Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
249059e8 by security tracker role at 2023-11-09T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers
to acces ...)
+ TODO: check
+CVE-2023-5078 (A vulnerability was reported in some ThinkPad BIOS that could
allow a ...)
+ TODO: check
+CVE-2023-5075 (A buffer overflow was reported in the FmpSipoCapsuleDriver
driver in t ...)
+ TODO: check
+CVE-2023-4891 (A potential use-after-free vulnerability was reported in the
Lenovo Vi ...)
+ TODO: check
+CVE-2023-4706 (A privilege escalation vulnerability was reported in Lenovo
preloaded ...)
+ TODO: check
+CVE-2023-4632 (An uncontrolled search path vulnerability was reported in
Lenovo Syste ...)
+ TODO: check
+CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, ...)
+ TODO: check
+CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in
Telit Cinter ...)
+ TODO: check
+CVE-2023-47489 (An issue in Combodo iTop v.3.1.0-2-11973 allows a local
attacker to ex ...)
+ TODO: check
+CVE-2023-47488 (Cross Site Scripting vulnerability in Combodo iTop
v.3.1.0-2-11973 all ...)
+ TODO: check
+CVE-2023-47114 (Fides is an open-source privacy engineering platform for
managing the ...)
+ TODO: check
+CVE-2023-47113 (BleachBit cleans files to free disk space and to maintain
privacy. Ble ...)
+ TODO: check
+CVE-2023-47111 (ZITADEL provides identity infrastructure. ZITADEL provides
administrat ...)
+ TODO: check
+CVE-2023-47109 (PrestaShop blockreassurance adds an information block aimed at
offerin ...)
+ TODO: check
+CVE-2023-47008 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+ TODO: check
+CVE-2023-47007 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+ TODO: check
+CVE-2023-47006 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+ TODO: check
+CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+ TODO: check
+CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0
allows a ...)
+ TODO: check
+CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via
jbig2_add_page in ...)
+ TODO: check
+CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free
via jbi ...)
+ TODO: check
+CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a
private ...)
+ TODO: check
+CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the
confident ...)
+ TODO: check
+CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, ...)
+ TODO: check
+CVE-2023-45079 (A memory leakage vulnerability was reported in the NvmramSmm
SMM drive ...)
+ TODO: check
+CVE-2023-45078 (A memory leakage vulnerability was reported in the
DustFilterAlertSmm ...)
+ TODO: check
+CVE-2023-45077 (A memory leakage vulnerability was reported in the 534D0740
DXE driver ...)
+ TODO: check
+CVE-2023-45076 (A memory leakage vulnerability was reported in the 534D0140
DXE driver ...)
+ TODO: check
+CVE-2023-45075 (A memory leakage vulnerability was reported in the
SWSMI_Shadow DXE dr ...)
+ TODO: check
+CVE-2023-43755 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, ...)
+ TODO: check
+CVE-2023-43581 (A buffer overflow was reported in the Update_WMI module in
some Lenovo ...)
+ TODO: check
+CVE-2023-43580 (A buffer overflow was reported in the SmuV11DxeVMR module in
some Leno ...)
+ TODO: check
+CVE-2023-43579 (A buffer overflow was reported in the SmuV11Dxe driver in some
Lenovo ...)
+ TODO: check
+CVE-2023-43578 (A buffer overflow was reported in the SmiFlash module in some
Lenovo D ...)
+ TODO: check
+CVE-2023-43577 (A buffer overflow was reported in the ReFlash module in some
Lenovo De ...)
+ TODO: check
+CVE-2023-43576 (A buffer overflow was reported in the WMISwSmi module in some
Lenovo D ...)
+ TODO: check
+CVE-2023-43575 (A buffer overflow was reported in the UltraFunctionTable
module in som ...)
+ TODO: check
+CVE-2023-43574 (A buffer over-read was reported in the
LEMALLDriversConnectedEventHook ...)
+ TODO: check
+CVE-2023-43573 (A buffer overflow was reported in the
LEMALLDriversConnectedEventHook ...)
+ TODO: check
+CVE-2023-43572 (A buffer over-read was reported in the BiosExtensionLoader
module in s ...)
+ TODO: check
+CVE-2023-43571 (A buffer overflow was reported in the BiosExtensionLoader
module in so ...)
+ TODO: check
+CVE-2023-43570 (A potential vulnerability was reported in the SMI callback
function of ...)
+ TODO: check
+CVE-2023-43569 (A buffer overflow was reported in the OemSmi module in some
Lenovo Des ...)
+ TODO: check
+CVE-2023-43568 (A buffer over-read was reported in the LemSecureBootForceKey
module in ...)
+ TODO: check
+CVE-2023-43567 (A buffer overflow was reported in the LemSecureBootForceKey
module in ...)
+ TODO: check
+CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, ...)
+ TODO: check
+CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, ...)
+ TODO: check
+CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to
contain an ...)
+ TODO: check
+CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site
scripting (XSS) ...)
+ TODO: check
+CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1
allows Dire ...)
+ TODO: check
CVE-2023-6012 (An improper input validation vulnerability has been found in
Lanaccess ...)
NOT-FOR-US: Lanaccess ONSAFE MonitorHM
CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under
certain ...)
@@ -58,9 +158,9 @@ CVE-2023-46760 (Out-of-bounds write vulnerability in the
kernel driver module. S
NOT-FOR-US: Huawei
CVE-2023-46759 (Permission control vulnerability in the call module.
Successful exploi ...)
NOT-FOR-US: Huawei
-CVE-2023-46758 (The multi-screen interaction module has a vulnerability in
permission ...)
+CVE-2023-46758 (Permission management vulnerability in the multi-screen
interaction mo ...)
NOT-FOR-US: Huawei
-CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism.
Successful ...)
+CVE-2023-46757 (The remote PIN module has a vulnerability that causes
incorrect inform ...)
NOT-FOR-US: Huawei
CVE-2023-46756 (Permission control vulnerability in the window management
module. Succ ...)
NOT-FOR-US: Huawei
@@ -233,6 +333,7 @@ CVE-2023-5998 (Out-of-bounds Read in GitHub repository
gpac/gpac prior to 2.3.0-
NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
NOTE:
https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to
119.0.6045.123 al ...)
+ {DSA-5551-1}
- chromium 119.0.6045.123-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to
Cross-Site Reque ...)
@@ -1414,7 +1515,7 @@ CVE-2023-40681 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-40050 (Upload profile either through API or user interface in Chef
Automate p ...)
NOT-FOR-US: Chef Automate
-CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to
execute ar ...)
+CVE-2023-38994 (The 'check_univention_joinstatus' prometheus monitoring script
(and ot ...)
NOT-FOR-US: Univention
CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Solwin Infotech
@@ -29291,8 +29392,8 @@ CVE-2023-29976
RESERVED
CVE-2023-29975
RESERVED
-CVE-2023-29974
- RESERVED
+CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows
attackers to co ...)
+ TODO: check
CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which
can lead ...)
NOT-FOR-US: Pfsense CE
CVE-2023-29972
@@ -41092,8 +41193,8 @@ CVE-2023-26158
RESERVED
CVE-2023-26157
RESERVED
-CVE-2023-26156
- RESERVED
+CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are
vulnerable to ...)
+ TODO: check
CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to
Command Inject ...)
NOT-FOR-US: node-qpdf
CVE-2023-26154
@@ -48208,8 +48309,8 @@ CVE-2023-0395 (The menu shortcode WordPress plugin
through 1.0 does not validate
NOT-FOR-US: WordPress plugin
CVE-2023-0393
RESERVED
-CVE-2023-0392
- RESERVED
+CVE-2023-0392 (The LDAP Agent Update service with versions prior to 5.18 used
an unqu ...)
+ TODO: check
CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to
encrypt ...)
NOT-FOR-US: MGT-COMMERCE
CVE-2022-48278
@@ -66912,8 +67013,8 @@ CVE-2020-36608 (A vulnerability, which was classified
as problematic, has been f
NOT-FOR-US: Tribal Systems Zenario CMS
CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh
tokens ...)
NOT-FOR-US: Cloud Foundry
-CVE-2023-20902
- RESERVED
+CVE-2023-20902 (A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and
below, ...)
+ TODO: check
CVE-2023-20901
RESERVED
CVE-2023-20900 (A malicious actor that has been granted Guest Operation
Privileges ht ...)
@@ -143710,8 +143811,8 @@ CVE-2021-43611 (Belledonne Belle-sip before 5.0.20
can crash applications such a
NOT-FOR-US: Belledonne Belle-sip
CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such
as Linp ...)
NOT-FOR-US: Belledonne Belle-sip
-CVE-2021-43609
- RESERVED
+CVE-2021-43609 (An issue was discovered in Spiceworks Help Desk Server before
1.3.3. A ...)
+ TODO: check
CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The
escaping of o ...)
- php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: Bug was introduced in 3.0.0, and fixed in experimental in
3.1.4+dfsg-1 and
@@ -530626,7 +530727,7 @@ CVE-2014-0885 (Cross-site request forgery (CSRF)
vulnerability in the Admin Web
NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in
IBM Lo ...)
NOT-FOR-US: IBM Lotus Protector for Mail Security
-CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware
Managem ...)
+CVE-2014-0883 (IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to
cross-sit ...)
NOT-FOR-US: IBM
CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System,
NeXtScale, ...)
NOT-FOR-US: IBM
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249059e841090fe837ec57db8b3315f90f66cef6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249059e841090fe837ec57db8b3315f90f66cef6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
