[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2023-465{69,70}/radare2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 28 15:11:07 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4df4fd3 by Salvatore Bonaccorso at 2023-10-28T16:10:26+02:00
Add CVE-2023-465{69,70}/radare2
- - - - -
1c973326 by Salvatore Bonaccorso at 2023-10-28T16:10:28+02:00
Process some NFUs
- - - - -
d1ac19e7 by Salvatore Bonaccorso at 2023-10-28T16:10:31+02:00
Add CVE-2023-46604/activemq
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,9 +7,13 @@ CVE-2023-5830 (A vulnerability classified as critical has been found in Columbia
CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a loca ...)
NOT-FOR-US: XnView
CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/22333
+ NOTE: Fixed by: https://github.com/radareorg/radare2/commit/3e406459f163eba7672b3421c8a84b2c0e4ac0f8
CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/22334
+ NOTE: Fixed by: https://github.com/radareorg/radare2/commit/2e2f2a9b1800d09be09461e7536ac03a301f97f2
CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 ...)
NOT-FOR-US: ZIONCOM (Hong Kong) Technology Limited A7000R
CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...)
@@ -33,11 +37,11 @@ CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in St
CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...)
- TODO: check
+ NOT-FOR-US: Leave Management System Project
CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...)
- TODO: check
+ NOT-FOR-US: ZPE Systems
CVE-2023-40140 (In android_view_InputDevice_create of android_view_InputDevice.cpp, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view another user ...)
TODO: check
CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view another user ...)
@@ -57,27 +61,27 @@ CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after f
CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a possible ...)
TODO: check
CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40127 (In multiple locations, there is a possible way to access screenshots d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a Guest use ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible bypass o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a possible S ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40120 (In multiple locations, there is a possible way to bypass user notifica ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a possible l ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35794 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...)
- TODO: check
+ NOT-FOR-US: Cassia Access Controller
CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alka ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5829 (A vulnerability was found in code-projects Admission Management System ...)
NOT-FOR-US: code-projects Admission Management System
CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial Develo ...)
@@ -115,7 +119,9 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when proces
[bullseye] - memcached <no-dsa> (Minor issue)
NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22)
CVE-2023-46604 (Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerabili ...)
- TODO: check
+ - activemq <unfixed>
+ NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
+ NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5
CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out of bound ...)
- ffmpeg <unfixed>
NOTE: Introduced by: https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3
@@ -137,9 +143,9 @@ CVE-2023-46246 (Vim is an improved version of the good old UNIX editor Vi. Heap-
NOTE: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a (v9.0.2068)
NOTE: Crash in CLI tool, no security impact
CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: Online Art Gallery
CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: Online Art Gallery
CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...)
NOT-FOR-US: SourceCodester Task Reminder System
CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...)
@@ -30400,7 +30406,7 @@ CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an executab
CVE-2023-29010 (Budibase is a low code platform for creating internal tools, workflows ...)
NOT-FOR-US: budibase
CVE-2023-29009 (baserCMS is a website development framework with WebAPI that runs on P ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...)
NOT-FOR-US: SvelteKit
CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
@@ -34523,7 +34529,7 @@ CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose s
CVE-2023-27859
RESERVED
CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...)
NOT-FOR-US: Rockwell
CVE-2023-27856 (In affected versions, path traversal exists when processing a message ...)
@@ -34531,7 +34537,7 @@ CVE-2023-27856 (In affected versions, path traversal exists when processing a me
CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...)
NOT-FOR-US: Rockwell
CVE-2023-27854 (An arbitrary code execution vulnerability was reported to Rockwell Aut ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...)
NOT-FOR-US: OpenHarmony
CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...)
@@ -68928,11 +68934,11 @@ CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby
CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo Vantage Hardw ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo Vantage ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in the ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...)
NOT-FOR-US: Lenovo
CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...)
@@ -69005,7 +69011,7 @@ CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorizati
CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An a ...)
NOT-FOR-US: ABB SDM600
CVE-2022-3681 (A vulnerability has been identified in the MR2600 router v1.0.18 and e ...)
- TODO: check
+ NOT-FOR-US: MR2600 router
CVE-2022-43746
RESERVED
CVE-2022-43745
@@ -69990,7 +69996,7 @@ CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-3612
RESERVED
CVE-2022-3611 (An information disclosure vulnerability has been identified in the Len ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...)
@@ -72757,7 +72763,7 @@ CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.c
CVE-2022-38091
RESERVED
CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware used in Le ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3428
RESERVED
CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...)
@@ -93459,9 +93465,9 @@ CVE-2022-34889 (This vulnerability allows local attackers to escalate privileges
CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid, authentic ...)
NOT-FOR-US: Lenovo
CVE-2022-34887 (Standard users can directly operate and set printer configuration info ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-34886 (A remote code execution vulnerability was found in the firmware used i ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola MR2600 ro ...)
NOT-FOR-US: Motorola
CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem which can po ...)
@@ -93615,11 +93621,11 @@ CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error a
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6)
CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. Attackers can ga ...)
- TODO: check
+ NOT-FOR-US: VERMEG AgileReporter
CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin can ent ...)
- TODO: check
+ NOT-FOR-US: VERMEG AgileReporter
CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur vi ...)
- TODO: check
+ NOT-FOR-US: VERMEG AgileReporter
CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...)
NOT-FOR-US: Keyfactor
CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23dd068e50af44a19d3ffc6ae5471bdbe3754904...d1ac19e7c0811d880da7e38cd9a086983b4da2d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23dd068e50af44a19d3ffc6ae5471bdbe3754904...d1ac19e7c0811d880da7e38cd9a086983b4da2d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231028/760e6b3c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list