Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d6865ee by security tracker role at 2023-11-20T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar
prior to 5.2 ...)
+ TODO: check
+CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to
5.2.4M (My ...)
+ TODO: check
+CVE-2023-3379 (Wago web-based management of multiple products has a
vulnerability whi ...)
+ TODO: check
CVE-2023-46302
NOT-FOR-US: Apache Submarine
CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman
Nakib Preloa ...)
@@ -266,11 +272,13 @@ CVE-2023-6176 (A null pointer dereference flaw was found
in the Linux kernel API
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2)
CVE-2023-6175 [NetScreen file parser crash]
+ {DSA-5559-1}
- wireshark 4.0.11-1
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404
CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial
of serv ...)
+ {DSA-5559-1}
- wireshark 4.0.11-1
[bullseye] - wireshark <not-affected> (Only affects 4.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-28.html
@@ -7150,7 +7158,7 @@ CVE-2023-3961 (A path traversal vulnerability was
identified in Samba when proce
NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
NOTE: In scope for continued Samba support
CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server
resource consum ...)
- {DSA-5558-1 DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3645-1
DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
+ {DSA-5558-1 DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3656-1
DLA-3645-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
- tomcat9 9.0.70-2
- tomcat10 10.1.14-1
- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
@@ -7842,6 +7850,7 @@ CVE-2023-5374 (A vulnerability classified as critical was
found in SourceCodeste
CVE-2023-5373 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Computer and Laptop Store
CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and
3.6.0 to 3. ...)
+ {DSA-5559-1}
- wireshark 4.0.10-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -8233,7 +8242,7 @@ CVE-2023-5344 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
[buster] - vim <postponed> (Minor issue, 1-byte overflow)
NOTE:
https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
NOTE: https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf
-CVE-2023-5341
+CVE-2023-5341 (A heap use-after-free flaw was found in coders/bmp.c in
ImageMagick.)
- imagemagick 8:6.9.12.98+dfsg1-2
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
(7.1.1-19)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/405684654eb9b43424c3c0276ea343681021d9e0
(6.9.12-97)
@@ -13780,6 +13789,7 @@ CVE-2023-36741 (Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerabi
CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway
1.0.19_T5 ...)
NOT-FOR-US: TechView LA-5570 Wireless Gateway
CVE-2023-2906 (Due to a failure in validating the length provided by an
attacker-craf ...)
+ {DSA-5559-1}
- wireshark 4.0.8-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -14062,18 +14072,21 @@ CVE-2023-XXXX [tryton-server lack of record
validation]
[buster] - tryton-server 5.0.4-2+deb10u2
NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428
CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and
3.6.0 to ...)
+ {DSA-5559-1}
- wireshark 4.0.8-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html
CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial
of serv ...)
+ {DSA-5559-1}
- wireshark 4.0.8-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html
CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and
3.6.0 t ...)
+ {DSA-5559-1}
- wireshark 4.0.8-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -19250,12 +19263,14 @@ CVE-2023-2975 (Issue summary: The AES-SIV cipher
implementation contains a bug t
CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository
froxlor/f ...)
- froxlor <itp> (bug #581792)
CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial
of ser ...)
+ {DSA-5559-1}
- wireshark 4.0.7-1 (bug #1041101)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164
CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to
3.6.14 ...)
+ {DSA-5559-1}
- wireshark 4.0.7-1 (bug #1041101)
[bullseye] - wireshark <not-affected> (Vulnerable code not present)
[buster] - wireshark <not-affected> (Vulnerable code not present)
@@ -27846,7 +27861,7 @@ CVE-2023-40481
[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point
release)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
NOTE:
https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
-CVE-2023-31102 (7-Zip through 22.01 on Linux allows an integer underflow and
code exec ...)
+CVE-2023-31102 (Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and
invalid ...)
- 7zip 23.01+dfsg-1
[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point
release)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
@@ -182043,7 +182058,8 @@ CVE-2021-30477 (An issue was discovered in Zulip
Server before 3.4. A bug in the
- zulip-server <itp> (bug #800052)
CVE-2021-30476 (HashiCorp Terraform\u2019s Vault Provider
(terraform-provider-vault) d ...)
NOT-FOR-US: HashiCorp Terraform Vault Provider
-CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions
before 2.36. ...)
+CVE-2021-3487
+ REJECTED
- binutils 2.37-3 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6865ee9db327e8ac89ab3f5ae3ead9c2b28dc7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6865ee9db327e8ac89ab3f5ae3ead9c2b28dc7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
