Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2823b55 by security tracker role at 2023-05-16T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-32956 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2023-32955 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2023-32309 (PyMdown Extensions is a set of extensions for the
`Python-Markdown` ma ...)
+ TODO: check
+CVE-2023-32308 (anuko timetracker is an open source time tracking system.
Boolean-base ...)
+ TODO: check
+CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2023-2710 (The video carousel slider with lightbox plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2023-2708 (The Video Gallery plugin for WordPress is vulnerable to
Reflected Cros ...)
+ TODO: check
CVE-2023-32787 (The OPC UA Legacy Java Stack before 6f176f2 enables an
attacker to blo ...)
TODO: check
CVE-2023-32314 (vm2 is a sandbox that can run untrusted code with Node's
built-in modu ...)
@@ -74,7 +88,7 @@ CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to
recover the cleart
NOTE:
https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in
Semgrep thro ...)
NOT-FOR-US: git-url-parse
-CVE-2023-2700 [Memory leak in virPCIVirtualFunctionList cleanup]
+CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw
ouccers due t ...)
[experimental] - libvirt 9.3.0-1
- libvirt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
@@ -1320,8 +1334,8 @@ CVE-2023-31147
RESERVED
CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum
virtual m ...)
NOT-FOR-US: Vyper
-CVE-2023-31145
- RESERVED
+CVE-2023-31145 (Collabora Online is a collaborative online office suite based
on Libre ...)
+ TODO: check
CVE-2023-31144 (Craft CMS is a content management system. Starting in version
3.0.0 an ...)
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming
and inte ...)
@@ -1350,8 +1364,8 @@ CVE-2023-31133 (Ghost is an app for new-media creators
with tools to build a web
NOT-FOR-US: Ghost CMS
CVE-2023-31132
RESERVED
-CVE-2023-31131
- RESERVED
+CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse
based on Po ...)
+ TODO: check
CVE-2023-31130
RESERVED
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be
triggere ...)
@@ -2342,8 +2356,8 @@ CVE-2023-2162 (A use-after-free vulnerability was found
in iscsi_sw_tcp_session_
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
NOTE:
https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
-CVE-2023-2161
- RESERVED
+CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity
Reference vulne ...)
+ TODO: check
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa
prior ...)
NOT-FOR-US: modoboa
CVE-2023-2159
@@ -2484,8 +2498,7 @@ CVE-2023-2126
RESERVED
CVE-2023-2125
RESERVED
-CVE-2023-2124 [OOB access in the Linux kernel's XFS subsystem]
- RESERVED
+CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux
kernel\u201 ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE:
https://lore.kernel.org/linux-xfs/[email protected]/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
@@ -4694,8 +4707,8 @@ CVE-2023-29963 (S-CMS v5.0 was discovered to contain an
authenticated remote cod
NOT-FOR-US: S-CMS
CVE-2023-29962
RESERVED
-CVE-2023-29961
- RESERVED
+CVE-2023-29961 (D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to
stack o ...)
+ TODO: check
CVE-2023-29960
RESERVED
CVE-2023-29959
@@ -7347,8 +7360,7 @@ CVE-2023-1731 (In LTOS versions prior to V7.06.013, the
configuration file uploa
NOT-FOR-US: LTOS
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1729
- RESERVED
+CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in
raw2image_ex() c ...)
- libraw <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
NOTE: https://github.com/LibRaw/LibRaw/issues/557
@@ -40547,14 +40559,11 @@ CVE-2023-21120
RESERVED
CVE-2023-21119
RESERVED
-CVE-2023-21118
- RESERVED
+CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of
bounds r ...)
NOT-FOR-US: Android
-CVE-2023-21117
- RESERVED
+CVE-2023-21117 (In registerReceiverWithFeature of ActivityManagerService.java,
there i ...)
NOT-FOR-US: Android
-CVE-2023-21116
- RESERVED
+CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java,
there is a ...)
NOT-FOR-US: Android
CVE-2023-21115
RESERVED
@@ -40562,39 +40571,30 @@ CVE-2023-21114
RESERVED
CVE-2023-21113
RESERVED
-CVE-2023-21112
- RESERVED
+CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out
of bound ...)
