[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 5 08:12:01 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be35d0f3 by security tracker role at 2023-12-05T08:11:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,287 @@
+CVE-2023-6269 (An argument injection vulnerability has been identified in the admini ...)
+ TODO: check
+CVE-2023-6063 (The WP Fastest Cache WordPress plugin before 1.2.2 does not properly s ...)
+ TODO: check
+CVE-2023-5990 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
+ TODO: check
+CVE-2023-5979 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.2 ...)
+ TODO: check
+CVE-2023-5953 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate ...)
+ TODO: check
+CVE-2023-5952 (The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user ...)
+ TODO: check
+CVE-2023-5951 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise ...)
+ TODO: check
+CVE-2023-5944 (Delta ElectronicsDOPSoft is vulnerable to a stack-based buffer overflo ...)
+ TODO: check
+CVE-2023-5884 (The Word Balloon WordPress plugin before 4.20.3 does not protect some ...)
+ TODO: check
+CVE-2023-5874 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...)
+ TODO: check
+CVE-2023-5809 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...)
+ TODO: check
+CVE-2023-5808 (Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on ...)
+ TODO: check
+CVE-2023-5762 (The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Re ...)
+ TODO: check
+CVE-2023-5210 (The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escap ...)
+ TODO: check
+CVE-2023-5188 (The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is u ...)
+ TODO: check
+CVE-2023-5141 (The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does n ...)
+ TODO: check
+CVE-2023-5137 (The Simply Excerpts WordPress plugin through 1.4 does not sanitize and ...)
+ TODO: check
+CVE-2023-5108 (The Easy Newsletter Signups WordPress plugin through 1.0.4 does not pr ...)
+ TODO: check
+CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6 has a vu ...)
+ TODO: check
+CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 d ...)
+ TODO: check
+CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation ...)
+ TODO: check
+CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 ...)
+ TODO: check
+CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch or tag n ...)
+ TODO: check
+CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/J ...)
+ TODO: check
+CVE-2023-49289 (Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP ...)
+ TODO: check
+CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
+ TODO: check
+CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
+ TODO: check
+CVE-2023-49285 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
+ TODO: check
+CVE-2023-49284 (fish is a smart and user-friendly command line shell for macOS, Linux, ...)
+ TODO: check
+CVE-2023-49280 (XWiki Change Request is an XWiki application allowing to request chang ...)
+ TODO: check
+CVE-2023-49080 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
+ TODO: check
+CVE-2023-48698 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
+CVE-2023-48697 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
+CVE-2023-48696 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
+CVE-2023-48695 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
+CVE-2023-48694 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
+CVE-2023-48693 (Azure RTOS ThreadX is an advanced real-time operating system (RTOS) de ...)
+ TODO: check
+CVE-2023-48692 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...)
+ TODO: check
+CVE-2023-48691 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...)
+ TODO: check
+CVE-2023-48316 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...)
+ TODO: check
+CVE-2023-48315 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...)
+ TODO: check
+CVE-2023-47633 (Traefik is an open source HTTP reverse proxy and load balancer. The tr ...)
+ TODO: check
+CVE-2023-47304 (An issue was discovered in Vonage Box Telephone Adapter VDV23 version ...)
+ TODO: check
+CVE-2023-47124 (Traefik is an open source HTTP reverse proxy and load balancer. When T ...)
+ TODO: check
+CVE-2023-47106 (Traefik is an open source HTTP reverse proxy and load balancer. When a ...)
+ TODO: check
+CVE-2023-45781 (In parse_gap_data of utils.cc, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2023-45779 (In TBD of TBD, there is a possible malicious update to platform compon ...)
+ TODO: check
+CVE-2023-45777 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...)
+ TODO: check
+CVE-2023-45776 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of ...)
+ TODO: check
+CVE-2023-45775 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of ...)
+ TODO: check
+CVE-2023-45774 (In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possi ...)
+ TODO: check
+CVE-2023-45773 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...)
+ TODO: check
+CVE-2023-44295 (Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an imp ...)
+ TODO: check
+CVE-2023-44288 (Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper c ...)
+ TODO: check
+CVE-2023-43472 (An issue in MLFlow versions 2.8.1 and before allows a remote attacker ...)
+ TODO: check
+CVE-2023-42581 (Improper URL validation from InstantPlay deeplink in Galaxy Store prio ...)
+ TODO: check
+CVE-2023-42580 (Improper URL validation from MCSLaunch deeplink in Galaxy Store prior ...)
+ TODO: check
+CVE-2023-42579 (Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese ...)
+ TODO: check
+CVE-2023-42578 (Improper handling of insufficient permissions or privileges vulnerabil ...)
+ TODO: check
+CVE-2023-42577 (Improper Access Control in Samsung Voice Recorder prior to versions 21 ...)
+ TODO: check
+CVE-2023-42576 (Improper Authentication vulnerability in Samsung Pass prior to version ...)
+ TODO: check
+CVE-2023-42575 (Improper Authentication vulnerability in Samsung Pass prior to version ...)
+ TODO: check
+CVE-2023-42574 (Improper access control vulnerablility in GameHomeCN prior to version ...)
+ TODO: check
+CVE-2023-42573 (PendingIntent hijacking vulnerability in Search Widget prior to versio ...)
+ TODO: check
+CVE-2023-42572 (Implicit intent hijacking vulnerability in Samsung Account Web SDK pri ...)
+ TODO: check
+CVE-2023-42571 (Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 all ...)
+ TODO: check
+CVE-2023-42570 (Improper access control vulnerability in KnoxCustomManagerService prio ...)
+ TODO: check
+CVE-2023-42569 (Improper authorization verification vulnerability in AR Emoji prior to ...)
+ TODO: check
+CVE-2023-42568 (Improper access control vulnerability in SmartManagerCN prior to SMR D ...)
+ TODO: check
+CVE-2023-42567 (Improper size check vulnerability in softsimd prior to SMR Dec-2023 Re ...)
+ TODO: check
+CVE-2023-42566 (Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Re ...)
+ TODO: check
+CVE-2023-42565 (Improper input validation vulnerability in Smart Clip prior to SMR Dec ...)
+ TODO: check
+CVE-2023-42564 (Improper access control in knoxcustom service prior to SMR Dec-2023 Re ...)
+ TODO: check
+CVE-2023-42563 (Integer overflow vulnerability in landmarkCopyImageToNative of libFace ...)
+ TODO: check
+CVE-2023-42562 (Integer overflow vulnerability in detectionFindFaceSupportMultiInstanc ...)
+ TODO: check
+CVE-2023-42561 (Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec- ...)
+ TODO: check
+CVE-2023-42560 (Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.s ...)
+ TODO: check
+CVE-2023-42559 (Improper exception management vulnerability in Knox Guard prior to SMR ...)
+ TODO: check
+CVE-2023-42558 (Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 ...)
+ TODO: check
+CVE-2023-42557 (Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Re ...)
+ TODO: check
+CVE-2023-42556 (Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Re ...)
+ TODO: check
+CVE-2023-40465 (Several versions of ALEOS, including ALEOS 4.16.0, include an opensour ...)
+ TODO: check
+CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded ...)
+ TODO: check
+CVE-2023-40463 (When configured in debugging mode by an authenticated user with adm ...)
+ TODO: check
+CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not perform ...)
+ TODO: check
+CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an authen ...)
+ TODO: check
+CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not validat ...)
+ TODO: check
+CVE-2023-40459 (The ACEManager component of ALEOS 4.16 and earlier does not adequately ...)
+ TODO: check
+CVE-2023-40103 (In multiple locations, there is a possible way to corrupt memory due t ...)
+ TODO: check
+CVE-2023-40098 (In mOnDone of NotificationConversationInfo.java, there is a possible w ...)
+ TODO: check
+CVE-2023-40097 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...)
+ TODO: check
+CVE-2023-40096 (In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is ...)
+ TODO: check
+CVE-2023-40095 (In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, th ...)
+ TODO: check
+CVE-2023-40094 (In keyguardGoingAway of ActivityTaskManagerService.java, there is a po ...)
+ TODO: check
+CVE-2023-40092 (In verifyShortcutInfoPackage of ShortcutService.java, there is a possi ...)
+ TODO: check
+CVE-2023-40091 (In onTransact of IncidentService.cpp, there is a possible out of bound ...)
+ TODO: check
+CVE-2023-40090 (In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to by ...)
+ TODO: check
+CVE-2023-40089 (In getCredentialManagerPolicy of DevicePolicyManagerService.java, ther ...)
+ TODO: check
+CVE-2023-40088 (In callback_thread_event of com_android_bluetooth_btservice_AdapterSer ...)
+ TODO: check
+CVE-2023-40087 (In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possibl ...)
+ TODO: check
+CVE-2023-40084 (In run of MDnsSdListener.cpp, there is a possible memory corruption du ...)
+ TODO: check
+CVE-2023-40083 (In parse_gap_data of utils.cc, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2023-40082 (In modify_for_next_stage of fdt.rs, there is a possible way to render ...)
+ TODO: check
+CVE-2023-40081 (In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a p ...)
+ TODO: check
+CVE-2023-40080 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...)
+ TODO: check
+CVE-2023-40079 (In injectSendIntentSender of ShortcutService.java, there is a possible ...)
+ TODO: check
+CVE-2023-40078 (In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder. ...)
+ TODO: check
+CVE-2023-40077 (In multiple functions of MetaDataBase.cpp, there is a possible UAF wri ...)
+ TODO: check
+CVE-2023-40076 (In createPendingIntent of CredentialManagerUi.java, there is a possibl ...)
+ TODO: check
+CVE-2023-40075 (In forceReplaceShortcutInner of ShortcutPackage.java, there is a possi ...)
+ TODO: check
+CVE-2023-40074 (In saveToXml of PersistableBundle.java, invalid data could lead to loc ...)
+ TODO: check
+CVE-2023-40073 (In visitUris of Notification.java, there is a possible cross-user medi ...)
+ TODO: check
+CVE-2023-39248 (Dell OS10 Networking Switches running 10.5.2.x and above contain an Un ...)
+ TODO: check
+CVE-2023-37572 (Softing OPC Suite version 5.25 and before has Incorrect Access Control ...)
+ TODO: check
+CVE-2023-35690 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-35668 (In visitUris of Notification.java, there is a possible way to display ...)
+ TODO: check
+CVE-2023-33107 (Memory corruption in Graphics Linux while assigning shared virtual mem ...)
+ TODO: check
+CVE-2023-33106 (Memory corruption while submitting a large list of sync points in an A ...)
+ TODO: check
+CVE-2023-33098 (Transient DOS while parsing WPA IES, when it is passed with length mor ...)
+ TODO: check
+CVE-2023-33097 (Transient DOS in WLAN Firmware while processing a FTMR frame.)
+ TODO: check
+CVE-2023-33092 (Memory corruption while processing pin reply in Bluetooth, when pin co ...)
+ TODO: check
+CVE-2023-33089 (Transient DOS when processing a NULL buffer while parsing WLAN vdev.)
+ TODO: check
+CVE-2023-33088 (Memory corruption when processing cmd parameters while parsing vdev.)
+ TODO: check
+CVE-2023-33087 (Memory corruption in Core while processing RX intent request.)
+ TODO: check
+CVE-2023-33083 (Memory corruption in WLAN Host while processing RRM beacon on the AP.)
+ TODO: check
+CVE-2023-33082 (Memory corruption while sending an Assoc Request having BTM Query or B ...)
+ TODO: check
+CVE-2023-33081 (Transient DOS while converting TWT (Target Wake Time) frame parameters ...)
+ TODO: check
+CVE-2023-33080 (Transient DOS while parsing a vender specific IE (Information Element) ...)
+ TODO: check
+CVE-2023-33079 (Memory corruption in Audio while running invalid audio recording from ...)
+ TODO: check
+CVE-2023-33071 (Memory corruption in Automotive OS whenever untrusted apps try to acce ...)
+ TODO: check
+CVE-2023-33070 (Transient DOS in Automotive OS due to improper authentication to the s ...)
+ TODO: check
+CVE-2023-33063 (Memory corruption in DSP Services during a remote call from HLOS to DS ...)
+ TODO: check
+CVE-2023-33054 (Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS ...)
+ TODO: check
+CVE-2023-33053 (Memory corruption in Kernel while parsing metadata.)
+ TODO: check
+CVE-2023-33044 (Transient DOS in Data modem while handling TLB control messages from t ...)
+ TODO: check
+CVE-2023-33043 (Transient DOS in Modem when a Beam switch request is made with a non-c ...)
+ TODO: check
+CVE-2023-33042 (Transient DOS in Modem after RRC Setup message is received.)
+ TODO: check
+CVE-2023-33041 (Under certain scenarios the WLAN Firmware will reach an assertion due ...)
+ TODO: check
+CVE-2023-33024 (Memory corruption while sending SMS from AP firmware.)
+ TODO: check
+CVE-2023-33022 (Memory corruption in HLOS while invoking IOCTL calls from user-space.)
+ TODO: check
+CVE-2023-33018 (Memory corruption while using the UIM diag command to get the operator ...)
+ TODO: check
+CVE-2023-33017 (Memory corruption in Boot while running a ListVars test in UEFI Menu d ...)
+ TODO: check
CVE-2023-4503
NOT-FOR-US: Red Hat EAP-Galleon
CVE-2023-6484
@@ -387,7 +671,7 @@ CVE-2023-4518 (A vulnerability exists in the input validation of the GOOSE mess
NOT-FOR-US: Hitachi
CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection vulnerabili ...)
NOT-FOR-US: RuoYi
-CVE-2023-48893 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...)
+CVE-2023-48893 (SQL injection vulnerability in Senayan Library Management Systems Slim ...)
NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian
CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...)
NOT-FOR-US: D-Link
@@ -4570,7 +4854,7 @@ CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2
CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL injection vulner ...)
NOT-FOR-US: kerawen
CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a C ...)
- {DSA-5572-1}
+ {DSA-5572-1 DLA-3683-1}
- roundcube 1.6.5+dfsg-1 (bug #1055421)
NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5)
CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
@@ -37958,14 +38242,14 @@ CVE-2023-28590
RESERVED
CVE-2023-28589
RESERVED
-CVE-2023-28588
- RESERVED
-CVE-2023-28587
- RESERVED
-CVE-2023-28586
- RESERVED
-CVE-2023-28585
- RESERVED
+CVE-2023-28588 (Transient DOS in Bluetooth Host while rfc slot allocation.)
+ TODO: check
+CVE-2023-28587 (Memory corruption in BT controller while parsing debug commands with s ...)
+ TODO: check
+CVE-2023-28586 (Information disclosure when the trusted application metadata symbol ad ...)
+ TODO: check
+CVE-2023-28585 (Memory corruption while loading an ELF segment in TEE Kernel.)
+ TODO: check
CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...)
NOT-FOR-US: Qualcomm
CVE-2023-28583
@@ -37974,10 +38258,10 @@ CVE-2023-28582
RESERVED
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28580
- RESERVED
-CVE-2023-28579
- RESERVED
+CVE-2023-28580 (Memory corruption in WLAN Host while setting the PMK length in PMK len ...)
+ TODO: check
+CVE-2023-28579 (Memory Corruption in WLAN Host while deserializing the input PMK bytes ...)
+ TODO: check
CVE-2023-28578
RESERVED
CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no ch ...)
@@ -38032,18 +38316,18 @@ CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event co
NOT-FOR-US: Qualcomm
CVE-2023-28552
RESERVED
-CVE-2023-28551
- RESERVED
-CVE-2023-28550
- RESERVED
+CVE-2023-28551 (Memory corruption in UTILS when modem processes memory specific Diag c ...)
+ TODO: check
+CVE-2023-28550 (Memory corruption in MPP performance while accessing DSM watermark usi ...)
+ TODO: check
CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in processing TL ...)
NOT-FOR-US: Qualcomm
CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...)
NOT-FOR-US: Qualcomm
CVE-2023-28547
RESERVED
-CVE-2023-28546
- RESERVED
+CVE-2023-28546 (Memory Corruption in SPS Application while exporting public key in sor ...)
+ TODO: check
CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)
NOT-FOR-US: Qualcomm
CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...)
@@ -43085,12 +43369,12 @@ CVE-2023-26945
RESERVED
CVE-2023-26944
RESERVED
-CVE-2023-26943
- RESERVED
-CVE-2023-26942
- RESERVED
-CVE-2023-26941
- RESERVED
+CVE-2023-26943 (Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allo ...)
+ TODO: check
+CVE-2023-26942 (Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allo ...)
+ TODO: check
+CVE-2023-26941 (Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allo ...)
+ TODO: check
CVE-2023-26940
RESERVED
CVE-2023-26939
@@ -51696,20 +51980,20 @@ CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: Crash in CLI tool, no security impact
CVE-2023-24053
RESERVED
-CVE-2023-24052
- RESERVED
-CVE-2023-24051
- RESERVED
-CVE-2023-24050
- RESERVED
-CVE-2023-24049
- RESERVED
-CVE-2023-24048
- RESERVED
-CVE-2023-24047
- RESERVED
-CVE-2023-24046
- RESERVED
+CVE-2023-24052 (An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows att ...)
+ TODO: check
+CVE-2023-24051 (A client side rate limit issue discovered in Connectize AC21000 G6 641 ...)
+ TODO: check
+CVE-2023-24050 (Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641. ...)
+ TODO: check
+CVE-2023-24049 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...)
+ TODO: check
+CVE-2023-24048 (Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 ...)
+ TODO: check
+CVE-2023-24047 (An Insecure Credential Management issue discovered in Connectize AC210 ...)
+ TODO: check
+CVE-2023-24046 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...)
+ TODO: check
CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...)
NOT-FOR-US: Dataiku
CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...)
@@ -56260,8 +56544,8 @@ CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading proc
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2023-22668
- RESERVED
+CVE-2023-22668 (Memory Corruption in Audio while invoking IOCTLs calls from the user-s ...)
+ TODO: check
CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...)
NOT-FOR-US: Qualcomm
CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...)
@@ -58618,8 +58902,8 @@ CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOL
NOT-FOR-US: Qualcomm
CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...)
NOT-FOR-US: Qualcomm
-CVE-2023-22383
- RESERVED
+CVE-2023-22383 (Memory Corruption in camera while installing a fd for a particular DMA ...)
+ TODO: check
CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...)
NOT-FOR-US: Qualcomm
CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
@@ -59701,8 +59985,8 @@ CVE-2022-47533
RESERVED
CVE-2022-47532
RESERVED
-CVE-2022-47531
- RESERVED
+CVE-2022-47531 (An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versi ...)
+ TODO: check
CVE-2022-47530
RESERVED
CVE-2022-47529 (Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWit ...)
@@ -63454,8 +63738,8 @@ CVE-2023-21636 (Memory Corruption due to improper validation of array index in L
NOT-FOR-US: Qualcomm
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21634
- RESERVED
+CVE-2023-21634 (Memory Corruption in Radio Interface Layer while sending an SMS or wri ...)
+ TODO: check
CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...)
NOT-FOR-US: Qualcomm
CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.)
@@ -64116,8 +64400,8 @@ CVE-2022-46482
RESERVED
CVE-2022-46481
RESERVED
-CVE-2022-46480
- RESERVED
+CVE-2022-46480 (Incorrect Session Management and Credential Re-use in the Bluetooth LE ...)
+ TODO: check
CVE-2022-46479
RESERVED
CVE-2022-46478 (The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no ...)
@@ -69635,12 +69919,12 @@ CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead t
NOTE: https://sourceforge.net/p/libpng/bugs/300/
CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-21403
- RESERVED
-CVE-2023-21402
- RESERVED
-CVE-2023-21401
- RESERVED
+CVE-2023-21403 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21402 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21401 (There is elevation of privilege.)
+ TODO: check
CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...)
{DSA-5480-1 DLA-3623-1}
- linux 5.18.2-1
@@ -69660,7 +69944,7 @@ CVE-2023-21396 (In Activity Manager, there is a possible background activity lau
NOT-FOR-US: Android
CVE-2023-21395 (In Bluetooth, there is a possible out of bounds read due to a use afte ...)
NOT-FOR-US: Android
-CVE-2023-21394 (In Telecomm, there is a possible bypass of a multi user security bound ...)
+CVE-2023-21394 (In registerPhoneAccount of TelecomServiceImpl.java, there is a possibl ...)
NOT-FOR-US: Android
CVE-2023-21393 (In Settings, there is a possible way for the user to change SIM due to ...)
NOT-FOR-US: Android
@@ -69926,8 +70210,8 @@ CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/docs/security/bulletin/2023-08-01
NOTE: https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f
-CVE-2023-21263
- RESERVED
+CVE-2023-21263 (There is elevation of privilege.)
+ TODO: check
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...)
NOT-FOR-US: Android
CVE-2023-21261
@@ -69999,10 +70283,10 @@ CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is
NOT-FOR-US: Android
CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2023-21228
- RESERVED
-CVE-2023-21227
- RESERVED
+CVE-2023-21228 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21227 (There is information disclosure.)
+ TODO: check
CVE-2023-21226 (In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a poss ...)
NOT-FOR-US: Android
CVE-2023-21225 (there is a possible way to bypass the protected confirmation screen du ...)
@@ -70019,14 +70303,14 @@ CVE-2023-21220 (there is a possible use of unencrypted transport over cellular n
NOT-FOR-US: Android
CVE-2023-21219 (there is a possible use of unencrypted transport over cellular network ...)
NOT-FOR-US: Android
-CVE-2023-21218
- RESERVED
-CVE-2023-21217
- RESERVED
-CVE-2023-21216
- RESERVED
-CVE-2023-21215
- RESERVED
+CVE-2023-21218 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21217 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21216 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21215 (There is elevation of privilege.)
+ TODO: check
CVE-2023-21214 (In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible ou ...)
NOT-FOR-US: Android
CVE-2023-21213 (In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible ...)
@@ -70123,16 +70407,16 @@ CVE-2023-21168 (In convertCbYCrY of ColorConverter.cpp, there is a possible out
NOT-FOR-US: Android
CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2023-21166
- RESERVED
+CVE-2023-21166 (There is elevation of privilege.)
+ TODO: check
CVE-2023-21165
RESERVED
-CVE-2023-21164
- RESERVED
-CVE-2023-21163
- RESERVED
-CVE-2023-21162
- RESERVED
+CVE-2023-21164 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21163 (There is elevation of privilege.)
+ TODO: check
+CVE-2023-21162 (There is elevation of privilege.)
+ TODO: check
CVE-2023-21161 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
CVE-2023-21160 (In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be35d0f360dd8acbbb1a5649e5e847a70b069340
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be35d0f360dd8acbbb1a5649e5e847a70b069340
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231205/a125c48a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list