Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c41ccf0 by Moritz Muehlenhoff at 2024-05-08T09:52:50+02:00
more bluez issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1363,21 +1363,25 @@ CVE-2023-51598 (Hancom Office Word DOC File Parsing
Use-After-Free Remote Code E
CVE-2023-51597 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote
Code Execu ...)
NOT-FOR-US: Kofax Power PDF
CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow
Remote Code ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1902/
CVE-2023-51595 (Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection
Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure
Vulnerabi ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1901/
CVE-2023-51593 (Voltronic Power ViewPower Pro Expression Language Injection
Remote Cod ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds
Read Inform ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1905/
CVE-2023-51591 (Voltronic Power ViewPower Pro doDocument XML External Entity
Processin ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51590 (Voltronic Power ViewPower Pro UpLoadAction Unrestricted File
Upload Re ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds
Read Infor ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1904/
CVE-2023-51588 (Voltronic Power ViewPower Pro MySQL Use of Hard-coded
Credentials Loca ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51587 (Voltronic Power ViewPower getModbusPassword Missing
Authentication Inf ...)
@@ -1395,7 +1399,8 @@ CVE-2023-51582 (Voltronic Power ViewPower
LinuxMonitorConsole Exposed Dangerous
CVE-2023-51581 (Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous
Method R ...)
NOT-FOR-US: Voltronic Power ViewPower
CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list
Out-Of-Bounds Rea ...)
- TODO: check
+ - bluez <unfixed>
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1903/
CVE-2023-51579 (Voltronic Power ViewPower Incorrect Permission Assignment
Local Privil ...)
NOT-FOR-US: Voltronic Power ViewPower
CVE-2023-51578 (Voltronic Power ViewPower MonitorConsole Exposed Dangerous
Method Deni ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c41ccf09834b9411661a42c0f13fad3bf20ce6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c41ccf09834b9411661a42c0f13fad3bf20ce6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
