diff options
author | security tracker role <sectracker@soriano.debian.org> | 2023-05-26 20:12:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2023-05-26 20:12:12 +0000 |
commit | 9ffe64ae8add106b39b7ae1b6d4e97e1ead9c722 (patch) | |
tree | b5976e0d70ba3d8327528be7a703236257aa1467 | |
parent | 5dc6639bcc5a634066eddf01e5ec492ad4b9b43c (diff) |
automatic update
-rw-r--r-- | data/CVE/list | 305 |
1 files changed, 214 insertions, 91 deletions
diff --git a/data/CVE/list b/data/CVE/list index af44a7574a..ecdb7a8ce9 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,29 @@ +CVE-2023-33780 (A stored cross-site scripting (XSS) vulnerability in TFDi Design smart ...) + TODO: check +CVE-2023-33779 (A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows ...) + TODO: check +CVE-2023-33720 (mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4 ...) + TODO: check +CVE-2023-33440 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...) + TODO: check +CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) + TODO: check +CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...) + TODO: check +CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701. User-supplied input ...) + TODO: check +CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...) + TODO: check +CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the web. Cro ...) + TODO: check +CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The django_ses librar ...) + TODO: check +CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Bett ...) + TODO: check +CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the session ...) + TODO: check +CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...) + TODO: check CVE-2023-2854 [experimental] - wireshark 4.0.6-1~exp1 - wireshark <unfixed> @@ -221,7 +247,7 @@ CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite datab CVE-2023-32685 [Clipboard based cross-site scripting (blocked with default CSP)] - kanboard <unfixed> NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv -CVE-2023-32681 [ Unintended leak of Proxy-Authorization header] +CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...) - requests <unfixed> (bug #1036693) NOTE: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q NOTE: Fixed by: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 (v2.31.0) @@ -364,21 +390,25 @@ CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vul CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...) NOT-FOR-US: cu/silicon CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) + {DSA-5411-1} - gpac <unfixed> (bug #1036701) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37 CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.) + {DSA-5411-1} - gpac <unfixed> (bug #1036701) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) + {DSA-5411-1} - gpac <unfixed> (bug #1036701) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) + {DSA-5411-1} - gpac <unfixed> (bug #1036701) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ @@ -507,7 +537,7 @@ CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authe NOT-FOR-US: WordPress plugin CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...) NOT-FOR-US: WordPress plugin -CVE-2023-32323 +CVE-2023-32323 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.74.0-1 NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr @@ -2025,12 +2055,12 @@ CVE-2023-31229 RESERVED CVE-2023-31228 RESERVED -CVE-2023-31227 - RESERVED -CVE-2023-31226 - RESERVED -CVE-2023-31225 - RESERVED +CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...) + TODO: check +CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper permission ...) + TODO: check +CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...) + TODO: check CVE-2023-31194 RESERVED CVE-2023-27390 @@ -2075,26 +2105,26 @@ CVE-2023-2296 RESERVED CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...) NOT-FOR-US: Dataprobe -CVE-2022-48480 - RESERVED -CVE-2022-48479 - RESERVED -CVE-2022-48478 - RESERVED -CVE-2021-46887 - RESERVED -CVE-2021-46886 - RESERVED -CVE-2021-46885 - RESERVED -CVE-2021-46884 - RESERVED -CVE-2021-46883 - RESERVED -CVE-2021-46882 - RESERVED -CVE-2021-46881 - RESERVED +CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...) + TODO: check +CVE-2022-48479 (The facial recognition TA of some products has the out-of-bounds memor ...) + TODO: check +CVE-2022-48478 (The facial recognition TA of some products lacks memory length verific ...) + TODO: check +CVE-2021-46887 (Lack of length check vulnerability in the HW_KEYMASTER module. Success ...) + TODO: check +CVE-2021-46886 (The video framework has memory overwriting caused by addition overflow ...) + TODO: check +CVE-2021-46885 (The video framework has memory overwriting caused by addition overflow ...) + TODO: check +CVE-2021-46884 (The video framework has memory overwriting caused by addition overflow ...) + TODO: check +CVE-2021-46883 (The video framework has memory overwriting caused by addition overflow ...) + TODO: check +CVE-2021-46882 (The video framework has memory overwriting caused by addition overflow ...) + TODO: check +CVE-2021-46881 (The video framework has memory overwriting caused by addition overflow ...) + TODO: check CVE-2023-31224 RESERVED CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...) @@ -2155,8 +2185,7 @@ CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the - check-mk <removed> CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <= 2.1. ...) - check-mk <removed> -CVE-2023-2283 [Authorization bypass in pki_verify_data_signature] - RESERVED +CVE-2023-2283 (A vulnerability was found in libssh, where the authentication check of ...) {DSA-5409-1} - libssh 0.10.5-1 (bug #1035832) [buster] - libssh <not-affected> (Vulnerable code introduced later) @@ -4350,7 +4379,8 @@ CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network pr NOTE: https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7) CVE-2023-2005 RESERVED -CVE-2023-2004 (An integer overflow vulnerability was discovered in Freetype in tt_hva ...) +CVE-2023-2004 + REJECTED - freetype 2.12.1+dfsg-5 (bug #1034612) [bullseye] - freetype <postponed> (Minor issue) [buster] - freetype <postponed> (Minor issue) @@ -4358,8 +4388,7 @@ CVE-2023-2004 (An integer overflow vulnerability was discovered in Freetype in t NOTE: https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611 (VER-2-13-0) CVE-2023-2003 RESERVED -CVE-2023-2002 - RESERVED +CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...) - linux 6.1.27-1 NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3 NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18 @@ -4572,8 +4601,7 @@ CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Managem NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-1982 RESERVED -CVE-2023-1981 [avahi-daemon can be crashed via DBus] - RESERVED +CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...) {DLA-3414-1} - avahi 0.8-10 (bug #1034594) [bullseye] - avahi <no-dsa> (Minor issue) @@ -5301,8 +5329,8 @@ CVE-2023-30147 RESERVED CVE-2023-30146 RESERVED -CVE-2023-30145 - RESERVED +CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...) + TODO: check CVE-2023-30144 RESERVED CVE-2023-30143 @@ -8093,8 +8121,8 @@ CVE-2023-29100 RESERVED CVE-2023-29099 RESERVED -CVE-2023-29098 - RESERVED +CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...) + TODO: check CVE-2023-29097 RESERVED CVE-2023-29096 @@ -8740,8 +8768,7 @@ CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP pack NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1 NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1) NOTE: https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6 (v2.15.8) -CVE-2023-1667 [Potential NULL dereference during rekeying with algorithm guessing] - RESERVED +CVE-2023-1667 (A NULL pointer dereference was found In libssh during re-keying with a ...) {DSA-5409-1} - libssh 0.10.5-1 (bug #1035832) NOTE: https://www.libssh.org/security/advisories/CVE-2023-1667.txt @@ -8828,8 +8855,7 @@ CVE-2023-28894 RESERVED CVE-2023-28893 RESERVED -CVE-2023-1664 - RESERVED +CVE-2023-1664 (A flaw was found in Keycloak. This flaw depends on a non-default confi ...) NOT-FOR-US: Keycloak CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, ...) NOT-FOR-US: Coverity @@ -8853,6 +8879,7 @@ CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.) + {DSA-5411-1} - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 @@ -10273,6 +10300,7 @@ CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-bo CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...) NOT-FOR-US: Watchdog Anti-Virus CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...) + {DSA-5411-1} - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2386 @@ -10282,11 +10310,13 @@ CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...) NOT-FOR-US: MP4v2 CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...) + {DSA-5411-1} - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2387 NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...) + {DSA-5411-1} - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2388 @@ -10584,8 +10614,8 @@ CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.3 NOT-FOR-US: SR-7100V CVE-2023-28387 RESERVED -CVE-2023-28382 - RESERVED +CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...) + TODO: check CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...) NOT-FOR-US: Brother CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...) @@ -12479,7 +12509,7 @@ CVE-2023-27854 CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...) NOT-FOR-US: OpenHarmony CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...) - {DLA-3406-1} + {DSA-5413-1 DLA-3406-1} - sniproxy 0.6.0-2.1 (bug #1033752) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 NOTE: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 (0.6.1) @@ -17634,8 +17664,8 @@ CVE-2023-25978 RESERVED CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...) NOT-FOR-US: WordPress plugin -CVE-2023-25976 - RESERVED +CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) + TODO: check CVE-2023-25975 RESERVED CVE-2023-25974 @@ -17644,8 +17674,8 @@ CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Aposto NOT-FOR-US: WordPress plugin CVE-2023-25972 RESERVED -CVE-2023-25971 - RESERVED +CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...) + TODO: check CVE-2023-25970 RESERVED CVE-2023-25969 @@ -17829,6 +17859,7 @@ CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versi CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in ...) NOT-FOR-US: OpenNMS CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f @@ -18153,8 +18184,8 @@ CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...) NOT-FOR-US: WordPress plugin -CVE-2023-25781 - RESERVED +CVE-2023-25781 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seba ...) + TODO: check CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...) NOT-FOR-US: OpenNMS CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...) @@ -18272,11 +18303,13 @@ CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4. CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...) NOT-FOR-US: WordPress plugin CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a @@ -18844,6 +18877,7 @@ CVE-2023-25642 CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...) - ampache <removed> CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd @@ -19459,14 +19493,14 @@ CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlo NOT-FOR-US: WordPress plugin CVE-2023-25471 RESERVED -CVE-2023-25470 - RESERVED +CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...) + TODO: check CVE-2023-25469 RESERVED CVE-2023-25468 RESERVED -CVE-2023-25467 - RESERVED +CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...) + TODO: check CVE-2023-25466 RESERVED CVE-2023-25465 @@ -20441,8 +20475,8 @@ CVE-2023-25060 RESERVED CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in aval ...) NOT-FOR-US: WordPress plugin -CVE-2023-25058 - RESERVED +CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...) + TODO: check CVE-2023-25057 RESERVED CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...) @@ -20481,16 +20515,16 @@ CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi NOT-FOR-US: WordPress plugin CVE-2023-25039 RESERVED -CVE-2023-25038 - RESERVED +CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...) + TODO: check CVE-2023-25037 RESERVED CVE-2023-25036 RESERVED CVE-2023-25035 RESERVED -CVE-2023-25034 - RESERVED +CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...) + TODO: check CVE-2023-25033 RESERVED CVE-2023-25032 @@ -20499,8 +20533,8 @@ CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-25030 RESERVED -CVE-2023-25029 - RESERVED +CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...) + TODO: check CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...) NOT-FOR-US: WordPress plugin CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) @@ -23485,10 +23519,10 @@ CVE-2023-24010 RESERVED CVE-2023-24009 RESERVED -CVE-2023-24008 - RESERVED -CVE-2023-24007 - RESERVED +CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...) + TODO: check +CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...) + TODO: check CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Softwa ...) NOT-FOR-US: WordPress plugin CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) @@ -24394,8 +24428,8 @@ CVE-2023-23716 RESERVED CVE-2023-23715 RESERVED -CVE-2023-23714 - RESERVED +CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...) + TODO: check CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...) NOT-FOR-US: WordPress plugin CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...) @@ -26038,14 +26072,17 @@ CVE-2023-23147 CVE-2023-23146 RESERVED CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 @@ -26505,8 +26542,8 @@ CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in interfac NOT-FOR-US: OpenEMR CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...) NOT-FOR-US: Hughes -CVE-2023-22970 - RESERVED +CVE-2023-22970 (Bottles before 51.0 mishandles YAML load, which allows remote code exe ...) + TODO: check CVE-2023-22969 RESERVED CVE-2023-22968 @@ -27345,10 +27382,10 @@ CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine. NOT-FOR-US: BlogEngine.NET CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...) NOT-FOR-US: BlogEngine.NET -CVE-2023-0117 - RESERVED -CVE-2023-0116 - RESERVED +CVE-2023-0117 (The online authentication provided by the hwKitAssistant lacks strict ...) + TODO: check +CVE-2023-0116 (The reminder module lacks an authentication mechanism for broadcasts r ...) + TODO: check CVE-2023-0115 REJECTED CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...) @@ -27858,8 +27895,8 @@ CVE-2023-22695 RESERVED CVE-2023-22694 RESERVED -CVE-2023-22693 - RESERVED +CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...) + TODO: check CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...) NOT-FOR-US: WordPress plugin CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) @@ -30894,26 +30931,31 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h NOTE: https://github.com/strukturag/libde265/issues/368 NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10) CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2360 NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0) CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2359 NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0) CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2358 NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0) CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2357 NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0) CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2354 @@ -30925,6 +30967,7 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer ov NOTE: https://github.com/gpac/gpac/issues/2356 NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0) CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2355 @@ -33855,11 +33898,13 @@ CVE-2022-47097 CVE-2022-47096 RESERVED CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2346 NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0) CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2345 @@ -33877,6 +33922,7 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer ove NOTE: https://github.com/gpac/gpac/issues/2347 NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0) CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2343 @@ -33902,6 +33948,7 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in g NOTE: https://github.com/gpac/gpac/issues/2339 NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2337 @@ -34199,8 +34246,8 @@ CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Helmet Store Showroom Site -CVE-2022-46945 - RESERVED +CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read ...) + TODO: check CVE-2022-46944 RESERVED CVE-2022-46943 @@ -36456,6 +36503,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8) CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2333 @@ -39268,7 +39316,7 @@ CVE-2022-45377 RESERVED CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...) NOT-FOR-US: Wordpress plugin -CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slid ...) +CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-45374 RESERVED @@ -39329,6 +39377,7 @@ CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as d CVE-2022-45344 RESERVED CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2315 @@ -39453,6 +39502,7 @@ CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9 CVE-2022-45284 RESERVED CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2295 @@ -39621,6 +39671,7 @@ CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain CVE-2022-45203 RESERVED CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2296 @@ -39847,6 +39898,7 @@ CVE-2022-3959 (A vulnerability, which was classified as problematic, has been fo CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar exten ...) NOT-FOR-US: BlueSpiceUserSidebar extension of BlueSpice CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) NOTE: https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb NOTE: Negligible security impact @@ -42446,11 +42498,10 @@ CVE-2023-20885 RESERVED CVE-2023-20884 RESERVED -CVE-2023-20883 - RESERVED +CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...) NOT-FOR-US: Spring Boot -CVE-2023-20882 - RESERVED +CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and prior to 0. ...) + TODO: check CVE-2023-20881 (Cloud foundry instances having CAPI version between 1.140 and 1.152.0 ...) TODO: check CVE-2023-20880 (VMware Aria Operations contains a privilege escalation vulnerability. ...) @@ -42477,8 +42528,7 @@ CVE-2023-20870 (VMware Workstation and Fusion contain an out-of-bounds read vuln NOT-FOR-US: VMware CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-bas ...) NOT-FOR-US: VMware -CVE-2023-20868 - RESERVED +CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...) NOT-FOR-US: VMware CVE-2023-20867 RESERVED @@ -47817,6 +47867,7 @@ CVE-2022-43257 CVE-2022-43256 (SeaCms before v12.6 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: SeaCms CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) NOTE: https://github.com/gpac/gpac/issues/2285 NOTE: https://github.com/gpac/gpac/commit/d82e1340d7fd5ceea205e0f173500102f3237eb4 @@ -54694,6 +54745,7 @@ CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) + {DSA-5411-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ @@ -57980,8 +58032,7 @@ CVE-2022-39375 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is - glpi <removed> (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-fxcx-93fq-8r9g NOTE: Only supported behind an authenticated HTTP zone -CVE-2022-39374 - RESERVED +CVE-2022-39374 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.68.0-1 NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7 @@ -58085,8 +58136,7 @@ CVE-2022-39337 RESERVED CVE-2022-39336 RESERVED -CVE-2022-39335 - RESERVED +CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.69.0-1 NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv @@ -60551,6 +60601,7 @@ CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discov CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...) NOT-FOR-US: FPT router CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1019595) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2216 @@ -67013,11 +67064,13 @@ CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote atta CVE-2022-36192 RESERVED CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1019595) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2218 NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1019595) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2220 @@ -67185,6 +67238,7 @@ CVE-2022-36128 CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The ...) NOT-FOR-US: Apache SkyWalking CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1015788) [buster] - gpac <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f @@ -81439,6 +81493,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979.) NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979) NOTE: Crash in CLI tool, no security impact CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -85745,6 +85800,7 @@ CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escala CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...) NOT-FOR-US: Dingtian CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -85938,6 +85994,7 @@ CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...) NOT-FOR-US: RESI Gemini-Net CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -88640,6 +88697,7 @@ CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prior to ...) - phpipam <itp> (bug #731713) CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -92572,6 +92630,7 @@ CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that imag CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...) NOT-FOR-US: microweber CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -93140,6 +93199,7 @@ CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to NOTE: https://github.com/gpac/gpac/issues/2067 NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0) CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -93153,6 +93213,7 @@ CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overf NOTE: https://github.com/gpac/gpac/issues/2120 NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0) CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -93568,6 +93629,7 @@ CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN an CVE-2022-26968 RESERVED CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1007224) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -100670,12 +100732,14 @@ CVE-2022-24580 CVE-2022-24579 RESERVED CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/ NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0) CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -100698,6 +100762,7 @@ CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/ NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0) CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -109111,6 +109176,7 @@ CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to NOTE: https://github.com/WebAssembly/binaryen/issues/4411 NOTE: Crash in CLI tool, no security impact CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -109121,6 +109187,7 @@ CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the pr NOTE: https://github.com/WebAssembly/binaryen/issues/4391 NOTE: Crash in CLI tool, no security impact CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -109131,60 +109198,70 @@ CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to NOTE: https://github.com/WebAssembly/binaryen/issues/4412 NOTE: Crash in CLI tool, no security impact CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2008 NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0) CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2005 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2007 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2006 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2001 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2002 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2004 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2003 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1999 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -110106,6 +110183,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13. NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -110247,6 +110325,7 @@ CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src CVE-2021-45768 RESERVED CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -110257,18 +110336,21 @@ CVE-2021-45766 CVE-2021-45765 RESERVED CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1971 NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0) CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1974 NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0) CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -110277,6 +110359,7 @@ CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...) NOT-FOR-US: ROPium CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -111915,6 +111998,7 @@ CVE-2021-45299 CVE-2021-45298 RESERVED CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -111933,12 +112017,14 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104) NOTE: Crash in CLI tool, no security impact CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1958 NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0) CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -112005,6 +112091,7 @@ CVE-2021-45269 CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...) - backdrop <itp> (bug #914257) CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -112022,12 +112109,14 @@ CVE-2021-45265 CVE-2021-45264 RESERVED CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1975 NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0) CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -114895,6 +114984,7 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie - openssl <not-affected> (Vulnerable code not present) NOTE: https://www.openssl.org/news/secadv/20211214.txt CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0) [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0) @@ -126883,6 +126973,7 @@ CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/co CVE-2021-41460 (ECShop 4.1.0 has SQL injection vulnerability, which can be exploited b ...) NOT-FOR-US: ECShop CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -126895,12 +126986,14 @@ CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/u NOTE: https://github.com/gpac/gpac/issues/1910 NOTE: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0) CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1909 NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 (v2.0.0) CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -128191,6 +128284,7 @@ CVE-2021-40946 CVE-2021-40945 RESERVED CVE-2021-40944 (In GPAC MP4Box 1.1.0, there is a Null pointer reference in the functio ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1906 @@ -129019,11 +129113,13 @@ CVE-2021-40611 CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...) NOT-FOR-US: emlog CVE-2021-40609 (The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a d ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1894 NOTE: https://github.com/gpac/gpac/commit/86c1566f040b2b84c72afcb6cbd444c5aff56cfe (v2.0.0) CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers t ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1883 @@ -129034,6 +129130,7 @@ CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cau NOTE: https://github.com/gpac/gpac/issues/1879 NOTE: https://github.com/gpac/gpac/commit/f19668964bf422cf5a63e4dbe1d3c6c75edadcbb (v2.0.0) CVE-2021-40606 (The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1885 @@ -129065,6 +129162,7 @@ CVE-2021-40594 CVE-2021-40593 RESERVED CVE-2021-40592 (GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (v ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -129103,18 +129201,21 @@ CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability wa CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1904 NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec (v2.0.0) CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1905 NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0) CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -129127,66 +129228,77 @@ CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability NOTE: https://github.com/gpac/gpac/issues/1891 NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1893 NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 (v2.0.0) CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1895 NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 (v2.0.0) CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1899 NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 (v2.0.0) CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1890 NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1900 NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 (v2.0.0) CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1889 NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1887 NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 (v2.0.0) CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1902 NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b (v2.0.0) CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1898 NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 (v2.0.0) CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1892 NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 (v2.0.0) CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -129197,6 +129309,7 @@ CVE-2021-40561 CVE-2021-40560 RESERVED CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -139646,6 +139759,7 @@ CVE-2021-36419 CVE-2021-36418 RESERVED CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -139656,6 +139770,7 @@ CVE-2021-36416 CVE-2021-36415 RESERVED CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -139664,6 +139779,7 @@ CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in G CVE-2021-36413 RESERVED CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) @@ -147130,6 +147246,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attack [buster] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/ CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -147137,11 +147254,13 @@ CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in NOTE: https://github.com/gpac/gpac/issues/1785 NOTE: Negligible security impact CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5 NOTE: https://github.com/gpac/gpac/issues/1784 NOTE: Negligible security impact CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -147149,6 +147268,7 @@ CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC NOTE: https://github.com/gpac/gpac/issues/1783 NOTE: Negligible security impact CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -147167,6 +147287,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i NOTE: https://github.com/gpac/gpac/issues/1780 NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57 CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) + {DSA-5411-1} - gpac <unfixed> (unimportant) [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -176279,6 +176400,7 @@ CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist with NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b NOTE: https://github.com/gpac/gpac/issues/1814 CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-5411-1} - gpac 1.0.1+dfsg1-5 [buster] - gpac <not-affected> (Vulnerable code not present) [stretch] - gpac <not-affected> (Vulnerable code not present) @@ -177608,6 +177730,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b NOTE: https://github.com/gpac/gpac/issues/1659 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...) + {DSA-5411-1} - gpac 2.0.0+dfsg1-2 (bug #987374; bug #990691) [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0) |