[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 20 09:10:31 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9adc0d39 by security tracker role at 2023-04-20T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2023-30897
+ RESERVED
+CVE-2023-2192
+ RESERVED
+CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...)
+ TODO: check
+CVE-2023-2190
+ RESERVED
+CVE-2023-2189
+ RESERVED
+CVE-2023-2188
+ RESERVED
CVE-2023-30896
RESERVED
CVE-2023-30895
@@ -247,14 +259,13 @@ CVE-2023-30799
RESERVED
CVE-2023-30798
RESERVED
-CVE-2023-30797
- RESERVED
+CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...)
+ TODO: check
CVE-2023-30796
RESERVED
CVE-2023-30795
RESERVED
-CVE-2023-2166
- RESERVED
+CVE-2023-2166 (A null pointer dereference issue was found in can protocol in net/can/ ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.162-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -265,8 +276,7 @@ CVE-2023-2164
RESERVED
CVE-2023-2163
RESERVED
-CVE-2023-2162
- RESERVED
+CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_creat ...)
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
CVE-2023-2161
@@ -315,8 +325,8 @@ CVE-2023-2140
RESERVED
CVE-2023-2139
RESERVED
-CVE-2022-4942
- RESERVED
+CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...)
+ TODO: check
CVE-2022-48475
RESERVED
CVE-2022-48474
@@ -331,8 +341,8 @@ CVE-2022-48470
RESERVED
CVE-2022-48469
RESERVED
-CVE-2014-125099
- RESERVED
+CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...)
+ TODO: check
CVE-2023-30794
RESERVED
CVE-2023-30793
@@ -7559,12 +7569,10 @@ CVE-2023-28330 (Insufficient sanitizing in backup resulted in an arbitrary file
- moodle <removed>
CVE-2023-28329 (Insufficient validation of profile field availability condition result ...)
- moodle <removed>
-CVE-2023-28328
- RESERVED
+CVE-2023-28328 (A NULL pointer dereference flaw was found in the az6027 driver in driv ...)
- linux 6.1.4-1
NOTE: https://git.kernel.org/linus/0ed554fd769a19ea8464bb83e9ac201002ef74ad (6.2-rc1)
-CVE-2023-28327
- RESERVED
+CVE-2023-28327 (A NULL pointer dereference flaw was found in the UNIX protocol in net/ ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.162-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -7623,8 +7631,7 @@ CVE-2023-1384
RESERVED
CVE-2023-1383
RESERVED
-CVE-2023-1382
- RESERVED
+CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...)
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
[buster] - linux 4.19.269-1
@@ -8303,12 +8310,12 @@ CVE-2023-28126
RESERVED
CVE-2023-28125
RESERVED
-CVE-2023-28124
- RESERVED
-CVE-2023-28123
- RESERVED
-CVE-2023-28122
- RESERVED
+CVE-2023-28124 (Improper usage of symmetric encryption in UI Desktop for Windows (Vers ...)
+ TODO: check
+CVE-2023-28123 (A permission misconfiguration in UI Desktop for Windows (Version 0.59. ...)
+ TODO: check
+CVE-2023-28122 (A local privilege escalation (LPE) vulnerability in UI Desktop for Win ...)
+ TODO: check
CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28120
@@ -8476,8 +8483,8 @@ CVE-2023-28049
RESERVED
CVE-2023-28048
RESERVED
-CVE-2023-28047
- RESERVED
+CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
+ TODO: check
CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
NOT-FOR-US: Dell
CVE-2023-28045
@@ -10123,7 +10130,7 @@ CVE-2023-27539
NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1)
NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
-CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl v8.0.0 where ...)
+CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl prior to v8.0 ...)
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27538.html
@@ -21867,8 +21874,8 @@ CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3
NOT-FOR-US: SICK
CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...)
NOT-FOR-US: SICK
-CVE-2023-23451
- RESERVED
+CVE-2023-23451 (The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNE ...)
+ TODO: check
CVE-2023-23450
RESERVED
CVE-2023-23449
@@ -38091,67 +38098,47 @@ CVE-2023-21102
RESERVED
CVE-2023-21101
RESERVED
-CVE-2023-21100
- RESERVED
+CVE-2023-21100 (In inflate of inflate.c, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
-CVE-2023-21099
- RESERVED
+CVE-2023-21099 (In multiple methods of PackageInstallerSession.java, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21098
- RESERVED
+CVE-2023-21098 (In multiple functions of AccountManagerService.java, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21097
- RESERVED
+CVE-2023-21097 (In toUriInner of Intent.java, there is a possible way to launch an arb ...)
NOT-FOR-US: Android
-CVE-2023-21096
- RESERVED
+CVE-2023-21096 (In OnWakelockReleased of attribution_processor.cc, there is a use afte ...)
NOT-FOR-US: Android
CVE-2023-21095
RESERVED
-CVE-2023-21094
- RESERVED
+CVE-2023-21094 (In sanitize of LayerState.cpp, there is a possible way to take over th ...)
NOT-FOR-US: Android
-CVE-2023-21093
- RESERVED
+CVE-2023-21093 (In extractRelativePath of FileUtils.java, there is a possible way to a ...)
NOT-FOR-US: Android
-CVE-2023-21092
- RESERVED
+CVE-2023-21092 (In retrieveServiceLocked of ActiveServices.java, there is a possible w ...)
NOT-FOR-US: Android
-CVE-2023-21091
- RESERVED
+CVE-2023-21091 (In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2023-21090
- RESERVED
+CVE-2023-21090 (In parseUsesPermission of ParsingPackageUtils.java, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2023-21089
- RESERVED
+CVE-2023-21089 (In startInstrumentation of ActivityManagerService.java, there is a pos ...)
NOT-FOR-US: Android
-CVE-2023-21088
- RESERVED
+CVE-2023-21088 (In deliverOnFlushComplete of LocationProviderManager.java, there is a ...)
NOT-FOR-US: Android
-CVE-2023-21087
- RESERVED
+CVE-2023-21087 (In PreferencesHelper.java, an uncaught exception may cause the device ...)
NOT-FOR-US: Android
-CVE-2023-21086
- RESERVED
+CVE-2023-21086 (In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceContro ...)
NOT-FOR-US: Android
-CVE-2023-21085
- RESERVED
+CVE-2023-21085 (In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of ...)
NOT-FOR-US: Android
-CVE-2023-21084
- RESERVED
+CVE-2023-21084 (In buildPropFile of filesystem.go, there is a possible insecure hash d ...)
NOT-FOR-US: Android
-CVE-2023-21083
- RESERVED
+CVE-2023-21083 (In onNullBinding of CallScreeningServiceHelper.java, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21082
- RESERVED
+CVE-2023-21082 (In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, t ...)
NOT-FOR-US: Android
-CVE-2023-21081
- RESERVED
+CVE-2023-21081 (In multiple functions of PackageInstallerService.java and related file ...)
NOT-FOR-US: Android
-CVE-2023-21080
- RESERVED
+CVE-2023-21080 (In register_notification_rsp of btif_rc.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...)
NOT-FOR-US: Android
@@ -38377,8 +38364,7 @@ CVE-2023-20969 (In multiple locations of p2p_iface.cpp, there is a possible out
NOT-FOR-US: Android
CVE-2023-20968 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...)
NOT-FOR-US: Android
-CVE-2023-20967
- RESERVED
+CVE-2023-20967 (In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible ou ...)
NOT-FOR-US: Android
CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
@@ -38412,8 +38398,7 @@ CVE-2023-20952 (In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible
NOT-FOR-US: Android
CVE-2023-20951 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2023-20950
- RESERVED
+CVE-2023-20950 (In AlarmManagerActivity of AlarmManagerActivity.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...)
NOT-FOR-US: Linux kernel of the Pixel phone
@@ -38432,8 +38417,7 @@ CVE-2023-20943 (In clearApplicationUserData of ActivityManagerService.java, ther
CVE-2023-20942
RESERVED
NOT-FOR-US: Android
-CVE-2023-20941
- RESERVED
+CVE-2023-20941 (In acc_ctrlrequest_composite of f_accessory.c, there is a possible out ...)
- linux <not-affected> (Android-specific kernel patch)
NOTE: https://android.googlesource.com/kernel/common/+/f63204236560b6f38b6e015c53eb6304d988
CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...)
@@ -38449,8 +38433,7 @@ CVE-2023-20937 (In several functions of the Android Linux kernel, there is a pos
NOTE: https://source.android.com/docs/security/bulletin/2023-02-01
CVE-2023-20936 (In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
-CVE-2023-20935
- RESERVED
+CVE-2023-20935 (In deserialize of multiple files, there is a possible out of bounds re ...)
NOT-FOR-US: Android
CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...)
NOT-FOR-US: Android
@@ -38508,8 +38491,7 @@ CVE-2023-20911 (In addPermission of PermissionManagerServiceImpl.java , there is
NOT-FOR-US: Android
CVE-2023-20910 (In addNetworkSuggestions of WifiManager.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2023-20909
- RESERVED
+CVE-2023-20909 (In multiple functions of RunningTasks.java, there is a possible privil ...)
NOT-FOR-US: Android
CVE-2023-20908 (In several functions of SettingsState.java, there is a possible system ...)
NOT-FOR-US: Android
@@ -38939,8 +38921,8 @@ CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+ a
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2023-20863
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
-CVE-2023-20862
- RESERVED
+CVE-2023-20862 (In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prio ...)
+ TODO: check
CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2023-20861
@@ -71278,8 +71260,7 @@ CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704945
NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1)
NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;h=6f332dd0baee0135ebff0bf25c56e9adff0f944a (ghostpdl-9.55.0rc1)
-CVE-2022-2084 [logged schema failures can include password hashes]
- RESERVED
+CVE-2022-2084 (Sensitive data could be exposed in world readable logs of cloud-init b ...)
- cloud-init 22.2-2 (bug #1014247)
[bullseye] - cloud-init <not-affected> (Vulnerable code not present, introduced in 22.2)
[buster] - cloud-init <not-affected> (Vulnerable code not present, introduced in 22.2)
@@ -141762,18 +141743,18 @@ CVE-2021-33977
RESERVED
CVE-2021-33976
RESERVED
-CVE-2021-33975
- RESERVED
-CVE-2021-33974
- RESERVED
-CVE-2021-33973
- RESERVED
-CVE-2021-33972
- RESERVED
-CVE-2021-33971
- RESERVED
-CVE-2021-33970
- RESERVED
+CVE-2021-33975 (Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 ...)
+ TODO: check
+CVE-2021-33974 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...)
+ TODO: check
+CVE-2021-33973 (Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v1 ...)
+ TODO: check
+CVE-2021-33972 (Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 a ...)
+ TODO: check
+CVE-2021-33971 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...)
+ TODO: check
+CVE-2021-33970 (Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows ...)
+ TODO: check
CVE-2021-33969
RESERVED
CVE-2021-33968
@@ -157289,8 +157270,7 @@ CVE-2021-3431 (Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions
NOT-FOR-US: zephyr-rtos
CVE-2021-3430 (Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr vers ...)
NOT-FOR-US: zephyr-rtos
-CVE-2021-3429
- RESERVED
+CVE-2021-3429 (When instructing cloud-init to set a random password for a new user ac ...)
{DLA-2601-1}
- cloud-init 20.4.1-2 (bug #985540)
[buster] - cloud-init 20.2-2~deb10u2
@@ -186785,34 +186765,34 @@ CVE-2021-0887 (In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of
NOT-FOR-US: Android
CVE-2021-0886
RESERVED
-CVE-2021-0885
- RESERVED
-CVE-2021-0884
- RESERVED
-CVE-2021-0883
- RESERVED
-CVE-2021-0882
- RESERVED
-CVE-2021-0881
- RESERVED
-CVE-2021-0880
- RESERVED
-CVE-2021-0879
- RESERVED
-CVE-2021-0878
- RESERVED
+CVE-2021-0885 (In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing ...)
+ TODO: check
+CVE-2021-0884 (In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, ...)
+ TODO: check
+CVE-2021-0883 (In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing si ...)
+ TODO: check
+CVE-2021-0882 (In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing siz ...)
+ TODO: check
+CVE-2021-0881 (In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size ...)
+ TODO: check
+CVE-2021-0880 (In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing siz ...)
+ TODO: check
+CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a mi ...)
+ TODO: check
+CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a mis ...)
+ TODO: check
CVE-2021-0877
RESERVED
-CVE-2021-0876
- RESERVED
-CVE-2021-0875
- RESERVED
-CVE-2021-0874
- RESERVED
-CVE-2021-0873
- RESERVED
-CVE-2021-0872
- RESERVED
+CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driv ...)
+ TODO: check
+CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing ...)
+ TODO: check
+CVE-2021-0874 (In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driv ...)
+ TODO: check
+CVE-2021-0873 (In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size ...)
+ TODO: check
+CVE-2021-0872 (In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing siz ...)
+ TODO: check
CVE-2021-0871 (In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a mi ...)
NOT-FOR-US: Android
CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9adc0d39dbc841f95b640bb20811281e52815515
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9adc0d39dbc841f95b640bb20811281e52815515
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230420/4ca909a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list