[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 11 21:58:49 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25d42478 by Moritz Muehlenhoff at 2023-10-11T22:41:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,145 +5,145 @@ CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior
CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
TODO: check
CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...)
- TODO: check
+ NOT-FOR-US: Zebra Technologies ZTC
CVE-2023-4936 (It is possible to sideload a compromised DLL during the installation a ...)
- TODO: check
+ NOT-FOR-US: Synaptics
CVE-2023-45396 (An Insecure Direct Object Reference (IDOR) vulnerability leads to even ...)
- TODO: check
+ NOT-FOR-US: Insecure Direct Object Reference
CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04 and before ...)
- TODO: check
+ NOT-FOR-US: Koha
CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04 and bef ...)
- TODO: check
+ NOT-FOR-US: Koha
CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability in AS PAT ...)
TODO: check
CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel module.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44118 (Vulnerability of undefined permissions in the MeeTime module.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44116 (Vulnerability of access permissions not being strictly verified in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44114 (Out-of-bounds array vulnerability in the dataipa module.Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44111 (Vulnerability of brute-force attacks on the device authentication modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44110 (Out-of-bounds access vulnerability in the audio module.Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44109 (Clone vulnerability in the huks ta module.Successful exploitation of t ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44108 (Type confusion vulnerability in the distributed file module.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44107 (Vulnerability of defects introduced in the design process in the scree ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44106 (API permission management vulnerability in the Fwk-Display module.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44105 (Vulnerability of permissions not being strictly verified in the window ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44104 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44103 (Out-of-bounds read vulnerability in the Bluetooth module.Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44102 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44101 (The Bluetooth module has a vulnerability in permission control for bro ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44100 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44097 (Vulnerability of the permission to access device SNs being improperly ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44096 (Vulnerability of brute-force attacks on the device authentication modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44095 (Use-After-Free (UAF) vulnerability in the surfaceflinger module.Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44094 (Type confusion vulnerability in the distributed file module.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44093 (Vulnerability of package names' public keys not being verified in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-43960 (An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: DLINK
CVE-2023-43661 (Cachet, the open-source status page system. Prior to the 2.4 branch, a ...)
- TODO: check
+ NOT-FOR-US: Cachet
CVE-2023-42138 (Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and ea ...)
- TODO: check
+ NOT-FOR-US: KV STUDIO
CVE-2023-41882 (vantage6 is privacy preserving federated learning infrastructure. The ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-41881 (vantage6 is privacy preserving federated learning infrastructure. When ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-41304 (Parameter verification vulnerability in the window module.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-40142 (In TBD of TBD, there is a possible way to bypass carrier restrictions ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40141 (In temp_residency_name_store of thermal_metrics.c, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-38817 (An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attac ...)
- TODO: check
+ NOT-FOR-US: Inspect Element Ltd Echo.a
CVE-2023-38217 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-38216 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-37538 (HCL Digital Experience is susceptible to cross site scripting (XSS). O ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-35968 (Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_ ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35967 (Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_ ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35966 (Two heap-based buffer overflow vulnerabilities exist in the httpd mana ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35965 (Two heap-based buffer overflow vulnerabilities exist in the httpd mana ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35662 (there is a possible out of bounds write due to buffer overflow. This c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35661 (In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35660 (In lwis_transaction_client_cleanup of lwis_transaction.c, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35655 (In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35654 (In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35653 (In TBD of TBD, there is a possible way to access location information ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35652 (In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35649 (In several functions of Exynos modem files, there is a possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35648 (In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35647 (In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35646 (In TBD of TBD, there is a possible stack buffer overflow due to a miss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35645 (In tbd of tbd, there is a possible memory corruption due to a race con ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35194 (An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-35193 (An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-35056 (A buffer overflow vulnerability exists in the httpd next_page function ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35055 (A buffer overflow vulnerability exists in the httpd next_page function ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-34426 (A stack-based buffer overflow vulnerability exists in the httpd manage ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-34365 (A stack-based buffer overflow vulnerability exists in the libutils.so ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-34356 (An OS command injection vulnerability exists in the data.cgi xfer_dns ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-34354 (A stored cross-site scripting (XSS) vulnerability exists in the upload ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-34346 (A stack-based buffer overflow vulnerability exists in the httpd gwcfg. ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-32645 (A leftover debug code vulnerability exists in the httpd debug credenti ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-32632 (A command execution vulnerability exists in the validate.so diag_ping_ ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-31272 (A stack-based buffer overflow vulnerability exists in the httpd do_wds ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-28381 (An OS command injection vulnerability exists in the admin.cgi MVPN_tri ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-27380 (An OS command injection vulnerability exists in the admin.cgi USSD_sen ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd nvram.cgi f ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
- zookeeper <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d42478724fd46ed7d3e9d960bcebc50803d735
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d42478724fd46ed7d3e9d960bcebc50803d735
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231011/426c1066/attachment.htm>
More information about the debian-security-tracker-commits
mailing list