Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7b544b6 by Moritz Muehlenhoff at 2023-04-22T19:37:50+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1742,15 +1742,15 @@ CVE-2023-1998 (The Linux kernel allows userspace
processes to enable mitigations
CVE-2023-1995
RESERVED
CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to
3.6.12 ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0
to 3.6 ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0
to 3.6. ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html
CVE-2023-1991
@@ -9414,7 +9414,7 @@ CVE-2023-1257 (An attacker with physical access to the
affected Moxa UC Series d
CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry
Server ar ...)
NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server
CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for
64 bit ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb
@@ -12023,7 +12023,7 @@ CVE-2023-26966
CVE-2023-26965
RESERVED
CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream
stacking occ ...)
- - rust-h2 <unfixed>
+ - rust-h2 <unfixed> (bug #1034723)
NOTE: https://github.com/hyperium/hyper/issues/2877
NOTE:
https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39
(v0.3.17)
CVE-2023-26963
@@ -12126,7 +12126,7 @@ CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5
is vulnerable to sandbox
CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to
escalate privil ...)
NOT-FOR-US: Diasoft File Replication Pro
CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a
NULL poin ...)
- - libyang2 <unfixed>
+ - libyang2 <unfixed> (bug #1034724)
[bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1987
NOTE:
https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090
(v2.1.55)
@@ -17497,7 +17497,7 @@ CVE-2023-0647 (A vulnerability, which was classified as
critical, has been found
CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin
1.5.0. A ...)
NOT-FOR-US: dst-admin
CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a
specifical ...)
- - jpeg-xl <unfixed>
+ - jpeg-xl <unfixed> (bug #1034722)
NOTE:
https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
@@ -19259,7 +19259,7 @@ CVE-2023-0468 (A use-after-free flaw was found in
io_uring/poll.c in io_poll_che
CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not
properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to
implicit ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
@@ -19267,7 +19267,7 @@ CVE-2023-0466 (The function
X509_VERIFY_PARAM_add0_policy() is documented to imp
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
(OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying
certificates ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
@@ -19275,7 +19275,7 @@ CVE-2023-0465 (Applications that use a non-default
option when verifying certifi
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
(OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported
versions ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
@@ -28774,19 +28774,19 @@ CVE-2023-21984 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
CVE-2023-21983
RESERVED
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21975
RESERVED
CVE-2023-21974
@@ -28794,7 +28794,7 @@ CVE-2023-21974
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
NOT-FOR-US: MySQL Connector for Java
CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
@@ -28810,7 +28810,7 @@ CVE-2023-21967 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
@@ -28818,7 +28818,7 @@ CVE-2023-21964 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21961
RESERVED
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
@@ -28832,13 +28832,13 @@ CVE-2023-21957
CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21951
@@ -28850,11 +28850,11 @@ CVE-2023-21949
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and
Provisioning) ...)
NOT-FOR-US: Oracle
CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and
Provisioning) ...)
@@ -28864,7 +28864,7 @@ CVE-2023-21942 (Vulnerability in Oracle Essbase
(component: Security and Provisi
CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
@@ -28880,11 +28880,11 @@ CVE-2023-21937 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database
Server. Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property
Services prod ...)
NOT-FOR-US: Oracle
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
@@ -28894,7 +28894,7 @@ CVE-2023-21930 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
@@ -28912,9 +28912,9 @@ CVE-2023-21922 (Vulnerability in the Oracle Health
Sciences InForm product of Or
CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
NOT-FOR-US: Oracle
CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager
component of Ora ...)
NOT-FOR-US: Oracle
CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -28930,7 +28930,7 @@ CVE-2023-21913 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-21912 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.31-1
CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM
(componen ...)
@@ -108338,7 +108338,7 @@ CVE-2021-45425 (Reflected Cross Site Scripting (XSS)
in SAFARI Montage versions
CVE-2021-45424
RESERVED
CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the
pe_exports f ...)
- - pev <unfixed>
+ - pev <unfixed> (bug #1034725)
NOTE: https://github.com/merces/libpe/issues/35
NOTE:
https://github.com/merces/libpe/commit/9b5fedc37ccbcd23695a0e97c0fe46c999e26100
NOTE:
https://github.com/merces/libpe/commit/8960f7d710c4d1a43badd2bbf273721248b864f8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7b544b62bcfb1cf33e81e68ee30e28600159819
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7b544b62bcfb1cf33e81e68ee30e28600159819
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
