Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
94cad28c by Salvatore Bonaccorso at 2023-11-07T09:23:01+01:00
Process new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,109 +35,109 @@ CVE-2023-47004 (Buffer Overflow vulnerability in Redis
RedisGraph v.2.x through
CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2
through ...)
TODO: check
CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to
4.0.6-p3, ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums
v.1.8.33 allows ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9
Pro v22.03 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda
RX9 Pro F ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-42555 (Use of implicit intent for sensitive communication
vulnerability in Ea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42553 (Improper authorization verification vulnerability in Samsung
Email pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall
application prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42551 (Use of implicit intent for sensitive communication
vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42550 (Use of implicit intent for sensitive communication
vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42549 (Use of implicit intent for sensitive communication
vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42548 (Use of implicit intent for sensitive communication
vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42547 (Use of implicit intent for sensitive communication
vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42546 (Use of implicit intent for sensitive communication
vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42545 (Use of implicit intent for sensitive communication
vulnerability in Ph ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to
13.5.52. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42543 (Improper verification of intent by broadcast receiver
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push
Service p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42539 (PendingIntent hijacking vulnerability in
ChallengeNotificationManager ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to
SMR Nov ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR
Nov-2023 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to
SMR Nov-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR
Nov-2023 Rel ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42531 (Improper access control vulnerability in SmsController prior
to SMR No ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to
SMR Nov- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR
Nov-2023 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering
of libse ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of
libsec- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway
version 5. ...)
- TODO: check
+ NOT-FOR-US: Tyk Gateway
CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version
5.0.3 a ...)
- TODO: check
+ NOT-FOR-US: Tyk Gateway
CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE
Read-Onl ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who
has acces ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who
has acces ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to
gain in ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel
GS1900-24 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after
music pla ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or
probe-resp ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet
data from A ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon
including ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN
management fram ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from
ADSP sha ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2019-25156 (A vulnerability classified as problematic was found in
dstar2018 Agenc ...)
- TODO: check
+ NOT-FOR-US: dstar2018 Agency
CVE-2023-5969 (Mattermost fails to properly sanitize the request
to/api/v4/redirect_l ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-5968 (Mattermost fails to properly sanitize the user object when
updating th ...)
@@ -237,7 +237,7 @@ CVE-2023-44398 (Exiv2 is a C++ library and a command-line
utility to read, write
CVE-2023-41685 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41378 (In certain conditions for Calico Typha (v3.26.2, v3.25.1 and
below), a ...)
- TODO: check
+ NOT-FOR-US: Calico Typha
CVE-2023-40661 (Several memory vulnerabilities were identified within the
OpenSC packa ...)
- opensc <unfixed>
NOTE:
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
@@ -251,9 +251,9 @@ CVE-2023-40660 (A flaw was found in OpenSC packages that
allow a potential PIN b
CVE-2023-40609 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to
4.13.1 did no ...)
- TODO: check
+ NOT-FOR-US: strapi
CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in
Mitsub ...)
NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
@@ -26841,7 +26841,7 @@ CVE-2023-30741 (Due to insufficient input validation,
SAP BusinessObjects Busine
CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions
420, 430 ...)
NOT-FOR-US: SAP
CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril
prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30738 (An improper input validation in UEFI Firmware prior to
Firmware update ...)
NOT-FOR-US: Samsung
CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior
to versi ...)
@@ -32877,7 +32877,7 @@ CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ig
CVE-2023-28749
RESERVED
CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28747
RESERVED
CVE-2023-28735
@@ -33535,29 +33535,29 @@ CVE-2023-28576 (The buffer obtained from kernel APIs
such as cam_mem_get_cpu_buf
CVE-2023-28575 (The cam_get_device_priv function does not check the type of
handle bei ...)
NOT-FOR-US: Qualcomm
CVE-2023-28574 (Memory corruption in core services when Diag handler receives
a comman ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command
parameters.)
NOT-FOR-US: Qualcomm
CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan
descript ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN
scan des ...)
NOT-FOR-US: Qualcomm
CVE-2023-28570 (Memory corruption while processing audio effects.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28569 (Information disclosure in WLAN HAL while handling command
through WMI ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28568 (Information disclosure in WLAN HAL when reception status
handler is ca ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through
WMI inter ...)
NOT-FOR-US: Qualcomm
CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI
state info c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams
through W ...)
NOT-FOR-US: Qualcomm
CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters
through ...)
NOT-FOR-US: Qualcomm
CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI
command.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
NOT-FOR-US: Qualcomm
CVE-2023-28561 (Memory corruption in QESL while processing payload from
external ESL d ...)
@@ -33571,13 +33571,13 @@ CVE-2023-28558 (Memory corruption in WLAN handler
while processing PhyID in Tx s
CVE-2023-28557 (Memory corruption in WLAN HAL while processing command
parameters from ...)
NOT-FOR-US: Qualcomm
CVE-2023-28556 (Cryptographic issue in HLOS during key management.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media
codec d ...)
NOT-FOR-US: Qualcomm
CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values
from share ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event
command.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28552
RESERVED
CVE-2023-28551
@@ -33593,7 +33593,7 @@ CVE-2023-28547
CVE-2023-28546
RESERVED
CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from
HLOS to ...)
NOT-FOR-US: Qualcomm
CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library
due to o ...)
@@ -36771,7 +36771,7 @@ CVE-2023-27607
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad
Hossain WP R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab 15.10.8+ds1-2
CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is
affected by a ...)
@@ -44819,7 +44819,7 @@ CVE-2023-24854 (Memory Corruption in WLAN HOST while
parsing QMI WLAN Firmware r
CVE-2023-24853 (Memory Corruption in HLOS while registering for key
provisioning notif ...)
NOT-FOR-US: Qualcomm
CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user
while lo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response
message from ...)
NOT-FOR-US: Qualcomm
CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key
into Key ...)
@@ -48261,7 +48261,7 @@ CVE-2023-23704 (Cross-Site Request Forgery (CSRF)
vulnerability in Pixelgrade Co
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pixe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23700
@@ -52573,9 +52573,9 @@ CVE-2022-48195 (An issue was discovered in Mellium
mellium.im/sasl before 0.3.1.
CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote
authenticated ...)
NOT-FOR-US: TP-Link
CVE-2022-48193 (Weak ciphers in Softing smartLink SW-HT before 1.30 are
enabled during ...)
- TODO: check
+ NOT-FOR-US: Softing smartLink SW-HT
CVE-2022-48192 (Cross-site Scripting vulnerability in Softing smartLink SW-HT
before 1 ...)
- TODO: check
+ NOT-FOR-US: Softing smartLink SW-HT
CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022
(17.7) whe ...)
NOT-FOR-US: Trend Micro
CVE-2021-46870
@@ -54150,7 +54150,7 @@ CVE-2022-4635
CVE-2021-4275 (A vulnerability, which was classified as problematic, was found
in kat ...)
NOT-FOR-US: pyambic-pentameter
CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while
processing bit ma ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX
write leadin ...)
NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW
request to all ...)
@@ -58912,7 +58912,7 @@ CVE-2023-21673 (Improper Access to the VM resource
manager can lead to Memory Co
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel
playback or ...)
NOT-FOR-US: Qualcomm
CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse
comparison ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command
execution ...)
NOT-FOR-US: Qualcomm
CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action
frame to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94cad28cb6c1466d2e632eb13729a95422844449
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94cad28cb6c1466d2e632eb13729a95422844449
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
