Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f95f3212 by security tracker role at 2023-06-15T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,39 @@ +CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...) + TODO: check +CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2023-34880 (cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal v ...) + TODO: check +CVE-2023-34852 (PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.) + TODO: check +CVE-2023-34833 (An arbitrary file upload vulnerability in the component /api/upload.ph ...) + TODO: check +CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Mana ...) + TODO: check +CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.) + TODO: check +CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of ...) + TODO: check +CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) + TODO: check +CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) + TODO: check +CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...) + TODO: check +CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...) + TODO: check +CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...) + TODO: check +CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...) + TODO: check +CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...) + TODO: check +CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allo ...) + TODO: check CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic] - rust-sequoia-openpgp 1.16.0-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html @@ -338,7 +374,7 @@ CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authenti NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...) NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware -CVE-2023-33568 (An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attacke ...) +CVE-2023-33568 (An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers ...) - dolibarr <removed> CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...) NOT-FOR-US: FortiGuard @@ -1757,7 +1793,7 @@ CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...) NOT-FOR-US: Wordapp plugin for WordPress CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) - {DLA-3443-1} + {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) @@ -1997,15 +2033,19 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0. CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR CVE-2023-3217 (Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allow ...) + {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-3216 (Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed ...) + {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-3215 (Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allo ...) + {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-3214 (Use after free in Autofill payments in Google Chrome prior to 114.0.57 ...) + {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed ...) @@ -2157,6 +2197,7 @@ CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the s CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...) NOT-FOR-US: Craft CMS CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...) + {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <not-affected> (vulnerable code introduced later) @@ -2165,27 +2206,28 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3. NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0) CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...) - {DLA-3443-1} + {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083 CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) - {DLA-3443-1} + {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081 CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...) - {DLA-3443-1} + {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068 CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...) + {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <not-affected> (Vulnerable code introduced later) @@ -2194,6 +2236,7 @@ CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3. NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19063 NOTE: Introduced after: https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862 (v3.5.0) CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...) + {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) @@ -2520,6 +2563,7 @@ CVE-2023-32409 NOTE: https://github.com/WebKit/WebKit/pull/12660 NOTE: https://github.com/WebKit/WebKit/commit/54408f5746f2401721bd56d71de132a22b6f9856 CVE-2023-32373 + {DSA-5427-1} - webkit2gtk 2.40.2-1 - wpewebkit <unfixed> [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) @@ -6703,21 +6747,21 @@ CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations CVE-2023-1995 RESERVED CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...) - {DLA-3402-1} + {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1034721) [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...) - {DLA-3402-1} + {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1034721) [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...) - {DLA-3402-1} + {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1034721) [bullseye] - wireshark <no-dsa> (Minor issue) @@ -9730,10 +9774,10 @@ CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 an [bullseye] - opensmtpd <no-dsa> (Minor issue) [buster] - opensmtpd <no-dsa> (Minor issue) NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig -CVE-2023-29322 - RESERVED -CVE-2023-29321 - RESERVED +CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + TODO: check +CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...) + TODO: check CVE-2023-29320 RESERVED CVE-2023-29319 @@ -9760,18 +9804,18 @@ CVE-2023-29309 RESERVED CVE-2023-29308 RESERVED -CVE-2023-29307 - RESERVED +CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + TODO: check CVE-2023-29306 RESERVED CVE-2023-29305 RESERVED -CVE-2023-29304 - RESERVED +CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + TODO: check CVE-2023-29303 RESERVED -CVE-2023-29302 - RESERVED +CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + TODO: check CVE-2023-29301 RESERVED CVE-2023-29300 @@ -9780,28 +9824,28 @@ CVE-2023-29299 RESERVED CVE-2023-29298 RESERVED -CVE-2023-29297 - RESERVED -CVE-2023-29296 - RESERVED -CVE-2023-29295 - RESERVED -CVE-2023-29294 - RESERVED -CVE-2023-29293 - RESERVED -CVE-2023-29292 - RESERVED -CVE-2023-29291 - RESERVED -CVE-2023-29290 - RESERVED -CVE-2023-29289 - RESERVED -CVE-2023-29288 - RESERVED -CVE-2023-29287 - RESERVED +CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29295 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29294 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29293 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29292 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29291 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29290 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29289 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29288 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check +CVE-2023-29287 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check CVE-2023-29286 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29285 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) @@ -11486,8 +11530,8 @@ CVE-2023-28811 RESERVED CVE-2023-28810 RESERVED -CVE-2023-28809 - RESERVED +CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...) + TODO: check CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...) NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...) @@ -13655,6 +13699,7 @@ CVE-2023-28205 (A use after free issue was addressed with improved memory manage NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-28204 RESERVED + {DSA-5427-1} - webkit2gtk 2.40.2-1 - wpewebkit <unfixed> [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) @@ -13724,8 +13769,8 @@ CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28176 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28176 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28176 -CVE-2023-28175 - RESERVED +CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...) + TODO: check CVE-2023-28174 RESERVED CVE-2023-28173 @@ -15504,8 +15549,8 @@ CVE-2023-1179 (A vulnerability, which was classified as problematic, was found i NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...) NOT-FOR-US: Email Registration -CVE-2023-27634 - RESERVED +CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...) + TODO: check CVE-2023-27633 RESERVED CVE-2023-27632 @@ -15811,7 +15856,7 @@ CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and CVE-2023-1162 (A vulnerability, which was classified as critical, was found in DrayTe ...) NOT-FOR-US: DrayTek Vigor 2960 CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...) - {DLA-3402-1} + {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1033756) [bullseye] - wireshark <no-dsa> (Minor issue) @@ -20004,8 +20049,8 @@ CVE-2023-25974 RESERVED CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) NOT-FOR-US: WordPress plugin -CVE-2023-25972 - RESERVED +CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...) + TODO: check CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-25970 @@ -21846,10 +21891,10 @@ CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...) NOT-FOR-US: WordPress plugin -CVE-2023-25450 - RESERVED -CVE-2023-25449 - RESERVED +CVE-2023-25450 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u201 ...) + TODO: check +CVE-2023-25449 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bast ...) + TODO: check CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...) NOT-FOR-US: WordPress plugin CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...) @@ -22498,6 +22543,7 @@ CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...) NOT-FOR-US: Fortra GoAnywhere MFT CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...) + {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) @@ -22508,6 +22554,7 @@ CVE-2023-0668 (Due to failure in validating the length provided by an attacker-c CVE-2023-0667 (Due to failure in validating the length provided by an attacker-crafte ...) TODO: check CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...) + {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark <no-dsa> (Minor issue) @@ -22802,8 +22849,8 @@ CVE-2023-25057 RESERVED CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...) NOT-FOR-US: WordPress plugin -CVE-2023-25055 - RESERVED +CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) + TODO: check CVE-2023-25054 RESERVED CVE-2023-25053 @@ -24862,8 +24909,8 @@ CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jen NOT-FOR-US: Jenkins plugin CVE-2023-24421 RESERVED -CVE-2023-24420 - RESERVED +CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...) + TODO: check CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...) NOT-FOR-US: WordPress plugin CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) @@ -26428,8 +26475,8 @@ CVE-2023-23804 RESERVED CVE-2023-23803 RESERVED -CVE-2023-23802 - RESERVED +CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...) + TODO: check CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...) NOT-FOR-US: WordPress plugin CVE-2023-23800 @@ -33547,8 +33594,8 @@ CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and NOT-FOR-US: Adobe CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) NOT-FOR-US: Adobe -CVE-2023-22248 - RESERVED +CVE-2023-22248 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + TODO: check CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) NOT-FOR-US: Adobe CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) @@ -38404,8 +38451,8 @@ CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are a NOT-FOR-US: FrameMaker CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) NOT-FOR-US: FrameMaker -CVE-2023-21618 - RESERVED +CVE-2023-21618 (Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected b ...) + TODO: check CVE-2023-21617 RESERVED CVE-2023-21616 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) @@ -43974,34 +44021,25 @@ CVE-2023-21146 RESERVED CVE-2023-21145 RESERVED -CVE-2023-21144 - RESERVED +CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...) NOT-FOR-US: Android -CVE-2023-21143 - RESERVED +CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...) NOT-FOR-US: Android -CVE-2023-21142 - RESERVED +CVE-2023-21142 (In multiple files, there is a possible way to access traces in the dev ...) NOT-FOR-US: Android -CVE-2023-21141 - RESERVED +CVE-2023-21141 (In several functions of several files, there is a possible way to acce ...) NOT-FOR-US: Android CVE-2023-21140 RESERVED -CVE-2023-21139 - RESERVED +CVE-2023-21139 (In bindPlayer of MediaControlPanel.java, there is a possible launch ar ...) NOT-FOR-US: Android -CVE-2023-21138 - RESERVED +CVE-2023-21138 (In onNullBinding of CallRedirectionProcessor.java, there is a possible ...) NOT-FOR-US: Android -CVE-2023-21137 - RESERVED +CVE-2023-21137 (In several methods of JobStore.java, uncaught exceptions in job map pa ...) NOT-FOR-US: Android -CVE-2023-21136 - RESERVED +CVE-2023-21136 (In multiple functions of JobStore.java, there is a possible way to cau ...) NOT-FOR-US: Android -CVE-2023-21135 - RESERVED +CVE-2023-21135 (In onCreate of NotificationAccessSettings.java, there is a possible fa ...) NOT-FOR-US: Android CVE-2023-21134 RESERVED @@ -44009,40 +44047,30 @@ CVE-2023-21133 RESERVED CVE-2023-21132 RESERVED -CVE-2023-21131 - RESERVED +CVE-2023-21131 (In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, t ...) NOT-FOR-US: Android -CVE-2023-21130 - RESERVED +CVE-2023-21130 (In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possib ...) NOT-FOR-US: Android -CVE-2023-21129 - RESERVED +CVE-2023-21129 (In getFullScreenIntentDecision of NotificationInterruptStateProviderIm ...) NOT-FOR-US: Android -CVE-2023-21128 - RESERVED +CVE-2023-21128 (In various functions of AppStandbyController.java, there is a possible ...) NOT-FOR-US: Android -CVE-2023-21127 - RESERVED +CVE-2023-21127 (In readSampleData of NuMediaExtractor.cpp, there is a possible out of ...) NOT-FOR-US: Android -CVE-2023-21126 - RESERVED +CVE-2023-21126 (In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, the ...) NOT-FOR-US: Android CVE-2023-21125 RESERVED -CVE-2023-21124 - RESERVED +CVE-2023-21124 (In run of multiple files, there is a possible escalation of privilege ...) NOT-FOR-US: Android -CVE-2023-21123 - RESERVED +CVE-2023-21123 (In multiple functions of multiple files, there is a possible way to by ...) NOT-FOR-US: Android -CVE-2023-21122 - RESERVED +CVE-2023-21122 (In various functions of various files, there is a possible way to bypa ...) NOT-FOR-US: Android -CVE-2023-21121 - RESERVED +CVE-2023-21121 (In onResume of AppManagementFragment.java, there is a possible way to ...) NOT-FOR-US: Android -CVE-2023-21120 - RESERVED +CVE-2023-21120 (In multiple functions of cdm_engine.cpp, there is a possible use-after ...) + TODO: check CVE-2023-21119 RESERVED CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of bounds r ...) @@ -44051,8 +44079,7 @@ CVE-2023-21117 (In registerReceiverWithFeature of ActivityManagerService.java, t NOT-FOR-US: Android CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, there is a ...) NOT-FOR-US: Android -CVE-2023-21115 - RESERVED +CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to do ...) NOT-FOR-US: Android CVE-2023-21114 RESERVED @@ -44066,8 +44093,7 @@ CVE-2023-21110 (In several functions of SnoozeHelper.java, there is a possible w NOT-FOR-US: Android CVE-2023-21109 (In multiple places of AccessibilityService, there is a possible way to ...) NOT-FOR-US: Android -CVE-2023-21108 - RESERVED +CVE-2023-21108 (In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21107 (In retrieveAppEntry of NotificationAccessDetails.java, there is a miss ...) NOT-FOR-US: Android @@ -44076,8 +44102,7 @@ CVE-2023-21106 (In adreno_set_param of adreno_gpu.c, there is a possible memory [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5) -CVE-2023-21105 - RESERVED +CVE-2023-21105 (In multiple functions of ChooserActivity.java, there is a possible cro ...) NOT-FOR-US: Android CVE-2023-21104 (In applySyncTransaction of WindowOrganizer.java, a missing permission ...) NOT-FOR-US: Android @@ -44090,8 +44115,8 @@ CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible NOTE: https://source.android.com/docs/security/bulletin/2023-05-01 NOTE: https://git.kernel.org/linus/ff7a167961d1b97e0e205f245f806e564d3505e7 (6.2-rc1) NOTE: https://git.kernel.org/linus/18bba1843fc7f264f58c9345d00827d082f9c558 (6.2-rc4) -CVE-2023-21101 - RESERVED +CVE-2023-21101 (In multiple functions of WVDrmPlugin.cpp, there is a possible use afte ...) + TODO: check CVE-2023-21100 (In inflate of inflate.c, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2023-21099 (In multiple methods of PackageInstallerSession.java, there is a possib ...) @@ -44102,8 +44127,7 @@ CVE-2023-21097 (In toUriInner of Intent.java, there is a possible way to launch NOT-FOR-US: Android CVE-2023-21096 (In OnWakelockReleased of attribution_processor.cc, there is a use afte ...) NOT-FOR-US: Android -CVE-2023-21095 - RESERVED +CVE-2023-21095 (In canStartSystemGesture of RecentsAnimationDeviceState.java, there is ...) NOT-FOR-US: Android CVE-2023-21094 (In sanitize of LayerState.cpp, there is a possible way to take over th ...) NOT-FOR-US: Android @@ -192905,8 +192929,8 @@ CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt NOT-FOR-US: Android CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...) NOT-FOR-US: Android -CVE-2021-0945 - RESERVED +CVE-2021-0945 (Product: AndroidVersions: Android SoCAndroid ID: A-278156680) + TODO: check CVE-2021-0944 RESERVED CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write due to ...) @@ -193425,8 +193449,8 @@ CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after fre NOT-FOR-US: Android CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...) NOT-FOR-US: Android -CVE-2021-0701 - RESERVED +CVE-2021-0701 (Product: AndroidVersions: Android SoCAndroid ID: A-277775870) + TODO: check CVE-2021-0700 RESERVED CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due to a m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95f32127b4f4527bfec3a21ad4c836171d5aa0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95f32127b4f4527bfec3a21ad4c836171d5aa0f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits