Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25d42478 by Moritz Muehlenhoff at 2023-10-11T22:41:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,145 +5,145 @@ CVE-2023-5521 (Incorrect Authorization in GitHub repository
tiann/kernelsu prior
CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.2.2.)
TODO: check
CVE-2023-4957 (A vulnerability of authentication bypass has been found on a
Zebra Tec ...)
- TODO: check
+ NOT-FOR-US: Zebra Technologies ZTC
CVE-2023-4936 (It is possible to sideload a compromised DLL during the
installation a ...)
- TODO: check
+ NOT-FOR-US: Synaptics
CVE-2023-45396 (An Insecure Direct Object Reference (IDOR) vulnerability leads
to even ...)
- TODO: check
+ NOT-FOR-US: Insecure Direct Object Reference
CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04
and before ...)
- TODO: check
+ NOT-FOR-US: Koha
CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04
and bef ...)
- TODO: check
+ NOT-FOR-US: Koha
CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability
in AS PAT ...)
TODO: check
CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel
module.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44118 (Vulnerability of undefined permissions in the MeeTime
module.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44116 (Vulnerability of access permissions not being strictly
verified in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44114 (Out-of-bounds array vulnerability in the dataipa
module.Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44111 (Vulnerability of brute-force attacks on the device
authentication modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44110 (Out-of-bounds access vulnerability in the audio
module.Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44109 (Clone vulnerability in the huks ta module.Successful
exploitation of t ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44108 (Type confusion vulnerability in the distributed file
module.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44107 (Vulnerability of defects introduced in the design process in
the scree ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44106 (API permission management vulnerability in the Fwk-Display
module.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44105 (Vulnerability of permissions not being strictly verified in
the window ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44104 (Broadcast permission control vulnerability in the Bluetooth
module.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44103 (Out-of-bounds read vulnerability in the Bluetooth
module.Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44102 (Broadcast permission control vulnerability in the Bluetooth
module.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44101 (The Bluetooth module has a vulnerability in permission control
for bro ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44100 (Broadcast permission control vulnerability in the Bluetooth
module.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44097 (Vulnerability of the permission to access device SNs being
improperly ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44096 (Vulnerability of brute-force attacks on the device
authentication modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44095 (Use-After-Free (UAF) vulnerability in the surfaceflinger
module.Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44094 (Type confusion vulnerability in the distributed file
module.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-44093 (Vulnerability of package names' public keys not being verified
in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-43960 (An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote
attacker to e ...)
- TODO: check
+ NOT-FOR-US: DLINK
CVE-2023-43661 (Cachet, the open-source status page system. Prior to the 2.4
branch, a ...)
- TODO: check
+ NOT-FOR-US: Cachet
CVE-2023-42138 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.
11.62 and ea ...)
- TODO: check
+ NOT-FOR-US: KV STUDIO
CVE-2023-41882 (vantage6 is privacy preserving federated learning
infrastructure. The ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-41881 (vantage6 is privacy preserving federated learning
infrastructure. When ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-41304 (Parameter verification vulnerability in the window
module.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-40142 (In TBD of TBD, there is a possible way to bypass carrier
restrictions ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40141 (In temp_residency_name_store of thermal_metrics.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-38817 (An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a
local attac ...)
- TODO: check
+ NOT-FOR-US: Inspect Element Ltd Echo.a
CVE-2023-38217 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and
earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-38216 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and
earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-37538 (HCL Digital Experience is susceptible to cross site scripting
(XSS). O ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-35968 (Two heap-based buffer overflow vulnerabilities exist in the
gwcfg_cgi_ ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35967 (Two heap-based buffer overflow vulnerabilities exist in the
gwcfg_cgi_ ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35966 (Two heap-based buffer overflow vulnerabilities exist in the
httpd mana ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35965 (Two heap-based buffer overflow vulnerabilities exist in the
httpd mana ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35662 (there is a possible out of bounds write due to buffer
overflow. This c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35661 (In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35660 (In lwis_transaction_client_cleanup of lwis_transaction.c,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35655 (In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35654 (In ctrl_roi of stmvl53l1_module.c, there is a possible out of
bounds r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35653 (In TBD of TBD, there is a possible way to access location
information ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35652 (In ProtocolEmergencyCallListIndAdapter::Init of
protocolcalladapter.cp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35649 (In several functions of Exynos modem files, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35648 (In ProtocolMiscLceIndAdapter::GetConfLevel() of
protocolmiscadapter.cp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35647 (In ProtocolEmbmsGlobalCellIdAdapter::Init() of
protocolembmsadapter.cp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35646 (In TBD of TBD, there is a possible stack buffer overflow due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35645 (In tbd of tbd, there is a possible memory corruption due to a
race con ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35194 (An OS command injection vulnerability exists in the api.cgi
cmd.mvpn.x ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-35193 (An OS command injection vulnerability exists in the api.cgi
cmd.mvpn.x ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-35056 (A buffer overflow vulnerability exists in the httpd next_page
function ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-35055 (A buffer overflow vulnerability exists in the httpd next_page
function ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-34426 (A stack-based buffer overflow vulnerability exists in the
httpd manage ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-34365 (A stack-based buffer overflow vulnerability exists in the
libutils.so ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-34356 (An OS command injection vulnerability exists in the data.cgi
xfer_dns ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-34354 (A stored cross-site scripting (XSS) vulnerability exists in
the upload ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-34346 (A stack-based buffer overflow vulnerability exists in the
httpd gwcfg. ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-32645 (A leftover debug code vulnerability exists in the httpd debug
credenti ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-32632 (A command execution vulnerability exists in the validate.so
diag_ping_ ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-31272 (A stack-based buffer overflow vulnerability exists in the
httpd do_wds ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-28381 (An OS command injection vulnerability exists in the admin.cgi
MVPN_tri ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-27380 (An OS command injection vulnerability exists in the admin.cgi
USSD_sen ...)
- TODO: check
+ NOT-FOR-US: Surf SOHO HW1
CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd
nvram.cgi f ...)
- TODO: check
+ NOT-FOR-US: Yifan
CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability
in Apac ...)
- zookeeper <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d42478724fd46ed7d3e9d960bcebc50803d735
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d42478724fd46ed7d3e9d960bcebc50803d735
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
