Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 94cad28c by Salvatore Bonaccorso at 2023-11-07T09:23:01+01:00 Process new NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -35,109 +35,109 @@ CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...) TODO: check CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...) - TODO: check + NOT-FOR-US: EC-CUBE CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...) - TODO: check + NOT-FOR-US: MyBB CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda RX9 Pro F ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-42555 (Use of implicit intent for sensitive communication vulnerability in Ea ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to version ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42553 (Improper authorization verification vulnerability in Samsung Email pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall application prior ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42551 (Use of implicit intent for sensitive communication vulnerability in st ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42550 (Use of implicit intent for sensitive communication vulnerability in st ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42549 (Use of implicit intent for sensitive communication vulnerability in st ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42548 (Use of implicit intent for sensitive communication vulnerability in st ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42547 (Use of implicit intent for sensitive communication vulnerability in st ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42546 (Use of implicit intent for sensitive communication vulnerability in st ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42545 (Use of implicit intent for sensitive communication vulnerability in Ph ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to 13.5.52. ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42543 (Improper verification of intent by broadcast receiver vulnerability in ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push Service p ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior to vers ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42539 (PendingIntent hijacking vulnerability in ChallengeNotificationManager ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior to SMR ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to SMR Nov ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Releas ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity prior to SM ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to SMR Nov-2 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Rel ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42531 (Improper access control vulnerability in SmsController prior to SMR No ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to SMR Nov- ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 R ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering of libse ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of libsec- ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway version 5. ...) - TODO: check + NOT-FOR-US: Tyk Gateway CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 a ...) - TODO: check + NOT-FOR-US: Tyk Gateway CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Onl ...) - TODO: check + NOT-FOR-US: Veeam CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...) - TODO: check + NOT-FOR-US: Veeam CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...) - TODO: check + NOT-FOR-US: Veeam CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to gain in ...) - TODO: check + NOT-FOR-US: Veeam CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel GS1900-24 ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after music pla ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-resp ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet data from A ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon including ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in driver ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN management fram ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from ADSP sha ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2019-25156 (A vulnerability classified as problematic was found in dstar2018 Agenc ...) - TODO: check + NOT-FOR-US: dstar2018 Agency CVE-2023-5969 (Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...) - mattermost-server <itp> (bug #823556) CVE-2023-5968 (Mattermost fails to properly sanitize the user object when updating th ...) @@ -237,7 +237,7 @@ CVE-2023-44398 (Exiv2 is a C++ library and a command-line utility to read, write CVE-2023-41685 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-41378 (In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), a ...) - TODO: check + NOT-FOR-US: Calico Typha CVE-2023-40661 (Several memory vulnerabilities were identified within the OpenSC packa ...) - opensc <unfixed> NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 @@ -251,9 +251,9 @@ CVE-2023-40660 (A flaw was found in OpenSC packages that allow a potential PIN b CVE-2023-40609 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to 4.13.1 did no ...) - TODO: check + NOT-FOR-US: strapi CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in Mitsub ...) NOT-FOR-US: Mitsubishi CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) @@ -26841,7 +26841,7 @@ CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Busine CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) NOT-FOR-US: SAP CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril prior to S ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...) NOT-FOR-US: Samsung CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...) @@ -32877,7 +32877,7 @@ CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ig CVE-2023-28749 RESERVED CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28747 RESERVED CVE-2023-28735 @@ -33535,29 +33535,29 @@ CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...) NOT-FOR-US: Qualcomm CVE-2023-28574 (Memory corruption in core services when Diag handler receives a comman ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.) NOT-FOR-US: Qualcomm CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan descript ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...) NOT-FOR-US: Qualcomm CVE-2023-28570 (Memory corruption while processing audio effects.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28569 (Information disclosure in WLAN HAL while handling command through WMI ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28568 (Information disclosure in WLAN HAL when reception status handler is ca ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...) NOT-FOR-US: Qualcomm CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI state info c ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...) NOT-FOR-US: Qualcomm CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...) NOT-FOR-US: Qualcomm CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI command.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.) NOT-FOR-US: Qualcomm CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...) @@ -33571,13 +33571,13 @@ CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx s CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...) NOT-FOR-US: Qualcomm CVE-2023-28556 (Cryptographic issue in HLOS during key management.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...) NOT-FOR-US: Qualcomm CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values from share ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event command.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28552 RESERVED CVE-2023-28551 @@ -33593,7 +33593,7 @@ CVE-2023-28547 CVE-2023-28546 RESERVED CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...) NOT-FOR-US: Qualcomm CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...) @@ -36771,7 +36771,7 @@ CVE-2023-27607 CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...) NOT-FOR-US: WordPress plugin CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 15.10.8+ds1-2 CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a ...) @@ -44819,7 +44819,7 @@ CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware r CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...) NOT-FOR-US: Qualcomm CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user while lo ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...) NOT-FOR-US: Qualcomm CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...) @@ -48261,7 +48261,7 @@ CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Co CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23700 @@ -52573,9 +52573,9 @@ CVE-2022-48195 (An issue was discovered in Mellium mellium.im/sasl before 0.3.1. CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated ...) NOT-FOR-US: TP-Link CVE-2022-48193 (Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during ...) - TODO: check + NOT-FOR-US: Softing smartLink SW-HT CVE-2022-48192 (Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1 ...) - TODO: check + NOT-FOR-US: Softing smartLink SW-HT CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) whe ...) NOT-FOR-US: Trend Micro CVE-2021-46870 @@ -54150,7 +54150,7 @@ CVE-2022-4635 CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...) NOT-FOR-US: pyambic-pentameter CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while processing bit ma ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...) NOT-FOR-US: Qualcomm CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...) @@ -58912,7 +58912,7 @@ CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Co CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...) NOT-FOR-US: Qualcomm CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse comparison ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...) NOT-FOR-US: Qualcomm CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action frame to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94cad28cb6c1466d2e632eb13729a95422844449 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94cad28cb6c1466d2e632eb13729a95422844449 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits