Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 897de784 by Moritz Mühlenhoff at 2023-07-18T20:47:05+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -124,7 +124,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...) NOT-FOR-US: Open Enclave CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...) - - openrefine <unfixed> + - openrefine <unfixed> (bug #1041422) NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq NOTE: https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the avro cod ...) @@ -318,7 +318,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer over CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...) NOT-FOR-US: Knowage CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...) - - cjose <unfixed> + - cjose <unfixed> (bug #1041423) NOTE: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj NOTE: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2) CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime services fo ...) @@ -885,19 +885,19 @@ CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()] CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: ARMember plugin for WordPress CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1041421) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2514 NOTE: https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345 CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1041421) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2516 NOTE: https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1041421) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2515 @@ -913,7 +913,7 @@ CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerabil CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) NOT-FOR-US: Schneider Electric CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1041421) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2505 @@ -1797,7 +1797,7 @@ CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...) NOT-FOR-US: ThinuTech ThinuCMS CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - - gpac <unfixed> + - gpac <unfixed> (bug #1041421) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/ @@ -2305,12 +2305,12 @@ CVE-2023-36812 (OpenTSDB is a open source, distributed, scalable Time Series Dat CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. ...) NOT-FOR-US: Intelbras CVE-2023-35947 (Gradle is a build tool with a focus on build automation and support fo ...) - - gradle <undetermined> + - gradle <unfixed> (bug #1041424) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842 NOTE: https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 (v8.2.0-RC3) NOTE: https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 (v8.2.0-RC3) CVE-2023-35946 (Gradle is a build tool with a focus on build automation and support fo ...) - - gradle <undetermined> + - gradle <unfixed> (bug #1041424) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v NOTE: https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d (v8.2.0-RC3) NOTE: https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 (v8.2.0-RC3) @@ -2401,12 +2401,12 @@ CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hesti CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...) NOT-FOR-US: IBOS OA CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...) - - hnswlib <unfixed> + - hnswlib <unfixed> (bug #1041426) [bookworm] - hnswlib <no-dsa> (Minor issue) [bullseye] - hnswlib <no-dsa> (Minor issue) NOTE: https://github.com/nmslib/hnswlib/issues/467 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...) - - pacparser <unfixed> + - pacparser <unfixed> (bug #1041425) [bookworm] - pacparser <no-dsa> (Minor issue) [bullseye] - pacparser <no-dsa> (Minor issue) [buster] - pacparser <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897de78450b62479a60a076f6bfe81b550bf4a14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897de78450b62479a60a076f6bfe81b550bf4a14 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits