[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 28 08:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37f54598 by security tracker role at 2022-12-28T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2023-22438
+ RESERVED
+CVE-2023-22432
+ RESERVED
+CVE-2023-22429
+ RESERVED
+CVE-2023-22427
+ RESERVED
+CVE-2023-22425
+ RESERVED
+CVE-2023-22424
+ RESERVED
+CVE-2023-22421
+ RESERVED
+CVE-2023-22419
+ RESERVED
+CVE-2023-22377
+ RESERVED
+CVE-2023-22376
+ RESERVED
+CVE-2023-22375
+ RESERVED
+CVE-2023-22370
+ RESERVED
+CVE-2023-22369
+ RESERVED
+CVE-2023-22368
+ RESERVED
+CVE-2023-22367
+ RESERVED
+CVE-2023-22362
+ RESERVED
+CVE-2023-22360
+ RESERVED
+CVE-2023-22353
+ RESERVED
+CVE-2023-22350
+ RESERVED
+CVE-2023-22349
+ RESERVED
+CVE-2023-22347
+ RESERVED
+CVE-2023-22346
+ RESERVED
+CVE-2023-22345
+ RESERVED
+CVE-2023-22344
+ RESERVED
+CVE-2023-22336
+ RESERVED
+CVE-2023-22335
+ RESERVED
+CVE-2023-22333
+ RESERVED
+CVE-2023-22332
+ RESERVED
+CVE-2023-22324
+ RESERVED
+CVE-2023-22322
+ RESERVED
+CVE-2023-22320
+ RESERVED
+CVE-2023-22316
+ RESERVED
+CVE-2023-22304
+ RESERVED
+CVE-2023-22303
+ RESERVED
+CVE-2023-22298
+ RESERVED
+CVE-2023-22296
+ RESERVED
+CVE-2023-22286
+ RESERVED
+CVE-2023-22280
+ RESERVED
+CVE-2023-22279
+ RESERVED
+CVE-2023-22278
+ RESERVED
+CVE-2022-47969
+ RESERVED
+CVE-2022-4777
+ RESERVED
+CVE-2022-4776
+ RESERVED
+CVE-2022-4775
+ RESERVED
+CVE-2022-4774
+ RESERVED
+CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+ TODO: check
+CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical. Affect ...)
+ TODO: check
+CVE-2022-4771
+ RESERVED
+CVE-2022-4770
+ RESERVED
+CVE-2022-4769
+ RESERVED
+CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classified as ...)
+ TODO: check
+CVE-2022-47318
+ RESERVED
+CVE-2022-46648
+ RESERVED
+CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It h ...)
+ TODO: check
+CVE-2021-4291 (A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It h ...)
+ TODO: check
+CVE-2021-4290 (A vulnerability was found in DHBW Fallstudie. It has been declared as ...)
+ TODO: check
+CVE-2020-36636 (A vulnerability classified as problematic has been found in OpenMRS Ad ...)
+ TODO: check
+CVE-2020-36635 (A vulnerability was found in OpenMRS Appointment Scheduling Module up ...)
+ TODO: check
+CVE-2019-25091 (A vulnerability classified as problematic has been found in nsupdate.i ...)
+ TODO: check
CVE-2023-22417
RESERVED
CVE-2023-22416
@@ -5250,6 +5368,7 @@ CVE-2022-46692 (A logic issue was addressed with improved state management. This
- wpewebkit 2.38.3-1
NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
CVE-2022-46691 (A memory consumption issue was addressed with improved memory handling ...)
+ {DSA-5274-1 DSA-5273-1 DLA-3183-1}
- webkit2gtk 2.38.1-1
- wpewebkit 2.38.1-1
NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
@@ -5824,8 +5943,8 @@ CVE-2022-46444
RESERVED
CVE-2022-46443 (mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemq ...)
NOT-FOR-US: mesinkasir Bangresto
-CVE-2022-46442
- RESERVED
+CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n q ...)
+ TODO: check
CVE-2022-46441
RESERVED
CVE-2022-46440
@@ -6914,8 +7033,8 @@ CVE-2022-46181
RESERVED
CVE-2022-46180
RESERVED
-CVE-2022-46179
- RESERVED
+CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...)
