Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5044562a by Moritz Muehlenhoff at 2023-08-09T20:07:53+02:00
NFUs
- - - - -
1b4d0128 by Moritz Muehlenhoff at 2023-08-09T20:07:54+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -100,7 +100,7 @@ CVE-2023-39532 (SES is a JavaScript environment that allows
safe execution of ar
CVE-2023-39518 (social-media-skeleton is an uncompleted social media project
implement ...)
TODO: check
CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39342 (Dangerzone is software for converting potentially dangerous
PDFs, offi ...)
TODO: check
CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
@@ -112,21 +112,21 @@ CVE-2023-39217 (Improper input validation in Zoom
SDK\u2019s before 5.14.10 may
CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows
before 5. ...)
NOT-FOR-US: Zoom
CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit
sensitiv ...)
NOT-FOR-US: ASUS
CVE-2023-38815
@@ -164,37 +164,37 @@ CVE-2023-38759 (Cross Site Request Forgery (CSRF)
vulnerability in wger Project
CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger
Workout Manage ...)
TODO: check
CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions <
V14.2.0.5 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions <
V14.2.0.5 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant
Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Syntacti ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability)
@@ -476,13 +476,14 @@ CVE-2023-4155
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a
CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3)
- - vim <unfixed>
+ - vim <unfixed> (unimportant)
[buster] - vim <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/vim/vim/issues/12528
NOTE: https://github.com/vim/vim/pull/12540
NOTE: Introduced by:
https://github.com/vim/vim/commit/361895d2a15b4b0bbbb4c009261eab5b3d69ebf1
(v9.0.0908)
NOTE:
https://github.com/vim/vim/commit/8154e642aa476e1a5d3de66c34e8289845b2b797
(v9.0.1664)
NOTE:
https://github.com/vim/vim/commit/e42989374144a63d986b878618aeac328e35ac3b
(v9.0.1667)
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-3671 (The MultiParcels Shipping For WooCommerce WordPress plugin
before 1.15 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3650 (The Bubble Menu WordPress plugin before 3.0.5 does not sanitize
and es ...)
@@ -561,6 +562,8 @@ CVE-2023-36220 (Directory Traversal vulnerability in
Textpattern CMS v4.8.8 allo
NOT-FOR-US: Textpattern CMS
CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before
1.20.2 an ...)
- krb5 <unfixed>
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE:
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
@@ -2170,6 +2173,9 @@ CVE-2023-3248 (The All-in-one Floating Contact Form
WordPress plugin before 2.1.
NOT-FOR-US: WordPress plugin
CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType
parameter f ...)
- znuny 6.5.3-1
+ [bookworm] - znuny <no-dsa> (Minor issue)
+ - otrs2 <removed>
+ [bullseye] - otrs2 <no-dsa> (Minor issue)
NOTE:
https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836
CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in
the agen ...)
NOT-FOR-US: OTRS
@@ -46332,27 +46338,43 @@ CVE-2022-46304 (ChangingTec ServiSign component has
insufficient filtering for s
NOT-FOR-US: ChangingTec ServiSign
CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA
format ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA
format ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS
format ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670
CVE-2022-46278
RESERVED
@@ -46392,6 +46414,8 @@ CVE-2022-44453
RESERVED
CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI
format ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669
CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro
Word Pro ...)
NOT-FOR-US: Ichitaro
@@ -46401,9 +46425,13 @@ CVE-2022-43503
REJECTED
CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format
coord_fi ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671
CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO
format ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668
CVE-2022-42489
RESERVED
@@ -46487,6 +46515,8 @@ CVE-2022-41795
RESERVED
CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format
title fu ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667
CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71
allowe ...)
{DSA-5293-1}
@@ -46527,6 +46557,8 @@ CVE-2022-40973
RESERVED
CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian
format ori ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672
CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All
versions < V2 ...)
NOT-FOR-US: Siemens
@@ -54466,11 +54498,11 @@ CVE-2023-20590
CVE-2023-20589 (An attacker with specialized hardware and physical access to
an impact ...)
TODO: check
CVE-2023-20588 (A division-by-zero error on some AMD processors can
potentially return ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20587
RESERVED
CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122
Software Crimso ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20585
RESERVED
CVE-2023-20584
@@ -56670,6 +56702,8 @@ CVE-2022-3649 (A vulnerability was found in Linux
Kernel. It has been classified
NOTE:
https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format
attribu ...)
- openbabel <unfixed>
+ [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bullseye] - openbabel <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664
CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the
Forward Ope ...)
NOT-FOR-US: EIP Stack Group OpENer
@@ -65276,7 +65310,7 @@ CVE-2022-40512 (Transient DOS in WLAN Firmware due to
buffer over-read while pro
CVE-2022-40511
RESERVED
CVE-2022-40510 (Memory corruption due to buffer copy without checking size of
input in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40509
RESERVED
CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while
processing con ...)
@@ -68879,7 +68913,7 @@ CVE-2022-39064 (An attacker sending a single malformed
IEEE 802.15.4 (Zigbee) fr
CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment
Request, it sto ...)
NOT-FOR-US: Open5GS UPF
CVE-2022-39062 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a
vulnerability of Out ...)
NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a
vulnerability of imp ...)
@@ -136785,7 +136819,7 @@ CVE-2021-41546 (A vulnerability has been identified
in RUGGEDCOM ROX MX5000 (All
CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All
versions < V01 ...)
NOT-FOR-US: Siemens
CVE-2021-41544 (A vulnerability has been identified in Siemens Software Center
(All ve ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
NOT-FOR-US: Siemens
CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
@@ -231070,7 +231104,7 @@ CVE-2020-15783 (A vulnerability has been identified
in SIMATIC S7-300 CPU family
CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
NOT-FOR-US: Siemens
CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for
SICAM A8 ...)
- NOT-FOR-US: SICAM
+ NOT-FOR-US: Siemens
CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file
package th ...)
NOT-FOR-US: Node socket.io-file
CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the
Linux k ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4b21c5fbfaebdf2d20fc5eb1d3de973f86bcdf5e...1b4d0128ee1c4c60e4b375211bd8ec3adb6ee6a7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4b21c5fbfaebdf2d20fc5eb1d3de973f86bcdf5e...1b4d0128ee1c4c60e4b375211bd8ec3adb6ee6a7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
