[Git][security-tracker-team/security-tracker][master] Process new NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 7 08:23:43 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94cad28c by Salvatore Bonaccorso at 2023-11-07T09:23:01+01:00
Process new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,109 +35,109 @@ CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through
CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...)
TODO: check
CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda RX9 Pro F ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-42555 (Use of implicit intent for sensitive communication vulnerability in Ea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42553 (Improper authorization verification vulnerability in Samsung Email pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall application prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42551 (Use of implicit intent for sensitive communication vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42550 (Use of implicit intent for sensitive communication vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42549 (Use of implicit intent for sensitive communication vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42548 (Use of implicit intent for sensitive communication vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42547 (Use of implicit intent for sensitive communication vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42546 (Use of implicit intent for sensitive communication vulnerability in st ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42545 (Use of implicit intent for sensitive communication vulnerability in Ph ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to 13.5.52. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42543 (Improper verification of intent by broadcast receiver vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push Service p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42539 (PendingIntent hijacking vulnerability in ChallengeNotificationManager ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to SMR Nov ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to SMR Nov-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Rel ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42531 (Improper access control vulnerability in SmsController prior to SMR No ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to SMR Nov- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering of libse ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of libsec- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway version 5. ...)
- TODO: check
+ NOT-FOR-US: Tyk Gateway
CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 a ...)
- TODO: check
+ NOT-FOR-US: Tyk Gateway
CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Onl ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to gain in ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel GS1900-24 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after music pla ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-resp ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet data from A ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon including ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN management fram ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from ADSP sha ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2019-25156 (A vulnerability classified as problematic was found in dstar2018 Agenc ...)
- TODO: check
+ NOT-FOR-US: dstar2018 Agency
CVE-2023-5969 (Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-5968 (Mattermost fails to properly sanitize the user object when updating th ...)
@@ -237,7 +237,7 @@ CVE-2023-44398 (Exiv2 is a C++ library and a command-line utility to read, write
CVE-2023-41685 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41378 (In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), a ...)
- TODO: check
+ NOT-FOR-US: Calico Typha
CVE-2023-40661 (Several memory vulnerabilities were identified within the OpenSC packa ...)
- opensc <unfixed>
NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
@@ -251,9 +251,9 @@ CVE-2023-40660 (A flaw was found in OpenSC packages that allow a potential PIN b
CVE-2023-40609 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to 4.13.1 did no ...)
- TODO: check
+ NOT-FOR-US: strapi
CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in Mitsub ...)
NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
@@ -26841,7 +26841,7 @@ CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Busine
CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
NOT-FOR-US: SAP
CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...)
NOT-FOR-US: Samsung
CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...)
@@ -32877,7 +32877,7 @@ CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ig
CVE-2023-28749
RESERVED
CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28747
RESERVED
CVE-2023-28735
@@ -33535,29 +33535,29 @@ CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf
CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...)
NOT-FOR-US: Qualcomm
CVE-2023-28574 (Memory corruption in core services when Diag handler receives a comman ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.)
NOT-FOR-US: Qualcomm
CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan descript ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...)
NOT-FOR-US: Qualcomm
CVE-2023-28570 (Memory corruption while processing audio effects.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28569 (Information disclosure in WLAN HAL while handling command through WMI ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28568 (Information disclosure in WLAN HAL when reception status handler is ca ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...)
NOT-FOR-US: Qualcomm
CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI state info c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...)
NOT-FOR-US: Qualcomm
CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...)
NOT-FOR-US: Qualcomm
CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI command.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
NOT-FOR-US: Qualcomm
CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...)
@@ -33571,13 +33571,13 @@ CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx s
CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...)
NOT-FOR-US: Qualcomm
CVE-2023-28556 (Cryptographic issue in HLOS during key management.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...)
NOT-FOR-US: Qualcomm
CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values from share ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event command.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28552
RESERVED
CVE-2023-28551
@@ -33593,7 +33593,7 @@ CVE-2023-28547
CVE-2023-28546
RESERVED
CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...)
NOT-FOR-US: Qualcomm
CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...)
@@ -36771,7 +36771,7 @@ CVE-2023-27607
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab 15.10.8+ds1-2
CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a ...)
@@ -44819,7 +44819,7 @@ CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware r
CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...)
NOT-FOR-US: Qualcomm
CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user while lo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
NOT-FOR-US: Qualcomm
CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...)
@@ -48261,7 +48261,7 @@ CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Co
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23700
@@ -52573,9 +52573,9 @@ CVE-2022-48195 (An issue was discovered in Mellium mellium.im/sasl before 0.3.1.
CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated ...)
NOT-FOR-US: TP-Link
CVE-2022-48193 (Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during ...)
- TODO: check
+ NOT-FOR-US: Softing smartLink SW-HT
CVE-2022-48192 (Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1 ...)
- TODO: check
+ NOT-FOR-US: Softing smartLink SW-HT
CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) whe ...)
NOT-FOR-US: Trend Micro
CVE-2021-46870
@@ -54150,7 +54150,7 @@ CVE-2022-4635
CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...)
NOT-FOR-US: pyambic-pentameter
CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while processing bit ma ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...)
NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
@@ -58912,7 +58912,7 @@ CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Co
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
NOT-FOR-US: Qualcomm
CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse comparison ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...)
NOT-FOR-US: Qualcomm
CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action frame to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94cad28cb6c1466d2e632eb13729a95422844449
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94cad28cb6c1466d2e632eb13729a95422844449
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/5e3bed16/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list