+ TODO: check
CVE-2022-46178
RESERVED
CVE-2022-46177
@@ -6928,12 +7047,12 @@ CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims
NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h
NOTE: https://github.com/json5/json5/issues/199
NOTE: https://github.com/json5/json5/issues/295
-CVE-2022-46174
- RESERVED
-CVE-2022-46173
- RESERVED
-CVE-2022-46172
- RESERVED
+CVE-2022-46174 (efs-utils is a set of Utilities for Amazon Elastic File System (EFS). ...)
+ TODO: check
+CVE-2022-46173 (Elrond-GO is a go implementation for the Elrond Network protocol. Vers ...)
+ TODO: check
+CVE-2022-46172 (authentik is an open-source Identity provider focused on flexibility a ...)
+ TODO: check
CVE-2022-46171 (Tauri is a framework for building binaries for all major desktop platf ...)
NOT-FOR-US: Tauri
CVE-2022-46170 (CodeIgniter is a PHP full-stack web framework. When an application use ...)
@@ -7427,8 +7546,8 @@ CVE-2022-45965
RESERVED
CVE-2022-45964
RESERVED
-CVE-2022-45963
- RESERVED
+CVE-2022-45963 (h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. ...)
+ TODO: check
CVE-2022-45962
RESERVED
CVE-2022-45961
@@ -7950,8 +8069,8 @@ CVE-2022-45780
RESERVED
CVE-2022-45779
RESERVED
-CVE-2022-45778
- RESERVED
+CVE-2022-45778 (https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0. ...)
+ TODO: check
CVE-2022-45777
RESERVED
CVE-2022-45776
@@ -18925,6 +19044,7 @@ CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This issu
CVE-2022-42864 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2022-42863 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
@@ -21032,7 +21152,7 @@ CVE-2022-42048
RESERVED
CVE-2022-42047
RESERVED
-CVE-2022-42046 (WFS, Inc HeavenBurnsRed 2020.3.15.7141260 is vulnerable to Local Privi ...)
+CVE-2022-42046 (wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary ...)
NOT-FOR-US: HeavenBurnsRed
CVE-2022-42045
RESERVED
@@ -21223,10 +21343,10 @@ CVE-2022-41969 (Nextcloud Server is an open source personal cloud server. Prior
- nextcloud-server <itp> (bug #941708)
CVE-2022-41968 (Nextcloud Server is an open source personal cloud server. Prior to ver ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2022-41967
- RESERVED
-CVE-2022-41966
- RESERVED
+CVE-2022-41967 (Dragonfly is a Java runtime dependency management library. Dragonfly v ...)
+ TODO: check
+CVE-2022-41966 (XStream serializes Java objects to XML and back again. Versions prior ...)
+ TODO: check
CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...)
NOT-FOR-US: Opencast
CVE-2022-41964 (BigBlueButton is an open source web conferencing system. This vulnerab ...)
@@ -22214,10 +22334,10 @@ CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp stick
NOT-FOR-US: WordPress plugin
CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...)
NOT-FOR-US: Buffalo
-CVE-2022-3347
- RESERVED
-CVE-2022-3346
- RESERVED
+CVE-2022-3347 (DNSSEC validation is not performed correctly. An attacker can cause th ...)
+ TODO: check
+CVE-2022-3346 (DNSSEC validation is not performed correctly. An attacker can cause th ...)
+ TODO: check
CVE-2022-3345
RESERVED
CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A malic ...)
@@ -28557,8 +28677,8 @@ CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-3064
- RESERVED
+CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...)
+ TODO: check
CVE-2022-3063
REJECTED
CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)
@@ -34345,44 +34465,44 @@ CVE-2022-2585
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/7
-CVE-2022-2584
- RESERVED
-CVE-2022-2583
- RESERVED
-CVE-2022-2582
- RESERVED
-CVE-2021-4239
- RESERVED
-CVE-2021-4238
- RESERVED
+CVE-2022-2584 (The dag-pb codec can panic when decoding invalid blocks. ...)
+ TODO: check
+CVE-2022-2583 (A race condition can cause incorrect HTTP request routing. ...)
+ TODO: check
+CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...)
+ TODO: check
+CVE-2021-4239 (The Noise protocol implementation suffers from weakened cryptographic ...)
+ TODO: check
+CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly less ent ...)
+ TODO: check
CVE-2021-4237
RESERVED
-CVE-2021-4236
- RESERVED
-CVE-2021-4235
- RESERVED
-CVE-2020-36569
- RESERVED
-CVE-2020-36568
- RESERVED
-CVE-2020-36567
- RESERVED
-CVE-2020-36566
- RESERVED
+CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...)
+ TODO: check
+CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
+ TODO: check
+CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/golang-na ...)
+ TODO: check
+CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...)
+ TODO: check
+CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...)
+ TODO: check
+CVE-2020-36566 (Due to improper path santization, archives containing relative file pa ...)
+ TODO: check
CVE-2020-36565 (Due to improper sanitization of user input on Windows, the static file ...)
TODO: check
-CVE-2020-36564
- RESERVED
-CVE-2020-36563
- RESERVED
+CVE-2020-36564 (Due to improper validation of caller input, validation is silently dis ...)
+ TODO: check
+CVE-2020-36563 (XML Digital Signatures generated and validated using this package use ...)
+ TODO: check
CVE-2019-25075 (HTML injection combined with path traversal in the Email service in Gr ...)
NOT-FOR-US: Gravitee API Management
CVE-2019-25074
RESERVED
-CVE-2019-25073
- RESERVED
-CVE-2016-15005
- RESERVED
+CVE-2019-25073 (Improper path santiziation in github.com/goadesign/goa before v3.0.9, ...)
+ TODO: check
+CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a cryptographi ...)
+ TODO: check
CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a deserializat ...)
NOT-FOR-US: Apache Geode
CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a dese ...)
@@ -34413,26 +34533,26 @@ CVE-2022-2574 (The Meks Easy Social Share WordPress plugin before 1.2.8 does not
NOT-FOR-US: WordPress plugin
CVE-2022-2573
RESERVED
-CVE-2020-36562
- RESERVED
-CVE-2020-36561
- RESERVED
-CVE-2020-36560
- RESERVED
-CVE-2020-36559
- RESERVED
-CVE-2019-25072
- RESERVED
-CVE-2018-25046
- RESERVED
-CVE-2017-20146
- RESERVED
-CVE-2015-10004
- RESERVED
-CVE-2014-125026
- RESERVED
-CVE-2013-10005
- RESERVED
+CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages can cau ...)
+ TODO: check
+CVE-2020-36561 (Due to improper path santization, archives containing relative file pa ...)
+ TODO: check
+CVE-2020-36560 (Due to improper path santization, archives containing relative file pa ...)
+ TODO: check
+CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle allows fo ...)
+ TODO: check
+CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...)
+ TODO: check
+CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...)
+ TODO: check
+CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...)
+ TODO: check
+CVE-2015-10004 (Token validation methods are susceptible to a timing side-channel duri ...)
+ TODO: check
+CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memory corru ...)
+ TODO: check
+CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...)
+ TODO: check
CVE-2022-37020
RESERVED
CVE-2022-37019
@@ -73732,8 +73852,8 @@ CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An atta
- tensorflow <itp> (bug #804612)
CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This vulnerability may ...)
- codeigniter <itp> (bug #471583)
-CVE-2022-23555
- RESERVED
+CVE-2022-23555 (authentik is an open-source Identity Provider focused on flexibility a ...)
+ TODO: check
CVE-2022-23554
RESERVED
CVE-2022-23553
@@ -73760,8 +73880,8 @@ CVE-2022-23546
RESERVED
CVE-2022-23545
RESERVED
-CVE-2022-23544
- RESERVED
+CVE-2022-23544 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
+ TODO: check
CVE-2022-23543 (Silverware Games is a social network where people can play games onlin ...)
TODO: check
CVE-2022-23542 (OpenFGA is an authorization/permission engine built for developers and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37f54598bdc757fe28f5649b3167669aa7f9b034
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37f54598bdc757fe28f5649b3167669aa7f9b034
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/34738fa8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list