[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 26 21:12:22 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ffe64ae by security tracker role at 2023-05-26T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-33780 (A stored cross-site scripting (XSS) vulnerability in TFDi Design smart ...)
+ TODO: check
+CVE-2023-33779 (A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows ...)
+ TODO: check
+CVE-2023-33720 (mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4 ...)
+ TODO: check
+CVE-2023-33440 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...)
+ TODO: check
+CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...)
+ TODO: check
+CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...)
+ TODO: check
+CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701. User-supplied input ...)
+ TODO: check
+CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...)
+ TODO: check
+CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the web. Cro ...)
+ TODO: check
+CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The django_ses librar ...)
+ TODO: check
+CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Bett ...)
+ TODO: check
+CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the session ...)
+ TODO: check
+CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...)
+ TODO: check
CVE-2023-2854
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
@@ -221,7 +247,7 @@ CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite datab
CVE-2023-32685 [Clipboard based cross-site scripting (blocked with default CSP)]
- kanboard <unfixed>
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
-CVE-2023-32681 [ Unintended leak of Proxy-Authorization header]
+CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...)
- requests <unfixed> (bug #1036693)
NOTE: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
NOTE: Fixed by: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 (v2.31.0)
@@ -364,21 +390,25 @@ CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vul
CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...)
NOT-FOR-US: cu/silicon
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37
CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac
CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
@@ -507,7 +537,7 @@ CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authe
NOT-FOR-US: WordPress plugin
CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-32323
+CVE-2023-32323 (Synapse is an open-source Matrix homeserver written and maintained by ...)
- matrix-synapse 1.74.0-1
NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
@@ -2025,12 +2055,12 @@ CVE-2023-31229
RESERVED
CVE-2023-31228
RESERVED
-CVE-2023-31227
- RESERVED
-CVE-2023-31226
- RESERVED
-CVE-2023-31225
- RESERVED
+CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...)
+ TODO: check
+CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper permission ...)
+ TODO: check
+CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...)
+ TODO: check
CVE-2023-31194
RESERVED
CVE-2023-27390
@@ -2075,26 +2105,26 @@ CVE-2023-2296
RESERVED
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...)
NOT-FOR-US: Dataprobe
-CVE-2022-48480
- RESERVED
-CVE-2022-48479
- RESERVED
-CVE-2022-48478
- RESERVED
-CVE-2021-46887
- RESERVED
-CVE-2021-46886
- RESERVED
-CVE-2021-46885
- RESERVED
-CVE-2021-46884
- RESERVED
-CVE-2021-46883
- RESERVED
-CVE-2021-46882
- RESERVED
-CVE-2021-46881
- RESERVED
+CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...)
+ TODO: check
+CVE-2022-48479 (The facial recognition TA of some products has the out-of-bounds memor ...)
+ TODO: check
+CVE-2022-48478 (The facial recognition TA of some products lacks memory length verific ...)
+ TODO: check
+CVE-2021-46887 (Lack of length check vulnerability in the HW_KEYMASTER module. Success ...)
+ TODO: check
+CVE-2021-46886 (The video framework has memory overwriting caused by addition overflow ...)
+ TODO: check
+CVE-2021-46885 (The video framework has memory overwriting caused by addition overflow ...)
+ TODO: check
+CVE-2021-46884 (The video framework has memory overwriting caused by addition overflow ...)
+ TODO: check
+CVE-2021-46883 (The video framework has memory overwriting caused by addition overflow ...)
+ TODO: check
+CVE-2021-46882 (The video framework has memory overwriting caused by addition overflow ...)
+ TODO: check
+CVE-2021-46881 (The video framework has memory overwriting caused by addition overflow ...)
+ TODO: check
CVE-2023-31224
RESERVED
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...)
@@ -2155,8 +2185,7 @@ CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the
- check-mk <removed>
CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <= 2.1. ...)
- check-mk <removed>
-CVE-2023-2283 [Authorization bypass in pki_verify_data_signature]
- RESERVED
+CVE-2023-2283 (A vulnerability was found in libssh, where the authentication check of ...)
{DSA-5409-1}
- libssh 0.10.5-1 (bug #1035832)
[buster] - libssh <not-affected> (Vulnerable code introduced later)
@@ -4350,7 +4379,8 @@ CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network pr
NOTE: https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7)
CVE-2023-2005
RESERVED
-CVE-2023-2004 (An integer overflow vulnerability was discovered in Freetype in tt_hva ...)
+CVE-2023-2004
+ REJECTED
- freetype 2.12.1+dfsg-5 (bug #1034612)
[bullseye] - freetype <postponed> (Minor issue)
[buster] - freetype <postponed> (Minor issue)
@@ -4358,8 +4388,7 @@ CVE-2023-2004 (An integer overflow vulnerability was discovered in Freetype in t
NOTE: https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611 (VER-2-13-0)
CVE-2023-2003
RESERVED
-CVE-2023-2002
- RESERVED
+CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...)
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
@@ -4572,8 +4601,7 @@ CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Managem
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1982
RESERVED
-CVE-2023-1981 [avahi-daemon can be crashed via DBus]
- RESERVED
+CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...)
{DLA-3414-1}
- avahi 0.8-10 (bug #1034594)
[bullseye] - avahi <no-dsa> (Minor issue)
@@ -5301,8 +5329,8 @@ CVE-2023-30147
RESERVED
CVE-2023-30146
RESERVED
-CVE-2023-30145
- RESERVED
+CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...)
+ TODO: check
CVE-2023-30144
RESERVED
CVE-2023-30143
@@ -8093,8 +8121,8 @@ CVE-2023-29100
RESERVED
CVE-2023-29099
RESERVED
-CVE-2023-29098
- RESERVED
+CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
+ TODO: check
CVE-2023-29097
RESERVED
CVE-2023-29096
@@ -8740,8 +8768,7 @@ CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP pack
NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1
NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1)
NOTE: https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6 (v2.15.8)
-CVE-2023-1667 [Potential NULL dereference during rekeying with algorithm guessing]
- RESERVED
+CVE-2023-1667 (A NULL pointer dereference was found In libssh during re-keying with a ...)
{DSA-5409-1}
- libssh 0.10.5-1 (bug #1035832)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-1667.txt
@@ -8828,8 +8855,7 @@ CVE-2023-28894
RESERVED
CVE-2023-28893
RESERVED
-CVE-2023-1664
- RESERVED
+CVE-2023-1664 (A flaw was found in Keycloak. This flaw depends on a non-default confi ...)
NOT-FOR-US: Keycloak
CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, ...)
NOT-FOR-US: Coverity
@@ -8853,6 +8879,7 @@ CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t
NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4
CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14
@@ -10273,6 +10300,7 @@ CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-bo
CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...)
NOT-FOR-US: Watchdog Anti-Virus
CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2386
@@ -10282,11 +10310,13 @@ CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified
CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...)
NOT-FOR-US: MP4v2
CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2387
NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9
CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2388
@@ -10584,8 +10614,8 @@ CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.3
NOT-FOR-US: SR-7100V
CVE-2023-28387
RESERVED
-CVE-2023-28382
- RESERVED
+CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...)
+ TODO: check
CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
NOT-FOR-US: Brother
CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...)
@@ -12479,7 +12509,7 @@ CVE-2023-27854
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...)
NOT-FOR-US: OpenHarmony
CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...)
- {DLA-3406-1}
+ {DSA-5413-1 DLA-3406-1}
- sniproxy 0.6.0-2.1 (bug #1033752)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731
NOTE: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 (0.6.1)
@@ -17634,8 +17664,8 @@ CVE-2023-25978
RESERVED
CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25976
- RESERVED
+CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
+ TODO: check
CVE-2023-25975
RESERVED
CVE-2023-25974
@@ -17644,8 +17674,8 @@ CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Aposto
NOT-FOR-US: WordPress plugin
CVE-2023-25972
RESERVED
-CVE-2023-25971
- RESERVED
+CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...)
+ TODO: check
CVE-2023-25970
RESERVED
CVE-2023-25969
@@ -17829,6 +17859,7 @@ CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versi
CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in ...)
NOT-FOR-US: OpenNMS
CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
@@ -18153,8 +18184,8 @@ CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25781
- RESERVED
+CVE-2023-25781 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seba ...)
+ TODO: check
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
NOT-FOR-US: OpenNMS
CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...)
@@ -18272,11 +18303,13 @@ CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.
CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f
CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
@@ -18844,6 +18877,7 @@ CVE-2023-25642
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
@@ -19459,14 +19493,14 @@ CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlo
NOT-FOR-US: WordPress plugin
CVE-2023-25471
RESERVED
-CVE-2023-25470
- RESERVED
+CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...)
+ TODO: check
CVE-2023-25469
RESERVED
CVE-2023-25468
RESERVED
-CVE-2023-25467
- RESERVED
+CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...)
+ TODO: check
CVE-2023-25466
RESERVED
CVE-2023-25465
@@ -20441,8 +20475,8 @@ CVE-2023-25060
RESERVED
CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in aval ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25058
- RESERVED
+CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...)
+ TODO: check
CVE-2023-25057
RESERVED
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...)
@@ -20481,16 +20515,16 @@ CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-25039
RESERVED
-CVE-2023-25038
- RESERVED
+CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...)
+ TODO: check
CVE-2023-25037
RESERVED
CVE-2023-25036
RESERVED
CVE-2023-25035
RESERVED
-CVE-2023-25034
- RESERVED
+CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...)
+ TODO: check
CVE-2023-25033
RESERVED
CVE-2023-25032
@@ -20499,8 +20533,8 @@ CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25030
RESERVED
-CVE-2023-25029
- RESERVED
+CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...)
+ TODO: check
CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
@@ -23485,10 +23519,10 @@ CVE-2023-24010
RESERVED
CVE-2023-24009
RESERVED
-CVE-2023-24008
- RESERVED
-CVE-2023-24007
- RESERVED
+CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...)
+ TODO: check
+CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...)
+ TODO: check
CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Softwa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
@@ -24394,8 +24428,8 @@ CVE-2023-23716
RESERVED
CVE-2023-23715
RESERVED
-CVE-2023-23714
- RESERVED
+CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...)
+ TODO: check
CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...)
@@ -26038,14 +26072,17 @@ CVE-2023-23147
CVE-2023-23146
RESERVED
CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f
CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86
CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6
@@ -26505,8 +26542,8 @@ CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in interfac
NOT-FOR-US: OpenEMR
CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...)
NOT-FOR-US: Hughes
-CVE-2023-22970
- RESERVED
+CVE-2023-22970 (Bottles before 51.0 mishandles YAML load, which allows remote code exe ...)
+ TODO: check
CVE-2023-22969
RESERVED
CVE-2023-22968
@@ -27345,10 +27382,10 @@ CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.
NOT-FOR-US: BlogEngine.NET
CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
NOT-FOR-US: BlogEngine.NET
-CVE-2023-0117
- RESERVED
-CVE-2023-0116
- RESERVED
+CVE-2023-0117 (The online authentication provided by the hwKitAssistant lacks strict ...)
+ TODO: check
+CVE-2023-0116 (The reminder module lacks an authentication mechanism for broadcasts r ...)
+ TODO: check
CVE-2023-0115
REJECTED
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...)
@@ -27858,8 +27895,8 @@ CVE-2023-22695
RESERVED
CVE-2023-22694
RESERVED
-CVE-2023-22693
- RESERVED
+CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...)
+ TODO: check
CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
@@ -30894,26 +30931,31 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h
NOTE: https://github.com/strukturag/libde265/issues/368
NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10)
CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2360
NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)
CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2359
NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)
CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2358
NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)
CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2357
NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)
CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2354
@@ -30925,6 +30967,7 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer ov
NOTE: https://github.com/gpac/gpac/issues/2356
NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0)
CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2355
@@ -33855,11 +33898,13 @@ CVE-2022-47097
CVE-2022-47096
RESERVED
CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2346
NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)
CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2345
@@ -33877,6 +33922,7 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer ove
NOTE: https://github.com/gpac/gpac/issues/2347
NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)
CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2343
@@ -33902,6 +33948,7 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in g
NOTE: https://github.com/gpac/gpac/issues/2339
NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2337
@@ -34199,8 +34246,8 @@ CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL
NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
NOT-FOR-US: Helmet Store Showroom Site
-CVE-2022-46945
- RESERVED
+CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read ...)
+ TODO: check
CVE-2022-46944
RESERVED
CVE-2022-46943
@@ -36456,6 +36503,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8)
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2333
@@ -39268,7 +39316,7 @@ CVE-2022-45377
RESERVED
CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...)
NOT-FOR-US: Wordpress plugin
-CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slid ...)
+CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45374
RESERVED
@@ -39329,6 +39377,7 @@ CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as d
CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2315
@@ -39453,6 +39502,7 @@ CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9
CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
@@ -39621,6 +39671,7 @@ CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain
CVE-2022-45203
RESERVED
CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
@@ -39847,6 +39898,7 @@ CVE-2022-3959 (A vulnerability, which was classified as problematic, has been fo
CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar exten ...)
NOT-FOR-US: BlueSpiceUserSidebar extension of BlueSpice
CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
NOTE: https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
NOTE: Negligible security impact
@@ -42446,11 +42498,10 @@ CVE-2023-20885
RESERVED
CVE-2023-20884
RESERVED
-CVE-2023-20883
- RESERVED
+CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...)
NOT-FOR-US: Spring Boot
-CVE-2023-20882
- RESERVED
+CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and prior to 0. ...)
+ TODO: check
CVE-2023-20881 (Cloud foundry instances having CAPI version between 1.140 and 1.152.0 ...)
TODO: check
CVE-2023-20880 (VMware Aria Operations contains a privilege escalation vulnerability. ...)
@@ -42477,8 +42528,7 @@ CVE-2023-20870 (VMware Workstation and Fusion contain an out-of-bounds read vuln
NOT-FOR-US: VMware
CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-bas ...)
NOT-FOR-US: VMware
-CVE-2023-20868
- RESERVED
+CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...)
NOT-FOR-US: VMware
CVE-2023-20867
RESERVED
@@ -47817,6 +47867,7 @@ CVE-2022-43257
CVE-2022-43256 (SeaCms before v12.6 was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: SeaCms
CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
NOTE: https://github.com/gpac/gpac/issues/2285
NOTE: https://github.com/gpac/gpac/commit/d82e1340d7fd5ceea205e0f173500102f3237eb4
@@ -54694,6 +54745,7 @@ CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse
CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
+ {DSA-5411-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
@@ -57980,8 +58032,7 @@ CVE-2022-39375 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-fxcx-93fq-8r9g
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-39374
- RESERVED
+CVE-2022-39374 (Synapse is an open-source Matrix homeserver written and maintained by ...)
- matrix-synapse 1.68.0-1
NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7
@@ -58085,8 +58136,7 @@ CVE-2022-39337
RESERVED
CVE-2022-39336
RESERVED
-CVE-2022-39335
- RESERVED
+CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintained by ...)
- matrix-synapse 1.69.0-1
NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
@@ -60551,6 +60601,7 @@ CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discov
CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
NOT-FOR-US: FPT router
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1019595)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2216
@@ -67013,11 +67064,13 @@ CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote atta
CVE-2022-36192
RESERVED
CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1019595)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2218
NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1019595)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2220
@@ -67185,6 +67238,7 @@ CVE-2022-36128
CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The ...)
NOT-FOR-US: Apache SkyWalking
CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1015788)
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
@@ -81439,6 +81493,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979.)
NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1016443)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -85745,6 +85800,7 @@ CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escala
CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...)
NOT-FOR-US: Dingtian
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1016443)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -85938,6 +85994,7 @@ CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command
CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
NOT-FOR-US: RESI Gemini-Net
CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1016443)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -88640,6 +88697,7 @@ CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior
CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prior to ...)
- phpipam <itp> (bug #731713)
CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1016443)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -92572,6 +92630,7 @@ CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that imag
CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1016443)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -93140,6 +93199,7 @@ CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to
NOTE: https://github.com/gpac/gpac/issues/2067
NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0)
CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -93153,6 +93213,7 @@ CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overf
NOTE: https://github.com/gpac/gpac/issues/2120
NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0)
CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -93568,6 +93629,7 @@ CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN an
CVE-2022-26968
RESERVED
CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1007224)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -100670,12 +100732,14 @@ CVE-2022-24580
CVE-2022-24579
RESERVED
CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/
NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0)
CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -100698,6 +100762,7 @@ CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through
NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/
NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0)
CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -109111,6 +109176,7 @@ CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to
NOTE: https://github.com/WebAssembly/binaryen/issues/4411
NOTE: Crash in CLI tool, no security impact
CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -109121,6 +109187,7 @@ CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the pr
NOTE: https://github.com/WebAssembly/binaryen/issues/4391
NOTE: Crash in CLI tool, no security impact
CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -109131,60 +109198,70 @@ CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to
NOTE: https://github.com/WebAssembly/binaryen/issues/4412
NOTE: Crash in CLI tool, no security impact
CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2008
NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0)
CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2005
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2007
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2006
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2001
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2002
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2004
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2003
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1999
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -110106,6 +110183,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.
NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8
NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -110247,6 +110325,7 @@ CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src
CVE-2021-45768
RESERVED
CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -110257,18 +110336,21 @@ CVE-2021-45766
CVE-2021-45765
RESERVED
CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1971
NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0)
CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1974
NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0)
CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -110277,6 +110359,7 @@ CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address
CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...)
NOT-FOR-US: ROPium
CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -111915,6 +111998,7 @@ CVE-2021-45299
CVE-2021-45298
RESERVED
CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -111933,12 +112017,14 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to
NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104)
NOTE: Crash in CLI tool, no security impact
CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1958
NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0)
CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -112005,6 +112091,7 @@ CVE-2021-45269
CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...)
- backdrop <itp> (bug #914257)
CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -112022,12 +112109,14 @@ CVE-2021-45265
CVE-2021-45264
RESERVED
CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1975
NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0)
CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -114895,6 +114984,7 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie
- openssl <not-affected> (Vulnerable code not present)
NOTE: https://www.openssl.org/news/secadv/20211214.txt
CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
@@ -126883,6 +126973,7 @@ CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/co
CVE-2021-41460 (ECShop 4.1.0 has SQL injection vulnerability, which can be exploited b ...)
NOT-FOR-US: ECShop
CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -126895,12 +126986,14 @@ CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/u
NOTE: https://github.com/gpac/gpac/issues/1910
NOTE: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0)
CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/1909
NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 (v2.0.0)
CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -128191,6 +128284,7 @@ CVE-2021-40946
CVE-2021-40945
RESERVED
CVE-2021-40944 (In GPAC MP4Box 1.1.0, there is a Null pointer reference in the functio ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/1906
@@ -129019,11 +129113,13 @@ CVE-2021-40611
CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...)
NOT-FOR-US: emlog
CVE-2021-40609 (The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a d ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/1894
NOTE: https://github.com/gpac/gpac/commit/86c1566f040b2b84c72afcb6cbd444c5aff56cfe (v2.0.0)
CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers t ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/1883
@@ -129034,6 +129130,7 @@ CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cau
NOTE: https://github.com/gpac/gpac/issues/1879
NOTE: https://github.com/gpac/gpac/commit/f19668964bf422cf5a63e4dbe1d3c6c75edadcbb (v2.0.0)
CVE-2021-40606 (The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/1885
@@ -129065,6 +129162,7 @@ CVE-2021-40594
CVE-2021-40593
RESERVED
CVE-2021-40592 (GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (v ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -129103,18 +129201,21 @@ CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability wa
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1904
NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec (v2.0.0)
CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1905
NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0)
CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -129127,66 +129228,77 @@ CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability
NOTE: https://github.com/gpac/gpac/issues/1891
NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0)
CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1893
NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 (v2.0.0)
CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1895
NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 (v2.0.0)
CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1899
NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 (v2.0.0)
CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1890
NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0)
CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1900
NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 (v2.0.0)
CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1889
NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0)
CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1887
NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 (v2.0.0)
CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1902
NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b (v2.0.0)
CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1898
NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 (v2.0.0)
CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1892
NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 (v2.0.0)
CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -129197,6 +129309,7 @@ CVE-2021-40561
CVE-2021-40560
RESERVED
CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -139646,6 +139759,7 @@ CVE-2021-36419
CVE-2021-36418
RESERVED
CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -139656,6 +139770,7 @@ CVE-2021-36416
CVE-2021-36415
RESERVED
CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -139664,6 +139779,7 @@ CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in G
CVE-2021-36413
RESERVED
CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -147130,6 +147246,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attack
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/
CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -147137,11 +147254,13 @@ CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in
NOTE: https://github.com/gpac/gpac/issues/1785
NOTE: Negligible security impact
CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5
NOTE: https://github.com/gpac/gpac/issues/1784
NOTE: Negligible security impact
CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -147149,6 +147268,7 @@ CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC
NOTE: https://github.com/gpac/gpac/issues/1783
NOTE: Negligible security impact
CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -147167,6 +147287,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i
NOTE: https://github.com/gpac/gpac/issues/1780
NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ {DSA-5411-1}
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -176279,6 +176400,7 @@ CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist with
NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-5411-1}
- gpac 1.0.1+dfsg1-5
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
@@ -177608,6 +177730,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2 (bug #987374; bug #990691)
[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ffe64ae8add106b39b7ae1b6d4e97e1ead9c722
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ffe64ae8add106b39b7ae1b6d4e97e1ead9c722
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230526/ae5138d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list