Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ba1fa0e by security tracker role at 2023-08-10T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to
unauthorized loss ...)
+ TODO: check
+CVE-2023-4275
+ REJECTED
+CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in
classifiers ( ...)
+ TODO: check
+CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count
bounds chec ...)
+ TODO: check
+CVE-2023-39966 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2023-39965 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2023-39964 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2023-39963 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-39962 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-39961 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-39959 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio
calls thr ...)
+ TODO: check
+CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud
platfor ...)
+ TODO: check
+CVE-2023-39954 (user_oidc provides the OIDC connect user backend for
Nextcloud, an ope ...)
+ TODO: check
+CVE-2023-39953 (user_oidc provides the OIDC connect user backend for
Nextcloud, an ope ...)
+ TODO: check
+CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2023-39805 (iCMS v7.0.16 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2023-39776 (A File Upload vulnerability in PHPJabbers Ticket Support
Script v3.2 a ...)
+ TODO: check
+CVE-2023-39314 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Teplitsa ...)
+ TODO: check
+CVE-2023-38830 (An information leak in PHPJabbers Yacht Listing Script v1.0
allows att ...)
+ TODO: check
+CVE-2023-38397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Egge ...)
+ TODO: check
+CVE-2023-38248 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38247 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38246 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38245 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38244 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38243 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38242 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38241 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38240 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38239 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38238 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38237 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38236 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38235 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38234 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38233 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38232 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38231 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38230 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38229 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38228 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38227 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38226 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38225 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38224 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38223 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38222 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
+CVE-2023-38210 (Adobe XMP Toolkit versions 2022.06 is affected by a
Uncontrolled Resou ...)
+ TODO: check
+CVE-2023-38034 (A command injection vulnerability in the DHCP Client function
of all U ...)
+ TODO: check
+CVE-2023-37988 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Creative ...)
+ TODO: check
+CVE-2023-37983 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-37734 (EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to
contain a ...)
+ TODO: check
+CVE-2023-37625 (A stored cross-site scripting (XSS) vulnerability in Netbox
v3.4.7 all ...)
+ TODO: check
+CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object
Reference) for ...)
+ TODO: check
+CVE-2023-37388 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Sudi ...)
+ TODO: check
+CVE-2023-37069 (Code-Projects Online Hospital Management System V1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2023-36530 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Smar ...)
+ TODO: check
+CVE-2023-36315 (There is a Cross Site Scripting (XSS) vulnerability in the
"action" pa ...)
+ TODO: check
+CVE-2023-36314 (There is a Cross Site Scripting (XSS) vulnerability in the
value-text- ...)
+ TODO: check
+CVE-2023-36313 (PHPJabbers Document Creator v1.0 is vulnerable to Cross Site
Scripting ...)
+ TODO: check
+CVE-2023-36312 (There is a Cross Site Scripting (XSS) vulnerability in the
value-enum- ...)
+ TODO: check
+CVE-2023-36311 (There is a SQL injection (SQLi) vulnerability in the "column"
paramete ...)
+ TODO: check
+CVE-2023-36310 (There is a Cross Site Scripting (XSS) vulnerability in the
"column" pa ...)
+ TODO: check
+CVE-2023-36309 (There is a Cross Site Scripting (XSS) vulnerability in the
"action" pa ...)
+ TODO: check
+CVE-2023-35085 (An integer overflow vulnerability in all UniFi Access Points
and Switc ...)
+ TODO: check
+CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Rah ...)
+ TODO: check
+CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing.
Fixed in ...)
+ TODO: check
+CVE-2023-32566 (An attacker can send a specially crafted request which could
lead to l ...)
+ TODO: check
+CVE-2023-32565 (An attacker can send a specially crafted request which could
lead to l ...)
+ TODO: check
+CVE-2023-32564 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
+ TODO: check
+CVE-2023-32563 (An unauthenticated attacker could achieve the code execution
through a ...)
+ TODO: check
+CVE-2023-32562 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
+ TODO: check
+CVE-2023-32561 (A previously generated artifact by an administrator could be
accessed ...)
+ TODO: check
+CVE-2023-32560 (An attacker can send a specially crafted message to the
Wavelink Avala ...)
+ TODO: check
CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
- postgresql-15 15.4-1
- postgresql-13 <not-affected> (Only affects 15.x)
@@ -656,7 +812,8 @@ CVE-2023-36923 (SAP SQLA for PowerDesigner 17 bundled with
SAP PowerDesigner 16.
NOT-FOR-US: SAP
CVE-2023-33993 (B1i module of SAP Business One - version 10.0, application
allows an a ...)
NOT-FOR-US: SAP
-CVE-2023-4205 (An out-of-bounds memory access flaw was found in the Linux
kernel\u201 ...)
+CVE-2023-4205
+ REJECTED
- linux <unfixed>
NOTE: https://www.spinics.net/lists/kernel/msg4876594.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2228101
@@ -11610,8 +11767,8 @@ CVE-2023-31211
RESERVED
CVE-2023-31210
RESERVED
-CVE-2023-31209
- RESERVED
+CVE-2023-31209 (Improper neutralization of active check command arguments in
Checkmk < ...)
+ TODO: check
CVE-2023-31208 (Improper neutralization of livestatus command delimiters in
the RestAP ...)
- check-mk <removed>
CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk
<= 2.1. ...)
@@ -14055,8 +14212,8 @@ CVE-2023-30483
RESERVED
CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
TODO: check
-CVE-2023-30481
- RESERVED
+CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Alexey G ...)
+ TODO: check
CVE-2023-30480
RESERVED
CVE-2023-30479
@@ -17100,8 +17257,8 @@ CVE-2023-29322 (Adobe Experience Manager versions
6.5.16.0 (and earlier) is affe
NOT-FOR-US: Adobe
CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and
earlier) a ...)
NOT-FOR-US: Adobe
-CVE-2023-29320
- RESERVED
+CVE-2023-29320 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
NOT-FOR-US: Adobe
CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
@@ -17134,16 +17291,16 @@ CVE-2023-29305
RESERVED
CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
-CVE-2023-29303
- RESERVED
+CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
NOT-FOR-US: Adobe
-CVE-2023-29299
- RESERVED
+CVE-2023-29299 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
+ TODO: check
CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and
earlier) an ...)
@@ -18927,8 +19084,8 @@ CVE-2023-28781 (Unauth. Stored Cross-Site Scripting
(XSS) vulnerability in Cimat
NOT-FOR-US: WordPress plugin
CVE-2023-28780
RESERVED
-CVE-2023-28779
- RESERVED
+CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Vladimir ...)
+ TODO: check
CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Best ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28777
@@ -21376,8 +21533,8 @@ CVE-2023-28131 (A vulnerability in the expo.io
framework allows an attacker to t
NOT-FOR-US: expo.io
CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal
hostname ...)
NOT-FOR-US: Gaia Portal
-CVE-2023-28129
- RESERVED
+CVE-2023-28129 (Desktop & Server Management (DSM) may have a possible
execution of arb ...)
+ TODO: check
CVE-2023-28128 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
NOT-FOR-US: Avalanche
CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version
6.3.x and b ...)
@@ -26447,12 +26604,12 @@ CVE-2023-26313
RESERVED
CVE-2023-26312
RESERVED
-CVE-2023-26311
- RESERVED
+CVE-2023-26311 (A remote code execution vulnerability in the webview component
of OPPO ...)
+ TODO: check
CVE-2023-26310 (There is a command injection problem in the old version of the
mobile ...)
TODO: check
-CVE-2023-26309
- RESERVED
+CVE-2023-26309 (A remote code execution vulnerability in the webview component
of OneP ...)
+ TODO: check
CVE-2023-26308
RESERVED
CVE-2023-26307
@@ -31817,6 +31974,7 @@ CVE-2023-24543
RESERVED
CVE-2023-23908
RESERVED
+ {DSA-5474-1}
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -32532,16 +32690,16 @@ CVE-2023-24395 (Cross-Site Request Forgery (CSRF)
vulnerability in Scott Paterso
NOT-FOR-US: WordPress plugin
CVE-2023-24394
RESERVED
-CVE-2023-24393
- RESERVED
+CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Sk. ...)
+ TODO: check
CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24391
- RESERVED
+CVE-2023-24391 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Spid ...)
+ TODO: check
CVE-2023-24390 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WeSe ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24389
- RESERVED
+CVE-2023-24389 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in bran ...)
+ TODO: check
CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt
Booking ca ...)
NOT-FOR-US: WpDevArt Booking calendar, Appointment Booking System plugin
CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPde ...)
@@ -33463,8 +33621,8 @@ CVE-2023-24011
RESERVED
CVE-2023-24010
RESERVED
-CVE-2023-24009
- RESERVED
+CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre
Maspik \u20 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in
TheOnlineHero - Tom ...)
@@ -33792,8 +33950,8 @@ CVE-2023-23912 (A vulnerability, found in EdgeRouters
Version 2.0.9-hotfix.5 and
NOT-FOR-US: EdgeRouters
CVE-2023-23911 (An improper access control vulnerability exists prior to v6
that could ...)
NOT-FOR-US: open.rocket.chat
-CVE-2023-23900
- RESERVED
+CVE-2023-23900 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
YIKES, I ...)
+ TODO: check
CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
Extension ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -33850,8 +34008,8 @@ CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23872
RESERVED
-CVE-2023-23871
- RESERVED
+CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Webd ...)
+ TODO: check
CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in wpde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit
Agarwal Google ...)
@@ -33994,12 +34152,12 @@ CVE-2023-23830 (Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Pr
NOT-FOR-US: WordPress plugin
CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pier ...)
TODO: check
-CVE-2023-23828
- RESERVED
+CVE-2023-23828 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Googl ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23826
- RESERVED
+CVE-2023-23826 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23825
RESERVED
CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36
versions.)
@@ -34054,8 +34212,8 @@ CVE-2023-23800
RESERVED
CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in Leon ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23798
- RESERVED
+CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in
SecondLineThemes Au ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23796
@@ -35617,8 +35775,8 @@ CVE-2023-23344 (A permission issue in BigFix WebUI
Insights site version 14 allo
NOT-FOR-US: BigFix
CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal
Server v ...)
NOT-FOR-US: BigFix
-CVE-2023-23342
- RESERVED
+CVE-2023-23342 (If certain local files are manipulated in a certain manner,
the valida ...)
+ TODO: check
CVE-2023-23341
RESERVED
CVE-2023-23340
@@ -40986,8 +41144,8 @@ CVE-2022-47638
RESERVED
CVE-2022-47637
RESERVED
-CVE-2022-47636
- RESERVED
+CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in
OutSystems Servic ...)
+ TODO: check
CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214,
and WMS ...)
NOT-FOR-US: Wildix CMS
CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0
before R17 ...)
@@ -52433,8 +52591,8 @@ CVE-2022-44631 (Auth. (author+) Stored Cross-Site
Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2022-44630
RESERVED
-CVE-2022-44629
- RESERVED
+CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cata ...)
+ TODO: check
CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jump ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole
Simple S ...)
@@ -54761,6 +54919,7 @@ CVE-2023-20571
CVE-2023-20570
RESERVED
CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow
an atta ...)
+ {DSA-5475-1 DLA-3525-1}
- amd64-microcode 3.20230719.1
[bookworm] - amd64-microcode 3.20230719.1~deb12u1
[bullseye] - amd64-microcode 3.20230719.1~deb11u1
@@ -62069,6 +62228,7 @@ CVE-2022-41815
RESERVED
CVE-2022-41804
RESERVED
+ {DSA-5474-1}
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -62816,6 +62976,7 @@ CVE-2022-41314 (Uncontrolled search path in some
Intel(R) Network Adapter instal
NOT-FOR-US: Intel
CVE-2022-40982
RESERVED
+ {DSA-5475-1 DSA-5474-1 DLA-3525-1 DLA-3524-1}
- linux 6.4.4-3
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/5
@@ -101277,8 +101438,8 @@ CVE-2022-27863 (Sensitive Information Exposure in E4J
s.r.l. VikBooking Hotel Bo
NOT-FOR-US: Vikbooking
CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking
Hotel Bo ...)
NOT-FOR-US: Vikbooking
-CVE-2022-27861
- RESERVED
+CVE-2022-27861 (Unauth. Open Redirect vulnerability in Arscode Ninja Popups
plugin <=4 ...)
+ TODO: check
CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site
Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27859 (Multiple Authenticated (contributor or higher user role)
Stored Cross- ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ba1fa0eb6e0c384bc8f50ccd4ad74dcf7a2927d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ba1fa0eb6e0c384bc8f50ccd4ad74dcf7a2927d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
