Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43b211c2 by security tracker role at 2023-06-21T08:11:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-3339 (A vulnerability has been found in code-projects Agro-School
Management ...)
+ TODO: check
+CVE-2023-34340 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
+ TODO: check
CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees
System ...)
NOT-FOR-US: SourceCodester Online School Fees System
CVE-2023-3337 (A vulnerability was found in PuneethReddyHC Online Shopping
System Adv ...)
@@ -2306,6 +2310,7 @@ CVE-2023-2979 (A vulnerability classified as critical has
been found in Abstrium
CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has
been r ...)
NOT-FOR-US: Abstrium Pydio Cells
CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a
buffer ...)
+ {DLA-3463-1}
- opensc 0.23.0-0.3 (bug #1037021)
[bullseye] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/issues/2785
@@ -3338,6 +3343,7 @@ CVE-2023-2765 (A vulnerability has been found in Weaver
OA up to 9.5 and classif
CVE-2023-2756 (SQL Injection in GitHub repository
pimcore/customer-data-framework pri ...)
NOT-FOR-US: pimcore
CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions
up to, ...)
+ {DLA-3462-1}
- wordpress 6.2.1+dfsg1-1 (bug #1036296)
[bookworm] - wordpress <postponed> (Minor issue, fix along in future
update)
[bullseye] - wordpress <postponed> (Minor issue, fix along in future
update)
@@ -41283,7 +41289,7 @@ CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware
Version 016 2020 is vulner
NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware
CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App
before v2.9.1 ...)
NOT-FOR-US: Joplin Desktop App
-CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.)
+CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.
NOTE: t ...)
NOT-FOR-US: ComponentSpace.Saml2
CVE-2022-45596
RESERVED
@@ -99450,8 +99456,8 @@ CVE-2022-25885 (The package muhammara before 2.6.0; all
versions of package humm
NOT-FOR-US: Muhammara Nodejs module
CVE-2022-25884
RESERVED
-CVE-2022-25883
- RESERVED
+CVE-2022-25883 (Versions of the package semver before 7.5.2 are vulnerable to
Regular ...)
+ TODO: check
CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to
Directory ...)
NOT-FOR-US: onnx
CVE-2022-25881 (This affects versions of the package http-cache-semantics
before 4.1.1 ...)
@@ -125227,6 +125233,7 @@ CVE-2021-42784 (OS Command Injection vulnerability in
debug_fcgi of D-Link DWR-9
CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in
debug_po ...)
NOT-FOR-US: D-Link
CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before
version 0.22. ...)
+ {DLA-3463-1}
- opensc 0.22.0-1
[bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
@@ -125237,6 +125244,7 @@ CVE-2021-42782 (Stack buffer overflow issues were
found in Opensc before version
NOTE:
https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14
(0.22.0-rc1)
NOTE:
https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3
(0.22.0)
CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before
version 0.22.0 ...)
+ {DLA-3463-1}
- opensc 0.22.0-1
[bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
@@ -125247,6 +125255,7 @@ CVE-2021-42781 (Heap buffer overflow issues were
found in Opensc before version
NOTE:
https://github.com/OpenSC/OpenSC/commit/5d4daf6c92e4668f5458f380f3cacea3e879d91a
(0.22.0-rc1)
NOTE:
https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90
(0.22.0-rc1)
CVE-2021-42780 (A use after return issue was found in Opensc before version
0.22.0 in ...)
+ {DLA-3463-1}
- opensc 0.22.0-1
[bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
@@ -125254,6 +125263,7 @@ CVE-2021-42780 (A use after return issue was found in
Opensc before version 0.22
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139
CVE-2021-42779 (A heap use after free issue was found in Opensc before version
0.22.0 ...)
+ {DLA-3463-1}
- opensc 0.22.0-1
[bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
@@ -232297,7 +232307,7 @@ CVE-2020-12764 (Gnuteca 3.8 allows
file.php?folder=/&file= Directory Traversal.)
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is
vulnerable t ...)
NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds
write vi ...)
- {DSA-4741-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
+ {DSA-4741-1 DLA-3461-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
- json-c 0.13.1+dfsg-8 (bug #960326)
- libfastjson 1.2304.0-1 (bug #1035302)
[bullseye] - libfastjson <no-dsa> (Minor issue)
@@ -305668,6 +305678,7 @@ CVE-2019-6504 (Insufficient output sanitization in
the Automic Web Interface (AW
CVE-2019-6503 (There is a deserialization vulnerability in Chatopera cosin
v3.10.0. A ...)
NOT-FOR-US: Chatopera cosin
CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a
memory ...)
+ {DLA-3463-1}
- opensc 0.20.0-1 (unimportant)
NOTE: https://github.com/OpenSC/OpenSC/issues/1586
NOTE:
https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9
(0.20.0-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b211c20daf81b9d31aa0d9121766e6507a03f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b211c20daf81b9d31aa0d9121766e6507a03f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
