Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4f23fa19 by security tracker role at 2023-10-30T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,75 @@ +CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...) + TODO: check +CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote ...) + TODO: check +CVE-2023-5833 (Improper Access Control in GitHub repository mintplex-labs/anything-ll ...) + TODO: check +CVE-2023-5832 (Improper Input Validation in GitHub repository mintplex-labs/anything- ...) + TODO: check +CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to PHP Obje ...) + TODO: check +CVE-2023-5566 (The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2023-5565 (The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2023-5362 (The Carousel, Recent Post Slider and Banner Slider plugin for WordPres ...) + TODO: check +CVE-2023-5335 (The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-5315 (The Google Maps made Simple plugin for WordPress is vulnerable to SQL ...) + TODO: check +CVE-2023-5252 (The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-5251 (The Grid Plus plugin for WordPress is vulnerable to unauthorized modif ...) + TODO: check +CVE-2023-5250 (The Grid Plus plugin for WordPress is vulnerable to Local File Inclusi ...) + TODO: check +CVE-2023-5199 (The PHP to Page plugin for WordPress is vulnerable Local File Inclusio ...) + TODO: check +CVE-2023-5164 (The Bellows Accordion Menu plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress is vuln ...) + TODO: check +CVE-2023-4964 (Potential open redirect vulnerability in opentext Service Management A ...) + TODO: check +CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell met ...) + TODO: check +CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint SSL VPN Cl ...) + TODO: check +CVE-2023-45780 (In Print Service, there is a possible background activity launch due t ...) + TODO: check +CVE-2023-44323 (Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected ...) + TODO: check +CVE-2023-44078 + REJECTED +CVE-2023-43792 (baserCMS is a website development framework. In versions 4.6.0 through ...) + TODO: check +CVE-2023-43649 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) + TODO: check +CVE-2023-43648 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) + TODO: check +CVE-2023-43647 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) + TODO: check +CVE-2023-42804 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) + TODO: check +CVE-2023-42803 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) + TODO: check +CVE-2023-42431 (Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension ...) + TODO: check +CVE-2023-41891 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...) + TODO: check +CVE-2023-41605 + REJECTED +CVE-2023-40943 + REJECTED +CVE-2023-40101 (In collapse of canonicalize_md.c, there is a possible out of bounds re ...) + TODO: check +CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + TODO: check +CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell meta ...) + TODO: check CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...) - dolibarr <removed> NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 @@ -75,7 +147,7 @@ CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption] [bookworm] - nats-server <not-affected> (Vulnerable code not present) NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9 -CVE-2023-47090 [Adding accounts for just the system account adds auth bypass] +CVE-2023-47090 (NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authent ...) - nats-server 2.10.3-1 NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 @@ -392,7 +464,7 @@ CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vuln CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...) NOT-FOR-US: ZITADEL CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's ...) - {DLA-3635-1} + {DSA-5539-1 DLA-3635-1} - node-browserify-sign 4.2.2-1 (bug #1054667) NOTE: https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw NOTE: https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 (v4.2.2) @@ -3613,6 +3685,7 @@ CVE-2023-36548 (A improper neutralization of special elements used in an os comm CVE-2023-36547 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-36478 (Eclipse Jetty provides a web server and servlet container. In versions ...) + {DSA-5540-1 DLA-3641-1} - jetty9 9.4.53-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r NOTE: https://github.com/eclipse/jetty.project/pull/9634 @@ -3697,7 +3770,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html NOTE: In scope for continued Samba support CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...) - {DSA-5522-1 DSA-5521-1 DLA-3638-1 DLA-3621-1 DLA-3617-1} + {DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1} - tomcat9 9.0.70-2 - tomcat10 10.1.14-1 - trafficserver <unfixed> (bug #1053801; bug #1054427) @@ -51405,9 +51478,9 @@ CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate an CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-48190 - RESERVED -CVE-2022-48189 - RESERVED + REJECTED +CVE-2022-48189 (An SMM driver input validation vulnerability in the BIOS of some Think ...) + TODO: check CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS driver of so ...) NOT-FOR-US: Lenovo CVE-2022-48187 @@ -54967,12 +55040,12 @@ CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not vali NOT-FOR-US: WordPress plugin CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...) NOT-FOR-US: WordPress plugin -CVE-2022-4575 - RESERVED -CVE-2022-4574 - RESERVED -CVE-2022-4573 - RESERVED +CVE-2022-4575 (A vulnerability due to improper write protection of UEFI variables was ...) + TODO: check +CVE-2022-4574 (An SMI handler input validation vulnerability in the BIOS of some Thin ...) + TODO: check +CVE-2022-4573 (An SMI handler input validation vulnerability in the ThinkPad X1 Fold ...) + TODO: check CVE-2022-4572 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: UBI reader CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...) @@ -63784,218 +63857,218 @@ CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel NOTE: https://twitter.com/VAR10CK/status/1683303642173153280 CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...) NOT-FOR-US: Android/Pixel kernel -CVE-2023-21398 - RESERVED -CVE-2023-21397 - RESERVED -CVE-2023-21396 - RESERVED -CVE-2023-21395 - RESERVED -CVE-2023-21394 - RESERVED -CVE-2023-21393 - RESERVED -CVE-2023-21392 - RESERVED -CVE-2023-21391 - RESERVED -CVE-2023-21390 - RESERVED -CVE-2023-21389 - RESERVED -CVE-2023-21388 - RESERVED -CVE-2023-21387 - RESERVED +CVE-2023-21398 (In sdksandbox, there is a possible strandhogg style overlay attack due ...) + TODO: check +CVE-2023-21397 (In Setup Wizard, there is a possible way to save a WiFi network due to ...) + TODO: check +CVE-2023-21396 (In Activity Manager, there is a possible background activity launch du ...) + TODO: check +CVE-2023-21395 (In Bluetooth, there is a possible out of bounds read due to a use afte ...) + TODO: check +CVE-2023-21394 (In Telecomm, there is a possible bypass of a multi user security bound ...) + TODO: check +CVE-2023-21393 (In Settings, there is a possible way for the user to change SIM due to ...) + TODO: check +CVE-2023-21392 (In Bluetooth, there is a possible way to corrupt memory due to a use a ...) + TODO: check +CVE-2023-21391 (In Messaging, there is a possible way to disable the messaging applica ...) + TODO: check +CVE-2023-21390 (In Sim, there is a possible way to evade mobile preference restriction ...) + TODO: check +CVE-2023-21389 (In Settings, there is a possible bypass of profile owner restrictions ...) + TODO: check +CVE-2023-21388 (In Settings, there is a possible restriction bypass due to a missing p ...) + TODO: check +CVE-2023-21387 (In User Backup Manager, there is a possible way to leak a token to byp ...) + TODO: check CVE-2023-21386 RESERVED -CVE-2023-21385 - RESERVED -CVE-2023-21384 - RESERVED -CVE-2023-21383 - RESERVED -CVE-2023-21382 - RESERVED -CVE-2023-21381 - RESERVED -CVE-2023-21380 - RESERVED -CVE-2023-21379 - RESERVED -CVE-2023-21378 - RESERVED -CVE-2023-21377 - RESERVED -CVE-2023-21376 - RESERVED -CVE-2023-21375 - RESERVED -CVE-2023-21374 - RESERVED -CVE-2023-21373 - RESERVED -CVE-2023-21372 - RESERVED -CVE-2023-21371 - RESERVED -CVE-2023-21370 - RESERVED -CVE-2023-21369 - RESERVED -CVE-2023-21368 - RESERVED -CVE-2023-21367 - RESERVED -CVE-2023-21366 - RESERVED -CVE-2023-21365 - RESERVED -CVE-2023-21364 - RESERVED +CVE-2023-21385 (In Whitechapel, there is a possible out of bounds read due to memory c ...) + TODO: check +CVE-2023-21384 (In Package Manager, there is a possible possible permissions bypass du ...) + TODO: check +CVE-2023-21383 (In Settings, there is a possible way for the user to unintentionally s ...) + TODO: check +CVE-2023-21382 (In Content Resolver, there is a possible method to access metadata abo ...) + TODO: check +CVE-2023-21381 (In Media Resource Manager, there is a possible local arbitrary code ex ...) + TODO: check +CVE-2023-21380 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...) + TODO: check +CVE-2023-21379 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2023-21378 (In Telecomm, there is a possible way to silence the ring for calls of ...) + TODO: check +CVE-2023-21377 (In SELinux Policy, there is a possible restriction bypass due to a per ...) + TODO: check +CVE-2023-21376 (In Telephony, there is a possible way to retrieve the ICCID due to a l ...) + TODO: check +CVE-2023-21375 (In Sysproxy, there is a possible out of bounds write due to an integer ...) + TODO: check +CVE-2023-21374 (In System UI, there is a possible factory reset protection bypass due ...) + TODO: check +CVE-2023-21373 (In Telephony, there is a possible way for a guest user to change the p ...) + TODO: check +CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due to an i ...) + TODO: check +CVE-2023-21370 (In the Security Element API, there is a possible out of bounds write d ...) + TODO: check +CVE-2023-21369 (In Usage Access, there is a possible way to display a Settings usage a ...) + TODO: check +CVE-2023-21368 (In Audio, there is a possible out of bounds read due to missing bounds ...) + TODO: check +CVE-2023-21367 (In Scudo, there is a possible way to exploit certain heap OOB read/wri ...) + TODO: check +CVE-2023-21366 (In Scudo, there is a possible way for an attacker to predict heap allo ...) + TODO: check +CVE-2023-21365 (In Contacts, there is a possible crash loop due to resource exhaustion ...) + TODO: check +CVE-2023-21364 (In ContactsProvider, there is a possible crash loop due to resource ex ...) + TODO: check CVE-2023-21363 RESERVED -CVE-2023-21362 - RESERVED -CVE-2023-21361 - RESERVED -CVE-2023-21360 - RESERVED -CVE-2023-21359 - RESERVED -CVE-2023-21358 - RESERVED -CVE-2023-21357 - RESERVED -CVE-2023-21356 - RESERVED -CVE-2023-21355 - RESERVED -CVE-2023-21354 - RESERVED -CVE-2023-21353 - RESERVED -CVE-2023-21352 - RESERVED -CVE-2023-21351 - RESERVED -CVE-2023-21350 - RESERVED -CVE-2023-21349 - RESERVED -CVE-2023-21348 - RESERVED -CVE-2023-21347 - RESERVED -CVE-2023-21346 - RESERVED -CVE-2023-21345 - RESERVED -CVE-2023-21344 - RESERVED -CVE-2023-21343 - RESERVED -CVE-2023-21342 - RESERVED -CVE-2023-21341 - RESERVED -CVE-2023-21340 - RESERVED -CVE-2023-21339 - RESERVED -CVE-2023-21338 - RESERVED -CVE-2023-21337 - RESERVED -CVE-2023-21336 - RESERVED -CVE-2023-21335 - RESERVED -CVE-2023-21334 - RESERVED -CVE-2023-21333 - RESERVED -CVE-2023-21332 - RESERVED -CVE-2023-21331 - RESERVED -CVE-2023-21330 - RESERVED -CVE-2023-21329 - RESERVED -CVE-2023-21328 - RESERVED -CVE-2023-21327 - RESERVED -CVE-2023-21326 - RESERVED -CVE-2023-21325 - RESERVED -CVE-2023-21324 - RESERVED -CVE-2023-21323 - RESERVED +CVE-2023-21362 (In Usage, there is a possible permanent DoS due to resource exhaustion ...) + TODO: check +CVE-2023-21361 (In Bluetooth, there is a possibility of code-execution due to a use af ...) + TODO: check +CVE-2023-21360 (In Bluetooth, there is a possible out of bounds write due to improper ...) + TODO: check +CVE-2023-21359 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2023-21358 (In UWB Google, there is a possible way for a malicious app to masquera ...) + TODO: check +CVE-2023-21357 (In NFC, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2023-21356 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + TODO: check +CVE-2023-21355 (In libaudioclient, there is a possible out of bounds write due to a us ...) + TODO: check +CVE-2023-21354 (In Package Manager Service, there is a possible way to determine wheth ...) + TODO: check +CVE-2023-21353 (In NFA, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2023-21352 (In NFA, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2023-21351 (In Activity Manager, there is a possible background activity launch du ...) + TODO: check +CVE-2023-21350 (In Media Projection, there is a possible way to determine whether an a ...) + TODO: check +CVE-2023-21349 (In Package Manager, there is a possible way to determine whether an ap ...) + TODO: check +CVE-2023-21348 (In Window Manager, there is a possible way to determine whether an app ...) + TODO: check +CVE-2023-21347 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2023-21346 (In the Device Idle Controller, there is a possible way to determine wh ...) + TODO: check +CVE-2023-21345 (In Game Manager Service, there is a possible way to determine whether ...) + TODO: check +CVE-2023-21344 (In Job Scheduler, there is a possible way to determine whether an app ...) + TODO: check +CVE-2023-21343 (In ActivityStarter, there is a possible background activity launch due ...) + TODO: check +CVE-2023-21342 (In Speech, there is a possible way to bypass background activity launc ...) + TODO: check +CVE-2023-21341 (In Permission Manager, there is a possible way to bypass required perm ...) + TODO: check +CVE-2023-21340 (In Telecomm, there is a possible way to get the call state due to a mi ...) + TODO: check +CVE-2023-21339 (In Minikin, there is a possible way to trigger ANR by showing a malici ...) + TODO: check +CVE-2023-21338 (In Input Method, there is a possible way to determine whether an app i ...) + TODO: check +CVE-2023-21337 (In InputMethod, there is a possible way to determine whether an app is ...) + TODO: check +CVE-2023-21336 (In Input Method, there is a possible way to determine whether an app i ...) + TODO: check +CVE-2023-21335 (In Settings, there is a possible way to determine whether an app is in ...) + TODO: check +CVE-2023-21334 (In App Ops Service, there is a possible disclosure of information abou ...) + TODO: check +CVE-2023-21333 (In Text Services, there is a possible way to determine whether an app ...) + TODO: check +CVE-2023-21332 (In Text Services, there is a possible way to determine whether an app ...) + TODO: check +CVE-2023-21331 (In InputMethod, there is a possible way to determine whether an app is ...) + TODO: check +CVE-2023-21330 (In Overlay Manager, there is a possible way to determine whether an ap ...) + TODO: check +CVE-2023-21329 (In Activity Manager, there is a possible way to determine whether an a ...) + TODO: check +CVE-2023-21328 (In Package Installer, there is a possible way to determine whether an ...) + TODO: check +CVE-2023-21327 (In Permission Manager, there is a possible way to determine whether an ...) + TODO: check +CVE-2023-21326 (In Package Manager Service, there is a possible way to determine wheth ...) + TODO: check +CVE-2023-21325 (In Settings, there is a possible way to determine whether an app is in ...) + TODO: check +CVE-2023-21324 (In Package Installer, there is a possible way to determine whether an ...) + TODO: check +CVE-2023-21323 (In Activity Manager, there is a possible way to determine whether an a ...) + TODO: check CVE-2023-21322 RESERVED -CVE-2023-21321 - RESERVED -CVE-2023-21320 - RESERVED -CVE-2023-21319 - RESERVED -CVE-2023-21318 - RESERVED -CVE-2023-21317 - RESERVED -CVE-2023-21316 - RESERVED -CVE-2023-21315 - RESERVED -CVE-2023-21314 - RESERVED -CVE-2023-21313 - RESERVED -CVE-2023-21312 - RESERVED -CVE-2023-21311 - RESERVED -CVE-2023-21310 - RESERVED -CVE-2023-21309 - RESERVED -CVE-2023-21308 - RESERVED -CVE-2023-21307 - RESERVED -CVE-2023-21306 - RESERVED -CVE-2023-21305 - RESERVED -CVE-2023-21304 - RESERVED -CVE-2023-21303 - RESERVED -CVE-2023-21302 - RESERVED -CVE-2023-21301 - RESERVED -CVE-2023-21300 - RESERVED -CVE-2023-21299 - RESERVED -CVE-2023-21298 - RESERVED -CVE-2023-21297 - RESERVED -CVE-2023-21296 - RESERVED -CVE-2023-21295 - RESERVED -CVE-2023-21294 - RESERVED -CVE-2023-21293 - RESERVED +CVE-2023-21321 (In Package Manager, there is a possible cross-user settings disclosure ...) + TODO: check +CVE-2023-21320 (In Device Policy, there is a possible way to verify if a particular ad ...) + TODO: check +CVE-2023-21319 (In UsageStatsService, there is a possible way to read installed 3rd pa ...) + TODO: check +CVE-2023-21318 (In Content, there is a possible way to determine whether an app is ins ...) + TODO: check +CVE-2023-21317 (In ContentService, there is a possible way to determine whether an app ...) + TODO: check +CVE-2023-21316 (In Content, there is a possible way to determine whether an app is ins ...) + TODO: check +CVE-2023-21315 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...) + TODO: check +CVE-2023-21314 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2023-21313 (In Core, there is a possible way to forward calls without user knowled ...) + TODO: check +CVE-2023-21312 (In IntentResolver, there is a possible cross-user media read due to a ...) + TODO: check +CVE-2023-21311 (In Settings, there is a possible way to control private DNS settings f ...) + TODO: check +CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...) + TODO: check +CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a missing bo ...) + TODO: check +CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a missing b ...) + TODO: check +CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth device to ...) + TODO: check +CVE-2023-21306 (In ContentService, there is a possible way to read installed sync cont ...) + TODO: check +CVE-2023-21305 (In Content, there is a possible way to determine whether an app is ins ...) + TODO: check +CVE-2023-21304 (In Content Service, there is a possible way to determine whether an ap ...) + TODO: check +CVE-2023-21303 (In Content, here is a possible way to determine whether an app is inst ...) + TODO: check +CVE-2023-21302 (In Package Manager, there is a possible way to determine whether an ap ...) + TODO: check +CVE-2023-21301 (In ActivityManagerService, there is a possible way to determine whethe ...) + TODO: check +CVE-2023-21300 (In PackageManager, there is a possible way to determine whether an app ...) + TODO: check +CVE-2023-21299 (In Package Manager, there is a possible way to determine whether an ap ...) + TODO: check +CVE-2023-21298 (In Slice, there is a possible disclosure of installed applications due ...) + TODO: check +CVE-2023-21297 (In SEPolicy, there is a possible way to access the factory MAC address ...) + TODO: check +CVE-2023-21296 (In Permission, there is a possible way to determine whether an app is ...) + TODO: check +CVE-2023-21295 (In SliceManagerService, there is a possible way to check if a content ...) + TODO: check +CVE-2023-21294 (In Slice, there is a possible disclosure of installed packages due to ...) + TODO: check +CVE-2023-21293 (In PackageManagerNative, there is a possible way to determine whether ...) + TODO: check CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...) @@ -146145,8 +146218,8 @@ CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connec NOT-FOR-US: Android CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible ...) NOT-FOR-US: Android -CVE-2022-20531 - REJECTED +CVE-2022-20531 (In Telecom, there is a possible way to determine whether an app is ins ...) + TODO: check CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...) NOT-FOR-US: Android CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a possible ...) @@ -146702,8 +146775,8 @@ CVE-2022-20266 (In Companion, there is a possible way to keep a service running NOT-FOR-US: Android CVE-2022-20265 (In Settings, there is a possible way to bypass factory reset permissio ...) NOT-FOR-US: Android -CVE-2022-20264 - RESERVED +CVE-2022-20264 (In Usage Stats Service, there is a possible way to determine whether a ...) + TODO: check CVE-2022-20263 (In ActivityManager, there is a way to read process state for other use ...) NOT-FOR-US: Android CVE-2022-20262 (In ActivityManager, there is a possible way to check another process's ...) @@ -154250,8 +154323,8 @@ CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a u NOT-FOR-US: Pixel CVE-2021-39811 RESERVED -CVE-2021-39810 - RESERVED +CVE-2021-39810 (In NFC, there is a possible way to setup a default contactless payment ...) + TODO: check CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, there is ...) @@ -218553,6 +218626,7 @@ CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check wh CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not ...) NOT-FOR-US: Eclipse Hawkbit CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...) + {DLA-3641-1} - jetty9 9.4.35-1 (bug #976211) [stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, workarounds exist) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 @@ -221746,7 +221820,7 @@ CVE-2020-25872 (A vulnerability exists within the FileManagerController.php func CVE-2020-25871 RESERVED CVE-2020-25870 - RESERVED + REJECTED CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: The extension requires some new infrastructure code which was added to the @@ -366968,7 +367042,7 @@ CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support CVE-2018-11104 RESERVED CVE-2018-11103 - RESERVED + REJECTED CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the ...) {DLA-1907-1} - libav <removed> (low) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23fa199a422e75f8220fbbc393662cd208e8f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23fa199a422e75f8220fbbc393662cd208e8f7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits