[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 17 10:12:57 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e74dc6f7 by security tracker role at 2024-05-17T08:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,244 @@
-CVE-2024-21823
+CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plu ...)
+ TODO: check
+CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...)
+ TODO: check
+CVE-2024-3551 (The Penci Soledad Data Migrator plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-3231 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...)
+ TODO: check
+CVE-2024-3134 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
+ TODO: check
+CVE-2024-35110 (A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulner ...)
+ TODO: check
+CVE-2024-34757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34575 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34567 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-33556 (Unrestricted Upload of File with Dangerous Type vulnerability in 8them ...)
+ TODO: check
+CVE-2024-32800 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-31351 (Unrestricted Upload of File with Dangerous Type vulnerability in Copym ...)
+ TODO: check
+CVE-2024-30060 (Azure Monitor Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-2744 (The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise ...)
+ TODO: check
+CVE-2024-2697 (The socialdriver-framework WordPress plugin before 2024.0.0 does not v ...)
+ TODO: check
+CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is vulnerable to H ...)
+ TODO: check
+CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI firmware fo ...)
+ TODO: check
+CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware ...)
+ TODO: check
+CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in UEFI firm ...)
+ TODO: check
+CVE-2024-22476 (Improper input validation in some Intel(R) Neural Compressor software ...)
+ TODO: check
+CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA products ...)
+ TODO: check
+CVE-2024-22384 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...)
+ TODO: check
+CVE-2024-22382 (Improper input validation in PprRequestLog module in UEFI firmware for ...)
+ TODO: check
+CVE-2024-22379 (Uncontrolled search path in some Intel(R) Inspector software before ve ...)
+ TODO: check
+CVE-2024-22095 (Improper input validation in PlatformVariableInitDxe driver in UEFI fi ...)
+ TODO: check
+CVE-2024-22015 (Improper input validation for some Intel(R) DLB driver software before ...)
+ TODO: check
+CVE-2024-21864 (Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics ...)
+ TODO: check
+CVE-2024-21862 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Ed ...)
+ TODO: check
+CVE-2024-21861 (Uncontrolled search path in some Intel(R) GPA Framework software befor ...)
+ TODO: check
+CVE-2024-21843 (Uncontrolled search path for some Intel(R) Computing Improvement Progr ...)
+ TODO: check
+CVE-2024-21841 (Uncontrolled search path for some Intel(R) Distribution for GDB softwa ...)
+ TODO: check
+CVE-2024-21837 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Editio ...)
+ TODO: check
+CVE-2024-21835 (Insecure inherited permissions in some Intel(R) XTU software before ve ...)
+ TODO: check
+CVE-2024-21831 (Uncontrolled search path in some Intel(R) Processor Diagnostic Tool so ...)
+ TODO: check
+CVE-2024-21828 (Improper access control in some Intel(R) Ethernet Controller Administr ...)
+ TODO: check
+CVE-2024-21818 (Uncontrolled search path in some Intel(R) PCM software before version ...)
+ TODO: check
+CVE-2024-21814 (Uncontrolled search path for some Intel(R) Chipset Device Software bef ...)
+ TODO: check
+CVE-2024-21813 (Exposure of resource to wrong sphere in some Intel(R) DTT software ins ...)
+ TODO: check
+CVE-2024-21809 (Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edit ...)
+ TODO: check
+CVE-2024-21792 (Time-of-check Time-of-use race condition in Intel(R) Neural Compressor ...)
+ TODO: check
+CVE-2024-21788 (Uncontrolled search path in some Intel(R) GPA software before version ...)
+ TODO: check
+CVE-2024-21777 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition ...)
+ TODO: check
+CVE-2024-21774 (Uncontrolled search path in some Intel(R) Processor Identification Uti ...)
+ TODO: check
+CVE-2024-21772 (Uncontrolled search path in some Intel(R) Advisor software before vers ...)
+ TODO: check
+CVE-2023-49614 (Out of bounds write in firmware for some Intel(R) FPGA products before ...)
+ TODO: check
+CVE-2023-48727 (NULL pointer dereference in some Intel(R) oneVPL software before versi ...)
+ TODO: check
+CVE-2023-48368 (Improper input validation in Intel(R) Media SDK software all versions ...)
+ TODO: check
+CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth products ...)
+ TODO: check
+CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and some Intel( ...)
+ TODO: check
+CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
+ TODO: check
+CVE-2023-47169 (Improper buffer restrictions in Intel(R) Media SDK software all versio ...)
+ TODO: check
+CVE-2023-47165 (Improper conditions check in the Intel(R) Data Center GPU Max Series 1 ...)
+ TODO: check
+CVE-2023-46691 (Use after free in Intel(R) Power Gadget software for Windows all versi ...)
+ TODO: check
+CVE-2023-46689 (Improper neutralization in Intel(R) Power Gadget software for macOS al ...)
+ TODO: check
+CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS all ver ...)
+ TODO: check
+CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless Bluetooth(R) prod ...)
+ TODO: check
+CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software uninstallers be ...)
+ TODO: check
+CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget software for W ...)
+ TODO: check
+CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM) Profiler s ...)
+ TODO: check
+CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software for Win ...)
+ TODO: check
+CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all versions may al ...)
+ TODO: check
+CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for Windows ...)
+ TODO: check
+CVE-2023-43751 (Uncontrolled search path in Intel(R) Graphics Command Center Service b ...)
+ TODO: check
+CVE-2023-43748 (Improper access control in some Intel(R) GPA Framework software instal ...)
+ TODO: check
+CVE-2023-43745 (Improper input validation in some Intel(R) CBI software before version ...)
+ TODO: check
+CVE-2023-43629 (Incorrect default permissions in some Intel(R) GPA software installers ...)
+ TODO: check
+CVE-2023-43487 (Improper access control in some Intel(R) CST before version 2.1.10300 ...)
+ TODO: check
+CVE-2023-42773 (Improper neutralization in Intel(R) Power Gadget software for Windows ...)
+ TODO: check
+CVE-2023-42668 (Incorrect default permissions in some onboard video driver software be ...)
+ TODO: check
+CVE-2023-42433 (Incorrect default permissions in some Endurance Gaming Mode software i ...)
+ TODO: check
+CVE-2023-41961 (Uncontrolled search path in some Intel(R) GPA software before version ...)
+ TODO: check
+CVE-2023-41957 (Improper Privilege Management vulnerability in smp7, wp.Insider Simple ...)
+ TODO: check
+CVE-2023-41956 (Improper Authentication vulnerability in smp7, wp.Insider Simple Membe ...)
+ TODO: check
+CVE-2023-41955 (Improper Privilege Management vulnerability in WPDeveloper Essential A ...)
+ TODO: check
+CVE-2023-41954 (Improper Privilege Management vulnerability in ProfilePress Membership ...)
+ TODO: check
+CVE-2023-41665 (Improper Privilege Management vulnerability in GiveWP allows Privilege ...)
+ TODO: check
+CVE-2023-41243 (Improper Privilege Management vulnerability in WPvivid Team WPvivid Ba ...)
+ TODO: check
+CVE-2023-41234 (NULL pointer dereference in Intel(R) Power Gadget software for Windows ...)
+ TODO: check
+CVE-2023-41092 (Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Int ...)
+ TODO: check
+CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before version ...)
+ TODO: check
+CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi software fo ...)
+ TODO: check
+CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before version ...)
+ TODO: check
+CVE-2023-40071 (Improper access control in some Intel(R) GPA software installers befor ...)
+ TODO: check
+CVE-2023-40070 (Improper access control in some Intel(R) Power Gadget software for mac ...)
+ TODO: check
+CVE-2023-39929 (Uncontrolled search path in some Libva software maintained by Intel(R) ...)
+ TODO: check
+CVE-2023-39433 (Improper access control for some Intel(R) CST software before version ...)
+ TODO: check
+CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-38654 (Improper input validation for some some Intel(R) PROSet/Wireless WiFi ...)
+ TODO: check
+CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows all vers ...)
+ TODO: check
+CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software for macOS ...)
+ TODO: check
+CVE-2023-38417 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
+ TODO: check
+CVE-2023-38399 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-37999 (Improper Privilege Management vulnerability in HasThemes HT Mega allow ...)
+ TODO: check
+CVE-2023-37888 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-37866 (Improper Privilege Management vulnerability in Crocoblock JetFormBuild ...)
+ TODO: check
+CVE-2023-37389 (Improper Privilege Management vulnerability in SAASPROJECT Booking Pac ...)
+ TODO: check
+CVE-2023-37385 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-35881 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-35192 (Uncontrolled search path in some Intel(R) GPA Framework software befor ...)
+ TODO: check
+CVE-2023-34186 (Missing Authorization vulnerability in Imran Sayed Headless CMS.This i ...)
+ TODO: check
+CVE-2023-33321 (Missing Authorization vulnerability in Metagauss EventPrime allows Exp ...)
+ TODO: check
+CVE-2023-33310 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-32297 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-32244 (Improper Privilege Management vulnerability in XTemos Woodmart Core al ...)
+ TODO: check
+CVE-2023-32129 (Missing Authorization vulnerability in Sparkle WP Editorialmag editori ...)
+ TODO: check
+CVE-2023-32110 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-28402 (Improper input validation in some Intel(R) BIOS Guard firmware may all ...)
+ TODO: check
+CVE-2023-28383 (Improper conditions check in some Intel(R) BIOS PPAM firmware may allo ...)
+ TODO: check
+CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware may all ...)
+ TODO: check
+CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware for som ...)
+ TODO: check
+CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA and In ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html
-CVE-2023-47855 [Intel-SA-01036]
+CVE-2023-47855 (Improper input validation in some Intel(R) TDX module software before ...)
- intel-microcode 3.20240514.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
-CVE-2023-45745 [Intel-SA-01036]
+CVE-2023-45745 (Improper input validation in some Intel(R) TDX module software before ...)
- intel-microcode 3.20240514.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
-CVE-2023-46103 [INTEL-SA-01052]
+CVE-2023-46103 (Sequence of processor instructions leads to unexpected behavior in Int ...)
- intel-microcode 3.20240514.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
-CVE-2023-45733 [INTEL-SA-01051]
+CVE-2023-45733 (Hardware logic contains race conditions in some Intel(R) Processors ma ...)
- intel-microcode 3.20240514.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
@@ -77772,7 +77996,7 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically
NOTE: Neutralised by kernel hardening
CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor Hub (ISH ...)
NOT-FOR-US: Intel
-CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe ...)
+CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) Control softw ...)
NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
@@ -83482,9 +83706,9 @@ CVE-2023-27502 (Insertion of sensitive information into log file for some Intel(
NOT-FOR-US: Intel
CVE-2023-27306 (Improper Initialization in firmware for some Intel(R) Optane(TM) SSD p ...)
NOT-FOR-US: Intel
-CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Gr ...)
+CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) Control softwar ...)
NOT-FOR-US: Intel
-CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...)
+CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) Control software before v ...)
NOT-FOR-US: Intel
CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in firmware ...)
NOT-FOR-US: Intel
@@ -84808,8 +85032,8 @@ CVE-2023-27298 (Uncontrolled search path in the WULT software maintained by Inte
NOT-FOR-US: Intel
CVE-2023-25772 (Improper input validation in the Intel(R) Retail Edge Mobile Android a ...)
NOT-FOR-US: Intel
-CVE-2023-24460
- RESERVED
+CVE-2023-24460 (Incorrect default permissions in some Intel(R) GPA software installers ...)
+ TODO: check
CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/network int ...)
NOT-FOR-US: Epson
CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
@@ -86466,7 +86690,7 @@ CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirections
CVE-2023-26863
REJECTED
CVE-2023-26862
- RESERVED
+ REJECTED
CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 an ...)
NOT-FOR-US: PrestaShop module
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...)
@@ -87236,8 +87460,8 @@ CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpin
NOT-FOR-US: WordPress plugin
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26540
- RESERVED
+CVE-2023-26540 (Improper Privilege Management vulnerability in Favethemes Houzez allow ...)
+ TODO: check
CVE-2023-26539 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...)
@@ -87264,8 +87488,8 @@ CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIn ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26526
- RESERVED
+CVE-2023-26526 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
@@ -88862,8 +89086,8 @@ CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Rea
NOT-FOR-US: WordPress plugin
CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26009
- RESERVED
+CVE-2023-26009 (Improper Privilege Management vulnerability in favethemes Houzez Login ...)
+ TODO: check
CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26007
@@ -89830,8 +90054,8 @@ CVE-2023-25703
RESERVED
CVE-2023-25702 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Full ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25701
- RESERVED
+CVE-2023-25701 (Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ a ...)
+ TODO: check
CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25699 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
@@ -90941,8 +91165,8 @@ CVE-2023-25446
RESERVED
CVE-2023-25445
RESERVED
-CVE-2023-25444
- RESERVED
+CVE-2023-25444 (Unrestricted Upload of File with Dangerous Type vulnerability in JS He ...)
+ TODO: check
CVE-2023-25443 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marc ...)
@@ -91927,8 +92151,8 @@ CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Re ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25050
- RESERVED
+CVE-2023-25050 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25048
@@ -94100,8 +94324,8 @@ CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24380 (Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24379
- RESERVED
+CVE-2023-24379 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...)
@@ -95051,12 +95275,12 @@ CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP p
NOT-FOR-US: WordPress plugin
CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23990
- RESERVED
+CVE-2023-23990 (Improper Privilege Management vulnerability in Qube One Ltd. Redirecti ...)
+ TODO: check
CVE-2023-23989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23988
- RESERVED
+CVE-2023-23988 (Missing Authorization vulnerability in Joseph C Dolson My Tickets.This ...)
+ TODO: check
CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23986
@@ -95365,8 +95589,8 @@ CVE-2023-23890 (Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Ai
NOT-FOR-US: WordPress plugin
CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23888
- RESERVED
+CVE-2023-23888 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-23887
RESERVED
CVE-2023-23886
@@ -95397,8 +95621,8 @@ CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23872
- RESERVED
+CVE-2023-23872 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webd ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...)
@@ -95955,8 +96179,8 @@ CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23700
- RESERVED
+CVE-2023-23700 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...)
@@ -96112,8 +96336,8 @@ CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2023-23646 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gal ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23645
- RESERVED
+CVE-2023-23645 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
CVE-2023-23644
RESERVED
CVE-2023-23643
@@ -98140,8 +98364,8 @@ CVE-2023-22926
RESERVED
CVE-2023-22925
RESERVED
-CVE-2023-22656
- RESERVED
+CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL soft ...)
+ TODO: check
CVE-2023-22433
RESERVED
CVE-2023-22426
@@ -100190,7 +100414,7 @@ CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository linagora
NOT-FOR-US: linagora/Twake
CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot ...)
NOT-FOR-US: ros ntpd driver
-CVE-2022-48197 (Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 th ...)
+CVE-2022-48197 (Reflected cross-site scripting (XSS) exists in Sandbox examples in the ...)
NOT-FOR-US: TreeView of YUI2
CVE-2018-25061 (A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as ...)
NOT-FOR-US: rgb2hex
@@ -106911,7 +107135,7 @@ CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists
NOT-FOR-US: PcVue
CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
NOT-FOR-US: PcVue
-CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...)
+CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) Control software bef ...)
NOT-FOR-US: Intel
CVE-2022-42700
RESERVED
@@ -111091,8 +111315,8 @@ CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side C
NOT-FOR-US: WordPress plugin
CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45374
- RESERVED
+CVE-2022-45374 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Ga ...)
@@ -111103,8 +111327,8 @@ CVE-2022-45370 (Improper Neutralization of Formula Elements in a CSV File vulner
NOT-FOR-US: WordPress plugin
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45368
- RESERVED
+CVE-2022-45368 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...)
@@ -111906,8 +112130,8 @@ CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilin
NOT-FOR-US: WordPress plugin
CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45070
- RESERVED
+CVE-2022-45070 (Missing Authorization vulnerability in FmeAddons Conditional Checkout ...)
+ TODO: check
CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercad ...)
@@ -114430,8 +114654,8 @@ CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ pl
NOT-FOR-US: WordPress plugin
CVE-2022-44582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Appt ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44581
- RESERVED
+CVE-2022-44581 (Insecure Storage of Sensitive Information vulnerability in WPMU DEV De ...)
+ TODO: check
CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Re ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44579
@@ -124070,8 +124294,8 @@ CVE-2022-40207 (Improper access control in the Intel(R) SUR software before vers
NOT-FOR-US: Intel
CVE-2022-38101 (Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update ...)
NOT-FOR-US: Intel
-CVE-2022-37410
- RESERVED
+CVE-2022-37410 (Improper access control for some Intel(R) Thunderbolt driver software ...)
+ TODO: check
CVE-2022-37409 (Insufficient control flow management for the Intel(R) IPP Cryptography ...)
NOT-FOR-US: Intel
CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
@@ -136067,8 +136291,8 @@ CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to a
NOT-FOR-US: Trend Micro
CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
NOT-FOR-US: Trend Micro
-CVE-2022-37341
- RESERVED
+CVE-2022-37341 (Improper access control in some Intel(R) Ethernet Adapters and Intel(R ...)
+ TODO: check
CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...)
NOT-FOR-US: Intel
CVE-2022-37326 (Docker Desktop for Windows before 4.6.0 allows attackers to delete (or ...)
@@ -209793,7 +210017,7 @@ CVE-2021-37386 (Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W b
NOT-FOR-US: Furukawa
CVE-2021-37385
RESERVED
-CVE-2021-37384 (A remote command execution (RCE) vulnerability in the web interface co ...)
+CVE-2021-37384 (RCE (Remote Code Execution) vulnerability was found in some Furukawa O ...)
NOT-FOR-US: Furukawa
CVE-2021-37383
RESERVED
@@ -220194,18 +220418,18 @@ CVE-2021-33164 (Improper access control in BIOS firmware for some Intel(R) NUCs
NOT-FOR-US: Intel
CVE-2021-33163
REJECTED
-CVE-2021-33162
- REJECTED
-CVE-2021-33161
- REJECTED
+CVE-2021-33162 (Improper access control in some Intel(R) Ethernet Adapters and Intel(R ...)
+ TODO: check
+CVE-2021-33161 (Improper input validation in some Intel(R) Ethernet Adapters and Intel ...)
+ TODO: check
CVE-2021-33160
REJECTED
CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before versions ...)
NOT-FOR-US: Intel
-CVE-2021-33158
- REJECTED
-CVE-2021-33157
- REJECTED
+CVE-2021-33158 (Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R ...)
+ TODO: check
+CVE-2021-33157 (Insufficient control flow management in some Intel(R) Ethernet Adapter ...)
+ TODO: check
CVE-2021-33156
REJECTED
CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...)
@@ -220226,18 +220450,18 @@ CVE-2021-33148
REJECTED
CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
NOT-FOR-US: Intel
-CVE-2021-33146
- REJECTED
-CVE-2021-33145
- REJECTED
+CVE-2021-33146 (Improper input validation in some Intel(R) Ethernet Adapters and Intel ...)
+ TODO: check
+CVE-2021-33145 (Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Eth ...)
+ TODO: check
CVE-2021-33144
REJECTED
CVE-2021-33143
REJECTED
-CVE-2021-33142
- REJECTED
-CVE-2021-33141
- REJECTED
+CVE-2021-33142 (Improper input validation in some Intel(R) Ethernet Adapters and Intel ...)
+ TODO: check
+CVE-2021-33141 (Improper input validation in some Intel(R) Ethernet Adapters and Intel ...)
+ TODO: check
CVE-2021-33140
REJECTED
CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e74dc6f70924dd21b2634e35f24bcf520919413b
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e74dc6f70924dd21b2634e35f24bcf520919413b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240517/1b541b21/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list