Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8ce32759 by Moritz Muehlenhoff at 2023-10-13T16:18:35+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3,7 +3,7 @@ CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/ CVE-2023-5563 (The SJA1000 CAN controller driver backend automatically attempt to rec ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in the sand ...) - - tracker-miners <unfixed> + - tracker-miners <unfixed> (bug #1053881) NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277 NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480 CVE-2023-4562 (Improper Authentication vulnerability in Mitsubishi Electric Corporati ...) @@ -47,9 +47,9 @@ CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/ CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...) NOT-FOR-US: LINE CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...) - - libjson-java <unfixed> - - jenkins-json <unfixed> - - libjettison-java <unfixed> + - libjson-java <unfixed> (bug #1053882) + - jenkins-json <unfixed> (bug #1053883) + - libjettison-java <unfixed> (bug #1053884) NOTE: https://github.com/stleary/JSON-java/issues/758 NOTE: https://github.com/stleary/JSON-java/issues/771 NOTE: https://github.com/stleary/JSON-java/pull/772/ @@ -58,7 +58,7 @@ CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Kayisi CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ...) - - node-undici <unfixed> + - node-undici <unfixed> (bug #1053879) NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp NOTE: https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76 @@ -68,7 +68,7 @@ CVE-2023-45138 (Change Request is an pplication allowing users to request change NOT-FOR-US: XWiki addon CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...) - node-babel <removed> - - node-babel7 <unfixed> + - node-babel7 <unfixed> (bug #1053880) NOTE: github.com: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 NOTE: github.com: https://github.com/babel/babel/pull/16033 NOTE: github.com: https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 @@ -183,7 +183,7 @@ CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilit CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy' ...) NOT-FOR-US: Juniper CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1053878) NOTE: https://github.com/gpac/gpac/issues/2567 NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06 CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) @@ -193,16 +193,16 @@ CVE-2023-40829 (There is an interface unauthorized access vulnerability in the b CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...) NOT-FOR-US: Android CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1053877) NOTE: https://support.zabbix.com/browse/ZBX-23391 CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1053877) NOTE: https://support.zabbix.com/browse/ZBX-23230 CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1053877) NOTE: https://support.zabbix.com/browse/ZBX-23390 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1053877) NOTE: https://support.zabbix.com/browse/ZBX-23389 CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) - vim <unfixed> (unimportant) @@ -212,7 +212,7 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...) NOT-FOR-US: KernelSU CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - - gpac <unfixed> + - gpac <unfixed> (bug #1053878) NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ce3275945321d029103c1bc0f980b2dcf370338 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ce3275945321d029103c1bc0f980b2dcf370338 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits