diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2023-12-22 13:32:01 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2023-12-22 13:36:37 +0100 |
commit | 91d80e700e3a55e4484e8a27dfea9f0d392655fd (patch) | |
tree | f9060cc3b93c301bfa0c7769cea4415c992ffd5c /data | |
parent | 0d7e9e56f7461f9b2e19bf065924c517244f4619 (diff) |
bugnums
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/data/CVE/list b/data/CVE/list index 48083765ef..41cdb35f69 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -386,7 +386,7 @@ CVE-2023-41166 (An issue was discovered in Stormshield Network Security (SNS) 3. CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...) NOT-FOR-US: Transformers CVE-2023-7008 [Unsigned name response in signed zone is not refused when DNSSEC=yes] - - systemd <unfixed> + - systemd <unfixed> (bug #1059278) [bookworm] - systemd <no-dsa> (Minor issue) [bullseye] - systemd <no-dsa> (Minor issue) [buster] - systemd <postponed> (Minor issue, should be fixed after newer releases are done) @@ -1033,7 +1033,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun - proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144) [bookworm] - proftpd-dfsg <no-dsa> (Minor issue) [bullseye] - proftpd-dfsg <no-dsa> (Minor issue) - - proftpd-mod-proxy <unfixed> + - proftpd-mod-proxy <unfixed> (bug #1059290) - putty 0.80-1 - python-asyncssh <unfixed> (bug #1059007) - tinyssh 20230101-4 (bug #1059058; unimportant) @@ -1777,11 +1777,11 @@ CVE-2023-50564 (An arbitrary file upload vulnerability in the component /inc/mod CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: Semcms CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) - - cjson <unfixed> + - cjson <unfixed> (bug #1059287) NOTE: https://github.com/DaveGamble/cJSON/issues/803 NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) - - cjson <unfixed> + - cjson <unfixed> (bug #1059287) NOTE: https://github.com/DaveGamble/cJSON/issues/802 NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -1920,7 +1920,7 @@ CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an I CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to ...) NOT-FOR-US: Dokmee ECM CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...) - - shiro <unfixed> + - shiro <unfixed> (bug #1059288) [bookworm] - shiro <no-dsa> (Minor issue) [bullseye] - shiro <no-dsa> (Minor issue) [buster] - shiro <no-dsa> (Minor issue) @@ -3264,14 +3264,14 @@ CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-si CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) NOT-FOR-US: DedeCMS CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1059275) NOTE: https://github.com/strukturag/libde265/issues/432 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1059275) NOTE: https://github.com/strukturag/libde265/issues/434 CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1059275) NOTE: https://github.com/strukturag/libde265/issues/435 CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif <unfixed> (bug #1059151) @@ -7947,10 +7947,10 @@ CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote att CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a ...) NOT-FOR-US: MLDB.ai CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in ...) - - jbig2enc <unfixed> + - jbig2enc <unfixed> (bug #1059285) NOTE: https://github.com/agl/jbig2enc/issues/85 CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbi ...) - - jbig2enc <unfixed> + - jbig2enc <unfixed> (bug #1059284) NOTE: https://github.com/agl/jbig2enc/issues/84 CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a private ...) NOT-FOR-US: Couchbase Server @@ -9720,7 +9720,7 @@ CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1c CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...) NOT-FOR-US: Contec SolarView Compact CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ...) - - cacti <unfixed> + - cacti <unfixed> (bug #1059286) [bookworm] - cacti <no-dsa> (Revisit when more details are available) [bullseye] - cacti <no-dsa> (Revisit when more details are available) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet) @@ -17264,7 +17264,7 @@ CVE-2023-4802 (A reflected cross-site scripting vulnerability in the UpdateInsta CVE-2023-4801 (An improper certification validation vulnerability in the Insider Thre ...) NOT-FOR-US: Insider Threat Management (ITM) Server CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC starting ver ...) - - grpc <unfixed> + - grpc <unfixed> (bug #1059281) [bookworm] - grpc <no-dsa> (Minor issue) [bullseye] - grpc <no-dsa> (Minor issue) [buster] - grpc <no-dsa> (Minor issue) @@ -22254,7 +22254,7 @@ CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote attackers CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers ...) NOT-FOR-US: CSZCMS CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...) - - grpc <unfixed> + - grpc <unfixed> (bug #1059279) [bookworm] - grpc <no-dsa> (Minor issue) [bullseye] - grpc <no-dsa> (Minor issue) [buster] - grpc <postponed> (recheck when upstream patch is available/published) @@ -29978,7 +29978,7 @@ CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system fo CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Fuel CMS CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...) - - grpc <unfixed> + - grpc <unfixed> (bug #1059280) [bookworm] - grpc <no-dsa> (Minor issue) [bullseye] - grpc <no-dsa> (Minor issue) [buster] - grpc <postponed> (Minor issue; request smuggling; recheck whether fixed or introduced by #32309 when CVE description is updated) @@ -69170,56 +69170,56 @@ CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerabili CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for special ...) NOT-FOR-US: ChangingTec ServiSign CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) @@ -69262,7 +69262,7 @@ CVE-2022-44615 CVE-2022-44453 RESERVED CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) @@ -69275,14 +69275,14 @@ CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll R CVE-2022-43503 REJECTED CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) @@ -69369,7 +69369,7 @@ CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 al CVE-2022-41795 RESERVED CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) @@ -69413,7 +69413,7 @@ CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the CVE-2022-40973 RESERVED CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) @@ -79656,7 +79656,7 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09 CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...) - - openbabel <unfixed> + - openbabel <unfixed> (bug #1059277) [bookworm] - openbabel <no-dsa> (Minor issue) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) @@ -376859,7 +376859,7 @@ CVE-2018-11232 (The etm_setup_aux function in drivers/hwtracing/coresight/coresi CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers c ...) NOT-FOR-US: OpenCart plugin CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...) - - jbig2enc <unfixed> + - jbig2enc <unfixed> (bug #1059282) NOTE: https://github.com/agl/jbig2enc/issues/61 CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...) NOT-FOR-US: Crestron devices |