Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4e61e940 by security tracker role at 2023-04-10T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2023-30467 + RESERVED +CVE-2023-30466 + RESERVED +CVE-2023-30465 + RESERVED +CVE-2023-1972 + RESERVED +CVE-2023-1971 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2023-1969 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2023-1968 + RESERVED +CVE-2023-1967 + RESERVED +CVE-2023-1966 + RESERVED +CVE-2023-1965 + RESERVED CVE-2023-30464 RESERVED CVE-2023-30463 @@ -29,8 +51,8 @@ CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGuruk NOT-FOR-US: PHPGurukul Bank Locker Management System CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management System ...) NOT-FOR-US: PHPGurukul Bank Locker Management System -CVE-2018-25084 - RESERVED +CVE-2018-25084 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check CVE-2023-30451 RESERVED CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...) @@ -75,8 +97,8 @@ CVE-2023-30431 RESERVED CVE-2023-30430 RESERVED -CVE-2015-10100 - RESERVED +CVE-2015-10100 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...) NOT-FOR-US: Dart http_server CVE-2014-125097 (A vulnerability, which was classified as problematic, was found in Bes ...) @@ -1923,8 +1945,8 @@ CVE-2023-1944 RESERVED CVE-2023-1943 RESERVED -CVE-2015-10099 - RESERVED +CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...) + TODO: check CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been ...) NOT-FOR-US: WordPress plugin CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has be ...) @@ -2466,10 +2488,10 @@ CVE-2023-29378 RESERVED CVE-2023-29377 RESERVED -CVE-2023-29376 - RESERVED -CVE-2023-29375 - RESERVED +CVE-2023-29376 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, ...) + TODO: check +CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, ...) + TODO: check CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...) NOT-FOR-US: LangChain CVE-2023-29373 @@ -2915,11 +2937,9 @@ CVE-2023-1809 RESERVED CVE-2023-1808 RESERVED -CVE-2023-29216 - RESERVED +CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not effectivel ...) NOT-FOR-US: Apache Linkis -CVE-2023-29215 - RESERVED +CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective filtering of ...) NOT-FOR-US: Apache Linkis CVE-2023-29214 RESERVED @@ -5240,8 +5260,8 @@ CVE-2023-28490 RESERVED CVE-2023-28489 RESERVED -CVE-2023-1478 - RESERVED +CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...) + TODO: check CVE-2023-1477 RESERVED CVE-2023-1476 @@ -5361,10 +5381,10 @@ CVE-2023-1428 RESERVED CVE-2023-1427 RESERVED -CVE-2023-1426 - RESERVED -CVE-2023-1425 - RESERVED +CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...) + TODO: check +CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Aw ...) + TODO: check CVE-2023-28488 RESERVED CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...) @@ -5781,8 +5801,8 @@ CVE-2023-1408 RESERVED CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...) NOT-FOR-US: SourceCodester -CVE-2023-1406 - RESERVED +CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files ...) + TODO: check CVE-2022-48420 RESERVED CVE-2022-48419 @@ -6191,8 +6211,8 @@ CVE-2023-27389 RESERVED CVE-2023-23575 RESERVED -CVE-2023-1381 - RESERVED +CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate image ...) + TODO: check CVE-2022-48402 RESERVED CVE-2022-48401 @@ -6271,10 +6291,10 @@ CVE-2023-28208 RESERVED CVE-2023-28207 RESERVED -CVE-2023-28206 - RESERVED -CVE-2023-28205 - RESERVED +CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...) + TODO: check +CVE-2023-28205 (A use after free issue was addressed with improved memory management. ...) + TODO: check CVE-2023-28204 RESERVED CVE-2023-28203 @@ -7016,8 +7036,7 @@ CVE-2023-27989 RESERVED CVE-2023-27988 RESERVED -CVE-2023-27987 - RESERVED +CVE-2023-27987 (In Apache Linkis <=1.3.1, due to the default token generated by Lin ...) NOT-FOR-US: Apache Linkis CVE-2023-1297 RESERVED @@ -8052,8 +8071,8 @@ CVE-2023-27652 RESERVED CVE-2023-27651 RESERVED -CVE-2023-27650 - RESERVED +CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...) + TODO: check CVE-2023-27649 RESERVED CVE-2023-27648 @@ -8166,11 +8185,9 @@ CVE-2023-1178 RESERVED CVE-2023-27604 RESERVED -CVE-2023-27603 - RESERVED +CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn mate ...) NOT-FOR-US: Apache Linkis -CVE-2023-27602 - RESERVED +CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module uploads files wi ...) NOT-FOR-US: Apache Linkis CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) NOT-FOR-US: mlflow @@ -8829,12 +8846,12 @@ CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5 NOT-FOR-US: WordPress plugin CVE-2023-1123 RESERVED -CVE-2023-1122 - RESERVED -CVE-2023-1121 - RESERVED -CVE-2023-1120 - RESERVED +CVE-2023-1122 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) + TODO: check +CVE-2023-1121 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) + TODO: check +CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) + TODO: check CVE-2023-1119 RESERVED CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...) @@ -9864,8 +9881,8 @@ CVE-2023-26988 RESERVED CVE-2023-26987 RESERVED -CVE-2023-26986 - RESERVED +CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers ...) + TODO: check CVE-2023-26985 RESERVED CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 allows at ...) @@ -10005,8 +10022,8 @@ CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows at NOT-FOR-US: quectel CVE-2023-26920 RESERVED -CVE-2023-26919 - RESERVED +CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...) + TODO: check CVE-2023-26918 RESERVED