Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5724df17 by security tracker role at 2023-09-20T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,123 @@ +CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) + TODO: check +CVE-2023-5074 (Use of a static key to protect a JWT token used in user authentication ...) + TODO: check +CVE-2023-5042 (Sensitive information disclosure due to insecure folder permissions. T ...) + TODO: check +CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromi ...) + TODO: check +CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot solution imple ...) + TODO: check +CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201 ...) + TODO: check +CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...) + TODO: check +CVE-2023-43501 (A missing permission check in Jenkins Build Failure Analyzer Plugin 2. ...) + TODO: check +CVE-2023-43500 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...) + TODO: check +CVE-2023-43499 (Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escap ...) + TODO: check +CVE-2023-43498 (In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file ...) + TODO: check +CVE-2023-43497 (In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file ...) + TODO: check +CVE-2023-43496 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary ...) + TODO: check +CVE-2023-43495 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the ...) + TODO: check +CVE-2023-43494 (Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414. ...) + TODO: check +CVE-2023-43478 (fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), fi ...) + TODO: check +CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra ...) + TODO: check +CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_c ...) + TODO: check +CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php ...) + TODO: check +CVE-2023-43375 (Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vul ...) + TODO: check +CVE-2023-43374 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + TODO: check +CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + TODO: check +CVE-2023-43204 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + TODO: check +CVE-2023-43203 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack ov ...) + TODO: check +CVE-2023-43202 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + TODO: check +CVE-2023-43201 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + TODO: check +CVE-2023-43200 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + TODO: check +CVE-2023-43199 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + TODO: check +CVE-2023-43198 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + TODO: check +CVE-2023-43197 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + TODO: check +CVE-2023-43196 (D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack ove ...) + TODO: check +CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...) + TODO: check +CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...) + TODO: check +CVE-2023-43134 (There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3 ...) + TODO: check +CVE-2023-42660 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) + TODO: check +CVE-2023-42656 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) + TODO: check +CVE-2023-42335 (Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and f ...) + TODO: check +CVE-2023-42334 (An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3x ...) + TODO: check +CVE-2023-42331 (A file upload vulnerability in EliteCMS 1.01 allows a remote attacker ...) + TODO: check +CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sens ...) + TODO: check +CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2. ...) + TODO: check +CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...) + TODO: check +CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...) + TODO: check +CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...) + TODO: check +CVE-2023-40930 (Skyworth 3.0 OS is vulnerable to Directory Traversal.) + TODO: check +CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...) + TODO: check +CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...) + TODO: check +CVE-2023-40368 (IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged ...) + TODO: check +CVE-2023-40043 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) + TODO: check +CVE-2023-39052 (An information leak in Earthgarden_waiting 13.6.1 allows attackers to ...) + TODO: check +CVE-2023-39045 (An information leak in kokoroe_members card Line 13.6.1 allows attacke ...) + TODO: check +CVE-2023-39044 (An information leak in ajino-Shiretoko Line v13.6.1 allows attackers t ...) + TODO: check +CVE-2023-39041 (An information leak in KUKURUDELI Line v13.6.1 allows attackers to obt ...) + TODO: check +CVE-2023-38718 (IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose ...) + TODO: check +CVE-2023-37410 (IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a loc ...) + TODO: check +CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 a ...) + TODO: check +CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...) + TODO: check CVE-2023-4504 [Postscript parsing heap-based buffer overflow] - cups <unfixed> [bookworm] - cups <no-dsa> (Minor issue) @@ -8,13 +128,13 @@ CVE-2023-4504 [Postscript parsing heap-based buffer overflow] NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 (v2.4.7) NOTE: Introduced after: https://github.com/OpenPrinting/libppd/commit/fae71641faa2d778e79245b788a90c0cd5d2cb4b (2.0b1) NOTE: Fixed by: https://github.com/OpenPrinting/libppd/commit/262c909ac5b8676d1c221584c5a760e5e83fae66 -CVE-2023-4236 [named may terminate unexpectedly under high DNS-over-TLS query load] +CVE-2023-4236 (A flaw in the networking code handling DNS-over-TLS queries may cause ...) - bind9 <unfixed> [bullseye] - bind9 <not-affected> (Vulnerable code introduced later) [buster] - bind9 <not-affected> (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2023-4236 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/18efa454a98759bf4f3ca806d9a6ef881ff9648d (v9.18.19) -CVE-2023-3341 [A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly] +CVE-2023-3341 (The code that processes control channel messages sent to `named` calls ...) - bind9 <unfixed> NOTE: https://kb.isc.org/docs/cve-2023-3341 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19) @@ -1146,7 +1266,8 @@ CVE-2023-35664 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possi NOT-FOR-US: Android CVE-2023-35658 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible priv ...) NOT-FOR-US: Android -CVE-2023-4881 (A stack based out-of-bounds write flaw was found in the netfilter subs ...) +CVE-2023-4881 + REJECTED - linux <unfixed> NOTE: https://git.kernel.org/linus/fd94d9dadee58e09b49075240fe83423eb1dcd36 (6.6-rc1) CVE-2023-4318 (The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when ...) @@ -1289,14 +1410,14 @@ CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attacke NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1) TODO: to be checked if affects the embedded copy for openmpi CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...) - {DSA-5494-1} + {DSA-5494-1 DLA-3574-1} - mutt 2.2.12-0.1 (bug #1051563) NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel) NOTE: https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6 (mutt-2-2-12-rel) NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1 CVE-2023-4874 (Null pointer dereference when viewing a specially crafted email in Mut ...) - {DSA-5494-1} + {DSA-5494-1 DLA-3574-1} - mutt 2.2.12-0.1 (bug #1051563) NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel) NOTE: https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0 (mutt-2-2-12-rel) @@ -1332,7 +1453,7 @@ CVE-2023-41564 (An arbitrary file upload vulnerability in the Upload Asset funct NOT-FOR-US: Cockpit CMS CVE-2023-40306 (SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps ...) NOT-FOR-US: SAP -CVE-2023-4853 +CVE-2023-4853 (A flaw was found in Quarkus where HTTP security policies are not sanit ...) NOT-FOR-US: Quarkus CVE-2023-4843 (Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection ...) NOT-FOR-US: Pega Platform @@ -3529,6 +3650,7 @@ CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Objec CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...) NOT-FOR-US: Netmaker CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...) + {DLA-3575-1} - python3.12 3.12.0~rc1-2 - python3.11 3.11.5-1 - python3.10 3.10.13-1 @@ -3902,6 +4024,7 @@ CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA sig NOTE: functionality reasons. TODO: check details on upstream fix (in 8.4?) CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...) + {DLA-3575-1} - python3.9 3.9.1~rc1-1 - python3.7 <removed> - python2.7 <removed> @@ -3913,6 +4036,7 @@ CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Pyth NOTE: https://github.com/python/cpython/commit/8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a (v3.6.13) NOTE: https://github.com/python/cpython/issues/84968 CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python through 3. ...) + {DLA-3575-1} - python3.9 3.9.1~rc1-1 - python3.7 <removed> - python2.7 <removed> @@ -3936,6 +4060,7 @@ CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable t NOTE: https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10) NOTE: https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13) CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop in heapq ...) + {DLA-3575-1} - python3.9 <not-affected> (Fixed before initial upload to the archive) - python3.7 3.7.7-1 - python2.7 <removed> @@ -8172,7 +8297,8 @@ CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of t {DSA-5477-1} - samba 2:4.18.5+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html -CVE-2023-42464 +CVE-2023-42464 (A Type Confusion vulnerability was found in the Spotlight RPC function ...) + {DSA-5503-1} - netatalk 3.1.17~ds-1 (bug #1052087) NOTE: https://github.com/Netatalk/netatalk/issues/486 NOTE: https://github.com/Netatalk/netatalk/pull/485 @@ -17285,8 +17411,8 @@ CVE-2023-2264 RESERVED CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...) NOT-FOR-US: Rockwell Automation -CVE-2023-2262 - RESERVED +CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell Automation sele ...) + TODO: check CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) NOT-FOR-US: WP Activity Log plugin for WordPress CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) @@ -33604,8 +33730,8 @@ CVE-2023-0831 (The Under Construction plugin for WordPress is vulnerable to Cros NOT-FOR-US: Under Construction plugin for WordPress CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS 1.1.0 ...) NOT-FOR-US: EasyNAS -CVE-2023-0829 - RESERVED +CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...) + TODO: check CVE-2023-0828 RESERVED CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -37928,8 +38054,7 @@ CVE-2023-0464 (A security vulnerability has been identified in all supported ver NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b (OpenSSL_1_1_1-stable) CVE-2023-0463 (The force offline MFA prompt setting is not respected when switching t ...) NOT-FOR-US: Devolutions Remote Desktop Manager -CVE-2023-0462 - RESERVED +CVE-2023-0462 (An arbitrary code execution flaw was found in Foreman. This issue may ...) - foreman <itp> (bug #663101) CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which can ...) {DLA-3404-1 DLA-3403-1} @@ -38292,6 +38417,7 @@ CVE-2023-24331 CVE-2023-24330 RESERVED CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...) + {DLA-3575-1} - python3.11 3.11.4-1 [bookworm] - python3.11 <no-dsa> (Minor issue) - python3.9 <removed> @@ -42821,8 +42947,7 @@ CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions sta - gitlab <unfixed> CVE-2023-0119 (A stored Cross-site scripting vulnerability was found in foreman. The ...) - foreman <itp> (bug #663101) -CVE-2023-0118 - RESERVED +CVE-2023-0118 (An arbitrary code execution flaw was found in Foreman. This flaw allow ...) - foreman <itp> (bug #663101) CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1 ...) - check-mk <removed> @@ -43589,8 +43714,8 @@ CVE-2023-22646 RESERVED CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...) NOT-FOR-US: kubewarden -CVE-2023-22644 - RESERVED +CVE-2023-22644 (An Innsertion of Sensitive Information into Log File vulnerability in ...) + TODO: check CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...) NOT-FOR-US: SAP CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...) @@ -54514,10 +54639,10 @@ CVE-2022-45450 (Sensitive information disclosure and manipulation due to imprope NOT-FOR-US: Acronis CVE-2022-45449 RESERVED -CVE-2022-45448 - RESERVED -CVE-2022-45447 - RESERVED +CVE-2022-45448 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...) + TODO: check +CVE-2022-45447 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...) + TODO: check CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...) @@ -55532,7 +55657,7 @@ CVE-2022-45190 (An issue was discovered on Microchip RN4870 1.43 devices. An att CVE-2022-45189 RESERVED CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.15~ds-1 (bug #1024021) NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/ NOTE: https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925 @@ -55887,8 +56012,7 @@ CVE-2022-3918 (A program using FoundationNetworking in swift-corelibs-foundation NOT-FOR-US: swift-corelibs-foundation CVE-2022-3917 (Improper access control of bootloader functionwas discovered in Motoro ...) NOT-FOR-US: Motorola -CVE-2022-3916 - RESERVED +CVE-2022-3916 (A flaw was found in the offline_access scope in Keycloak. This issue w ...) NOT-FOR-US: Keycloak CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitise and ...) NOT-FOR-US: WordPress plugin @@ -60369,14 +60493,14 @@ CVE-2023-20599 RESERVED CVE-2023-20598 RESERVED -CVE-2023-20597 - RESERVED +CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...) + TODO: check CVE-2023-20596 RESERVED CVE-2023-20595 RESERVED -CVE-2023-20594 - RESERVED +CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...) + TODO: check CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...) {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1} - linux 6.4.4-2 @@ -62502,7 +62626,7 @@ CVE-2022-43636 (This vulnerability allows network-adjacent attackers to bypass a CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: TP-Link CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.15~ds-1 (bug #1034170) NOTE: https://github.com/Netatalk/Netatalk/pull/186 NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93 @@ -63298,8 +63422,7 @@ CVE-2022-43401 (A sandbox bypass vulnerability involving various casts performed NOT-FOR-US: Jenkins plugin CVE-2022-43400 (A vulnerability has been identified in Siveillance Video Mobile Server ...) NOT-FOR-US: Siveillance Video Mobile Server V2022 R2 -CVE-2022-3596 - RESERVED +CVE-2022-3596 (An information leak was found in OpenStack's undercloud. This flaw all ...) NOT-FOR-US: undercloud CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) - linux <not-affected> (Vulnerable code not in any released version in Debian and upstream) @@ -74664,7 +74787,7 @@ CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All vers NOT-FOR-US: Siemens CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens -CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...) +CVE-2022-39135 (Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRAC ...) NOT-FOR-US: Apache Calcite CVE-2022-39134 (In audio driver, there is a use after free due to a race condition. Th ...) NOT-FOR-US: Unisoc @@ -101847,8 +101970,7 @@ CVE-2022-1440 (Command Injection vulnerability in git-interface@2.1.1 in GitHub NOT-FOR-US: git-interface Nodejs module CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository ...) NOT-FOR-US: microweber -CVE-2022-1438 - RESERVED +CVE-2022-1438 (A flaw was found in Keycloak. Under specific circumstances, HTML entit ...) NOT-FOR-US: Keycloak CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 <unfixed> (bug #1014478) @@ -118549,6 +118671,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218) CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...) + {DLA-3575-1} - python3.9 3.9.7-1 [bullseye] - python3.9 <no-dsa> (Minor issue) - python3.7 <removed> @@ -122287,12 +122410,12 @@ CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux k [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7) CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d @@ -122302,7 +122425,7 @@ CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33 @@ -122313,7 +122436,7 @@ CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d @@ -122323,7 +122446,7 @@ CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c @@ -122369,7 +122492,7 @@ CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEm CVE-2022-21134 (A firmware update vulnerability exists in the "update" firmw ...) NOT-FOR-US: Reolink CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d @@ -168748,7 +168871,7 @@ CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/ CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - {DLA-3426-1} + {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f @@ -189184,7 +189307,7 @@ CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injec [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...) - {DLA-3164-1 DLA-2628-1 DLA-2619-1 DLA-2569-1} + {DLA-3575-1 DLA-3164-1 DLA-2628-1 DLA-2619-1 DLA-2569-1} - python-django 2:2.2.19-1 (bug #983090) - python3.9 3.9.2-1 [buster] - python3.9 <ignored> (Will break existing applications, don't backport to released suites) @@ -276544,8 +276667,8 @@ CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename arg NOTE: Introduced by: https://gitlab.gnome.org/GNOME/dia/commit/9a5f438d4b3e718c8ab0efe01d08ee2c3a0d9a86 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/dia/commit/baa2df853f9fb770eedcf3d94c7f5becebc90bb9 NOTE: Negligible security impact, hang in end user tool -CVE-2019-19450 - RESERVED +CVE-2019-19450 (paraparser in ReportLab before 3.5.31 allows remote code execution bec ...) + TODO: check CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux <unfixed> [bookworm] - linux <postponed> (Minor issue, revisit once fixed upstream) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5724df17796a64eaebba352cbd380715c5f4be78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5724df17796a64eaebba352cbd380715c5f4be78 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits