[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 2 08:12:44 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b99b164 by security tracker role at 2024-01-02T08:11:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-0186 (A vulnerability classified as problematic has been found in HuiRan Hos ...)
+ TODO: check
+CVE-2024-0185 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...)
+ TODO: check
+CVE-2024-0184 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...)
+ TODO: check
+CVE-2024-0183 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...)
+ TODO: check
+CVE-2024-0182 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...)
+ TODO: check
+CVE-2023-49142 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2023-49135 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2023-48360 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2023-47857 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2023-47216 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2023-43514 (Memory corruption while invoking IOCTLs calls from user space for inte ...)
+ TODO: check
+CVE-2023-43512 (Transient DOS while parsing GATT service data when the total amount of ...)
+ TODO: check
+CVE-2023-43511 (Transient DOS while parsing IPv6 extension header when WLAN firmware r ...)
+ TODO: check
+CVE-2023-33120 (Memory corruption in Audio when memory map command is executed consecu ...)
+ TODO: check
+CVE-2023-33118 (Memory corruption while processing Listen Sound Model client payload b ...)
+ TODO: check
+CVE-2023-33117 (Memory corruption when HLOS allocates the response payload buffer to c ...)
+ TODO: check
+CVE-2023-33116 (Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver ...)
+ TODO: check
+CVE-2023-33114 (Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_ ...)
+ TODO: check
+CVE-2023-33113 (Memory corruption when resource manager sends the host kernel a reply ...)
+ TODO: check
+CVE-2023-33112 (Transient DOS when WLAN firmware receives "reassoc response" frame inc ...)
+ TODO: check
+CVE-2023-33110 (The session index variable in PCM host voice audio driver initialized ...)
+ TODO: check
+CVE-2023-33109 (Transient DOS while processing a WMI P2P listen start command (0xD00A) ...)
+ TODO: check
+CVE-2023-33108 (Memory corruption in Graphics Driver when destroying a context with KG ...)
+ TODO: check
+CVE-2023-33094 (Memory corruption while running VK synchronization with KASAN enabled.)
+ TODO: check
+CVE-2023-33085 (Memory corruption in wearables while processing data from AON.)
+ TODO: check
+CVE-2023-33062 (Transient DOS in WLAN Firmware while parsing a BTM request.)
+ TODO: check
+CVE-2023-33040 (Transient DOS in Data Modem during DTLS handshake.)
+ TODO: check
+CVE-2023-33038 (Memory corruption while receiving a message in Bus Socket Transport Se ...)
+ TODO: check
+CVE-2023-33037 (Cryptographic issue in Automotive while unwrapping the key secs2d and ...)
+ TODO: check
+CVE-2023-33036 (Permanent DOS in Hypervisor while untrusted VM without PSCI support ma ...)
+ TODO: check
+CVE-2023-33033 (Memory corruption in Audio during playback with speaker protection.)
+ TODO: check
+CVE-2023-33032 (Memory corruption in TZ Secure OS while requesting a memory allocation ...)
+ TODO: check
+CVE-2023-33030 (Memory corruption in HLOS while running playready use-case.)
+ TODO: check
+CVE-2023-33025 (Memory corruption in Data Modem when a non-standard SDP body, during a ...)
+ TODO: check
+CVE-2023-33014 (Information disclosure in Core services while processing a Diag comman ...)
+ TODO: check
+CVE-2023-32891 (In bluetooth service, there is a possible out of bounds write due to i ...)
+ TODO: check
+CVE-2023-32890 (In modem EMM, there is a possible system crash due to improper input v ...)
+ TODO: check
+CVE-2023-32889 (In Modem IMS Call UA, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2023-32888 (In Modem IMS Call UA, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2023-32887 (In Modem IMS Stack, there is a possible system crash due to a missing ...)
+ TODO: check
+CVE-2023-32886 (In Modem IMS SMS UA, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2023-32885 (In display drm, there is a possible memory corruption due to a missing ...)
+ TODO: check
+CVE-2023-32884 (In netdagent, there is a possible information disclosure due to an inc ...)
+ TODO: check
+CVE-2023-32883 (In Engineer Mode, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2023-32882 (In battery, there is a possible memory corruption due to a missing bou ...)
+ TODO: check
+CVE-2023-32881 (In battery, there is a possible information disclosure due to an integ ...)
+ TODO: check
+CVE-2023-32880 (In battery, there is a possible information disclosure due to a missin ...)
+ TODO: check
+CVE-2023-32879 (In battery, there is a possible out of bounds write due to a missing b ...)
+ TODO: check
+CVE-2023-32878 (In battery, there is a possible information disclosure due to a missin ...)
+ TODO: check
+CVE-2023-32877 (In battery, there is a possible out of bounds write due to a missing b ...)
+ TODO: check
+CVE-2023-32876 (In keyInstall, there is a possible information disclosure due to a mis ...)
+ TODO: check
+CVE-2023-32875 (In keyInstall, there is a possible information disclosure due to a mis ...)
+ TODO: check
+CVE-2023-32874 (In Modem IMS Stack, there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2023-32872 (In keyInstall, there is a possible out of bounds write due to a missin ...)
+ TODO: check
+CVE-2023-32831 (In wlan driver, there is a possible PIN crack due to use of insufficie ...)
+ TODO: check
CVE-2024-0181 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...)
NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal
CVE-2023-6485 (The Html5 Video Player WordPress plugin before 2.5.19 does not sanitis ...)
@@ -6688,7 +6798,7 @@ CVE-2023-49321 (Certain WithSecure products allow a Denial of Service because sc
NOT-FOR-US: WithSecure
CVE-2023-49312 (Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3 ...)
NOT-FOR-US: Precision Bridge
-CVE-2023-47039
+CVE-2023-47039 (A vulnerability was found in Perl. This security issue occurs while Pe ...)
- perl <not-affected> (Windows specific issue)
CVE-2023-47038 (A vulnerability was found in perl. This issue occurs when a crafted re ...)
- perl 5.36.0-10 (bug #1056746)
@@ -21678,7 +21788,7 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.
NOTE: Additional patches to stabilize the test suite may also be applied to all versions:
NOTE: 1. https://github.com/python/cpython/commit/64f99350351bc46e016b2286f36ba7cd669b79e3
NOTE: 2. https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47
-CVE-2023-4380 (A logic flaw exists in Ansible. Whenever a private project is created ...)
+CVE-2023-4380 (A logic flaw exists in Ansible Automation platform. Whenever a private ...)
- ansible <unfixed> (bug #1051897)
[bookworm] - ansible <no-dsa> (Minor issue)
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -22987,7 +23097,7 @@ CVE-2023-40305 (GNU indent 2.2.13 has a heap-based buffer overflow in search_bra
[bullseye] - indent <no-dsa> (Minor issue)
[buster] - indent <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/index.php?64503
-CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation because of un ...)
+CVE-2023-40303 (GNU inetutils before 2.5 may allow privilege escalation because of unc ...)
{DLA-3611-1}
- inetutils 2:2.4-3 (bug #1049365)
[bookworm] - inetutils 2:2.4-2+deb12u1
@@ -43508,8 +43618,8 @@ CVE-2023-28585 (Memory corruption while loading an ELF segment in TEE Kernel.)
NOT-FOR-US: Qualcomm
CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28583
- RESERVED
+CVE-2023-28583 (Memory corruption when IPv6 prefix timer object`s lifetime expires whi ...)
+ TODO: check
CVE-2023-28582
RESERVED
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...)
@@ -50688,12 +50798,12 @@ CVE-2023-26161
RESERVED
CVE-2023-26160
RESERVED
-CVE-2023-26159
- RESERVED
+CVE-2023-26159 (Versions of the package follow-redirects before 1.15.4 are vulnerable ...)
+ TODO: check
CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype Polluti ...)
NOT-FOR-US: mockjs
-CVE-2023-26157
- RESERVED
+CVE-2023-26157 (Versions of the package libredwg before 0.12.5.6384 are vulnerable to ...)
+ TODO: check
CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to ...)
NOT-FOR-US: chromedriver Node.js module
CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b99b1642006114ca7b81fdf443d9ec7a02b6d6f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b99b1642006114ca7b81fdf443d9ec7a02b6d6f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240102/27f7d4b1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list