Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b93407b by security tracker role at 2023-11-22T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,64 @@
-CVE-2023-6238 [nvme: memory corruption via unprivileged user passthrough]
+CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to
download a ...)
+ TODO: check
+CVE-2023-5299 (A user with a standard account in Fuji Electric Tellus Lite may
overwr ...)
+ TODO: check
+CVE-2023-49105 (An issue was discovered in ownCloud owncloud/core before
10.13.1. An a ...)
+ TODO: check
+CVE-2023-49104 (An issue was discovered in ownCloud owncloud/oauth2 before
0.6.1, when ...)
+ TODO: check
+CVE-2023-49103 (An issue was discovered in ownCloud owncloud/graphapi 0.2.x
before 0.2 ...)
+ TODO: check
+CVE-2023-48701 (Statamic CMS is a Laravel and Git powered content management
system (C ...)
+ TODO: check
+CVE-2023-48700 (The Nautobot Device Onboarding plugin uses the netmiko and
NAPALM libr ...)
+ TODO: check
+CVE-2023-48699 (fastbots is a library for fast bot and scraper development
using selen ...)
+ TODO: check
+CVE-2023-48307 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted
productivi ...)
+ TODO: check
+CVE-2023-48306 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48305 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48304 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48303 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48302 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48301 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in
product ...)
+ TODO: check
+CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
+ TODO: check
+CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based
RPC syst ...)
+ TODO: check
+CVE-2023-48228 (authentik is an open-source identity provider. When
initialising a oau ...)
+ TODO: check
+CVE-2023-48161 (Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1
allows ...)
+ TODO: check
+CVE-2023-47393 (An access control issue in Mercedes me IOS APP v1.34.0 and
below allow ...)
+ TODO: check
+CVE-2023-47392 (An access control issue in Mercedes me IOS APP v1.34.0 and
below allow ...)
+ TODO: check
+CVE-2023-47016 (radare2 5.8.9 has an out-of-bounds read in
r_bin_object_set_items in l ...)
+ TODO: check
+CVE-2023-46814 (A binary hijacking vulnerability exists within the VideoLAN
VLC media ...)
+ TODO: check
+CVE-2023-41146 (Autodesk Customer Support Portal allows cases created by users
under a ...)
+ TODO: check
+CVE-2023-41145 (Autodesk users who no longer have an active license for an
account can ...)
+ TODO: check
+CVE-2023-40152 (When Fuji Electric Tellus Lite V-Simulator parses a
specially-crafted ...)
+ TODO: check
+CVE-2023-35127 (Stack-based buffer overflow may occur when Fuji Electric
Tellus Lite V ...)
+ TODO: check
+CVE-2023-2447 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2023-2446 (The UserPro plugin for WordPress is vulnerable to sensitive
informatio ...)
+ TODO: check
+CVE-2023-6238 (A buffer overflow vulnerability was found in the NVM Express
(NVMe) dr ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -34173,8 +34233,8 @@ CVE-2023-29071
RESERVED
CVE-2023-29070
RESERVED
-CVE-2023-29069
- RESERVED
+CVE-2023-29069 (A maliciously crafted DLL file can be forced to install onto a
non-def ...)
+ TODO: check
CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file
could le ...)
NOT-FOR-US: Autodesk
CVE-2023-29067 (A maliciously crafted X_B file when parsed through
Autodesk\xae AutoCA ...)
@@ -95289,8 +95349,8 @@ CVE-2022-35640
RESERVED
CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud
22.2 do no ...)
NOT-FOR-US: IBM
-CVE-2022-35638
- RESERVED
+CVE-2022-35638 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.8 a ...)
+ TODO: check
CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 is ...)
NOT-FOR-US: IBM
CVE-2022-35636
@@ -163127,8 +163187,8 @@ CVE-2021-37944
RESERVED
CVE-2021-37943
RESERVED
-CVE-2021-37942
- RESERVED
+CVE-2021-37942 (A local privilege escalation issue was found with the APM Java
agent, ...)
+ TODO: check
CVE-2021-37941 (A local privilege escalation issue was found with the APM Java
agent, ...)
NOT-FOR-US: Elastic APM Java agent
CVE-2021-37940 (An information disclosure via GET request server-side request
forgery ...)
@@ -163137,8 +163197,8 @@ CVE-2021-37939 (It was discovered that Kibana\u2019s
JIRA connector & IBM Resili
NOT-FOR-US: IBM
CVE-2021-37938 (It was discovered that on Windows operating systems
specifically, Kiba ...)
- kibana <itp> (bug #700337)
-CVE-2021-37937
- RESERVED
+CVE-2021-37937 (An issue was found with how API keys are created with the
Fleet-Server ...)
+ TODO: check
CVE-2021-37936 (It was discovered that Kibana was not sanitizing document
fields conta ...)
- kibana <itp> (bug #700337)
CVE-2021-37935 (An information disclosure vulnerability in the login page of
Huntflow ...)
@@ -202843,10 +202903,10 @@ CVE-2021-22153 (A Remote Code Execution
vulnerability in the Management Console
NOT-FOR-US: BlackBerry UEM
CVE-2021-22152 (A Denial of Service due to Improper Input Validation
vulnerability in ...)
NOT-FOR-US: BlackBerry UEM
-CVE-2021-22151
- RESERVED
-CVE-2021-22150
- RESERVED
+CVE-2021-22151 (It was discovered that Kibana was not validating a user
supplied path, ...)
+ TODO: check
+CVE-2021-22150 (It was discovered that a user with Fleet admin permissions
could uploa ...)
+ TODO: check
CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0
are vulner ...)
NOT-FOR-US: Elastic Enterprise Search
CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0
was vulner ...)
@@ -202859,10 +202919,9 @@ CVE-2021-22145 (A memory disclosure vulnerability
was identified in Elasticsearc
- elasticsearch <removed>
CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an
uncontrolled rec ...)
- elasticsearch <removed>
-CVE-2021-22143
- RESERVED
-CVE-2021-22142
- RESERVED
+CVE-2021-22143 (The Elastic APM .NET Agent can leak sensitive HTTP header
information ...)
+ TODO: check
+CVE-2021-22142 (Kibana contains an embedded version of the Chromium browser
that the R ...)
- kibana <itp> (bug #700337)
CVE-2021-22141 (An open redirect flaw was found in Kibana versions before
7.13.0 and 6 ...)
- kibana <itp> (bug #700337)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b93407b8b394b9db50dc4e844076514523f8bad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b93407b8b394b9db50dc4e844076514523f8bad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
