Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ccec2a3c by security tracker role at 2023-07-13T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,89 @@ +CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-3424 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-3363 (An information disclosure issue in Gitlab CE/EE affecting all versions ...) + TODO: check +CVE-2023-3362 (An information disclosure issue in GitLab CE/EE affecting all versions ...) + TODO: check +CVE-2023-3343 (The User Registration plugin for WordPress is vulnerable to PHP Object ...) + TODO: check +CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbitrary ...) + TODO: check +CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...) + TODO: check +CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via ...) + TODO: check +CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...) + TODO: check +CVE-2023-37568 (ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC- ...) + TODO: check +CVE-2023-37567 (ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a ...) + TODO: check +CVE-2023-37566 (ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC ...) + TODO: check +CVE-2023-37565 (Code injection vulnerability in ELECOM wireless LAN routers allows a n ...) + TODO: check +CVE-2023-37564 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) + TODO: check +CVE-2023-37563 (Exposure of sensitive information to an unauthorized actor issue exist ...) + TODO: check +CVE-2023-37562 (Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167 ...) + TODO: check +CVE-2023-37561 (Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM ...) + TODO: check +CVE-2023-37560 (Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, a ...) + TODO: check +CVE-2023-37415 (Improper Input Validation vulnerability in Apache Software Foundation ...) + TODO: check +CVE-2023-35694 (In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a pos ...) + TODO: check +CVE-2023-35693 (In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corrupt ...) + TODO: check +CVE-2023-35691 (there is a possible out of bounds read due to a missing bounds check. ...) + TODO: check +CVE-2023-35069 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2023-34137 (SonicWall GMS and Analytics CAS Web Services application use static va ...) + TODO: check +CVE-2023-34136 (Vulnerability in SonicWall GMS and Analytics allows unauthenticated at ...) + TODO: check +CVE-2023-34135 (Path Traversal vulnerability in SonicWall GMS and Analytics allows a r ...) + TODO: check +CVE-2023-34134 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + TODO: check +CVE-2023-34133 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-34132 (Use of password hash instead of password for authentication vulnerabil ...) + TODO: check +CVE-2023-34131 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + TODO: check +CVE-2023-34130 (SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TE ...) + TODO: check +CVE-2023-34129 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + TODO: check +CVE-2023-34128 (Tomcat application credentials are hardcoded in SonicWall GMS and Anal ...) + TODO: check +CVE-2023-34127 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + TODO: check +CVE-2023-34126 (Vulnerability in SonicWall GMS and Analytics allows an authenticated a ...) + TODO: check +CVE-2023-34125 (Path Traversal vulnerability in GMS and Analytics allows an authentica ...) + TODO: check +CVE-2023-34124 (The authentication mechanism in SonicWall GMS and Analytics Web Servic ...) + TODO: check +CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, So ...) + TODO: check +CVE-2023-33274 (The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains ...) + TODO: check +CVE-2023-2957 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-2620 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-2576 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider Managemen ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been c ...) @@ -8674,8 +8760,8 @@ CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosa NOT-FOR-US: RosarioSIS CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injection vi ...) NOT-FOR-US: WordPress plugin -CVE-2023-2200 - RESERVED +CVE-2023-2200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -8729,8 +8815,8 @@ CVE-2023-2192 RESERVED CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...) NOT-FOR-US: azuracast -CVE-2023-2190 - RESERVED +CVE-2023-2190 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-2188 @@ -15481,8 +15567,8 @@ CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user NOT-FOR-US: WordPress plugin CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) NOT-FOR-US: Schneider -CVE-2023-1547 - RESERVED +CVE-2023-1547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escape som ...) NOT-FOR-US: WordPress plugin CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...) @@ -21760,10 +21846,10 @@ CVE-2023-26566 RESERVED CVE-2023-26565 RESERVED -CVE-2023-26564 - RESERVED -CVE-2023-26563 - RESERVED +CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Mode ...) + TODO: check +CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...) + TODO: check CVE-2023-26562 RESERVED CVE-2023-26561 @@ -47189,10 +47275,10 @@ CVE-2023-21402 RESERVED CVE-2023-21401 RESERVED -CVE-2023-21400 - RESERVED -CVE-2023-21399 - RESERVED +CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...) + TODO: check +CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...) + TODO: check CVE-2023-21398 RESERVED CVE-2023-21397 @@ -47465,59 +47551,58 @@ CVE-2023-21264 RESERVED CVE-2023-21263 