[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 6 09:18:03 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
440399be by security tracker role at 2023-09-06T08:17:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-4773 (The WordPress Social Login plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2023-4719 (The Simple Membership plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2023-4705
+ REJECTED
+CVE-2023-4487 (GE CIMPLICITY 2023 is by a process control vulnerability, which could ...)
+ TODO: check
+CVE-2023-4485 (ARDEREGSistema SCADA Central versions 2.203 and prior login page are v ...)
+ TODO: check
+CVE-2023-4310 (BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) ver ...)
+ TODO: check
+CVE-2023-41508 (A hard coded password in Super Store Finder v3.6 allows attackers to a ...)
+ TODO: check
+CVE-2023-41507 (Super Store Finder v3.6 was discovered to contain multiple SQL injecti ...)
+ TODO: check
+CVE-2023-3472 (Use after free vulnerability in Panasonic KW Watcher versions 1.00 thr ...)
+ TODO: check
+CVE-2023-3471 (Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 th ...)
+ TODO: check
+CVE-2023-35719 (ManageEngine ADSelfService Plus GINA Client Insufficient Verification ...)
+ TODO: check
+CVE-2023-34637 (A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFl ...)
+ TODO: check
+CVE-2023-34352 (A permissions issue was addressed with improved redaction of sensitive ...)
+ TODO: check
+CVE-2023-32438 (This issue was addressed with improved checks to prevent unauthorized ...)
+ TODO: check
+CVE-2023-32432 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
+CVE-2023-32428 (This issue was addressed with improved file handling. This issue is fi ...)
+ TODO: check
+CVE-2023-32426 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-32425 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...)
+ TODO: check
+CVE-2023-32356 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-32163 (Wacom Drivers for Windows Link Following Local Privilege Escalation Vu ...)
+ TODO: check
+CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment Local Privil ...)
+ TODO: check
+CVE-2023-29166 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2023-36851
NOT-FOR-US: Juniper
CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
@@ -9,16 +61,16 @@ CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DE
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed
-CVE-2023-4764
+CVE-2023-4764 (Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845. ...)
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4763
+CVE-2023-4763 (Use after free in Networks in Google Chrome prior to 116.0.5845.179 al ...)
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4762
+CVE-2023-4762 (Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed ...)
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4761
+CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5 ...)
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -43,9 +95,9 @@ CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. U
NOT-FOR-US: KnowStreaming
CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Mava Software Hotel Management System
-CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Bookr ...)
+CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Unisi ...)
NOT-FOR-US: Bookreen
-CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Bookreen allows ...)
+CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen ...)
NOT-FOR-US: Bookreen
CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) ...)
NOT-FOR-US: Cuppa CMS
@@ -53,7 +105,7 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vul
TODO: check
CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...)
NOT-FOR-US: IceWarp
-CVE-2023-39516 [Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources]
+CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv
CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...)
@@ -62,40 +114,40 @@ CVE-2023-39515 (Cacti is an open source operational monitoring and fault managem
CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
-CVE-2023-39513 [Cross-Site Scripting vulnerability with Device Name when debugging data queries]
+CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2
-CVE-2023-39512 [Cross-Site Scripting vulnerability with Device Name when managing Data Sources]
+CVE-2023-39512 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7
-CVE-2023-39510 [Cross-Site Scripting vulnerability with Device Name when administrating Reports]
+CVE-2023-39510 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h
-CVE-2023-39366 [Cross-Site Scripting vulnerability with Device Name when managing Data Sources]
+CVE-2023-39366 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
-CVE-2023-39365 [SQL Injection when using regular expressions]
+CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
-CVE-2023-39364 [Open redirect in change password functionality]
+CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x
-CVE-2023-39362 [Authenticated command injection when using SNMP options]
+CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
-CVE-2023-39361 [Unauthenticated SQL Injection when viewing graphs]
+CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
-CVE-2023-39360 [Cross-Site Scripting vulnerability when creating new graphs]
+CVE-2023-39360 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
-CVE-2023-39359 [Authenticated SQL injection vulnerability when managing graphs]
+CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
-CVE-2023-39358 [Authenticated SQL injection vulnerability when managing reports]
+CVE-2023-39358 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g
-CVE-2023-39357 [SQL Injection when saving data with sql_save()]
+CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection vulnerabil ...)
@@ -3270,6 +3322,7 @@ CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...)
+ {DLA-3555-1}
- php8.2 8.2.10-1 (bug #1043477)
[bookworm] - php8.2 <postponed> (Fix along in future update)
- php7.4 <removed>
@@ -3279,6 +3332,7 @@ CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.
NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30)
NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...)
+ {DLA-3555-1}
- php8.2 8.2.10-1 (bug #1043477)
[bookworm] - php8.2 <postponed> (Fix along in future update)
- php7.4 <removed>
@@ -15442,8 +15496,7 @@ CVE-2023-31134 (Tauri is software for building applications for multi-platform d
NOT-FOR-US: Tauri
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...)
NOT-FOR-US: Ghost CMS
-CVE-2023-31132
- RESERVED
+CVE-2023-31132 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <not-affected> (Only affect Cacti Installer on Windows)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876
CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...)
@@ -16832,56 +16885,56 @@ CVE-2023-30732
RESERVED
CVE-2023-30731
RESERVED
-CVE-2023-30730
- RESERVED
-CVE-2023-30729
- RESERVED
-CVE-2023-30728
- RESERVED
+CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...)
+ TODO: check
+CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...)
+ TODO: check
+CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...)
+ TODO: check
CVE-2023-30727
RESERVED
-CVE-2023-30726
- RESERVED
-CVE-2023-30725
- RESERVED
-CVE-2023-30724
- RESERVED
-CVE-2023-30723
- RESERVED
-CVE-2023-30722
- RESERVED
-CVE-2023-30721
- RESERVED
-CVE-2023-30720
- RESERVED
-CVE-2023-30719
- RESERVED
-CVE-2023-30718
- RESERVED
-CVE-2023-30717
- RESERVED
-CVE-2023-30716
- RESERVED
-CVE-2023-30715
- RESERVED
-CVE-2023-30714
- RESERVED
-CVE-2023-30713
- RESERVED
-CVE-2023-30712
- RESERVED
-CVE-2023-30711
- RESERVED
-CVE-2023-30710
- RESERVED
-CVE-2023-30709
- RESERVED
-CVE-2023-30708
- RESERVED
-CVE-2023-30707
- RESERVED
-CVE-2023-30706
- RESERVED
+CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...)
+ TODO: check
+CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...)
+ TODO: check
+CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery prior to v ...)
+ TODO: check
+CVE-2023-30723 (Improper input validation vulnerability in Samsung Health prior to ver ...)
+ TODO: check
+CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchai ...)
+ TODO: check
+CVE-2023-30721 (Insertion of sensitive information into log vulnerability in Locksetti ...)
+ TODO: check
+CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 ...)
+ TODO: check
+CVE-2023-30719 (Exposure of Sensitive Information vulnerability in InboundSmsHandler p ...)
+ TODO: check
+CVE-2023-30718 (Improper export of android application components vulnerability in Wif ...)
+ TODO: check
+CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior to SMR ...)
+ TODO: check
+CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR Sep-202 ...)
+ TODO: check
+CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR Sep-2023 ...)
+ TODO: check
+CVE-2023-30714 (Improper authorization vulnerability in FolderContainerDragDelegate in ...)
+ TODO: check
+CVE-2023-30713 (Improper privilege management vulnerability in FolderLockNotifier in O ...)
+ TODO: check
+CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR Sep-202 ...)
+ TODO: check
+CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR SEP-2023 Re ...)
+ TODO: check
+CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to SMR Sep-20 ...)
+ TODO: check
+CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR Sep-2023 Releas ...)
+ TODO: check
+CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 ...)
+ TODO: check
+CVE-2023-30707 (Improper input validation vulnerability in FileProviderStatusReceiver ...)
+ TODO: check
+CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Relea ...)
+ TODO: check
CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...)
NOT-FOR-US: Samsung
CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...)
@@ -17533,8 +17586,7 @@ CVE-2023-30536 (slim/psr7 is a PSR-7 implementation for use with Slim 4. In vers
NOTE: https://github.com/slimphp/Slim-Psr7/commit/4fea29e910391b1883de5bf6e84b50f6900355fb (1.6.1)
CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
NOT-FOR-US: Snowflake JDBC
-CVE-2023-30534 [Insecure deserialization of filter data]
- RESERVED
+CVE-2023-30534 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...)
@@ -17700,8 +17752,8 @@ CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fo
NOT-FOR-US: WordPress Plugin
CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...)
NOT-FOR-US: WordPress Plugin
-CVE-2023-30497
- RESERVED
+CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...)
+ TODO: check
CVE-2023-30496
RESERVED
CVE-2023-30495
@@ -20296,8 +20348,8 @@ CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plu
NOT-FOR-US: Zoho ManageEngine
CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2023-29441
- RESERVED
+CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...)
+ TODO: check
CVE-2023-29440
RESERVED
CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
@@ -24733,22 +24785,22 @@ CVE-2019-25107
RESERVED
CVE-2019-25106
RESERVED
-CVE-2023-28215
- RESERVED
-CVE-2023-28214
- RESERVED
-CVE-2023-28213
- RESERVED
-CVE-2023-28212
- RESERVED
-CVE-2023-28211
- RESERVED
-CVE-2023-28210
- RESERVED
-CVE-2023-28209
- RESERVED
-CVE-2023-28208
- RESERVED
+CVE-2023-28215 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28214 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28213 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28212 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28211 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28210 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28209 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-28208 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2023-28207
RESERVED
CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...)
@@ -24783,8 +24835,8 @@ CVE-2023-28197
RESERVED
CVE-2023-28196
RESERVED
-CVE-2023-28195
- RESERVED
+CVE-2023-28195 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
CVE-2023-28193
@@ -24797,10 +24849,10 @@ CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more
NOT-FOR-US: Apple
CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
-CVE-2023-28188
- RESERVED
-CVE-2023-28187
- RESERVED
+CVE-2023-28188 (A denial-of-service issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2023-28187 (This issue was addressed with improved state management. This issue is ...)
+ TODO: check
CVE-2023-28186
RESERVED
CVE-2023-28185
@@ -25652,8 +25704,8 @@ CVE-2023-27952 (A race condition was addressed with improved locking. This issue
NOT-FOR-US: Apple
CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
-CVE-2023-27950
- RESERVED
+CVE-2023-27950 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -90099,8 +90151,8 @@ CVE-2022-32922 (A use after free issue was addressed with improved memory manage
NOT-FOR-US: Apple
CVE-2022-32921
REJECTED
-CVE-2022-32920
- RESERVED
+CVE-2022-32920 (The issue was addressed with improved checks. This issue is fixed in X ...)
+ TODO: check
CVE-2022-32919
RESERVED
CVE-2022-32918 (This issue was addressed with improved data protection. This issue is ...)
@@ -169605,16 +169657,19 @@ CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible
NOTE: Only supported behind an authenticated HTTP zone
NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...)
+ {DSA-5490-1 DLA-3556-1}
[experimental] - aom 3.2.0-1~exp1
- aom 3.2.0-1
NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999
CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...)
+ {DSA-5490-1 DLA-3556-1}
[experimental] - aom 3.2.0-1~exp1
- aom 3.2.0-1
NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000
CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
+ {DSA-5490-1 DLA-3556-1}
[experimental] - aom 3.2.0-1~exp1
- aom 3.2.0-1 (bug #988211)
NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/
@@ -191786,6 +191841,7 @@ CVE-2020-36137
CVE-2020-36136 (SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows att ...)
NOT-FOR-US: cskaza cszcms
CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
+ {DSA-5490-1 DLA-3556-1}
- aom 3.2.0-1
NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
@@ -191797,16 +191853,19 @@ CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation vi
NOTE: Introduced by: https://aomedia.googlesource.com/aom/+/4567c355bf55a7430819e9d30df259bcb83cfe0d (v2.1.0-rc1)
NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.1.0-rc1)
CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the ...)
+ {DSA-5490-1 DLA-3556-1}
- aom 3.2.0-1
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.2.0-rc1)
CVE-2020-36132
RESERVED
CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
+ {DSA-5490-1 DLA-3556-1}
- aom 3.2.0-1
NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
+ {DSA-5490-1 DLA-3556-1}
- aom 3.2.0-1
NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.1.0-rc1)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/440399beb25ee50cf7bfe2aa3064e89d10aea46c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/440399beb25ee50cf7bfe2aa3064e89d10aea46c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/1bb94116/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list