Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2c3f58e5 by security tracker role at 2023-08-30T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,38 @@ -CVE-2023-4611 +CVE-2023-4609 + REJECTED +CVE-2023-4599 (The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2023-4597 (The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2023-4596 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...) + TODO: check +CVE-2023-4526 + REJECTED +CVE-2023-4525 + REJECTED +CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions starting ...) + TODO: check +CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into clicking on ...) + TODO: check +CVE-2023-41269 + REJECTED +CVE-2023-41266 (A path traversal vulnerability found in Qlik Sense Enterprise for Wind ...) + TODO: check +CVE-2023-41265 (An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise ...) + TODO: check +CVE-2023-41153 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...) + TODO: check +CVE-2023-39559 (AudimexEE 15.0 was discovered to contain a full path disclosure vulner ...) + TODO: check +CVE-2023-39558 (AudimexEE v15.0 was discovered to contain multiple reflected cross-sit ...) + TODO: check +CVE-2023-38975 (* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote atta ...) + TODO: check +CVE-2023-38971 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) + TODO: check +CVE-2023-32241 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDevelo ...) + TODO: check +CVE-2023-4611 (A use-after-free flaw was found in mm/mempolicy.c in the memory manage ...) - linux 6.4.11-1 [bookworm] - linux <not-affected> (Vulnerable code not present) [bullseye] - linux <not-affected> (Vulnerable code not present) @@ -25491,7 +25525,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics libra NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3) CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5438-1 DLA-3394-1} + {DSA-5438-1 DLA-3549-1 DLA-3394-1} - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697) - pjproject <removed> - ring <unfixed> @@ -38027,7 +38061,7 @@ CVE-2023-23357 RESERVED CVE-2023-23356 RESERVED -CVE-2023-23355 (A vulnerability has been reported to affect QNAP operating systems. If ...) +CVE-2023-23355 (An OS command injection vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2023-23354 RESERVED @@ -71192,7 +71226,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...) NOT-FOR-US: Makedeb Mist CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5358-1 DLA-3335-1} + {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 - pjproject <removed> - ring 20230206.0~ds1-1 @@ -94189,7 +94223,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5358-1 DLA-3335-1} + {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004) - pjproject <removed> - ring 20230206.0~ds1-1 (bug #1017005) @@ -112782,7 +112816,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...) NOT-FOR-US: Express OpenID Connect CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-3036-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -112911,7 +112945,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/ NOTE: See CVE-2022-29187 for further fixes CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <unfixed> @@ -112919,7 +112953,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-3036-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -112967,7 +113001,7 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove NOTE: https://github.com/bareos/bareos/pull/1121 NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/ CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...) - {DLA-2962-1} + {DLA-3549-1 DLA-2962-1} - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring 20230206.0~ds1-1 (bug #1014998) @@ -117234,7 +117268,7 @@ CVE-2022-23610 (wire-server provides back end services for Wire, an open source CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -117371,14 +117405,14 @@ CVE-2022-23549 (Discourse is an option source discussion platform. Prior to vers CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5358-1 DLA-3335-1} + {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092) - ring 20230206.0~ds1-1 - pjproject <removed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5358-1 DLA-3335-1} + {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092) - ring 20230206.0~ds1-1 - pjproject <removed> @@ -129762,7 +129796,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole wa NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2) CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -129773,7 +129807,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -130321,7 +130355,7 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) NOT-FOR-US: solidus_frontend CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -130426,7 +130460,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) NOT-FOR-US: Solidus CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -132828,7 +132862,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -132836,7 +132870,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -132844,7 +132878,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -132852,7 +132886,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -132860,7 +132894,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -149685,7 +149719,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...) - {DSA-5285-1 DLA-3194-1 DLA-2962-1} + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> @@ -151419,6 +151453,7 @@ CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-a CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...) NOT-FOR-US: Unicorn Engine CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) + {DLA-3548-1} - qpdf 10.1.0-1 [stretch] - qpdf <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 @@ -180291,6 +180326,7 @@ CVE-2021-25788 CVE-2021-25787 RESERVED CVE-2021-25786 (An issue was discovered in QPDF version 10.0.4, allows remote attacker ...) + {DLA-3548-1} - qpdf 10.1.0-1 NOTE: https://github.com/qpdf/qpdf/issues/492 NOTE: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0) @@ -227278,8 +227314,8 @@ CVE-2020-18914 RESERVED CVE-2020-18913 (EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: EARCLINK ESPCMS-P8 -CVE-2020-18912 - RESERVED +CVE-2020-18912 (An issue found in Earcms Ear App v.20181124 allows a remote attacker t ...) + TODO: check CVE-2020-18911 RESERVED CVE-2020-18910 @@ -338385,6 +338421,7 @@ CVE-2018-18022 CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers to by ...) - extplorer <removed> CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...) + {DLA-3548-1} - qpdf 9.0.0-1 [stretch] - qpdf <no-dsa> (Minor issue) [jessie] - qpdf <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3f58e52c565879ef0de303fcaf40cb82681a2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3f58e52c565879ef0de303fcaf40cb82681a2b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits