diff options
author | security tracker role <sectracker@soriano.debian.org> | 2023-06-02 20:12:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2023-06-02 20:12:23 +0000 |
commit | 564c6b88446e3b286755d13bb07a341481a4c49a (patch) | |
tree | b6c91b7eb8a63f6f657be0bf7ec70cdce01f1241 /data | |
parent | ad5abe55537654beea2620efe4f84d1dba853a47 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 340 |
1 files changed, 174 insertions, 166 deletions
diff --git a/data/CVE/list b/data/CVE/list index 669ec19a29..0ad0ac32b9 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,69 @@ +CVE-2023-3075 (Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebo ...) + TODO: check +CVE-2023-3074 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + TODO: check +CVE-2023-3073 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + TODO: check +CVE-2023-3071 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + TODO: check +CVE-2023-3070 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + TODO: check +CVE-2023-3069 (Unverified Password Change in GitHub repository tsolucio/corebos prior ...) + TODO: check +CVE-2023-3068 (A vulnerability classified as critical has been found in Campcodes Ret ...) + TODO: check +CVE-2023-3067 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) + TODO: check +CVE-2023-3062 (A vulnerability was found in code-projects Agro-School Management Syst ...) + TODO: check +CVE-2023-3061 (A vulnerability was found in code-projects Agro-School Management Syst ...) + TODO: check +CVE-2023-3060 (A vulnerability has been found in code-projects Agro-School Management ...) + TODO: check +CVE-2023-3059 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2023-3058 (A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declar ...) + TODO: check +CVE-2023-3057 (A vulnerability was found in YFCMF up to 3.0.4. It has been rated as p ...) + TODO: check +CVE-2023-3056 (A vulnerability was found in YFCMF up to 3.0.4. It has been declared a ...) + TODO: check +CVE-2023-3033 (Incorrect Authorization vulnerability in Mobatime web application allo ...) + TODO: check +CVE-2023-3032 (Unrestricted Upload of File with Dangerous Type vulnerability in Mobat ...) + TODO: check +CVE-2023-3031 (Improper Limitation of a Pathname leads to a Path Traversal vulnerabil ...) + TODO: check +CVE-2023-34362 (In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4 ...) + TODO: check +CVE-2023-34094 (ChuanhuChatGPT is a graphical user interface for ChatGPT and many larg ...) + TODO: check +CVE-2023-33763 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + TODO: check +CVE-2023-33762 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + TODO: check +CVE-2023-33761 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + TODO: check +CVE-2023-33731 (Reflected Cross Site Scripting (XSS) in the view dashboard detail feat ...) + TODO: check +CVE-2023-33717 (mp4v2 v2.1.3 was discovered to contain a memory leak when a method cal ...) + TODO: check +CVE-2023-33675 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + TODO: check +CVE-2023-33673 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + TODO: check +CVE-2023-33672 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + TODO: check +CVE-2023-33671 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + TODO: check +CVE-2023-33670 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + TODO: check +CVE-2023-33669 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + TODO: check +CVE-2023-33476 (ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable t ...) + TODO: check +CVE-2023-2687 (Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4 ...) + TODO: check CVE-2023-3000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Erikoglu Technology ErMon CVE-2023-2835 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...) @@ -640,6 +706,7 @@ CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) + {DLA-3441-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c NOTE: https://github.com/freeswitch/sofia-sip/pull/214 @@ -2108,7 +2175,7 @@ CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior CVE-2023-32216 - firefox 113.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216 -CVE-2023-32215 +CVE-2023-32215 (Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -2123,7 +2190,7 @@ CVE-2023-32214 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32214 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32214 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32214 -CVE-2023-32213 +CVE-2023-32213 (When reading a file, an uninitialized value could have been used as re ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -2131,7 +2198,7 @@ CVE-2023-32213 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213 -CVE-2023-32212 +CVE-2023-32212 (An attacker could have positioned a <code>datalist</code> element to o ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -2139,7 +2206,7 @@ CVE-2023-32212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32212 -CVE-2023-32211 +CVE-2023-32211 (A type checking bug would have led to invalid code being compiled. Thi ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -2156,7 +2223,7 @@ CVE-2023-32209 CVE-2023-32208 - firefox 113.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208 -CVE-2023-32207 +CVE-2023-32207 (A missing delay in popup notifications could have made it possible for ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -2164,7 +2231,7 @@ CVE-2023-32207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32207 -CVE-2023-32206 +CVE-2023-32206 (An out-of-bound read could have led to a crash in the RLBox Expat driv ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -2172,7 +2239,7 @@ CVE-2023-32206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32206 -CVE-2023-32205 +CVE-2023-32205 (In multiple cases browser prompts could have been obscured by popups c ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 @@ -4691,12 +4758,12 @@ CVE-2023-30606 (Discourse is an open source platform for community discussion. I NOT-FOR-US: Discourse CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery -CVE-2023-30604 - RESERVED -CVE-2023-30603 - RESERVED -CVE-2023-30602 - RESERVED +CVE-2023-30604 (It is identified a vulnerability of insufficient authentication in the ...) + TODO: check +CVE-2023-30603 (Hitron Technologies CODA-5310 Telnet function with the default account ...) + TODO: check +CVE-2023-30602 (Hitron Technologies CODA-5310\u2019s Telnet function transfers sensiti ...) + TODO: check CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user with JMX ...) - cassandra <itp> (bug #585905) CVE-2023-30600 @@ -6046,8 +6113,8 @@ CVE-2023-30151 RESERVED CVE-2023-30150 RESERVED -CVE-2023-30149 - RESERVED +CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) + TODO: check CVE-2023-30148 RESERVED CVE-2023-30147 @@ -7309,12 +7376,10 @@ CVE-2023-29553 CVE-2023-29552 (The Service Location Protocol (SLP, RFC 2608) allows an unauthenticate ...) NOT-FOR-US: Service Location Protocol NOTE: Might affect src:openslp-dfsg, but removed years ago -CVE-2023-29551 - RESERVED +CVE-2023-29551 (Memory safety bugs present in Firefox 111. Some of these bugs showed e ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551 -CVE-2023-29550 - RESERVED +CVE-2023-29550 (Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7322,12 +7387,10 @@ CVE-2023-29550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29550 -CVE-2023-29549 - RESERVED +CVE-2023-29549 (Under certain circumstances, a call to the <code>bind</code> function ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549 -CVE-2023-29548 - RESERVED +CVE-2023-29548 (A wrong lowering instruction in the ARM64 Ion compiler resulted in a w ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7335,8 +7398,7 @@ CVE-2023-29548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29548 -CVE-2023-29547 - RESERVED +CVE-2023-29547 (When a secure cookie existed in the Firefox cookie jar an insecure coo ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29547 CVE-2023-29546 @@ -7351,12 +7413,10 @@ CVE-2023-29545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29545 -CVE-2023-29544 - RESERVED +CVE-2023-29544 (If multiple instances of resource exhaustion occurred at the incorrect ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29544 -CVE-2023-29543 - RESERVED +CVE-2023-29543 (An attacker could have caused memory corruption and a potentially expl ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29543 CVE-2023-29542 @@ -7366,8 +7426,7 @@ CVE-2023-29542 - thunderbird <not-affected> (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542 -CVE-2023-29541 - RESERVED +CVE-2023-29541 (Firefox did not properly handle downloads of files ending in <code>.de ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7375,12 +7434,10 @@ CVE-2023-29541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29541 -CVE-2023-29540 - RESERVED +CVE-2023-29540 (Using a redirect embedded into <code>sourceMappingUrls</code> could al ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540 -CVE-2023-29539 - RESERVED +CVE-2023-29539 (When handling the filename directive in the Content-Disposition header ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7388,16 +7445,13 @@ CVE-2023-29539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29539 -CVE-2023-29538 - RESERVED +CVE-2023-29538 (Under specific circumstances a WebExtension may have received a <code> ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29538 -CVE-2023-29537 - RESERVED +CVE-2023-29537 (Multiple race conditions in the font initialization could have led to ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537 -CVE-2023-29536 - RESERVED +CVE-2023-29536 (An attacker could cause the memory manager to incorrectly free a point ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7405,8 +7459,7 @@ CVE-2023-29536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536 -CVE-2023-29535 - RESERVED +CVE-2023-29535 (Following a Garbage Collector compaction, weak maps may have been acce ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7418,8 +7471,7 @@ CVE-2023-29534 RESERVED - firefox <not-affected> (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534 -CVE-2023-29533 - RESERVED +CVE-2023-29533 (A website could have obscured the fullscreen notification by using a c ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 @@ -7477,8 +7529,7 @@ CVE-2023-1947 (A vulnerability was found in taoCMS 3.0.2. It has been classified NOT-FOR-US: taoCMS CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application System ...) NOT-FOR-US: SourceCodester Survey Application System -CVE-2023-1945 - RESERVED +CVE-2023-1945 (Unexpected data returned from the Safe Browsing API could have led to ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 @@ -10346,22 +10397,22 @@ CVE-2023-28707 (Improper Input Validation vulnerability in Apache Software Found NOT-FOR-US: Apache Airflow Drill Provider CVE-2023-28706 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache Airflow Hive Provider -CVE-2023-28705 - RESERVED -CVE-2023-28704 - RESERVED -CVE-2023-28703 - RESERVED -CVE-2023-28702 - RESERVED -CVE-2023-28701 - RESERVED -CVE-2023-28700 - RESERVED -CVE-2023-28699 - RESERVED -CVE-2023-28698 - RESERVED +CVE-2023-28705 (Openfind Mail2000 has insufficient filtering special characters of ema ...) + TODO: check +CVE-2023-28704 (Furbo dog camera has insufficient filtering for special parameter of d ...) + TODO: check +CVE-2023-28703 (ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer ov ...) + TODO: check +CVE-2023-28702 (ASUS RT-AC86U does not filter special characters for parameters in spe ...) + TODO: check +CVE-2023-28701 (ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. A ...) + TODO: check +CVE-2023-28700 (OMICARD EDM backend system\u2019s file uploading function does not res ...) + TODO: check +CVE-2023-28699 (Wade Graphic Design FANTSY has a vulnerability of insufficient filteri ...) + TODO: check +CVE-2023-28698 (Wade Graphic Design FANTSY has a vulnerability of insufficient authori ...) + TODO: check CVE-2023-28697 (Moxa MiiNePort E1 has a vulnerability of insufficient access control. ...) NOT-FOR-US: Moxa CVE-2023-28696 @@ -11185,8 +11236,8 @@ CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to NOT-FOR-US: Concrete CMS CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...) NOT-FOR-US: Couchbase Server -CVE-2023-28469 - RESERVED +CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + TODO: check CVE-2023-28468 RESERVED CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...) @@ -12157,12 +12208,10 @@ CVE-2023-28179 RESERVED CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple -CVE-2023-28177 - RESERVED +CVE-2023-28177 (Memory safety bugs present in Firefox 110. Some of these bugs showed e ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177 -CVE-2023-28176 - RESERVED +CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 @@ -12192,8 +12241,7 @@ CVE-2023-28166 RESERVED CVE-2023-28165 RESERVED -CVE-2023-28164 - RESERVED +CVE-2023-28164 (Dragging a URL from a cross-origin iframe that was removed during the ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 @@ -12201,16 +12249,14 @@ CVE-2023-28164 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28164 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28164 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28164 -CVE-2023-28163 - RESERVED +CVE-2023-28163 (When downloading files through the Save As dialog on Windows with sugg ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) - thunderbird <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28163 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28163 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28163 -CVE-2023-28162 - RESERVED +CVE-2023-28162 (While implementing AudioWorklets, some code may have casted one type t ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 @@ -12218,16 +12264,13 @@ CVE-2023-28162 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28162 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28162 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28162 -CVE-2023-28161 - RESERVED +CVE-2023-28161 (If temporary "one-time" permissions, such as the ability to use the Ca ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28161 -CVE-2023-28160 - RESERVED +CVE-2023-28160 (When following a redirect to a publicly accessible web extension file, ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28160 -CVE-2023-28159 - RESERVED +CVE-2023-28159 (The fullscreen notification could have been hidden on Firefox for Andr ...) - firefox <not-affected> (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159 CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...) @@ -15869,7 +15912,8 @@ CVE-2023-26933 RESERVED CVE-2023-26932 RESERVED -CVE-2023-26931 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker ...) +CVE-2023-26931 + REJECTED - xpdf <not-affected> (Debian uses poppler, which is not affected) CVE-2023-26930 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker ...) - xpdf <not-affected> (Debian uses poppler, which is not affected) @@ -18988,8 +19032,8 @@ CVE-2023-0838 (An issue has been discovered in GitLab affecting versions startin - gitlab <unfixed> CVE-2023-0837 RESERVED -CVE-2023-25780 - RESERVED +CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...) + TODO: check CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) NOT-FOR-US: Intel CVE-2023-25773 @@ -19098,8 +19142,7 @@ CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Softwa - airflow <itp> (bug #819700) CVE-2023-25753 RESERVED -CVE-2023-25752 - RESERVED +CVE-2023-25752 (When accessing throttled streams, the count of available bytes needed ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 @@ -19107,8 +19150,7 @@ CVE-2023-25752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25752 -CVE-2023-25751 - RESERVED +CVE-2023-25751 (Sometimes, when invalidating JIT code while following an iterator, the ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 @@ -19116,33 +19158,27 @@ CVE-2023-25751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25751 -CVE-2023-25750 - RESERVED +CVE-2023-25750 (Under certain circumstances, a ServiceWorker's offline cache may have ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25750 -CVE-2023-25749 - RESERVED +CVE-2023-25749 (Android applications with unpatched vulnerabilities can be launched fr ...) - firefox <not-affected> (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25749 -CVE-2023-25748 - RESERVED +CVE-2023-25748 (By displaying a prompt with a long description, the fullscreen notific ...) - firefox <not-affected> (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25748 CVE-2023-25747 RESERVED -CVE-2023-25746 - RESERVED +CVE-2023-25746 (Memory safety bugs present in Firefox ESR 102.7. Some of these bugs sh ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25746 -CVE-2023-25745 - RESERVED +CVE-2023-25745 (Memory safety bugs present in Firefox 109. Some of these bugs showed e ...) - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745 -CVE-2023-25744 - RESERVED +CVE-2023-25744 (Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19150,14 +19186,12 @@ CVE-2023-25744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25744 -CVE-2023-25743 - RESERVED +CVE-2023-25743 (A lack of in app notification for entering fullscreen mode could have ...) - firefox <not-affected> (Specific to Firefox Focus) - firefox-esr <not-affected> (Specific to Firefox Focus) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743 -CVE-2023-25742 - RESERVED +CVE-2023-25742 (When importing a SPKI RSA public key as ECDSA P-256, the key would be ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19165,16 +19199,13 @@ CVE-2023-25742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25742 -CVE-2023-25741 - RESERVED +CVE-2023-25741 (When dragging and dropping an image cross-origin, the image's size cou ...) - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25741 -CVE-2023-25740 - RESERVED +CVE-2023-25740 (After downloading a Windows <code>.scf</code> script from the local fi ...) - firefox <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740 -CVE-2023-25739 - RESERVED +CVE-2023-25739 (Module load requests that failed were not being checked as to whether ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19182,16 +19213,14 @@ CVE-2023-25739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25739 -CVE-2023-25738 - RESERVED +CVE-2023-25738 (Members of the <code>DEVMODEW</code> struct set by the printer device ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) - thunderbird <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25738 -CVE-2023-25737 - RESERVED +CVE-2023-25737 (An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</ ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19203,8 +19232,7 @@ CVE-2023-25736 RESERVED - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736 -CVE-2023-25735 - RESERVED +CVE-2023-25735 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19212,8 +19240,7 @@ CVE-2023-25735 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25735 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25735 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25735 -CVE-2023-25734 - RESERVED +CVE-2023-25734 (After downloading a Windows <code>.url</code> shortcut from the local ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) - thunderbird <not-affected> (Windows-specific) @@ -19224,8 +19251,7 @@ CVE-2023-25733 RESERVED - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733 -CVE-2023-25732 - RESERVED +CVE-2023-25732 (When encoding data from an <code>inputStream</code> in <code>xpcom</co ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19233,12 +19259,10 @@ CVE-2023-25732 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25732 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25732 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25732 -CVE-2023-25731 - RESERVED +CVE-2023-25731 (Due to URL previews in the network panel of developer tools improperly ...) - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731 -CVE-2023-25730 - RESERVED +CVE-2023-25730 (A background script invoking <code>requestFullscreen</code> and then b ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19246,8 +19270,7 @@ CVE-2023-25730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730 -CVE-2023-25729 - RESERVED +CVE-2023-25729 (Permission prompts for opening external schemes were only shown for <c ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19255,8 +19278,7 @@ CVE-2023-25729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25729 -CVE-2023-25728 - RESERVED +CVE-2023-25728 (The <code>Content-Security-Policy-Report-Only</code> header could allo ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 @@ -19719,8 +19741,7 @@ CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700 NOT-FOR-US: SAP CVE-2023-25613 (An LDAP Injection vulnerability exists in theLdapIdentityBackend of Ap ...) NOT-FOR-US: Apache Kerby -CVE-2023-0767 - RESERVED +CVE-2023-0767 (An attacker could construct a PKCS 12 cert bundle in such a way that c ...) {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3327-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - nss 2:3.87.1-1 @@ -21523,8 +21544,7 @@ CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has NOT-FOR-US: TRENDnet CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...) NOT-FOR-US: TRENDnet -CVE-2023-0616 - RESERVED +CVE-2023-0616 (If a MIME email combines OpenPGP and OpenPGP MIME data in