Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ce32759 by Moritz Muehlenhoff at 2023-10-13T16:18:35+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub
repository froxlor/
CVE-2023-5563 (The SJA1000 CAN controller driver backend automatically attempt
to rec ...)
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in
the sand ...)
- - tracker-miners <unfixed>
+ - tracker-miners <unfixed> (bug #1053881)
NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277
NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480
CVE-2023-4562 (Improper Authentication vulnerability in Mitsubishi Electric
Corporati ...)
@@ -47,9 +47,9 @@ CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub
repository frappe/
CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a
financia ...)
NOT-FOR-US: LINE
CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including
20230618. ...)
- - libjson-java <unfixed>
- - jenkins-json <unfixed>
- - libjettison-java <unfixed>
+ - libjson-java <unfixed> (bug #1053882)
+ - jenkins-json <unfixed> (bug #1053883)
+ - libjettison-java <unfixed> (bug #1053884)
NOTE: https://github.com/stleary/JSON-java/issues/758
NOTE: https://github.com/stleary/JSON-java/issues/771
NOTE: https://github.com/stleary/JSON-java/pull/772/
@@ -58,7 +58,7 @@ CVE-2023-5046 (Improper Neutralization of Special Elements
used in an SQL Comman
CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Kayisi
CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js.
Prior t ...)
- - node-undici <unfixed>
+ - node-undici <unfixed> (bug #1053879)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
NOTE:
https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
@@ -68,7 +68,7 @@ CVE-2023-45138 (Change Request is an pplication allowing
users to request change
NOT-FOR-US: XWiki addon
CVE-2023-45133 (Babel is a compiler for writingJavaScript. In
`@babel/traverse` prior ...)
- node-babel <removed>
- - node-babel7 <unfixed>
+ - node-babel7 <unfixed> (bug #1053880)
NOTE: github.com:
https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
NOTE: github.com: https://github.com/babel/babel/pull/16033
NOTE: github.com:
https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
@@ -183,7 +183,7 @@ CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race
Condition vulnerabilit
CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the
'file copy' ...)
NOT-FOR-US: Juniper
CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local
attacker to ca ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1053878)
NOTE: https://github.com/gpac/gpac/issues/2567
NOTE:
https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06
CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to
gain pr ...)
@@ -193,16 +193,16 @@ CVE-2023-40829 (There is an interface unauthorized access
vulnerability in the b
CVE-2023-3781 (there is a possible use-after-free write due to improper
locking. This ...)
NOT-FOR-US: Android
CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This
leads to ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23391
CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23230
CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer
overflow ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23390
CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in
the Maps ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23389
CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
- vim <unfixed> (unimportant)
@@ -212,7 +212,7 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim
prior to v9.0.2010.)
CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu
prior to v ...)
NOT-FOR-US: KernelSU
CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.2.2.)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1053878)
NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
NOTE:
https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
CVE-2023-4957 (A vulnerability of authentication bypass has been found on a
Zebra Tec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ce3275945321d029103c1bc0f980b2dcf370338
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ce3275945321d029103c1bc0f980b2dcf370338
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
