Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 433b2294 by Moritz Muehlenhoff at 2023-07-14T23:51:27+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -75,13 +75,13 @@ CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug t CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...) - froxlor <itp> (bug #581792) CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...) - - wireshark <unfixed> + - wireshark <unfixed> (bug #1041101) [bookworm] - wireshark <no-dsa> (Minor issue) [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164 CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 ...) - - wireshark <unfixed> + - wireshark <unfixed> (bug #1041101) [bookworm] - wireshark <no-dsa> (Minor issue) [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html @@ -97,13 +97,13 @@ CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for Windows CVE-2023-37839 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) NOT-FOR-US: Dede CMS CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer overflo ...) - - libjpeg <unfixed> + - libjpeg <unfixed> (bug #1041103) [bookworm] - libjpeg <no-dsa> (Minor issue) [bullseye] - libjpeg <no-dsa> (Minor issue) NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG0 NOTE: Fixed by: https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable assertion ...) - - libjpeg <unfixed> + - libjpeg <unfixed> (bug #1041103) [bookworm] - libjpeg <no-dsa> (Minor issue) [bullseye] - libjpeg <no-dsa> (Minor issue) NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG1 @@ -175,16 +175,16 @@ CVE-2023-37744 (Maid Hiring Management System v1.0 was discovered to contain a c CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject Allocati ...) NOT-FOR-US: Teacher Subject Allocation System CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementation of ...) - - cmark-gfm <unfixed> + - cmark-gfm <unfixed> (bug #1041097) [bookworm] - cmark-gfm <no-dsa> (Minor issue) [bullseye] - cmark-gfm <no-dsa> (Minor issue) - - python-cmarkgfm <unfixed> + - python-cmarkgfm <unfixed> (bug #1041098) [bookworm] - python-cmarkgfm <no-dsa> (Minor issue) [bullseye] - python-cmarkgfm <no-dsa> (Minor issue) - - r-cran-commonmark <unfixed> + - r-cran-commonmark <unfixed> (bug #1041099) [bookworm] - r-cran-commonmark <no-dsa> (Minor issue) [bullseye] - r-cran-commonmark <no-dsa> (Minor issue) - - ruby-commonmarker <unfixed> + - ruby-commonmarker <unfixed> (bug #1041100) [bookworm] - ruby-commonmarker <no-dsa> (Minor issue) [bullseye] - ruby-commonmarker <no-dsa> (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5 @@ -231,18 +231,18 @@ CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbit CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: PlatPlay DSr CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #1041109) NOTE: https://github.com/coreruleset/coreruleset/issues/3191 NOTE: https://github.com/coreruleset/coreruleset/pull/3237 CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via ...) NOT-FOR-US: acme.sh CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...) - - qt6-base <unfixed> + - qt6-base <unfixed> (bug #1041104) [bookworm] - qt6-base <no-dsa> (Minor issue) - - qtbase-opensource-src-gles <unfixed> + - qtbase-opensource-src-gles <unfixed> (bug #1041106) [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue) [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue) - - qtbase-opensource-src <unfixed> + - qtbase-opensource-src <unfixed> (bug #1041105) [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue) [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue) - qt4-x11 <removed> @@ -529,7 +529,7 @@ CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...) NOT-FOR-US: WP EasyCart plugin for WordPress CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()] - - qemu <unfixed> + - qemu <unfixed> (bug #1041102) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243 NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) @@ -565,7 +565,7 @@ CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain NOTE: https://github.com/gpac/gpac/issues/2505 NOTE: https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483 CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...) - - apache-jena <unfixed> + - apache-jena <unfixed> (bug #1041108) NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11 CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WP-Members Membership plugin for WordPress @@ -1044,7 +1044,7 @@ CVE-2023-2746 (The Rockwell Automation Enhanced HIM software contains an API t CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis affect ...) NOT-FOR-US: Rockwell CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...) - - opendkim <unfixed> + - opendkim <unfixed> (bug #1041107) NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...) - airflow <itp> (bug #819700) @@ -1206,19 +1206,19 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) - - sox <unfixed> + - sox <unfixed> (bug #1041110) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) - - sox <unfixed> + - sox <unfixed> (bug #1041111) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283 NOTE: https://sourceforge.net/p/sox/bugs/368/ CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) - - sox <unfixed> + - sox <unfixed> (bug #1041112) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 NOTE: https://sourceforge.net/p/sox/bugs/369/ CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) @@ -1242,7 +1242,7 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) - - sox <unfixed> + - sox <unfixed> (bug #1041113) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 NOTE: https://sourceforge.net/p/sox/bugs/370/ CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) @@ -1841,6 +1841,7 @@ CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf CVE-2023-36813 (Kanboard is project management software that focuses on the Kanban met ...) - kanboard 1.2.31+ds-1 (bug #1040265) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx + NOTE: https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...) NOT-FOR-US: Chrome OS CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433b22941315f47b280276d98fe4743b82b71343 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433b22941315f47b280276d98fe4743b82b71343 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits