Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
883bdac0 by security tracker role at 2023-11-07T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2023-5976 (Improper Access Control in GitHub repository
microweber/microweber pri ...)
+ TODO: check
+CVE-2023-5605 (The URL Shortify WordPress plugin through 1.7.8 does not
sanitise and ...)
+ TODO: check
+CVE-2023-5601 (The WooCommerce Ninja Forms Product Add-ons WordPress plugin
before 1. ...)
+ TODO: check
+CVE-2023-5530 (The Ninja Forms Contact Form WordPress plugin before 3.6.34
does not s ...)
+ TODO: check
+CVE-2023-5454 (The Templately WordPress plugin before 2.2.6 does not properly
authori ...)
+ TODO: check
+CVE-2023-5355 (The Awesome Support WordPress plugin before 6.1.5 does not
sanitize fi ...)
+ TODO: check
+CVE-2023-5354 (The Awesome Support WordPress plugin before 6.1.5 does not
sanitise an ...)
+ TODO: check
+CVE-2023-5352 (The Awesome Support WordPress plugin before 6.1.5 does not
correctly a ...)
+ TODO: check
+CVE-2023-5228 (The User Registration WordPress plugin before 3.0.4.2 does not
sanitiz ...)
+ TODO: check
+CVE-2023-5181 (The WP Discord Invite WordPress plugin before 2.5.2 does not
sanitise ...)
+ TODO: check
+CVE-2023-5082 (The History Log by click5 WordPress plugin before 1.0.13 does
not prop ...)
+ TODO: check
+CVE-2023-5076 (The Ziteboard Online Whiteboard plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-4930 (The Front End PM WordPress plugin before 11.4.3 does not block
listing ...)
+ TODO: check
+CVE-2023-4858 (The Simple Table Manager WordPress plugin through 1.5.6 does
not sanit ...)
+ TODO: check
+CVE-2023-4810 (The Responsive Pricing Table WordPress plugin before 5.1.8 does
not sa ...)
+ TODO: check
+CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user
accounts ...)
+ TODO: check
+CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x
through v.2.12 ...)
+ TODO: check
+CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2
through ...)
+ TODO: check
+CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to
4.0.6-p3, ...)
+ TODO: check
+CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums
v.1.8.33 allows ...)
+ TODO: check
+CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9
Pro v22.03 ...)
+ TODO: check
+CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda
RX9 Pro F ...)
+ TODO: check
+CVE-2023-42555 (Use of implicit intent for sensitive communication
vulnerability in Ea ...)
+ TODO: check
+CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to
version ...)
+ TODO: check
+CVE-2023-42553 (Improper authorization verification vulnerability in Samsung
Email pri ...)
+ TODO: check
+CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall
application prior ...)
+ TODO: check
+CVE-2023-42551 (Use of implicit intent for sensitive communication
vulnerability in st ...)
+ TODO: check
+CVE-2023-42550 (Use of implicit intent for sensitive communication
vulnerability in st ...)
+ TODO: check
+CVE-2023-42549 (Use of implicit intent for sensitive communication
vulnerability in st ...)
+ TODO: check
+CVE-2023-42548 (Use of implicit intent for sensitive communication
vulnerability in st ...)
+ TODO: check
+CVE-2023-42547 (Use of implicit intent for sensitive communication
vulnerability in st ...)
+ TODO: check
+CVE-2023-42546 (Use of implicit intent for sensitive communication
vulnerability in st ...)
+ TODO: check
+CVE-2023-42545 (Use of implicit intent for sensitive communication
vulnerability in Ph ...)
+ TODO: check
+CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to
13.5.52. ...)
+ TODO: check
+CVE-2023-42543 (Improper verification of intent by broadcast receiver
vulnerability in ...)
+ TODO: check
+CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service
prior to ...)
+ TODO: check
+CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push
Service p ...)
+ TODO: check
+CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior
to vers ...)
+ TODO: check
+CVE-2023-42539 (PendingIntent hijacking vulnerability in
ChallengeNotificationManager ...)
+ TODO: check
+CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped
prior to ...)
+ TODO: check
+CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior
to SMR ...)
+ TODO: check
+CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to
SMR Nov ...)
+ TODO: check
+CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR
Nov-2023 Releas ...)
+ TODO: check
+CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity
prior to SM ...)
+ TODO: check
+CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to
SMR Nov-2 ...)
+ TODO: check
+CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR
Nov-2023 Rel ...)
+ TODO: check
+CVE-2023-42531 (Improper access control vulnerability in SmsController prior
to SMR No ...)
+ TODO: check
+CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to
SMR Nov- ...)
+ TODO: check
+CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR
Nov-2023 R ...)
+ TODO: check
+CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering
of libse ...)
+ TODO: check
+CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of
libsec- ...)
+ TODO: check
+CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway
version 5. ...)
+ TODO: check
+CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version
5.0.3 a ...)
+ TODO: check
+CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE
Read-Onl ...)
+ TODO: check
+CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who
has acces ...)
+ TODO: check
+CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who
has acces ...)
+ TODO: check
+CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to
gain in ...)
+ TODO: check
+CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel
GS1900-24 ...)
+ TODO: check
+CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after
music pla ...)
+ TODO: check
+CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or
probe-resp ...)
+ TODO: check
+CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet
data from A ...)
+ TODO: check
+CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon
including ...)
+ TODO: check
+CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in
driver ...)
+ TODO: check
+CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.)
+ TODO: check
+CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.)
+ TODO: check
+CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN
management fram ...)
+ TODO: check
+CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from
ADSP sha ...)
+ TODO: check
+CVE-2019-25156 (A vulnerability classified as problematic was found in
dstar2018 Agenc ...)
+ TODO: check
CVE-2023-5969 (Mattermost fails to properly sanitize the request
to/api/v4/redirect_l ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-5968 (Mattermost fails to properly sanitize the user object when
updating th ...)
@@ -2405,7 +2545,7 @@ CVE-2021-46898 (views/switch.py in django-grappelli (aka
Django Grappelli) befor
NOT-FOR-US: Django Grappelli
CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed
CMS or co ...)
NOT-FOR-US: Wagtail CRX CodeRed Extensions
-CVE-2023-46728 [SQUID-2021:8 Denial of Service in Gopher gateway]
+CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS,
FTP, and ...)
- squid 6.1-1
NOTE: No code fix, gopher support was removed:
NOTE:
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
(SQUID_6_0_1)
@@ -13773,7 +13913,7 @@ CVE-2023-38172 (Microsoft Message Queuing Denial of
Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability)
+CVE-2023-38169 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege
Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -26700,8 +26840,8 @@ CVE-2023-30741 (Due to insufficient input validation,
SAP BusinessObjects Busine
NOT-FOR-US: SAP
CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions
420, 430 ...)
NOT-FOR-US: SAP
-CVE-2023-30739
- RESERVED
+CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril
prior to S ...)
+ TODO: check
CVE-2023-30738 (An improper input validation in UEFI Firmware prior to
Firmware update ...)
NOT-FOR-US: Samsung
CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior
to versi ...)
@@ -33394,30 +33534,30 @@ CVE-2023-28576 (The buffer obtained from kernel APIs
such as cam_mem_get_cpu_buf
NOT-FOR-US: Qualcomm
CVE-2023-28575 (The cam_get_device_priv function does not check the type of
handle bei ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28574
- RESERVED
+CVE-2023-28574 (Memory corruption in core services when Diag handler receives
a comman ...)
+ TODO: check
CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command
parameters.)
NOT-FOR-US: Qualcomm
-CVE-2023-28572
- RESERVED
+CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan
descript ...)
+ TODO: check
CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN
scan des ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28570
- RESERVED
-CVE-2023-28569
- RESERVED
-CVE-2023-28568
- RESERVED
+CVE-2023-28570 (Memory corruption while processing audio effects.)
+ TODO: check
+CVE-2023-28569 (Information disclosure in WLAN HAL while handling command
through WMI ...)
+ TODO: check
+CVE-2023-28568 (Information disclosure in WLAN HAL when reception status
handler is ca ...)
+ TODO: check
CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through
WMI inter ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28566
- RESERVED
+CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI
state info c ...)
+ TODO: check
CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams
through W ...)
NOT-FOR-US: Qualcomm
CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters
through ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28563
- RESERVED
+CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI
command.)
+ TODO: check
CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
NOT-FOR-US: Qualcomm
CVE-2023-28561 (Memory corruption in QESL while processing payload from
external ESL d ...)
@@ -33430,14 +33570,14 @@ CVE-2023-28558 (Memory corruption in WLAN handler
while processing PhyID in Tx s
NOT-FOR-US: Qualcomm
CVE-2023-28557 (Memory corruption in WLAN HAL while processing command
parameters from ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28556
- RESERVED
+CVE-2023-28556 (Cryptographic issue in HLOS during key management.)
+ TODO: check
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media
codec d ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28554
- RESERVED
-CVE-2023-28553
- RESERVED
+CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values
from share ...)
+ TODO: check
+CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event
command.)
+ TODO: check
CVE-2023-28552
RESERVED
CVE-2023-28551
@@ -33452,8 +33592,8 @@ CVE-2023-28547
RESERVED
CVE-2023-28546
RESERVED
-CVE-2023-28545
- RESERVED
+CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)
+ TODO: check
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from
HLOS to ...)
NOT-FOR-US: Qualcomm
CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library
due to o ...)
@@ -44678,8 +44818,8 @@ CVE-2023-24854 (Memory Corruption in WLAN HOST while
parsing QMI WLAN Firmware r
NOT-FOR-US: Qualcomm
CVE-2023-24853 (Memory Corruption in HLOS while registering for key
provisioning notif ...)
NOT-FOR-US: Qualcomm
-CVE-2023-24852
- RESERVED
+CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user
while lo ...)
+ TODO: check
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response
message from ...)
NOT-FOR-US: Qualcomm
CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key
into Key ...)
@@ -54009,8 +54149,8 @@ CVE-2022-4635
RESERVED
CVE-2021-4275 (A vulnerability, which was classified as problematic, was found
in kat ...)
NOT-FOR-US: pyambic-pentameter
-CVE-2023-22388
- RESERVED
+CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while
processing bit ma ...)
+ TODO: check
CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX
write leadin ...)
NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW
request to all ...)
@@ -58771,8 +58911,8 @@ CVE-2023-21673 (Improper Access to the VM resource
manager can lead to Memory Co
NOT-FOR-US: Qualcomm
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel
playback or ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21671
- RESERVED
+CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse
comparison ...)
+ TODO: check
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command
execution ...)
NOT-FOR-US: Qualcomm
CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action
frame to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883bdac01e0aee30edd8d3b2d99f1381a8344ccd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883bdac01e0aee30edd8d3b2d99f1381a8344ccd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
