the management interface in Palo Alto Networks PAN-OS ...)
+ TODO: check
+CVE-2024-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
+ TODO: check
+CVE-2023-6441 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-6409 (CWE-798: Use of Hard-coded Credentials vulnerability exists that could ...)
+ TODO: check
+CVE-2023-6408 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...)
+ TODO: check
+CVE-2023-5123 (The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcu ...)
+ TODO: check
+CVE-2023-5122 (Grafana is an open-source platform for monitoring and observability. T ...)
+ TODO: check
+CVE-2023-52399
+ REJECTED
+CVE-2023-52398
+ REJECTED
+CVE-2023-52396
+ REJECTED
+CVE-2023-52395
+ REJECTED
+CVE-2023-52392
+ REJECTED
+CVE-2023-51755
+ REJECTED
+CVE-2023-51754
+ REJECTED
+CVE-2023-50927 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
+CVE-2023-50926 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
+CVE-2023-50337
+ REJECTED
+CVE-2023-50336
+ REJECTED
+CVE-2023-50335
+ REJECTED
+CVE-2023-50329
+ REJECTED
+CVE-2023-50293
+ REJECTED
+CVE-2023-50241
+ REJECTED
+CVE-2023-50174
+ REJECTED
+CVE-2023-50170
+ REJECTED
+CVE-2023-49872
+ REJECTED
+CVE-2023-49870
+ REJECTED
+CVE-2023-49811
+ REJECTED
+CVE-2023-49712
+ REJECTED
+CVE-2023-49710
+ REJECTED
+CVE-2023-49611
+ REJECTED
+CVE-2023-49609
+ REJECTED
+CVE-2023-49590
+ REJECTED
+CVE-2023-49588
+ REJECTED
+CVE-2023-48987 (Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content ...)
+ TODO: check
+CVE-2023-48986 (Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) ...)
+ TODO: check
+CVE-2023-48985 (Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) ...)
+ TODO: check
+CVE-2023-48734
+ REJECTED
+CVE-2023-48729
+ REJECTED
+CVE-2023-48229 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
+CVE-2023-46186 (IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized u ...)
+ TODO: check
+CVE-2023-45850
+ REJECTED
+CVE-2023-45738
+ REJECTED
+CVE-2023-45224
+ REJECTED
+CVE-2023-44294 (In Dell Secure Connect Gateway Application and Secure Connect Gateway ...)
+ TODO: check
+CVE-2023-43749
+ REJECTED
+CVE-2023-42776 (Improper input validation in some Intel(R) SGX DCAP software for Windo ...)
+ TODO: check
+CVE-2023-42775
+ REJECTED
+CVE-2023-42665
+ REJECTED
+CVE-2023-42437
+ REJECTED
+CVE-2023-41252 (Out-of-bounds read in some Intel(R) QAT software drivers for Windows b ...)
+ TODO: check
+CVE-2023-41231 (Incorrect default permissions in some ACAT software maintained by Inte ...)
+ TODO: check
+CVE-2023-41091 (Uncontrolled search path for some Intel(R) MPI Library Software before ...)
+ TODO: check
+CVE-2023-41090 (Race condition in some Intel(R) MAS software before version 2.3 may al ...)
+ TODO: check
+CVE-2023-40161 (Improper access control in some Intel Unite(R) Client software before ...)
+ TODO: check
+CVE-2023-40156 (Uncontrolled search path element in some Intel(R) SSU software before ...)
+ TODO: check
+CVE-2023-40154 (Incorrect default permissions in the Intel(R) SUR for Gameplay Softwar ...)
+ TODO: check
+CVE-2023-39941 (Improper access control in some Intel(R) SUR software before version 2 ...)
+ TODO: check
+CVE-2023-39932 (Uncontrolled search path in the Intel(R) SUR for Gameplay Software bef ...)
+ TODO: check
+CVE-2023-39450
+ REJECTED
+CVE-2023-39432 (Improper access control element in some Intel(R) Ethernet tools and dr ...)
+ TODO: check
+CVE-2023-39425 (Improper access control in some Intel(R) DSA software before version 2 ...)
+ TODO: check
+CVE-2023-38566 (Uncontrolled search path in some Intel(R) ISPC software before version ...)
+ TODO: check
+CVE-2023-38561 (Improper access control in some Intel(R) XTU software before version 7 ...)
+ TODO: check
+CVE-2023-38262
+ REJECTED
+CVE-2023-38137
+ REJECTED
+CVE-2023-38135 (Improper authorization in some Intel(R) PM software may allow a privil ...)
+ TODO: check
+CVE-2023-36493 (Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applicati ...)
+ TODO: check
+CVE-2023-36490 (Improper initialization in some Intel(R) MAS software before version 2 ...)
+ TODO: check
+CVE-2023-35769 (Uncontrolled search path in some Intel(R) CIP software before version ...)
+ TODO: check
+CVE-2023-35121 (Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler sof ...)
+ TODO: check
+CVE-2023-35062 (Improper access control in some Intel(R) DSA software before version 2 ...)
+ TODO: check
+CVE-2023-35061 (Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) ...)
+ TODO: check
+CVE-2023-35060 (Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool ...)
+ TODO: check
+CVE-2023-35003 (Path transversal in some Intel(R) VROC software before version 8.0.8.1 ...)
+ TODO: check
+CVE-2023-34983 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...)
+ TODO: check
+CVE-2023-34351 (Buffer underflow in some Intel(R) PCM software before version 202307 m ...)
+ TODO: check
+CVE-2023-34315 (Incorrect default permissions in some Intel(R) VROC software before ve ...)
+ TODO: check
+CVE-2023-33875 (Improper access control for some Intel(R) PROSet/Wireless and Intel(R) ...)
+ TODO: check
+CVE-2023-33870 (Insecure inherited permissions in some Intel(R) Ethernet tools and dri ...)
+ TODO: check
+CVE-2023-32651 (Improper validation of specified type of input for some Intel(R) PROSe ...)
+ TODO: check
+CVE-2023-32647 (Improper access control in some Intel(R) XTU software before version 7 ...)
+ TODO: check
+CVE-2023-32646 (Uncontrolled search path element in some Intel(R) VROC software before ...)
+ TODO: check
+CVE-2023-32644 (Protection mechanism failure for some Intel(R) PROSet/Wireless and Int ...)
+ TODO: check
+CVE-2023-32642 (Insufficient adherence to expected conventions for some Intel(R) PROSe ...)
+ TODO: check
+CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
+ TODO: check
+CVE-2023-32280 (Insufficiently protected credentials in some Intel(R) Server Product O ...)
+ TODO: check
+CVE-2023-31271 (Improper access control in some Intel(R) VROC software before version ...)
+ TODO: check
+CVE-2023-31189 (Improper authentication in some Intel(R) Server Product OpenBMC firmwa ...)
+ TODO: check
+CVE-2023-30767 (Improper buffer restrictions in Intel(R) Optimization for TensorFlow b ...)
+ TODO: check
+CVE-2023-29153 (Uncontrolled resource consumption for some Intel(R) SPS firmware befor ...)
+ TODO: check
+CVE-2023-28720 (Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) ...)
+ TODO: check
+CVE-2023-28374 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...)
+ TODO: check
CVE-2023-49721
- lxd <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
CVE-2023-48733
+ {DSA-5624-1}
- edk2 2023.11-7
NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
@@ -337,7 +630,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
NOTE: https://kb.isc.org/docs/cve-2023-6516
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
NOTE: which entered unstable as the fixed version as workaround.
-CVE-2023-50387
+CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RF ...)
{DSA-5621-1 DSA-5620-1}
- bind9 <unfixed>
- dnsmasq 2.90-1
@@ -351,7 +644,7 @@ CVE-2023-50387
NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1)
-CVE-2023-50868
+CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...)
{DSA-5621-1 DSA-5620-1}
- bind9 <unfixed>
- dnsmasq 2.90-1
@@ -1079,6 +1372,7 @@ CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an attacker
NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
NOTE: https://github.com/indutny/node-ip/issues/136
CVE-2024-0985 (Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in Postg ...)
+ {DSA-5623-1 DSA-5622-1}
- postgresql-16 16.2-1
- postgresql-15 <removed>
- postgresql-13 <removed>
@@ -3613,7 +3907,7 @@ CVE-2024-0914 (A timing side-channel vulnerability has been discovered in the op
NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/7ffc0e135b4d923d686be536aa7bf69405a360a1
NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/c26e049bf40d656bc51429bad190b82fbf63f0c7
NOTE: https://people.redhat.com/~hkario/marvin/
-CVE-2024-0911 (A flaw was found in Indent. This issue may allow a local user to use a ...)
+CVE-2024-0911 (A flaw was found in indent, a program for formatting C code. This issu ...)
- indent 2.2.13-4 (unimportant; bug #1061543)
[bookworm] - indent 2.2.12-4+deb12u3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259883
@@ -10566,7 +10860,7 @@ CVE-2023-49734 (An authenticated Gamma user has the ability to create a dashboar
NOT-FOR-US: Apache Superset
CVE-2023-49736 (A where_in JINJA macro allows users to specify a quote, which combined ...)
NOT-FOR-US: Apache Superset
-CVE-2024-23952
+CVE-2024-23952 (This is a duplicate for CVE-2023-46104. With correct CVE version range ...)
NOT-FOR-US: Apache Superset
CVE-2023-46104 (Uncontrolled resource consumption can be triggered by authenticated at ...)
NOT-FOR-US: Apache Superset
@@ -44120,8 +44414,8 @@ CVE-2023-29152 (By changing the filename parameter in the request, an attacker c
NOT-FOR-US: Vuforia
CVE-2023-28822
RESERVED
-CVE-2023-28745
- RESERVED
+CVE-2023-28745 (Uncontrolled search path in Intel(R) QSFP+ Configuration Utility softw ...)
+ TODO: check
CVE-2023-28737 (Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integr ...)
NOT-FOR-US: Intel
CVE-2023-28719
@@ -45888,14 +46182,14 @@ CVE-2023-29504 (Uncontrolled search path element in some Intel(R) RealSense(TM)
NOT-FOR-US: Intel
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...)
NOT-FOR-US: Intel
-CVE-2023-29162
- RESERVED
+CVE-2023-29162 (Improper buffer restrictions in some Intel(R) C++ Compiler Classic bef ...)
+ TODO: check
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...)
NOT-FOR-US: Intel
CVE-2023-28722 (Improper buffer restrictions for some Intel NUC BIOS firmware before v ...)
NOT-FOR-US: Intel
-CVE-2023-28407
- RESERVED
+CVE-2023-28407 (Uncontrolled search path in some Intel(R) XTU software before version ...)
+ TODO: check
CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...)
NOT-FOR-US: Intel
CVE-2023-27885
@@ -48826,12 +49120,12 @@ CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and com
NOT-FOR-US: Intel
CVE-2023-28741 (Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version ...)
NOT-FOR-US: Intel
-CVE-2023-28715
- RESERVED
+CVE-2023-28715 (Improper access control in some Intel(R) oneAPI Toolkit and component ...)
+ TODO: check
CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
NOT-FOR-US: Intel
-CVE-2023-28396
- RESERVED
+CVE-2023-28396 (Improper access control in firmware for some Intel(R) Thunderbol(TM) C ...)
+ TODO: check
CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library software bef ...)
@@ -50073,8 +50367,8 @@ CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before
NOT-FOR-US: Intel
CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and Component soft ...)
NOT-FOR-US: Intel
-CVE-2023-24591
- RESERVED
+CVE-2023-24591 (Uncontrolled search path in some Intel(R) Binary Configuration Tool so ...)
+ TODO: check
CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...)
NOT-FOR-US: firefly-iii
CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...)
@@ -50763,22 +51057,22 @@ CVE-2023-28940
RESERVED
CVE-2023-28939
RESERVED
-CVE-2023-28739
- RESERVED
+CVE-2023-28739 (Incorrect default permissions in some Intel(R) Chipset Driver Software ...)
+ TODO: check
CVE-2023-28738 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
NOT-FOR-US: Intel
CVE-2023-28721
RESERVED
CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...)
NOT-FOR-US: Intel
-CVE-2023-27517
- RESERVED
+CVE-2023-27517 (Improper access control in some Intel(R) Optane(TM) PMem software befo ...)
+ TODO: check
CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...)
NOT-FOR-US: Intel
CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmw ...)
NOT-FOR-US: Intel
-CVE-2023-25945
- RESERVED
+CVE-2023-25945 (Protection mechanism failure in some Intel(R) OFU software before vers ...)
+ TODO: check
CVE-2023-25778
RESERVED
CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator To ...)
@@ -54316,8 +54610,8 @@ CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulner
NOT-FOR-US: Schneider Electric
CVE-2023-27976 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...)
NOT-FOR-US: Schneider
-CVE-2023-27975
- RESERVED
+CVE-2023-27975 (CWE-522: Insufficiently Protected Credentials vulnerability exists tha ...)
+ TODO: check
CVE-2023-27974 (Bitwarden through 2023.2.1 offers password auto-fill when the second-l ...)
NOT-FOR-US: Bitwarden
CVE-2023-27973 (Certain HP LaserJet Pro print products are potentially vulnerable to H ...)
@@ -55585,14 +55879,14 @@ CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Inte
NOT-FOR-US: Intel
CVE-2023-26587 (Improper input validation for the Intel(R) Easy Streaming Wizard softw ...)
NOT-FOR-US: Intel
-CVE-2023-26586
- RESERVED
-CVE-2023-25951
- RESERVED
+CVE-2023-26586 (Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Kill ...)
+ TODO: check
+CVE-2023-25951 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...)
+ TODO: check
CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...)
NOT-FOR-US: Intel
-CVE-2023-25174
- RESERVED
+CVE-2023-25174 (Improper access control in some Intel(R) Chipset Driver Software befor ...)
+ TODO: check
CVE-2023-24596
RESERVED
CVE-2023-22437
@@ -56094,22 +56388,22 @@ CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulati
NOT-FOR-US: Siemens
CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023. ...)
NOT-FOR-US: Intel
-CVE-2023-27307
- RESERVED
-CVE-2023-27303
- RESERVED
-CVE-2023-26596
- RESERVED
-CVE-2023-26592
- RESERVED
-CVE-2023-26591
- RESERVED
+CVE-2023-27307 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
+CVE-2023-27303 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
+CVE-2023-26596 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
+CVE-2023-26592 (Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH ...)
+ TODO: check
+CVE-2023-26591 (Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers fo ...)
+ TODO: check
CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of OpenVINO ...)
NOT-FOR-US: Intel
CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...)
NOT-FOR-US: Intel
-CVE-2023-24463
- RESERVED
+CVE-2023-24463 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers ...)
+ TODO: check
CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
NOT-FOR-US: Intel
CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
@@ -56180,22 +56474,22 @@ CVE-2023-27374
RESERVED
CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
-CVE-2023-27308
- RESERVED
+CVE-2023-27308 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
CVE-2023-27302
RESERVED
-CVE-2023-27301
- RESERVED
-CVE-2023-27300
- RESERVED
+CVE-2023-27301 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
+CVE-2023-27300 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
CVE-2023-27299
RESERVED
CVE-2023-27297
RESERVED
CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a specially c ...)
NOT-FOR-US: Honeywell
-CVE-2023-26585
- RESERVED
+CVE-2023-26585 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
CVE-2023-25948 (Server information leak of configuration data when an error is generat ...)
NOT-FOR-US: Honeywell
CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error is gener ...)
@@ -56204,8 +56498,8 @@ CVE-2023-25178 (Controller may be loaded with malicious firmware which could ena
NOT-FOR-US: Honeywell
CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring during th ...)
NOT-FOR-US: Honeywell
-CVE-2023-24589
- RESERVED
+CVE-2023-24589 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message from the ...)
NOT-FOR-US: Honeywell
CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow which coul ...)
@@ -56433,22 +56727,22 @@ CVE-2023-26594
RESERVED
CVE-2023-25771 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
NOT-FOR-US: Intel
-CVE-2023-25769
- RESERVED
+CVE-2023-25769 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH ...)
+ TODO: check
CVE-2023-25079
RESERVED
-CVE-2023-24481
- RESERVED
+CVE-2023-24481 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
CVE-2023-24462
RESERVED
CVE-2023-24017
RESERVED
CVE-2023-24013
RESERVED
-CVE-2023-22848
- RESERVED
-CVE-2023-22390
- RESERVED
+CVE-2023-22848 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
+CVE-2023-22390 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
CVE-2023-1081 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
NOT-FOR-US: Microweber
CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected Cross ...)
@@ -58489,10 +58783,10 @@ CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue
NOT-FOR-US: Pega Platform
CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool software ...)
NOT-FOR-US: Intel
-CVE-2023-25779
- RESERVED
-CVE-2023-25777
- RESERVED
+CVE-2023-25779 (Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH ...)
+ TODO: check
+CVE-2023-25777 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA drive ...)
{DSA-5594-1 DLA-3711-1 DLA-3710-1}
- linux 6.5.3-1
@@ -58501,16 +58795,16 @@ CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
CVE-2023-25075 (Unquoted search path in the installer for some Intel Server Configurat ...)
NOT-FOR-US: Intel
-CVE-2023-25073
- RESERVED
-CVE-2023-24542
- RESERVED
+CVE-2023-25073 (Improper access control in some Intel(R) DSA software before version 2 ...)
+ TODO: check
+CVE-2023-24542 (Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH d ...)
+ TODO: check
CVE-2023-24541
RESERVED
-CVE-2023-22342
- RESERVED
-CVE-2023-22293
- RESERVED
+CVE-2023-22342 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers ...)
+ TODO: check
+CVE-2023-22293 (Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers fo ...)
+ TODO: check
CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...)
- libheif 1.15.1-1 (bug #1032101)
[bullseye] - libheif <no-dsa> (Minor issue)
@@ -64389,8 +64683,8 @@ CVE-2023-22655
RESERVED
CVE-2023-22431
RESERVED
-CVE-2023-22311
- RESERVED
+CVE-2023-22311 (Improper access control in some Intel(R) Optane(TM) PMem 100 Series Ma ...)
+ TODO: check
CVE-2023-0525 (Weak Encoding for Password vulnerability in Mitsubishi Electric Corpor ...)
NOT-FOR-US: PyroCMS
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d98bb85f90b7e1f7edd658acfc1bf263528dd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d98bb85f90b7e1f7edd658acfc1bf263528dd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/40db1a1a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list