[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 9 08:12:15 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
249059e8 by security tracker role at 2023-11-09T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...)
+	TODO: check
+CVE-2023-5078 (A vulnerability was reported in some ThinkPad BIOS that could allow a  ...)
+	TODO: check
+CVE-2023-5075 (A buffer overflow was reported in the FmpSipoCapsuleDriver driver in t ...)
+	TODO: check
+CVE-2023-4891 (A potential use-after-free vulnerability was reported in the Lenovo Vi ...)
+	TODO: check
+CVE-2023-4706 (A privilege escalation vulnerability was reported in Lenovo preloaded  ...)
+	TODO: check
+CVE-2023-4632 (An uncontrolled search path vulnerability was reported in Lenovo Syste ...)
+	TODO: check
+CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
+	TODO: check
+CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinter ...)
+	TODO: check
+CVE-2023-47489 (An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to ex ...)
+	TODO: check
+CVE-2023-47488 (Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 all ...)
+	TODO: check
+CVE-2023-47114 (Fides is an open-source privacy engineering platform for managing the  ...)
+	TODO: check
+CVE-2023-47113 (BleachBit cleans files to free disk space and to maintain privacy. Ble ...)
+	TODO: check
+CVE-2023-47111 (ZITADEL provides identity infrastructure. ZITADEL provides administrat ...)
+	TODO: check
+CVE-2023-47109 (PrestaShop blockreassurance adds an information block aimed at offerin ...)
+	TODO: check
+CVE-2023-47008 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+	TODO: check
+CVE-2023-47007 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+	TODO: check
+CVE-2023-47006 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+	TODO: check
+CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+	TODO: check
+CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a  ...)
+	TODO: check
+CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in  ...)
+	TODO: check
+CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbi ...)
+	TODO: check
+CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a private  ...)
+	TODO: check
+CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the confident ...)
+	TODO: check
+CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
+	TODO: check
+CVE-2023-45079 (A memory leakage vulnerability was reported in the NvmramSmm SMM drive ...)
+	TODO: check
+CVE-2023-45078 (A memory leakage vulnerability was reported in the DustFilterAlertSmm  ...)
+	TODO: check
+CVE-2023-45077 (A memory leakage vulnerability was reported in the 534D0740 DXE driver ...)
+	TODO: check
+CVE-2023-45076 (A memory leakage vulnerability was reported in the 534D0140 DXE driver ...)
+	TODO: check
+CVE-2023-45075 (A memory leakage vulnerability was reported in the SWSMI_Shadow DXE dr ...)
+	TODO: check
+CVE-2023-43755 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
+	TODO: check
+CVE-2023-43581 (A buffer overflow was reported in the Update_WMI module in some Lenovo ...)
+	TODO: check
+CVE-2023-43580 (A buffer overflow was reported in the SmuV11DxeVMR module in some Leno ...)
+	TODO: check
+CVE-2023-43579 (A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo  ...)
+	TODO: check
+CVE-2023-43578 (A buffer overflow was reported in the SmiFlash module in some Lenovo D ...)
+	TODO: check
+CVE-2023-43577 (A buffer overflow was reported in the ReFlash module in some Lenovo De ...)
+	TODO: check
+CVE-2023-43576 (A buffer overflow was reported in the WMISwSmi module in some Lenovo D ...)
+	TODO: check
+CVE-2023-43575 (A buffer overflow was reported in the UltraFunctionTable module in som ...)
+	TODO: check
+CVE-2023-43574 (A buffer over-read was reported in the LEMALLDriversConnectedEventHook ...)
+	TODO: check
+CVE-2023-43573 (A buffer overflow was reported in the LEMALLDriversConnectedEventHook  ...)
+	TODO: check
+CVE-2023-43572 (A buffer over-read was reported in the BiosExtensionLoader module in s ...)
+	TODO: check
+CVE-2023-43571 (A buffer overflow was reported in the BiosExtensionLoader module in so ...)
+	TODO: check
+CVE-2023-43570 (A potential vulnerability was reported in the SMI callback function of ...)
+	TODO: check
+CVE-2023-43569 (A buffer overflow was reported in the OemSmi module in some Lenovo Des ...)
