Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c1acf21 by security tracker role at 2024-02-06T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,313 @@
+CVE-2024-24808 (pyLoad is an open-source Download Manager written in pure
Python. Ther ...)
+ TODO: check
+CVE-2024-24807 (Sulu is a highly extensible open-source PHP content management
system ...)
+ TODO: check
+CVE-2024-24595 (Allegro AI\u2019s open-source version of ClearML stores
passwords in p ...)
+ TODO: check
+CVE-2024-24574 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
+ TODO: check
+CVE-2024-24559 (Vyper is a Pythonic Smart Contract Language for the EVM. There
is an e ...)
+ TODO: check
+CVE-2024-24543 (Buffer Overflow vulnerability in the function setSchedWifi in
Tenda AC ...)
+ TODO: check
+CVE-2024-24398 (Directory Traversal vulnerability in Stimulsoft GmbH
Stimulsoft Dashbo ...)
+ TODO: check
+CVE-2024-24112 (xmall v1.1 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
+CVE-2024-23304 (Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote
unauthentica ...)
+ TODO: check
+CVE-2024-23049 (An issue in symphony v.3.6.3 and before allows a remote
attacker to ex ...)
+ TODO: check
+CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded
password fo ...)
+ TODO: check
+CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a
stack-based buff ...)
+ TODO: check
+CVE-2024-22773 (Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password
in Cookie ...)
+ TODO: check
+CVE-2024-22208 (phpMyFAQ is an Open Source FAQ web application for PHP 8.1+
and MySQL, ...)
+ TODO: check
+CVE-2024-20828 (Improper authorization verification vulnerability in Samsung
Internet ...)
+ TODO: check
+CVE-2024-20827 (Improper access control vulnerability in Samsung Gallery prior
to vers ...)
+ TODO: check
+CVE-2024-20826 (Implicit intent hijacking vulnerability in UPHelper library
prior to v ...)
+ TODO: check
+CVE-2024-20825 (Implicit intent hijacking vulnerability in IAP of Galaxy Store
prior t ...)
+ TODO: check
+CVE-2024-20824 (Implicit intent hijacking vulnerability in VoiceSearch of
Galaxy Store ...)
+ TODO: check
+CVE-2024-20823 (Implicit intent hijacking vulnerability in SamsungAccount of
Galaxy St ...)
+ TODO: check
+CVE-2024-20822 (Implicit intent hijacking vulnerability in AccountActivity of
Galaxy S ...)
+ TODO: check
+CVE-2024-20820 (Improper input validation in bootloader prior to SMR Feb-2024
Release ...)
+ TODO: check
+CVE-2024-20819 (Out out bounds Write vulnerabilities in svc1td_vld_plh_ap of
libsthmbc ...)
+ TODO: check
+CVE-2024-20818 (Out out bounds Write vulnerabilities in svc1td_vld_elh of
libsthmbc.so ...)
+ TODO: check
+CVE-2024-20817 (Out out bounds Write vulnerabilities in svc1td_vld_slh of
libsthmbc.so ...)
+ TODO: check
+CVE-2024-20816 (Improper authentication vulnerability in
onCharacteristicWriteRequest ...)
+ TODO: check
+CVE-2024-20815 (Improper authentication vulnerability in
onCharacteristicReadRequest i ...)
+ TODO: check
+CVE-2024-20814 (Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so
prior to ...)
+ TODO: check
+CVE-2024-20813 (Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to
SMR Feb-2 ...)
+ TODO: check
+CVE-2024-20812 (Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to
SMR Feb-2 ...)
+ TODO: check
+CVE-2024-20811 (Improper caller verification in GameOptimizer prior to SMR
Feb-2024 Re ...)
+ TODO: check
+CVE-2024-20810 (Implicit intent hijacking vulnerability in Smart Suggestions
prior to ...)
+ TODO: check
+CVE-2024-1210 (The LearnDash LMS plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2024-1209 (The LearnDash LMS plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2024-1208 (The LearnDash LMS plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2024-1177 (The WP Club Manager \u2013 WordPress Sports Club Plugin plugin
for Wor ...)
+ TODO: check
+CVE-2024-1121 (The Advanced Forms for ACF plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2024-1092 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
+ TODO: check
+CVE-2024-1075 (The Minimal Coming Soon \u2013 Coming Soon Page plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-1072 (The Website Builder by SeedProd \u2014 Theme Builder, Landing
Page Bui ...)
+ TODO: check
+CVE-2024-1052 (Boundary and Boundary Enterprise (\u201cBoundary\u201d) is
vulnerable ...)
+ TODO: check
+CVE-2024-1046 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2024-0969 (The ARMember plugin for WordPress is vulnerable to Sensitive
Informati ...)
+ TODO: check
+CVE-2024-0964 (A local file include could be remotely triggered in Gradio due
to a vu ...)
+ TODO: check
+CVE-2024-0961 (The SiteOrigin Widgets Bundle plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-0954 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-0869 (The Instant Images \u2013 One Click Image Uploads from
Unsplash, Openv ...)
+ TODO: check
+CVE-2024-0859 (The Affiliates Manager plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-0835 (The Royal Elementor Kit theme for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-0834 (The Elementor Addon Elements plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-0823 (The Exclusive Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-0797 (The Active Products Tables for WooCommerce. Professional
products tabl ...)
+ TODO: check
+CVE-2024-0796 (The Active Products Tables for WooCommerce. Professional
products tabl ...)
+ TODO: check
+CVE-2024-0791 (The WOLF \u2013 WordPress Posts Bulk Editor and Manager
Professional p ...)
+ TODO: check
+CVE-2024-0790 (The WOLF \u2013 WordPress Posts Bulk Editor and Manager
Professional p ...)
+ TODO: check
+CVE-2024-0761 (The File Manager plugin for WordPress is vulnerable to
Sensitive Infor ...)
+ TODO: check
+CVE-2024-0709 (The Cryptocurrency Widgets \u2013 Price Ticker & Coins List
plugin for ...)
+ TODO: check
+CVE-2024-0701 (The UserPro plugin for WordPress is vulnerable to Security
Feature Byp ...)
+ TODO: check
+CVE-2024-0699 (The AI Engine: Chatbots, Generators, Assistants, GPT 4 and
more! plugi ...)
+ TODO: check
+CVE-2024-0691 (The FileBird plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-0678 (The Order Delivery Date for WP e-Commerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-0668 (The Advanced Database Cleaner plugin for WordPress is
vulnerable to PH ...)
+ TODO: check
+CVE-2024-0660 (The Formidable Forms \u2013 Contact Form, Survey, Quiz,
Payment, Calcu ...)
+ TODO: check
+CVE-2024-0659 (The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce
Store ...)
+ TODO: check
+CVE-2024-0630 (The WP RSS Aggregator plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-0612 (The Content Views \u2013 Post Grid, Slider, Accordion
(Gutenberg Block ...)
+ TODO: check
+CVE-2024-0597 (The SEO Plugin by Squirrly SEO plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-0586 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-0585 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-0509 (The WP 404 Auto Redirect to Similar Post plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0508 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-0448 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-0428 (The Index Now plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2024-0384 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-0382 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-0380 (The WP Recipe Maker plugin for WordPress is vulnerable to
Directory Tr ...)
+ TODO: check
+CVE-2024-0374 (The Views for WPForms \u2013 Display & Edit WPForms Entries on
your si ...)
+ TODO: check
+CVE-2024-0373 (The Views for WPForms \u2013 Display & Edit WPForms Entries on
your si ...)
+ TODO: check
+CVE-2024-0372 (The Views for WPForms \u2013 Display & Edit WPForms Entries on
your si ...)
+ TODO: check
+CVE-2024-0371 (The Views for WPForms \u2013 Display & Edit WPForms Entries on
your si ...)
+ TODO: check
+CVE-2024-0370 (The Views for WPForms \u2013 Display & Edit WPForms Entries on
your si ...)
+ TODO: check
+CVE-2024-0366 (The Starbox \u2013 the Author Box for Humans plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-0324 (The User Profile Builder \u2013 Beautiful User Registration
Forms, Use ...)
+ TODO: check
+CVE-2024-0255 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-0254 (The (Simply) Guest Author Name plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-0244 (Buffer overflow in CPCA PCFAX number process of Office
Multifunction P ...)
+ TODO: check
+CVE-2024-0221 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
+ TODO: check
+CVE-2024-0202 (A security vulnerability has been identified in the cryptlib
cryptogra ...)
+ TODO: check
+CVE-2023-7029 (The WordPress Button Plugin MaxButtons plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2023-7014 (The Author Box, Guest Author and Co-Authors for Your Posts
\u2013 Molo ...)
+ TODO: check
+CVE-2023-6996 (The Display custom fields in the frontend \u2013 Post and User
Profile ...)
+ TODO: check
+CVE-2023-6989 (The Shield Security \u2013 Smart Bot Blocking & Intrusion
Prevention S ...)
+ TODO: check
+CVE-2023-6985 (The 10Web AI Assistant \u2013 AI content writing assistant
plugin for ...)
+ TODO: check
+CVE-2023-6983 (The Display custom fields in the frontend \u2013 Post and User
Profile ...)
+ TODO: check
+CVE-2023-6982 (The Display custom fields in the frontend \u2013 Post and User
Profile ...)
+ TODO: check
+CVE-2023-6963 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-6959 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-6953 (The PDF Generator For Fluent Forms \u2013 The Contact Form
Plugin plug ...)
+ TODO: check
+CVE-2023-6933 (The Better Search Replace plugin for WordPress is vulnerable to
PHP Ob ...)
+ TODO: check
+CVE-2023-6925 (The Unlimited Addons for WPBakery Page Builder plugin for
WordPress is ...)
+ TODO: check
+CVE-2023-6884 (This plugin for WordPress is vulnerable to Stored Cross-Site
Scripting ...)
+ TODO: check
+CVE-2023-6846 (The File Manager Pro plugin for WordPress is vulnerable to
Arbitrary F ...)
+ TODO: check
+CVE-2023-6808 (The Booking for Appointments and Events Calendar \u2013 Amelia
plugin ...)
+ TODO: check
+CVE-2023-6807 (The GeneratePress Premium plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-6701 (The Advanced Custom Fields (ACF) plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-6700 (The Cookie Information | Free GDPR Consent Solution plugin for
WordPre ...)
+ TODO: check
+CVE-2023-6635 (The EditorsKit plugin for WordPress is vulnerable to arbitrary
file up ...)
+ TODO: check
+CVE-2023-6557 (The The Events Calendar plugin for WordPress is vulnerable to
Sensitiv ...)
+ TODO: check
+CVE-2023-6526 (The Meta Box \u2013 WordPress Custom Fields Framework plugin
for WordP ...)
+ TODO: check
+CVE-2023-6234 (Buffer overflow in CPCA Color LUT Resource Download process of
Office ...)
+ TODO: check
+CVE-2023-6233 (Buffer overflow in SLP attribute request process of Office
Multifuncti ...)
+ TODO: check
+CVE-2023-6232 (Buffer overflow in the Address Book username process in
authentication ...)
+ TODO: check
+CVE-2023-6231 (Buffer overflow in WSD probe request process of Office
Multifunction P ...)
+ TODO: check
+CVE-2023-6230 (Buffer overflow in the Address Book password process in
authentication ...)
+ TODO: check
+CVE-2023-6229 (Buffer overflow in CPCA PDL Resource Download process of Office
Multif ...)
+ TODO: check
+CVE-2023-52239 (The XML parser in Magic xpi Integration Platform 4.13.4 allows
XXE att ...)
+ TODO: check
+CVE-2023-51951 (SQL Injection vulnerability in Stock Management System 1.0
allows a re ...)
+ TODO: check
+CVE-2023-4637 (The WPvivid plugin for WordPress is vulnerable to unauthorized
access ...)
+ TODO: check
+CVE-2023-47889 (The Android application BINHDRM26 com.bdrm.superreboot 1.0.3,
exposes ...)
+ TODO: check
+CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super
Reboot (Root) ...)
+ TODO: check
+CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService
componen ...)
+ TODO: check
+CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote
attacker to e ...)
+ TODO: check
+CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is
vulnerable ...)
+ TODO: check
+CVE-2023-46359 (An OS command injection vulnerability in Hardy Barth cPH2
eCharge Lade ...)
+ TODO: check
+CVE-2023-43536 (Transient DOS while parse fils IE with length equal to 1.)
+ TODO: check
+CVE-2023-43535 (Memory corruption when negative display IDs are sent as input
while pr ...)
+ TODO: check
+CVE-2023-43534 (Memory corruption while validating the TID to Link Mapping
action requ ...)
+ TODO: check
+CVE-2023-43533 (Transient DOS in WLAN Firmware when the length of received
beacon is l ...)
+ TODO: check
+CVE-2023-43532 (Memory corruption while reading ACPI config through the user
mode app.)
+ TODO: check
+CVE-2023-43523 (Transient DOS while processing 11AZ RTT management action
frame receiv ...)
+ TODO: check
+CVE-2023-43522 (Transient DOS while key unwrapping process, when the given
encrypted k ...)
+ TODO: check
+CVE-2023-43520 (Memory corruption when AP includes TID to link mapping IE in
the beaco ...)
+ TODO: check
+CVE-2023-43519 (Memory corruption in video while parsing the Videoinfo, when
the size ...)
+ TODO: check
+CVE-2023-43518 (Memory corruption in video while parsing invalid mp2 clip.)
+ TODO: check
+CVE-2023-43517 (Memory corruption in Automotive Multimedia due to improper
access cont ...)
+ TODO: check
+CVE-2023-43516 (Memory corruption when malformed message payload is received
from firm ...)
+ TODO: check
+CVE-2023-43513 (Memory corruption while processing the event ring, the context
read po ...)
+ TODO: check
+CVE-2023-34042 (The spring-security.xsd file inside the
spring-security-config jar is ...)
+ TODO: check
+CVE-2023-33077 (Memory corruption in HLOS while converting from authorization
token to ...)
+ TODO: check
+CVE-2023-33076 (Memory corruption in Core when updating rollback version for
TA and OT ...)
+ TODO: check
+CVE-2023-33072 (Memory corruption in Core while processing control functions.)
+ TODO: check
+CVE-2023-33069 (Memory corruption in Audio while processing the calibration
data retur ...)
+ TODO: check
+CVE-2023-33068 (Memory corruption in Audio while processing IIR config data
from AFE c ...)
+ TODO: check
+CVE-2023-33067 (Memory corruption in Audio while calling START command on host
voice P ...)
+ TODO: check
+CVE-2023-33065 (Information disclosure in Audio while accessing AVCS services
from ADS ...)
+ TODO: check
+CVE-2023-33064 (Transient DOS in Audio when invoking callback function of ASM
driver.)
+ TODO: check
+CVE-2023-33060 (Transient DOS in Core when DDR memory check is called while
DDR is not ...)
+ TODO: check
+CVE-2023-33058 (Information disclosure in Modem while processing SIB5.)
+ TODO: check
+CVE-2023-33057 (Transient DOS in Multi-Mode Call Processor while processing UE
policy ...)
+ TODO: check
+CVE-2023-33049 (Transient DOS in Multi-Mode Call Processor due to UE failure
because o ...)
+ TODO: check
+CVE-2023-33046 (Memory corruption in Trusted Execution Environment while
deinitializin ...)
+ TODO: check
+CVE-2023-32479 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and
Dell Sec ...)
+ TODO: check
+CVE-2023-32474 (Dell Display Manager application, version 2.1.1.17 and prior,
contain ...)
+ TODO: check
+CVE-2023-32454 (DUP framework version 4.9.4.36 and prior contains insecure
operation o ...)
+ TODO: check
+CVE-2023-32451 (Dell Display Manager application, version 2.1.1.17, contains a
vulnera ...)
+ TODO: check
CVE-2024-24768 (1Panel is an open source Linux server operation and
maintenance manage ...)
NOT-FOR-US: 1Panel
CVE-2024-24762 (FastAPI is a web framework for building APIs with Python 3.8+
based on ...)
@@ -477,7 +787,7 @@ CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code
Execution Vulnerabil
NOT-FOR-US: Microsoft
CVE-2024-1162 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Cross ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1143 (Central Dogma versions prior to 0.64.0 is vulnerable to
Cross-Site Scr ...)
+CVE-2024-1143 (Central Dogma versions prior to 0.64.1 is vulnerable to
Cross-Site Scr ...)
NOT-FOR-US: Central Dogma
CVE-2024-1073 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
@@ -1052,7 +1362,7 @@ CVE-2023-46230 (In Splunk Add-on Builder versions below
4.1.4, the app writes se
NOT-FOR-US: Splunk Add-on Builder
CVE-2023-37518 (HCL BigFix ServiceNow is vulnerable to arbitrary code
injection. A ma ...)
NOT-FOR-US: HCL BigFix ServiceNow
-CVE-2023-36260 (An issue discovered in Craft CMS version 4.6.1. allows remote
attacker ...)
+CVE-2023-36260 (An issue was discovered in the Feed Me plugin 4.6.1 for Craft
CMS. It ...)
NOT-FOR-US: Craft CMS
CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit
Plugin bef ...)
NOT-FOR-US: Craft CMS Audit Plugin
@@ -3150,7 +3460,7 @@ CVE-2021-4435 (An untrusted search path vulnerability was
found in Yarn. When a
TODO: check, too few details in RHBZ#2262284
CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It
has be ...)
NOT-FOR-US: Karjasoft Sami HTTP Server
-CVE-2024-22365 [pam_namespace: protect_dir(): use O_DIRECTORY to prevent local
DoS situations]
+CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to
cause a den ...)
[experimental] - pam 1.5.3-2
- pam <unfixed> (bug #1061097)
[bookworm] - pam <no-dsa> (Minor issue)
@@ -3549,9 +3859,9 @@ CVE-2024-0507 (An attacker with access to a Management
Console user account with
NOT-FOR-US: GitHub Enterprise Server
CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does
not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+CVE-2024-0238 (The EventON Premium WordPress plugin before 4.5.6, EventON
WordPress p ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0237 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+CVE-2024-0237 (The EventON WordPress plugin through 4.5.8, EventON WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
@@ -10040,7 +10350,7 @@ CVE-2023-40921 (SQL Injection vulnerability in
functions/point_list.php in Commo
NOT-FOR-US: Common Services soliberte
CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3
allows atta ...)
NOT-FOR-US: DedeBIZ
-CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption -
incomplete fix for CVE-2020-25659]
+CVE-2023-50782 (A flaw was found in the python-cryptography package. This
issue may al ...)
- python-cryptography <unfixed> (bug #1059308)
[bookworm] - python-cryptography <no-dsa> (Minor issue)
[bullseye] - python-cryptography <no-dsa> (Minor issue)
@@ -10049,7 +10359,7 @@ CVE-2023-50782 [Bleichenbacher timing oracle attack
against RSA decryption - inc
NOTE: https://people.redhat.com/~hkario/marvin/
NOTE: https://github.com/openssl/openssl/pull/13817
NOTE: CVE is for incomplete fix of CVE-2020-25659
-CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API -
incomplete fix for CVE-2020-25657]
+CVE-2023-50781 (A flaw was found in m2crypto. This issue may allow a remote
attacker t ...)
- m2crypto <unfixed> (bug #1059292)
[bookworm] - m2crypto <no-dsa> (Minor issue)
[bullseye] - m2crypto <no-dsa> (Minor issue)
@@ -35206,7 +35516,7 @@ CVE-2023-36830 (SQLFluff is a SQL linter. Prior to
version 2.1.2, in environment
NOTE:
https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using
carefully ...)
- {DLA-3652-1}
+ {DSA-5616-1 DLA-3652-1}
- ruby-sanitize 6.0.2-1 (bug #1041430)
NOTE:
https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220
(v6.0.2)
NOTE:
https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
@@ -52086,8 +52396,8 @@ CVE-2023-28065 (Dell Command | Update, Dell Update, and
Alienware Update version
NOT-FOR-US: Dell
CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An
unauthenti ...)
NOT-FOR-US: Dell
-CVE-2023-28063
- RESERVED
+CVE-2023-28063 (Dell BIOS contains a Signed to Unsigned Conversion Error
vulnerability ...)
+ TODO: check
CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper
access ...)
NOT-FOR-US: Dell
CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
@@ -52114,8 +52424,8 @@ CVE-2023-28051 (Dell Power Manager, versions 3.10 and
prior, contains an Imprope
NOT-FOR-US: Dell
CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
-CVE-2023-28049
- RESERVED
+CVE-2023-28049 (Dell Command | Monitor, versions prior to 10.9, contain an
arbitrary f ...)
+ TODO: check
CVE-2023-28048
RESERVED
CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an
arbitrary ...)
@@ -54436,8 +54746,8 @@ CVE-2023-27320 (Sudo before 1.9.13p2 has a double free
in the per-command chroot
NOTE:
https://github.com/sudo-project/sudo/commit/87ce69246869d9b9d69be278e29e0fc6a3cabdb9
CVE-2023-27319 (ONTAP Mediator versions prior to 1.7 are susceptible to a
vulnerabili ...)
NOT-FOR-US: NetApp
-CVE-2023-27318
- RESERVED
+CVE-2023-27318 (StorageGRID (formerly StorageGRID Webscale) versions 11.6.0
through 1 ...)
+ TODO: check
CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are
susceptible to a ...)
NOT-FOR-US: ONTAP
CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a
vulnerabilit ...)
@@ -59659,8 +59969,8 @@ CVE-2023-25547 (A CWE-863: Incorrect Authorization
vulnerability exists that cou
NOT-FOR-US: Schneider
CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache
Tomcat' versi ...)
NOT-FOR-US: Dell
-CVE-2023-25543
- RESERVED
+CVE-2023-25543 (Dell Power Manager, versions prior to 3.14, contain an
Improper Author ...)
+ TODO: check
CVE-2023-25542 (Dell Trusted Device Agent, versions prior to 5.3.0, contain(s)
an impr ...)
NOT-FOR-US: Dell
CVE-2023-25541
@@ -68135,12 +68445,12 @@ CVE-2023-22821
RESERVED
CVE-2023-22820
RESERVED
-CVE-2023-22819
- RESERVED
+CVE-2023-22819 (An uncontrolled resource consumption vulnerability issue that
could ar ...)
+ TODO: check
CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were
addressed in the ...)
NOT-FOR-US: SanDisk Security Installer for Windows
-CVE-2023-22817
- RESERVED
+CVE-2023-22817 (Server-side request forgery (SSRF) vulnerability that could
allow a ro ...)
+ TODO: check
CVE-2023-22816 (A post-authentication remote command injection vulnerability
in a CGI ...)
NOT-FOR-US: Western Digital
CVE-2023-22815 (Post-authentication remote command injection vulnerability in
Western ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c1acf21017950024ea164192a6183a255c0bc64
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c1acf21017950024ea164192a6183a255c0bc64
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
