[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 7 08:12:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
883bdac0 by security tracker role at 2023-11-07T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2023-5976 (Improper Access Control in GitHub repository microweber/microweber pri ...)
+ TODO: check
+CVE-2023-5605 (The URL Shortify WordPress plugin through 1.7.8 does not sanitise and ...)
+ TODO: check
+CVE-2023-5601 (The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1. ...)
+ TODO: check
+CVE-2023-5530 (The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not s ...)
+ TODO: check
+CVE-2023-5454 (The Templately WordPress plugin before 2.2.6 does not properly authori ...)
+ TODO: check
+CVE-2023-5355 (The Awesome Support WordPress plugin before 6.1.5 does not sanitize fi ...)
+ TODO: check
+CVE-2023-5354 (The Awesome Support WordPress plugin before 6.1.5 does not sanitise an ...)
+ TODO: check
+CVE-2023-5352 (The Awesome Support WordPress plugin before 6.1.5 does not correctly a ...)
+ TODO: check
+CVE-2023-5228 (The User Registration WordPress plugin before 3.0.4.2 does not sanitiz ...)
+ TODO: check
+CVE-2023-5181 (The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise ...)
+ TODO: check
+CVE-2023-5082 (The History Log by click5 WordPress plugin before 1.0.13 does not prop ...)
+ TODO: check
+CVE-2023-5076 (The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-4930 (The Front End PM WordPress plugin before 11.4.3 does not block listing ...)
+ TODO: check
+CVE-2023-4858 (The Simple Table Manager WordPress plugin through 1.5.6 does not sanit ...)
+ TODO: check
+CVE-2023-4810 (The Responsive Pricing Table WordPress plugin before 5.1.8 does not sa ...)
+ TODO: check
+CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user accounts ...)
+ TODO: check
+CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12 ...)
+ TODO: check
+CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...)
+ TODO: check
+CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...)
+ TODO: check
+CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...)
+ TODO: check
+CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03 ...)
+ TODO: check
+CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda RX9 Pro F ...)
+ TODO: check
+CVE-2023-42555 (Use of implicit intent for sensitive communication vulnerability in Ea ...)
+ TODO: check
+CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to version ...)
+ TODO: check
+CVE-2023-42553 (Improper authorization verification vulnerability in Samsung Email pri ...)
+ TODO: check
+CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall application prior ...)
+ TODO: check
+CVE-2023-42551 (Use of implicit intent for sensitive communication vulnerability in st ...)
+ TODO: check
+CVE-2023-42550 (Use of implicit intent for sensitive communication vulnerability in st ...)
+ TODO: check
+CVE-2023-42549 (Use of implicit intent for sensitive communication vulnerability in st ...)
+ TODO: check
+CVE-2023-42548 (Use of implicit intent for sensitive communication vulnerability in st ...)
+ TODO: check
+CVE-2023-42547 (Use of implicit intent for sensitive communication vulnerability in st ...)
+ TODO: check
+CVE-2023-42546 (Use of implicit intent for sensitive communication vulnerability in st ...)
+ TODO: check
+CVE-2023-42545 (Use of implicit intent for sensitive communication vulnerability in Ph ...)
+ TODO: check
+CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to 13.5.52. ...)
+ TODO: check
+CVE-2023-42543 (Improper verification of intent by broadcast receiver vulnerability in ...)
+ TODO: check
+CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service prior to ...)
+ TODO: check
+CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push Service p ...)
+ TODO: check
+CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior to vers ...)
+ TODO: check
+CVE-2023-42539 (PendingIntent hijacking vulnerability in ChallengeNotificationManager ...)
+ TODO: check
+CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped prior to ...)
+ TODO: check
+CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior to SMR ...)
+ TODO: check
+CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to SMR Nov ...)
+ TODO: check
+CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Releas ...)
+ TODO: check
+CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity prior to SM ...)
+ TODO: check
+CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to SMR Nov-2 ...)
+ TODO: check
+CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Rel ...)
+ TODO: check
+CVE-2023-42531 (Improper access control vulnerability in SmsController prior to SMR No ...)
+ TODO: check
+CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to SMR Nov- ...)
+ TODO: check
+CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 R ...)
+ TODO: check
+CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering of libse ...)
+ TODO: check
+CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of libsec- ...)
+ TODO: check
+CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway version 5. ...)
+ TODO: check
+CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 a ...)
+ TODO: check
+CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Onl ...)
+ TODO: check
+CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...)
+ TODO: check
+CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...)
+ TODO: check
+CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to gain in ...)
+ TODO: check
+CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel GS1900-24 ...)
+ TODO: check
+CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after music pla ...)
+ TODO: check
+CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-resp ...)
+ TODO: check
+CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet data from A ...)
+ TODO: check
+CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon including ...)
+ TODO: check
+CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in driver ...)
+ TODO: check
+CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.)
+ TODO: check
+CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.)
+ TODO: check
+CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN management fram ...)
+ TODO: check
+CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from ADSP sha ...)
+ TODO: check
+CVE-2019-25156 (A vulnerability classified as problematic was found in dstar2018 Agenc ...)
+ TODO: check
CVE-2023-5969 (Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-5968 (Mattermost fails to properly sanitize the user object when updating th ...)
@@ -2405,7 +2545,7 @@ CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) befor
NOT-FOR-US: Django Grappelli
CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or co ...)
NOT-FOR-US: Wagtail CRX CodeRed Extensions
-CVE-2023-46728 [SQUID-2021:8 Denial of Service in Gopher gateway]
+CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
- squid 6.1-1
NOTE: No code fix, gopher support was removed:
NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1)
@@ -13773,7 +13913,7 @@ CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability)
+CVE-2023-38169 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -26700,8 +26840,8 @@ CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Busine
NOT-FOR-US: SAP
CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
NOT-FOR-US: SAP
-CVE-2023-30739
- RESERVED
+CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril prior to S ...)
+ TODO: check
CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...)
NOT-FOR-US: Samsung
CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...)
@@ -33394,30 +33534,30 @@ CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf
NOT-FOR-US: Qualcomm
CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28574
- RESERVED
+CVE-2023-28574 (Memory corruption in core services when Diag handler receives a comman ...)
+ TODO: check
CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.)
NOT-FOR-US: Qualcomm
-CVE-2023-28572
- RESERVED
+CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan descript ...)
+ TODO: check
CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28570
- RESERVED
-CVE-2023-28569
- RESERVED
-CVE-2023-28568
- RESERVED
+CVE-2023-28570 (Memory corruption while processing audio effects.)
+ TODO: check
+CVE-2023-28569 (Information disclosure in WLAN HAL while handling command through WMI ...)
+ TODO: check
+CVE-2023-28568 (Information disclosure in WLAN HAL when reception status handler is ca ...)
+ TODO: check
CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28566
- RESERVED
+CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI state info c ...)
+ TODO: check
CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...)
NOT-FOR-US: Qualcomm
CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28563
- RESERVED
+CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI command.)
+ TODO: check
CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
NOT-FOR-US: Qualcomm
CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...)
@@ -33430,14 +33570,14 @@ CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx s
NOT-FOR-US: Qualcomm
CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28556
- RESERVED
+CVE-2023-28556 (Cryptographic issue in HLOS during key management.)
+ TODO: check
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28554
- RESERVED
-CVE-2023-28553
- RESERVED
+CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values from share ...)
+ TODO: check
+CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event command.)
+ TODO: check
CVE-2023-28552
RESERVED
CVE-2023-28551
@@ -33452,8 +33592,8 @@ CVE-2023-28547
RESERVED
CVE-2023-28546
RESERVED
-CVE-2023-28545
- RESERVED
+CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)
+ TODO: check
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...)
NOT-FOR-US: Qualcomm
CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...)
@@ -44678,8 +44818,8 @@ CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware r
NOT-FOR-US: Qualcomm
CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...)
NOT-FOR-US: Qualcomm
-CVE-2023-24852
- RESERVED
+CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user while lo ...)
+ TODO: check
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
NOT-FOR-US: Qualcomm
CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...)
@@ -54009,8 +54149,8 @@ CVE-2022-4635
RESERVED
CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...)
NOT-FOR-US: pyambic-pentameter
-CVE-2023-22388
- RESERVED
+CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while processing bit ma ...)
+ TODO: check
CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...)
NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
@@ -58771,8 +58911,8 @@ CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Co
NOT-FOR-US: Qualcomm
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21671
- RESERVED
+CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse comparison ...)
+ TODO: check
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...)
NOT-FOR-US: Qualcomm
CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action frame to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883bdac01e0aee30edd8d3b2d99f1381a8344ccd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883bdac01e0aee30edd8d3b2d99f1381a8344ccd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/681da2c9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list