RESERVED -CVE-2023-21262 - RESERVED -CVE-2023-21261 - RESERVED -CVE-2023-21260 - RESERVED +CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...) + TODO: check +CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out of bound ...) + TODO: check +CVE-2023-21260 (In notification access permission dialog box, malicious application ca ...) + TODO: check CVE-2023-21259 RESERVED CVE-2023-21258 RESERVED -CVE-2023-21257 - RESERVED -CVE-2023-21256 - RESERVED -CVE-2023-21255 [binder: fix UAF caused by faulty buffer cleanup] - RESERVED +CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, there is a p ...) + TODO: check +CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to launch ar ...) + TODO: check +CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory corrupti ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4) -CVE-2023-21254 - RESERVED +CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...) + TODO: check CVE-2023-21253 RESERVED CVE-2023-21252 RESERVED -CVE-2023-21251 - RESERVED -CVE-2023-21250 - RESERVED -CVE-2023-21249 - RESERVED -CVE-2023-21248 - RESERVED -CVE-2023-21247 - RESERVED -CVE-2023-21246 - RESERVED -CVE-2023-21245 - RESERVED +CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...) + TODO: check +CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...) + TODO: check +CVE-2023-21249 (In multiple functions of OneTimePermissionUserManager.java, there is a ...) + TODO: check +CVE-2023-21248 (In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController ...) + TODO: check +CVE-2023-21247 (In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceContr ...) + TODO: check +CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way for an a ...) + TODO: check +CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...) + TODO: check CVE-2023-21244 RESERVED -CVE-2023-21243 - RESERVED +CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...) + TODO: check CVE-2023-21242 RESERVED -CVE-2023-21241 - RESERVED -CVE-2023-21240 - RESERVED -CVE-2023-21239 - RESERVED -CVE-2023-21238 - RESERVED +CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...) + TODO: check +CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...) + TODO: check +CVE-2023-21239 (In visitUris of Notification.java, there is a possible way to leak ima ...) + TODO: check +CVE-2023-21238 (In visitUris of RemoteViews.java, there is a possible leak of images b ...) + TODO: check CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...) @@ -47702,8 +47787,8 @@ CVE-2023-21147 (In lwis_i2c_device_disable of lwis_device_i2c.c, there is a poss NOT-FOR-US: Android CVE-2023-21146 (there is a possible way to corrupt memory due to a use after free. Thi ...) NOT-FOR-US: Android -CVE-2023-21145 - RESERVED +CVE-2023-21145 (In updatePictureInPictureMode of ActivityRecord.java, there is a possi ...) + TODO: check CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...) NOT-FOR-US: Android CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...) @@ -48116,8 +48201,7 @@ CVE-2023-20944 (In run of ChooseTypeAndAccountActivity.java, there is a possible NOT-FOR-US: Android CVE-2023-20943 (In clearApplicationUserData of ActivityManagerService.java, there is a ...) NOT-FOR-US: Android -CVE-2023-20942 - RESERVED +CVE-2023-20942 (In openMmapStream of AudioFlinger.cpp, there is a possible way to reco ...) NOT-FOR-US: Android CVE-2023-20941 (In acc_ctrlrequest_composite of f_accessory.c, there is a possible out ...) - linux <not-affected> (Android-specific kernel patch) @@ -48175,8 +48259,7 @@ CVE-2023-20920 (In queue of UsbRequest.java, there is a possible way to corrupt NOT-FOR-US: Android CVE-2023-20919 (In getStringsForPrefix of Settings.java, there is a possible preventio ...) NOT-FOR-US: Android -CVE-2023-20918 - RESERVED +CVE-2023-20918 (In getPendingIntentLaunchFlags of ActivityOptions.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-20917 (In onTargetSelected of ResolverActivity.java, there is a possible way ...) NOT-FOR-US: Android @@ -48192,7 +48275,7 @@ CVE-2023-20912 (In onActivityResult of AvatarPickerActivity.java, there is a pos NOT-FOR-US: Android CVE-2023-20911 (In addPermission of PermissionManagerServiceImpl.java , there is a pos ...) NOT-FOR-US: Android -CVE-2023-20910 (In addNetworkSuggestions of WifiManager.java, there is a possible way ...) +CVE-2023-20910 (In add of WifiNetworkSuggestionsManager.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-20909 (In multiple functions of RunningTasks.java, there is a possible privil ...) NOT-FOR-US: Android @@ -196678,8 +196761,8 @@ CVE-2021-0950 RESERVED CVE-2021-0949 RESERVED -CVE-2021-0948 - RESERVED +CVE-2021-0948 (The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver ca ...) + TODO: check CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on th ...) NOT-FOR-US: Android CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...) @@ -310267,7 +310350,7 @@ CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series NOT-FOR-US: Canon CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...) NOT-FOR-US: Canon -CVE-2019-5997 (Video Insight VMS 7.5 and earlier allows remote attackers to conduct c ...) +CVE-2019-5997 (Video Insight VMS versions prior to 7.6.1 allow remote attackers to co ...) NOT-FOR-US: Video Insight VMS CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earli ...) NOT-FOR-US: Video Insight VMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccec2a3c867b87227850127a62ac56c9d1b27359 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccec2a3c867b87227850127a62ac56c9d1b27359 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits