Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c4df4fd3 by Salvatore Bonaccorso at 2023-10-28T16:10:26+02:00 Add CVE-2023-465{69,70}/radare2 - - - - - 1c973326 by Salvatore Bonaccorso at 2023-10-28T16:10:28+02:00 Process some NFUs - - - - - d1ac19e7 by Salvatore Bonaccorso at 2023-10-28T16:10:31+02:00 Add CVE-2023-46604/activemq - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7,9 +7,13 @@ CVE-2023-5830 (A vulnerability classified as critical has been found in Columbia CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a loca ...) NOT-FOR-US: XnView CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) - TODO: check + - radare2 <unfixed> + NOTE: https://github.com/radareorg/radare2/issues/22333 + NOTE: Fixed by: https://github.com/radareorg/radare2/commit/3e406459f163eba7672b3421c8a84b2c0e4ac0f8 CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) - TODO: check + - radare2 <unfixed> + NOTE: https://github.com/radareorg/radare2/issues/22334 + NOTE: Fixed by: https://github.com/radareorg/radare2/commit/2e2f2a9b1800d09be09461e7536ac03a301f97f2 CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 ...) NOT-FOR-US: ZIONCOM (Hong Kong) Technology Limited A7000R CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...) @@ -33,11 +37,11 @@ CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in St CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) NOT-FOR-US: WordPress plugin CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) - TODO: check + NOT-FOR-US: Leave Management System Project CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...) - TODO: check + NOT-FOR-US: ZPE Systems CVE-2023-40140 (In android_view_InputDevice_create of android_view_InputDevice.cpp, th ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view another user ...) TODO: check CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view another user ...) @@ -57,27 +61,27 @@ CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after f CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a possible ...) TODO: check CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40127 (In multiple locations, there is a possible way to access screenshots d ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a Guest use ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible bypass o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a possible S ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40120 (In multiple locations, there is a possible way to bypass user notifica ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a possible l ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to ...) - TODO: check + NOT-FOR-US: Android CVE-2023-35794 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...) - TODO: check + NOT-FOR-US: Cassia Access Controller CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alka ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5829 (A vulnerability was found in code-projects Admission Management System ...) NOT-FOR-US: code-projects Admission Management System CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial Develo ...) @@ -115,7 +119,9 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when proces [bullseye] - memcached <no-dsa> (Minor issue) NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22) CVE-2023-46604 (Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerabili ...) - TODO: check + - activemq <unfixed> + NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt + NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5 CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out of bound ...) - ffmpeg <unfixed> NOTE: Introduced by: https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3 @@ -137,9 +143,9 @@ CVE-2023-46246 (Vim is an improved version of the good old UNIX editor Vi. Heap- NOTE: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a (v9.0.2068) NOTE: Crash in CLI tool, no security impact CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) - TODO: check + NOT-FOR-US: Online Art Gallery CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) - TODO: check + NOT-FOR-US: Online Art Gallery CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) @@ -30400,7 +30406,7 @@ CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an executab CVE-2023-29010 (Budibase is a low code platform for creating internal tools, workflows ...) NOT-FOR-US: budibase CVE-2023-29009 (baserCMS is a website development framework with WebAPI that runs on P ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...) NOT-FOR-US: SvelteKit CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...) @@ -34523,7 +34529,7 @@ CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose s CVE-2023-27859 RESERVED CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...) NOT-FOR-US: Rockwell CVE-2023-27856 (In affected versions, path traversal exists when processing a message ...) @@ -34531,7 +34537,7 @@ CVE-2023-27856 (In affected versions, path traversal exists when processing a me CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...) NOT-FOR-US: Rockwell CVE-2023-27854 (An arbitrary code execution vulnerability was reported to Rockwell Aut ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...) NOT-FOR-US: OpenHarmony CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...) @@ -68928,11 +68934,11 @@ CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo Vantage Hardw ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo Vantage ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in the ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...) NOT-FOR-US: Lenovo CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) @@ -69005,7 +69011,7 @@ CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorizati CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An a ...) NOT-FOR-US: ABB SDM600 CVE-2022-3681 (A vulnerability has been identified in the MR2600 router v1.0.18 and e ...) - TODO: check + NOT-FOR-US: MR2600 router CVE-2022-43746 RESERVED CVE-2022-43745 @@ -69990,7 +69996,7 @@ CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2022-3612 RESERVED CVE-2022-3611 (An information disclosure vulnerability has been identified in the Len ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...) @@ -72757,7 +72763,7 @@ CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.c CVE-2022-38091 RESERVED CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware used in Le ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3428 RESERVED CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...) @@ -93459,9 +93465,9 @@ CVE-2022-34889 (This vulnerability allows local attackers to escalate privileges CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid, authentic ...) NOT-FOR-US: Lenovo CVE-2022-34887 (Standard users can directly operate and set printer configuration info ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-34886 (A remote code execution vulnerability was found in the firmware used i ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola MR2600 ro ...) NOT-FOR-US: Motorola CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem which can po ...) @@ -93615,11 +93621,11 @@ CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error a NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6) CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. Attackers can ga ...) - TODO: check + NOT-FOR-US: VERMEG AgileReporter CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin can ent ...) - TODO: check + NOT-FOR-US: VERMEG AgileReporter CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur vi ...) - TODO: check + NOT-FOR-US: VERMEG AgileReporter CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...) NOT-FOR-US: Keyfactor CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23dd068e50af44a19d3ffc6ae5471bdbe3754904...d1ac19e7c0811d880da7e38cd9a086983b4da2d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23dd068e50af44a19d3ffc6ae5471bdbe3754904...d1ac19e7c0811d880da7e38cd9a086983b4da2d8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits