Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3c25694 by Moritz Muehlenhoff at 2023-12-05T13:20:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-49070
+ NOT-FOR-US: Apache OFBiz
CVE-2023-6269 (An argument injection vulnerability has been identified in the
admini ...)
NOT-FOR-US: Atos
CVE-2023-6063 (The WP Fastest Cache WordPress plugin before 1.2.2 does not
properly s ...)
@@ -37,17 +39,17 @@ CVE-2023-5108 (The Easy Newsletter Signups WordPress plugin
through 1.0.4 does n
CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6
has a vu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through
1.2.1 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML
transformation ...)
NOT-FOR-US: Vite
CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for
secp256k1 ...)
TODO: check
CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch
or tag n ...)
- TODO: check
+ NOT-FOR-US: Github action
CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx
(JWA/JWE/JWK/J ...)
- TODO: check
+ NOT-FOR-US: lestrrat-go/jwx
CVE-2023-49289 (Ajax.NET Professional (AjaxPro) is an AJAX framework for
Microsoft ASP ...)
- TODO: check
+ NOT-FOR-US: Ajax.NET Professional
CVE-2023-49284 (fish is a smart and user-friendly command line shell for
macOS, Linux, ...)
- fish <unfixed> (bug #1057455)
[bookworm] - fish <no-dsa> (Minor issue)
@@ -96,87 +98,87 @@ CVE-2023-45779 (In TBD of TBD, there is a possible
malicious update to platform
CVE-2023-45777 (In checkKeyIntentParceledCorrectly of
AccountManagerService.java, ther ...)
NOT-FOR-US: Android
CVE-2023-45776 (In CreateAudioBroadcast of broadcaster.cc, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-45775 (In CreateAudioBroadcast of broadcaster.cc, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-45774 (In fixUpIncomingShortcutInfo of ShortcutService.java, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-45773 (In multiple functions of btm_ble_gap.cc, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-44295 (Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x
contains an imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44288 (Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an
improper c ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43472 (An issue in MLFlow versions 2.8.1 and before allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-42581 (Improper URL validation from InstantPlay deeplink in Galaxy
Store prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42580 (Improper URL validation from MCSLaunch deeplink in Galaxy
Store prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42579 (Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of
Chinese ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42578 (Improper handling of insufficient permissions or privileges
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42577 (Improper Access Control in Samsung Voice Recorder prior to
versions 21 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42576 (Improper Authentication vulnerability in Samsung Pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42575 (Improper Authentication vulnerability in Samsung Pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42574 (Improper access control vulnerablility in GameHomeCN prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42573 (PendingIntent hijacking vulnerability in Search Widget prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42572 (Implicit intent hijacking vulnerability in Samsung Account Web
SDK pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42571 (Abuse of remote unlock in Find My Mobile prior to version
7.3.13.4 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42570 (Improper access control vulnerability in
KnoxCustomManagerService prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42569 (Improper authorization verification vulnerability in AR Emoji
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42568 (Improper access control vulnerability in SmartManagerCN prior
to SMR D ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42567 (Improper size check vulnerability in softsimd prior to SMR
Dec-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42566 (Out-of-bound write vulnerability in libsavsvc prior to SMR
Dec-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42565 (Improper input validation vulnerability in Smart Clip prior to
SMR Dec ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42564 (Improper access control in knoxcustom service prior to SMR
Dec-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42563 (Integer overflow vulnerability in landmarkCopyImageToNative of
libFace ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42562 (Integer overflow vulnerability in
detectionFindFaceSupportMultiInstanc ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42561 (Heap out-of-bounds write vulnerability in bootloader prior to
SMR Dec- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42560 (Heap out-of-bounds write vulnerability in dec_mono_audb of
libsavsac.s ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42559 (Improper exception management vulnerability in Knox Guard
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42558 (Out of bounds write vulnerability in HDCP in HAL prior to SMR
Dec-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42557 (Out-of-bound write vulnerability in libIfaaCa prior to SMR
Dec-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42556 (Improper usage of implicit intent in Contacts prior to SMR
Dec-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-40465 (Several versions of ALEOS, including ALEOS 4.16.0, include an
opensour ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a
hardcoded ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40463 (When configured in debugging mode by an authenticated user
with adm ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not
perform ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an
authen ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not
validat ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40459 (The ACEManager component of ALEOS 4.16 and earlier does not
adequately ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2023-40103 (In multiple locations, there is a possible way to corrupt
memory due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40098 (In mOnDone of NotificationConversationInfo.java, there is a
possible w ...)
TODO: check
CVE-2023-40097 (In hasPermissionForActivity of PackageManagerHelper.java,
there is a p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3c256949411add1ab79ff8f6d9b1d63474bc644
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3c256949411add1ab79ff8f6d9b1d63474bc644
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
