[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 22 08:12:19 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8b93407b by security tracker role at 2023-11-22T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,64 @@
-CVE-2023-6238 [nvme: memory corruption via unprivileged user passthrough]
+CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to download a ...)
+ TODO: check
+CVE-2023-5299 (A user with a standard account in Fuji Electric Tellus Lite may overwr ...)
+ TODO: check
+CVE-2023-49105 (An issue was discovered in ownCloud owncloud/core before 10.13.1. An a ...)
+ TODO: check
+CVE-2023-49104 (An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when ...)
+ TODO: check
+CVE-2023-49103 (An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2 ...)
+ TODO: check
+CVE-2023-48701 (Statamic CMS is a Laravel and Git powered content management system (C ...)
+ TODO: check
+CVE-2023-48700 (The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libr ...)
+ TODO: check
+CVE-2023-48699 (fastbots is a library for fast bot and scraper development using selen ...)
+ TODO: check
+CVE-2023-48307 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...)
+ TODO: check
+CVE-2023-48306 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48305 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48304 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48303 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48302 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48301 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in product ...)
+ TODO: check
+CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+ TODO: check
+CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based RPC syst ...)
+ TODO: check
+CVE-2023-48228 (authentik is an open-source identity provider. When initialising a oau ...)
+ TODO: check
+CVE-2023-48161 (Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows ...)
+ TODO: check
+CVE-2023-47393 (An access control issue in Mercedes me IOS APP v1.34.0 and below allow ...)
+ TODO: check
+CVE-2023-47392 (An access control issue in Mercedes me IOS APP v1.34.0 and below allow ...)
+ TODO: check
+CVE-2023-47016 (radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in l ...)
+ TODO: check
+CVE-2023-46814 (A binary hijacking vulnerability exists within the VideoLAN VLC media ...)
+ TODO: check
+CVE-2023-41146 (Autodesk Customer Support Portal allows cases created by users under a ...)
+ TODO: check
+CVE-2023-41145 (Autodesk users who no longer have an active license for an account can ...)
+ TODO: check
+CVE-2023-40152 (When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted ...)
+ TODO: check
+CVE-2023-35127 (Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V ...)
+ TODO: check
+CVE-2023-2447 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2023-2446 (The UserPro plugin for WordPress is vulnerable to sensitive informatio ...)
+ TODO: check
+CVE-2023-6238 (A buffer overflow vulnerability was found in the NVM Express (NVMe) dr ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -34173,8 +34233,8 @@ CVE-2023-29071
RESERVED
CVE-2023-29070
RESERVED
-CVE-2023-29069
- RESERVED
+CVE-2023-29069 (A maliciously crafted DLL file can be forced to install onto a non-def ...)
+ TODO: check
CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file could le ...)
NOT-FOR-US: Autodesk
CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...)
@@ -95289,8 +95349,8 @@ CVE-2022-35640
RESERVED
CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do no ...)
NOT-FOR-US: IBM
-CVE-2022-35638
- RESERVED
+CVE-2022-35638 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
+ TODO: check
CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...)
NOT-FOR-US: IBM
CVE-2022-35636
@@ -163127,8 +163187,8 @@ CVE-2021-37944
RESERVED
CVE-2021-37943
RESERVED
-CVE-2021-37942
- RESERVED
+CVE-2021-37942 (A local privilege escalation issue was found with the APM Java agent, ...)
+ TODO: check
CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...)
NOT-FOR-US: Elastic APM Java agent
CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...)
@@ -163137,8 +163197,8 @@ CVE-2021-37939 (It was discovered that Kibana\u2019s JIRA connector & IBM Resili
NOT-FOR-US: IBM
CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...)
- kibana <itp> (bug #700337)
-CVE-2021-37937
- RESERVED
+CVE-2021-37937 (An issue was found with how API keys are created with the Fleet-Server ...)
+ TODO: check
CVE-2021-37936 (It was discovered that Kibana was not sanitizing document fields conta ...)
- kibana <itp> (bug #700337)
CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...)
@@ -202843,10 +202903,10 @@ CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console
NOT-FOR-US: BlackBerry UEM
CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in ...)
NOT-FOR-US: BlackBerry UEM
-CVE-2021-22151
- RESERVED
-CVE-2021-22150
- RESERVED
+CVE-2021-22151 (It was discovered that Kibana was not validating a user supplied path, ...)
+ TODO: check
+CVE-2021-22150 (It was discovered that a user with Fleet admin permissions could uploa ...)
+ TODO: check
CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...)
NOT-FOR-US: Elastic Enterprise Search
CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...)
@@ -202859,10 +202919,9 @@ CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearc
- elasticsearch <removed>
CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...)
- elasticsearch <removed>
-CVE-2021-22143
- RESERVED
-CVE-2021-22142
- RESERVED
+CVE-2021-22143 (The Elastic APM .NET Agent can leak sensitive HTTP header information ...)
+ TODO: check
+CVE-2021-22142 (Kibana contains an embedded version of the Chromium browser that the R ...)
- kibana <itp> (bug #700337)
CVE-2021-22141 (An open redirect flaw was found in Kibana versions before 7.13.0 and 6 ...)
- kibana <itp> (bug #700337)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b93407b8b394b9db50dc4e844076514523f8bad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b93407b8b394b9db50dc4e844076514523f8bad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231122/4e76f148/attachment.htm>
More information about the debian-security-tracker-commits
mailing list