[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 30 09:12:13 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35f72d4f by security tracker role at 2024-09-30T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2024-9329 (In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter c ...)
+ TODO: check
+CVE-2024-9328 (A vulnerability was found in SourceCodester Advocate Office Management ...)
+ TODO: check
+CVE-2024-8536 (The Ultimate Blocks WordPress plugin before 3.2.2 does not validate a ...)
+ TODO: check
+CVE-2024-8459 (Certain switch models from PLANET Technology store SNMPv3 users' passw ...)
+ TODO: check
+CVE-2024-8458 (Certain switch models from PLANET Technology have a web application th ...)
+ TODO: check
+CVE-2024-8457 (Certain switch models from PLANET Technology have a web application th ...)
+ TODO: check
+CVE-2024-8456 (Certain switch models from PLANET Technology lack proper access contro ...)
+ TODO: check
+CVE-2024-8455 (The swctrl service is used to detect and remotely manage PLANET Techno ...)
+ TODO: check
+CVE-2024-8454 (The swctrl service is used to detect and remotely manage PLANET Techno ...)
+ TODO: check
+CVE-2024-8453 (Certain switch models from PLANET Technology use an insecure hashing f ...)
+ TODO: check
+CVE-2024-8452 (Certain switch models from PLANET Technology only support obsolete alg ...)
+ TODO: check
+CVE-2024-8451 (Certain switch models from PLANET Technology have an SSH service that ...)
+ TODO: check
+CVE-2024-8450 (Certain switch models from PLANET Technology have a Hard-coded communi ...)
+ TODO: check
+CVE-2024-8449 (Certain switch models from PLANET Technology have a Hard-coded Credent ...)
+ TODO: check
+CVE-2024-8448 (Certain switch models from PLANET Technology have a hard-coded credent ...)
+ TODO: check
+CVE-2024-8379 (The Cost Calculator Builder WordPress plugin before 3.2.29 does not pr ...)
+ TODO: check
+CVE-2024-8283 (The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise ...)
+ TODO: check
+CVE-2024-8239 (The Starbox WordPress plugin before 3.5.3 does not properly render so ...)
+ TODO: check
+CVE-2024-45200 (In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multip ...)
+ TODO: check
+CVE-2024-42496 (Smart-tab Android app installed April 2023 or earlier contains an issu ...)
+ TODO: check
+CVE-2024-41999 (Smart-tab Android app installed April 2023 or earlier contains an acti ...)
+ TODO: check
+CVE-2024-3635 (The Post Grid WordPress plugin before 7.5.0 does not sanitise and esc ...)
+ TODO: check
CVE-2024-9327 (A vulnerability was found in code-projects Blood Bank System 1.0. It h ...)
NOT-FOR-US: code-projects Blood Bank System
CVE-2024-45772
@@ -701,7 +745,7 @@ CVE-2024-47177 (CUPS is a standards-based, open-source printing system, and cups
NOTE: This CVE is likely not going to be fixed on its own. With fixes for CVE-2024-47076,
NOTE: CVE-2024-47175 and CVE-2024-47176, the impact of this CVE is mitigated as well.
CVE-2024-47175 (CUPS is a standards-based, open-source printing system, and `libppd` c ...)
- {DSA-5779-1}
+ {DSA-5779-1 DLA-3904-1}
- cups 2.4.10-2
- libppd <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
@@ -715,14 +759,14 @@ CVE-2024-47175 (CUPS is a standards-based, open-source printing system, and `lib
NOTE: https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
NOTE: https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b
CVE-2024-47076 (CUPS is a standards-based, open-source printing system, and `libcupsfi ...)
- {DSA-5778-1}
+ {DSA-5778-1 DLA-3905-1}
- libcupsfilters 2.0.0-3 (bug #1082821)
- cups-filters 1.28.17-5 (bug #1082827)
NOTE: https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
NOTE: Fixed by: https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
CVE-2024-47176 (CUPS is a standards-based, open-source printing system, and `cups-brow ...)
- {DSA-5778-1}
+ {DSA-5778-1 DLA-3905-1}
- cups-filters 1.28.17-5 (bug #1082820)
NOTE: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
@@ -3792,6 +3836,7 @@ CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It
CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...)
- mongodb <removed>
CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...)
+ {DLA-3906-1}
- wireshark 4.2.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
@@ -6257,6 +6302,7 @@ CVE-2021-4442 (In the Linux kernel, the following vulnerability has been resolve
- linux 5.10.24-1
NOTE: https://git.kernel.org/linus/8811f4a9836e31c14ecdf79d9f3cb7c5d463265d (5.12-rc3)
CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.1 ...)
+ {DLA-3906-1}
- wireshark 4.4.0-1 (bug #1080298)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-11.html
@@ -36906,6 +36952,7 @@ CVE-2024-4855 (Use after free issue in editcap could cause denial of service via
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19783
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19784
CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...)
+ {DLA-3906-1}
- wireshark 4.2.5-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <postponed> (can be piggyback'd with the next update)
@@ -36915,6 +36962,7 @@ CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/15499
NOTE: Zigbee TLV dissector introduced in 4.2
CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...)
+ {DLA-3906-1}
- wireshark 4.2.5-1 (unimportant)
NOTE: Crash in CLI tool, no security impact
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-08.html
@@ -53628,6 +53676,7 @@ CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...)
+ {DLA-3906-1}
- wireshark 4.2.4-1 (bug #1068111)
[bookworm] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <postponed> (Minor issue; can be fixed in next update)
@@ -73197,6 +73246,7 @@ CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versi
CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...)
NOT-FOR-US: OTCLient
CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...)
+ {DLA-3906-1}
- wireshark 4.2.2-1 (bug #1059925)
[bookworm] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -73210,6 +73260,7 @@ CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of se
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-04.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19504
CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...)
+ {DLA-3906-1}
- wireshark 4.2.2-1 (bug #1059925)
[bookworm] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -73218,7 +73269,7 @@ CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11,
NOTE: The bug references two crashes, this is for the one labelled "BUG log 2",
NOTE: the more severe "Bug log 1" only affected unreleased versions
CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...)
- {DLA-3746-1}
+ {DLA-3906-1 DLA-3746-1}
- wireshark 4.2.2-1 (bug #1059925)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-01.html
@@ -81452,7 +81503,7 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2)
CVE-2023-6175 (NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to ...)
- {DSA-5559-1 DLA-3746-1}
+ {DSA-5559-1 DLA-3906-1 DLA-3746-1}
- wireshark 4.0.11-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404
@@ -95320,7 +95371,7 @@ CVE-2023-36741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...)
NOT-FOR-US: TechView LA-5570 Wireless Gateway
CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...)
- {DSA-5559-1}
+ {DSA-5559-1 DLA-3906-1}
- wireshark 4.0.8-1
[buster] - wireshark <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-26.html
@@ -95612,18 +95663,18 @@ CVE-2023-XXXX [tryton-server lack of record validation]
[buster] - tryton-server 5.0.4-2+deb10u2
NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428
CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...)
- {DSA-5559-1 DLA-3746-1}
+ {DSA-5559-1 DLA-3906-1 DLA-3746-1}
- wireshark 4.0.8-1
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html
CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...)
- {DSA-5559-1}
+ {DSA-5559-1 DLA-3906-1}
- wireshark 4.0.8-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html
CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...)
- {DSA-5559-1 DLA-3746-1}
+ {DSA-5559-1 DLA-3906-1 DLA-3746-1}
- wireshark 4.0.8-1
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html
@@ -100825,13 +100876,13 @@ CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug t
CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
- froxlor <itp> (bug #581792)
CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
- {DSA-5559-1}
+ {DSA-5559-1 DLA-3906-1}
- wireshark 4.0.7-1 (bug #1041101)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164
CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 ...)
- {DSA-5559-1}
+ {DSA-5559-1 DLA-3906-1}
- wireshark 4.0.7-1 (bug #1041101)
[buster] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html
@@ -106425,7 +106476,7 @@ CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...)
NOT-FOR-US: Wordapp plugin for WordPress
CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
- {DSA-5429-1 DLA-3443-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-20.html
@@ -106841,19 +106892,19 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084
NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0)
CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...)
- {DSA-5429-1 DLA-3443-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
- {DSA-5429-1 DLA-3443-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...)
- {DSA-5429-1 DLA-3443-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html
@@ -106868,7 +106919,7 @@ CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19063
NOTE: Introduced after: https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862 (v3.5.0)
CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...)
- {DSA-5429-1}
+ {DSA-5429-1 DLA-3906-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[buster] - wireshark <not-affected> (Candump support added in 3.2)
@@ -111565,19 +111616,19 @@ CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations
CVE-2023-1995 (Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Serv ...)
NOT-FOR-US: Hitachi
CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...)
- {DSA-5429-1 DLA-3402-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...)
