Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c6312bf by Moritz Muehlenhoff at 2023-12-22T10:58:53+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -114,7 +114,7 @@ CVE-2023-48685 (Railway Reservation System v1.0 is
vulnerable to multiple Unauth
CVE-2023-48308 (Nextcloud/Cloud is a calendar app for Nextcloud. An attacker
can gain ...)
NOT-FOR-US: Nextcloud calendar app
CVE-2023-48298 (ClickHouse\xae is an open-source column-oriented database
management s ...)
- - clickhouse <unfixed>
+ - clickhouse <unfixed> (bug #1059261)
NOTE:
https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938
NOTE: https://github.com/ClickHouse/ClickHouse/pull/56795
CVE-2023-46649 (A race condition in GitHub Enterprise Server was identified
that could ...)
@@ -231,7 +231,7 @@ CVE-2023-50119
CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has
been id ...)
TODO: check
CVE-2023-4255 (An out-of-bounds write issue has been discovered in the
backspace hand ...)
- - w3m <unfixed>
+ - w3m <unfixed> (bug #1059265)
NOTE:
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
NOTE: https://github.com/tats/w3m/issues/268
NOTE: https://github.com/tats/w3m/pull/273
@@ -459,7 +459,7 @@ CVE-2023-47507 (Deserialization of Untrusted Data
vulnerability in Master Slider
CVE-2023-47236 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47118 (ClickHouse\xae is an open-source column-oriented database
management s ...)
- - clickhouse <unfixed>
+ - clickhouse <unfixed> (bug #1059261)
NOTE:
https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v
CVE-2023-46311 (Authorization Bypass Through User-Controlled Key vulnerability
in gVec ...)
NOT-FOR-US: WordPress plugin
@@ -4105,11 +4105,11 @@ CVE-2023-5332 (Patch in third party library Consul
requires 'enable-script-check
CVE-2023-49287 (TinyDir is a lightweight C directory and file reader. Buffer
overflows ...)
- falcosecurity-libs <unfixed> (bug #1059256)
- gemmi <unfixed> (bug #1059257)
- - lwip <unfixed> (bug #1059259)
NOTE: https://www.openwall.com/lists/oss-security/2023/12/04/1
NOTE:
https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
NOTE:
https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d
NOTE:
https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt
+ NOTE: lwip embeds a copy of tinydir, but it's unused, see bug #1059259
CVE-2023-49108 (Path traversal vulnerability exists in RakRak Document Plus
Ver.3.2.0. ...)
NOT-FOR-US: RakRak Document Plus
CVE-2023-49093 (HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is
vulnerab ...)
@@ -76684,13 +76684,13 @@ CVE-2022-44013 (An issue was discovered in Simmeth
Lieferantenmanager before 5.6
CVE-2022-44012 (An issue was discovered in
/DS/LM_API/api/SelectionService/InsertQuery ...)
NOT-FOR-US: Simmeth Lieferantenmanager
CVE-2022-44011 (An issue was discovered in ClickHouse before 22.9.1.2603. An
authentic ...)
- - clickhouse <unfixed>
+ - clickhouse <unfixed> (bug #1059261)
[bookworm] - clickhouse <no-dsa> (Minor issue)
[bullseye] - clickhouse <no-dsa> (Minor issue)
[buster] - clickhouse <postponed> (Minor issue, DoS)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/40241
CVE-2022-44010 (An issue was discovered in ClickHouse before 22.9.1.2603. An
attacker ...)
- - clickhouse <unfixed>
+ - clickhouse <unfixed> (bug #1059261)
[bookworm] - clickhouse <no-dsa> (Minor issue)
[bullseye] - clickhouse <no-dsa> (Minor issue)
[buster] - clickhouse <postponed> (Minor issue, DoS)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6312bf8952f907f089ed432925cc9708f92b56
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6312bf8952f907f089ed432925cc9708f92b56
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
