[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 27 20:10:39 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0245ecc0 by security tracker role at 2022-12-27T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2023-22417
+	RESERVED
+CVE-2023-22416
+	RESERVED
+CVE-2023-22415
+	RESERVED
+CVE-2023-22414
+	RESERVED
+CVE-2023-22413
+	RESERVED
+CVE-2023-22412
+	RESERVED
+CVE-2023-22411
+	RESERVED
+CVE-2023-22410
+	RESERVED
+CVE-2023-22409
+	RESERVED
+CVE-2023-22408
+	RESERVED
+CVE-2023-22407
+	RESERVED
+CVE-2023-22406
+	RESERVED
+CVE-2023-22405
+	RESERVED
+CVE-2023-22404
+	RESERVED
+CVE-2023-22403
+	RESERVED
+CVE-2023-22402
+	RESERVED
+CVE-2023-22401
+	RESERVED
+CVE-2023-22400
+	RESERVED
+CVE-2023-22399
+	RESERVED
+CVE-2023-22398
+	RESERVED
+CVE-2023-22397
+	RESERVED
+CVE-2023-22396
+	RESERVED
+CVE-2023-22395
+	RESERVED
+CVE-2023-22394
+	RESERVED
+CVE-2023-22393
+	RESERVED
+CVE-2023-22392
+	RESERVED
+CVE-2023-22391
+	RESERVED
+CVE-2023-22366
+	RESERVED
+CVE-2023-22357
+	RESERVED
+CVE-2023-22317
+	RESERVED
+CVE-2023-22314
+	RESERVED
+CVE-2023-22277
+	RESERVED
+CVE-2023-0026
+	RESERVED
+CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected XSS via  ...)
+	TODO: check
+CVE-2022-47967
+	RESERVED
+CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to 0.9.1. ...)
+	TODO: check
+CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. I ...)
+	TODO: check
+CVE-2022-4765
+	RESERVED
+CVE-2022-4764
+	RESERVED
+CVE-2022-4763
+	RESERVED
+CVE-2022-4762
+	RESERVED
+CVE-2022-4761
+	RESERVED
+CVE-2022-4760
+	RESERVED
+CVE-2022-4759
+	RESERVED
+CVE-2022-4758
+	RESERVED
+CVE-2022-4757
+	RESERVED
+CVE-2022-4756
+	RESERVED
+CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic.  ...)
+	TODO: check
+CVE-2022-4754
+	RESERVED
+CVE-2022-4753
+	RESERVED
+CVE-2022-4752
+	RESERVED
+CVE-2022-4751
+	RESERVED
+CVE-2022-4750
+	RESERVED
+CVE-2022-4749
+	RESERVED
+CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
+	TODO: check
+CVE-2022-4747
+	RESERVED
+CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...)
+	TODO: check
+CVE-2021-4288 (A vulnerability was found in OpenMRS openmrs-module-referenceapplicati ...)
+	TODO: check
+CVE-2021-4287 (A vulnerability, which was classified as problematic, was found in ReF ...)
+	TODO: check
+CVE-2021-4286 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2021-4285 (A vulnerability classified as problematic was found in Nagios NCPA. Th ...)
+	TODO: check
+CVE-2021-4284 (A vulnerability classified as problematic has been found in OpenMRS HT ...)
+	TODO: check
+CVE-2021-4283 (A vulnerability was found in FreeBPX voicemail. It has been rated as p ...)
+	TODO: check
+CVE-2021-4282 (A vulnerability was found in FreePBX voicemail. It has been declared a ...)
+	TODO: check
+CVE-2020-36634 (A vulnerability classified as problematic has been found in Indeed Eng ...)
+	TODO: check
+CVE-2020-36633 (A vulnerability was found in moodle-block_sitenews 1.0. It has been cl ...)
+	TODO: check
+CVE-2019-25090 (A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and cla ...)
+	TODO: check
+CVE-2019-25089 (A vulnerability has been found in Morgawr Muon 0.1.1 and classified as ...)
+	TODO: check
+CVE-2019-25088 (A vulnerability was found in ytti Oxidized Web. It has been classified ...)
+	TODO: check
+CVE-2019-25087 (A vulnerability was found in RamseyK httpserver. It has been rated as  ...)
+	TODO: check
+CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It  ...)
+	TODO: check
+CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated as pro ...)
+	TODO: check
+CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...)
+	TODO: check
 CVE-2022-47966
 	RESERVED
 CVE-2022-4746
@@ -1182,9 +1328,9 @@ CVE-2022-4617 (Cross-site Scripting (XSS) - Reflected in GitHub repository micro
 	NOT-FOR-US: microweber
 CVE-2022-47579
 	RESERVED
-CVE-2022-47578 (An issue was discovered in the endpoint protection agent in Zoho Manag ...)
+CVE-2022-47578 (** DISPUTED ** An issue was discovered in the endpoint protection agen ...)
 	NOT-FOR-US: Zoho
-CVE-2022-47577 (An issue was discovered in the endpoint protection agent in Zoho Manag ...)
+CVE-2022-47577 (** DISPUTED ** An issue was discovered in the endpoint protection agen ...)
 	NOT-FOR-US: Zoho
 CVE-2022-4616
 	RESERVED
@@ -8729,30 +8875,30 @@ CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint an
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7
 CVE-2022-45435
 	RESERVED
-CVE-2022-45434
-	RESERVED
-CVE-2022-45433
-	RESERVED
-CVE-2022-45432
-	RESERVED
-CVE-2022-45431
-	RESERVED
-CVE-2022-45430
-	RESERVED
-CVE-2022-45429
-	RESERVED
-CVE-2022-45428
-	RESERVED
-CVE-2022-45427
-	RESERVED
-CVE-2022-45426
-	RESERVED
-CVE-2022-45425
-	RESERVED
-CVE-2022-45424
-	RESERVED
-CVE-2022-45423
-	RESERVED
+CVE-2022-45434 (Some Dahua software products have a vulnerability of unauthenticated u ...)
+	TODO: check
+CVE-2022-45433 (Some Dahua software products have a vulnerability of unauthenticated t ...)
+	TODO: check
+CVE-2022-45432 (Some Dahua software products have a vulnerability of unauthenticated s ...)
+	TODO: check
+CVE-2022-45431 (Some Dahua software products have a vulnerability of unauthenticated r ...)
+	TODO: check
+CVE-2022-45430 (Some Dahua software products have a vulnerability of unauthenticated e ...)
+	TODO: check
+CVE-2022-45429 (Some Dahua software products have a vulnerability of server-side reque ...)
+	TODO: check
+CVE-2022-45428 (Some Dahua software products have a vulnerability of sensitive informa ...)
+	TODO: check
+CVE-2022-45427 (Some Dahua software products have a vulnerability of unrestricted uplo ...)
+	TODO: check
+CVE-2022-45426 (Some Dahua software products have a vulnerability of unrestricted down ...)
+	TODO: check
+CVE-2022-45425 (Some Dahua software products have a vulnerability of using of hard-cod ...)
+	TODO: check
+CVE-2022-45424 (Some Dahua software products have a vulnerability of unauthenticated r ...)
+	TODO: check
+CVE-2022-45423 (Some Dahua software products have a vulnerability of unauthenticated r ...)
+	TODO: check
 CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is possibl ...)
 	NOT-FOR-US: LG
 CVE-2022-45122 (Cross-site scripting vulnerability in Movable Type Movable Type 7 r.53 ...)
@@ -23793,7 +23939,7 @@ CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier
 	TODO: check
 CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1  ...)
 	TODO: check
-CVE-2022-40897 (An issue discovered in Python Packaging Authority (PyPA) setuptools 65 ...)
+CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remo ...)
 	TODO: check
 CVE-2022-40896
 	RESERVED
@@ -25551,8 +25697,8 @@ CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10,
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...)
 	NOT-FOR-US: Rockwell
-CVE-2022-3156
-	RESERVED
+CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell Automation St ...)
+	TODO: check
 CVE-2022-40175
 	RESERVED
 CVE-2022-40174
@@ -26492,7 +26638,7 @@ CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rt
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
-CVE-2022-3109 (An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in ...)
+CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame  ...)
 	- ffmpeg 7:5.1-1
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
@@ -98629,7 +98775,7 @@ CVE-2021-40405 (A denial of service vulnerability exists in the cgiserver.cgi Up
 CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
 	NOT-FOR-US: Reolink
 CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
-	{DLA-3210-1}
+	{DSA-5306-1 DLA-3210-1}
 	- gerbv 2.9.2-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
 	NOTE: https://github.com/gerbv/gerbv/issues/82
@@ -98640,7 +98786,7 @@ CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X apertu
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
 	NOTE: Crash in GUI tool, no security impact
 CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
-	{DLA-3210-1}
+	{DSA-5306-1 DLA-3210-1}
 	- gerbv 2.9.2-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
 	NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 (v2.9.0-rc.1)
@@ -98663,6 +98809,7 @@ CVE-2021-40396 (A privilege escalation vulnerability exists in the installation
 CVE-2021-40395
 	REJECTED
 CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+	{DSA-5306-1}
 	- gerbv 2.8.1-1
 	[buster] - gerbv <no-dsa> (Minor issue)
 	[stretch] - gerbv <no-dsa> (Minor issue)
@@ -98670,6 +98817,7 @@ CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X apert
 	NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28
 	NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1)
 CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+	{DSA-5306-1}
 	- gerbv 2.8.2-1
 	[buster] - gerbv <no-dsa> (Minor issue)
 	[stretch] - gerbv <no-dsa> (Minor issue)
@@ -120003,7 +120151,7 @@ CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement t
 	- bitcoin <unfixed> (bug #1014166)
 	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876
 	NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
-CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...)
+CVE-2021-31875 (** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a malicio ...)
 	NOT-FOR-US: Cesanta MongooseOS mJS
 CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations,  ...)
 	NOT-FOR-US: Zoho



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0245ecc017a7c8ea3ef5a68e24380f6f91d5982d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0245ecc017a7c8ea3ef5a68e24380f6f91d5982d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221227/e1669949/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list