[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 16 09:12:11 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2823b55 by security tracker role at 2023-05-16T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-32956 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2023-32955 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2023-32309 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...)
+ TODO: check
+CVE-2023-32308 (anuko timetracker is an open source time tracking system. Boolean-base ...)
+ TODO: check
+CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-2710 (The video carousel slider with lightbox plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2023-2708 (The Video Gallery plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
CVE-2023-32787 (The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to blo ...)
TODO: check
CVE-2023-32314 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...)
@@ -74,7 +88,7 @@ CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleart
NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep thro ...)
NOT-FOR-US: git-url-parse
-CVE-2023-2700 [Memory leak in virPCIVirtualFunctionList cleanup]
+CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...)
[experimental] - libvirt 9.3.0-1
- libvirt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
@@ -1320,8 +1334,8 @@ CVE-2023-31147
RESERVED
CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
NOT-FOR-US: Vyper
-CVE-2023-31145
- RESERVED
+CVE-2023-31145 (Collabora Online is a collaborative online office suite based on Libre ...)
+ TODO: check
CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...)
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
@@ -1350,8 +1364,8 @@ CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a web
NOT-FOR-US: Ghost CMS
CVE-2023-31132
RESERVED
-CVE-2023-31131
- RESERVED
+CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...)
+ TODO: check
CVE-2023-31130
RESERVED
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
@@ -2342,8 +2356,8 @@ CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
-CVE-2023-2161
- RESERVED
+CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...)
+ TODO: check
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...)
NOT-FOR-US: modoboa
CVE-2023-2159
@@ -2484,8 +2498,7 @@ CVE-2023-2126
RESERVED
CVE-2023-2125
RESERVED
-CVE-2023-2124 [OOB access in the Linux kernel's XFS subsystem]
- RESERVED
+CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
@@ -4694,8 +4707,8 @@ CVE-2023-29963 (S-CMS v5.0 was discovered to contain an authenticated remote cod
NOT-FOR-US: S-CMS
CVE-2023-29962
RESERVED
-CVE-2023-29961
- RESERVED
+CVE-2023-29961 (D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack o ...)
+ TODO: check
CVE-2023-29960
RESERVED
CVE-2023-29959
@@ -7347,8 +7360,7 @@ CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file uploa
NOT-FOR-US: LTOS
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1729
- RESERVED
+CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...)
- libraw <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
NOTE: https://github.com/LibRaw/LibRaw/issues/557
@@ -40547,14 +40559,11 @@ CVE-2023-21120
RESERVED
CVE-2023-21119
RESERVED
-CVE-2023-21118
- RESERVED
+CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of bounds r ...)
NOT-FOR-US: Android
-CVE-2023-21117
- RESERVED
+CVE-2023-21117 (In registerReceiverWithFeature of ActivityManagerService.java, there i ...)
NOT-FOR-US: Android
-CVE-2023-21116
- RESERVED
+CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, there is a ...)
NOT-FOR-US: Android
CVE-2023-21115
RESERVED
@@ -40562,39 +40571,30 @@ CVE-2023-21114
RESERVED
CVE-2023-21113
RESERVED
-CVE-2023-21112
- RESERVED
+CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bound ...)
NOT-FOR-US: Android
-CVE-2023-21111
- RESERVED
+CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2023-21110
- RESERVED
+CVE-2023-21110 (In several functions of SnoozeHelper.java, there is a possible way to ...)
NOT-FOR-US: Android
-CVE-2023-21109
- RESERVED
+CVE-2023-21109 (In multiple places of AccessibilityService, there is a possible way to ...)
NOT-FOR-US: Android
CVE-2023-21108
RESERVED
-CVE-2023-21107
- RESERVED
+CVE-2023-21107 (In retrieveAppEntry of NotificationAccessDetails.java, there is a miss ...)
NOT-FOR-US: Android
-CVE-2023-21106
- RESERVED
+CVE-2023-21106 (In adreno_set_param of adreno_gpu.c, there is a possible memory corrup ...)
- linux 6.1.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5)
CVE-2023-21105
RESERVED
-CVE-2023-21104
- RESERVED
+CVE-2023-21104 (In applySyncTransaction of WindowOrganizer.java, a missing permission ...)
NOT-FOR-US: Android
-CVE-2023-21103
- RESERVED
+CVE-2023-21103 (In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught except ...)
NOT-FOR-US: Android
-CVE-2023-21102
- RESERVED
+CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypas ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://source.android.com/docs/security/bulletin/2023-05-01
@@ -40947,8 +40947,7 @@ CVE-2023-20932 (In onCreatePreferences of EditInfoFragment.java, there is a poss
NOT-FOR-US: Android
CVE-2023-20931 (In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2023-20930
- RESERVED
+CVE-2023-20930 (In pushDynamicShortcut of ShortcutPackage.java, there is a possible wa ...)
NOT-FOR-US: Android
CVE-2023-20929 (In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a ...)
NOT-FOR-US: Android
@@ -40986,8 +40985,7 @@ CVE-2023-20916 (In getMainActivityLaunchIntent of LauncherAppsService.java, ther
NOT-FOR-US: Android
CVE-2023-20915 (In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a ...)
NOT-FOR-US: Android
-CVE-2023-20914
- RESERVED
+CVE-2023-20914 (In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPer ...)
NOT-FOR-US: Android
CVE-2023-20913 (In onCreate of PhoneAccountSettingsActivity.java and related files, th ...)
NOT-FOR-US: Android
@@ -43167,26 +43165,26 @@ CVE-2023-20728
RESERVED
CVE-2023-20727
RESERVED
-CVE-2023-20726
- RESERVED
+CVE-2023-20726 (In mnld, there is a possible leak of GPS location due to a missing per ...)
+ TODO: check
CVE-2023-20725
RESERVED
CVE-2023-20724
RESERVED
CVE-2023-20723
RESERVED
-CVE-2023-20722
- RESERVED
-CVE-2023-20721
- RESERVED
-CVE-2023-20720
- RESERVED
-CVE-2023-20719
- RESERVED
-CVE-2023-20718
- RESERVED
-CVE-2023-20717
- RESERVED
+CVE-2023-20722 (In m4u, there is a possible out of bounds write due to improper input ...)
+ TODO: check
+CVE-2023-20721 (In isp, there is a possible out of bounds write due to improper input ...)
+ TODO: check
+CVE-2023-20720 (In pqframework, there is a possible out of bounds read due to a missin ...)
+ TODO: check
+CVE-2023-20719 (In pqframework, there is a possible out of bounds read due to a missin ...)
+ TODO: check
+CVE-2023-20718 (In vcu, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20717 (In vcu, there is a possible leak of dma buffer due to a race condition ...)
+ TODO: check
CVE-2023-20716
RESERVED
CVE-2023-20715
@@ -43197,42 +43195,42 @@ CVE-2023-20713
RESERVED
CVE-2023-20712
RESERVED
-CVE-2023-20711
- RESERVED
-CVE-2023-20710
- RESERVED
-CVE-2023-20709
- RESERVED
-CVE-2023-20708
- RESERVED
-CVE-2023-20707
- RESERVED
-CVE-2023-20706
- RESERVED
-CVE-2023-20705
- RESERVED
-CVE-2023-20704
- RESERVED
-CVE-2023-20703
- RESERVED
+CVE-2023-20711 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20710 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20709 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20708 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20707 (In ril, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20706 (In apu, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-20705 (In apu, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-20704 (In apu, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-20703 (In apu, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
CVE-2023-20702
RESERVED
-CVE-2023-20701
- RESERVED
-CVE-2023-20700
- RESERVED
-CVE-2023-20699
- RESERVED
-CVE-2023-20698
- RESERVED
-CVE-2023-20697
- RESERVED
-CVE-2023-20696
- RESERVED
-CVE-2023-20695
- RESERVED
-CVE-2023-20694
- RESERVED
+CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a logic er ...)
+ TODO: check
+CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a logic er ...)
+ TODO: check
+CVE-2023-20699 (In adsp, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
+CVE-2023-20698 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20697 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20696 (In preloader, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2023-20695 (In preloader, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2023-20694 (In preloader, there is a possible out of bounds write due to a missing ...)
+ TODO: check
CVE-2023-20693
RESERVED
CVE-2023-20692
@@ -43273,8 +43271,8 @@ CVE-2023-20675 (In wlan, there is a possible out of bounds read due to a missing
NOT-FOR-US: MediaTek
CVE-2023-20674 (In wlan, there is a possible out of bounds read due to a missing bound ...)
NOT-FOR-US: MediaTek
-CVE-2023-20673
- RESERVED
+CVE-2023-20673 (In vcu, there is a possible memory corruption due to type confusion. T ...)
+ TODO: check
CVE-2023-20672
RESERVED
CVE-2023-20671
@@ -122366,7 +122364,7 @@ CVE-2022-20340 (In SELinux policy, there is a possible way of inferring which we
NOT-FOR-US: Android
CVE-2022-20339 (In Android, there is a possible access of network neighbor table infor ...)
NOT-FOR-US: Android
-CVE-2022-20338 (In Core Utilities, there is a possible way to craft a malformed Uri ob ...)
+CVE-2022-20338 (In HierarchicalUri.readFrom of Uri.java, there is a possible way to cr ...)
NOT-FOR-US: Android
CVE-2022-20337
RESERVED
@@ -189452,8 +189450,8 @@ CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver,
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a mis ...)
NOT-FOR-US: Imagination Technologies components for Android
-CVE-2021-0877
- RESERVED
+CVE-2021-0877 (Product: AndroidVersions: Android SoCAndroid ID: A-273754094)
+ TODO: check
CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driv ...)
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing ...)
@@ -223453,7 +223451,7 @@ CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via t
CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
NOT-FOR-US: Convos
CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
- {DLA-2280-1}
+ {DLA-3424-1 DLA-2280-1}
- python3.8 3.8.4~rc1-1
- python3.7 <removed>
[buster] - python3.7 3.7.3-2+deb10u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2823b55511f89dfdd041505cfbbdc1127764f09
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2823b55511f89dfdd041505cfbbdc1127764f09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230516/bf79921c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list