NOT-FOR-US: Android
-CVE-2023-21111
- RESERVED
+CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a
possibl ...)
NOT-FOR-US: Android
-CVE-2023-21110
- RESERVED
+CVE-2023-21110 (In several functions of SnoozeHelper.java, there is a possible
way to ...)
NOT-FOR-US: Android
-CVE-2023-21109
- RESERVED
+CVE-2023-21109 (In multiple places of AccessibilityService, there is a
possible way to ...)
NOT-FOR-US: Android
CVE-2023-21108
RESERVED
-CVE-2023-21107
- RESERVED
+CVE-2023-21107 (In retrieveAppEntry of NotificationAccessDetails.java, there
is a miss ...)
NOT-FOR-US: Android
-CVE-2023-21106
- RESERVED
+CVE-2023-21106 (In adreno_set_param of adreno_gpu.c, there is a possible
memory corrup ...)
- linux 6.1.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5)
CVE-2023-21105
RESERVED
-CVE-2023-21104
- RESERVED
+CVE-2023-21104 (In applySyncTransaction of WindowOrganizer.java, a missing
permission ...)
NOT-FOR-US: Android
-CVE-2023-21103
- RESERVED
+CVE-2023-21103 (In registerPhoneAccount of PhoneAccountRegistrar.java,
uncaught except ...)
NOT-FOR-US: Android
-CVE-2023-21102
- RESERVED
+CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a
possible bypas ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://source.android.com/docs/security/bulletin/2023-05-01
@@ -40947,8 +40947,7 @@ CVE-2023-20932 (In onCreatePreferences of
EditInfoFragment.java, there is a poss
NOT-FOR-US: Android
CVE-2023-20931 (In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a
possible out ...)
NOT-FOR-US: Android
-CVE-2023-20930
- RESERVED
+CVE-2023-20930 (In pushDynamicShortcut of ShortcutPackage.java, there is a
possible wa ...)
NOT-FOR-US: Android
CVE-2023-20929 (In sendHalfSheetCancelBroadcast of HalfSheetActivity.java,
there is a ...)
NOT-FOR-US: Android
@@ -40986,8 +40985,7 @@ CVE-2023-20916 (In getMainActivityLaunchIntent of
LauncherAppsService.java, ther
NOT-FOR-US: Android
CVE-2023-20915 (In addOrReplacePhoneAccount of PhoneAccountRegistrar.java,
there is a ...)
NOT-FOR-US: Android
-CVE-2023-20914
- RESERVED
+CVE-2023-20914 (In onSetRuntimePermissionGrantStateByDeviceAdmin of
AdminRestrictedPer ...)
NOT-FOR-US: Android
CVE-2023-20913 (In onCreate of PhoneAccountSettingsActivity.java and related
files, th ...)
NOT-FOR-US: Android
@@ -43167,26 +43165,26 @@ CVE-2023-20728
RESERVED
CVE-2023-20727
RESERVED
-CVE-2023-20726
- RESERVED
+CVE-2023-20726 (In mnld, there is a possible leak of GPS location due to a
missing per ...)
+ TODO: check
CVE-2023-20725
RESERVED
CVE-2023-20724
RESERVED
CVE-2023-20723
RESERVED
-CVE-2023-20722
- RESERVED
-CVE-2023-20721
- RESERVED
-CVE-2023-20720
- RESERVED
-CVE-2023-20719
- RESERVED
-CVE-2023-20718
- RESERVED
-CVE-2023-20717
- RESERVED
+CVE-2023-20722 (In m4u, there is a possible out of bounds write due to
improper input ...)
+ TODO: check
+CVE-2023-20721 (In isp, there is a possible out of bounds write due to
improper input ...)
+ TODO: check
+CVE-2023-20720 (In pqframework, there is a possible out of bounds read due to
a missin ...)
+ TODO: check
+CVE-2023-20719 (In pqframework, there is a possible out of bounds read due to
a missin ...)
+ TODO: check
+CVE-2023-20718 (In vcu, there is a possible out of bounds write due to a
missing bound ...)
+ TODO: check
+CVE-2023-20717 (In vcu, there is a possible leak of dma buffer due to a race
condition ...)
+ TODO: check
CVE-2023-20716
RESERVED
CVE-2023-20715
@@ -43197,42 +43195,42 @@ CVE-2023-20713
RESERVED
CVE-2023-20712
RESERVED
-CVE-2023-20711
- RESERVED
-CVE-2023-20710
- RESERVED
-CVE-2023-20709
- RESERVED
-CVE-2023-20708
- RESERVED
-CVE-2023-20707
- RESERVED
-CVE-2023-20706
- RESERVED
-CVE-2023-20705
- RESERVED
-CVE-2023-20704
- RESERVED
-CVE-2023-20703
- RESERVED
+CVE-2023-20711 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-20710 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-20709 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-20708 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-20707 (In ril, there is a possible out of bounds write due to a
missing bound ...)
+ TODO: check
+CVE-2023-20706 (In apu, there is a possible out of bounds read due to a
missing bounds ...)
+ TODO: check
+CVE-2023-20705 (In apu, there is a possible out of bounds read due to a
missing bounds ...)
+ TODO: check
+CVE-2023-20704 (In apu, there is a possible out of bounds read due to a
missing bounds ...)
+ TODO: check
+CVE-2023-20703 (In apu, there is a possible out of bounds read due to a
missing bounds ...)
+ TODO: check
CVE-2023-20702
RESERVED
-CVE-2023-20701
- RESERVED
-CVE-2023-20700
- RESERVED
-CVE-2023-20699
- RESERVED
-CVE-2023-20698
- RESERVED
-CVE-2023-20697
- RESERVED
-CVE-2023-20696
- RESERVED
-CVE-2023-20695
- RESERVED
-CVE-2023-20694
- RESERVED
+CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a
logic er ...)
+ TODO: check
+CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a
logic er ...)
+ TODO: check
+CVE-2023-20699 (In adsp, there is a possible out of bounds write due to a
missing boun ...)
+ TODO: check
+CVE-2023-20698 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-20697 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-20696 (In preloader, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2023-20695 (In preloader, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2023-20694 (In preloader, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
CVE-2023-20693
RESERVED
CVE-2023-20692
@@ -43273,8 +43271,8 @@ CVE-2023-20675 (In wlan, there is a possible out of
bounds read due to a missing
NOT-FOR-US: MediaTek
CVE-2023-20674 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
NOT-FOR-US: MediaTek
-CVE-2023-20673
- RESERVED
+CVE-2023-20673 (In vcu, there is a possible memory corruption due to type
confusion. T ...)
+ TODO: check
CVE-2023-20672
RESERVED
CVE-2023-20671
@@ -122366,7 +122364,7 @@ CVE-2022-20340 (In SELinux policy, there is a
possible way of inferring which we
NOT-FOR-US: Android
CVE-2022-20339 (In Android, there is a possible access of network neighbor
table infor ...)
NOT-FOR-US: Android
-CVE-2022-20338 (In Core Utilities, there is a possible way to craft a
malformed Uri ob ...)
+CVE-2022-20338 (In HierarchicalUri.readFrom of Uri.java, there is a possible
way to cr ...)
NOT-FOR-US: Android
CVE-2022-20337
RESERVED
@@ -189452,8 +189450,8 @@ CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of
the PowerVR kernel driver,
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel
driver, a mis ...)
NOT-FOR-US: Imagination Technologies components for Android
-CVE-2021-0877
- RESERVED
+CVE-2021-0877 (Product: AndroidVersions: Android SoCAndroid ID: A-273754094)
+ TODO: check
CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR
kernel driv ...)
NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a
missing ...)
@@ -223453,7 +223451,7 @@ CVE-2020-14424 (Cacti before 1.2.18 allows remote
attackers to trigger XSS via t
CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret
in Core/ ...)
NOT-FOR-US: Convos
CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes
hash valu ...)
- {DLA-2280-1}
+ {DLA-3424-1 DLA-2280-1}
- python3.8 3.8.4~rc1-1
- python3.7 <removed>
[buster] - python3.7 3.7.3-2+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2823b55511f89dfdd041505cfbbdc1127764f09
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2823b55511f89dfdd041505cfbbdc1127764f09
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
