Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91d80e70 by Moritz Muehlenhoff at 2023-12-22T13:36:37+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -386,7 +386,7 @@ CVE-2023-41166 (An issue was discovered in Stormshield
Network Security (SNS) 3.
CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
NOT-FOR-US: Transformers
CVE-2023-7008 [Unsigned name response in signed zone is not refused when
DNSSEC=yes]
- - systemd <unfixed>
+ - systemd <unfixed> (bug #1059278)
[bookworm] - systemd <no-dsa> (Minor issue)
[bullseye] - systemd <no-dsa> (Minor issue)
[buster] - systemd <postponed> (Minor issue, should be fixed after
newer releases are done)
@@ -1033,7 +1033,7 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
- proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
- - proftpd-mod-proxy <unfixed>
+ - proftpd-mod-proxy <unfixed> (bug #1059290)
- putty 0.80-1
- python-asyncssh <unfixed> (bug #1059007)
- tinyssh 20230101-4 (bug #1059058; unimportant)
@@ -1777,11 +1777,11 @@ CVE-2023-50564 (An arbitrary file upload vulnerability
in the component /inc/mod
CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection
vulnerability vi ...)
NOT-FOR-US: Semcms
CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation
violation via t ...)
- - cjson <unfixed>
+ - cjson <unfixed> (bug #1059287)
NOTE: https://github.com/DaveGamble/cJSON/issues/803
NOTE: Fixed by:
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation
violation via t ...)
- - cjson <unfixed>
+ - cjson <unfixed> (bug #1059287)
NOTE: https://github.com/DaveGamble/cJSON/issues/802
NOTE: Fixed by:
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -1920,7 +1920,7 @@ CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and
earlier are affected by an I
CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the
response to ...)
NOT-FOR-US: Dokmee ECM
CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability when ...)
- - shiro <unfixed>
+ - shiro <unfixed> (bug #1059288)
[bookworm] - shiro <no-dsa> (Minor issue)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
@@ -3264,14 +3264,14 @@ CVE-2023-49493 (DedeCMS v5.7.111 was discovered to
contain a reflective cross-si
CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective
cross-site scr ...)
NOT-FOR-US: DedeCMS
CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer
overflow vu ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1059275)
NOTE: https://github.com/strukturag/libde265/issues/432
NOTE: Fixed by:
https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb
CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a
heap-buffer-overflow vuln ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1059275)
NOTE: https://github.com/strukturag/libde265/issues/434
CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a
heap-buffer-overflow vuln ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1059275)
NOTE: https://github.com/strukturag/libde265/issues/435
CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation
violation via ...)
- libheif <unfixed> (bug #1059151)
@@ -7947,10 +7947,10 @@ CVE-2023-47005 (An issue in ASUS RT-AX57
v.3.0.0.4_386_52041 allows a remote att
CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0
allows a ...)
NOT-FOR-US: MLDB.ai
CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via
jbig2_add_page in ...)
- - jbig2enc <unfixed>
+ - jbig2enc <unfixed> (bug #1059285)
NOTE: https://github.com/agl/jbig2enc/issues/85
CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free
via jbi ...)
- - jbig2enc <unfixed>
+ - jbig2enc <unfixed> (bug #1059284)
NOTE: https://github.com/agl/jbig2enc/issues/84
CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a
private ...)
NOT-FOR-US: Couchbase Server
@@ -9720,7 +9720,7 @@ CVE-2023-46510 (An issue in ZIONCOM (Hong Kong)
Technology Limited A7000R v.4.1c
CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows
an attack ...)
NOT-FOR-US: Contec SolarView Compact
CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote
attacker ...)
- - cacti <unfixed>
+ - cacti <unfixed> (bug #1059286)
[bookworm] - cacti <no-dsa> (Revisit when more details are available)
[bullseye] - cacti <no-dsa> (Revisit when more details are available)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not
public yet)
@@ -17264,7 +17264,7 @@ CVE-2023-4802 (A reflected cross-site scripting
vulnerability in the UpdateInsta
CVE-2023-4801 (An improper certification validation vulnerability in the
Insider Thre ...)
NOT-FOR-US: Insider Threat Management (ITM) Server
CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC
starting ver ...)
- - grpc <unfixed>
+ - grpc <unfixed> (bug #1059281)
[bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <no-dsa> (Minor issue)
[buster] - grpc <no-dsa> (Minor issue)
@@ -22254,7 +22254,7 @@ CVE-2023-37068 (Code-Projects Gym Management System
V1.0 allows remote attackers
CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote
attackers ...)
NOT-FOR-US: CSZCMS
CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table
accounting error ...)
- - grpc <unfixed>
+ - grpc <unfixed> (bug #1059279)
[bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <no-dsa> (Minor issue)
[buster] - grpc <postponed> (recheck when upstream patch is
available/published)
@@ -29978,7 +29978,7 @@ CVE-2023-34100 (Contiki-NG is an open-source,
cross-platform operating system fo
CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection
vulnerabilit ...)
NOT-FOR-US: Fuel CMS
CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a
termination ...)
- - grpc <unfixed>
+ - grpc <unfixed> (bug #1059280)
[bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <no-dsa> (Minor issue)
[buster] - grpc <postponed> (Minor issue; request smuggling; recheck
whether fixed or introduced by #32309 when CVE description is updated)
@@ -69170,56 +69170,56 @@ CVE-2022-46305 (ChangingTec ServiSign component has a
path traversal vulnerabili
CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for
special ...)
NOT-FOR-US: ChangingTec ServiSign
CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the
translationV ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA
format ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA
format ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS
format ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69262,7 +69262,7 @@ CVE-2022-44615
CVE-2022-44453
RESERVED
CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI
format ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69275,14 +69275,14 @@ CVE-2022-43663 (An integer conversion vulnerability
exists in the SORBAx64.dll R
CVE-2022-43503
REJECTED
CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format
coord_fi ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO
format ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69369,7 +69369,7 @@ CVE-2022-4180 (Use after free in Mojo in Google Chrome
prior to 108.0.5359.71 al
CVE-2022-41795
RESERVED
CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format
title fu ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69413,7 +69413,7 @@ CVE-2022-4172 (An integer overflow and buffer overflow
issues were found in the
CVE-2022-40973
RESERVED
CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian
format ori ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -79656,7 +79656,7 @@ CVE-2022-3649 (A vulnerability was found in Linux
Kernel. It has been classified
[bullseye] - linux 5.10.148-1
NOTE:
https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format
attribu ...)
- - openbabel <unfixed>
+ - openbabel <unfixed> (bug #1059277)
[bookworm] - openbabel <no-dsa> (Minor issue)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -376859,7 +376859,7 @@ CVE-2018-11232 (The etm_setup_aux function in
drivers/hwtracing/coresight/coresi
CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection.
Attackers c ...)
NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc
0.29 allows ...)
- - jbig2enc <unfixed>
+ - jbig2enc <unfixed> (bug #1059282)
NOTE: https://github.com/agl/jbig2enc/issues/61
CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC,
and TSW- ...)
NOT-FOR-US: Crestron devices
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91d80e700e3a55e4484e8a27dfea9f0d392655fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91d80e700e3a55e4484e8a27dfea9f0d392655fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
