[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 13 09:12:23 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ccec2a3c by security tracker role at 2023-07-13T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2023-3424 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2023-3363 (An information disclosure issue in Gitlab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2023-3362 (An information disclosure issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2023-3343 (The User Registration plugin for WordPress is vulnerable to PHP Object ...)
+ TODO: check
+CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...)
+ TODO: check
+CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via ...)
+ TODO: check
+CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...)
+ TODO: check
+CVE-2023-37568 (ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC- ...)
+ TODO: check
+CVE-2023-37567 (ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a ...)
+ TODO: check
+CVE-2023-37566 (ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC ...)
+ TODO: check
+CVE-2023-37565 (Code injection vulnerability in ELECOM wireless LAN routers allows a n ...)
+ TODO: check
+CVE-2023-37564 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
+ TODO: check
+CVE-2023-37563 (Exposure of sensitive information to an unauthorized actor issue exist ...)
+ TODO: check
+CVE-2023-37562 (Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167 ...)
+ TODO: check
+CVE-2023-37561 (Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM ...)
+ TODO: check
+CVE-2023-37560 (Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, a ...)
+ TODO: check
+CVE-2023-37415 (Improper Input Validation vulnerability in Apache Software Foundation ...)
+ TODO: check
+CVE-2023-35694 (In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a pos ...)
+ TODO: check
+CVE-2023-35693 (In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corrupt ...)
+ TODO: check
+CVE-2023-35691 (there is a possible out of bounds read due to a missing bounds check. ...)
+ TODO: check
+CVE-2023-35069 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2023-34137 (SonicWall GMS and Analytics CAS Web Services application use static va ...)
+ TODO: check
+CVE-2023-34136 (Vulnerability in SonicWall GMS and Analytics allows unauthenticated at ...)
+ TODO: check
+CVE-2023-34135 (Path Traversal vulnerability in SonicWall GMS and Analytics allows a r ...)
+ TODO: check
+CVE-2023-34134 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ TODO: check
+CVE-2023-34133 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34132 (Use of password hash instead of password for authentication vulnerabil ...)
+ TODO: check
+CVE-2023-34131 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ TODO: check
+CVE-2023-34130 (SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TE ...)
+ TODO: check
+CVE-2023-34129 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2023-34128 (Tomcat application credentials are hardcoded in SonicWall GMS and Anal ...)
+ TODO: check
+CVE-2023-34127 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2023-34126 (Vulnerability in SonicWall GMS and Analytics allows an authenticated a ...)
+ TODO: check
+CVE-2023-34125 (Path Traversal vulnerability in GMS and Analytics allows an authentica ...)
+ TODO: check
+CVE-2023-34124 (The authentication mechanism in SonicWall GMS and Analytics Web Servic ...)
+ TODO: check
+CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, So ...)
+ TODO: check
+CVE-2023-33274 (The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains ...)
+ TODO: check
+CVE-2023-2957 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-2620 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2023-2576 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider Managemen ...)
NOT-FOR-US: SourceCodester Service Provider Management System
CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been c ...)
@@ -8674,8 +8760,8 @@ CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosa
NOT-FOR-US: RosarioSIS
CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injection vi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2200
- RESERVED
+CVE-2023-2200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -8729,8 +8815,8 @@ CVE-2023-2192
RESERVED
CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...)
NOT-FOR-US: azuracast
-CVE-2023-2190
- RESERVED
+CVE-2023-2190 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2188
@@ -15481,8 +15567,8 @@ CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user
NOT-FOR-US: WordPress plugin
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
NOT-FOR-US: Schneider
-CVE-2023-1547
- RESERVED
+CVE-2023-1547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escape som ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
@@ -21760,10 +21846,10 @@ CVE-2023-26566
RESERVED
CVE-2023-26565
RESERVED
-CVE-2023-26564
- RESERVED
-CVE-2023-26563
- RESERVED
+CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Mode ...)
+ TODO: check
+CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...)
+ TODO: check
CVE-2023-26562
RESERVED
CVE-2023-26561
@@ -47189,10 +47275,10 @@ CVE-2023-21402
RESERVED
CVE-2023-21401
RESERVED
-CVE-2023-21400
- RESERVED
-CVE-2023-21399
- RESERVED
+CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...)
+ TODO: check
+CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...)
+ TODO: check
CVE-2023-21398
RESERVED
CVE-2023-21397
@@ -47465,59 +47551,58 @@ CVE-2023-21264
RESERVED
CVE-2023-21263
RESERVED
-CVE-2023-21262
- RESERVED
-CVE-2023-21261
- RESERVED
-CVE-2023-21260
- RESERVED
+CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...)
+ TODO: check
+CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out of bound ...)
+ TODO: check
+CVE-2023-21260 (In notification access permission dialog box, malicious application ca ...)
+ TODO: check
CVE-2023-21259
RESERVED
CVE-2023-21258
RESERVED
-CVE-2023-21257
- RESERVED
-CVE-2023-21256
- RESERVED
-CVE-2023-21255 [binder: fix UAF caused by faulty buffer cleanup]
- RESERVED
+CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, there is a p ...)
