[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 30 20:13:03 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f23fa19 by security tracker role at 2023-10-30T20:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...)
+	TODO: check
+CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote  ...)
+	TODO: check
+CVE-2023-5833 (Improper Access Control in GitHub repository mintplex-labs/anything-ll ...)
+	TODO: check
+CVE-2023-5832 (Improper Input Validation in GitHub repository mintplex-labs/anything- ...)
+	TODO: check
+CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to PHP Obje ...)
+	TODO: check
+CVE-2023-5566 (The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2023-5565 (The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2023-5362 (The Carousel, Recent Post Slider and Banner Slider plugin for WordPres ...)
+	TODO: check
+CVE-2023-5335 (The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2023-5315 (The Google Maps made Simple plugin for WordPress is vulnerable to SQL  ...)
+	TODO: check
+CVE-2023-5252 (The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2023-5251 (The Grid Plus plugin for WordPress is vulnerable to unauthorized modif ...)
+	TODO: check
+CVE-2023-5250 (The Grid Plus plugin for WordPress is vulnerable to Local File Inclusi ...)
+	TODO: check
+CVE-2023-5199 (The PHP to Page plugin for WordPress is vulnerable Local File Inclusio ...)
+	TODO: check
+CVE-2023-5164 (The Bellows Accordion Menu plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2023-4964 (Potential open redirect vulnerability in opentext Service Management A ...)
+	TODO: check
+CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell met ...)
+	TODO: check
+CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint SSL VPN Cl ...)
+	TODO: check
+CVE-2023-45780 (In Print Service, there is a possible background activity launch due t ...)
+	TODO: check
+CVE-2023-44323 (Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected ...)
+	TODO: check
+CVE-2023-44078
+	REJECTED
+CVE-2023-43792 (baserCMS is a website development framework. In versions 4.6.0 through ...)
+	TODO: check
+CVE-2023-43649 (baserCMS is a website development framework. Prior to version 4.8.0, t ...)
+	TODO: check
+CVE-2023-43648 (baserCMS is a website development framework. Prior to version 4.8.0, t ...)
+	TODO: check
+CVE-2023-43647 (baserCMS is a website development framework. Prior to version 4.8.0, t ...)
+	TODO: check
+CVE-2023-42804 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...)
+	TODO: check
+CVE-2023-42803 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...)
+	TODO: check
+CVE-2023-42431 (Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension ...)
+	TODO: check
+CVE-2023-41891 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...)
+	TODO: check
+CVE-2023-41605
+	REJECTED
+CVE-2023-40943
+	REJECTED
+CVE-2023-40101 (In collapse of canonicalize_md.c, there is a possible out of bounds re ...)
+	TODO: check
+CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
+	TODO: check
+CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell meta ...)
+	TODO: check
 CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...)
 	- dolibarr <removed>
 	NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3
@@ -75,7 +147,7 @@ CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption]
 	[bookworm] - nats-server <not-affected> (Vulnerable code not present)
 	NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt
 	NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
-CVE-2023-47090 [Adding accounts for just the system account adds auth bypass]
+CVE-2023-47090 (NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authent ...)
 	- nats-server 2.10.3-1
 	NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23
@@ -392,7 +464,7 @@ CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vuln
 CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...)
 	NOT-FOR-US: ZITADEL
 CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's  ...)
-	{DLA-3635-1}
+	{DSA-5539-1 DLA-3635-1}
 	- node-browserify-sign 4.2.2-1 (bug #1054667)
 	NOTE: https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw
 	NOTE: https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 (v4.2.2)
@@ -3613,6 +3685,7 @@ CVE-2023-36548 (A improper neutralization of special elements used in an os comm
 CVE-2023-36547 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-36478 (Eclipse Jetty provides a web server and servlet container. In versions ...)
+	{DSA-5540-1 DLA-3641-1}
 	- jetty9 9.4.53-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
 	NOTE: https://github.com/eclipse/jetty.project/pull/9634
@@ -3697,7 +3770,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst
 	NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
 	NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
-	{DSA-5522-1 DSA-5521-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
+	{DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
 	- tomcat9 9.0.70-2
 	- tomcat10 10.1.14-1
 	- trafficserver <unfixed> (bug #1053801; bug #1054427)
@@ -51405,9 +51478,9 @@ CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate an
 CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-48190
-	RESERVED
-CVE-2022-48189
-	RESERVED
+	REJECTED
+CVE-2022-48189 (An SMM driver input validation vulnerability in the BIOS of some Think ...)
+	TODO: check
 CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS driver of so ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-48187
@@ -54967,12 +55040,12 @@ CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not vali
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4575
-	RESERVED
-CVE-2022-4574
-	RESERVED
-CVE-2022-4573
-	RESERVED
+CVE-2022-4575 (A vulnerability due to improper write protection of UEFI variables was ...)
+	TODO: check
+CVE-2022-4574 (An SMI handler input validation vulnerability in the BIOS of some Thin ...)
+	TODO: check
+CVE-2022-4573 (An SMI handler input validation vulnerability in the ThinkPad X1 Fold  ...)
+	TODO: check
 CVE-2022-4572 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: UBI reader
 CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...)
@@ -63784,218 +63857,218 @@ CVE-2023-21400 (In multiple functions  of io_uring.c, there is a possible kernel
 	NOTE: https://twitter.com/VAR10CK/status/1683303642173153280
 CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...)
 	NOT-FOR-US: Android/Pixel kernel
-CVE-2023-21398
-	RESERVED
-CVE-2023-21397
-	RESERVED
-CVE-2023-21396
-	RESERVED
-CVE-2023-21395
-	RESERVED
-CVE-2023-21394
-	RESERVED
-CVE-2023-21393
-	RESERVED
-CVE-2023-21392
-	RESERVED
-CVE-2023-21391
-	RESERVED
-CVE-2023-21390
-	RESERVED
-CVE-2023-21389
-	RESERVED
-CVE-2023-21388
-	RESERVED
-CVE-2023-21387
-	RESERVED
+CVE-2023-21398 (In sdksandbox, there is a possible strandhogg style overlay attack due ...)
+	TODO: check
+CVE-2023-21397 (In Setup Wizard, there is a possible way to save a WiFi network due to ...)
+	TODO: check
+CVE-2023-21396 (In Activity Manager, there is a possible background activity launch du ...)
+	TODO: check
+CVE-2023-21395 (In Bluetooth, there is a possible out of bounds read due to a use afte ...)
+	TODO: check
+CVE-2023-21394 (In Telecomm, there is a possible bypass of a multi user security bound ...)
+	TODO: check
+CVE-2023-21393 (In Settings, there is a possible way for the user to change SIM due to ...)
+	TODO: check
+CVE-2023-21392 (In Bluetooth, there is a possible way to corrupt memory due to a use a ...)
+	TODO: check
+CVE-2023-21391 (In Messaging, there is a possible way to disable the messaging applica ...)
+	TODO: check
+CVE-2023-21390 (In Sim, there is a possible way to evade mobile preference restriction ...)
+	TODO: check
+CVE-2023-21389 (In Settings, there is a possible bypass of profile owner restrictions  ...)
+	TODO: check
+CVE-2023-21388 (In Settings, there is a possible restriction bypass due to a missing p ...)
+	TODO: check
+CVE-2023-21387 (In User Backup Manager, there is a possible way to leak a token to byp ...)
+	TODO: check
 CVE-2023-21386
 	RESERVED
-CVE-2023-21385
-	RESERVED
-CVE-2023-21384
-	RESERVED
-CVE-2023-21383
-	RESERVED
-CVE-2023-21382
-	RESERVED
-CVE-2023-21381
-	RESERVED
-CVE-2023-21380
-	RESERVED
-CVE-2023-21379
-	RESERVED
-CVE-2023-21378
-	RESERVED
-CVE-2023-21377
-	RESERVED
-CVE-2023-21376
-	RESERVED
-CVE-2023-21375
-	RESERVED
-CVE-2023-21374
-	RESERVED
-CVE-2023-21373
-	RESERVED
-CVE-2023-21372
-	RESERVED
-CVE-2023-21371
-	RESERVED
-CVE-2023-21370
-	RESERVED
-CVE-2023-21369
-	RESERVED
-CVE-2023-21368
-	RESERVED
-CVE-2023-21367
-	RESERVED
-CVE-2023-21366
-	RESERVED
-CVE-2023-21365
-	RESERVED
-CVE-2023-21364
-	RESERVED
+CVE-2023-21385 (In Whitechapel, there is a possible out of bounds read due to memory c ...)
+	TODO: check
+CVE-2023-21384 (In Package Manager, there is a possible possible permissions bypass du ...)
+	TODO: check
+CVE-2023-21383 (In Settings, there is a possible way for the user to unintentionally s ...)
+	TODO: check
+CVE-2023-21382 (In Content Resolver, there is a possible method to access metadata abo ...)
+	TODO: check
+CVE-2023-21381 (In Media Resource Manager, there is a possible local arbitrary code ex ...)
+	TODO: check
+CVE-2023-21380 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...)
+	TODO: check
+CVE-2023-21379 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
+CVE-2023-21378 (In Telecomm, there is a possible way to silence the ring for calls of  ...)
+	TODO: check
+CVE-2023-21377 (In SELinux Policy, there is a possible restriction bypass due to a per ...)
+	TODO: check
+CVE-2023-21376 (In Telephony, there is a possible way to retrieve the ICCID due to a l ...)
+	TODO: check
+CVE-2023-21375 (In Sysproxy, there is a possible out of bounds write due to an integer ...)
+	TODO: check
+CVE-2023-21374 (In System UI, there is a possible factory reset protection bypass due  ...)
+	TODO: check
+CVE-2023-21373 (In Telephony, there is a possible way for a guest user to change the p ...)
+	TODO: check
+CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a missing ...)
+	TODO: check
+CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due to an i ...)
+	TODO: check
+CVE-2023-21370 (In the Security Element API, there is a possible out of bounds write d ...)
+	TODO: check
+CVE-2023-21369 (In Usage Access, there is a possible way to display a Settings usage a ...)
+	TODO: check
+CVE-2023-21368 (In Audio, there is a possible out of bounds read due to missing bounds ...)
+	TODO: check
+CVE-2023-21367 (In Scudo, there is a possible way to exploit certain heap OOB read/wri ...)
+	TODO: check
+CVE-2023-21366 (In Scudo, there is a possible way for an attacker to predict heap allo ...)
+	TODO: check
+CVE-2023-21365 (In Contacts, there is a possible crash loop due to resource exhaustion ...)
+	TODO: check
+CVE-2023-21364 (In ContactsProvider, there is a possible crash loop due to resource ex ...)
+	TODO: check
 CVE-2023-21363
 	RESERVED
-CVE-2023-21362
-	RESERVED
-CVE-2023-21361
-	RESERVED
-CVE-2023-21360
-	RESERVED
-CVE-2023-21359
-	RESERVED
-CVE-2023-21358
-	RESERVED
-CVE-2023-21357
-	RESERVED
-CVE-2023-21356
-	RESERVED
-CVE-2023-21355
-	RESERVED
-CVE-2023-21354
-	RESERVED
-CVE-2023-21353
-	RESERVED
-CVE-2023-21352
-	RESERVED
-CVE-2023-21351
-	RESERVED
-CVE-2023-21350
-	RESERVED
-CVE-2023-21349
-	RESERVED
-CVE-2023-21348
-	RESERVED
-CVE-2023-21347
-	RESERVED
-CVE-2023-21346
-	RESERVED
-CVE-2023-21345
-	RESERVED
-CVE-2023-21344
-	RESERVED
-CVE-2023-21343
-	RESERVED
-CVE-2023-21342
-	RESERVED
-CVE-2023-21341
-	RESERVED
-CVE-2023-21340
-	RESERVED
-CVE-2023-21339
-	RESERVED
-CVE-2023-21338
-	RESERVED
-CVE-2023-21337
-	RESERVED
-CVE-2023-21336
-	RESERVED
-CVE-2023-21335
-	RESERVED
-CVE-2023-21334
-	RESERVED
-CVE-2023-21333
-	RESERVED
-CVE-2023-21332
-	RESERVED
-CVE-2023-21331
-	RESERVED
-CVE-2023-21330
-	RESERVED
-CVE-2023-21329
-	RESERVED
-CVE-2023-21328
-	RESERVED
-CVE-2023-21327
-	RESERVED
-CVE-2023-21326
-	RESERVED
-CVE-2023-21325
-	RESERVED
-CVE-2023-21324
-	RESERVED
-CVE-2023-21323
-	RESERVED
+CVE-2023-21362 (In Usage, there is a possible permanent DoS due to resource exhaustion ...)
+	TODO: check
+CVE-2023-21361 (In Bluetooth, there is a possibility of code-execution due to a use af ...)
+	TODO: check
+CVE-2023-21360 (In Bluetooth, there is a possible out of bounds write due to improper  ...)
+	TODO: check
+CVE-2023-21359 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
+CVE-2023-21358 (In UWB Google, there is a possible way for a malicious app to masquera ...)
+	TODO: check
+CVE-2023-21357 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
+CVE-2023-21356 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+	TODO: check
+CVE-2023-21355 (In libaudioclient, there is a possible out of bounds write due to a us ...)
+	TODO: check
+CVE-2023-21354 (In Package Manager Service, there is a possible way to determine wheth ...)
+	TODO: check
+CVE-2023-21353 (In NFA, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
+CVE-2023-21352 (In NFA, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
+CVE-2023-21351 (In Activity Manager, there is a possible background activity launch du ...)
+	TODO: check
+CVE-2023-21350 (In Media Projection, there is a possible way to determine whether an a ...)
+	TODO: check
+CVE-2023-21349 (In Package Manager, there is a possible way to determine whether an ap ...)
+	TODO: check
+CVE-2023-21348 (In Window Manager, there is a possible way to determine whether an app ...)
+	TODO: check
+CVE-2023-21347 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
+CVE-2023-21346 (In the Device Idle Controller, there is a possible way to determine wh ...)
+	TODO: check
+CVE-2023-21345 (In Game Manager Service, there is a possible way to determine whether  ...)
+	TODO: check
+CVE-2023-21344 (In Job Scheduler, there is a possible way to determine whether an app  ...)
+	TODO: check
+CVE-2023-21343 (In ActivityStarter, there is a possible background activity launch due ...)
+	TODO: check
+CVE-2023-21342 (In Speech, there is a possible way to bypass background activity launc ...)
+	TODO: check
+CVE-2023-21341 (In Permission Manager, there is a possible way to bypass required perm ...)
+	TODO: check
+CVE-2023-21340 (In Telecomm, there is a possible way to get the call state due to a mi ...)
+	TODO: check
+CVE-2023-21339 (In Minikin, there is a possible way to trigger ANR by showing a malici ...)
+	TODO: check
+CVE-2023-21338 (In Input Method, there is a possible way to determine whether an app i ...)
+	TODO: check
+CVE-2023-21337 (In InputMethod, there is a possible way to determine whether an app is ...)
+	TODO: check
+CVE-2023-21336 (In Input Method, there is a possible way to determine whether an app i ...)
+	TODO: check
+CVE-2023-21335 (In Settings, there is a possible way to determine whether an app is in ...)
+	TODO: check
+CVE-2023-21334 (In App Ops Service, there is a possible disclosure of information abou ...)
+	TODO: check
+CVE-2023-21333 (In Text Services, there is a possible way to determine whether an app  ...)
+	TODO: check
+CVE-2023-21332 (In Text Services, there is a possible way to determine whether an app  ...)
+	TODO: check
+CVE-2023-21331 (In InputMethod, there is a possible way to determine whether an app is ...)
+	TODO: check
+CVE-2023-21330 (In Overlay Manager, there is a possible way to determine whether an ap ...)
+	TODO: check
+CVE-2023-21329 (In Activity Manager, there is a possible way to determine whether an a ...)
+	TODO: check
+CVE-2023-21328 (In Package Installer, there is a possible way to determine whether an  ...)
+	TODO: check
+CVE-2023-21327 (In Permission Manager, there is a possible way to determine whether an ...)
+	TODO: check
+CVE-2023-21326 (In Package Manager Service, there is a possible way to determine wheth ...)
+	TODO: check
+CVE-2023-21325 (In Settings, there is a possible way to determine whether an app is in ...)
+	TODO: check
+CVE-2023-21324 (In Package Installer, there is a possible way to determine whether an  ...)
+	TODO: check
+CVE-2023-21323 (In Activity Manager, there is a possible way to determine whether an a ...)
+	TODO: check
 CVE-2023-21322
 	RESERVED
-CVE-2023-21321
-	RESERVED
-CVE-2023-21320
-	RESERVED
-CVE-2023-21319
-	RESERVED
-CVE-2023-21318
-	RESERVED
-CVE-2023-21317
-	RESERVED
-CVE-2023-21316
-	RESERVED
-CVE-2023-21315
-	RESERVED
-CVE-2023-21314
-	RESERVED
-CVE-2023-21313
-	RESERVED
-CVE-2023-21312
-	RESERVED
-CVE-2023-21311
-	RESERVED
-CVE-2023-21310
-	RESERVED
-CVE-2023-21309
-	RESERVED
-CVE-2023-21308
-	RESERVED
-CVE-2023-21307
-	RESERVED
-CVE-2023-21306
-	RESERVED
-CVE-2023-21305
-	RESERVED
-CVE-2023-21304
-	RESERVED
-CVE-2023-21303
-	RESERVED
-CVE-2023-21302
-	RESERVED
-CVE-2023-21301
-	RESERVED
-CVE-2023-21300
-	RESERVED
-CVE-2023-21299
-	RESERVED
-CVE-2023-21298
-	RESERVED
-CVE-2023-21297
-	RESERVED
-CVE-2023-21296
-	RESERVED
-CVE-2023-21295
-	RESERVED
-CVE-2023-21294
-	RESERVED
-CVE-2023-21293
-	RESERVED
+CVE-2023-21321 (In Package Manager, there is a possible cross-user settings disclosure ...)
+	TODO: check
+CVE-2023-21320 (In Device Policy, there is a possible way to verify if a particular ad ...)
+	TODO: check
+CVE-2023-21319 (In UsageStatsService, there is a possible way to read installed 3rd pa ...)
+	TODO: check
+CVE-2023-21318 (In Content, there is a possible way to determine whether an app is ins ...)
+	TODO: check
+CVE-2023-21317 (In ContentService, there is a possible way to determine whether an app ...)
+	TODO: check
+CVE-2023-21316 (In Content, there is a possible way to determine whether an app is ins ...)
+	TODO: check
+CVE-2023-21315 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...)
+	TODO: check
+CVE-2023-21314 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
+CVE-2023-21313 (In Core, there is a possible way to forward calls without user knowled ...)
+	TODO: check
+CVE-2023-21312 (In IntentResolver, there is a possible cross-user media read due to a  ...)
+	TODO: check
+CVE-2023-21311 (In Settings, there is a possible way to control private DNS settings f ...)
+	TODO: check
+CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...)
+	TODO: check
+CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a missing bo ...)
+	TODO: check
+CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a missing b ...)
+	TODO: check
+CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth device to ...)
+	TODO: check
+CVE-2023-21306 (In ContentService, there is a possible way to read installed sync cont ...)
+	TODO: check
+CVE-2023-21305 (In Content, there is a possible way to determine whether an app is ins ...)
+	TODO: check
+CVE-2023-21304 (In Content Service, there is a possible way to determine whether an ap ...)
+	TODO: check
+CVE-2023-21303 (In Content, here is a possible way to determine whether an app is inst ...)
+	TODO: check
+CVE-2023-21302 (In Package Manager, there is a possible way to determine whether an ap ...)
+	TODO: check
+CVE-2023-21301 (In ActivityManagerService, there is a possible way to determine whethe ...)
+	TODO: check
+CVE-2023-21300 (In PackageManager, there is a possible way to determine whether an app ...)
+	TODO: check
+CVE-2023-21299 (In Package Manager, there is a possible way to determine whether an ap ...)
+	TODO: check
+CVE-2023-21298 (In Slice, there is a possible disclosure of installed applications due ...)
+	TODO: check
+CVE-2023-21297 (In SEPolicy, there is a possible way to access the factory MAC address ...)
+	TODO: check
+CVE-2023-21296 (In Permission, there is a possible way to determine whether an app is  ...)
+	TODO: check
+CVE-2023-21295 (In SliceManagerService, there is a possible way to check if a content  ...)
+	TODO: check
+CVE-2023-21294 (In Slice, there is a possible disclosure of installed packages due to  ...)
+	TODO: check
+CVE-2023-21293 (In PackageManagerNative, there is a possible way to determine whether  ...)
+	TODO: check
 CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible  ...)
 	NOT-FOR-US: Android
 CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...)
@@ -146145,8 +146218,8 @@ CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connec
 	NOT-FOR-US: Android
 CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible  ...)
 	NOT-FOR-US: Android
-CVE-2022-20531
-	REJECTED
+CVE-2022-20531 (In Telecom, there is a possible way to determine whether an app is ins ...)
+	TODO: check
 CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...)
 	NOT-FOR-US: Android
 CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a possible  ...)
@@ -146702,8 +146775,8 @@ CVE-2022-20266 (In Companion, there is a possible way to keep a service running
 	NOT-FOR-US: Android
 CVE-2022-20265 (In Settings, there is a possible way to bypass factory reset permissio ...)
 	NOT-FOR-US: Android
-CVE-2022-20264
-	RESERVED
+CVE-2022-20264 (In Usage Stats Service, there is a possible way to determine whether a ...)
+	TODO: check
 CVE-2022-20263 (In ActivityManager, there is a way to read process state for other use ...)
 	NOT-FOR-US: Android
 CVE-2022-20262 (In ActivityManager, there is a possible way to check another process's ...)
@@ -154250,8 +154323,8 @@ CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a u
 	NOT-FOR-US: Pixel
 CVE-2021-39811
 	RESERVED
-CVE-2021-39810
-	RESERVED
+CVE-2021-39810 (In NFC, there is a possible way to setup a default contactless payment ...)
+	TODO: check
 CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
 	NOT-FOR-US: Android
 CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, there is  ...)
@@ -218553,6 +218626,7 @@ CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check wh
 CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not  ...)
 	NOT-FOR-US: Eclipse Hawkbit
 CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0  ...)
+	{DLA-3641-1}
 	- jetty9 9.4.35-1 (bug #976211)
 	[stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, workarounds exist)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
@@ -221746,7 +221820,7 @@ CVE-2020-25872 (A vulnerability exists within the FileManagerController.php func
 CVE-2020-25871
 	RESERVED
 CVE-2020-25870
-	RESERVED
+	REJECTED
 CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...)
 	NOT-FOR-US: CentralAuth MediaWiki extension
 	NOTE: The extension requires some new infrastructure code which was added to the
@@ -366968,7 +367042,7 @@ CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support
 CVE-2018-11104
 	RESERVED
 CVE-2018-11103
-	RESERVED
+	REJECTED
 CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the  ...)
 	{DLA-1907-1}
 	- libav <removed> (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23fa199a422e75f8220fbbc393662cd208e8f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23fa199a422e75f8220fbbc393662cd208e8f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231030/39e63673/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list