Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c3f58e5 by security tracker role at 2023-08-30T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2023-4611
+CVE-2023-4609
+ REJECTED
+CVE-2023-4599 (The Slimstat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2023-4597 (The Slimstat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2023-4596 (The Forminator plugin for WordPress is vulnerable to arbitrary
file up ...)
+ TODO: check
+CVE-2023-4526
+ REJECTED
+CVE-2023-4525
+ REJECTED
+CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions
starting ...)
+ TODO: check
+CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into
clicking on ...)
+ TODO: check
+CVE-2023-41269
+ REJECTED
+CVE-2023-41266 (A path traversal vulnerability found in Qlik Sense Enterprise
for Wind ...)
+ TODO: check
+CVE-2023-41265 (An HTTP Request Tunneling vulnerability found in Qlik Sense
Enterprise ...)
+ TODO: check
+CVE-2023-41153 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH
configura ...)
+ TODO: check
+CVE-2023-39559 (AudimexEE 15.0 was discovered to contain a full path
disclosure vulner ...)
+ TODO: check
+CVE-2023-39558 (AudimexEE v15.0 was discovered to contain multiple reflected
cross-sit ...)
+ TODO: check
+CVE-2023-38975 (* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a
remote atta ...)
+ TODO: check
+CVE-2023-38971 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru
v.2.9.7 allo ...)
+ TODO: check
+CVE-2023-32241 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPDevelo ...)
+ TODO: check
+CVE-2023-4611 (A use-after-free flaw was found in mm/mempolicy.c in the memory
manage ...)
- linux 6.4.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -25491,7 +25525,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on
Cairo, a 2D graphics libra
NOTE:
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
NOTE: Introduced in
https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c
(0.3)
CVE-2023-27585 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5438-1 DLA-3394-1}
+ {DSA-5438-1 DLA-3549-1 DLA-3394-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697)
- pjproject <removed>
- ring <unfixed>
@@ -38027,7 +38061,7 @@ CVE-2023-23357
RESERVED
CVE-2023-23356
RESERVED
-CVE-2023-23355 (A vulnerability has been reported to affect QNAP operating
systems. If ...)
+CVE-2023-23355 (An OS command injection vulnerability has been reported to
affect QNAP ...)
NOT-FOR-US: QNAP
CVE-2023-23354
RESERVED
@@ -71192,7 +71226,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK
for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package
Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -94189,7 +94223,7 @@ CVE-2022-31033 (The Mechanize library is used for
automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of
software ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1017005)
@@ -112782,7 +112816,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL
JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -112911,7 +112945,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git
containing Windows-specific pat
NOTE:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
NOTE: See CVE-2022-29187 for further fixes
CVE-2022-24764 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
@@ -112919,7 +112953,7 @@ CVE-2022-24764 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE:
https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -112967,7 +113001,7 @@ CVE-2022-24755 (Bareos is open source software for
backup, archiving, and recove
NOTE: https://github.com/bareos/bareos/pull/1121
NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
CVE-2022-24754 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DLA-2962-1}
+ {DLA-3549-1 DLA-2962-1}
- asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1014998)
@@ -117234,7 +117268,7 @@ CVE-2022-23610 (wire-server provides back end
services for Wire, an open source
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on
Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -117371,14 +117405,14 @@ CVE-2022-23549 (Discourse is an option source
discussion platform. Prior to vers
CVE-2022-23548 (Discourse is an option source discussion platform. Prior to
version 2. ...)
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE:
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
@@ -129762,7 +129796,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC
Driver. A security hole wa
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813
(REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -129773,7 +129807,7 @@ CVE-2022-21723 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE:
https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
CVE-2022-21722 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -130321,7 +130355,7 @@ CVE-2021-43847 (HumHub is an open-source social
network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus
e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication
library. In v ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -130426,7 +130460,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source
tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on
Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -132828,7 +132862,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's
LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE:
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An
attacker ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -132836,7 +132870,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when
calling pjsua_call_dump. An at
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling
pjsua_recorder_create. An ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -132844,7 +132878,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when
calling pjsua_recorder_crea
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling
pjsua_playlist_create. An att ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -132852,7 +132886,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when
calling pjsua_playlist_create.
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling
pjsua_recorder_create. An att ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -132860,7 +132894,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when
calling pjsua_recorder_create.
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create.
An attac ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -149685,7 +149719,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce
platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior
to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -151419,6 +151453,7 @@ CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0
through 2.15.0 has a use-a
CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in
tb_flush_armeb (cal ...)
NOT-FOR-US: Unicorn Engine
CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a
heap-based buffer ...)
+ {DLA-3548-1}
- qpdf 10.1.0-1
[stretch] - qpdf <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
@@ -180291,6 +180326,7 @@ CVE-2021-25788
CVE-2021-25787
RESERVED
CVE-2021-25786 (An issue was discovered in QPDF version 10.0.4, allows remote
attacker ...)
+ {DLA-3548-1}
- qpdf 10.1.0-1
NOTE: https://github.com/qpdf/qpdf/issues/492
NOTE:
https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5
(release-qpdf-10.1.0)
@@ -227278,8 +227314,8 @@ CVE-2020-18914
RESERVED
CVE-2020-18913 (EARCLINK ESPCMS-P8 was discovered to contain a SQL injection
vulnerabi ...)
NOT-FOR-US: EARCLINK ESPCMS-P8
-CVE-2020-18912
- RESERVED
+CVE-2020-18912 (An issue found in Earcms Ear App v.20181124 allows a remote
attacker t ...)
+ TODO: check
CVE-2020-18911
RESERVED
CVE-2020-18910
@@ -338385,6 +338421,7 @@ CVE-2018-18022
CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote
attackers to by ...)
- extplorer <removed>
CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc,
QPDFWriter::unparseObject and ...)
+ {DLA-3548-1}
- qpdf 9.0.0-1
[stretch] - qpdf <no-dsa> (Minor issue)
[jessie] - qpdf <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3f58e52c565879ef0de303fcaf40cb82681a2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3f58e52c565879ef0de303fcaf40cb82681a2b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