- {DSA-5429-1 DLA-3402-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...)
- {DSA-5429-1 DLA-3402-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852
@@ -120931,7 +120982,7 @@ CVE-2023-1163 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in
CVE-2023-1162 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...)
- {DSA-5429-1 DLA-3402-1}
+ {DSA-5429-1 DLA-3906-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1033756)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html
@@ -127875,7 +127926,7 @@ CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an
CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...)
NOT-FOR-US: Fortra GoAnywhere MFT
CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...)
- {DSA-5429-1}
+ {DSA-5429-1 DLA-3906-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.2)
@@ -127883,13 +127934,13 @@ CVE-2023-0668 (Due to failure in validating the length provided by an attacker-c
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19087
NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/254502d765d11f1d97b15bc1c3ff06d38e049ef2 (v3.1.1)
CVE-2023-0667 (Due to failure in validating the length provided by an attacker-crafte ...)
- {DSA-5429-1}
+ {DSA-5429-1 DLA-3906-1}
- wireshark 4.0.6-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://takeonme.org/cves/CVE-2023-0667.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19086
CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...)
- {DSA-5429-1}
+ {DSA-5429-1 DLA-3906-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.4)
@@ -131132,23 +131183,24 @@ CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5
CVE-2022-48280
RESERVED
CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...)
- {DLA-3313-1}
+ {DLA-3906-1 DLA-3313-1}
- wireshark 4.0.3-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770
CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...)
- {DLA-3313-1}
+ {DLA-3906-1 DLA-3313-1}
- wireshark 4.0.3-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737
CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
- {DLA-3313-1}
+ {DLA-3906-1 DLA-3313-1}
- wireshark 4.0.3-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18796
CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...)
+ {DLA-3906-1}
- wireshark 4.0.3-1
[buster] - wireshark <not-affected> (Vulnerable code introduced later)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-04.html
@@ -131156,12 +131208,12 @@ CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/9322
NOTE: Vulnerable dissector introduced with https://gitlab.com/wireshark/wireshark/-/commit/a87e56aa79f62ba8967e63da9d408e464596cd85 (first released with version 3.0.0)
CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
- {DLA-3313-1}
+ {DLA-3906-1 DLA-3313-1}
- wireshark 4.0.3-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766
CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...)
- {DLA-3313-1}
+ {DLA-3906-1 DLA-3313-1}
- wireshark 4.0.3-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18628
@@ -142262,13 +142314,14 @@ CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes
CVE-2021-4243
REJECTED
CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...)
- {DLA-3313-1}
+ {DLA-3906-1 DLA-3313-1}
- wireshark 4.0.2-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8991
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8986
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f
CVE-2022-4344 (Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 t ...)
+ {DLA-3906-1}
- wireshark 4.0.2-1
[buster] - wireshark <not-affected> (vulernable loop in code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-10.html
@@ -163405,6 +163458,7 @@ CVE-2022-3192 (Improper Input Validation vulnerability in ABB AC500 V2 PM5xx all
CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
NOT-FOR-US: Hitachi
CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...)
+ {DLA-3906-1}
- wireshark 3.6.8-1
[buster] - wireshark <not-affected> (vulernable code not present, poc does not trigger)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307
@@ -207837,13 +207891,13 @@ CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a rem
CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...)
NOT-FOR-US: JQueryForm.com
CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049
@@ -207861,19 +207915,19 @@ CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to
CVE-2022-0584
RESERVED
CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
@@ -218409,6 +218463,7 @@ CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-202
CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.)
NOT-FOR-US: Studio 42 elFinder
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
+ {DLA-3906-1}
- wireshark 3.6.2-1
[buster] - wireshark <not-affected> (The vulnerable code is not present)
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
@@ -218670,19 +218725,20 @@ CVE-2021-45886 (An issue was discovered in PONTON X/P Messenger before 3.11.2. A
CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
+ {DLA-3906-1}
- wireshark 3.6.0-1
[buster] - wireshark <not-affected> (The vulnerable code is not present)
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
@@ -218695,13 +218751,14 @@ CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
+ {DLA-3906-1}
- wireshark 3.6.2-1
[buster] - wireshark <not-affected> (The vulnerable code is not present)
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
- {DLA-2967-1}
+ {DLA-3906-1 DLA-2967-1}
- wireshark 3.6.2-1
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f72d4f83e66aef1b1a12df9b49b8bcb8c175fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f72d4f83e66aef1b1a12df9b49b8bcb8c175fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240930/ba3cd5c0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list