+ TODO: check
+CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to launch ar ...)
+ TODO: check
+CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory corrupti ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
-CVE-2023-21254
- RESERVED
+CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...)
+ TODO: check
CVE-2023-21253
RESERVED
CVE-2023-21252
RESERVED
-CVE-2023-21251
- RESERVED
-CVE-2023-21250
- RESERVED
-CVE-2023-21249
- RESERVED
-CVE-2023-21248
- RESERVED
-CVE-2023-21247
- RESERVED
-CVE-2023-21246
- RESERVED
-CVE-2023-21245
- RESERVED
+CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...)
+ TODO: check
+CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...)
+ TODO: check
+CVE-2023-21249 (In multiple functions of OneTimePermissionUserManager.java, there is a ...)
+ TODO: check
+CVE-2023-21248 (In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController ...)
+ TODO: check
+CVE-2023-21247 (In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceContr ...)
+ TODO: check
+CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way for an a ...)
+ TODO: check
+CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...)
+ TODO: check
CVE-2023-21244
RESERVED
-CVE-2023-21243
- RESERVED
+CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...)
+ TODO: check
CVE-2023-21242
RESERVED
-CVE-2023-21241
- RESERVED
-CVE-2023-21240
- RESERVED
-CVE-2023-21239
- RESERVED
-CVE-2023-21238
- RESERVED
+CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...)
+ TODO: check
+CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...)
+ TODO: check
+CVE-2023-21239 (In visitUris of Notification.java, there is a possible way to leak ima ...)
+ TODO: check
+CVE-2023-21238 (In visitUris of RemoteViews.java, there is a possible leak of images b ...)
+ TODO: check
CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...)
@@ -47702,8 +47787,8 @@ CVE-2023-21147 (In lwis_i2c_device_disable of lwis_device_i2c.c, there is a poss
NOT-FOR-US: Android
CVE-2023-21146 (there is a possible way to corrupt memory due to a use after free. Thi ...)
NOT-FOR-US: Android
-CVE-2023-21145
- RESERVED
+CVE-2023-21145 (In updatePictureInPictureMode of ActivityRecord.java, there is a possi ...)
+ TODO: check
CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...)
@@ -48116,8 +48201,7 @@ CVE-2023-20944 (In run of ChooseTypeAndAccountActivity.java, there is a possible
NOT-FOR-US: Android
CVE-2023-20943 (In clearApplicationUserData of ActivityManagerService.java, there is a ...)
NOT-FOR-US: Android
-CVE-2023-20942
- RESERVED
+CVE-2023-20942 (In openMmapStream of AudioFlinger.cpp, there is a possible way to reco ...)
NOT-FOR-US: Android
CVE-2023-20941 (In acc_ctrlrequest_composite of f_accessory.c, there is a possible out ...)
- linux <not-affected> (Android-specific kernel patch)
@@ -48175,8 +48259,7 @@ CVE-2023-20920 (In queue of UsbRequest.java, there is a possible way to corrupt
NOT-FOR-US: Android
CVE-2023-20919 (In getStringsForPrefix of Settings.java, there is a possible preventio ...)
NOT-FOR-US: Android
-CVE-2023-20918
- RESERVED
+CVE-2023-20918 (In getPendingIntentLaunchFlags of ActivityOptions.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2023-20917 (In onTargetSelected of ResolverActivity.java, there is a possible way ...)
NOT-FOR-US: Android
@@ -48192,7 +48275,7 @@ CVE-2023-20912 (In onActivityResult of AvatarPickerActivity.java, there is a pos
NOT-FOR-US: Android
CVE-2023-20911 (In addPermission of PermissionManagerServiceImpl.java , there is a pos ...)
NOT-FOR-US: Android
-CVE-2023-20910 (In addNetworkSuggestions of WifiManager.java, there is a possible way ...)
+CVE-2023-20910 (In add of WifiNetworkSuggestionsManager.java, there is a possible way ...)
NOT-FOR-US: Android
CVE-2023-20909 (In multiple functions of RunningTasks.java, there is a possible privil ...)
NOT-FOR-US: Android
@@ -196678,8 +196761,8 @@ CVE-2021-0950
RESERVED
CVE-2021-0949
RESERVED
-CVE-2021-0948
- RESERVED
+CVE-2021-0948 (The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver ca ...)
+ TODO: check
CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on th ...)
NOT-FOR-US: Android
CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...)
@@ -310267,7 +310350,7 @@ CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series
NOT-FOR-US: Canon
CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
NOT-FOR-US: Canon
-CVE-2019-5997 (Video Insight VMS 7.5 and earlier allows remote attackers to conduct c ...)
+CVE-2019-5997 (Video Insight VMS versions prior to 7.6.1 allow remote attackers to co ...)
NOT-FOR-US: Video Insight VMS
CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earli ...)
NOT-FOR-US: Video Insight VMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccec2a3c867b87227850127a62ac56c9d1b27359
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccec2a3c867b87227850127a62ac56c9d1b27359
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230713/e421fc32/attachment.htm>
More information about the debian-security-tracker-commits
mailing list