Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5044562a by Moritz Muehlenhoff at 2023-08-09T20:07:53+02:00 NFUs - - - - - 1b4d0128 by Moritz Muehlenhoff at 2023-08-09T20:07:54+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -100,7 +100,7 @@ CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of ar CVE-2023-39518 (social-media-skeleton is an uncompleted social media project implement ...) TODO: check CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...) TODO: check CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) @@ -112,21 +112,21 @@ CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) NOT-FOR-US: Zoom CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...) NOT-FOR-US: ASUS CVE-2023-38815 @@ -164,37 +164,37 @@ CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) TODO: check CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability) @@ -476,13 +476,14 @@ CVE-2023-4155 [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3) - - vim <unfixed> + - vim <unfixed> (unimportant) [buster] - vim <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/vim/vim/issues/12528 NOTE: https://github.com/vim/vim/pull/12540 NOTE: Introduced by: https://github.com/vim/vim/commit/361895d2a15b4b0bbbb4c009261eab5b3d69ebf1 (v9.0.0908) NOTE: https://github.com/vim/vim/commit/8154e642aa476e1a5d3de66c34e8289845b2b797 (v9.0.1664) NOTE: https://github.com/vim/vim/commit/e42989374144a63d986b878618aeac328e35ac3b (v9.0.1667) + NOTE: Crash in CLI tool, no security impact CVE-2023-3671 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) NOT-FOR-US: WordPress plugin CVE-2023-3650 (The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and es ...) @@ -561,6 +562,8 @@ CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 allo NOT-FOR-US: Textpattern CMS CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...) - krb5 <unfixed> + [bookworm] - krb5 <no-dsa> (Minor issue) + [bullseye] - krb5 <no-dsa> (Minor issue) NOTE: https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check @@ -2170,6 +2173,9 @@ CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1. NOT-FOR-US: WordPress plugin CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...) - znuny 6.5.3-1 + [bookworm] - znuny <no-dsa> (Minor issue) + - otrs2 <removed> + [bullseye] - otrs2 <no-dsa> (Minor issue) NOTE: https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836 CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...) NOT-FOR-US: OTRS @@ -46332,27 +46338,43 @@ CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for s NOT-FOR-US: ChangingTec ServiSign CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670 CVE-2022-46278 RESERVED @@ -46392,6 +46414,8 @@ CVE-2022-44453 RESERVED CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669 CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...) NOT-FOR-US: Ichitaro @@ -46401,9 +46425,13 @@ CVE-2022-43503 REJECTED CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668 CVE-2022-42489 RESERVED @@ -46487,6 +46515,8 @@ CVE-2022-41795 RESERVED CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667 CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) {DSA-5293-1} @@ -46527,6 +46557,8 @@ CVE-2022-40973 RESERVED CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672 CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens @@ -54466,11 +54498,11 @@ CVE-2023-20590 CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...) TODO: check CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20587 RESERVED CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20585 RESERVED CVE-2023-20584 @@ -56670,6 +56702,8 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09 CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...) - openbabel <unfixed> + [bookworm] - openbabel <no-dsa> (Minor issue) + [bullseye] - openbabel <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664 CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...) NOT-FOR-US: EIP Stack Group OpENer @@ -65276,7 +65310,7 @@ CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while pro CVE-2022-40511 RESERVED CVE-2022-40510 (Memory corruption due to buffer copy without checking size of input in ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40509 RESERVED CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while processing con ...) @@ -68879,7 +68913,7 @@ CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) fr CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...) NOT-FOR-US: Open5GS UPF CVE-2022-39062 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a vulnerability of Out ...) NOT-FOR-US: ChangingTech MegaServiSignAdapter CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a vulnerability of imp ...) @@ -136785,7 +136819,7 @@ CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2021-41544 (A vulnerability has been identified in Siemens Software Center (All ve ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) NOT-FOR-US: Siemens CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) @@ -231070,7 +231104,7 @@ CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...) - NOT-FOR-US: SICAM + NOT-FOR-US: Siemens CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...) NOT-FOR-US: Node socket.io-file CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4b21c5fbfaebdf2d20fc5eb1d3de973f86bcdf5e...1b4d0128ee1c4c60e4b375211bd8ec3adb6ee6a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4b21c5fbfaebdf2d20fc5eb1d3de973f86bcdf5e...1b4d0128ee1c4c60e4b375211bd8ec3adb6ee6a7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits