[Git][security-tracker-team/security-tracker][master] more bluez issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 8 08:53:26 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c41ccf0 by Moritz Muehlenhoff at 2024-05-08T09:52:50+02:00
more bluez issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1363,21 +1363,25 @@ CVE-2023-51598 (Hancom Office Word DOC File Parsing Use-After-Free Remote Code E
CVE-2023-51597 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execu ...)
NOT-FOR-US: Kofax Power PDF
CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1902/
CVE-2023-51595 (Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerabi ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1901/
CVE-2023-51593 (Voltronic Power ViewPower Pro Expression Language Injection Remote Cod ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Inform ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1905/
CVE-2023-51591 (Voltronic Power ViewPower Pro doDocument XML External Entity Processin ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51590 (Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Re ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Infor ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1904/
CVE-2023-51588 (Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Loca ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51587 (Voltronic Power ViewPower getModbusPassword Missing Authentication Inf ...)
@@ -1395,7 +1399,8 @@ CVE-2023-51582 (Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous
CVE-2023-51581 (Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method R ...)
NOT-FOR-US: Voltronic Power ViewPower
CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Rea ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1903/
CVE-2023-51579 (Voltronic Power ViewPower Incorrect Permission Assignment Local Privil ...)
NOT-FOR-US: Voltronic Power ViewPower
CVE-2023-51578 (Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Deni ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c41ccf09834b9411661a42c0f13fad3bf20ce6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c41ccf09834b9411661a42c0f13fad3bf20ce6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/04ace3a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list