Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 18442ada by security tracker role at 2023-08-15T08:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...) + TODO: check +CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP ...) + TODO: check +CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has control of a ...) + TODO: check +CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using XMLHttpRequ ...) + TODO: check +CVE-2023-39829 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) + TODO: check +CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) + TODO: check +CVE-2023-39827 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) + TODO: check +CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written in Svelte ...) + TODO: check +CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) + TODO: check +CVE-2023-32358 (A type confusion issue was addressed with improved checks. This issue ...) + TODO: check CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 <unfixed> NOTE: https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd @@ -64,7 +86,7 @@ CVE-2023-2606 (The WP Brutal AI WordPress plugin before 2.06 does not sanitise a NOT-FOR-US: WordPress plugin CVE-2022-4953 (The Elementor Website Builder WordPress plugin before 3.5.5 does not f ...) NOT-FOR-US: WordPress plugin -CVE-2023-39950 +CVE-2023-39950 (efibootguard is a simple UEFI boot loader with support for safely swit ...) - efibootguard <unfixed> [bookworm] - efibootguard <no-dsa> (Minor issue, can be fixed via point release) NOTE: https://github.com/siemens/efibootguard/commit/965d65c5751898c4bb094ef191b7387819423414 (v0.15) @@ -6313,7 +6335,7 @@ CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms v5.1.1 an NOT-FOR-US: Snow Monkey Forms CVE-2022-48505 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple -CVE-2022-48503 (Processing web content may lead to arbitrary code execution) +CVE-2022-48503 (The issue was addressed with improved bounds checks. This issue is fix ...) {DSA-5241-1 DSA-5240-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 @@ -21579,10 +21601,10 @@ CVE-2023-28201 (This issue was addressed with improved state management. This is NOT-FOR-US: Apple CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple -CVE-2023-28199 - RESERVED -CVE-2023-28198 - RESERVED +CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + TODO: check +CVE-2023-28198 (A use-after-free issue was addressed with improved memory management. ...) + TODO: check CVE-2023-28197 RESERVED CVE-2023-28196 @@ -21619,8 +21641,8 @@ CVE-2023-28181 (The issue was addressed with improved memory handling. This issu NOT-FOR-US: Apple CVE-2023-28180 (A denial-of-service issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2023-28179 - RESERVED +CVE-2023-28179 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-28177 (Memory safety bugs present in Firefox 110. Some of these bugs showed e ...) @@ -22460,10 +22482,10 @@ CVE-2023-27950 RESERVED CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2023-27948 - RESERVED -CVE-2023-27947 - RESERVED +CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2023-27947 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-27945 (This issue was addressed with improved entitlements. This issue is fix ...) @@ -22478,8 +22500,8 @@ CVE-2023-27941 (A validation issue was addressed with improved input sanitizatio NOT-FOR-US: Apple CVE-2023-27940 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple -CVE-2023-27939 - RESERVED +CVE-2023-27939 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2023-27937 (An integer overflow was addressed with improved input validation. This ...) @@ -43026,8 +43048,8 @@ CVE-2021-46857 RESERVED CVE-2020-36616 RESERVED -CVE-2020-36615 - RESERVED +CVE-2020-36615 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check CVE-2020-36614 RESERVED CVE-2020-36613 @@ -45653,14 +45675,14 @@ CVE-2022-46727 REJECTED CVE-2022-46726 RESERVED -CVE-2022-46725 - RESERVED -CVE-2022-46724 - RESERVED +CVE-2022-46725 (A spoofing issue existed in the handling of URLs. This issue was addre ...) + TODO: check +CVE-2022-46724 (This issue was addressed by restricting options offered on a locked de ...) + TODO: check CVE-2022-46723 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2022-46722 - RESERVED +CVE-2022-46722 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check CVE-2022-46721 RESERVED CVE-2022-46720 (An integer overflow was addressed with improved input validation. This ...) @@ -45691,8 +45713,8 @@ CVE-2022-46708 REJECTED CVE-2022-46707 REJECTED -CVE-2022-46706 - RESERVED +CVE-2022-46706 (A type confusion issue was addressed with improved state handling. Thi ...) + TODO: check CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...) @@ -51943,64 +51965,63 @@ CVE-2023-21294 RESERVED CVE-2023-21293 RESERVED -CVE-2023-21292 - RESERVED +CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...) + TODO: check CVE-2023-21291 RESERVED -CVE-2023-21290 - RESERVED -CVE-2023-21289 - RESERVED -CVE-2023-21288 - RESERVED -CVE-2023-21287 - RESERVED -CVE-2023-21286 - RESERVED -CVE-2023-21285 - RESERVED -CVE-2023-21284 - RESERVED -CVE-2023-21283 - RESERVED -CVE-2023-21282 - RESERVED -CVE-2023-21281 - RESERVED -CVE-2023-21280 - RESERVED -CVE-2023-21279 - RESERVED -CVE-2023-21278 - RESERVED -CVE-2023-21277 - RESERVED -CVE-2023-21276 - RESERVED -CVE-2023-21275 - RESERVED -CVE-2023-21274 - RESERVED -CVE-2023-21273 - RESERVED -CVE-2023-21272 - RESERVED -CVE-2023-21271 - RESERVED +CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to bypass file ...) + TODO: check +CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi user secu ...) + TODO: check +CVE-2023-21288 (In visitUris of Notification.java, there is a possible way to reveal i ...) + TODO: check +CVE-2023-21287 (In multiple locations, there is a possible code execution due to type ...) + TODO: check +CVE-2023-21286 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...) + TODO: check +CVE-2023-21285 (In setMetadata of MediaSessionRecord.java, there is a possible way to ...) + TODO: check +CVE-2023-21284 (In multiple functions of DevicePolicyManager.java, there is a possible ...) + TODO: check +CVE-2023-21283 (In multiple functions of StatusHints.java, there is a possible way to ...) + TODO: check +CVE-2023-21282 (In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bound ...) + TODO: check +CVE-2023-21281 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...) + TODO: check +CVE-2023-21280 (In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there i ...) + TODO: check +CVE-2023-21279 (In visitUris of RemoteViews.java, there is a possible cross-user media ...) + TODO: check +CVE-2023-21278 (In multiple locations, there is a possible way to obscure the micropho ...) + TODO: check +CVE-2023-21277 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...) + TODO: check +CVE-2023-21276 (In writeToParcel of CursorWindow.cpp, there is a possible information ...) + TODO: check +CVE-2023-21275 (In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivit ...) + TODO: check +CVE-2023-21274 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) + TODO: check +CVE-2023-21273 (In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds wr ...) + TODO: check +CVE-2023-21272 (In readFrom of Uri.java, there is a possible bad URI permission grant ...) + TODO: check +CVE-2023-21271 (In parseInputs of ShimPreparedModel.cpp, there is a possible out of bo ...) + TODO: check CVE-2023-21270 RESERVED -CVE-2023-21269 - RESERVED -CVE-2023-21268 - RESERVED -CVE-2023-21267 - RESERVED +CVE-2023-21269 (In startActivityInner of ActivityStarter.java, there is a possible way ...) + TODO: check +CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change direc ...) + TODO: check +CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a possible ...) + TODO: check CVE-2023-21266 RESERVED -CVE-2023-21265 - RESERVED -CVE-2023-21264 - RESERVED +CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...) + TODO: check +CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way to acc ...) - linux 6.3.7-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -52050,8 +52071,8 @@ CVE-2023-21244 RESERVED CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...) NOT-FOR-US: Android -CVE-2023-21242 - RESERVED +CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java, there is ...) + TODO: check CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...) @@ -52064,20 +52085,20 @@ CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is NOT-FOR-US: Android CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...) NOT-FOR-US: Android -CVE-2023-21235 - RESERVED -CVE-2023-21234 - RESERVED -CVE-2023-21233 - RESERVED -CVE-2023-21232 - RESERVED -CVE-2023-21231 - RESERVED -CVE-2023-21230 - RESERVED -CVE-2023-21229 - RESERVED +CVE-2023-21235 (In onCreate of LockSettingsActivity.java, there is a possible way set ...) + TODO: check +CVE-2023-21234 (In launchConfirmationActivity of ChooseLockSettingsHelper.java, there ...) + TODO: check +CVE-2023-21233 (In multiple locations of avrc, there is a possible leak of heap data d ...) + TODO: check +CVE-2023-21232 (In multiple locations, there is a possible way to retrieve sensor data ...) + TODO: check +CVE-2023-21231 (In getIntentForButton of ButtonManager.java, there is a possible way f ...) + TODO: check +CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is a poss ...) + TODO: check +CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...) + TODO: check CVE-2023-21228 RESERVED CVE-2023-21227 @@ -52254,8 +52275,8 @@ CVE-2023-21142 (In multiple files, there is a possible way to access traces in t NOT-FOR-US: Android CVE-2023-21141 (In several functions of several files, there is a possible way to acce ...) NOT-FOR-US: Android -CVE-2023-21140 - RESERVED +CVE-2023-21140 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + TODO: check CVE-2023-21139 (In bindPlayer of MediaControlPanel.java, there is a possible launch ar ...) NOT-FOR-US: Android CVE-2023-21138 (In onNullBinding of CallRedirectionProcessor.java, there is a possible ...) @@ -52266,12 +52287,12 @@ CVE-2023-21136 (In multiple functions of JobStore.java, there is a possible way NOT-FOR-US: Android CVE-2023-21135 (In onCreate of NotificationAccessSettings.java, there is a possible fa ...) NOT-FOR-US: Android -CVE-2023-21134 - RESERVED -CVE-2023-21133 - RESERVED -CVE-2023-21132 - RESERVED +CVE-2023-21134 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + TODO: check +CVE-2023-21133 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + TODO: check +CVE-2023-21132 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + TODO: check CVE-2023-21131 (In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, t ...) NOT-FOR-US: Android CVE-2023-21130 (In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possib ...) @@ -52612,8 +52633,8 @@ CVE-2023-20967 (In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possi NOT-FOR-US: Android CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...) NOT-FOR-US: Android -CVE-2023-20965 - RESERVED +CVE-2023-20965 (In processMessageImpl of ClientModeImpl.java, there is a possible cred ...) + TODO: check CVE-2023-20964 (In multiple functions of MediaSessionRecord.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-20963 (In WorkSource, there is a possible parcel mismatch. This could lead to ...) @@ -59894,8 +59915,8 @@ CVE-2022-42830 (The issue was addressed with improved memory handling. This issu NOT-FOR-US: Apple CVE-2022-42829 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple -CVE-2022-42828 - RESERVED +CVE-2022-42828 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check CVE-2022-42827 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-42826 (A use after free issue was addressed with improved memory management. ...) @@ -86811,8 +86832,8 @@ CVE-2022-32878 REJECTED CVE-2022-32877 (A configuration issue was addressed with additional restrictions. This ...) NOT-FOR-US: Apple -CVE-2022-32876 - RESERVED +CVE-2022-32876 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check CVE-2022-32875 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32874 @@ -105146,8 +105167,8 @@ CVE-2022-26700 (A memory corruption issue was addressed with improved state mana [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html -CVE-2022-26699 - RESERVED +CVE-2022-26699 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds checkin ...) NOT-FOR-US: Apple CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...) @@ -118877,8 +118898,8 @@ CVE-2022-22657 (A memory initialization issue was addressed with improved memory NOT-FOR-US: Apple CVE-2022-22656 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple -CVE-2022-22655 - RESERVED +CVE-2022-22655 (An access issue was addressed with improvements to the sandbox. This i ...) + TODO: check CVE-2022-22654 (A user interface issue was addressed. This issue is fixed in watchOS 8 ...) NOT-FOR-US: Apple CVE-2022-22653 (A logic issue was addressed with improved restrictions. This issue is ...) @@ -118895,8 +118916,8 @@ CVE-2022-22648 (This issue was addressed with improved checks. This issue is fix NOT-FOR-US: Apple CVE-2022-22647 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2022-22646 - RESERVED +CVE-2022-22646 (This issue was addressed by removing the vulnerable code. This issue i ...) + TODO: check CVE-2022-22645 REJECTED CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This was add ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18442adaab2aaabb260da7d54081c2f777c92087 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18442adaab2aaabb260da7d54081c2f777c92087 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits