[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 30 20:13:03 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f23fa19 by security tracker role at 2023-10-30T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...)
+ TODO: check
+CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote ...)
+ TODO: check
+CVE-2023-5833 (Improper Access Control in GitHub repository mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2023-5832 (Improper Input Validation in GitHub repository mintplex-labs/anything- ...)
+ TODO: check
+CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to PHP Obje ...)
+ TODO: check
+CVE-2023-5566 (The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-5565 (The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2023-5362 (The Carousel, Recent Post Slider and Banner Slider plugin for WordPres ...)
+ TODO: check
+CVE-2023-5335 (The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5315 (The Google Maps made Simple plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2023-5252 (The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5251 (The Grid Plus plugin for WordPress is vulnerable to unauthorized modif ...)
+ TODO: check
+CVE-2023-5250 (The Grid Plus plugin for WordPress is vulnerable to Local File Inclusi ...)
+ TODO: check
+CVE-2023-5199 (The PHP to Page plugin for WordPress is vulnerable Local File Inclusio ...)
+ TODO: check
+CVE-2023-5164 (The Bellows Accordion Menu plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2023-4964 (Potential open redirect vulnerability in opentext Service Management A ...)
+ TODO: check
+CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell met ...)
+ TODO: check
+CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint SSL VPN Cl ...)
+ TODO: check
+CVE-2023-45780 (In Print Service, there is a possible background activity launch due t ...)
+ TODO: check
+CVE-2023-44323 (Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected ...)
+ TODO: check
+CVE-2023-44078
+ REJECTED
+CVE-2023-43792 (baserCMS is a website development framework. In versions 4.6.0 through ...)
+ TODO: check
+CVE-2023-43649 (baserCMS is a website development framework. Prior to version 4.8.0, t ...)
+ TODO: check
+CVE-2023-43648 (baserCMS is a website development framework. Prior to version 4.8.0, t ...)
+ TODO: check
+CVE-2023-43647 (baserCMS is a website development framework. Prior to version 4.8.0, t ...)
+ TODO: check
+CVE-2023-42804 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...)
+ TODO: check
+CVE-2023-42803 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...)
+ TODO: check
+CVE-2023-42431 (Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension ...)
+ TODO: check
+CVE-2023-41891 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...)
+ TODO: check
+CVE-2023-41605
+ REJECTED
+CVE-2023-40943
+ REJECTED
+CVE-2023-40101 (In collapse of canonicalize_md.c, there is a possible out of bounds re ...)
+ TODO: check
+CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
+ TODO: check
+CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell meta ...)
+ TODO: check
CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...)
- dolibarr <removed>
NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3
@@ -75,7 +147,7 @@ CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption]
[bookworm] - nats-server <not-affected> (Vulnerable code not present)
NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt
NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
-CVE-2023-47090 [Adding accounts for just the system account adds auth bypass]
+CVE-2023-47090 (NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authent ...)
- nats-server 2.10.3-1
NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt
NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23
@@ -392,7 +464,7 @@ CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vuln
CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...)
NOT-FOR-US: ZITADEL
CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's ...)
- {DLA-3635-1}
+ {DSA-5539-1 DLA-3635-1}
- node-browserify-sign 4.2.2-1 (bug #1054667)
NOTE: https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw
NOTE: https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 (v4.2.2)
@@ -3613,6 +3685,7 @@ CVE-2023-36548 (A improper neutralization of special elements used in an os comm
CVE-2023-36547 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2023-36478 (Eclipse Jetty provides a web server and servlet container. In versions ...)
+ {DSA-5540-1 DLA-3641-1}
- jetty9 9.4.53-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
NOTE: https://github.com/eclipse/jetty.project/pull/9634
@@ -3697,7 +3770,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst
NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
NOTE: In scope for continued Samba support
CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
- {DSA-5522-1 DSA-5521-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
+ {DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
- tomcat9 9.0.70-2
- tomcat10 10.1.14-1
- trafficserver <unfixed> (bug #1053801; bug #1054427)
@@ -51405,9 +51478,9 @@ CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate an
CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-48190
- RESERVED
-CVE-2022-48189
- RESERVED
+ REJECTED
+CVE-2022-48189 (An SMM driver input validation vulnerability in the BIOS of some Think ...)
+ TODO: check
CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS driver of so ...)
NOT-FOR-US: Lenovo
CVE-2022-48187
@@ -54967,12 +55040,12 @@ CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4575
- RESERVED
-CVE-2022-4574
- RESERVED
-CVE-2022-4573
- RESERVED
+CVE-2022-4575 (A vulnerability due to improper write protection of UEFI variables was ...)
+ TODO: check
+CVE-2022-4574 (An SMI handler input validation vulnerability in the BIOS of some Thin ...)
+ TODO: check
+CVE-2022-4573 (An SMI handler input validation vulnerability in the ThinkPad X1 Fold ...)
+ TODO: check
CVE-2022-4572 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: UBI reader
CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...)
@@ -63784,218 +63857,218 @@ CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel
NOTE: https://twitter.com/VAR10CK/status/1683303642173153280
CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...)
NOT-FOR-US: Android/Pixel kernel
-CVE-2023-21398
- RESERVED
-CVE-2023-21397
- RESERVED
-CVE-2023-21396
- RESERVED
-CVE-2023-21395
- RESERVED
-CVE-2023-21394
- RESERVED
-CVE-2023-21393
- RESERVED
-CVE-2023-21392
- RESERVED
-CVE-2023-21391
- RESERVED
-CVE-2023-21390
- RESERVED
-CVE-2023-21389
- RESERVED
-CVE-2023-21388
- RESERVED
-CVE-2023-21387
- RESERVED
+CVE-2023-21398 (In sdksandbox, there is a possible strandhogg style overlay attack due ...)
+ TODO: check
+CVE-2023-21397 (In Setup Wizard, there is a possible way to save a WiFi network due to ...)
+ TODO: check
+CVE-2023-21396 (In Activity Manager, there is a possible background activity launch du ...)
+ TODO: check
+CVE-2023-21395 (In Bluetooth, there is a possible out of bounds read due to a use afte ...)
+ TODO: check
+CVE-2023-21394 (In Telecomm, there is a possible bypass of a multi user security bound ...)
+ TODO: check
+CVE-2023-21393 (In Settings, there is a possible way for the user to change SIM due to ...)
+ TODO: check
+CVE-2023-21392 (In Bluetooth, there is a possible way to corrupt memory due to a use a ...)
+ TODO: check
+CVE-2023-21391 (In Messaging, there is a possible way to disable the messaging applica ...)
+ TODO: check
+CVE-2023-21390 (In Sim, there is a possible way to evade mobile preference restriction ...)
+ TODO: check
+CVE-2023-21389 (In Settings, there is a possible bypass of profile owner restrictions ...)
+ TODO: check
+CVE-2023-21388 (In Settings, there is a possible restriction bypass due to a missing p ...)
+ TODO: check
+CVE-2023-21387 (In User Backup Manager, there is a possible way to leak a token to byp ...)
+ TODO: check
CVE-2023-21386
RESERVED
-CVE-2023-21385
- RESERVED
-CVE-2023-21384
- RESERVED
-CVE-2023-21383
- RESERVED
-CVE-2023-21382
- RESERVED
-CVE-2023-21381
- RESERVED
-CVE-2023-21380
- RESERVED
-CVE-2023-21379
- RESERVED
-CVE-2023-21378
- RESERVED
-CVE-2023-21377
- RESERVED
-CVE-2023-21376
- RESERVED
-CVE-2023-21375
- RESERVED
-CVE-2023-21374
- RESERVED
-CVE-2023-21373
- RESERVED
-CVE-2023-21372
- RESERVED
-CVE-2023-21371
- RESERVED
-CVE-2023-21370
- RESERVED
-CVE-2023-21369
- RESERVED
-CVE-2023-21368
- RESERVED
-CVE-2023-21367
- RESERVED
-CVE-2023-21366
- RESERVED
-CVE-2023-21365
- RESERVED
-CVE-2023-21364
- RESERVED
+CVE-2023-21385 (In Whitechapel, there is a possible out of bounds read due to memory c ...)
+ TODO: check
+CVE-2023-21384 (In Package Manager, there is a possible possible permissions bypass du ...)
+ TODO: check
+CVE-2023-21383 (In Settings, there is a possible way for the user to unintentionally s ...)
+ TODO: check
+CVE-2023-21382 (In Content Resolver, there is a possible method to access metadata abo ...)
+ TODO: check
+CVE-2023-21381 (In Media Resource Manager, there is a possible local arbitrary code ex ...)
+ TODO: check
+CVE-2023-21380 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...)
+ TODO: check
+CVE-2023-21379 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-21378 (In Telecomm, there is a possible way to silence the ring for calls of ...)
+ TODO: check
+CVE-2023-21377 (In SELinux Policy, there is a possible restriction bypass due to a per ...)
+ TODO: check
+CVE-2023-21376 (In Telephony, there is a possible way to retrieve the ICCID due to a l ...)
+ TODO: check
+CVE-2023-21375 (In Sysproxy, there is a possible out of bounds write due to an integer ...)
+ TODO: check
+CVE-2023-21374 (In System UI, there is a possible factory reset protection bypass due ...)
+ TODO: check
+CVE-2023-21373 (In Telephony, there is a possible way for a guest user to change the p ...)
+ TODO: check
+CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2023-21370 (In the Security Element API, there is a possible out of bounds write d ...)
+ TODO: check
+CVE-2023-21369 (In Usage Access, there is a possible way to display a Settings usage a ...)
+ TODO: check
+CVE-2023-21368 (In Audio, there is a possible out of bounds read due to missing bounds ...)
+ TODO: check
+CVE-2023-21367 (In Scudo, there is a possible way to exploit certain heap OOB read/wri ...)
+ TODO: check
+CVE-2023-21366 (In Scudo, there is a possible way for an attacker to predict heap allo ...)
+ TODO: check
+CVE-2023-21365 (In Contacts, there is a possible crash loop due to resource exhaustion ...)
+ TODO: check
+CVE-2023-21364 (In ContactsProvider, there is a possible crash loop due to resource ex ...)
+ TODO: check
CVE-2023-21363
RESERVED
-CVE-2023-21362
- RESERVED
-CVE-2023-21361
- RESERVED
-CVE-2023-21360
- RESERVED
-CVE-2023-21359
- RESERVED
-CVE-2023-21358
- RESERVED
-CVE-2023-21357
- RESERVED
-CVE-2023-21356
- RESERVED
-CVE-2023-21355
- RESERVED
-CVE-2023-21354
- RESERVED
-CVE-2023-21353
- RESERVED
-CVE-2023-21352
- RESERVED
-CVE-2023-21351
- RESERVED
-CVE-2023-21350
- RESERVED
-CVE-2023-21349
- RESERVED
-CVE-2023-21348
- RESERVED
-CVE-2023-21347
- RESERVED
-CVE-2023-21346
- RESERVED
-CVE-2023-21345
- RESERVED
-CVE-2023-21344
- RESERVED
-CVE-2023-21343
- RESERVED
-CVE-2023-21342
- RESERVED
-CVE-2023-21341
- RESERVED
-CVE-2023-21340
- RESERVED
-CVE-2023-21339
- RESERVED
-CVE-2023-21338
- RESERVED
-CVE-2023-21337
- RESERVED
-CVE-2023-21336
- RESERVED
-CVE-2023-21335
- RESERVED
-CVE-2023-21334
- RESERVED
-CVE-2023-21333
- RESERVED
-CVE-2023-21332
- RESERVED
-CVE-2023-21331
- RESERVED
-CVE-2023-21330
- RESERVED
-CVE-2023-21329
- RESERVED
-CVE-2023-21328
- RESERVED
-CVE-2023-21327
- RESERVED
-CVE-2023-21326
- RESERVED
-CVE-2023-21325
- RESERVED
-CVE-2023-21324
- RESERVED
-CVE-2023-21323
- RESERVED
+CVE-2023-21362 (In Usage, there is a possible permanent DoS due to resource exhaustion ...)
+ TODO: check
+CVE-2023-21361 (In Bluetooth, there is a possibility of code-execution due to a use af ...)
+ TODO: check
+CVE-2023-21360 (In Bluetooth, there is a possible out of bounds write due to improper ...)
+ TODO: check
+CVE-2023-21359 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-21358 (In UWB Google, there is a possible way for a malicious app to masquera ...)
+ TODO: check
+CVE-2023-21357 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-21356 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2023-21355 (In libaudioclient, there is a possible out of bounds write due to a us ...)
+ TODO: check
+CVE-2023-21354 (In Package Manager Service, there is a possible way to determine wheth ...)
+ TODO: check
+CVE-2023-21353 (In NFA, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-21352 (In NFA, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-21351 (In Activity Manager, there is a possible background activity launch du ...)
+ TODO: check
+CVE-2023-21350 (In Media Projection, there is a possible way to determine whether an a ...)
+ TODO: check
+CVE-2023-21349 (In Package Manager, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2023-21348 (In Window Manager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2023-21347 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-21346 (In the Device Idle Controller, there is a possible way to determine wh ...)
+ TODO: check
+CVE-2023-21345 (In Game Manager Service, there is a possible way to determine whether ...)
+ TODO: check
+CVE-2023-21344 (In Job Scheduler, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2023-21343 (In ActivityStarter, there is a possible background activity launch due ...)
+ TODO: check
+CVE-2023-21342 (In Speech, there is a possible way to bypass background activity launc ...)
+ TODO: check
+CVE-2023-21341 (In Permission Manager, there is a possible way to bypass required perm ...)
+ TODO: check
+CVE-2023-21340 (In Telecomm, there is a possible way to get the call state due to a mi ...)
+ TODO: check
+CVE-2023-21339 (In Minikin, there is a possible way to trigger ANR by showing a malici ...)
+ TODO: check
+CVE-2023-21338 (In Input Method, there is a possible way to determine whether an app i ...)
+ TODO: check
+CVE-2023-21337 (In InputMethod, there is a possible way to determine whether an app is ...)
+ TODO: check
+CVE-2023-21336 (In Input Method, there is a possible way to determine whether an app i ...)
+ TODO: check
+CVE-2023-21335 (In Settings, there is a possible way to determine whether an app is in ...)
+ TODO: check
+CVE-2023-21334 (In App Ops Service, there is a possible disclosure of information abou ...)
+ TODO: check
+CVE-2023-21333 (In Text Services, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2023-21332 (In Text Services, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2023-21331 (In InputMethod, there is a possible way to determine whether an app is ...)
+ TODO: check
+CVE-2023-21330 (In Overlay Manager, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2023-21329 (In Activity Manager, there is a possible way to determine whether an a ...)
+ TODO: check
+CVE-2023-21328 (In Package Installer, there is a possible way to determine whether an ...)
+ TODO: check
+CVE-2023-21327 (In Permission Manager, there is a possible way to determine whether an ...)
+ TODO: check
+CVE-2023-21326 (In Package Manager Service, there is a possible way to determine wheth ...)
+ TODO: check
+CVE-2023-21325 (In Settings, there is a possible way to determine whether an app is in ...)
+ TODO: check
+CVE-2023-21324 (In Package Installer, there is a possible way to determine whether an ...)
+ TODO: check
+CVE-2023-21323 (In Activity Manager, there is a possible way to determine whether an a ...)
+ TODO: check
CVE-2023-21322
RESERVED
-CVE-2023-21321
- RESERVED
-CVE-2023-21320
- RESERVED
-CVE-2023-21319
- RESERVED
-CVE-2023-21318
- RESERVED
-CVE-2023-21317
- RESERVED
-CVE-2023-21316
- RESERVED
-CVE-2023-21315
- RESERVED
-CVE-2023-21314
- RESERVED
-CVE-2023-21313
- RESERVED
-CVE-2023-21312
- RESERVED
-CVE-2023-21311
- RESERVED
-CVE-2023-21310
- RESERVED
-CVE-2023-21309
- RESERVED
-CVE-2023-21308
- RESERVED
-CVE-2023-21307
- RESERVED
-CVE-2023-21306
- RESERVED
-CVE-2023-21305
- RESERVED
-CVE-2023-21304
- RESERVED
-CVE-2023-21303
- RESERVED
-CVE-2023-21302
- RESERVED
-CVE-2023-21301
- RESERVED
-CVE-2023-21300
- RESERVED
-CVE-2023-21299
- RESERVED
-CVE-2023-21298
- RESERVED
-CVE-2023-21297
- RESERVED
-CVE-2023-21296
- RESERVED
-CVE-2023-21295
- RESERVED
-CVE-2023-21294
- RESERVED
-CVE-2023-21293
- RESERVED
+CVE-2023-21321 (In Package Manager, there is a possible cross-user settings disclosure ...)
+ TODO: check
+CVE-2023-21320 (In Device Policy, there is a possible way to verify if a particular ad ...)
+ TODO: check
+CVE-2023-21319 (In UsageStatsService, there is a possible way to read installed 3rd pa ...)
+ TODO: check
+CVE-2023-21318 (In Content, there is a possible way to determine whether an app is ins ...)
