[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 15 09:11:53 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18442ada by security tracker role at 2023-08-15T08:11:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...)
+ TODO: check
+CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP ...)
+ TODO: check
+CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has control of a ...)
+ TODO: check
+CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using XMLHttpRequ ...)
+ TODO: check
+CVE-2023-39829 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2023-39827 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written in Svelte ...)
+ TODO: check
+CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...)
+ TODO: check
+CVE-2023-32358 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd
@@ -64,7 +86,7 @@ CVE-2023-2606 (The WP Brutal AI WordPress plugin before 2.06 does not sanitise a
NOT-FOR-US: WordPress plugin
CVE-2022-4953 (The Elementor Website Builder WordPress plugin before 3.5.5 does not f ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-39950
+CVE-2023-39950 (efibootguard is a simple UEFI boot loader with support for safely swit ...)
- efibootguard <unfixed>
[bookworm] - efibootguard <no-dsa> (Minor issue, can be fixed via point release)
NOTE: https://github.com/siemens/efibootguard/commit/965d65c5751898c4bb094ef191b7387819423414 (v0.15)
@@ -6313,7 +6335,7 @@ CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms v5.1.1 an
NOT-FOR-US: Snow Monkey Forms
CVE-2022-48505 (This issue was addressed with improved data protection. This issue is ...)
NOT-FOR-US: Apple
-CVE-2022-48503 (Processing web content may lead to arbitrary code execution)
+CVE-2022-48503 (The issue was addressed with improved bounds checks. This issue is fix ...)
{DSA-5241-1 DSA-5240-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
@@ -21579,10 +21601,10 @@ CVE-2023-28201 (This issue was addressed with improved state management. This is
NOT-FOR-US: Apple
CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
-CVE-2023-28199
- RESERVED
-CVE-2023-28198
- RESERVED
+CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ TODO: check
+CVE-2023-28198 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
CVE-2023-28197
RESERVED
CVE-2023-28196
@@ -21619,8 +21641,8 @@ CVE-2023-28181 (The issue was addressed with improved memory handling. This issu
NOT-FOR-US: Apple
CVE-2023-28180 (A denial-of-service issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2023-28179
- RESERVED
+CVE-2023-28179 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2023-28177 (Memory safety bugs present in Firefox 110. Some of these bugs showed e ...)
@@ -22460,10 +22482,10 @@ CVE-2023-27950
RESERVED
CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
-CVE-2023-27948
- RESERVED
-CVE-2023-27947
- RESERVED
+CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-27947 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2023-27945 (This issue was addressed with improved entitlements. This issue is fix ...)
@@ -22478,8 +22500,8 @@ CVE-2023-27941 (A validation issue was addressed with improved input sanitizatio
NOT-FOR-US: Apple
CVE-2023-27940 (The issue was addressed with additional permissions checks. This issue ...)
NOT-FOR-US: Apple
-CVE-2023-27939
- RESERVED
+CVE-2023-27939 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...)
NOT-FOR-US: Apple
CVE-2023-27937 (An integer overflow was addressed with improved input validation. This ...)
@@ -43026,8 +43048,8 @@ CVE-2021-46857
RESERVED
CVE-2020-36616
RESERVED
-CVE-2020-36615
- RESERVED
+CVE-2020-36615 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2020-36614
RESERVED
CVE-2020-36613
@@ -45653,14 +45675,14 @@ CVE-2022-46727
REJECTED
CVE-2022-46726
RESERVED
-CVE-2022-46725
- RESERVED
-CVE-2022-46724
- RESERVED
+CVE-2022-46725 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
+ TODO: check
+CVE-2022-46724 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
CVE-2022-46723 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2022-46722
- RESERVED
+CVE-2022-46722 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
CVE-2022-46721
RESERVED
CVE-2022-46720 (An integer overflow was addressed with improved input validation. This ...)
@@ -45691,8 +45713,8 @@ CVE-2022-46708
REJECTED
CVE-2022-46707
REJECTED
-CVE-2022-46706
- RESERVED
+CVE-2022-46706 (A type confusion issue was addressed with improved state handling. Thi ...)
+ TODO: check
CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
NOT-FOR-US: Apple
CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...)
@@ -51943,64 +51965,63 @@ CVE-2023-21294
RESERVED
CVE-2023-21293
RESERVED
-CVE-2023-21292
- RESERVED
+CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...)
+ TODO: check
CVE-2023-21291
RESERVED
-CVE-2023-21290
- RESERVED
-CVE-2023-21289
- RESERVED
-CVE-2023-21288
- RESERVED
-CVE-2023-21287
- RESERVED
-CVE-2023-21286
- RESERVED
-CVE-2023-21285
- RESERVED
-CVE-2023-21284
- RESERVED
-CVE-2023-21283
- RESERVED
-CVE-2023-21282
- RESERVED
-CVE-2023-21281
- RESERVED
-CVE-2023-21280
- RESERVED
-CVE-2023-21279
- RESERVED
-CVE-2023-21278
- RESERVED
-CVE-2023-21277
- RESERVED
-CVE-2023-21276
- RESERVED
-CVE-2023-21275
- RESERVED
-CVE-2023-21274
- RESERVED
-CVE-2023-21273
- RESERVED
-CVE-2023-21272
- RESERVED
-CVE-2023-21271
- RESERVED
+CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to bypass file ...)
+ TODO: check
+CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi user secu ...)
+ TODO: check
+CVE-2023-21288 (In visitUris of Notification.java, there is a possible way to reveal i ...)
+ TODO: check
+CVE-2023-21287 (In multiple locations, there is a possible code execution due to type ...)
+ TODO: check
+CVE-2023-21286 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...)
+ TODO: check
+CVE-2023-21285 (In setMetadata of MediaSessionRecord.java, there is a possible way to ...)
+ TODO: check
+CVE-2023-21284 (In multiple functions of DevicePolicyManager.java, there is a possible ...)
+ TODO: check
+CVE-2023-21283 (In multiple functions of StatusHints.java, there is a possible way to ...)
+ TODO: check
+CVE-2023-21282 (In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bound ...)
+ TODO: check
+CVE-2023-21281 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...)
+ TODO: check
+CVE-2023-21280 (In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there i ...)
+ TODO: check
+CVE-2023-21279 (In visitUris of RemoteViews.java, there is a possible cross-user media ...)
+ TODO: check
+CVE-2023-21278 (In multiple locations, there is a possible way to obscure the micropho ...)
+ TODO: check
+CVE-2023-21277 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...)
+ TODO: check
+CVE-2023-21276 (In writeToParcel of CursorWindow.cpp, there is a possible information ...)
+ TODO: check
+CVE-2023-21275 (In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivit ...)
+ TODO: check
+CVE-2023-21274 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...)
+ TODO: check
+CVE-2023-21273 (In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds wr ...)
+ TODO: check
+CVE-2023-21272 (In readFrom of Uri.java, there is a possible bad URI permission grant ...)
+ TODO: check
+CVE-2023-21271 (In parseInputs of ShimPreparedModel.cpp, there is a possible out of bo ...)
+ TODO: check
CVE-2023-21270
RESERVED
-CVE-2023-21269
- RESERVED
-CVE-2023-21268
- RESERVED
-CVE-2023-21267
- RESERVED
+CVE-2023-21269 (In startActivityInner of ActivityStarter.java, there is a possible way ...)
+ TODO: check
+CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change direc ...)
+ TODO: check
+CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a possible ...)
+ TODO: check
CVE-2023-21266
RESERVED
-CVE-2023-21265
- RESERVED
-CVE-2023-21264
- RESERVED
+CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...)
+ TODO: check
+CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way to acc ...)
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -52050,8 +52071,8 @@ CVE-2023-21244
RESERVED
CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...)
NOT-FOR-US: Android
-CVE-2023-21242
- RESERVED
+CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java, there is ...)
+ TODO: check
CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...)
NOT-FOR-US: Android
CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...)
@@ -52064,20 +52085,20 @@ CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is
NOT-FOR-US: Android
CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...)
NOT-FOR-US: Android
-CVE-2023-21235
- RESERVED
-CVE-2023-21234
- RESERVED
-CVE-2023-21233
- RESERVED
-CVE-2023-21232
- RESERVED
-CVE-2023-21231
- RESERVED
-CVE-2023-21230
- RESERVED
-CVE-2023-21229
- RESERVED
+CVE-2023-21235 (In onCreate of LockSettingsActivity.java, there is a possible way set ...)
+ TODO: check
+CVE-2023-21234 (In launchConfirmationActivity of ChooseLockSettingsHelper.java, there ...)
+ TODO: check
+CVE-2023-21233 (In multiple locations of avrc, there is a possible leak of heap data d ...)
+ TODO: check
+CVE-2023-21232 (In multiple locations, there is a possible way to retrieve sensor data ...)
+ TODO: check
+CVE-2023-21231 (In getIntentForButton of ButtonManager.java, there is a possible way f ...)
+ TODO: check
+CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is a poss ...)
+ TODO: check
+CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...)
+ TODO: check
CVE-2023-21228
RESERVED
CVE-2023-21227
@@ -52254,8 +52275,8 @@ CVE-2023-21142 (In multiple files, there is a possible way to access traces in t
NOT-FOR-US: Android
CVE-2023-21141 (In several functions of several files, there is a possible way to acce ...)
NOT-FOR-US: Android
-CVE-2023-21140
- RESERVED
+CVE-2023-21140 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...)
+ TODO: check
CVE-2023-21139 (In bindPlayer of MediaControlPanel.java, there is a possible launch ar ...)
NOT-FOR-US: Android
CVE-2023-21138 (In onNullBinding of CallRedirectionProcessor.java, there is a possible ...)
@@ -52266,12 +52287,12 @@ CVE-2023-21136 (In multiple functions of JobStore.java, there is a possible way
NOT-FOR-US: Android
CVE-2023-21135 (In onCreate of NotificationAccessSettings.java, there is a possible fa ...)
NOT-FOR-US: Android
-CVE-2023-21134
- RESERVED
-CVE-2023-21133
- RESERVED
-CVE-2023-21132
- RESERVED
+CVE-2023-21134 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...)
+ TODO: check
+CVE-2023-21133 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...)
+ TODO: check
+CVE-2023-21132 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...)
+ TODO: check
CVE-2023-21131 (In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, t ...)
NOT-FOR-US: Android
CVE-2023-21130 (In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possib ...)
@@ -52612,8 +52633,8 @@ CVE-2023-20967 (In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possi
NOT-FOR-US: Android
CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
-CVE-2023-20965
- RESERVED
+CVE-2023-20965 (In processMessageImpl of ClientModeImpl.java, there is a possible cred ...)
+ TODO: check
CVE-2023-20964 (In multiple functions of MediaSessionRecord.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2023-20963 (In WorkSource, there is a possible parcel mismatch. This could lead to ...)
@@ -59894,8 +59915,8 @@ CVE-2022-42830 (The issue was addressed with improved memory handling. This issu
NOT-FOR-US: Apple
CVE-2022-42829 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
-CVE-2022-42828
- RESERVED
+CVE-2022-42828 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
CVE-2022-42827 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-42826 (A use after free issue was addressed with improved memory management. ...)
@@ -86811,8 +86832,8 @@ CVE-2022-32878
REJECTED
CVE-2022-32877 (A configuration issue was addressed with additional restrictions. This ...)
NOT-FOR-US: Apple
-CVE-2022-32876
- RESERVED
+CVE-2022-32876 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2022-32875 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2022-32874
@@ -105146,8 +105167,8 @@ CVE-2022-26700 (A memory corruption issue was addressed with improved state mana
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.3-1
NOTE: https://webkitgtk.org/security/WSA-2022-0005.html
-CVE-2022-26699
- RESERVED
+CVE-2022-26699 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds checkin ...)
NOT-FOR-US: Apple
CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...)
@@ -118877,8 +118898,8 @@ CVE-2022-22657 (A memory initialization issue was addressed with improved memory
NOT-FOR-US: Apple
CVE-2022-22656 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
-CVE-2022-22655
- RESERVED
+CVE-2022-22655 (An access issue was addressed with improvements to the sandbox. This i ...)
+ TODO: check
CVE-2022-22654 (A user interface issue was addressed. This issue is fixed in watchOS 8 ...)
NOT-FOR-US: Apple
CVE-2022-22653 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -118895,8 +118916,8 @@ CVE-2022-22648 (This issue was addressed with improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2022-22647 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2022-22646
- RESERVED
+CVE-2022-22646 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
CVE-2022-22645
REJECTED
CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This was add ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18442adaab2aaabb260da7d54081c2f777c92087
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18442adaab2aaabb260da7d54081c2f777c92087
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230815/c071a216/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list