Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86e28370 by security tracker role at 2023-07-22T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified
as crit ...)
+ TODO: check
+CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_fw ...)
+ TODO: check
+CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's
net/sched: ...)
+ TODO: check
+CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
+ TODO: check
+CVE-2023-3609 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_u3 ...)
+ TODO: check
+CVE-2023-37918 (Dapr is a portable, event-driven, runtime for building
distributed app ...)
+ TODO: check
+CVE-2023-37917 (KubePi is an opensource kubernetes management panel. A normal
user has ...)
+ TODO: check
+CVE-2023-37916 (KubePi is an opensource kubernetes management panel. The
endpoint /kub ...)
+ TODO: check
+CVE-2023-35077 (An out-of-bounds write vulnerability on windows operating
systems caus ...)
+ TODO: check
CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -8150,7 +8168,8 @@ CVE-2023-31566 (Podofo v0.10.0 was discovered to contain
a heap-use-after-free v
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/podofo/podofo/issues/70
-CVE-2023-31557 (xpdf pdfimages v4.04 was discovered to contain a stack
overflow in the ...)
+CVE-2023-31557
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2023-31556 (podofoinfo 0.10.0 was discovered to contain a segmentation
violation v ...)
- libpodofo <not-affected> (Vulnerable code not present)
@@ -8162,7 +8181,8 @@ CVE-2023-31555 (podofoinfo 0.10.0 was discovered to
contain a segmentation viola
NOTE: https://github.com/podofo/podofo/issues/67
NOTE: Fixed by:
https://github.com/podofo/podofo/commit/3759eb6aae7c01f2d8670f16ac46f5e116c7f468
NOTE: Introduced by:
https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184
-CVE-2023-31554 (xpdf pdfimages v4.04 was discovered to contain a stack
overflow in the ...)
+CVE-2023-31554
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2023-31471 (An issue was discovered on GL.iNet devices before 3.216.
Through the s ...)
NOT-FOR-US: GL.iNet devices
@@ -17177,8 +17197,8 @@ CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds
smartcard keys to ssh-agent w
[bookworm] - openssh <no-dsa> (Minor issue)
[bullseye] - openssh <not-affected> (Vulnerable code introduced later;
per-hop desination constraints support added in OpenSSH 8.9)
[buster] - openssh <not-affected> (Vulnerable code introduced later;
per-hop desination constraints support added in OpenSSH 8.9)
-CVE-2023-28530
- RESERVED
+CVE-2023-28530 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored
cross-site ...)
+ TODO: check
CVE-2023-28529 (IBM InfoSphere Information Server 11.7 is vulnerable to stored
cross-s ...)
NOT-FOR-US: IBM
CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
@@ -20173,7 +20193,8 @@ CVE-2023-27657
RESERVED
CVE-2023-27656
RESERVED
-CVE-2023-27655 (xpdf v4.04 was discovered to contain a stack overflow in the
component ...)
+CVE-2023-27655
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an
attacker t ...)
NOT-FOR-US: WHO
@@ -22157,15 +22178,20 @@ CVE-2023-26940
RESERVED
CVE-2023-26939
RESERVED
-CVE-2023-26938 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+CVE-2023-26938
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26937 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+CVE-2023-26937
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26936 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+CVE-2023-26936
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26935 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+CVE-2023-26935
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26934 (An issue found in XPDF v.4.04 allows an attacker to cause a
denial of ...)
+CVE-2023-26934
+ REJECTED
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2023-26933
RESERVED
@@ -24898,8 +24924,8 @@ CVE-2023-25931 (Medtronic identified that the Pelvic
Health clinician apps, whic
NOT-FOR-US: Pelvic Health clinician apps
CVE-2023-25930 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.1 ...)
NOT-FOR-US: IBM
-CVE-2023-25929
- RESERVED
+CVE-2023-25929 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site
scripti ...)
+ TODO: check
CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
NOT-FOR-US: IBM
CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3,
10.0.4, and ...)
@@ -27441,7 +27467,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a
critical injection vulnerab
NOT-FOR-US: Apache sling-org-apache-sling-jcr-base
CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient
random bytes in HTTP Digest authentication for SOAP]
+CVE-2023-3247 (In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.*
before ...)
{DSA-5425-1 DSA-5424-1 DLA-3458-1}
- php8.2 8.2.7-1
- php7.4 <removed>
@@ -43784,22 +43810,22 @@ CVE-2022-46305 (ChangingTec ServiSign component has a
path traversal vulnerabili
NOT-FOR-US: ChangingTec ServiSign
CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for
special ...)
NOT-FOR-US: ChangingTec ServiSign
-CVE-2022-46295
- RESERVED
-CVE-2022-46294
- RESERVED
-CVE-2022-46293
- RESERVED
-CVE-2022-46292
- RESERVED
-CVE-2022-46291
- RESERVED
-CVE-2022-46290
- RESERVED
-CVE-2022-46289
- RESERVED
-CVE-2022-46280
- RESERVED
+CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
+ TODO: check
+CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
+ TODO: check
+CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
+ TODO: check
+CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
+ TODO: check
+CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
+ TODO: check
+CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA
format ...)
+ TODO: check
+CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA
format ...)
+ TODO: check
+CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS
format ...)
+ TODO: check
CVE-2022-46278
RESERVED
CVE-2022-46277
@@ -43836,18 +43862,18 @@ CVE-2022-44615
RESERVED
CVE-2022-44453
RESERVED
-CVE-2022-44451
- RESERVED
+CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI
format ...)
+ TODO: check
CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro
Word Pro ...)
NOT-FOR-US: Ichitaro
CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll
RecvPac ...)
NOT-FOR-US: WellinTech KingHistorian
CVE-2022-43503
REJECTED
-CVE-2022-43467
- RESERVED
-CVE-2022-42885
- RESERVED
+CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format
coord_fi ...)
+ TODO: check
+CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO
format ...)
+ TODO: check
CVE-2022-42489
RESERVED
CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to
15.4.6, ...)
@@ -43928,8 +43954,8 @@ CVE-2022-4180 (Use after free in Mojo in Google Chrome
prior to 108.0.5359.71 al
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-41795
RESERVED
-CVE-2022-41793
- RESERVED
+CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format
title fu ...)
+ TODO: check
CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71
allowe ...)
{DSA-5293-1}
- chromium 108.0.5359.71-1
@@ -43967,8 +43993,8 @@ CVE-2022-4172 (An integer overflow and buffer overflow
issues were found in the
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/
CVE-2022-40973
RESERVED
-CVE-2022-37331
- RESERVED
+CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian
format ori ...)
+ TODO: check
CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All
versions < V2 ...)
NOT-FOR-US: Siemens
CVE-2022-46264
@@ -54078,8 +54104,8 @@ CVE-2022-3649 (A vulnerability was found in Linux
Kernel. It has been classified
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE:
https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
-CVE-2022-43607
- RESERVED
+CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format
attribu ...)
+ TODO: check
CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the
Forward Ope ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2022-43605 (An out-of-bounds write vulnerability exists in the
SetAttributeList at ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e283703d8172715dac891699b43038f3d57132
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e283703d8172715dac891699b43038f3d57132
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
