[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 5 11:02:09 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d3a935d by security tracker role at 2023-09-05T10:01:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,157 @@
+CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.)
+ TODO: check
+CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
+ TODO: check
+CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.)
+ TODO: check
+CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.)
+ TODO: check
+CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
+ TODO: check
+CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.)
+ TODO: check
+CVE-2023-4748 (A vulnerability, which was classified as critical, has been found in Y ...)
+ TODO: check
+CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.)
+ TODO: check
+CVE-2023-4636 (The WordPress File Sharing Plugin plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-4616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2023-4615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2023-4614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2023-4613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2023-4587 (An IDOR vulnerability has been found in ZKTeco ZEM800 product affectin ...)
+ TODO: check
+CVE-2023-4540 (Improper Handling of Exceptional Conditions vulnerability in Daurnimat ...)
+ TODO: check
+CVE-2023-4298 (The 123.chat WordPress plugin before 1.3.1 does not sanitise and escap ...)
+ TODO: check
+CVE-2023-4284 (The Post Timeline WordPress plugin before 2.2.6 does not sanitise and ...)
+ TODO: check
+CVE-2023-4279 (This User Activity Log WordPress plugin before 1.6.7 retrieves client ...)
+ TODO: check
+CVE-2023-4269 (The User Activity Log WordPress plugin before 1.6.6 lacks proper autho ...)
+ TODO: check
+CVE-2023-4254 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...)
+ TODO: check
+CVE-2023-4253 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...)
+ TODO: check
+CVE-2023-4216 (The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 does ...)
+ TODO: check
+CVE-2023-4151 (The Store Locator WordPress plugin before 1.4.13 does not sanitise and ...)
+ TODO: check
+CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks authorisation ...)
+ TODO: check
+CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not properly lim ...)
+ TODO: check
+CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU ...)
+ TODO: check
+CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...)
+ TODO: check
+CVE-2023-41908 (Cerebrate before 1.15 lacks the Secure attribute for the session cooki ...)
+ TODO: check
+CVE-2023-41058 (Parse Server is an open source backend server. In affected versions th ...)
+ TODO: check
+CVE-2023-41057 (hyper-bump-it is a command line tool for updating the version in proje ...)
+ TODO: check
+CVE-2023-41055 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...)
+ TODO: check
+CVE-2023-41054 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...)
+ TODO: check
+CVE-2023-41052 (Vyper is a Pythonic Smart Contract Language. In affected versions the ...)
+ TODO: check
+CVE-2023-40937
+ REJECTED
+CVE-2023-40936
+ REJECTED
+CVE-2023-40705 (Stored cross-site scripting vulnerability in Map setting page of VI We ...)
+ TODO: check
+CVE-2023-40535 (Stored cross-site scripting vulnerability in View setting page of VI W ...)
+ TODO: check
+CVE-2023-40214 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes ...)
+ TODO: check
+CVE-2023-40208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksand ...)
+ TODO: check
+CVE-2023-40206 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk- ...)
+ TODO: check
+CVE-2023-40205 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgra ...)
+ TODO: check
+CVE-2023-40197 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-40196 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
+ TODO: check
+CVE-2023-40015 (Vyper is a Pythonic Smart Contract Language. For the following (probab ...)
+ TODO: check
+CVE-2023-3814 (The Advanced File Manager WordPress plugin before 5.1.1 does not adequ ...)
+ TODO: check
+CVE-2023-3499 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
+ TODO: check
+CVE-2023-3222 (Vulnerability in the password recovery mechanism of Password Recovery ...)
+ TODO: check
+CVE-2023-3221 (User enumeration vulnerability in Password Recovery plugin 1.2 version ...)
+ TODO: check
+CVE-2023-39992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Co ...)
+ TODO: check
+CVE-2023-39991 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindsid ...)
+ TODO: check
+CVE-2023-39988 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-39987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...)
+ TODO: check
+CVE-2023-39938 (Reflected cross-site scripting vulnerability in VI Web Client prior to ...)
+ TODO: check
+CVE-2023-39919 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maen ...)
+ TODO: check
+CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJ ...)
+ TODO: check
+CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a r ...)
+ TODO: check
+CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui ...)
+ TODO: check
+CVE-2023-39162 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugin ...)
+ TODO: check
+CVE-2023-38574 (Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a r ...)
+ TODO: check
+CVE-2023-38569 (Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18. ...)
+ TODO: check
+CVE-2023-37393 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atar ...)
+ TODO: check
+CVE-2023-36492 (Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1. ...)
+ TODO: check
+CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
+ TODO: check
+CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...)
+ TODO: check
+CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer ...)
+ TODO: check
+CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP res ...)
+ TODO: check
+CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...)
+ TODO: check
+CVE-2023-33021 (Memory corruption in Graphics while processing user packets for comman ...)
+ TODO: check
+CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like channel out o ...)
+ TODO: check
+CVE-2023-33019 (Transient DOS in WLAN Host while doing channel switch announcement (CS ...)
+ TODO: check
+CVE-2023-33016 (Transient DOS in WLAN firmware while parsing MLO (multi-link operation ...)
+ TODO: check
+CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of a recei ...)
+ TODO: check
+CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External Authentication Ser ...)
+ TODO: check
+CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu pa ...)
+ TODO: check
+CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...)
+ TODO: check
CVE-2023-41164
- python-django 3:3.2.21-1 (bug #1051226)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
@@ -901,7 +1055,7 @@ CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585
CVE-2023-4584
- {DSA-5488-1 DSA-5485-1 DLA-3553-1}
+ {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -931,7 +1085,7 @@ CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582
CVE-2023-4581
- {DSA-5488-1 DSA-5485-1 DLA-3553-1}
+ {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -991,7 +1145,7 @@ CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576
CVE-2023-4575
- {DSA-5488-1 DSA-5485-1 DLA-3553-1}
+ {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -1000,7 +1154,7 @@ CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575
CVE-2023-4574
- {DSA-5488-1 DSA-5485-1 DLA-3553-1}
+ {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -1009,7 +1163,7 @@ CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574
CVE-2023-4573
- {DSA-5488-1 DSA-5485-1 DLA-3553-1}
+ {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -1875,6 +2029,7 @@ CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop in
NOTE: https://github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6 (v3.7.7rc1)
NOTE: https://github.com/python/cpython/commit/c563f409ea30bcb0623d785428c9257917371b76 (v3.6.11rc1)
CVE-2022-48554 (File before 5.43 has an stack-based buffer over-read in file_copystr i ...)
+ {DSA-5489-1}
- file 1:5.44-1
NOTE: https://bugs.astron.com/view.php?id=310
NOTE: Fixed by: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 (FILE5_42)
@@ -3025,6 +3180,7 @@ CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before
CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...)
NOT-FOR-US: Intel
CVE-2023-38104 [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling]
+ {DSA-5476-1 DLA-3552-1}
- gst-plugins-ugly1.0 1.22.5-1 (bug #1043501)
- gst-plugins-ugly0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0005.html
@@ -3033,6 +3189,7 @@ CVE-2023-38104 [ZDI-CAN-21444: Integer overflow leading to heap overwrite in Rea
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eb89e0a13eeb59fc5bab787ded50faf6a50087e3 (1.22.5)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1008/
CVE-2023-38103 [ZDI-CAN-21443: Integer overflow leading to heap overwrite in RealMedia file handling]
+ {DSA-5476-1 DLA-3552-1}
- gst-plugins-ugly1.0 1.22.5-1 (bug #1043501)
- gst-plugins-ugly0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0004.html
@@ -4294,6 +4451,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compile
NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
CVE-2023-3995
+ REJECTED
NOTE: https://ubuntu.com/security/CVE-2023-3995
NOTE: Duplicate of CVE-2023-4147
CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...)
@@ -14936,8 +15094,8 @@ CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing
NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima
CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31220
- RESERVED
+CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPER ...)
+ TODO: check
CVE-2023-31219
RESERVED
CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
@@ -17385,8 +17543,8 @@ CVE-2023-30496
RESERVED
CVE-2023-30495
RESERVED
-CVE-2023-30494
- RESERVED
+CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
+ TODO: check
CVE-2023-30493
RESERVED
CVE-2023-30492
@@ -17403,8 +17561,8 @@ CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Th
NOT-FOR-US: WordPress plugin
CVE-2023-30486
RESERVED
-CVE-2023-30485
- RESERVED
+CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin I ...)
+ TODO: check
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...)
@@ -20661,8 +20819,8 @@ CVE-2023-29263
RESERVED
CVE-2023-29262
RESERVED
-CVE-2023-29261
- RESERVED
+CVE-2023-29261 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user wit ...)
+ TODO: check
CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side ...)
NOT-FOR-US: IBM
CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to ...)
@@ -23129,14 +23287,14 @@ CVE-2023-28586
RESERVED
CVE-2023-28585
RESERVED
-CVE-2023-28584
- RESERVED
+CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...)
+ TODO: check
CVE-2023-28583
RESERVED
CVE-2023-28582
RESERVED
-CVE-2023-28581
- RESERVED
+CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...)
+ TODO: check
CVE-2023-28580
RESERVED
CVE-2023-28579
@@ -23151,8 +23309,8 @@ CVE-2023-28575 (The cam_get_device_priv function does not check the type of hand
NOT-FOR-US: Qualcomm
CVE-2023-28574
RESERVED
-CVE-2023-28573
- RESERVED
+CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.)
+ TODO: check
CVE-2023-28572
RESERVED
CVE-2023-28571
@@ -23163,28 +23321,28 @@ CVE-2023-28569
RESERVED
CVE-2023-28568
RESERVED
-CVE-2023-28567
- RESERVED
+CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...)
+ TODO: check
CVE-2023-28566
RESERVED
-CVE-2023-28565
- RESERVED
-CVE-2023-28564
- RESERVED
+CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...)
+ TODO: check
+CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...)
+ TODO: check
CVE-2023-28563
RESERVED
-CVE-2023-28562
- RESERVED
+CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.)
+ TODO: check
CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28560
- RESERVED
-CVE-2023-28559
- RESERVED
-CVE-2023-28558
- RESERVED
-CVE-2023-28557
- RESERVED
+CVE-2023-28560 (Memory corruption in WLAN HAL while processing devIndex from untrusted ...)
+ TODO: check
+CVE-2023-28559 (Memory corruption in WLAN FW while processing command parameters from ...)
+ TODO: check
+CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx status ...)
+ TODO: check
+CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...)
+ TODO: check
CVE-2023-28556
RESERVED
CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...)
@@ -23199,20 +23357,20 @@ CVE-2023-28551
RESERVED
CVE-2023-28550
RESERVED
-CVE-2023-28549
- RESERVED
-CVE-2023-28548
- RESERVED
+CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in processing TL ...)
+ TODO: check
+CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...)
+ TODO: check
CVE-2023-28547
RESERVED
CVE-2023-28546
RESERVED
CVE-2023-28545
RESERVED
-CVE-2023-28544
- RESERVED
-CVE-2023-28543
- RESERVED
+CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...)
+ TODO: check
+CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...)
+ TODO: check
CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.)
NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
@@ -23221,8 +23379,8 @@ CVE-2023-28540
RESERVED
CVE-2023-28539
RESERVED
-CVE-2023-28538
- RESERVED
+CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...)
+ TODO: check
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
NOT-FOR-US: Qualcomm
CVE-2023-28536
@@ -24921,8 +25079,8 @@ CVE-2023-28074
RESERVED
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
NOT-FOR-US: Dell
-CVE-2023-28072
- RESERVED
+CVE-2023-28072 (Dell Alienware Command Center, versions prior to 5.5.51.0, contain a d ...)
+ TODO: check
CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...)
NOT-FOR-US: Dell
CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...)
@@ -32799,8 +32957,8 @@ CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores,
NOT-FOR-US: WordPress plugin
CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamus ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25465
- RESERVED
+CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25463
@@ -40630,8 +40788,8 @@ CVE-2023-22872
RESERVED
CVE-2023-22871
RESERVED
-CVE-2023-22870
- RESERVED
+CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext w ...)
+ TODO: check
CVE-2023-22869
RESERVED
CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vu ...)
@@ -48476,18 +48634,18 @@ CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action fra
NOT-FOR-US: Qualcomm
CVE-2023-21668
RESERVED
-CVE-2023-21667
- RESERVED
+CVE-2023-21667 (Transient DOS in Bluetooth HOST while passing descriptor to validate t ...)
+ TODO: check
CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer allocated throu ...)
NOT-FOR-US: Qualcomm
CVE-2023-21665 (Memory corruption in Graphics while importing a file.)
NOT-FOR-US: Qualcomm
-CVE-2023-21664
- RESERVED
-CVE-2023-21663
- RESERVED
-CVE-2023-21662
- RESERVED
+CVE-2023-21664 (Memory Corruption in Core Platform while printing the response buffer ...)
+ TODO: check
+CVE-2023-21663 (Memory Corruption while accessing metadata in Display.)
+ TODO: check
+CVE-2023-21662 (Memory corruption in Core Platform while printing the response buffer ...)
+ TODO: check
CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response frame.)
NOT-FOR-US: Qualcomm
CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information Elements.)
@@ -48500,12 +48658,12 @@ CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record u
NOT-FOR-US: Qualcomm
CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event from firmw ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21655
- RESERVED
-CVE-2023-21654
- RESERVED
-CVE-2023-21653
- RESERVED
+CVE-2023-21655 (Memory corruption in Audio while validating and mapping metadata.)
+ TODO: check
+CVE-2023-21654 (Memory corruption in Audio during playback session with audio effects ...)
+ TODO: check
+CVE-2023-21653 (Transient DOS in Modem while processing RRC reconfiguration message.)
+ TODO: check
CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...)
NOT-FOR-US: Qualcomm
CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in ...)
@@ -48518,12 +48676,12 @@ CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.)
NOT-FOR-US: Qualcomm
CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...)
NOT-FOR-US: Qualcomm
-CVE-2023-21646
- RESERVED
+CVE-2023-21646 (Transient DOS in Modem while processing invalid System Information Blo ...)
+ TODO: check
CVE-2023-21645
RESERVED
-CVE-2023-21644
- RESERVED
+CVE-2023-21644 (Memory corruption in RIL due to Integer Overflow while triggering qcri ...)
+ TODO: check
CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
@@ -48538,8 +48696,8 @@ CVE-2023-21638 (Memory corruption in Video while calling APIs with different ins
NOT-FOR-US: Qualcomm
CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.)
NOT-FOR-US: Qualcomm
-CVE-2023-21636
- RESERVED
+CVE-2023-21636 (Memory Corruption due to improper validation of array index in Linux w ...)
+ TODO: check
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21634
@@ -59638,8 +59796,8 @@ CVE-2022-43905
RESERVED
CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...)
NOT-FOR-US: IBM
-CVE-2022-43903
- RESERVED
+CVE-2022-43903 (IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticate ...)
+ TODO: check
CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial ...)
NOT-FOR-US: IBM
CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 coul ...)
@@ -69032,8 +69190,8 @@ CVE-2022-40536 (Transient DOS due to improper authentication in modem while rece
NOT-FOR-US: Qualcomm
CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...)
NOT-FOR-US: Qualcomm
-CVE-2022-40534
- RESERVED
+CVE-2022-40534 (Memory corruption due to improper validation of array index in Audio.)
+ TODO: check
CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core while sendi ...)
NOT-FOR-US: Qualcomm
CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in WLAN while ...)
@@ -69052,8 +69210,8 @@ CVE-2022-40526
RESERVED
CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to unauthorize ...)
NOT-FOR-US: Qualcomm
-CVE-2022-40524
- RESERVED
+CVE-2022-40524 (Memory corruption due to buffer over-read in Modem while processing Se ...)
+ TODO: check
CVE-2022-40523 (Information disclosure in Kernel due to indirect branch misprediction.)
NOT-FOR-US: Qualcomm
CVE-2022-40522 (Memory corruption in Linux Networking due to double free while handlin ...)
@@ -88875,8 +89033,8 @@ CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking s
NOT-FOR-US: Qualcomm
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33275
- RESERVED
+CVE-2022-33275 (Memory corruption due to improper validation of array index in WLAN HA ...)
+ TODO: check
CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...)
NOT-FOR-US: Qualcomm
CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted Execution En ...)
@@ -88985,8 +89143,8 @@ CVE-2022-33222 (Information disclosure due to buffer over-read while parsing DNS
NOT-FOR-US: Qualcomm
CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to buffer ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33220
- RESERVED
+CVE-2022-33220 (Information disclosure in Automotive multimedia due to buffer over-rea ...)
+ TODO: check
CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...)
NOT-FOR-US: Qualcomm
CVE-2022-33218 (Memory corruption in Automotive due to improper input validation.)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d3a935dba7e1790413a04e51e6175972b121ed1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d3a935dba7e1790413a04e51e6175972b121ed1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230905/54eb4c3a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list