[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 15 09:10:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18e5b398 by security tracker role at 2023-04-15T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-29240
+ RESERVED
+CVE-2023-29163
+ RESERVED
+CVE-2023-28742
+ RESERVED
+CVE-2023-28724
+ RESERVED
+CVE-2023-28656
+ RESERVED
+CVE-2023-28406
+ RESERVED
+CVE-2023-27378
+ RESERVED
+CVE-2023-24594
+ RESERVED
+CVE-2023-24461
+ RESERVED
+CVE-2023-22372
+ RESERVED
+CVE-2023-2089
+ RESERVED
+CVE-2023-2088
+ RESERVED
+CVE-2023-2087
+ RESERVED
+CVE-2023-2086
+ RESERVED
+CVE-2023-2085
+ RESERVED
+CVE-2023-2084
+ RESERVED
+CVE-2023-2083
+ RESERVED
+CVE-2023-2082
+ RESERVED
+CVE-2023-2081
+ RESERVED
+CVE-2023-2080
+ RESERVED
+CVE-2023-2079
+ RESERVED
+CVE-2023-2078
+ RESERVED
+CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...)
+ TODO: check
CVE-2023-30770
RESERVED
CVE-2023-30769
@@ -403,12 +449,12 @@ CVE-2023-27513
RESERVED
CVE-2023-25774
RESERVED
-CVE-2023-2077
- RESERVED
-CVE-2023-2076
- RESERVED
-CVE-2023-2075
- RESERVED
+CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-2076 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
+ TODO: check
+CVE-2023-2075 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+ TODO: check
CVE-2023-2074 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...)
NOT-FOR-US: Campcodes Online Traffic Offense Management System
CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...)
@@ -673,8 +719,8 @@ CVE-2023-30537
RESERVED
CVE-2023-30536
RESERVED
-CVE-2023-30535
- RESERVED
+CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
+ TODO: check
CVE-2023-30534
RESERVED
CVE-2023-30533
@@ -685,16 +731,15 @@ CVE-2023-2010
RESERVED
CVE-2023-2009
RESERVED
-CVE-2023-2008
- RESERVED
+CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...)
+ TODO: check
CVE-2023-2007
RESERVED
CVE-2023-2006
RESERVED
CVE-2023-2005
RESERVED
-CVE-2023-2004 [integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c]
- RESERVED
+CVE-2023-2004 (An integer overflow vulnerability was discovered in Freetype in tt_hva ...)
- freetype <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
NOTE: https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611 (VER-2-13-0)
@@ -3498,8 +3543,8 @@ CVE-2021-4334
RESERVED
CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...)
NOT-FOR-US: phpMiniAdmin
-CVE-2023-29383
- RESERVED
+CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...)
+ TODO: check
CVE-2023-29382
RESERVED
CVE-2023-29381
@@ -4311,20 +4356,20 @@ CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Akbim Computer Panon
CVE-2023-29092
RESERVED
-CVE-2023-29091
- RESERVED
-CVE-2023-29090
- RESERVED
-CVE-2023-29089
- RESERVED
-CVE-2023-29088
- RESERVED
-CVE-2023-29087
- RESERVED
-CVE-2023-29086
- RESERVED
-CVE-2023-29085
- RESERVED
+CVE-2023-29091 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
+CVE-2023-29090 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
+CVE-2023-29089 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
+CVE-2023-29088 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
+CVE-2023-29087 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
+CVE-2023-29086 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
+CVE-2023-29085 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+ TODO: check
CVE-2023-29084 (Zoho ManageEngine ADManager Plus through 7180 allows for authenticated ...)
TODO: check
CVE-2023-29083
@@ -9142,8 +9187,8 @@ CVE-2023-27656
RESERVED
CVE-2023-27655 (xpdf v4.04 was discovered to contain a stack overflow in the component ...)
TODO: check
-CVE-2023-27654
- RESERVED
+CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...)
+ TODO: check
CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...)
TODO: check
CVE-2023-27652
@@ -9156,8 +9201,8 @@ CVE-2023-27649 (SQL injection vulnerability found in Trusted Tools Free Music v.
TODO: check
CVE-2023-27648 (Directory Traversal vulnerability found in T-ME Studios Change Color o ...)
TODO: check
-CVE-2023-27647
- RESERVED
+CVE-2023-27647 (An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacke ...)
+ TODO: check
CVE-2023-27646
RESERVED
CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and build ...)
@@ -9368,10 +9413,10 @@ CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-al
NOT-FOR-US: ShadowsocksX-NG
CVE-2023-27573
RESERVED
-CVE-2023-27572
- RESERVED
-CVE-2023-27571
- RESERVED
+CVE-2023-27572 (An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.0 ...)
+ TODO: check
+CVE-2023-27571 (An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_ ...)
+ TODO: check
CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection ...)
NOT-FOR-US: PrestaShop
CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...)
@@ -12289,8 +12334,7 @@ CVE-2022-48343 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerab
NOT-FOR-US: JetBrains TeamCity
CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2023-26463
- RESERVED
+CVE-2023-26463 (strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution be ...)
- strongswan 5.9.8-4
[bullseye] - strongswan <not-affected> (Vulnerable code not present)
[buster] - strongswan <not-affected> (Vulnerable code not present)
@@ -14982,8 +15026,8 @@ CVE-2023-25599
RESERVED
CVE-2023-25598
RESERVED
-CVE-2023-25597
- RESERVED
+CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
+ TODO: check
CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
NOT-FOR-US: Aruba
CVE-2023-25595 (A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allo ...)
@@ -16731,8 +16775,8 @@ CVE-2023-24936
RESERVED
CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2023-24934
- RESERVED
+CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2023-24933
RESERVED
CVE-2023-24932
@@ -17617,8 +17661,7 @@ CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability. Successf
NOT-FOR-US: Huawei
CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation vulne ...)
NOT-FOR-US: Huawei
-CVE-2023-24607 [When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string]
- RESERVED
+CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string when t ...)
- qtbase-opensource-src 5.15.8+dfsg-3 (bug #1031872)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -23770,10 +23813,10 @@ CVE-2014-125046 (A vulnerability, which was classified as critical, was found in
NOT-FOR-US: Seiji42 cub-scout-tracker
CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...)
- ghidra <itp> (bug #923851)
-CVE-2023-22670
- RESERVED
-CVE-2023-22669
- RESERVED
+CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading procedure ...)
+ TODO: check
+CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...)
+ TODO: check
CVE-2023-22668
RESERVED
CVE-2023-22667
@@ -24836,10 +24879,10 @@ CVE-2022-4819 (A vulnerability was found in HotCRP. It has been rated as problem
NOT-FOR-US: HotCRP
CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has been d ...)
NOT-FOR-US: Talend Open Studio for MDM
-CVE-2022-48178
- RESERVED
-CVE-2022-48177
- RESERVED
+CVE-2022-48178 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a st ...)
+ TODO: check
+CVE-2022-48177 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a re ...)
+ TODO: check
CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7 ...)
NOT-FOR-US: Netgear
CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execution ( ...)
@@ -28039,8 +28082,8 @@ CVE-2023-21825 (Vulnerability in the Oracle iSupplier Portal product of Oracle E
NOT-FOR-US: Oracle
CVE-2023-21824 (Vulnerability in the Oracle Communications BRM - Elastic Charging Engi ...)
NOT-FOR-US: Oracle
-CVE-2022-47522
- RESERVED
+CVE-2022-47522 (The IEEE 802.11 specifications through 802.11ax allow physically proxi ...)
+ TODO: check
CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...)
{DLA-3244-1}
- linux 6.0.12-1
@@ -30224,8 +30267,8 @@ CVE-2022-46888 (Multiple reflective cross-site scripting (XSS) vulnerabilities i
NOT-FOR-US: NexusPHP
CVE-2022-46887 (Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow ...)
NOT-FOR-US: NexusPHP
-CVE-2022-46886
- RESERVED
+CVE-2022-46886 (There exists an open redirect within the response list update function ...)
+ TODO: check
CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ...)
- firefox 106.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46885
@@ -36096,8 +36139,8 @@ CVE-2022-45032
RESERVED
CVE-2022-45031
RESERVED
-CVE-2022-45030
- RESERVED
+CVE-2022-45030 (A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHand ...)
+ TODO: check
CVE-2022-45029
RESERVED
CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...)
@@ -37900,7 +37943,7 @@ CVE-2022-44701
RESERVED
CVE-2022-44700
RESERVED
-CVE-2022-44699 (Azure Network Watcher Agent Security Feature Bypass Vulnerability. ...)
+CVE-2022-44699 (Azure Network Watcher Agent Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
@@ -37924,7 +37967,7 @@ CVE-2022-44689 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege
NOT-FOR-US: Microsoft
CVE-2022-44688 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2022-44687 (Raw Image Extension Remote Code Execution Vulnerability. ...)
+CVE-2022-44687 (Raw Image Extension Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-44686
RESERVED
@@ -42222,14 +42265,14 @@ CVE-2022-43701
RESERVED
CVE-2022-43700
RESERVED
-CVE-2022-43699
- RESERVED
-CVE-2022-43698
- RESERVED
-CVE-2022-43697
- RESERVED
-CVE-2022-43696
- RESERVED
+CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...)
+ TODO: check
+CVE-2022-43698 (OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 a ...)
+ TODO: check
+CVE-2022-43697 (OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking a ...)
+ TODO: check
+CVE-2022-43696 (OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. ...)
+ TODO: check
CVE-2022-43695 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43694 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18e5b3988d3dedca06c1e66f013e012d22f8ed2d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18e5b3988d3dedca06c1e66f013e012d22f8ed2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230415/b38c8f18/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list