Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b6866ff by Salvatore Bonaccorso at 2023-11-16T10:46:34+01:00
Process some NFUs
- - - - -
84d36b1c by Salvatore Bonaccorso at 2023-11-16T10:46:35+01:00
Add CVE-2023-47471/libde265
- - - - -
cd7e4dc0 by Salvatore Bonaccorso at 2023-11-16T10:47:34+01:00
Add CVE-2023-47470/ffmpeg
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,13 +23,18 @@ CVE-2023-48198 (Cross Site Scripting vulnerability in Grocy
v.4.0.3 allows a loc
CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a
local att ...)
- grocy <itp> (bug #969056)
CVE-2023-47674 (Missing authentication for critical function vulnerability in
First Co ...)
- TODO: check
+ NOT-FOR-US: First Corporation
CVE-2023-47638
REJECTED
CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12
allows a ...)
- TODO: check
+ - libde265 <unfixed>
+ NOTE: https://github.com/strukturag/libde265/issues/426
+ NOTE:
https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7
CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit
456574705 ...)
- TODO: check
+ - ffmpeg 7:6.1-1
+ NOTE:
https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60
(n6.1)
+ NOTE:
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/
+ NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg
CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows
authenticate ...)
TODO: check
CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows
attackers to cau ...)
@@ -43,19 +48,19 @@ CVE-2023-47264 (Certain WithSecure products have a buffer
over-read whereby proc
CVE-2023-47263 (Certain WithSecure products allow a Denial of Service (DoS) in
the ant ...)
NOT-FOR-US: WithSecure
CVE-2023-47213 (First Corporation's DVRs use a hard-coded password, which may
allow a ...)
- TODO: check
+ NOT-FOR-US: First Corporation
CVE-2023-47003 (An issue in RedisGraph v.2.12.10 allows an attacker to execute
arbitra ...)
NOT-FOR-US: RedisGraph
CVE-2023-44296 (Dell ELab-Navigator, version 3.1.9 contains a hard-coded
credential vu ...)
NOT-FOR-US: Dell
CVE-2023-43757 (Inadequate encryption strength vulnerability in multiple
routers provi ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2023-43752 (OS command injection vulnerability in WRC-X3000GS2-W v1.05 and
earlier ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2023-43275 (Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS
v5.7 in 110 ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-41442 (An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor
Loco Mini 1 ...)
- TODO: check
+ NOT-FOR-US: Kloudq Technologies Limited Tor Equip
CVE-2023-6079
REJECTED
CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly
sanitize artif ...)
@@ -168486,7 +168491,7 @@ CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS
via app/dashboard/widgets/ipc
- phpipam <itp> (bug #731713)
NOTE: https://github.com/phpipam/phpipam/issues/3351
CVE-2021-35437 (SQL injection vulnerability in LMXCMS v.1.4 allows attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: LMXCMS
CVE-2021-35436
RESERVED
CVE-2021-35435
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725...cd7e4dc03f00db5c1bf50832d7292916eabd4cc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725...cd7e4dc03f00db5c1bf50832d7292916eabd4cc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
