Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53bbf947 by Moritz Muehlenhoff at 2023-09-04T12:12:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -540,13 +540,13 @@ CVE-2023-3404 (The ProfileGrid plugin for WordPress is
vulnerable to unauthorize
CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress
is vuln ...)
NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress
CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path
traversa ...)
- TODO: check
+ NOT-FOR-US: archive Dart library
CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute
a path t ...)
NOT-FOR-US: ZIPFoundation
CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip
filenames whi ...)
- TODO: check
+ NOT-FOR-US: archive Dart library
CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of
ZipArchive v ...)
- TODO: check
+ NOT-FOR-US: SSZipArchive
CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a
path traver ...)
NOT-FOR-US: Zip Swift
CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru
v.2.9.7 allo ...)
@@ -814,7 +814,7 @@ CVE-2023-40889 (A heap-based buffer overflow exists in the
qr_reader_match_cente
NOTE: https://hackmd.io/@cspl/B1ZkFZv23
TODO: check if reported upstream
CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters
submitt ...)
- TODO: check
+ NOT-FOR-US: SpringBlade
CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to
multiple de ...)
NOT-FOR-US: Arista
CVE-2023-3253 (An improper authorization vulnerability exists where an
authenticated, ...)
@@ -17067,9 +17067,9 @@ CVE-2022-48455
CVE-2022-48454
RESERVED
CVE-2022-48453 (In camera driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48452 (In Ifaa service, there is a possible missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write
due to r ...)
NOT-FOR-US: Unisoc
CVE-2022-48450 (In bluetooth service, there is a possible missing params
check. This ...)
@@ -20979,7 +20979,6 @@ CVE-2023-28938 (Uncontrolled resource consumption in
some Intel(R) SSD Tools sof
NOTE: Fixed by:
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62
(mdadm-4.2-rc2)
NOTE: Negligible security impact as the memory leak is after "mdadm
--detail" which
NOTE: is one shoot action.
- TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2
CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before
version mda ...)
- mdadm 4.2-1
[bullseye] - mdadm <no-dsa> (Minor issue)
@@ -37624,7 +37623,7 @@ CVE-2023-23765 (An incorrect comparison vulnerability
was identified in GitHub E
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23763 (An authorization/sensitive information disclosure
vulnerability was id ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23761 (An improper authentication vulnerability was identified in
GitHub Ente ...)
@@ -46762,9 +46761,9 @@ CVE-2022-47355 (In log service, there is a missing
permission check. This could
CVE-2022-47354 (In log service, there is a missing permission check. This
could lead t ...)
NOT-FOR-US: Unisoc
CVE-2022-47353 (In vdsp device, there is a possible system crash due to
improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47352 (In camera driver, there is a possible out of bounds read due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47351 (In camera driver, there is a possible out of bounds read due
to a miss ...)
NOT-FOR-US: Unisoc
CVE-2022-47350 (In camera driver, there is a possible out of bounds read due
to a miss ...)
@@ -57610,69 +57609,69 @@ CVE-2022-3738 (The vulnerability allows a remote
unauthenticated attacker to dow
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 me ...)
NOT-FOR-US: PHOENIX
CVE-2023-20851 (In stc, there is a possible out of bounds read due to a race
condition ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20850 (In imgsys_cmdq, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20849 (In imgsys_cmdq, there is a possible use after free due to a
missing va ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20848 (In imgsys_cmdq, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20847 (In imgsys_cmdq, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20846 (In imgsys_cmdq, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20845 (In imgsys, there is a possible out of bounds read due to a
missing val ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20844 (In imgsys_cmdq, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20843 (In imgsys_cmdq, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20842 (In imgsys_cmdq, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20841 (In imgsys, there is a possible out of bounds write due to a
missing va ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20840 (In imgsys, there is a possible out of bounds read and write
due to a m ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20839 (In imgsys, there is a possible out of bounds read due to a
missing val ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20838 (In imgsys, there is a possible out of bounds read due to a
race condit ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20837 (In seninf, there is a possible out of bounds write due to a
missing bo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20836 (In camsys, there is a possible out of bounds read due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20835 (In camsys, there is a possible use after free due to a race
condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20834 (In pda, there is a possible use after free due to a race
condition. Th ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20833 (In keyinstall, there is a possible information disclosure due
to a mis ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20832 (In gps, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20831 (In gps, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20830 (In gps, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20829 (In gps, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20828 (In gps, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20827 (In ims service, there is a possible memory corruption due to a
race co ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20826 (In cta, there is a possible information disclosure due to a
missing pe ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20825 (In duraspeed, there is a possible information disclosure due
to a miss ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20824 (In duraspeed, there is a possible information disclosure due
to a miss ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20823 (In cmdq, there is a possible out of bounds read due to an
incorrect st ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20822 (In netdagent, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20820 (In wlan service, there is a possible command injection due to
improper ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20819
RESERVED
CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to
imprope ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53bbf9473f03e67a29f4b4a25e1c1a9d655db281
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53bbf9473f03e67a29f4b4a25e1c1a9d655db281
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
