[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1621c56a by security tracker role at 2022-12-29T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2023-22500
+	RESERVED
+CVE-2023-22499
+	RESERVED
+CVE-2023-22498
+	RESERVED
+CVE-2023-22497
+	RESERVED
+CVE-2023-22496
+	RESERVED
+CVE-2023-22495
+	RESERVED
+CVE-2023-22494
+	RESERVED
+CVE-2023-22493
+	RESERVED
+CVE-2023-22492
+	RESERVED
+CVE-2023-22491
+	RESERVED
+CVE-2023-22490
+	RESERVED
+CVE-2023-22489
+	RESERVED
+CVE-2023-22488
+	RESERVED
+CVE-2023-22487
+	RESERVED
+CVE-2023-22486
+	RESERVED
+CVE-2023-22485
+	RESERVED
+CVE-2023-22484
+	RESERVED
+CVE-2023-22483
+	RESERVED
+CVE-2023-22482
+	RESERVED
+CVE-2023-22481
+	RESERVED
+CVE-2023-22480
+	RESERVED
+CVE-2023-22479
+	RESERVED
+CVE-2023-22478
+	RESERVED
+CVE-2023-22477
+	RESERVED
+CVE-2023-22476
+	RESERVED
+CVE-2023-0027
+	RESERVED
+CVE-2022-4854
+	RESERVED
+CVE-2022-4853
+	RESERVED
+CVE-2022-4852
+	RESERVED
+CVE-2022-4851 (Improper Handling of Values in GitHub repository usememos/memos prior  ...)
+	TODO: check
+CVE-2022-4850 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos  ...)
+	TODO: check
+CVE-2022-4849 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos  ...)
+	TODO: check
+CVE-2022-4848 (Improper Verification of Source of a Communication Channel in GitHub r ...)
+	TODO: check
+CVE-2022-4847 (Incorrectly Specified Destination in a Communication Channel in GitHub ...)
+	TODO: check
+CVE-2022-4846 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos  ...)
+	TODO: check
+CVE-2022-4845 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos  ...)
+	TODO: check
+CVE-2022-4844 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos  ...)
+	TODO: check
+CVE-2022-4843 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior  ...)
+	TODO: check
+CVE-2022-4842
+	RESERVED
+CVE-2022-4841 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+	TODO: check
+CVE-2022-4840 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+	TODO: check
+CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+	TODO: check
+CVE-2022-4838
+	RESERVED
+CVE-2022-4837
+	RESERVED
+CVE-2022-4836
+	RESERVED
+CVE-2022-4835
+	RESERVED
+CVE-2022-4834
+	RESERVED
+CVE-2022-4833
+	RESERVED
+CVE-2022-4832
+	RESERVED
+CVE-2022-4831
+	RESERVED
+CVE-2022-4830
+	RESERVED
+CVE-2022-4829
+	RESERVED
+CVE-2022-4828
+	RESERVED
+CVE-2022-4827
+	RESERVED
+CVE-2022-4826
+	RESERVED
+CVE-2022-4825
+	RESERVED
+CVE-2022-4824
+	RESERVED
+CVE-2022-48190
+	RESERVED
+CVE-2022-48189
+	RESERVED
+CVE-2022-48188
+	RESERVED
+CVE-2022-48187
+	RESERVED
+CVE-2022-48186
+	RESERVED
+CVE-2022-48185
+	RESERVED
+CVE-2022-48184
+	RESERVED
+CVE-2022-48183
+	RESERVED
+CVE-2022-48182
+	RESERVED
+CVE-2022-48181
+	RESERVED
+CVE-2022-48180
+	RESERVED
+CVE-2022-48179
+	RESERVED
+CVE-2021-4296 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2021-4295 (A vulnerability classified as problematic was found in ONC code-valida ...)
+	TODO: check
+CVE-2018-25058 (A vulnerability classified as problematic has been found in Twitter-Po ...)
+	TODO: check
 CVE-2023-22475
 	RESERVED
 CVE-2023-22474
@@ -7619,14 +7763,14 @@ CVE-2022-46183
 	RESERVED
 CVE-2022-46182
 	RESERVED
-CVE-2022-46181
-	RESERVED
+CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...)
+	TODO: check
 CVE-2022-46180
 	RESERVED
 CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...)
 	TODO: check
-CVE-2022-46178
-	RESERVED
+CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
+	TODO: check
 CVE-2022-46177
 	RESERVED
 CVE-2022-46176
@@ -11740,7 +11884,8 @@ CVE-2022-44723
 	RESERVED
 CVE-2022-44722
 	RESERVED
-CVE-2022-44721 (CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uni ...)
+CVE-2022-44721
+	REJECTED
 	NOT-FOR-US: CrowdStrike Falcon
 CVE-2022-44720
 	RESERVED
@@ -21901,6 +22046,7 @@ CVE-2022-41976
 CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
 	NOT-FOR-US: RealVNC
 CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...)
+	{DLA-3250-1}
 	- multipath-tools 0.9.4-1 (bug #1022742)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
 	NOTE: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
@@ -21913,6 +22059,7 @@ CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local us
 	NOTE: https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2)
 	NOTE: https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2)
 CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to ...)
+	{DLA-3250-1}
 	- multipath-tools 0.9.4-1 (bug #1022742)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
 	NOTE: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
@@ -33387,7 +33534,7 @@ CVE-2022-37618
 	RESERVED
 CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
 	NOT-FOR-US: Node browserify-shim
-CVE-2022-37616 (** DISPUTED ** A prototype pollution vulnerability exists in the funct ...)
+CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
 	{DLA-3154-1}
 	- node-xmldom 0.8.3-1 (bug #1021618)
 	[bullseye] - node-xmldom 0.5.0-1+deb11u1
@@ -55369,7 +55516,7 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an in
 	NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in Fishbow ...)
 	NOT-FOR-US: Fishbowl Inventory
-CVE-2022-29804 (In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x bef ...)
+CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...)
 	- golang-1.18 <not-affected> (Only affects Go on Windows)
 	- golang-1.17 <not-affected> (Only affects Go on Windows)
 	- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -60264,7 +60411,7 @@ CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier do
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-28132
 	RESERVED
-CVE-2022-28131 (In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before ...)
+CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...)
 	- golang-1.18 1.18.4-1
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -159843,7 +159990,7 @@ CVE-2020-28367 (Code injection in the go command with cgo before Go 1.14.12 and
 	[stretch] - golang-1.7 <ignored> (validation of cgo flags first introduced in golang-1.8 / CVE-2018-6574)
 	NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
 	NOTE: https://github.com/golang/go/issues/42556
-CVE-2020-28366 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. ...)
+CVE-2020-28366 (Code injection in the go command with cgo before Go 1.14.12 and Go 1.1 ...)
 	- golang-1.15 1.15.5-1
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1621c56a9290d2ca21423f349f3b64737d0ef713

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1621c56a9290d2ca21423f349f3b64737d0ef713
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221229/a46bb284/attachment-0001.htm>