CVE-2023-26917 @@ -10124,8 +10141,8 @@ CVE-2023-26862 RESERVED CVE-2023-26861 RESERVED -CVE-2023-26860 - RESERVED +CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...) + TODO: check CVE-2023-26859 RESERVED CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...) @@ -10268,8 +10285,8 @@ CVE-2023-26790 RESERVED CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...) NOT-FOR-US: Veritas -CVE-2023-26788 - RESERVED +CVE-2023-26788 (Veritas Appliance v4.1.0.1 is affected by Host Header Injection attack ...) + TODO: check CVE-2023-26787 RESERVED CVE-2023-26786 @@ -10296,8 +10313,8 @@ CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 all NOT-FOR-US: Monitorr CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...) NOT-FOR-US: Monitorr -CVE-2023-26774 - RESERVED +CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows a remot ...) + TODO: check CVE-2023-26773 RESERVED CVE-2023-26772 @@ -11157,8 +11174,8 @@ CVE-2023-0985 RESERVED CVE-2023-0984 RESERVED -CVE-2023-0983 - RESERVED +CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does ...) + TODO: check CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) @@ -12530,8 +12547,8 @@ CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin for NOT-FOR-US: WordPress plugin CVE-2023-0894 RESERVED -CVE-2023-0893 - RESERVED +CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...) + TODO: check CVE-2023-0892 RESERVED CVE-2023-0891 @@ -12610,8 +12627,8 @@ CVE-2023-0876 (The WP Meta SEO WordPress plugin before 4.5.3 does not authorize NOT-FOR-US: WordPress plugin CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly saniti ...) NOT-FOR-US: WordPress plugin -CVE-2023-0874 - RESERVED +CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escap ...) + TODO: check CVE-2023-0873 RESERVED CVE-2023-25932 @@ -14430,8 +14447,8 @@ CVE-2023-25394 RESERVED CVE-2023-25393 RESERVED -CVE-2023-25392 - RESERVED +CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate ...) + TODO: check CVE-2023-25391 RESERVED CVE-2023-25390 @@ -15792,8 +15809,8 @@ CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projects NOT-FOR-US: ProjectSend CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...) - ampache <removed> -CVE-2023-0605 - RESERVED +CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not ...) + TODO: check CVE-2023-0604 RESERVED CVE-2023-0603 @@ -16591,8 +16608,8 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitiz NOT-FOR-US: WordPress plugin CVE-2023-0547 RESERVED -CVE-2023-0546 - RESERVED +CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...) + TODO: check CVE-2023-0545 RESERVED CVE-2023-0544 @@ -17787,8 +17804,8 @@ CVE-2023-24183 RESERVED CVE-2023-24182 RESERVED -CVE-2023-24181 - RESERVED +CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...) + TODO: check CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...) - libelfin <unfixed> (bug #1033741) [bookworm] - libelfin <no-dsa> (Minor issue) @@ -18315,10 +18332,10 @@ CVE-2023-0425 RESERVED CVE-2023-0424 RESERVED -CVE-2023-0423 - RESERVED -CVE-2023-0422 - RESERVED +CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...) + TODO: check +CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...) + TODO: check CVE-2023-0421 RESERVED CVE-2023-0420 @@ -18977,8 +18994,8 @@ CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate NOT-FOR-US: WordPress plugin CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate and escap ...) NOT-FOR-US: WordPress plugin -CVE-2023-0363 - RESERVED +CVE-2023-0363 (The Scheduled Announcements Widget WordPress plugin before 1.0 does no ...) + TODO: check CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange message ...) @@ -21696,10 +21713,10 @@ CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress plugi NOT-FOR-US: WordPress plugin CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...) NOT-FOR-US: NLnet Labs Krill -CVE-2023-0157 - RESERVED -CVE-2023-0156 - RESERVED +CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) + TODO: check +CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) + TODO: check CVE-2023-0155 RESERVED CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...) @@ -23591,8 +23608,8 @@ CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 do NOT-FOR-US: WordPress plugin CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...) NOT-FOR-US: WordPress plugin -CVE-2022-4827 - RESERVED +CVE-2022-4827 (The WP Tiles WordPress plugin through 1.1.2 does not validate and esca ...) + TODO: check CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate and esc ...) @@ -29729,10 +29746,10 @@ CVE-2022-46719 RESERVED CVE-2022-46718 RESERVED -CVE-2022-46717 - RESERVED -CVE-2022-46716 - RESERVED +CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2022-46715 RESERVED CVE-2022-46714 @@ -29745,8 +29762,8 @@ CVE-2022-46711 RESERVED CVE-2022-46710 RESERVED -CVE-2022-46709 - RESERVED +CVE-2022-46709 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2022-46708 RESERVED CVE-2022-46707 @@ -29757,8 +29774,8 @@ CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was NOT-FOR-US: Apple CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple -CVE-2022-46703 - RESERVED +CVE-2022-46703 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check CVE-2022-46702 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...) @@ -41415,63 +41432,63 @@ CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeL CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} [experimental] - openimageio 2.4.7.1+dfsg-1 - openimageio 2.4.7.1+dfsg-2 (bug #1027808) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657 NOTE: https://github.com/OpenImageIO/oiio/pull/3670 CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 NOTE: https://github.com/OpenImageIO/oiio/pull/3673 CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 NOTE: https://github.com/OpenImageIO/oiio/pull/3673 CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652 NOTE: https://github.com/OpenImageIO/oiio/pull/3672 CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 NOTE: https://github.com/OpenImageIO/oiio/pull/3672 @@ -43747,8 +43764,8 @@ CVE-2022-42860 RESERVED CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...) NOT-FOR-US: Apple -CVE-2022-42858 - RESERVED +CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...) + TODO: check CVE-2022-42857 RESERVED CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...) @@ -44660,7 +44677,7 @@ CVE-2022-42470 CVE-2022-42469 RESERVED CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} [experimental] - openimageio 2.4.7.1+dfsg-1 - openimageio 2.4.7.1+dfsg-2 (bug #1027808) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635 @@ -44669,17 +44686,18 @@ CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m DELETE_FI ...) NOT-FOR-US: Siretta CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643 NOTE: https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118 NOTE: https://github.com/OpenImageIO/oiio/pull/3632 CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b CVE-2022-41837 (An out-of-bounds write vulnerability exists in the OpenImageIO::add_ex ...) + {DSA-5384-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b @@ -45974,30 +45992,33 @@ CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaus CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...) NOT-FOR-US: SonicJS CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628 NOTE: Prerequisite: https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d NOTE: https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249 CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627 NOTE: https://github.com/OpenImageIO/oiio/pull/3628 CVE-2022-41794 (A heap based buffer overflow vulnerability exists in the PSD thumbnail ...) + {DSA-5384-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41684 (A heap out of bounds read vulnerability exists in the OpenImageIO mast ...) + {DSA-5384-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling of IPTC ...) + {DSA-5384-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decoding cod ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 NOTE: https://github.com/OpenImageIO/oiio/pull/3632 @@ -46008,7 +46029,7 @@ CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenI NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630 NOTE: https://github.com/OpenImageIO/oiio/pull/3620 CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...) - {DLA-3382-1} + {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 NOTE: https://github.com/OpenImageIO/oiio/pull/3624 @@ -46028,8 +46049,8 @@ CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly NOT-FOR-US: HIWIN Robot System Software CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...) NOT-FOR-US: F5 BIG-IP -CVE-2022-41976 - RESERVED +CVE-2022-41976 (An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 buil ...) + TODO: check CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...) NOT-FOR-US: RealVNC CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...) @@ -53522,8 +53543,8 @@ CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and NOT-FOR-US: WordPress plugin CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...) - octoprint <itp> (bug #718591) -CVE-2022-39048 - RESERVED +CVE-2022-39048 (ServiceNow Tokyo allows XSS. ...) + TODO: check CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...) - glibc <not-affected> (Vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29536 @@ -58031,8 +58052,8 @@ CVE-2022-37464 RESERVED CVE-2022-37463 RESERVED -CVE-2022-37462 - RESERVED +CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget i ...) + TODO: check CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...) NOT-FOR-US: Canon Medical Vitrea View CVE-2022-37460 @@ -70568,8 +70589,8 @@ CVE-2022-32873 RESERVED CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple -CVE-2022-32871 - RESERVED +CVE-2022-32871 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check CVE-2022-32870 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32869 @@ -103820,8 +103841,8 @@ CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to NOT-FOR-US: Tenda routers CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers -CVE-2021-45985 - RESERVED +CVE-2021-45985 (In Lua 5.4.3, an erroneous finalizer called during a tail call leads t ...) + TODO: check CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...) {DSA-5173-1 DSA-5127-1} - linux 5.15.15-1 @@ -110327,6 +110348,7 @@ CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux CVE-2021-4022 (A vulnerability was found in rizin. The bug involves an ELF64 binary f ...) NOT-FOR-US: Rizin CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...) + {DLA-3388-1} - keepalived 1:2.2.4-0.2 [bullseye] - keepalived 1:2.1.5-0.2+deb11u1 [stretch] - keepalived <no-dsa> (Minor issue) @@ -171808,8 +171830,8 @@ CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticat NOT-FOR-US: Zenphoto CVE-2020-36078 RESERVED -CVE-2020-36077 - RESERVED +CVE-2020-36077 (SQL injection vulnerability found in Tailor Mangement System v.1 allow ...) + TODO: check CVE-2020-36076 RESERVED CVE-2020-36075 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e61e94059ba2e595044be17d05c8f23b7f088a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e61e94059ba2e595044be17d05c8f23b7f088a9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits