[Git][security-tracker-team/security-tracker][master] new vim issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c4f17f75 by Moritz Muehlenhoff at 2023-10-11T23:17:08+02:00 new vim issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,8 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) - TODO: check + - vim (unimportant) + NOTE: https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f + NOTE: https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d + NOTE: Crash in CLI tool, no security impact CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...) TODO: check CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f17f75b86744af94da9cd598172fc740742f1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f17f75b86744af94da9cd598172fc740742f1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new vim issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2700a634 by Moritz Muehlenhoff at 2023-10-06T12:35:39+02:00 new vim issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,10 @@ CVE-2023-4061 CVE-2023-3171 NOT-FOR-US: Red Hat Enterprise Application Platform CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161a ...) - TODO: check + - vim (unimportant) + NOTE: https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2 + NOTE: https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960 + NOTE: Crash in CLI tool, no security impact CVE-2023-5312 (A vulnerability classified as critical has been found in DedeCMS 5.7.1 ...) NOT-FOR-US: DedeCMS CVE-2023-45243 (Sensitive information disclosure due to missing authorization. The fol ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2700a634fa28b9521c99a30263bfbeded92f97dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2700a634fa28b9521c99a30263bfbeded92f97dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" vim issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d31992a by Moritz Muehlenhoff at 2023-07-10T13:33:32+02:00 new vim issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -215506,7 +215506,9 @@ CVE-2020-20705 CVE-2020-20704 RESERVED CVE-2020-20703 (Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attack ...) - TODO: check + - vim 2:8.1.2136-1 + NOTE: https://github.com/vim/vim/issues/5041 + NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 CVE-2020-20702 RESERVED CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d31992a9206204d9ccecf38e24588337a508d6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d31992a9206204d9ccecf38e24588337a508d6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new vim issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d7eb4c43 by Moritz Muehlenhoff at 2022-07-25T23:18:37+02:00 new vim issue add one more Linux reference - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -768,7 +768,9 @@ CVE-2022-34147 CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) NOT-FOR-US: Roxy-WI CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 + NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 CVE-2022-2521 RESERVED CVE-2022-2520 @@ -4289,6 +4291,7 @@ CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A ty - linux 5.18.14-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3 + NOTE: https://www.randorisec.fr/crack-linux-firewall/ CVE-2022-2307 RESERVED CVE-2022-34917 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7eb4c438ec4eed44169dbd2d87bfaab403f2570 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7eb4c438ec4eed44169dbd2d87bfaab403f2570 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new vim issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 996a707b by Moritz Muehlenhoff at 2022-05-10T13:49:23+02:00 new vim issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2022-1644 CVE-2022-1643 RESERVED CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextOutputD ...) - TODO: check + - xpdf (Debian uses poppler, which is not affected) CVE-2022-30523 RESERVED CVE-2022-30522 @@ -40,7 +40,7 @@ CVE-2022-1632 RESERVED NOT-FOR-US: OpenShift CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-1630 RESERVED CVE-2022-1629 @@ -422,7 +422,7 @@ CVE-2022-30340 CVE-2022-30336 RESERVED CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via ...) - TODO: check + NOT-FOR-US: Bonanza Wealth Management System CVE-2022-26041 RESERVED CVE-2022-1623 @@ -430,7 +430,11 @@ CVE-2022-1623 CVE-2022-1622 RESERVED CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...) - TODO: check + - vim + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb + NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...) - admesh (bug #1010770) [bullseye] - admesh (Minor issue; can be fixed via point release) @@ -453,7 +457,7 @@ CVE-2022-1618 CVE-2022-1617 RESERVED CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...) - TODO: check + - brave-browser (bug #864795) CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...) - unrar-nonfree [bullseye] - unrar-nonfree (Non-free not supported) @@ -725,11 +729,11 @@ CVE-2022-30243 CVE-2022-30242 RESERVED CVE-2022-30241 (The jquery.json-viewer library through 1.4.0 for Node.js does not prop ...) - TODO: check + NOT-FOR-US: Node jquery.json-viewer CVE-2022-30240 (An argument injection vulnerability in the browser-based authenticatio ...) - TODO: check + NOT-FOR-US: Magnitude Simba Amazon Redshift JDBC Driver CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...) - TODO: check + NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver CVE-2022-30238 RESERVED CVE-2022-30237 @@ -1386,7 +1390,7 @@ CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive informa [buster] - fuse-exfat (Minor issue) NOTE: https://github.com/relan/exfat/issues/185 CVE-2022-29972 (An argument injection vulnerability in the browser-based authenticatio ...) - TODO: check + NOT-FOR-US: Magnitude Simba Amazon Redshift ODBC Driver CVE-2022-29971 (An argument injection vulnerability in the browser-based authenticatio ...) TODO: check CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches ...) @@ -1480,7 +1484,7 @@ CVE-2022-29935 (USU Oracle Optimization before 5.17.5 allows attackers to discov CVE-2022-29934 (USU Oracle Optimization before 5.17.5 lacks Polkit authentication, whi ...) NOT-FOR-US: USU Oracle Optimization CVE-2022-29933 (Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2022-29932 RESERVED CVE-2022-29931 @@ -1737,7 +1741,7 @@ CVE-2022-1510 CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...) NOT-FOR-US: Hestia Control Panel CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...) - TODO: check + NOT-FOR-US: 1Password CVE-2022-29867 RESERVED CVE-2022-29866 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/996a707b6ecfafc74438edeb0ff6fd54d540c3f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/996a707b6ecfafc74438edeb0ff6fd54d540c3f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
