Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e61e940 by security tracker role at 2023-04-10T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-30467
+ RESERVED
+CVE-2023-30466
+ RESERVED
+CVE-2023-30465
+ RESERVED
+CVE-2023-1972
+ RESERVED
+CVE-2023-1971 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2023-1969 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2023-1968
+ RESERVED
+CVE-2023-1967
+ RESERVED
+CVE-2023-1966
+ RESERVED
+CVE-2023-1965
+ RESERVED
CVE-2023-30464
RESERVED
CVE-2023-30463
@@ -29,8 +51,8 @@ CVE-2023-1964 (A vulnerability classified as critical has
been found in PHPGuruk
NOT-FOR-US: PHPGurukul Bank Locker Management System
CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management
System ...)
NOT-FOR-US: PHPGurukul Bank Locker Management System
-CVE-2018-25084
- RESERVED
+CVE-2018-25084 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
CVE-2023-30451
RESERVED
CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the
redpanda.rpc_server_tls f ...)
@@ -75,8 +97,8 @@ CVE-2023-30431
RESERVED
CVE-2023-30430
RESERVED
-CVE-2015-10100
- RESERVED
+CVE-2015-10100 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and
classifi ...)
NOT-FOR-US: Dart http_server
CVE-2014-125097 (A vulnerability, which was classified as problematic, was
found in Bes ...)
@@ -1923,8 +1945,8 @@ CVE-2023-1944
RESERVED
CVE-2023-1943
RESERVED
-CVE-2015-10099
- RESERVED
+CVE-2015-10099 (A vulnerability classified as critical has been found in CP
Appointmen ...)
+ TODO: check
CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It
has been ...)
NOT-FOR-US: WordPress plugin
CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7.
It has be ...)
@@ -2466,10 +2488,10 @@ CVE-2023-29378
RESERVED
CVE-2023-29377
RESERVED
-CVE-2023-29376
- RESERVED
-CVE-2023-29375
- RESERVED
+CVE-2023-29376 (An issue was discovered in Progress Sitefinity 13.3 before
13.3.7647, ...)
+ TODO: check
+CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before
13.3.7647, ...)
+ TODO: check
CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows
prompt inj ...)
NOT-FOR-US: LangChain
CVE-2023-29373
@@ -2915,11 +2937,9 @@ CVE-2023-1809
RESERVED
CVE-2023-1808
RESERVED
-CVE-2023-29216
- RESERVED
+CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not
effectivel ...)
NOT-FOR-US: Apache Linkis
-CVE-2023-29215
- RESERVED
+CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective
filtering of ...)
NOT-FOR-US: Apache Linkis
CVE-2023-29214
RESERVED
@@ -5240,8 +5260,8 @@ CVE-2023-28490
RESERVED
CVE-2023-28489
RESERVED
-CVE-2023-1478
- RESERVED
+CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate
the ge ...)
+ TODO: check
CVE-2023-1477
RESERVED
CVE-2023-1476
@@ -5361,10 +5381,10 @@ CVE-2023-1428
RESERVED
CVE-2023-1427
RESERVED
-CVE-2023-1426
- RESERVED
-CVE-2023-1425
- RESERVED
+CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure
that posts ...)
+ TODO: check
+CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for
WordPress | Aw ...)
+ TODO: check
CVE-2023-28488
RESERVED
CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in
sudoreplay ou ...)
@@ -5781,8 +5801,8 @@ CVE-2023-1408
RESERVED
CVE-2023-1407 (A vulnerability classified as critical was found in
SourceCodester Stu ...)
NOT-FOR-US: SourceCodester
-CVE-2023-1406
- RESERVED
+CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded
files ...)
+ TODO: check
CVE-2022-48420
RESERVED
CVE-2022-48419
@@ -6191,8 +6211,8 @@ CVE-2023-27389
RESERVED
CVE-2023-23575
RESERVED
-CVE-2023-1381
- RESERVED
+CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate
image ...)
+ TODO: check
CVE-2022-48402
RESERVED
CVE-2022-48401
@@ -6271,10 +6291,10 @@ CVE-2023-28208
RESERVED
CVE-2023-28207
RESERVED
-CVE-2023-28206
- RESERVED
-CVE-2023-28205
- RESERVED
+CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2023-28205 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2023-28204
RESERVED
CVE-2023-28203
@@ -7016,8 +7036,7 @@ CVE-2023-27989
RESERVED
CVE-2023-27988
RESERVED
-CVE-2023-27987
- RESERVED
+CVE-2023-27987 (In Apache Linkis <=1.3.1, due to the default token
generated by Lin ...)
NOT-FOR-US: Apache Linkis
CVE-2023-1297
RESERVED
@@ -8052,8 +8071,8 @@ CVE-2023-27652
RESERVED
CVE-2023-27651
RESERVED
-CVE-2023-27650
- RESERVED
+CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88
allows a ...)
+ TODO: check
CVE-2023-27649
RESERVED
CVE-2023-27648
@@ -8166,11 +8185,9 @@ CVE-2023-1178
RESERVED
CVE-2023-27604
RESERVED
-CVE-2023-27603
- RESERVED
+CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module
engineConn mate ...)
NOT-FOR-US: Apache Linkis
-CVE-2023-27602
- RESERVED
+CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module uploads
files wi ...)
NOT-FOR-US: Apache Linkis
CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository
mlflow/mlflow prio ...)
NOT-FOR-US: mlflow
@@ -8829,12 +8846,12 @@ CVE-2023-1124 (The Shopping Cart & eCommerce Store
WordPress plugin before 5
NOT-FOR-US: WordPress plugin
CVE-2023-1123
RESERVED
-CVE-2023-1122
- RESERVED
-CVE-2023-1121
- RESERVED
-CVE-2023-1120
- RESERVED
+CVE-2023-1122 (The Simple Giveaways WordPress plugin before 2.45.1 does not
sanitise ...)
+ TODO: check
+CVE-2023-1121 (The Simple Giveaways WordPress plugin before 2.45.1 does not
sanitise ...)
+ TODO: check
+CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not
sanitise ...)
+ TODO: check
CVE-2023-1119
RESERVED
CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared
receiver ...)
@@ -9864,8 +9881,8 @@ CVE-2023-26988
RESERVED
CVE-2023-26987
RESERVED
-CVE-2023-26986
- RESERVED
+CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote
attackers ...)
+ TODO: check
CVE-2023-26985
RESERVED
CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4
allows at ...)
@@ -10005,8 +10022,8 @@ CVE-2023-26921 (OS Command Injection vulnerability in
quectel AG550QCN allows at
NOT-FOR-US: quectel
CVE-2023-26920
RESERVED
-CVE-2023-26919
- RESERVED
+CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to
sandbox escap ...)
+ TODO: check
CVE-2023-26918
RESERVED
CVE-2023-26917
@@ -10124,8 +10141,8 @@ CVE-2023-26862
RESERVED
CVE-2023-26861
RESERVED
-CVE-2023-26860
- RESERVED
+CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget
v.1.0.3 and b ...)
+ TODO: check
CVE-2023-26859
RESERVED
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6
allows a r ...)
@@ -10268,8 +10285,8 @@ CVE-2023-26790
RESERVED
CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to
Reflected ...)
NOT-FOR-US: Veritas
-CVE-2023-26788
- RESERVED
+CVE-2023-26788 (Veritas Appliance v4.1.0.1 is affected by Host Header
Injection attack ...)
+ TODO: check
CVE-2023-26787
RESERVED
CVE-2023-26786
@@ -10296,8 +10313,8 @@ CVE-2023-26776 (Cross Site Scripting vulnerability
found in Monitorr v.1.7.6 all
NOT-FOR-US: Monitorr
CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a
remote at ...)
NOT-FOR-US: Monitorr
-CVE-2023-26774
- RESERVED
+CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows
a remot ...)
+ TODO: check
CVE-2023-26773
RESERVED
CVE-2023-26772
@@ -11157,8 +11174,8 @@ CVE-2023-0985
RESERVED
CVE-2023-0984
RESERVED
-CVE-2023-0983
- RESERVED
+CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before
7.9.0 does ...)
+ TODO: check
CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class
Registration Sy ...)
NOT-FOR-US: SourceCodester Yoga Class Registration System
CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class
Registration Sy ...)
@@ -12530,8 +12547,8 @@ CVE-2023-0895 (The WP Coder – add custom html,
css and js code plugin for
NOT-FOR-US: WordPress plugin
CVE-2023-0894
RESERVED
-CVE-2023-0893
- RESERVED
+CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not
sanitise and e ...)
+ TODO: check
CVE-2023-0892
RESERVED
CVE-2023-0891
@@ -12610,8 +12627,8 @@ CVE-2023-0876 (The WP Meta SEO WordPress plugin before
4.5.3 does not authorize
NOT-FOR-US: WordPress plugin
CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly
saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0874
- RESERVED
+CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize
and escap ...)
+ TODO: check
CVE-2023-0873
RESERVED
CVE-2023-25932
@@ -14430,8 +14447,8 @@ CVE-2023-25394
RESERVED
CVE-2023-25393
RESERVED
-CVE-2023-25392
- RESERVED
+CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL
Certificate ...)
+ TODO: check
CVE-2023-25391
RESERVED
CVE-2023-25390
@@ -15792,8 +15809,8 @@ CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in
GitHub repository projects
NOT-FOR-US: ProjectSend
CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository
ampache/am ...)
- ampache <removed>
-CVE-2023-0605
- RESERVED
+CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0
does not ...)
+ TODO: check
CVE-2023-0604
RESERVED
CVE-2023-0603
@@ -16591,8 +16608,8 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before
2.5.9.4 does not sanitiz
NOT-FOR-US: WordPress plugin
CVE-2023-0547
RESERVED
-CVE-2023-0546
- RESERVED
+CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not
proper ...)
+ TODO: check
CVE-2023-0545
RESERVED
CVE-2023-0544
@@ -17787,8 +17804,8 @@ CVE-2023-24183
RESERVED
CVE-2023-24182
RESERVED
-CVE-2023-24181
- RESERVED
+CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was
discovered to c ...)
+ TODO: check
CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in
the loa ...)
- libelfin <unfixed> (bug #1033741)
[bookworm] - libelfin <no-dsa> (Minor issue)
@@ -18315,10 +18332,10 @@ CVE-2023-0425
RESERVED
CVE-2023-0424
RESERVED
-CVE-2023-0423
- RESERVED
-CVE-2023-0422
- RESERVED
+CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does
not sa ...)
+ TODO: check
+CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not
properly s ...)
+ TODO: check
CVE-2023-0421
RESERVED
CVE-2023-0420
@@ -18977,8 +18994,8 @@ CVE-2023-0365 (The React Webcam WordPress plugin
through 1.2.0 does not validate
NOT-FOR-US: WordPress plugin
CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate
and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0363
- RESERVED
+CVE-2023-0363 (The Scheduled Announcements Widget WordPress plugin before 1.0
does no ...)
+ TODO: check
CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange
message ...)
@@ -21696,10 +21713,10 @@ CVE-2023-0159 (The Extensive VC Addons for WPBakery
page builder WordPress plugi
NOT-FOR-US: WordPress plugin
CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository
content ...)
NOT-FOR-US: NLnet Labs Krill
-CVE-2023-0157
- RESERVED
-CVE-2023-0156
- RESERVED
+CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5
does not ...)
+ TODO: check
+CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5
does not ...)
+ TODO: check
CVE-2023-0155
RESERVED
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate
and esca ...)
@@ -23591,8 +23608,8 @@ CVE-2022-4829 (The Show-Hide / Collapse-Expand
WordPress plugin through 1.2.5 do
NOT-FOR-US: WordPress plugin
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not
validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4827
- RESERVED
+CVE-2022-4827 (The WP Tiles WordPress plugin through 1.1.2 does not validate
and esca ...)
+ TODO: check
CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate
and esc ...)
@@ -29729,10 +29746,10 @@ CVE-2022-46719
RESERVED
CVE-2022-46718
RESERVED
-CVE-2022-46717
- RESERVED
-CVE-2022-46716
- RESERVED
+CVE-2022-46717 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2022-46716 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2022-46715
RESERVED
CVE-2022-46714
@@ -29745,8 +29762,8 @@ CVE-2022-46711
RESERVED
CVE-2022-46710
RESERVED
-CVE-2022-46709
- RESERVED
+CVE-2022-46709 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2022-46708
RESERVED
CVE-2022-46707
@@ -29757,8 +29774,8 @@ CVE-2022-46705 (A spoofing issue existed in the
handling of URLs. This issue was
NOT-FOR-US: Apple
CVE-2022-46704 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2022-46703
- RESERVED
+CVE-2022-46703 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2022-46702 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-46701 (The issue was addressed with improved bounds checks. This
issue is fix ...)
@@ -41415,63 +41432,63 @@ CVE-2022-43605 (An out-of-bounds write vulnerability
exists in the SetAttributeL
CVE-2022-43604 (An out-of-bounds write vulnerability exists in the
GetAttributeList at ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2022-43603 (A denial of service vulnerability exists in the
ZfileOutput::close() f ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
[experimental] - openimageio 2.4.7.1+dfsg-1
- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657
NOTE: https://github.com/OpenImageIO/oiio/pull/3670
CVE-2022-43602 (Multiple code execution vulnerabilities exist in the
IFFOutput::close( ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43601 (Multiple code execution vulnerabilities exist in the
IFFOutput::close( ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43600 (Multiple code execution vulnerabilities exist in the
IFFOutput::close( ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43599 (Multiple code execution vulnerabilities exist in the
IFFOutput::close( ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the
IFFOutput alig ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the
IFFOutput alig ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43596 (An information disclosure vulnerability exists in the
IFFOutput channe ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image
output c ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
NOTE: https://github.com/OpenImageIO/oiio/pull/3673
CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image
output c ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
NOTE: https://github.com/OpenImageIO/oiio/pull/3673
CVE-2022-43593 (A denial of service vulnerability exists in the
DPXOutput::close() fun ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
NOTE: https://github.com/OpenImageIO/oiio/pull/3672
CVE-2022-43592 (An information disclosure vulnerability exists in the
DPXOutput::close ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
NOTE: https://github.com/OpenImageIO/oiio/pull/3672
@@ -43747,8 +43764,8 @@ CVE-2022-42860
RESERVED
CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable
code. This i ...)
NOT-FOR-US: Apple
-CVE-2022-42858
- RESERVED
+CVE-2022-42858 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2022-42857
RESERVED
CVE-2022-42856 (A type confusion issue was addressed with improved state
handling. Thi ...)
@@ -44660,7 +44677,7 @@ CVE-2022-42470
CVE-2022-42469
RESERVED
CVE-2022-41999 (A denial of service vulnerability exists in the DDS native
tile readin ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
[experimental] - openimageio 2.4.7.1+dfsg-1
- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
@@ -44669,17 +44686,18 @@ CVE-2022-41999 (A denial of service vulnerability
exists in the DDS native tile
CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m
DELETE_FI ...)
NOT-FOR-US: Siretta
CVE-2022-41988 (An information disclosure vulnerability exists in the
OpenImageIO::dec ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
NOTE:
https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118
NOTE: https://github.com/OpenImageIO/oiio/pull/3632
CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline
parsing func ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
NOTE:
https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b
CVE-2022-41837 (An out-of-bounds write vulnerability exists in the
OpenImageIO::add_ex ...)
+ {DSA-5384-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636
NOTE:
https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
@@ -45974,30 +45992,33 @@ CVE-2022-42003 (In FasterXML jackson-databind before
2.14.0-rc1, resource exhaus
CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the
following muta ...)
NOT-FOR-US: SonicJS
CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA
file for ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
NOTE: Prerequisite:
https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d
NOTE:
https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249
CVE-2022-41977 (An out of bounds read vulnerability exists in the way
OpenImageIO vers ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
NOTE: https://github.com/OpenImageIO/oiio/pull/3628
CVE-2022-41794 (A heap based buffer overflow vulnerability exists in the PSD
thumbnail ...)
+ {DSA-5384-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626
NOTE:
https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
CVE-2022-41684 (A heap out of bounds read vulnerability exists in the
OpenImageIO mast ...)
+ {DSA-5384-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632
NOTE:
https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling
of IPTC ...)
+ {DSA-5384-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631
NOTE:
https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile
decoding cod ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633
NOTE: https://github.com/OpenImageIO/oiio/pull/3632
@@ -46008,7 +46029,7 @@ CVE-2022-38143 (A heap out-of-bounds write
vulnerability exists in the way OpenI
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630
NOTE: https://github.com/OpenImageIO/oiio/pull/3620
CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA
format parse ...)
- {DLA-3382-1}
+ {DSA-5384-1 DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
NOTE: https://github.com/OpenImageIO/oiio/pull/3624
@@ -46028,8 +46049,8 @@ CVE-2022-3382 (HIWIN Robot System Software version
3.3.21.9869 does not properly
NOT-FOR-US: HIWIN Robot System Software
CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x
before 16.1. ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2022-41976
- RESERVED
+CVE-2022-41976 (An privilege escalation issue was discovered in Scada-LTS
2.7.1.1 buil ...)
+ TODO: check
CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before
6.22.826 on Win ...)
NOT-FOR-US: RealVNC
CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local
users to ...)
@@ -53522,8 +53543,8 @@ CVE-2022-3069 (The WordLift WordPress plugin before
3.37.2 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2022-3068 (Improper Privilege Management in GitHub repository
octoprint/octoprint ...)
- octoprint <itp> (bug #718591)
-CVE-2022-39048
- RESERVED
+CVE-2022-39048 (ServiceNow Tokyo allows XSS. ...)
+ TODO: check
CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36.
When the sy ...)
- glibc <not-affected> (Vulnerable code introduced later)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29536
@@ -58031,8 +58052,8 @@ CVE-2022-37464
RESERVED
CVE-2022-37463
RESERVED
-CVE-2022-37462
- RESERVED
+CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat
gadget i ...)
+ TODO: check
CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon
Medical V ...)
NOT-FOR-US: Canon Medical Vitrea View
CVE-2022-37460
@@ -70568,8 +70589,8 @@ CVE-2022-32873
RESERVED
CVE-2022-32872 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2022-32871
- RESERVED
+CVE-2022-32871 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2022-32870 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32869
@@ -103820,8 +103841,8 @@ CVE-2021-45987 (Tenda routers G1 and G3
v15.11.0.17(9502)_CN were discovered to
NOT-FOR-US: Tenda routers
CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered
to contai ...)
NOT-FOR-US: Tenda routers
-CVE-2021-45985
- RESERVED
+CVE-2021-45985 (In Lua 5.4.3, an erroneous finalizer called during a tail call
leads t ...)
+ TODO: check
CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux
kernel's c ...)
{DSA-5173-1 DSA-5127-1}
- linux 5.15.15-1
@@ -110327,6 +110348,7 @@ CVE-2021-4023 (A flaw was found in the io-workqueue
implementation in the Linux
CVE-2021-4022 (A vulnerability was found in rizin. The bug involves an ELF64
binary f ...)
NOT-FOR-US: Rizin
CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not
sufficiently re ...)
+ {DLA-3388-1}
- keepalived 1:2.2.4-0.2
[bullseye] - keepalived 1:2.1.5-0.2+deb11u1
[stretch] - keepalived <no-dsa> (Minor issue)
@@ -171808,8 +171830,8 @@ CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7
is affected by authenticat
NOT-FOR-US: Zenphoto
CVE-2020-36078
RESERVED
-CVE-2020-36077
- RESERVED
+CVE-2020-36077 (SQL injection vulnerability found in Tailor Mangement System
v.1 allow ...)
+ TODO: check
CVE-2020-36076
RESERVED
CVE-2020-36075
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e61e94059ba2e595044be17d05c8f23b7f088a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e61e94059ba2e595044be17d05c8f23b7f088a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
