[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 10 21:10:32 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e61e940 by security tracker role at 2023-04-10T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-30467
+	RESERVED
+CVE-2023-30466
+	RESERVED
+CVE-2023-30465
+	RESERVED
+CVE-2023-1972
+	RESERVED
+CVE-2023-1971 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2023-1969 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+	TODO: check
+CVE-2023-1968
+	RESERVED
+CVE-2023-1967
+	RESERVED
+CVE-2023-1966
+	RESERVED
+CVE-2023-1965
+	RESERVED
 CVE-2023-30464
 	RESERVED
 CVE-2023-30463
@@ -29,8 +51,8 @@ CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGuruk
 	NOT-FOR-US: PHPGurukul Bank Locker Management System
 CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management System  ...)
 	NOT-FOR-US: PHPGurukul Bank Locker Management System
-CVE-2018-25084
-	RESERVED
+CVE-2018-25084 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2023-30451
 	RESERVED
 CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...)
@@ -75,8 +97,8 @@ CVE-2023-30431
 	RESERVED
 CVE-2023-30430
 	RESERVED
-CVE-2015-10100
-	RESERVED
+CVE-2015-10100 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
 CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...)
 	NOT-FOR-US: Dart http_server
 CVE-2014-125097 (A vulnerability, which was classified as problematic, was found in Bes ...)
@@ -1923,8 +1945,8 @@ CVE-2023-1944
 	RESERVED
 CVE-2023-1943
 	RESERVED
-CVE-2015-10099
-	RESERVED
+CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...)
+	TODO: check
 CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has be ...)
@@ -2466,10 +2488,10 @@ CVE-2023-29378
 	RESERVED
 CVE-2023-29377
 	RESERVED
-CVE-2023-29376
-	RESERVED
-CVE-2023-29375
-	RESERVED
+CVE-2023-29376 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647,  ...)
+	TODO: check
+CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647,  ...)
+	TODO: check
 CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...)
 	NOT-FOR-US: LangChain
 CVE-2023-29373
@@ -2915,11 +2937,9 @@ CVE-2023-1809
 	RESERVED
 CVE-2023-1808
 	RESERVED
-CVE-2023-29216
-	RESERVED
+CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not effectivel ...)
 	NOT-FOR-US: Apache Linkis
-CVE-2023-29215
-	RESERVED
+CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective filtering of ...)
 	NOT-FOR-US: Apache Linkis
 CVE-2023-29214
 	RESERVED
@@ -5240,8 +5260,8 @@ CVE-2023-28490
 	RESERVED
 CVE-2023-28489
 	RESERVED
-CVE-2023-1478
-	RESERVED
+CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...)
+	TODO: check
 CVE-2023-1477
 	RESERVED
 CVE-2023-1476
@@ -5361,10 +5381,10 @@ CVE-2023-1428
 	RESERVED
 CVE-2023-1427
 	RESERVED
-CVE-2023-1426
-	RESERVED
-CVE-2023-1425
-	RESERVED
+CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...)
+	TODO: check
+CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Aw ...)
+	TODO: check
 CVE-2023-28488
 	RESERVED
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
@@ -5781,8 +5801,8 @@ CVE-2023-1408
 	RESERVED
 CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...)
 	NOT-FOR-US: SourceCodester
-CVE-2023-1406
-	RESERVED
+CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files  ...)
+	TODO: check
 CVE-2022-48420
 	RESERVED
 CVE-2022-48419
@@ -6191,8 +6211,8 @@ CVE-2023-27389
 	RESERVED
 CVE-2023-23575
 	RESERVED
-CVE-2023-1381
-	RESERVED
+CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate image  ...)
+	TODO: check
 CVE-2022-48402
 	RESERVED
 CVE-2022-48401
@@ -6271,10 +6291,10 @@ CVE-2023-28208
 	RESERVED
 CVE-2023-28207
 	RESERVED
-CVE-2023-28206
-	RESERVED
-CVE-2023-28205
-	RESERVED
+CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2023-28205 (A use after free issue was addressed with improved memory management.  ...)
+	TODO: check
 CVE-2023-28204
 	RESERVED
 CVE-2023-28203
@@ -7016,8 +7036,7 @@ CVE-2023-27989
 	RESERVED
 CVE-2023-27988
 	RESERVED
-CVE-2023-27987
-	RESERVED
+CVE-2023-27987 (In Apache Linkis <=1.3.1, due to the default token generated by Lin ...)
 	NOT-FOR-US: Apache Linkis
 CVE-2023-1297
 	RESERVED
@@ -8052,8 +8071,8 @@ CVE-2023-27652
 	RESERVED
 CVE-2023-27651
 	RESERVED
-CVE-2023-27650
-	RESERVED
+CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...)
+	TODO: check
 CVE-2023-27649
 	RESERVED
 CVE-2023-27648
@@ -8166,11 +8185,9 @@ CVE-2023-1178
 	RESERVED
 CVE-2023-27604
 	RESERVED
-CVE-2023-27603
-	RESERVED
+CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn mate ...)
 	NOT-FOR-US: Apache Linkis
-CVE-2023-27602
-	RESERVED
+CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module uploads files wi ...)
 	NOT-FOR-US: Apache Linkis
 CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)
 	NOT-FOR-US: mlflow
@@ -8829,12 +8846,12 @@ CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1123
 	RESERVED
-CVE-2023-1122
-	RESERVED
-CVE-2023-1121
-	RESERVED
-CVE-2023-1120
-	RESERVED
+CVE-2023-1122 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise  ...)
+	TODO: check
+CVE-2023-1121 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise  ...)
+	TODO: check
+CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise  ...)
+	TODO: check
 CVE-2023-1119
 	RESERVED
 CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...)
@@ -9864,8 +9881,8 @@ CVE-2023-26988
 	RESERVED
 CVE-2023-26987
 	RESERVED
-CVE-2023-26986
-	RESERVED
+CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers ...)
+	TODO: check
 CVE-2023-26985
 	RESERVED
 CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 allows at ...)
@@ -10005,8 +10022,8 @@ CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows at
 	NOT-FOR-US: quectel
 CVE-2023-26920
 	RESERVED
-CVE-2023-26919
-	RESERVED
+CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...)
+	TODO: check
 CVE-2023-26918
 	RESERVED
 CVE-2023-26917
@@ -10124,8 +10141,8 @@ CVE-2023-26862
 	RESERVED
 CVE-2023-26861
 	RESERVED
-CVE-2023-26860
-	RESERVED
+CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...)
+	TODO: check
 CVE-2023-26859
 	RESERVED
 CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
@@ -10268,8 +10285,8 @@ CVE-2023-26790
 	RESERVED
 CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...)
 	NOT-FOR-US: Veritas
-CVE-2023-26788
-	RESERVED
+CVE-2023-26788 (Veritas Appliance v4.1.0.1 is affected by Host Header Injection attack ...)
+	TODO: check
 CVE-2023-26787
 	RESERVED
 CVE-2023-26786
@@ -10296,8 +10313,8 @@ CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 all
 	NOT-FOR-US: Monitorr
 CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...)
 	NOT-FOR-US: Monitorr
-CVE-2023-26774
-	RESERVED
+CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows a remot ...)
+	TODO: check
 CVE-2023-26773
 	RESERVED
 CVE-2023-26772
@@ -11157,8 +11174,8 @@ CVE-2023-0985
 	RESERVED
 CVE-2023-0984
 	RESERVED
-CVE-2023-0983
-	RESERVED
+CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does ...)
+	TODO: check
 CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
 	NOT-FOR-US: SourceCodester Yoga Class Registration System
 CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
@@ -12530,8 +12547,8 @@ CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin for
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0894
 	RESERVED
-CVE-2023-0893
-	RESERVED
+CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...)
+	TODO: check
 CVE-2023-0892
 	RESERVED
 CVE-2023-0891
@@ -12610,8 +12627,8 @@ CVE-2023-0876 (The WP Meta SEO WordPress plugin before 4.5.3 does not authorize
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly saniti ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0874
-	RESERVED
+CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escap ...)
+	TODO: check
 CVE-2023-0873
 	RESERVED
 CVE-2023-25932
@@ -14430,8 +14447,8 @@ CVE-2023-25394
 	RESERVED
 CVE-2023-25393
 	RESERVED
-CVE-2023-25392
-	RESERVED
+CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate  ...)
+	TODO: check
 CVE-2023-25391
 	RESERVED
 CVE-2023-25390
@@ -15792,8 +15809,8 @@ CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projects
 	NOT-FOR-US: ProjectSend
 CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...)
 	- ampache <removed>
-CVE-2023-0605
-	RESERVED
+CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not ...)
+	TODO: check
 CVE-2023-0604
 	RESERVED
 CVE-2023-0603
@@ -16591,8 +16608,8 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitiz
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0547
 	RESERVED
-CVE-2023-0546
-	RESERVED
+CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...)
+	TODO: check
 CVE-2023-0545
 	RESERVED
 CVE-2023-0544
@@ -17787,8 +17804,8 @@ CVE-2023-24183
 	RESERVED
 CVE-2023-24182
 	RESERVED
-CVE-2023-24181
-	RESERVED
+CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...)
+	TODO: check
 CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
 	- libelfin <unfixed> (bug #1033741)
 	[bookworm] - libelfin <no-dsa> (Minor issue)
@@ -18315,10 +18332,10 @@ CVE-2023-0425
 	RESERVED
 CVE-2023-0424
 	RESERVED
-CVE-2023-0423
-	RESERVED
-CVE-2023-0422
-	RESERVED
+CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...)
+	TODO: check
+CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...)
+	TODO: check
 CVE-2023-0421
 	RESERVED
 CVE-2023-0420
@@ -18977,8 +18994,8 @@ CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate and escap ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0363
-	RESERVED
+CVE-2023-0363 (The Scheduled Announcements Widget WordPress plugin before 1.0 does no ...)
+	TODO: check
 CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange message ...)
@@ -21696,10 +21713,10 @@ CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress plugi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...)
 	NOT-FOR-US: NLnet Labs Krill
-CVE-2023-0157
-	RESERVED
-CVE-2023-0156
-	RESERVED
+CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not  ...)
+	TODO: check
+CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not  ...)
+	TODO: check
 CVE-2023-0155
 	RESERVED
 CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...)
@@ -23591,8 +23608,8 @@ CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 do
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4827
-	RESERVED
+CVE-2022-4827 (The WP Tiles WordPress plugin through 1.1.2 does not validate and esca ...)
+	TODO: check
 CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate and esc ...)
@@ -29729,10 +29746,10 @@ CVE-2022-46719
 	RESERVED
 CVE-2022-46718
 	RESERVED
-CVE-2022-46717
-	RESERVED
-CVE-2022-46716
-	RESERVED
+CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
 CVE-2022-46715
 	RESERVED
 CVE-2022-46714
@@ -29745,8 +29762,8 @@ CVE-2022-46711
 	RESERVED
 CVE-2022-46710
 	RESERVED
-CVE-2022-46709
-	RESERVED
+CVE-2022-46709 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
 CVE-2022-46708
 	RESERVED
 CVE-2022-46707
@@ -29757,8 +29774,8 @@ CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was
 	NOT-FOR-US: Apple
 CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
-CVE-2022-46703
-	RESERVED
+CVE-2022-46703 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
 CVE-2022-46702 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...)
@@ -41415,63 +41432,63 @@ CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeL
 CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...)
 	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	[experimental] - openimageio 2.4.7.1+dfsg-1
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3670
 CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3673
 CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3673
 CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3672
 CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3672
@@ -43747,8 +43764,8 @@ CVE-2022-42860
 	RESERVED
 CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...)
 	NOT-FOR-US: Apple
-CVE-2022-42858
-	RESERVED
+CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...)
+	TODO: check
 CVE-2022-42857
 	RESERVED
 CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...)
@@ -44660,7 +44677,7 @@ CVE-2022-42470
 CVE-2022-42469
 	RESERVED
 CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	[experimental] - openimageio 2.4.7.1+dfsg-1
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
@@ -44669,17 +44686,18 @@ CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile
 CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m DELETE_FI ...)
 	NOT-FOR-US: Siretta
 CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
 	NOTE: https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3632
 CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
 	NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b
 CVE-2022-41837 (An out-of-bounds write vulnerability exists in the OpenImageIO::add_ex ...)
+	{DSA-5384-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636
 	NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
@@ -45974,30 +45992,33 @@ CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaus
 CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...)
 	NOT-FOR-US: SonicJS
 CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
 	NOTE: Prerequisite: https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d
 	NOTE: https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249
 CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3628
 CVE-2022-41794 (A heap based buffer overflow vulnerability exists in the PSD thumbnail ...)
+	{DSA-5384-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626
 	NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
 CVE-2022-41684 (A heap out of bounds read vulnerability exists in the OpenImageIO mast ...)
+	{DSA-5384-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632
 	NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
 CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling of IPTC ...)
+	{DSA-5384-1}
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631
 	NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
 CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decoding cod ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3632
@@ -46008,7 +46029,7 @@ CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenI
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3620
 CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...)
-	{DLA-3382-1}
+	{DSA-5384-1 DLA-3382-1}
 	- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3624
@@ -46028,8 +46049,8 @@ CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly
 	NOT-FOR-US: HIWIN Robot System Software
 CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2022-41976
-	RESERVED
+CVE-2022-41976 (An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 buil ...)
+	TODO: check
 CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
 	NOT-FOR-US: RealVNC
 CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...)
@@ -53522,8 +53543,8 @@ CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
 	- octoprint <itp> (bug #718591)
-CVE-2022-39048
-	RESERVED
+CVE-2022-39048 (ServiceNow Tokyo allows XSS. ...)
+	TODO: check
 CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...)
 	- glibc <not-affected> (Vulnerable code introduced later)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29536
@@ -58031,8 +58052,8 @@ CVE-2022-37464
 	RESERVED
 CVE-2022-37463
 	RESERVED
-CVE-2022-37462
-	RESERVED
+CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget i ...)
+	TODO: check
 CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...)
 	NOT-FOR-US: Canon Medical Vitrea View
 CVE-2022-37460
@@ -70568,8 +70589,8 @@ CVE-2022-32873
 	RESERVED
 CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is  ...)
 	NOT-FOR-US: Apple
-CVE-2022-32871
-	RESERVED
+CVE-2022-32871 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
 CVE-2022-32870 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2022-32869
@@ -103820,8 +103841,8 @@ CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to
 	NOT-FOR-US: Tenda routers
 CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
 	NOT-FOR-US: Tenda routers
-CVE-2021-45985
-	RESERVED
+CVE-2021-45985 (In Lua 5.4.3, an erroneous finalizer called during a tail call leads t ...)
+	TODO: check
 CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...)
 	{DSA-5173-1 DSA-5127-1}
 	- linux 5.15.15-1
@@ -110327,6 +110348,7 @@ CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux
 CVE-2021-4022 (A vulnerability was found in rizin. The bug involves an ELF64 binary f ...)
 	NOT-FOR-US: Rizin
 CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...)
+	{DLA-3388-1}
 	- keepalived 1:2.2.4-0.2
 	[bullseye] - keepalived 1:2.1.5-0.2+deb11u1
 	[stretch] - keepalived <no-dsa> (Minor issue)
@@ -171808,8 +171830,8 @@ CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticat
 	NOT-FOR-US: Zenphoto
 CVE-2020-36078
 	RESERVED
-CVE-2020-36077
-	RESERVED
+CVE-2020-36077 (SQL injection vulnerability found in Tailor Mangement System v.1 allow ...)
+	TODO: check
 CVE-2020-36076
 	RESERVED
 CVE-2020-36075



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e61e94059ba2e595044be17d05c8f23b7f088a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e61e94059ba2e595044be17d05c8f23b7f088a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/1b5fca61/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list