Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d1fbd69 by Moritz Muehlenhoff at 2024-04-25T17:05:01+02:00
radare2 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12496,7 +12496,7 @@ CVE-2024-26540 (A heap-based buffer overflow in Clmg
before 3.3.3 can occur via
CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities
Network O ...)
NOT-FOR-US: Greek Universities Network Open eClass
CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and
fixed in v.5 ...)
- - radare2 <unfixed>
+ - radare2 5.9.0+dfsg-1
NOTE: https://github.com/TronciuVlad/CVE-2024-26475
NOTE:
https://github.com/radareorg/radare2/commit/8419d7d0cbe61c687dcb8a35de0acccb2ee4c220
(5.9.0)
CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot
through 9b7 ...)
@@ -36446,7 +36446,7 @@ CVE-2023-47393 (An access control issue in Mercedes me
IOS APP v1.34.0 and below
CVE-2023-47392 (An access control issue in Mercedes me IOS APP v1.34.0 and
below allow ...)
NOT-FOR-US: Mercedes me IOS APP
CVE-2023-47016 (radare2 5.8.9 has an out-of-bounds read in
r_bin_object_set_items in l ...)
- - radare2 <unfixed> (bug #1056930)
+ - radare2 5.9.0+dfsg-1 (bug #1056930)
NOTE: https://github.com/radareorg/radare2/issues/22349
NOTE:
https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd
CVE-2023-46814 (A binary hijacking vulnerability exists within the VideoLAN
VLC media ...)
@@ -40292,11 +40292,11 @@ CVE-2023-5830 (A vulnerability classified as critical
has been found in Columbia
CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5
allows a loca ...)
NOT-FOR-US: XnView
CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in
the prin ...)
- - radare2 <unfixed> (bug #1054908)
+ - radare2 5.9.0+dfsg-1 (bug #1054908)
NOTE: https://github.com/radareorg/radare2/issues/22333
NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/3e406459f163eba7672b3421c8a84b2c0e4ac0f8
CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in
the prin ...)
- - radare2 <unfixed> (bug #1054908)
+ - radare2 5.9.0+dfsg-1 (bug #1054908)
NOTE: https://github.com/radareorg/radare2/issues/22334
NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/2e2f2a9b1800d09be09461e7536ac03a301f97f2
CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R
v.4.1cu.4154 ...)
@@ -41843,7 +41843,7 @@ CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in
GitHub repository modoboa/mod
CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository
mosparo/mosparo ...)
NOT-FOR-US: mosparo
CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1055854)
+ - radare2 5.9.0+dfsg-1 (bug #1055854)
NOTE: https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
NOTE:
https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de
CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to
Stored Cros ...)
@@ -52297,7 +52297,7 @@ CVE-2023-35689 (In checkDebuggingDisallowed of
DeviceVersionFragment.java, there
CVE-2023-32358 (A type confusion issue was addressed with improved checks.
This issue ...)
NOT-FOR-US: Apple
CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1051898)
+ - radare2 5.9.0+dfsg-1 (bug #1051898)
NOTE:
https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd
NOTE: https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd
CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository
cockpit-hq/co ...)
@@ -72231,7 +72231,7 @@ CVE-2023-1607 (A vulnerability was found in novel-plus
3.6.2. It has been classi
CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as
critic ...)
NOT-FOR-US: novel-plus
CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior
to 5.8. ...)
- - radare2 <unfixed> (bug #1034180)
+ - radare2 5.9.0+dfsg-1 (bug #1034180)
NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2
NOTE:
https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f
CVE-2023-1604
@@ -77735,7 +77735,7 @@ CVE-2023-27115 (WebAssembly v1.0.29 was discovered to
contain a segmentation fau
NOTE: https://github.com/WebAssembly/wabt/issues/1938
NOTE: https://github.com/WebAssembly/wabt/issues/1992
CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault
via the ...)
- - radare2 <unfixed> (bug #1032667)
+ - radare2 5.9.0+dfsg-1 (bug #1032667)
NOTE: https://github.com/radareorg/radare2/issues/21363
NOTE:
https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509
CVE-2023-27113
@@ -88224,7 +88224,7 @@ CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x
allows a remote attacker
CVE-2023-23591 (The Logback component in Terminalfour before 8.3.14.1 allows
OS admini ...)
NOT-FOR-US: Terminalfour
CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane
(Special E ...)
- - radare2 <unfixed> (bug #1029037)
+ - radare2 5.9.0+dfsg-1 (bug #1029037)
NOTE: https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e/
NOTE:
https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce
CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository
alfio-event/a ...)
@@ -97875,7 +97875,7 @@ CVE-2022-4399 (A vulnerability was found in
TicklishHoneyBee nodau. It has been
NOTE: https://github.com/TicklishHoneyBee/nodau/pull/26
NOTE: Negligible security impact
CVE-2022-4398 (Integer Overflow or Wraparound in GitHub repository
radareorg/radare2 ...)
- - radare2 <unfixed> (bug #1027144)
+ - radare2 5.9.0+dfsg-1 (bug #1027144)
NOTE: https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2
NOTE:
https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8
CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has
been c ...)
@@ -135718,7 +135718,7 @@ CVE-2022-34522
CVE-2022-34521
RESERVED
CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer
dereference vi ...)
- - radare2 <unfixed> (bug #1016979)
+ - radare2 5.9.0+dfsg-1 (bug #1016979)
NOTE: https://github.com/radareorg/radare2/issues/20354
NOTE:
https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5
(5.7.4)
CVE-2022-34519
@@ -135759,7 +135759,7 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain
a heap buffer overflow via
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
NOTE: Negligible security impact
CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer
overflow via th ...)
- - radare2 <unfixed> (bug #1016979)
+ - radare2 5.9.0+dfsg-1 (bug #1016979)
NOTE: https://github.com/radareorg/radare2/issues/20336
NOTE:
https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4
(5.7.2)
CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code
executi ...)
@@ -143267,7 +143267,7 @@ CVE-2022-31736 (A malicious website could have
learned the size of a cross-origi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736
CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior
to 5.7 ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
NOTE:
https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2.)
@@ -144670,7 +144670,7 @@ CVE-2022-31262 (An exploitable local privilege
escalation vulnerability exists i
CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and
5.4.x throu ...)
NOT-FOR-US: Morpheus
CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository
radareorg/radare2 ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17
NOTE:
https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d
CVE-2022-31260 (In Montala ResourceSpace through 9.8 before r19636,
csv_export_results ...)
@@ -146312,7 +146312,7 @@ CVE-2022-26023 (A leftover debug code vulnerability
exists in the console verify
CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts
prior t ...)
NOT-FOR-US: neorazorx/facturascripts
CVE-2022-1714 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior
to 5.7 ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
NOTE:
https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to
18.0.4. An ...)
@@ -146972,7 +146972,7 @@ CVE-2022-1650 (Improper Removal of Sensitive
Information Before Storage or Trans
NOTE: https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e/
NOTE:
https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4
(v2.0.2)
CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in
radareorg ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
NOTE:
https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
CVE-2022-1648 (Pandora FMS v7.0NG.760 and below allows a relative path
traversal in F ...)
@@ -149694,11 +149694,11 @@ CVE-2022-1454
CVE-2022-1453 (The RSVPMaker plugin for WordPress is vulnerable to
unauthenticated SQ ...)
NOT-FOR-US: RSVPMaker plugin for WordPress
CVE-2022-1452 (Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new
function i ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6
NOTE:
https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168
CVE-2022-1451 (Out-of-bounds Read in r_bin_java_constant_value_attr_new
function in G ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
NOTE:
https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont.
NOTE: this ...)
@@ -149725,7 +149725,7 @@ CVE-2022-1446
CVE-2022-1445 (Stored Cross Site Scripting vulnerability in the checked_out_to
parame ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2
prior to 5. ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa
NOTE:
https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5
CVE-2022-1443
@@ -149790,7 +149790,7 @@ CVE-2022-1439 (Reflected XSS on
demo.microweber.org/demo/module/ in GitHub repos
CVE-2022-1438 (A flaw was found in Keycloak. Under specific circumstances,
HTML entit ...)
NOT-FOR-US: Keycloak
CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038
NOTE:
https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136
CVE-2022-1436 (The WPCargo Track & Trace WordPress plugin before 6.9.5 does
not sanit ...)
@@ -150331,11 +150331,11 @@ CVE-2022-1385 (Mattermost 6.4.x and earlier fails
to properly invalidate pending
CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check
the plugi ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
NOTE:
https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862
CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2
prior ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1
NOTE:
https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
CVE-2022-29404 (In Apache HTTP Server 2.4.53 and earlier, a malicious request
to a lua ...)
@@ -151485,11 +151485,11 @@ CVE-2022-1299 (The Slideshow WordPress plugin
through 2.3.1 does not sanitize an
CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and
escape Ta ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in
GitHub repo ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac
NOTE:
https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6
CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub
reposit ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0
NOTE:
https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6
CVE-2022-1295 (Prototype Pollution in GitHub repository
alvarotrigo/fullpage.js prior ...)
@@ -152340,11 +152340,11 @@ CVE-2022-26045 (Improper buffer restrictions in
some Intel(R) XMM(TM) 7560 Modem
CVE-2022-25868
RESERVED
CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2
prior to 5. ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
NOTE:
https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6
CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function
in GitHu ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
NOTE:
https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does
not prop ...)
@@ -152431,7 +152431,7 @@ CVE-2022-1246
CVE-2022-1245 (A privilege escalation flaw was found in the token exchange
feature of ...)
NOT-FOR-US: Keycloak
CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2
prior to 5 ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82
NOTE:
https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3
CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially
leading to ...)
@@ -152478,17 +152478,17 @@ CVE-2022-1249 (A NULL pointer dereference flaw was
found in pesign's cms_set_pw_
NOTE: Introduced by:
https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a
(114)
NOTE: Fixed by:
https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76
(115)
CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub
reposi ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
NOTE:
https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate
the proxy ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1238 (Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub
repository ra ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
NOTE:
https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778
CVE-2022-1237 (Improper Validation of Array Index in GitHub repository
radareorg/rada ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40
NOTE:
https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6
CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi
prior to ...)
@@ -153303,7 +153303,7 @@ CVE-2022-1209 (The Ultimate Member plugin for
WordPress is vulnerable to arbitra
CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior
to 5.6 ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb
NOTE:
https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1
CVE-2022-28341
@@ -155045,7 +155045,7 @@ CVE-2022-1063 (The Thank Me Later WordPress plugin
through 3.3.4 does not saniti
CVE-2022-1062 (The th23 Social WordPress plugin through 1.2.0 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository
radareorg/ra ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
NOTE:
https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating
(i.e., when ...)
@@ -155595,7 +155595,7 @@ CVE-2022-1054 (The RSVP and Event Management Plugin
WordPress plugin before 2.7.
CVE-2022-1053 (Keylime does not enforce that the agent registrar data is the
same whe ...)
NOT-FOR-US: Keylime
CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub
repository ra ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7
NOTE:
https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
@@ -156613,7 +156613,7 @@ CVE-2022-1033 (Unrestricted Upload of File with
Dangerous Type in GitHub reposit
CVE-2022-1032 (Insecure deserialization of not validated module file in GitHub
reposi ...)
NOT-FOR-US: Crater
CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository
radareorg/radare2 ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457
NOTE:
https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb
CVE-2022-27258 (Multiple Cross-Site Scripting (XSS) vulnerabilities in
Hubzilla 7.0.3 ...)
@@ -159091,7 +159091,7 @@ CVE-2022-0850 (A vulnerability was found in linux
kernel, where an information l
[stretch] - linux 4.9.290-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2060606
CVE-2022-0849 (Use After Free in r_reg_get_name_idx in GitHub repository
radareorg/ra ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6
NOTE:
https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24
CVE-2022-0848 (OS Command Injection in GitHub repository part-db/part-db prior
to 0.5 ...)
@@ -161376,7 +161376,7 @@ CVE-2022-0714 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa
(v8.2.4436)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c
NOTE:
https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1
CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through
5.6.10 a ...)
@@ -161437,7 +161437,7 @@ CVE-2022-25599 (Cross-Site Request Forgery (CSRF)
vulnerability leading to event
CVE-2022-25598 (Apache DolphinScheduler user registration is vulnerable to
Regular exp ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2
prior ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
NOTE:
https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses
containin ...)
@@ -161954,7 +161954,7 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 8.
NOTE:
https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1
(v8.2.4428)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior
to 5.6. ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea
NOTE:
https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket
transport. An ...)
@@ -162166,7 +162166,7 @@ CVE-2022-25312 (An XML external entity (XXE)
injection vulnerability was discove
CVE-2022-21132 (Directory traversal vulnerability in pfSense-pkg-WireGuard
pfSense-pkg ...)
NOT-FOR-US: pfSense
CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485
NOTE:
https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6
CVE-2022-0675 (In certain situations it is possible for an unmanaged rule to
exist on ...)
@@ -164280,7 +164280,7 @@ CVE-2022-0561 (Null source pointer passed as an
argument to memcpy() function wi
CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to
1.2.11.)
NOT-FOR-US: microweber
CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to
5.6.2.)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e
NOTE:
https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e
CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist
microweber/microweber ...)
@@ -164518,23 +164518,23 @@ CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby
prior to 3.2.)
CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify
prior to 9. ...)
NOT-FOR-US: Publify
CVE-2022-0523 (Use After Free in GitHub repository radareorg/radare2 prior to
5.6.2.)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
NOTE:
https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269
CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM
radare2.js pri ...)
NOT-FOR-US: Node radare2.js
CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub
repository rad ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca
NOTE:
https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2.)
NOT-FOR-US: Node radare2.js
CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository
radareo ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
NOTE:
https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
NOTE:
https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
CVE-2022-0517 (Mozilla VPN can load an OpenSSL configuration file from an
unsecured d ...)
@@ -165464,7 +165464,7 @@ CVE-2022-0478 (The Event Manager and Tickets Selling
for WooCommerce WordPress p
CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior
to 5.6. ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
NOTE:
https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b
CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few
translat ...)
@@ -166113,7 +166113,7 @@ CVE-2022-24131 (DouPHP v1.6 Release 20220121 is
affected by Cross Site Scripting
CVE-2022-21170 (Improper check for certificate revocation in i-FILTER
Ver.10.45R01 and ...)
NOT-FOR-US: i-FILTER
CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2
prior ...)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
NOTE:
https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6
(5.6.0)
NOTE:
https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
@@ -171015,7 +171015,7 @@ CVE-2022-0175 (A flaw was found in the VirGL virtual
OpenGL renderer (virglrende
CVE-2022-0174 (Improper Validation of Specified Quantity in Input
vulnerability in do ...)
- dolibarr <removed>
CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
NOTE:
https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -171911,7 +171911,7 @@ CVE-2022-22709 (VP9 Video Extensions Remote Code
Execution Vulnerability)
CVE-2022-21806 (A use-after-free vulnerability exists in the mips_collector
appsrv_ser ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to
5.6.0.)
- - radare2 <unfixed> (bug #1014478)
+ - radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
NOTE:
https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
(5.6.0)
CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device
versions prior ...)
@@ -177461,11 +177461,11 @@ CVE-2021-44977 (In iCMS <=8.0.0, a directory
traversal vulnerability allows an a
CVE-2021-44976
RESERVED
CVE-2021-44975 (radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via
/libr/cor ...)
- - radare2 <unfixed> (bug #1014490)
+ - radare2 5.9.0+dfsg-1 (bug #1014490)
NOTE:
https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
NOTE: Fixed in 5.6.0
CVE-2021-44974 (radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer
Derefere ...)
- - radare2 <unfixed> (bug #1014490)
+ - radare2 5.9.0+dfsg-1 (bug #1014490)
NOTE:
https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
NOTE: Fixed in 5.5.4
CVE-2021-44973
@@ -180025,7 +180025,7 @@ CVE-2021-44222 (A vulnerability has been identified
in SIMATIC eaSie Core Packag
CVE-2021-44221 (A vulnerability has been identified in SIMATIC eaSie Core
Package (All ...)
NOT-FOR-US: Siemens
CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to
5.6.2, 5.6.0 ...)
- - radare2 <unfixed> (bug #1014490)
+ - radare2 5.9.0+dfsg-1 (bug #1014490)
NOTE: https://github.com/radareorg/radare2/issues/19436
NOTE:
https://github.com/radareorg/radare2/commit/3fed0e322d9374891a3412811e5270dc535cea02
CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input
During ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d1fbd693b79d675ea828a034cddba4cbd619dc2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d1fbd693b79d675ea828a034cddba4cbd619dc2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
