Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd45a7ca by security tracker role at 2023-01-10T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-22924
+ RESERVED
+CVE-2023-22923
+ RESERVED
+CVE-2023-22922
+ RESERVED
+CVE-2023-22921
+ RESERVED
+CVE-2023-22920
+ RESERVED
+CVE-2023-22919
+ RESERVED
+CVE-2023-22918
+ RESERVED
+CVE-2023-22917
+ RESERVED
+CVE-2023-22916
+ RESERVED
+CVE-2023-22915
+ RESERVED
+CVE-2023-22914
+ RESERVED
+CVE-2023-22913
+ RESERVED
+CVE-2023-22912
+ RESERVED
+CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x
through 1.3 ...)
+ TODO: check
+CVE-2023-22910
+ RESERVED
+CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x
through 1.3 ...)
+ TODO: check
+CVE-2023-22908
+ RESERVED
+CVE-2023-0163
+ RESERVED
+CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2023-0161
+ RESERVED
+CVE-2023-0160
+ RESERVED
+CVE-2023-0159
+ RESERVED
+CVE-2023-0158
+ RESERVED
+CVE-2023-0157
+ RESERVED
+CVE-2023-0156
+ RESERVED
+CVE-2023-0155
+ RESERVED
+CVE-2023-0154
+ RESERVED
+CVE-2023-0153
+ RESERVED
+CVE-2023-0152
+ RESERVED
+CVE-2023-0151
+ RESERVED
+CVE-2023-0150
+ RESERVED
+CVE-2023-0149
+ RESERVED
+CVE-2023-0148
+ RESERVED
+CVE-2023-0147
+ RESERVED
+CVE-2023-0146
+ RESERVED
+CVE-2023-0145
+ RESERVED
+CVE-2017-20167
+ RESERVED
+CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and
classified ...)
+ TODO: check
+CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been
rated as crit ...)
+ TODO: check
CVE-2023-XXXX [kodi: VideoPlayerCodec: Stop dividing by zero]
- kodi 2:20.0~rc2+dfsg-2
[bullseye] - kodi <no-dsa> (Minor issue)
@@ -2514,8 +2592,8 @@ CVE-2023-0026
RESERVED
CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected
and stor ...)
NOT-FOR-US: Heimdall Application Dashboard
-CVE-2022-47967
- RESERVED
+CVE-2022-47967 (A vulnerability has been identified in Solid Edge (All
versions < V ...)
+ TODO: check
CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to
0.9.1. ...)
NOT-FOR-US: usememos
CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to
4.5.5. I ...)
@@ -2751,36 +2829,36 @@ CVE-2022-4713
RESERVED
CVE-2022-4712
RESERVED
-CVE-2022-4711
- RESERVED
+CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
CVE-2022-47937
RESERVED
CVE-2022-47936
RESERVED
-CVE-2022-47935
- RESERVED
-CVE-2022-4710
- RESERVED
-CVE-2022-4709
- RESERVED
-CVE-2022-4708
- RESERVED
-CVE-2022-4707
- RESERVED
+CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions
< V11. ...)
+ TODO: check
+CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2022-4709 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
CVE-2022-4706
RESERVED
-CVE-2022-4705
- RESERVED
-CVE-2022-4704
- RESERVED
-CVE-2022-4703
- RESERVED
-CVE-2022-4702
- RESERVED
-CVE-2022-4701
- RESERVED
-CVE-2022-4700
- RESERVED
+CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4703 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4702 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4701 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
+CVE-2022-4700 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
+ TODO: check
CVE-2022-4699
RESERVED
CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored
Cross-Si ...)
@@ -6580,8 +6658,8 @@ CVE-2022-47085
RESERVED
CVE-2022-47084
RESERVED
-CVE-2022-47083
- RESERVED
+CVE-2022-47083 (Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.
...)
+ TODO: check
CVE-2022-47082
RESERVED
CVE-2022-47081
@@ -6930,8 +7008,8 @@ CVE-2022-46910 (An issue in the firmware update process
of TP-Link TL-WA901ND V1
NOT-FOR-US: TP-LINK
CVE-2022-46909
RESERVED
-CVE-2022-4429
- RESERVED
+CVE-2022-4429 (Avira Security for Windows contains an unquoted service path
which all ...)
+ TODO: check
CVE-2022-4428
RESERVED
CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS
AG ((OTR ...)
@@ -6948,8 +7026,8 @@ CVE-2022-4424
RESERVED
CVE-2022-4423
RESERVED
-CVE-2022-4422
- RESERVED
+CVE-2022-4422 (This issue affects: Bulutses Bilgi Teknolojileri LTD.
ŞTİ. B ...)
+ TODO: check
CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been
classified as ...)
NOT-FOR-US: rAthena FluxCP
CVE-2022-4420
@@ -7322,8 +7400,8 @@ CVE-2022-46825 (In JetBrains IntelliJ IDEA before 2022.3
the built-in web server
- intellij-idea <itp> (bug #747616)
CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow
in the fs ...)
- intellij-idea <itp> (bug #747616)
-CVE-2022-46823
- RESERVED
+CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8
compatibl ...)
+ TODO: check
CVE-2022-46822
RESERVED
CVE-2022-46821
@@ -8026,8 +8104,8 @@ CVE-2022-46612
RESERVED
CVE-2022-46611
RESERVED
-CVE-2022-46610
- RESERVED
+CVE-2022-46610 (72crm v9 was discovered to contain an arbitrary file upload
vulnerabil ...)
+ TODO: check
CVE-2022-46609 (Python3-RESTfulAPI commit
d9907f14e9e25dcdb54f5b22252b0e9452e3970e and ...)
NOT-FOR-US: backdoored Python3-RESTfulAPI package
CVE-2022-46608
@@ -8418,8 +8496,8 @@ CVE-2022-43466 (Buffalo network devices WSR-3200AX4S
firmware Ver. 1.26 and earl
NOT-FOR-US: Buffalo network devices
CVE-2022-43443 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and
earlier, W ...)
NOT-FOR-US: Buffalo network devices
-CVE-2022-4294
- RESERVED
+CVE-2022-4294 (Norton, Avira, Avast and AVG Antivirus for Windows may be
susceptible ...)
+ TODO: check
CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub
repository ...)
- vim 2:9.0.0813-1 (unimportant)
NOTE: https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143
@@ -11413,6 +11491,7 @@ CVE-2021-4241 (A vulnerability, which was classified as
problematic, was found i
CVE-2021-4240 (A vulnerability, which was classified as problematic, was found
in php ...)
NOT-FOR-US: phpservermon
CVE-2022-45442 (Sinatra is a domain-specific language for creating web
applications in ...)
+ {DLA-3264-1}
- ruby-sinatra <unfixed> (bug #1025125)
NOTE:
https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
NOTE:
https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
(v3.0.4)
@@ -12618,12 +12697,12 @@ CVE-2022-45096
RESERVED
CVE-2022-45095
RESERVED
-CVE-2022-45094
- RESERVED
-CVE-2022-45093
- RESERVED
-CVE-2022-45092
- RESERVED
+CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions
< V1 ...)
+ TODO: check
+CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions
< V1 ...)
+ TODO: check
+CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions
< V1 ...)
+ TODO: check
CVE-2022-45091
RESERVED
CVE-2022-45090
@@ -15207,8 +15286,8 @@ CVE-2022-3794 (The Jeg Elementor Kit plugin for
WordPress is vulnerable to autho
NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2022-3792
- RESERVED
+CVE-2022-3792 (This issue affects: Terminal Operating System versions before
5.0.13 ...)
+ TODO: check
CVE-2022-3791
REJECTED
CVE-2022-3790
@@ -19467,10 +19546,10 @@ CVE-2022-43515 (Zabbix Frontend provides a feature
that allows admins to maintai
- zabbix <unfixed> (bug #1026847)
[bullseye] - zabbix <ignored> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22050
-CVE-2022-43514
- RESERVED
-CVE-2022-43513
- RESERVED
+CVE-2022-43514 (A vulnerability has been identified in Automation License
Manager V5 ( ...)
+ TODO: check
+CVE-2022-43513 (A vulnerability has been identified in Automation License
Manager V5 ( ...)
+ TODO: check
CVE-2022-43499 (Stored cross-site scripting vulnerability in SHIRASAGI
versions prior ...)
NOT-FOR-US: SHIRASAGI
CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR)
vulnerabi ...)
@@ -31962,8 +32041,8 @@ CVE-2022-38775
RESERVED
CVE-2022-38774
RESERVED
-CVE-2022-38773
- RESERVED
+CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in
Hardware ...)
+ TODO: check
CVE-2022-3010
RESERVED
CVE-2022-3009
@@ -88435,7 +88514,7 @@ CVE-2021-44016 (A vulnerability has been identified in
JT2Go (All versions <
NOT-FOR-US: JT2Go / Siemens
CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions
< V13.2. ...)
NOT-FOR-US: Siemens
-CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions
< V13.2. ...)
+CVE-2021-44014 (A vulnerability has been identified in JT Open (All versions
< V11. ...)
NOT-FOR-US: Siemens
CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions
< V13.2. ...)
NOT-FOR-US: Siemens
@@ -88459,7 +88538,7 @@ CVE-2021-44004 (A vulnerability has been identified in
JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions
< V13.2. ...)
NOT-FOR-US: Siemens
-CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions
< V13.2. ...)
+CVE-2021-44002 (A vulnerability has been identified in JT Open (All versions
< V11. ...)
NOT-FOR-US: Siemens
CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions
< V13.2. ...)
NOT-FOR-US: Siemens
@@ -108654,18 +108733,21 @@ CVE-2021-37623 (Exiv2 is a command-line utility and
C++ library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
NOTE: https://github.com/Exiv2/exiv2/pull/1790
CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DLA-3265-1}
- exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
NOTE: https://github.com/Exiv2/exiv2/pull/1788
CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DLA-3265-1}
- exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
NOTE: https://github.com/Exiv2/exiv2/pull/1778
CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DLA-3265-1}
- exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
@@ -116526,6 +116608,7 @@ CVE-2021-34335 (Exiv2 is a command-line utility and
C++ library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
NOTE: https://github.com/Exiv2/exiv2/pull/1750
CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DLA-3265-1}
- exiv2 0.27.5-1 (bug #992706)
[bullseye] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -120319,6 +120402,7 @@ CVE-2021-32817 (express-hbs is an Express handlebars
template engine. express-hb
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for
the Pro ...)
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DLA-3265-1}
- exiv2 0.27.5-1 (bug #992705)
[bullseye] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -129476,6 +129560,7 @@ CVE-2021-29460 (Kirby is an open source CMS. An
editor with write access to the
CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DLA-3265-1}
- exiv2 0.27.5-1 (bug #987277)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -185930,6 +186015,7 @@ CVE-2020-18773 (An invalid memory access in the
decode function in iptc.cpp of E
CVE-2020-18772
RESERVED
CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in
Exiv2::Internal::Niko ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/756
@@ -240878,7 +240964,7 @@ CVE-2019-17404 (Nokia IMPACT < 18A: allows full
path disclosure ...)
CVE-2019-17403 (Nokia IMPACT < 18A: An unrestricted File Upload
vulnerability was f ...)
NOT-FOR-US: Nokia
CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in
Exiv2::getULong in ...)
- {DLA-2019-1}
+ {DLA-3265-1 DLA-2019-1}
- exiv2 0.27.3-1 (bug #946341)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1019
@@ -250707,6 +250793,7 @@ CVE-2019-14371 (An issue was discovered in Libav
12.3. There is an infinite loop
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1163
NOTE: fixed through CVE-2018-11102 /
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7abf394814d818973db562102f21ab9d10540840
CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in
Exiv2::MrwImage: ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <not-affected> (poc not triggered with asan/valgrind,
different MemIo::seek bound check)
@@ -250714,6 +250801,7 @@ CVE-2019-14370 (In Exiv2 0.27.99.0, there is an
out-of-bounds read in Exiv2::Mrw
NOTE: fixed through CVE-2019-13504
NOTE:
https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
CVE-2019-14369 (Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2
0.27.99.0 all ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <not-affected> (poc not triggered with asan/valgrind,
different MemIo::seek bound check)
@@ -251829,7 +251917,7 @@ CVE-2019-13942 (A vulnerability has been identified
in EN100 Ethernet module DNP
NOT-FOR-US: Siemens
CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions
< V10.0 ...)
NOT-FOR-US: Siemens
-CVE-2019-13940 (A vulnerability has been identified in SIMATIC S7-1200 CPU
family (inc ...)
+CVE-2019-13940 (A vulnerability has been identified in SIMATIC ET 200pro
IM154-8 PN/DP ...)
NOT-FOR-US: Siemens
CVE-2019-13939 (A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2)
(All ve ...)
NOT-FOR-US: Nucleus
@@ -254035,7 +254123,7 @@ CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used
in Nuxt.js before 2.6.2, mis
CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress
allows XSS vi ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2019-13504 (There is an out-of-bounds read in
Exiv2::MrwImage::readMetadata in mrw ...)
- {DLA-1855-1}
+ {DLA-3265-1 DLA-1855-1}
- exiv2 0.27.2-6 (low; bug #932467)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/pull/943 (fuzzer infrastructure)
@@ -255140,6 +255228,7 @@ CVE-2019-13115 (In libssh2 before 1.9.0,
kex_method_diffie_hellman_group_exchang
NOTE: https://github.com/libssh2/libssh2/pull/350
NOTE:
https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598
CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server
to cause ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <not-affected> (HTTP support yet added in 0.25)
@@ -255153,6 +255242,7 @@ CVE-2019-13113 (Exiv2 through 0.27.1 allows an
attacker to cause a denial of ser
NOTE: https://github.com/Exiv2/exiv2/issues/841
NOTE: Negligible security impact
CVE-2019-13112 (A PngChunk::parseChunkContent uncontrolled memory allocation
in Exiv2 ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue, clean exception / local DoS)
@@ -255163,6 +255253,7 @@ CVE-2019-13111 (A WebPImage::decodeChunks integer
overflow in Exiv2 through 0.27
NOTE: https://github.com/Exiv2/exiv2/issues/791
NOTE: https://github.com/Exiv2/exiv2/pull/797/commits
CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and
out-of-bounds read ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue, read segfault)
@@ -274070,7 +274161,7 @@ CVE-2019-6570 (A vulnerability has been identified in
SINEMA Remote Connect Serv
NOT-FOR-US: Siemens
CVE-2019-6569 (The monitor barrier of the affected products insufficiently
blocks dat ...)
NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC CP
1604, S ...)
+CVE-2019-6568 (The webserver of the affected devices contains a vulnerability
that ma ...)
NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
NOT-FOR-US: Siemens
@@ -285944,7 +286035,7 @@ CVE-2018-20098 (There is a heap-based buffer
over-read in Exiv2::Jp2Image::encod
NOTE:
https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
CVE-2018-20097 (There is a SEGV in
Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...)
- {DLA-1691-1}
+ {DLA-3265-1 DLA-1691-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/590
@@ -292071,7 +292162,7 @@ CVE-2018-19537 (TP-Link Archer C5 devices through
V2_160201_US allow remote comm
CVE-2018-19536
RESERVED
CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile
in pngch ...)
- {DLA-1691-1}
+ {DLA-3265-1 DLA-1691-1}
- exiv2 0.27.2-6 (bug #915135)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/428
@@ -293652,7 +293743,7 @@ CVE-2018-19110 (The skin-management feature in tianti
2.3 allows remote authenti
CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass
intended permis ...)
NOT-FOR-US: tianti
CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp
in the PS ...)
- {DLA-1691-1}
+ {DLA-3265-1 DLA-1691-1}
- exiv2 0.27.2-6 (bug #913272)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/426
@@ -293660,7 +293751,7 @@ CVE-2018-19108 (In Exiv2 0.26,
Exiv2::PsdImage::readMetadata in psdimage.cpp in
NOTE:
https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
NOTE:
https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called
from psdi ...)
- {DLA-1691-1}
+ {DLA-3265-1 DLA-1691-1}
- exiv2 0.27.2-6 (low; bug #913273)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/427
@@ -297667,7 +297758,7 @@ CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a
heap-based buffer over-read. T
NOTE: https://github.com/appneta/tcpreplay/issues/484
NOTE:
https://github.com/appneta/tcpreplay/commit/68f67b1a3a4d319543692afb5bd5b191ec984287
CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2
0.26 has e ...)
- {DLA-1691-1}
+ {DLA-3265-1 DLA-1691-1}
- exiv2 0.27.2-6 (low; bug #910060)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/460
@@ -300452,9 +300543,9 @@ CVE-2018-16559 (A vulnerability has been identified
in SIMATIC S7-1500 CPU (All
NOT-FOR-US: Siemens
CVE-2018-16558 (A vulnerability has been identified in SIMATIC S7-1500 CPU
(All versio ...)
NOT-FOR-US: Siemens
-CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 DP V7
CPU family ...)
+CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 H V4.5
and below ...)
NOT-FOR-US: Siemens
-CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 DP V7
CPU family ...)
+CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 H V4.5
and below ...)
NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All
versions < ...)
NOT-FOR-US: Siemens
@@ -320716,6 +320807,7 @@ CVE-2018-8977 (In Exiv2 0.26, the
Exiv2::Internal::printCsLensFFFF function in c
- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only
affected experimental, bug #894179)
NOTE: https://github.com/Exiv2/exiv2/issues/247
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a
denial ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6 (low; bug #903813)
[stretch] - exiv2 <ignored> (Minor issue)
[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
@@ -335663,6 +335755,7 @@ CVE-2017-18007
CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in
the quick ...)
NOT-FOR-US: Extensis Portfolio NetPublish
CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the
Exiv2::DataValue::toL ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6 (low; bug #885981)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -342302,6 +342395,7 @@ CVE-2017-17670 (In VideoLAN VLC media player through
2.2.8, there is a type conv
NOTE: https://www.openwall.com/lists/oss-security/2017/12/15/1
NOTE: POC:
https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
CVE-2017-17669 (There is a heap-based buffer over-read in the
Exiv2::Internal::PngChun ...)
+ {DLA-3265-1}
- exiv2 0.27.2-6 (bug #886006)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -354167,7 +354261,7 @@ CVE-2017-14865 (There is a heap-based buffer overflow
in the Exiv2::us2Data func
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
NOTE: Patch:
https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
CVE-2017-14864 (An Invalid memory address dereference was discovered in
Exiv2::getULon ...)
- {DLA-1147-1}
+ {DLA-3265-1 DLA-1147-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -354180,7 +354274,7 @@ CVE-2017-14863 (A NULL pointer dereference was
discovered in Exiv2::Image::print
NOTE: https://github.com/Exiv2/exiv2/issues/132
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
CVE-2017-14862 (An Invalid memory address dereference was discovered in
Exiv2::DataVal ...)
- {DLA-1147-1}
+ {DLA-3265-1 DLA-1147-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -354198,7 +354292,7 @@ CVE-2017-14860 (There is a heap-based buffer
over-read in the Exiv2::Jp2Image::r
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
CVE-2017-14859 (An Invalid memory address dereference was discovered in
Exiv2::StringV ...)
- {DLA-1147-1}
+ {DLA-3265-1 DLA-1147-1}
- exiv2 0.27.2-6 (low)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -363927,7 +364021,7 @@ CVE-2017-11592 (There is a Mismatched Memory
Management Routines vulnerability i
NOTE: https://github.com/Exiv2/exiv2/issues/56
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType
function i ...)
- {DLA-1147-1}
+ {DLA-3265-1 DLA-1147-1}
- exiv2 0.27.2-6 (low; bug #876893)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd45a7ca533914bd5e0e9986428bf24ca2201d89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd45a7ca533914bd5e0e9986428bf24ca2201d89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