+	TODO: check
+CVE-2023-43568 (A buffer over-read was reported in the LemSecureBootForceKey module in ...)
+	TODO: check
+CVE-2023-43567 (A buffer overflow was reported in the LemSecureBootForceKey module in  ...)
+	TODO: check
+CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
+	TODO: check
+CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
+	TODO: check
+CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an ...)
+	TODO: check
+CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site scripting (XSS)  ...)
+	TODO: check
+CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Dire ...)
+	TODO: check
 CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...)
 	NOT-FOR-US: Lanaccess ONSAFE MonitorHM
 CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain  ...)
@@ -58,9 +158,9 @@ CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. S
 	NOT-FOR-US: Huawei
 CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...)
 	NOT-FOR-US: Huawei
-CVE-2023-46758 (The multi-screen interaction module has a vulnerability in permission  ...)
+CVE-2023-46758 (Permission management vulnerability in the multi-screen interaction mo ...)
 	NOT-FOR-US: Huawei
-CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...)
+CVE-2023-46757 (The remote PIN module has a vulnerability that causes incorrect inform ...)
 	NOT-FOR-US: Huawei
 CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...)
 	NOT-FOR-US: Huawei
@@ -233,6 +333,7 @@ CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-
 	NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
 	NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
 CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 al ...)
+	{DSA-5551-1}
 	- chromium 119.0.6045.123-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...)
@@ -1414,7 +1515,7 @@ CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-40050 (Upload profile either through API or user interface in Chef Automate p ...)
 	NOT-FOR-US: Chef Automate
-CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to execute ar ...)
+CVE-2023-38994 (The 'check_univention_joinstatus' prometheus monitoring script (and ot ...)
 	NOT-FOR-US: Univention
 CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Solwin Infotech
@@ -29291,8 +29392,8 @@ CVE-2023-29976
 	RESERVED
 CVE-2023-29975
 	RESERVED
-CVE-2023-29974
-	RESERVED
+CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to co ...)
+	TODO: check
 CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...)
 	NOT-FOR-US: Pfsense CE
 CVE-2023-29972
@@ -41092,8 +41193,8 @@ CVE-2023-26158
 	RESERVED
 CVE-2023-26157
 	RESERVED
-CVE-2023-26156
-	RESERVED
+CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to  ...)
+	TODO: check
 CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...)
 	NOT-FOR-US: node-qpdf
 CVE-2023-26154
@@ -48208,8 +48309,8 @@ CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0393
 	RESERVED
-CVE-2023-0392
-	RESERVED
+CVE-2023-0392 (The LDAP Agent Update service with versions prior to 5.18 used an unqu ...)
+	TODO: check
 CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt ...)
 	NOT-FOR-US: MGT-COMMERCE
 CVE-2022-48278
@@ -66912,8 +67013,8 @@ CVE-2020-36608 (A vulnerability, which was classified as problematic, has been f
 	NOT-FOR-US: Tribal Systems Zenario CMS
 CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh tokens  ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2023-20902
-	RESERVED
+CVE-2023-20902 (A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  ...)
+	TODO: check
 CVE-2023-20901
 	RESERVED
 CVE-2023-20900 (A malicious actor that has been granted  Guest Operation Privileges ht ...)
@@ -143710,8 +143811,8 @@ CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such a
 	NOT-FOR-US: Belledonne Belle-sip
 CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
 	NOT-FOR-US: Belledonne Belle-sip
-CVE-2021-43609
-	RESERVED
+CVE-2021-43609 (An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A ...)
+	TODO: check
 CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...)
 	- php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
 	NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
@@ -530626,7 +530727,7 @@ CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web
 	NOT-FOR-US: IBM Lotus Protector for Mail Security
 CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lo ...)
 	NOT-FOR-US: IBM Lotus Protector for Mail Security
-CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware Managem ...)
+CVE-2014-0883 (IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-sit ...)
 	NOT-FOR-US: IBM
 CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale,  ...)
 	NOT-FOR-US: IBM



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249059e841090fe837ec57db8b3315f90f66cef6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249059e841090fe837ec57db8b3315f90f66cef6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231109/6cb420e8/attachment.htm>

More information about the debian-security-tracker-commits mailing list