[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 28 13:06:07 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff3d392e by Moritz Muehlenhoff at 2024-06-28T14:05:37+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -224,7 +224,7 @@ CVE-2024-39154 (idccms v1.35 was discovered to contain a Cross-Site Request Forg
CVE-2024-39153 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attacker ...)
- - zziplib <unfixed>
+ - zziplib <unfixed> (bug #1074417)
NOTE: https://github.com/gdraheim/zziplib/issues/164
CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows ...)
NOT-FOR-US: DumpTS
@@ -405,12 +405,12 @@ CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allo
CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attack ...)
NOT-FOR-US: skycaiji
CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1074416)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/460
CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1074416)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/460
@@ -3064,12 +3064,12 @@ CVE-2024-6066 (A vulnerability classified as critical has been found in SourceCo
CVE-2024-6065 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)
NOT-FOR-US: itsourcecode Bakery Online Ordering System
CVE-2024-6064 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2874
NOTE: https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5
CVE-2024-6063 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2873
NOTE: https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5
@@ -3118,12 +3118,12 @@ CVE-2023-37058 (Insecure Permissions vulnerability in JLINK Unionman Technology
CVE-2023-37057 (An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allow ...)
NOT-FOR-US: JLINK
CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2872
NOTE: https://github.com/gpac/gpac/commit/31e499d310a48bd17c8b055a0bfe0fe35887a7cd
CVE-2024-6061 (A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-maste ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2871
NOTE: https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c
@@ -7418,19 +7418,19 @@ CVE-2024-5041 (The Happy Addons for Elementor plugin for WordPress is vulnerable
CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...)
- - libmodbus <unfixed>
+ - libmodbus <unfixed> (bug #1074422)
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/750
CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...)
- - libmodbus <unfixed>
+ - libmodbus <unfixed> (bug #1074422)
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/749
CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...)
- - libmodbus <unfixed>
+ - libmodbus <unfixed> (bug #1074422)
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue)
@@ -18751,7 +18751,7 @@ CVE-2023-51598 (Hancom Office Word DOC File Parsing Use-After-Free Remote Code E
CVE-2023-51597 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execu ...)
NOT-FOR-US: Kofax Power PDF
CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...)
- - bluez <unfixed>
+ - bluez <unfixed> (bug #1074419)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -67135,7 +67135,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
- tomcat9 9.0.70-2
- tomcat10 10.1.14-1
- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
- - grpc <unfixed>
+ - grpc <unfixed> (bug #1074419)
[bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <no-dsa> (Minor issue)
[buster] - grpc <no-dsa> (Minor issue)
@@ -101486,7 +101486,7 @@ CVE-2023-26795
CVE-2023-26794
RESERVED
CVE-2023-26793 (libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in re ...)
- - libmodbus <unfixed>
+ - libmodbus <unfixed> (bug #1074418)
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue, no patch)
@@ -276784,18 +276784,18 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223
NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh stl_fix_norm ...)
- - slic3r-prusa <unfixed>
+ - slic3r-prusa <unfixed> (bug #1074415)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222
CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...)
NOT-FOR-US: Epignosis EfrontPro
CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
- - slic3r-prusa <unfixed>
+ - slic3r-prusa <unfixed> (bug #1074415)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220
CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...)
- - slic3r-prusa <unfixed>
+ - slic3r-prusa <unfixed> (bug #1074415)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219
CVE-2020-28594 (A use-after-free vulnerability exists in the _3MF_Importer::_handle_en ...)
- - slic3r-prusa <unfixed>
+ - slic3r-prusa <unfixed> (bug #1074415)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218
CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...)
NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3d392eea38d18f6291f722c35445200ca1f8ba
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3d392eea38d18f6291f722c35445200ca1f8ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/f47db9fb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list