+ TODO: check
+CVE-2023-21317 (In ContentService, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2023-21316 (In Content, there is a possible way to determine whether an app is ins ...)
+ TODO: check
+CVE-2023-21315 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...)
+ TODO: check
+CVE-2023-21314 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-21313 (In Core, there is a possible way to forward calls without user knowled ...)
+ TODO: check
+CVE-2023-21312 (In IntentResolver, there is a possible cross-user media read due to a ...)
+ TODO: check
+CVE-2023-21311 (In Settings, there is a possible way to control private DNS settings f ...)
+ TODO: check
+CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...)
+ TODO: check
+CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a missing bo ...)
+ TODO: check
+CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a missing b ...)
+ TODO: check
+CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth device to ...)
+ TODO: check
+CVE-2023-21306 (In ContentService, there is a possible way to read installed sync cont ...)
+ TODO: check
+CVE-2023-21305 (In Content, there is a possible way to determine whether an app is ins ...)
+ TODO: check
+CVE-2023-21304 (In Content Service, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2023-21303 (In Content, here is a possible way to determine whether an app is inst ...)
+ TODO: check
+CVE-2023-21302 (In Package Manager, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2023-21301 (In ActivityManagerService, there is a possible way to determine whethe ...)
+ TODO: check
+CVE-2023-21300 (In PackageManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2023-21299 (In Package Manager, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2023-21298 (In Slice, there is a possible disclosure of installed applications due ...)
+ TODO: check
+CVE-2023-21297 (In SEPolicy, there is a possible way to access the factory MAC address ...)
+ TODO: check
+CVE-2023-21296 (In Permission, there is a possible way to determine whether an app is ...)
+ TODO: check
+CVE-2023-21295 (In SliceManagerService, there is a possible way to check if a content ...)
+ TODO: check
+CVE-2023-21294 (In Slice, there is a possible disclosure of installed packages due to ...)
+ TODO: check
+CVE-2023-21293 (In PackageManagerNative, there is a possible way to determine whether ...)
+ TODO: check
CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...)
@@ -146145,8 +146218,8 @@ CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connec
NOT-FOR-US: Android
CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible ...)
NOT-FOR-US: Android
-CVE-2022-20531
- REJECTED
+CVE-2022-20531 (In Telecom, there is a possible way to determine whether an app is ins ...)
+ TODO: check
CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...)
NOT-FOR-US: Android
CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a possible ...)
@@ -146702,8 +146775,8 @@ CVE-2022-20266 (In Companion, there is a possible way to keep a service running
NOT-FOR-US: Android
CVE-2022-20265 (In Settings, there is a possible way to bypass factory reset permissio ...)
NOT-FOR-US: Android
-CVE-2022-20264
- RESERVED
+CVE-2022-20264 (In Usage Stats Service, there is a possible way to determine whether a ...)
+ TODO: check
CVE-2022-20263 (In ActivityManager, there is a way to read process state for other use ...)
NOT-FOR-US: Android
CVE-2022-20262 (In ActivityManager, there is a possible way to check another process's ...)
@@ -154250,8 +154323,8 @@ CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a u
NOT-FOR-US: Pixel
CVE-2021-39811
RESERVED
-CVE-2021-39810
- RESERVED
+CVE-2021-39810 (In NFC, there is a possible way to setup a default contactless payment ...)
+ TODO: check
CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
NOT-FOR-US: Android
CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, there is ...)
@@ -218553,6 +218626,7 @@ CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check wh
CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not ...)
NOT-FOR-US: Eclipse Hawkbit
CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...)
+ {DLA-3641-1}
- jetty9 9.4.35-1 (bug #976211)
[stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, workarounds exist)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
@@ -221746,7 +221820,7 @@ CVE-2020-25872 (A vulnerability exists within the FileManagerController.php func
CVE-2020-25871
RESERVED
CVE-2020-25870
- RESERVED
+ REJECTED
CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...)
NOT-FOR-US: CentralAuth MediaWiki extension
NOTE: The extension requires some new infrastructure code which was added to the
@@ -366968,7 +367042,7 @@ CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support
CVE-2018-11104
RESERVED
CVE-2018-11103
- RESERVED
+ REJECTED
CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the ...)
{DLA-1907-1}
- libav <removed> (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23fa199a422e75f8220fbbc393662cd208e8f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23fa199a422e75f8220fbbc393662cd208e8f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231030/39e63673/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list