[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Sep 4 11:12:36 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53bbf947 by Moritz Muehlenhoff at 2023-09-04T12:12:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -540,13 +540,13 @@ CVE-2023-3404 (The ProfileGrid plugin for WordPress is vulnerable to unauthorize
CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...)
NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress
CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path traversa ...)
- TODO: check
+ NOT-FOR-US: archive Dart library
CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute a path t ...)
NOT-FOR-US: ZIPFoundation
CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenames whi ...)
- TODO: check
+ NOT-FOR-US: archive Dart library
CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...)
- TODO: check
+ NOT-FOR-US: SSZipArchive
CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...)
NOT-FOR-US: Zip Swift
CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...)
@@ -814,7 +814,7 @@ CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_cente
NOTE: https://hackmd.io/@cspl/B1ZkFZv23
TODO: check if reported upstream
CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...)
- TODO: check
+ NOT-FOR-US: SpringBlade
CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...)
NOT-FOR-US: Arista
CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...)
@@ -17067,9 +17067,9 @@ CVE-2022-48455
CVE-2022-48454
RESERVED
CVE-2022-48453 (In camera driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48452 (In Ifaa service, there is a possible missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...)
NOT-FOR-US: Unisoc
CVE-2022-48450 (In bluetooth service, there is a possible missing params check. This ...)
@@ -20979,7 +20979,6 @@ CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools sof
NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62 (mdadm-4.2-rc2)
NOTE: Negligible security impact as the memory leak is after "mdadm --detail" which
NOTE: is one shoot action.
- TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2
CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...)
- mdadm 4.2-1
[bullseye] - mdadm <no-dsa> (Minor issue)
@@ -37624,7 +37623,7 @@ CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub E
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23763 (An authorization/sensitive information disclosure vulnerability was id ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...)
@@ -46762,9 +46761,9 @@ CVE-2022-47355 (In log service, there is a missing permission check. This could
CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...)
NOT-FOR-US: Unisoc
CVE-2022-47353 (In vdsp device, there is a possible system crash due to improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47352 (In camera driver, there is a possible out of bounds read due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47351 (In camera driver, there is a possible out of bounds read due to a miss ...)
NOT-FOR-US: Unisoc
CVE-2022-47350 (In camera driver, there is a possible out of bounds read due to a miss ...)
@@ -57610,69 +57609,69 @@ CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to dow
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...)
NOT-FOR-US: PHOENIX
CVE-2023-20851 (In stc, there is a possible out of bounds read due to a race condition ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20850 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20849 (In imgsys_cmdq, there is a possible use after free due to a missing va ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20848 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20847 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20846 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20845 (In imgsys, there is a possible out of bounds read due to a missing val ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20844 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20843 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20842 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20841 (In imgsys, there is a possible out of bounds write due to a missing va ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20840 (In imgsys, there is a possible out of bounds read and write due to a m ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20839 (In imgsys, there is a possible out of bounds read due to a missing val ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20838 (In imgsys, there is a possible out of bounds read due to a race condit ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20837 (In seninf, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20836 (In camsys, there is a possible out of bounds read due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20835 (In camsys, there is a possible use after free due to a race condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20834 (In pda, there is a possible use after free due to a race condition. Th ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20833 (In keyinstall, there is a possible information disclosure due to a mis ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20832 (In gps, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20831 (In gps, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20830 (In gps, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20829 (In gps, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20828 (In gps, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20827 (In ims service, there is a possible memory corruption due to a race co ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20826 (In cta, there is a possible information disclosure due to a missing pe ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20825 (In duraspeed, there is a possible information disclosure due to a miss ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20824 (In duraspeed, there is a possible information disclosure due to a miss ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20823 (In cmdq, there is a possible out of bounds read due to an incorrect st ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20822 (In netdagent, there is a possible out of bounds write due to a missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20819
RESERVED
CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53bbf9473f03e67a29f4b4a25e1c1a9d655db281
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53bbf9473f03e67a29f4b4a25e1c1a9d655db281
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230904/691ced2d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list