[Git][security-tracker-team/security-tracker][master] 7 commits: Add Debian bug reference for libmodbus issue
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 4 21:25:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
041621d6 by Salvatore Bonaccorso at 2022-10-04T22:20:01+02:00
Add Debian bug reference for libmodbus issue
- - - - -
5ce17ba5 by Salvatore Bonaccorso at 2022-10-04T22:20:03+02:00
Add Debian bug reference for CVE-2022-2447/keystone
- - - - -
43eab32f by Salvatore Bonaccorso at 2022-10-04T22:20:05+02:00
Add Debian bug reference for nomad issues
- - - - -
40a25e2a by Salvatore Bonaccorso at 2022-10-04T22:20:06+02:00
Add Debian bug reference for python-opcua issue
- - - - -
a44e3227 by Salvatore Bonaccorso at 2022-10-04T22:20:08+02:00
Add Debian bug reference for snort issues
- - - - -
4c13cc27 by Salvatore Bonaccorso at 2022-10-04T22:20:09+02:00
Add Debian bug reference for pngcheck issue
- - - - -
80541194 by Salvatore Bonaccorso at 2022-10-04T22:20:11+02:00
Add Debian bug reference for flask-security issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15927,7 +15927,7 @@ CVE-2022-2449
CVE-2022-2448
RESERVED
CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...)
- - keystone <unfixed>
+ - keystone <unfixed> (bug #1021272)
[bullseye] - keystone <no-dsa> (Minor issue)
[buster] - keystone <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419
@@ -44857,7 +44857,7 @@ CVE-2022-25345 (All versions of package @discordjs/opus are vulnerable to Denial
CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Service (Do ...)
NOT-FOR-US: justmoon/node-bignum
CVE-2022-25304 (All versions of package opcua; all versions of package asyncua are vul ...)
- - python-opcua <unfixed>
+ - python-opcua <unfixed> (bug #1021274)
[bullseye] - python-opcua <no-dsa> (Minor issue)
[buster] - python-opcua <no-dsa> (Minor issue)
NOTE: https://github.com/FreeOpcUa/python-opcua/issues/1466
@@ -48535,19 +48535,19 @@ CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.1
- consul <unfixed> (bug #1006487)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1021273)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1021273)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
NOTE: https://github.com/hashicorp/nomad/issues/12038
CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1021273)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
NOTE: https://github.com/hashicorp/nomad/issues/12039
NOTE: https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267 (v1.2.6)
CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1021273)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
NOT-FOR-US: Zimbra
@@ -51183,7 +51183,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
{DLA-3098-1}
- - libmodbus <unfixed>
+ - libmodbus <unfixed> (bug #1021270)
[bullseye] - libmodbus <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
NOTE: https://github.com/stephane/libmodbus/issues/614
@@ -67577,7 +67577,7 @@ CVE-2021-43417
CVE-2021-43416
RESERVED
CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1021273)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
NOTE: https://github.com/hashicorp/nomad/issues/11542
NOTE: https://github.com/hashicorp/nomad/pull/11554
@@ -78424,7 +78424,7 @@ CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort
CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...)
NOT-FOR-US: Cisco
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...)
NOT-FOR-US: Cisco
@@ -85736,7 +85736,7 @@ CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer all
- consul 1.8.7+dfsg1-6 (bug #1015218)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)
@@ -91654,7 +91654,7 @@ CVE-2021-34751
CVE-2021-34750
RESERVED
CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...)
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...)
NOT-FOR-US: Cisco
@@ -120508,7 +120508,7 @@ CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open R
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
NOT-FOR-US: Node dns-packet
CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...)
- - flask-security <unfixed>
+ - flask-security <unfixed> (bug #1021279)
[bullseye] - flask-security <no-dsa> (Minor issue)
[buster] - flask-security <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
@@ -130472,7 +130472,7 @@ CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch <
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)
CVE-2020-35511 (A global buffer overflow was discovered in pngcheck function in pngche ...)
- - pngcheck <unfixed>
+ - pngcheck <unfixed> (bug #1021278)
NOTE: http://www.libpng.org/pub/png/apps/pngcheck.html
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202662#c2
CVE-2020-35510 (A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redha ...)
@@ -136171,11 +136171,11 @@ CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
NOT-FOR-US: Cisco
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1494
RESERVED
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
NOT-FOR-US: Cisco
@@ -136726,10 +136726,10 @@ CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified C
CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...)
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2
CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...)
NOT-FOR-US: Cisco
@@ -203462,7 +203462,7 @@ CVE-2020-3317 (A vulnerability in the ssl_inspection component of Cisco Firepowe
CVE-2020-3316
RESERVED
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- - snort <unfixed>
+ - snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...)
NOT-FOR-US: Cisco
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/479032bcb3334a8cb1075ce685658c62865e8a02...8054119441f4e8b40ab7c407b28327b6c83a8509
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/479032bcb3334a8cb1075ce685658c62865e8a02...8054119441f4e8b40ab7c407b28327b6c83a8509
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221004/c9afa706/attachment.htm>
More information about the debian-security-tracker-commits
mailing list