[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 15 21:12:41 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f95f3212 by security tracker role at 2023-06-15T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...)
+ TODO: check
+CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2023-34880 (cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal v ...)
+ TODO: check
+CVE-2023-34852 (PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.)
+ TODO: check
+CVE-2023-34833 (An arbitrary file upload vulnerability in the component /api/upload.ph ...)
+ TODO: check
+CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Mana ...)
+ TODO: check
+CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.)
+ TODO: check
+CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of ...)
+ TODO: check
+CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...)
+ TODO: check
+CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...)
+ TODO: check
+CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...)
+ TODO: check
+CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...)
+ TODO: check
+CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...)
+ TODO: check
+CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...)
+ TODO: check
+CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...)
+ TODO: check
+CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allo ...)
+ TODO: check
CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
- rust-sequoia-openpgp 1.16.0-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html
@@ -338,7 +374,7 @@ CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authenti
NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware
CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...)
NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware
-CVE-2023-33568 (An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attacke ...)
+CVE-2023-33568 (An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers ...)
- dolibarr <removed>
CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...)
NOT-FOR-US: FortiGuard
@@ -1757,7 +1793,7 @@ CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...)
NOT-FOR-US: Wordapp plugin for WordPress
CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
- {DLA-3443-1}
+ {DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -1997,15 +2033,19 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.
CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
NOT-FOR-US: OpenEMR
CVE-2023-3217 (Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allow ...)
+ {DSA-5428-1}
- chromium 114.0.5735.133-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3216 (Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed ...)
+ {DSA-5428-1}
- chromium 114.0.5735.133-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3215 (Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allo ...)
+ {DSA-5428-1}
- chromium 114.0.5735.133-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3214 (Use after free in Autofill payments in Google Chrome prior to 114.0.57 ...)
+ {DSA-5428-1}
- chromium 114.0.5735.133-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed ...)
@@ -2157,6 +2197,7 @@ CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the s
CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...)
NOT-FOR-US: Craft CMS
CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...)
+ {DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <not-affected> (vulnerable code introduced later)
@@ -2165,27 +2206,28 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084
NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0)
CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...)
- {DLA-3443-1}
+ {DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
- {DLA-3443-1}
+ {DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...)
- {DLA-3443-1}
+ {DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068
CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...)
+ {DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <not-affected> (Vulnerable code introduced later)
@@ -2194,6 +2236,7 @@ CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19063
NOTE: Introduced after: https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862 (v3.5.0)
CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...)
+ {DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -2520,6 +2563,7 @@ CVE-2023-32409
NOTE: https://github.com/WebKit/WebKit/pull/12660
NOTE: https://github.com/WebKit/WebKit/commit/54408f5746f2401721bd56d71de132a22b6f9856
CVE-2023-32373
+ {DSA-5427-1}
- webkit2gtk 2.40.2-1
- wpewebkit <unfixed>
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -6703,21 +6747,21 @@ CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations
CVE-2023-1995
RESERVED
CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...)
- {DLA-3402-1}
+ {DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...)
- {DLA-3402-1}
+ {DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...)
- {DLA-3402-1}
+ {DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -9730,10 +9774,10 @@ CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 an
[bullseye] - opensmtpd <no-dsa> (Minor issue)
[buster] - opensmtpd <no-dsa> (Minor issue)
NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
-CVE-2023-29322
- RESERVED
-CVE-2023-29321
- RESERVED
+CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...)
+ TODO: check
CVE-2023-29320
RESERVED
CVE-2023-29319
@@ -9760,18 +9804,18 @@ CVE-2023-29309
RESERVED
CVE-2023-29308
RESERVED
-CVE-2023-29307
- RESERVED
+CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
+ TODO: check
CVE-2023-29306
RESERVED
CVE-2023-29305
RESERVED
-CVE-2023-29304
- RESERVED
+CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
+ TODO: check
CVE-2023-29303
RESERVED
-CVE-2023-29302
- RESERVED
+CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
+ TODO: check
CVE-2023-29301
RESERVED
CVE-2023-29300
@@ -9780,28 +9824,28 @@ CVE-2023-29299
RESERVED
CVE-2023-29298
RESERVED
-CVE-2023-29297
- RESERVED
-CVE-2023-29296
- RESERVED
-CVE-2023-29295
- RESERVED
-CVE-2023-29294
- RESERVED
-CVE-2023-29293
- RESERVED
-CVE-2023-29292
- RESERVED
-CVE-2023-29291
- RESERVED
-CVE-2023-29290
- RESERVED
-CVE-2023-29289
- RESERVED
-CVE-2023-29288
- RESERVED
-CVE-2023-29287
- RESERVED
+CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29295 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29294 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29293 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29292 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29291 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29290 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29289 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29288 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
+CVE-2023-29287 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
CVE-2023-29286 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
NOT-FOR-US: Adobe
CVE-2023-29285 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
@@ -11486,8 +11530,8 @@ CVE-2023-28811
RESERVED
CVE-2023-28810
RESERVED
-CVE-2023-28809
- RESERVED
+CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...)
+ TODO: check
CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...)
NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products
CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...)
@@ -13655,6 +13699,7 @@ CVE-2023-28205 (A use after free issue was addressed with improved memory manage
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-28204
RESERVED
+ {DSA-5427-1}
- webkit2gtk 2.40.2-1
- wpewebkit <unfixed>
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -13724,8 +13769,8 @@ CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28176
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28176
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28176
-CVE-2023-28175
- RESERVED
+CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...)
+ TODO: check
CVE-2023-28174
RESERVED
CVE-2023-28173
@@ -15504,8 +15549,8 @@ CVE-2023-1179 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...)
NOT-FOR-US: Email Registration
-CVE-2023-27634
- RESERVED
+CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...)
+ TODO: check
CVE-2023-27633
RESERVED
CVE-2023-27632
@@ -15811,7 +15856,7 @@ CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and
CVE-2023-1162 (A vulnerability, which was classified as critical, was found in DrayTe ...)
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...)
- {DLA-3402-1}
+ {DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1033756)
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -20004,8 +20049,8 @@ CVE-2023-25974
RESERVED
CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25972
- RESERVED
+CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...)
+ TODO: check
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25970
@@ -21846,10 +21891,10 @@ CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25450
- RESERVED
-CVE-2023-25449
- RESERVED
+CVE-2023-25450 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u201 ...)
+ TODO: check
+CVE-2023-25449 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bast ...)
+ TODO: check
CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...)
@@ -22498,6 +22543,7 @@ CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an
CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...)
NOT-FOR-US: Fortra GoAnywhere MFT
CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...)
+ {DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -22508,6 +22554,7 @@ CVE-2023-0668 (Due to failure in validating the length provided by an attacker-c
CVE-2023-0667 (Due to failure in validating the length provided by an attacker-crafte ...)
TODO: check
CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...)
+ {DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -22802,8 +22849,8 @@ CVE-2023-25057
RESERVED
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25055
- RESERVED
+CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
+ TODO: check
CVE-2023-25054
RESERVED
CVE-2023-25053
@@ -24862,8 +24909,8 @@ CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jen
NOT-FOR-US: Jenkins plugin
CVE-2023-24421
RESERVED
-CVE-2023-24420
- RESERVED
+CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...)
+ TODO: check
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
@@ -26428,8 +26475,8 @@ CVE-2023-23804
RESERVED
CVE-2023-23803
RESERVED
-CVE-2023-23802
- RESERVED
+CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...)
+ TODO: check
CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23800
@@ -33547,8 +33594,8 @@ CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and
NOT-FOR-US: Adobe
CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
NOT-FOR-US: Adobe
-CVE-2023-22248
- RESERVED
+CVE-2023-22248 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
+ TODO: check
CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
NOT-FOR-US: Adobe
CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
@@ -38404,8 +38451,8 @@ CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are a
NOT-FOR-US: FrameMaker
CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
NOT-FOR-US: FrameMaker
-CVE-2023-21618
- RESERVED
+CVE-2023-21618 (Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected b ...)
+ TODO: check
CVE-2023-21617
RESERVED
CVE-2023-21616 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
@@ -43974,34 +44021,25 @@ CVE-2023-21146
RESERVED
CVE-2023-21145
RESERVED
-CVE-2023-21144
- RESERVED
+CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2023-21143
- RESERVED
+CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...)
NOT-FOR-US: Android
-CVE-2023-21142
- RESERVED
+CVE-2023-21142 (In multiple files, there is a possible way to access traces in the dev ...)
NOT-FOR-US: Android
-CVE-2023-21141
- RESERVED
+CVE-2023-21141 (In several functions of several files, there is a possible way to acce ...)
NOT-FOR-US: Android
CVE-2023-21140
RESERVED
-CVE-2023-21139
- RESERVED
+CVE-2023-21139 (In bindPlayer of MediaControlPanel.java, there is a possible launch ar ...)
NOT-FOR-US: Android
-CVE-2023-21138
- RESERVED
+CVE-2023-21138 (In onNullBinding of CallRedirectionProcessor.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2023-21137
- RESERVED
+CVE-2023-21137 (In several methods of JobStore.java, uncaught exceptions in job map pa ...)
NOT-FOR-US: Android
-CVE-2023-21136
- RESERVED
+CVE-2023-21136 (In multiple functions of JobStore.java, there is a possible way to cau ...)
NOT-FOR-US: Android
-CVE-2023-21135
- RESERVED
+CVE-2023-21135 (In onCreate of NotificationAccessSettings.java, there is a possible fa ...)
NOT-FOR-US: Android
CVE-2023-21134
RESERVED
@@ -44009,40 +44047,30 @@ CVE-2023-21133
RESERVED
CVE-2023-21132
RESERVED
-CVE-2023-21131
- RESERVED
+CVE-2023-21131 (In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, t ...)
NOT-FOR-US: Android
-CVE-2023-21130
- RESERVED
+CVE-2023-21130 (In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21129
- RESERVED
+CVE-2023-21129 (In getFullScreenIntentDecision of NotificationInterruptStateProviderIm ...)
NOT-FOR-US: Android
-CVE-2023-21128
- RESERVED
+CVE-2023-21128 (In various functions of AppStandbyController.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2023-21127
- RESERVED
+CVE-2023-21127 (In readSampleData of NuMediaExtractor.cpp, there is a possible out of ...)
NOT-FOR-US: Android
-CVE-2023-21126
- RESERVED
+CVE-2023-21126 (In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, the ...)
NOT-FOR-US: Android
CVE-2023-21125
RESERVED
-CVE-2023-21124
- RESERVED
+CVE-2023-21124 (In run of multiple files, there is a possible escalation of privilege ...)
NOT-FOR-US: Android
-CVE-2023-21123
- RESERVED
+CVE-2023-21123 (In multiple functions of multiple files, there is a possible way to by ...)
NOT-FOR-US: Android
-CVE-2023-21122
- RESERVED
+CVE-2023-21122 (In various functions of various files, there is a possible way to bypa ...)
NOT-FOR-US: Android
-CVE-2023-21121
- RESERVED
+CVE-2023-21121 (In onResume of AppManagementFragment.java, there is a possible way to ...)
NOT-FOR-US: Android
-CVE-2023-21120
- RESERVED
+CVE-2023-21120 (In multiple functions of cdm_engine.cpp, there is a possible use-after ...)
+ TODO: check
CVE-2023-21119
RESERVED
CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of bounds r ...)
@@ -44051,8 +44079,7 @@ CVE-2023-21117 (In registerReceiverWithFeature of ActivityManagerService.java, t
NOT-FOR-US: Android
CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, there is a ...)
NOT-FOR-US: Android
-CVE-2023-21115
- RESERVED
+CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to do ...)
NOT-FOR-US: Android
CVE-2023-21114
RESERVED
@@ -44066,8 +44093,7 @@ CVE-2023-21110 (In several functions of SnoozeHelper.java, there is a possible w
NOT-FOR-US: Android
CVE-2023-21109 (In multiple places of AccessibilityService, there is a possible way to ...)
NOT-FOR-US: Android
-CVE-2023-21108
- RESERVED
+CVE-2023-21108 (In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2023-21107 (In retrieveAppEntry of NotificationAccessDetails.java, there is a miss ...)
NOT-FOR-US: Android
@@ -44076,8 +44102,7 @@ CVE-2023-21106 (In adreno_set_param of adreno_gpu.c, there is a possible memory
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5)
-CVE-2023-21105
- RESERVED
+CVE-2023-21105 (In multiple functions of ChooserActivity.java, there is a possible cro ...)
NOT-FOR-US: Android
CVE-2023-21104 (In applySyncTransaction of WindowOrganizer.java, a missing permission ...)
NOT-FOR-US: Android
@@ -44090,8 +44115,8 @@ CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible
NOTE: https://source.android.com/docs/security/bulletin/2023-05-01
NOTE: https://git.kernel.org/linus/ff7a167961d1b97e0e205f245f806e564d3505e7 (6.2-rc1)
NOTE: https://git.kernel.org/linus/18bba1843fc7f264f58c9345d00827d082f9c558 (6.2-rc4)
-CVE-2023-21101
- RESERVED
+CVE-2023-21101 (In multiple functions of WVDrmPlugin.cpp, there is a possible use afte ...)
+ TODO: check
CVE-2023-21100 (In inflate of inflate.c, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
CVE-2023-21099 (In multiple methods of PackageInstallerSession.java, there is a possib ...)
@@ -44102,8 +44127,7 @@ CVE-2023-21097 (In toUriInner of Intent.java, there is a possible way to launch
NOT-FOR-US: Android
CVE-2023-21096 (In OnWakelockReleased of attribution_processor.cc, there is a use afte ...)
NOT-FOR-US: Android
-CVE-2023-21095
- RESERVED
+CVE-2023-21095 (In canStartSystemGesture of RecentsAnimationDeviceState.java, there is ...)
NOT-FOR-US: Android
CVE-2023-21094 (In sanitize of LayerState.cpp, there is a possible way to take over th ...)
NOT-FOR-US: Android
@@ -192905,8 +192929,8 @@ CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt
NOT-FOR-US: Android
CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...)
NOT-FOR-US: Android
-CVE-2021-0945
- RESERVED
+CVE-2021-0945 (Product: AndroidVersions: Android SoCAndroid ID: A-278156680)
+ TODO: check
CVE-2021-0944
RESERVED
CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write due to ...)
@@ -193425,8 +193449,8 @@ CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after fre
NOT-FOR-US: Android
CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...)
NOT-FOR-US: Android
-CVE-2021-0701
- RESERVED
+CVE-2021-0701 (Product: AndroidVersions: Android SoCAndroid ID: A-277775870)
+ TODO: check
CVE-2021-0700
RESERVED
CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due to a m ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95f32127b4f4527bfec3a21ad4c836171d5aa0f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95f32127b4f4527bfec3a21ad4c836171d5aa0f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/d289c936/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list