Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c4df4fd3 by Salvatore Bonaccorso at 2023-10-28T16:10:26+02:00
Add CVE-2023-465{69,70}/radare2
- - - - -
1c973326 by Salvatore Bonaccorso at 2023-10-28T16:10:28+02:00
Process some NFUs
- - - - -
d1ac19e7 by Salvatore Bonaccorso at 2023-10-28T16:10:31+02:00
Add CVE-2023-46604/activemq
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,9 +7,13 @@ CVE-2023-5830 (A vulnerability classified as critical has been
found in Columbia
CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5
allows a loca ...)
NOT-FOR-US: XnView
CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in
the prin ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/22333
+ NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/3e406459f163eba7672b3421c8a84b2c0e4ac0f8
CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in
the prin ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/22334
+ NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/2e2f2a9b1800d09be09461e7536ac03a301f97f2
CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R
v.4.1cu.4154 ...)
NOT-FOR-US: ZIONCOM (Hong Kong) Technology Limited A7000R
CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows
an attack ...)
@@ -33,11 +37,11 @@ CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in St
CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Step ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple
Authent ...)
- TODO: check
+ NOT-FOR-US: Leave Management System Project
CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to
v5.2.19, v5. ...)
- TODO: check
+ NOT-FOR-US: ZPE Systems
CVE-2023-40140 (In android_view_InputDevice_create of
android_view_InputDevice.cpp, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view
another user ...)
TODO: check
CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view
another user ...)
@@ -57,27 +61,27 @@ CVE-2023-40131 (In GpuService of GpuService.cpp, there is a
possible use after f
CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a
possible ...)
TODO: check
CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40127 (In multiple locations, there is a possible way to access
screenshots d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a
Guest use ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible
bypass o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a
possible S ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40120 (In multiple locations, there is a possible way to bypass user
notifica ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a
possible l ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a
possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35794 (An issue was discovered in Cassia Access Controller
2.1.1.2303271039. ...)
- TODO: check
+ NOT-FOR-US: Cassia Access Controller
CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alka ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5829 (A vulnerability was found in code-projects Admission Management
System ...)
NOT-FOR-US: code-projects Admission Management System
CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial
Develo ...)
@@ -115,7 +119,9 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer
overflow exists when proces
[bullseye] - memcached <no-dsa> (Minor issue)
NOTE:
https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767
(1.6.22)
CVE-2023-46604 (Apache ActiveMQ is vulnerable to Remote Code Execution.The
vulnerabili ...)
- TODO: check
+ - activemq <unfixed>
+ NOTE:
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
+ NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5
CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out
of bound ...)
- ffmpeg <unfixed>
NOTE: Introduced by:
https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3
@@ -137,9 +143,9 @@ CVE-2023-46246 (Vim is an improved version of the good old
UNIX editor Vi. Heap-
NOTE:
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
(v9.0.2068)
NOTE: Crash in CLI tool, no security impact
CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: Online Art Gallery
CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: Online Art Gallery
CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder
System 1.0. ...)
NOT-FOR-US: SourceCodester Task Reminder System
CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder
System 1.0 a ...)
@@ -30400,7 +30406,7 @@ CVE-2023-29011 (Git for Windows, the Windows port of
Git, ships with an executab
CVE-2023-29010 (Budibase is a low code platform for creating internal tools,
workflows ...)
NOT-FOR-US: budibase
CVE-2023-29009 (baserCMS is a website development framework with WebAPI that
runs on P ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2023-29008 (The SvelteKit framework offers developers an option to create
simple R ...)
NOT-FOR-US: SvelteKit
CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
@@ -34523,7 +34529,7 @@ CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and
7.6.1.3 could disclose s
CVE-2023-27859
RESERVED
CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary
code execut ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition
occurs w ...)
NOT-FOR-US: Rockwell
CVE-2023-27856 (In affected versions, path traversal exists when processing a
message ...)
@@ -34531,7 +34537,7 @@ CVE-2023-27856 (In affected versions, path traversal
exists when processing a me
CVE-2023-27855 (In affected versions, a path traversal exists when processing
a messag ...)
NOT-FOR-US: Rockwell
CVE-2023-27854 (An arbitrary code execution vulnerability was reported to
Rockwell Aut ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and
prior ve ...)
NOT-FOR-US: OpenHarmony
CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of
wildcard bac ...)
@@ -68928,11 +68934,11 @@ CVE-2022-3704 (A vulnerability classified as
problematic has been found in Ruby
CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0
and prio ...)
NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo
Vantage Hardw ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo
Vantage ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported
in the ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo
Hardwa ...)
NOT-FOR-US: Lenovo
CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo
HardwareS ...)
@@ -69005,7 +69011,7 @@ CVE-2022-3683 (A vulnerability exists in the SDM600 API
web services authorizati
CVE-2022-3682 (A vulnerability exists in the SDM600 file permission
validation. An a ...)
NOT-FOR-US: ABB SDM600
CVE-2022-3681 (A vulnerability has been identified in the MR2600 router
v1.0.18 and e ...)
- TODO: check
+ NOT-FOR-US: MR2600 router
CVE-2022-43746
RESERVED
CVE-2022-43745
@@ -69990,7 +69996,7 @@ CVE-2022-3613 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2022-3612
RESERVED
CVE-2022-3611 (An information disclosure vulnerability has been identified in
the Len ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does
not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does
not sani ...)
@@ -72757,7 +72763,7 @@ CVE-2022-38451 (A directory traversal vulnerability
exists in the httpd update.c
CVE-2022-38091
RESERVED
CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware
used in Le ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3428
RESERVED
CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site
Request ...)
@@ -93459,9 +93465,9 @@ CVE-2022-34889 (This vulnerability allows local
attackers to escalate privileges
CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid,
authentic ...)
NOT-FOR-US: Lenovo
CVE-2022-34887 (Standard users can directly operate and set printer
configuration info ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-34886 (A remote code execution vulnerability was found in the
firmware used i ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola
MR2600 ro ...)
NOT-FOR-US: Motorola
CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem
which can po ...)
@@ -93615,11 +93621,11 @@ CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an
integer signedness error a
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
NOTE:
https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
(v2022.07-rc6)
CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3.
Attackers can ga ...)
- TODO: check
+ NOT-FOR-US: VERMEG AgileReporter
CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin
can ent ...)
- TODO: check
+ NOT-FOR-US: VERMEG AgileReporter
CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can
occur vi ...)
- TODO: check
+ NOT-FOR-US: VERMEG AgileReporter
CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before
7.9.0, rela ...)
NOT-FOR-US: Keyfactor
CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race
Condition t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23dd068e50af44a19d3ffc6ae5471bdbe3754904...d1ac19e7c0811d880da7e38cd9a086983b4da2d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23dd068e50af44a19d3ffc6ae5471bdbe3754904...d1ac19e7c0811d880da7e38cd9a086983b4da2d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
