Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
433b2294 by Moritz Muehlenhoff at 2023-07-14T23:51:27+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75,13 +75,13 @@ CVE-2023-2975 (Issue summary: The AES-SIV cipher
implementation contains a bug t
CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository
froxlor/f ...)
- froxlor <itp> (bug #581792)
CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial
of ser ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1041101)
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164
CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to
3.6.14 ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1041101)
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html
@@ -97,13 +97,13 @@ CVE-2023-37849 (A DLL hijacking vulnerability in Panda
Security VPN for Windows
CVE-2023-37839 (An arbitrary file upload vulnerability in
/dede/file_manage_control.ph ...)
NOT-FOR-US: Dede CMS
CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer
overflo ...)
- - libjpeg <unfixed>
+ - libjpeg <unfixed> (bug #1041103)
[bookworm] - libjpeg <no-dsa> (Minor issue)
[bullseye] - libjpeg <no-dsa> (Minor issue)
NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG0
NOTE: Fixed by:
https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e
CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable
assertion ...)
- - libjpeg <unfixed>
+ - libjpeg <unfixed> (bug #1041103)
[bookworm] - libjpeg <no-dsa> (Minor issue)
[bullseye] - libjpeg <no-dsa> (Minor issue)
NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG1
@@ -175,16 +175,16 @@ CVE-2023-37744 (Maid Hiring Management System v1.0 was
discovered to contain a c
CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject
Allocati ...)
NOT-FOR-US: Teacher Subject Allocation System
CVE-2023-37463 (cmark-gfm is an extended version of the C reference
implementation of ...)
- - cmark-gfm <unfixed>
+ - cmark-gfm <unfixed> (bug #1041097)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
- - python-cmarkgfm <unfixed>
+ - python-cmarkgfm <unfixed> (bug #1041098)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed>
+ - r-cran-commonmark <unfixed> (bug #1041099)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
- - ruby-commonmarker <unfixed>
+ - ruby-commonmarker <unfixed> (bug #1041100)
[bookworm] - ruby-commonmarker <no-dsa> (Minor issue)
[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE:
https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5
@@ -231,18 +231,18 @@ CVE-2023-3342 (The User Registration plugin for WordPress
is vulnerable to arbit
CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: PlatPlay DSr
CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through
3.3.4 does n ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #1041109)
NOTE: https://github.com/coreruleset/coreruleset/issues/3191
NOTE: https://github.com/coreruleset/coreruleset/pull/3237
CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote
server via ...)
NOT-FOR-US: acme.sh
CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before
6.2.10, and 6 ...)
- - qt6-base <unfixed>
+ - qt6-base <unfixed> (bug #1041104)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- - qtbase-opensource-src-gles <unfixed>
+ - qtbase-opensource-src-gles <unfixed> (bug #1041106)
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- - qtbase-opensource-src <unfixed>
+ - qtbase-opensource-src <unfixed> (bug #1041105)
[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
@@ -529,7 +529,7 @@ CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is
vulnerable to Stored
CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to
time-based SQL I ...)
NOT-FOR-US: WP EasyCart plugin for WordPress
CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()]
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1041102)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243
NOTE: Proposed upstream patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html
CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site
Request ...)
@@ -565,7 +565,7 @@ CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was
discovered to contain
NOTE: https://github.com/gpac/gpac/issues/2505
NOTE:
https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483
CVE-2023-32200 (There is insufficient restrictions of called script functions
in Apach ...)
- - apache-jena <unfixed>
+ - apache-jena <unfixed> (bug #1041108)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11
CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to
unauth ...)
NOT-FOR-US: WP-Members Membership plugin for WordPress
@@ -1044,7 +1044,7 @@ CVE-2023-2746 (The Rockwell Automation Enhanced HIM
software contains an API t
CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark
Innovationsis affect ...)
NOT-FOR-US: Rockwell
CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x
through ...)
- - opendkim <unfixed>
+ - opendkim <unfixed> (bug #1041107)
NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability
where an au ...)
- airflow <itp> (bug #819700)
@@ -1206,19 +1206,19 @@ CVE-2023-35697 (Improper Restriction of Excessive
Authentication Attempts in the
CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an
unauthen ...)
NOT-FOR-US: SICK
CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the
lsx_read ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1041110)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291
NOTE: https://sourceforge.net/p/sox/bugs/367/
CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to
1.0.7 con ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the
startrea ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1041111)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283
NOTE: https://sourceforge.net/p/sox/bugs/368/
CVE-2023-34316 (An attacker could bypass the latest Delta Electronics
InfraSuite Devic ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-32627 (A floating point exception vulnerability was found in sox, in
the read ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1041112)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
NOTE: https://sourceforge.net/p/sox/bugs/369/
CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to
1.0.7 con ...)
@@ -1242,7 +1242,7 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin
through 3.3 does not imp
CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26590 (A floating point exception vulnerability was found in sox, in
the lsx_ ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1041113)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279
NOTE: https://sourceforge.net/p/sox/bugs/370/
CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified
as critic ...)
@@ -1841,6 +1841,7 @@ CVE-2023-2320 (The CF7 Google Sheets Connector WordPress
plugin before 5.0.2, cf
CVE-2023-36813 (Kanboard is project management software that focuses on the
Kanban met ...)
- kanboard 1.2.31+ds-1 (bug #1040265)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
+ NOTE:
https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in
Google Chr ...)
NOT-FOR-US: Chrome OS
CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted
passwo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433b22941315f47b280276d98fe4743b82b71343
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433b22941315f47b280276d98fe4743b82b71343
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