a certain wa ...) {DSA-5355-1 DLA-3324-1} - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616 @@ -22623,8 +22643,7 @@ CVE-2023-0549 (A vulnerability, which was classified as problematic, has been fo NOT-FOR-US: YAFNET CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...) NOT-FOR-US: WordPress plugin -CVE-2023-0547 - RESERVED +CVE-2023-0547 (OCSP revocation status of recipient certificates was not checked when ...) {DSA-5392-1 DLA-3400-1} - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547 @@ -24399,8 +24418,7 @@ CVE-2023-22319 RESERVED CVE-2023-22306 RESERVED -CVE-2023-0430 - RESERVED +CVE-2023-0430 (Certificate OCSP revocation status was not checked when verifying S/Mi ...) {DSA-5355-1 DLA-3324-1} - thunderbird 1:102.7.1+1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430 @@ -25522,12 +25540,10 @@ CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web API NOT-FOR-US: Spotipy CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...) NOT-FOR-US: Dasherr -CVE-2023-23606 - RESERVED +CVE-2023-23606 (Memory safety bugs present in Firefox 108. Some of these bugs showed e ...) - firefox 109.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606 -CVE-2023-23605 - RESERVED +CVE-2023-23605 (Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 @@ -25535,12 +25551,10 @@ CVE-2023-23605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23605 -CVE-2023-23604 - RESERVED +CVE-2023-23604 (A duplicate <code>SystemPrincipal</code> object could be created when ...) - firefox 109.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604 -CVE-2023-23603 - RESERVED +CVE-2023-23603 (Regular expressions used to filter out forbidden properties and values ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 @@ -25548,8 +25562,7 @@ CVE-2023-23603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603 -CVE-2023-23602 - RESERVED +CVE-2023-23602 (A mishandled security check when creating a WebSocket in a WebWorker c ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 @@ -25557,8 +25570,7 @@ CVE-2023-23602 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23602 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602 -CVE-2023-23601 - RESERVED +CVE-2023-23601 (Navigations were being allowed when dragging a URL from a cross-origin ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 @@ -25566,20 +25578,17 @@ CVE-2023-23601 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23601 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23601 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23601 -CVE-2023-23600 - RESERVED +CVE-2023-23600 (Per origin notification permissions were being stored in a way that di ...) - firefox <not-affected> (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23600 -CVE-2023-23599 - RESERVED +CVE-2023-23599 (When copying a network request from the developer tools panel as a cur ...) - firefox <not-affected> (Only affects Firefox on Windows) - firefox-esr <not-affected> (Only affects Firefox ESR on Windows) - thunderbird <not-affected> (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23599 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599 -CVE-2023-23598 - RESERVED +CVE-2023-23598 (Due to the Firefox GTK wrapper code's use of text/plain for drag data ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 @@ -25587,8 +25596,7 @@ CVE-2023-23598 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23598 -CVE-2023-23597 - RESERVED +CVE-2023-23597 (A compromised web child process could disable web security opening res ...) - firefox 109.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23597 CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate privil ...) @@ -31861,10 +31869,10 @@ CVE-2022-47619 RESERVED CVE-2022-47618 (Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator cr ...) NOT-FOR-US: Merit Lilin -CVE-2022-47617 - RESERVED -CVE-2022-47616 - RESERVED +CVE-2022-47617 (Hitron CODA-5310 has hard-coded encryption/decryption keys in the prog ...) + TODO: check +CVE-2022-47616 (Hitron CODA-5310 has insufficient filtering for specific parameters in ...) + TODO: check CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013 WordPress LMS P ...) NOT-FOR-US: WordPress plugin CVE-2022-47614 @@ -37314,10 +37322,10 @@ CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keybo NOTE: Fixed by: https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24 (v0.4.3) CVE-2022-46309 (Vitals ESP upload function has a path traversal vulnerability. A remot ...) NOT-FOR-US: Vitals ESP -CVE-2022-46308 - RESERVED -CVE-2022-46307 - RESERVED +CVE-2022-46308 (SGUDA U-Lock central lock control service\u2019s user management funct ...) + TODO: check +CVE-2022-46307 (SGUDA U-Lock central lock control service\u2019s lock management funct ...) + TODO: check CVE-2022-46306 (ChangingTec ServiSign component has a path traversal vulnerability due ...) NOT-FOR-US: ChangingTec ServiSign CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerability. An ...) @@ -101132,8 +101140,8 @@ CVE-2022-0548 RESERVED CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a ...) NOT-FOR-US: Mirametrix Glance -CVE-2022-24695 - RESERVED +CVE-2022-24695 (Bluetooth Classic in Bluetooth Core Specification through 5.3 does not ...) + TODO: check CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...) - mahara <removed> CVE-2022-24693 (Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB ...) |