From 49b3767a97813d17875235cae51287015c727bbf Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 28 Mar 2023 08:10:18 +0000 Subject: automatic update --- data/CVE/list | 499 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 254 insertions(+), 245 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index e5cec8307b..e21935257c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,25 @@ +CVE-2023-28934 + RESERVED +CVE-2023-28933 + RESERVED +CVE-2023-28932 + RESERVED +CVE-2023-28931 + RESERVED +CVE-2023-28930 + RESERVED +CVE-2023-28929 + RESERVED +CVE-2023-28928 + RESERVED +CVE-2023-1668 + RESERVED +CVE-2023-1667 + RESERVED +CVE-2023-1666 (A vulnerability has been found in SourceCodester Automatic Question Pa ...) + TODO: check +CVE-2023-1665 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + TODO: check CVE-2023-28927 RESERVED CVE-2023-28926 @@ -69,6 +91,7 @@ CVE-2023-28894 CVE-2023-28893 RESERVED CVE-2023-1664 + RESERVED NOT-FOR-US: Keycloak CVE-2023-1663 RESERVED @@ -104,8 +127,8 @@ CVE-2023-1650 RESERVED CVE-2023-1649 RESERVED -CVE-2023-1648 - RESERVED +CVE-2023-1648 (An issue has been discovered in GitLab DAST API scanner affecting all ...) + TODO: check CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...) NOT-FOR-US: JetBrains Hub CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...) @@ -208,8 +231,7 @@ CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after canceling TODO: check CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products, leaves a ...) TODO: check -CVE-2023-1637 [x86/speculation: Restore speculation related MSRs during S3 resume] - RESERVED +CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative execution ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 @@ -891,12 +913,12 @@ CVE-2023-1525 RESERVED CVE-2023-1524 RESERVED -CVE-2023-28655 - RESERVED -CVE-2023-28652 - RESERVED -CVE-2023-28650 - RESERVED +CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...) + TODO: check +CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...) + TODO: check +CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...) + TODO: check CVE-2023-28647 RESERVED CVE-2023-28646 @@ -911,12 +933,12 @@ CVE-2023-28642 RESERVED CVE-2023-28641 RESERVED -CVE-2023-28640 - RESERVED +CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Due to a ...) + TODO: check CVE-2023-28639 RESERVED -CVE-2023-28638 - RESERVED +CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...) + TODO: check CVE-2023-28637 RESERVED CVE-2023-28636 @@ -931,14 +953,14 @@ CVE-2023-28632 RESERVED CVE-2023-28631 RESERVED -CVE-2023-28630 - RESERVED -CVE-2023-28629 - RESERVED -CVE-2023-28628 - RESERVED -CVE-2023-28627 - RESERVED +CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...) + TODO: check +CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...) + TODO: check +CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...) + TODO: check +CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...) + TODO: check CVE-2023-28626 RESERVED CVE-2023-28625 @@ -959,10 +981,10 @@ CVE-2023-28618 RESERVED CVE-2023-28391 RESERVED -CVE-2023-27927 - RESERVED -CVE-2023-22300 - RESERVED +CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...) + TODO: check +CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...) + TODO: check CVE-2023-1523 RESERVED CVE-2023-1522 @@ -1121,10 +1143,10 @@ CVE-2023-28599 RESERVED CVE-2023-28598 RESERVED -CVE-2023-28597 - RESERVED -CVE-2023-28596 - RESERVED +CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...) + TODO: check +CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...) + TODO: check CVE-2023-28595 RESERVED CVE-2023-28594 @@ -1615,8 +1637,8 @@ CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster de - minio (bug #859207) CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's ...) NOT-FOR-US: Frontier -CVE-2023-28430 - RESERVED +CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app message serv ...) + TODO: check CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...) NOT-FOR-US: Pimcore CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...) @@ -2475,8 +2497,7 @@ CVE-2023-28159 RESERVED - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159 -CVE-2023-1380 - RESERVED +CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...) - linux NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1 NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u @@ -2750,8 +2771,8 @@ CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL repre NOT-FOR-US: silverstripe/graphql CVE-2023-28103 RESERVED -CVE-2023-28102 - RESERVED +CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In disco ...) + TODO: check CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...) - flatpak 1.14.4-1 (bug #1033098) [bullseye] - flatpak (Minor issue) @@ -4013,8 +4034,8 @@ CVE-2023-27702 RESERVED CVE-2023-27701 RESERVED -CVE-2023-27700 - RESERVED +CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) + TODO: check CVE-2023-27699 RESERVED CVE-2023-27698 @@ -5262,39 +5283,32 @@ CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in Mattermos - mattermost-server (bug #823556) CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/runs API ...) - mattermost-server (bug #823556) -CVE-2023-1079 - RESERVED +CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be triggere ...) - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4 -CVE-2023-1078 - RESERVED +CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...) - linux 6.1.12-1 NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d -CVE-2023-1077 - RESERVED +CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type confused ...) - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97 NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7 -CVE-2023-1076 - RESERVED +CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...) - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff NOTE: https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5 -CVE-2023-1075 - RESERVED +CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectl ...) - linux 6.1.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ffe2a22562444720b05bdfeb999c03e810d84cbb NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6 -CVE-2023-1074 - RESERVED +CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream Control Tran ...) - linux 6.1.11-1 NOTE: https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1 -CVE-2023-1073 - RESERVED +CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel’s human i ...) - linux 6.1.11-1 NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3 @@ -6050,8 +6064,8 @@ CVE-2023-26926 RESERVED CVE-2023-26925 RESERVED -CVE-2023-26924 - RESERVED +CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...) + TODO: check CVE-2023-26923 RESERVED CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...) @@ -6804,12 +6818,12 @@ CVE-2023-26551 RESERVED CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...) NOT-FOR-US: BMC Control-M -CVE-2023-26549 - RESERVED -CVE-2023-26548 - RESERVED -CVE-2023-26547 - RESERVED +CVE-2023-26549 (The SystemUI module has a vulnerability of repeated app restart due to ...) + TODO: check +CVE-2023-26548 (The pgmng module has a vulnerability in serialization/deserialization. ...) + TODO: check +CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/deserializ ...) + TODO: check CVE-2023-26546 RESERVED CVE-2023-24544 @@ -6857,38 +6871,38 @@ CVE-2023-1032 NOTE: https://git.kernel.org/linus/649c15c7691e9b13cbe9bf6c65c365350e056067 CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) NOT-FOR-US: Zoho ManageEngine -CVE-2022-48361 - RESERVED -CVE-2022-48360 - RESERVED -CVE-2022-48359 - RESERVED -CVE-2022-48358 - RESERVED -CVE-2022-48357 - RESERVED -CVE-2022-48356 - RESERVED -CVE-2022-48355 - RESERVED -CVE-2022-48354 - RESERVED -CVE-2022-48353 - RESERVED -CVE-2022-48352 - RESERVED -CVE-2022-48351 - RESERVED -CVE-2022-48350 - RESERVED -CVE-2022-48349 - RESERVED -CVE-2022-48348 - RESERVED -CVE-2022-48347 - RESERVED -CVE-2022-48346 - RESERVED +CVE-2022-48361 (The Always On Display (AOD) has a path traversal vulnerability in them ...) + TODO: check +CVE-2022-48360 (The facial recognition module has a vulnerability in file permission c ...) + TODO: check +CVE-2022-48359 (The recovery mode for updates has a vulnerability that causes arbitrar ...) + TODO: check +CVE-2022-48358 (The BatteryHealthActivity has a redirection vulnerability. Successful ...) + TODO: check +CVE-2022-48357 (Some products have the double fetch vulnerability. Successful exploita ...) + TODO: check +CVE-2022-48356 (The facial recognition module has a vulnerability in input parameter v ...) + TODO: check +CVE-2022-48355 (The Bluetooth module has a heap out-of-bounds read vulnerability. Succ ...) + TODO: check +CVE-2022-48354 (The Bluetooth module has a heap out-of-bounds write vulnerability. Suc ...) + TODO: check +CVE-2022-48353 (Some smartphones have configuration issues. Successful exploitation of ...) + TODO: check +CVE-2022-48352 (Some smartphones have data initialization issues. Successful exploitat ...) + TODO: check +CVE-2022-48351 (The secure OS module has configuration defects. Successful exploitatio ...) + TODO: check +CVE-2022-48350 (The HUAWEI Messaging app has a vulnerability of unauthorized file acce ...) + TODO: check +CVE-2022-48349 (The control component has a spoofing vulnerability. Successful exploit ...) + TODO: check +CVE-2022-48348 (The MediaProvider module has a vulnerability of unauthorized data read ...) + TODO: check +CVE-2022-48347 (The MediaProvider module has a vulnerability in permission verificatio ...) + TODO: check +CVE-2022-48346 (The HwContacts module has a logic bypass vulnerability. Successful exp ...) + TODO: check CVE-2020-36662 RESERVED CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...) @@ -7082,8 +7096,8 @@ CVE-2023-26495 RESERVED CVE-2023-26494 RESERVED -CVE-2023-26493 - RESERVED +CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...) + TODO: check CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...) @@ -8752,8 +8766,8 @@ CVE-2021-46874 RESERVED CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...) TODO: check -CVE-2023-25908 - RESERVED +CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...) + TODO: check CVE-2023-25907 RESERVED CVE-2023-25906 @@ -8812,38 +8826,38 @@ CVE-2023-25880 RESERVED CVE-2023-25879 RESERVED -CVE-2023-25878 - RESERVED -CVE-2023-25877 - RESERVED -CVE-2023-25876 - RESERVED -CVE-2023-25875 - RESERVED -CVE-2023-25874 - RESERVED -CVE-2023-25873 - RESERVED -CVE-2023-25872 - RESERVED -CVE-2023-25871 - RESERVED -CVE-2023-25870 - RESERVED -CVE-2023-25869 - RESERVED -CVE-2023-25868 - RESERVED -CVE-2023-25867 - RESERVED -CVE-2023-25866 - RESERVED -CVE-2023-25865 - RESERVED -CVE-2023-25864 - RESERVED -CVE-2023-25863 - RESERVED +CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check +CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + TODO: check CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) @@ -8948,10 +8962,10 @@ CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a se - nextcloud-server (bug #941708) CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...) NOT-FOR-US: Discourse -CVE-2023-25818 - RESERVED -CVE-2023-25817 - RESERVED +CVE-2023-25818 (Nextcloud server is an open source, personal cloud implementation. In ...) + TODO: check +CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementation. In ...) + TODO: check CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...) - nextcloud-server (bug #941708) CVE-2023-25815 @@ -9608,8 +9622,7 @@ CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub re NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-0779 RESERVED -CVE-2023-0778 - RESERVED +CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...) - libpod (bug #1032099) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256 NOTE: https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8 @@ -9659,8 +9672,8 @@ CVE-2023-25663 (TensorFlow is an open source platform for machine learning. Prio - tensorflow (bug #804612) CVE-2023-25662 (TensorFlow is an open source platform for machine learning. Versions p ...) - tensorflow (bug #804612) -CVE-2023-25661 - RESERVED +CVE-2023-25661 (TensorFlow is an Open Source Machine Learning Framework. In versions p ...) + TODO: check CVE-2023-25660 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25659 (TensorFlow is an open source platform for machine learning. Prior to v ...) @@ -10731,12 +10744,12 @@ CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversa NOT-FOR-US: Docmosis Tornado CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...) NOT-FOR-US: Docmosis Tornado -CVE-2023-25263 - RESERVED -CVE-2023-25262 - RESERVED -CVE-2023-25261 - RESERVED +CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attac ...) + TODO: check +CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Se ...) + TODO: check +CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...) + TODO: check CVE-2023-25260 RESERVED CVE-2023-25259 @@ -12486,8 +12499,8 @@ CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploi NOT-FOR-US: Huawei CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...) NOT-FOR-US: Huawei -CVE-2022-48291 - RESERVED +CVE-2022-48291 (The Bluetooth module has an authentication bypass vulnerability in the ...) + TODO: check CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...) NOT-FOR-US: Huawei CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...) @@ -12882,8 +12895,7 @@ CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF che NOT-FOR-US: WordPress plugin CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...) NOT-FOR-US: WordPress plugin -CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses] - RESERVED +CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a danglin ...) {DSA-5342-1 DLA-3310-1} - xorg-server 2:21.1.7-1 (bug #1030777) - xwayland 2:22.1.8-1 @@ -13345,8 +13357,8 @@ CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 2 NOT-FOR-US: Temenos CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected cross-sit ...) NOT-FOR-US: Tenemos -CVE-2023-24366 - RESERVED +CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0 allows atta ...) + TODO: check CVE-2023-24365 RESERVED CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...) @@ -15423,8 +15435,8 @@ CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate p NOT-FOR-US: WordPress plugin CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...) NOT-FOR-US: saemorris TheRadSystem -CVE-2023-0326 - RESERVED +CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...) + TODO: check CVE-2023-0325 RESERVED CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...) @@ -16011,8 +16023,8 @@ CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS NOT-FOR-US: TuziCMS CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different privileg ...) NOT-FOR-US: Rapid7 -CVE-2023-0241 - RESERVED +CVE-2023-0241 (pgAdmin 4 versions prior to v6.19 contains a directory traversal vulne ...) + TODO: check CVE-2023-0240 (There is a logic error in io_uring's implementation which can be used ...) {DLA-3349-1} - linux 5.14.6-1 @@ -16319,8 +16331,8 @@ CVE-2023-23332 RESERVED CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...) NOT-FOR-US: Amano Xoffice -CVE-2023-23330 - RESERVED +CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable ...) + TODO: check CVE-2023-23329 RESERVED CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...) @@ -17328,8 +17340,7 @@ CVE-2023-0181 RESERVED CVE-2023-0180 RESERVED -CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits] - RESERVED +CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter subsystem i ...) {DSA-5324-1 DLA-3349-1} - linux 6.1.7-1 [buster] - linux (Vulnerable code not present) @@ -17409,8 +17420,7 @@ CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x throu NOT-FOR-US: MediaWiki extension MobileFrontend CVE-2023-22908 RESERVED -CVE-2023-0210 - RESERVED +CVE-2023-0210 (A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and ...) - linux 6.1.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -18654,7 +18664,7 @@ CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that coul CVE-2023-22609 REJECTED CVE-2023-22608 - RESERVED + REJECTED - binutils 2.40-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29936 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09 (binutils-2_40) @@ -21543,16 +21553,16 @@ CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected NOT-FOR-US: Adobe CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe -CVE-2023-22251 - RESERVED -CVE-2023-22250 - RESERVED -CVE-2023-22249 - RESERVED +CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + TODO: check +CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + TODO: check +CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + TODO: check CVE-2023-22248 RESERVED -CVE-2023-22247 - RESERVED +CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + TODO: check CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-22245 @@ -26193,10 +26203,10 @@ CVE-2022-46287 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTE NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...) NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM -CVE-2022-46416 - RESERVED -CVE-2022-46415 - RESERVED +CVE-2022-46416 (Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate term ...) + TODO: check +CVE-2022-46415 (DJI Spark 01.00.0900 allows remote attackers to prevent legitimate ter ...) + TODO: check CVE-2022-46414 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) NOT-FOR-US: Veritas CVE-2022-46413 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) @@ -28083,8 +28093,8 @@ CVE-2022-45827 RESERVED CVE-2022-45826 RESERVED -CVE-2022-45825 - RESERVED +CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...) + TODO: check CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Ca ...) NOT-FOR-US: WordPress plugin CVE-2022-45823 @@ -32835,8 +32845,8 @@ CVE-2023-20862 RESERVED CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...) TODO: check -CVE-2023-20860 - RESERVED +CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...) + TODO: check CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...) TODO: check CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...) @@ -40431,8 +40441,8 @@ CVE-2022-42449 RESERVED CVE-2022-42448 RESERVED -CVE-2022-42447 - RESERVED +CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). Thi ...) + TODO: check CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by default. Aft ...) NOT-FOR-US: HCL CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...) @@ -45373,127 +45383,127 @@ CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program of CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...) NOT-FOR-US: Zyxel CVE-2022-40601 - RESERVED + REJECTED CVE-2022-40600 - RESERVED + REJECTED CVE-2022-40599 - RESERVED + REJECTED CVE-2022-40598 - RESERVED + REJECTED CVE-2022-40597 - RESERVED + REJECTED CVE-2022-40596 - RESERVED + REJECTED CVE-2022-40595 - RESERVED + REJECTED CVE-2022-40594 - RESERVED + REJECTED CVE-2022-40593 - RESERVED + REJECTED CVE-2022-40592 - RESERVED + REJECTED CVE-2022-40591 - RESERVED + REJECTED CVE-2022-40590 - RESERVED + REJECTED CVE-2022-40589 - RESERVED + REJECTED CVE-2022-40588 - RESERVED + REJECTED CVE-2022-40587 - RESERVED + REJECTED CVE-2022-40586 - RESERVED + REJECTED CVE-2022-40585 - RESERVED + REJECTED CVE-2022-40584 - RESERVED + REJECTED CVE-2022-40583 - RESERVED + REJECTED CVE-2022-40582 - RESERVED + REJECTED CVE-2022-40581 - RESERVED + REJECTED CVE-2022-40580 - RESERVED + REJECTED CVE-2022-40579 - RESERVED + REJECTED CVE-2022-40578 - RESERVED + REJECTED CVE-2022-40577 - RESERVED + REJECTED CVE-2022-40576 - RESERVED + REJECTED CVE-2022-40575 - RESERVED + REJECTED CVE-2022-40574 - RESERVED + REJECTED CVE-2022-40573 - RESERVED + REJECTED CVE-2022-40572 - RESERVED + REJECTED CVE-2022-40571 - RESERVED + REJECTED CVE-2022-40570 - RESERVED + REJECTED CVE-2022-40569 - RESERVED + REJECTED CVE-2022-40568 - RESERVED + REJECTED CVE-2022-40567 - RESERVED + REJECTED CVE-2022-40566 - RESERVED + REJECTED CVE-2022-40565 - RESERVED + REJECTED CVE-2022-40564 - RESERVED + REJECTED CVE-2022-40563 - RESERVED + REJECTED CVE-2022-40562 - RESERVED + REJECTED CVE-2022-40561 - RESERVED + REJECTED CVE-2022-40560 - RESERVED + REJECTED CVE-2022-40559 - RESERVED + REJECTED CVE-2022-40558 - RESERVED + REJECTED CVE-2022-40557 - RESERVED + REJECTED CVE-2022-40556 - RESERVED + REJECTED CVE-2022-40555 - RESERVED + REJECTED CVE-2022-40554 - RESERVED + REJECTED CVE-2022-40553 - RESERVED + REJECTED CVE-2022-40552 - RESERVED + REJECTED CVE-2022-40551 - RESERVED + REJECTED CVE-2022-40550 - RESERVED + REJECTED CVE-2022-40549 - RESERVED + REJECTED CVE-2022-40548 - RESERVED + REJECTED CVE-2022-40547 - RESERVED + REJECTED CVE-2022-40546 - RESERVED + REJECTED CVE-2022-40545 - RESERVED + REJECTED CVE-2022-40544 - RESERVED + REJECTED CVE-2022-40543 - RESERVED + REJECTED CVE-2022-40542 - RESERVED + REJECTED CVE-2022-40541 - RESERVED + REJECTED CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Qualcomm CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation ...) @@ -47255,8 +47265,8 @@ CVE-2022-39799 (An attacker with no prior authentication could craft and send ma NOT-FOR-US: SAP CVE-2022-3117 REJECTED -CVE-2022-3116 - RESERVED +CVE-2022-3116 (The Heimdal Software Kerberos 5 implementation is vulnerable to a null ...) + TODO: check CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 @@ -61224,8 +61234,7 @@ CVE-2022-2239 (The Request a Quote WordPress plugin through 2.3.7 does not sanit NOT-FOR-US: WordPress plugin CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat Advan ...) NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron -CVE-2022-2237 - RESERVED +CVE-2022-2237 (A flaw was found in the Keycloak Node.js Adapter. This flaw allows an ...) NOT-FOR-US: Keycloak CVE-2022-2236 RESERVED @@ -110013,8 +110022,7 @@ CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve rem NOT-FOR-US: ChurchInfo CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...) - mantis -CVE-2021-3923 - RESERVED +CVE-2021-3923 (A flaw was found in the Linux kernel's implementation of RDMA over inf ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 @@ -171515,7 +171523,8 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...) - apache2 (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321 -CVE-2021-20324 (A flaw was found in WildFly Elytron. A variation to the use of a sessi ...) +CVE-2021-20324 + REJECTED NOT-FOR-US: WildFly Elytron CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on has been ...) NOT-FOR-US: Keycloak -- cgit v1.2.3