Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b99b164 by security tracker role at 2024-01-02T08:11:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-0186 (A vulnerability classified as problematic has been found in
HuiRan Hos ...)
+ TODO: check
+CVE-2024-0185 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2024-0184 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2024-0183 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2024-0182 (A vulnerability was found in SourceCodester Engineers Online
Portal 1. ...)
+ TODO: check
+CVE-2023-49142 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2023-49135 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2023-48360 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2023-47857 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2023-47216 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2023-43514 (Memory corruption while invoking IOCTLs calls from user space
for inte ...)
+ TODO: check
+CVE-2023-43512 (Transient DOS while parsing GATT service data when the total
amount of ...)
+ TODO: check
+CVE-2023-43511 (Transient DOS while parsing IPv6 extension header when WLAN
firmware r ...)
+ TODO: check
+CVE-2023-33120 (Memory corruption in Audio when memory map command is executed
consecu ...)
+ TODO: check
+CVE-2023-33118 (Memory corruption while processing Listen Sound Model client
payload b ...)
+ TODO: check
+CVE-2023-33117 (Memory corruption when HLOS allocates the response payload
buffer to c ...)
+ TODO: check
+CVE-2023-33116 (Transient DOS while parsing ieee80211_parse_mscs_ie in WIN
WLAN driver ...)
+ TODO: check
+CVE-2023-33114 (Memory corruption while running NPU, when NETWORK_UNLOAD and
(NETWORK_ ...)
+ TODO: check
+CVE-2023-33113 (Memory corruption when resource manager sends the host kernel
a reply ...)
+ TODO: check
+CVE-2023-33112 (Transient DOS when WLAN firmware receives "reassoc response"
frame inc ...)
+ TODO: check
+CVE-2023-33110 (The session index variable in PCM host voice audio driver
initialized ...)
+ TODO: check
+CVE-2023-33109 (Transient DOS while processing a WMI P2P listen start command
(0xD00A) ...)
+ TODO: check
+CVE-2023-33108 (Memory corruption in Graphics Driver when destroying a context
with KG ...)
+ TODO: check
+CVE-2023-33094 (Memory corruption while running VK synchronization with KASAN
enabled.)
+ TODO: check
+CVE-2023-33085 (Memory corruption in wearables while processing data from AON.)
+ TODO: check
+CVE-2023-33062 (Transient DOS in WLAN Firmware while parsing a BTM request.)
+ TODO: check
+CVE-2023-33040 (Transient DOS in Data Modem during DTLS handshake.)
+ TODO: check
+CVE-2023-33038 (Memory corruption while receiving a message in Bus Socket
Transport Se ...)
+ TODO: check
+CVE-2023-33037 (Cryptographic issue in Automotive while unwrapping the key
secs2d and ...)
+ TODO: check
+CVE-2023-33036 (Permanent DOS in Hypervisor while untrusted VM without PSCI
support ma ...)
+ TODO: check
+CVE-2023-33033 (Memory corruption in Audio during playback with speaker
protection.)
+ TODO: check
+CVE-2023-33032 (Memory corruption in TZ Secure OS while requesting a memory
allocation ...)
+ TODO: check
+CVE-2023-33030 (Memory corruption in HLOS while running playready use-case.)
+ TODO: check
+CVE-2023-33025 (Memory corruption in Data Modem when a non-standard SDP body,
during a ...)
+ TODO: check
+CVE-2023-33014 (Information disclosure in Core services while processing a
Diag comman ...)
+ TODO: check
+CVE-2023-32891 (In bluetooth service, there is a possible out of bounds write
due to i ...)
+ TODO: check
+CVE-2023-32890 (In modem EMM, there is a possible system crash due to improper
input v ...)
+ TODO: check
+CVE-2023-32889 (In Modem IMS Call UA, there is a possible out of bounds write
due to a ...)
+ TODO: check
+CVE-2023-32888 (In Modem IMS Call UA, there is a possible out of bounds write
due to a ...)
+ TODO: check
+CVE-2023-32887 (In Modem IMS Stack, there is a possible system crash due to a
missing ...)
+ TODO: check
+CVE-2023-32886 (In Modem IMS SMS UA, there is a possible out of bounds write
due to a ...)
+ TODO: check
+CVE-2023-32885 (In display drm, there is a possible memory corruption due to a
missing ...)
+ TODO: check
+CVE-2023-32884 (In netdagent, there is a possible information disclosure due
to an inc ...)
+ TODO: check
+CVE-2023-32883 (In Engineer Mode, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
+CVE-2023-32882 (In battery, there is a possible memory corruption due to a
missing bou ...)
+ TODO: check
+CVE-2023-32881 (In battery, there is a possible information disclosure due to
an integ ...)
+ TODO: check
+CVE-2023-32880 (In battery, there is a possible information disclosure due to
a missin ...)
+ TODO: check
+CVE-2023-32879 (In battery, there is a possible out of bounds write due to a
missing b ...)
+ TODO: check
+CVE-2023-32878 (In battery, there is a possible information disclosure due to
a missin ...)
+ TODO: check
+CVE-2023-32877 (In battery, there is a possible out of bounds write due to a
missing b ...)
+ TODO: check
+CVE-2023-32876 (In keyInstall, there is a possible information disclosure due
to a mis ...)
+ TODO: check
+CVE-2023-32875 (In keyInstall, there is a possible information disclosure due
to a mis ...)
+ TODO: check
+CVE-2023-32874 (In Modem IMS Stack, there is a possible out of bounds write
due to a m ...)
+ TODO: check
+CVE-2023-32872 (In keyInstall, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2023-32831 (In wlan driver, there is a possible PIN crack due to use of
insufficie ...)
+ TODO: check
CVE-2024-0181 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal
CVE-2023-6485 (The Html5 Video Player WordPress plugin before 2.5.19 does not
sanitis ...)
@@ -6688,7 +6798,7 @@ CVE-2023-49321 (Certain WithSecure products allow a
Denial of Service because sc
NOT-FOR-US: WithSecure
CVE-2023-49312 (Precision Bridge PrecisionBridge.exe (aka the thick client)
before 7.3 ...)
NOT-FOR-US: Precision Bridge
-CVE-2023-47039
+CVE-2023-47039 (A vulnerability was found in Perl. This security issue occurs
while Pe ...)
- perl <not-affected> (Windows specific issue)
CVE-2023-47038 (A vulnerability was found in perl. This issue occurs when a
crafted re ...)
- perl 5.36.0-10 (bug #1056746)
@@ -21678,7 +21788,7 @@ CVE-2023-40217 (An issue was discovered in Python
before 3.8.18, 3.9.x before 3.
NOTE: Additional patches to stabilize the test suite may also be
applied to all versions:
NOTE: 1.
https://github.com/python/cpython/commit/64f99350351bc46e016b2286f36ba7cd669b79e3
NOTE: 2.
https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47
-CVE-2023-4380 (A logic flaw exists in Ansible. Whenever a private project is
created ...)
+CVE-2023-4380 (A logic flaw exists in Ansible Automation platform. Whenever a
private ...)
- ansible <unfixed> (bug #1051897)
[bookworm] - ansible <no-dsa> (Minor issue)
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -22987,7 +23097,7 @@ CVE-2023-40305 (GNU indent 2.2.13 has a heap-based
buffer overflow in search_bra
[bullseye] - indent <no-dsa> (Minor issue)
[buster] - indent <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/index.php?64503
-CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation
because of un ...)
+CVE-2023-40303 (GNU inetutils before 2.5 may allow privilege escalation
because of unc ...)
{DLA-3611-1}
- inetutils 2:2.4-3 (bug #1049365)
[bookworm] - inetutils 2:2.4-2+deb12u1
@@ -43508,8 +43618,8 @@ CVE-2023-28585 (Memory corruption while loading an ELF
segment in TEE Kernel.)
NOT-FOR-US: Qualcomm
CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives
invalid chan ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28583
- RESERVED
+CVE-2023-28583 (Memory corruption when IPv6 prefix timer object`s lifetime
expires whi ...)
+ TODO: check
CVE-2023-28582
RESERVED
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK
Keys in ...)
@@ -50688,12 +50798,12 @@ CVE-2023-26161
RESERVED
CVE-2023-26160
RESERVED
-CVE-2023-26159
- RESERVED
+CVE-2023-26159 (Versions of the package follow-redirects before 1.15.4 are
vulnerable ...)
+ TODO: check
CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype
Polluti ...)
NOT-FOR-US: mockjs
-CVE-2023-26157
- RESERVED
+CVE-2023-26157 (Versions of the package libredwg before 0.12.5.6384 are
vulnerable to ...)
+ TODO: check
CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are
vulnerable to ...)
NOT-FOR-US: chromedriver Node.js module
CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to
Command Inject ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b99b1642006114ca7b81fdf443d9ec7a02b6d6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b99b1642006114ca7b81fdf443d9ec7a02b6d6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
