[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 22 09:12:10 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32dbd07b by security tracker role at 2023-05-22T08:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-33297 (Bitcoin Core before 24.1, when debug mode is not used, allows attacker ...)
+ TODO: check
+CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-after- ...)
+ TODO: check
+CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, an ...)
+ TODO: check
+CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same ...)
+ TODO: check
+CVE-2023-33264 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...)
+ TODO: check
+CVE-2023-33254 (There is an LDAP bind credentials exposure on KACE Systems Deployment ...)
+ TODO: check
+CVE-2023-33252 (iden3 snarkjs through 0.6.11 allows double spending because there is n ...)
+ TODO: check
+CVE-2023-33251 (When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDi ...)
+ TODO: check
+CVE-2023-33250 (The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in ...)
+ TODO: check
+CVE-2023-33236 (MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerabi ...)
+ TODO: check
+CVE-2023-33235 (MXsecurity version 1.0 is vulnearble to command injection vulnerabilit ...)
+ TODO: check
+CVE-2023-32336 (IBM InfoSphere Information Server 11.7 is affected by a remote code ex ...)
+ TODO: check
+CVE-2020-36694 (An issue was discovered in netfilter in the Linux kernel before 5.10. ...)
+ TODO: check
CVE-2023-31454
NOT-FOR-US: Apache InLong
CVE-2023-31453
@@ -120,7 +146,7 @@ CVE-2023-2780 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow
NOT-FOR-US: mlflow
CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress
-CVE-2019-25137 (Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated admin ...)
+CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Exe ...)
NOT-FOR-US: Umbraco CMS
CVE-2023-32763
- qt6-base <unfixed>
@@ -20624,7 +20650,7 @@ CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.
CVE-2023-24806
REJECTED
CVE-2023-24805 (cups-filters contains backends, filters, and other software required t ...)
- {DSA-5407-1}
+ {DSA-5407-1 DLA-3430-1}
- cups-filters 1.28.17-3 (bug #1036224)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/17/5
NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x
@@ -76210,6 +76236,7 @@ CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been de
CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...)
NOT-FOR-US: DrayTek Vigor router
CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
+ {DLA-3429-1}
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -76219,6 +76246,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...)
+ {DLA-3429-1}
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -76228,6 +76256,7 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23 (7.1.0-29)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44)
CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...)
+ {DLA-3429-1}
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -88400,7 +88429,7 @@ CVE-2022-28465
CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which ...)
NOT-FOR-US: Apifox
CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.)
- {DLA-3007-1}
+ {DLA-3429-1 DLA-3007-1}
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f
@@ -112613,8 +112642,8 @@ CVE-2021-4109
RESERVED
CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-0010
- RESERVED
+CVE-2022-0010 (Insertion of Sensitive Information into Log File vulnerability in ABB ...)
+ TODO: check
CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...)
NOT-FOR-US: spatie/laravel-medialibrary
CVE-2021-45039
@@ -132090,6 +132119,7 @@ CVE-2021-39213 (GLPI is a free Asset and IT management software package. Startin
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
NOTE: Only supported behind an authenticated HTTP zone
CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
+ {DLA-3429-1}
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -181003,14 +181033,14 @@ CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when proc
NOTE: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
NOTE: https://www.openwall.com/lists/oss-security/2021/08/11/6
CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...)
- {DLA-2672-1}
+ {DLA-3429-1 DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...)
- {DLA-2672-1}
+ {DLA-3429-1 DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181024,7 +181054,7 @@ CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5
CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...)
- {DLA-2672-1}
+ {DLA-3429-1 DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181317,7 +181347,7 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations
[buster] - isync 1.3.0-2.2~deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...)
- {DLA-2602-1}
+ {DLA-3429-1 DLA-2602-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181325,7 +181355,7 @@ CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An att
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...)
- {DLA-2672-1}
+ {DLA-3429-1 DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181333,7 +181363,7 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
- {DLA-2602-1}
+ {DLA-3429-1 DLA-2602-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181341,7 +181371,7 @@ CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c.
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02
CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
- {DLA-2672-1}
+ {DLA-3429-1 DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181351,7 +181381,7 @@ CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac
CVE-2021-20242
REJECTED
CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
- {DLA-2602-1}
+ {DLA-3429-1 DLA-2602-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -181692,7 +181722,7 @@ CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1
CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...)
- {DLA-2602-1}
+ {DLA-3429-1 DLA-2602-1}
- imagemagick 8:6.9.11.57+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32dbd07b12241abbf3a2c4e07b65a87bedf49922
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32dbd07b12241abbf3a2c4e07b65a87bedf49922
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/c7ca4a43/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list