[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 1 08:10:27 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b64ece5 by security tracker role at 2023-02-01T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,283 @@
+CVE-2023-24977
+ RESERVED
+CVE-2023-24976
+ RESERVED
+CVE-2023-24975
+ RESERVED
+CVE-2023-24974
+ RESERVED
+CVE-2023-24973
+ RESERVED
+CVE-2023-24972
+ RESERVED
+CVE-2023-24971
+ RESERVED
+CVE-2023-24970
+ RESERVED
+CVE-2023-24969
+ RESERVED
+CVE-2023-24968
+ RESERVED
+CVE-2023-24967
+ RESERVED
+CVE-2023-24966
+ RESERVED
+CVE-2023-24965
+ RESERVED
+CVE-2023-24964
+ RESERVED
+CVE-2023-24963
+ RESERVED
+CVE-2023-24962
+ RESERVED
+CVE-2023-24961
+ RESERVED
+CVE-2023-24960
+ RESERVED
+CVE-2023-24959
+ RESERVED
+CVE-2023-24958
+ RESERVED
+CVE-2023-24957
+ RESERVED
+CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
+ TODO: check
+CVE-2023-24955
+ RESERVED
+CVE-2023-24954
+ RESERVED
+CVE-2023-24953
+ RESERVED
+CVE-2023-24952
+ RESERVED
+CVE-2023-24951
+ RESERVED
+CVE-2023-24950
+ RESERVED
+CVE-2023-24949
+ RESERVED
+CVE-2023-24948
+ RESERVED
+CVE-2023-24947
+ RESERVED
+CVE-2023-24946
+ RESERVED
+CVE-2023-24945
+ RESERVED
+CVE-2023-24944
+ RESERVED
+CVE-2023-24943
+ RESERVED
+CVE-2023-24942
+ RESERVED
+CVE-2023-24941
+ RESERVED
+CVE-2023-24940
+ RESERVED
+CVE-2023-24939
+ RESERVED
+CVE-2023-24938
+ RESERVED
+CVE-2023-24937
+ RESERVED
+CVE-2023-24936
+ RESERVED
+CVE-2023-24935
+ RESERVED
+CVE-2023-24934
+ RESERVED
+CVE-2023-24933
+ RESERVED
+CVE-2023-24932
+ RESERVED
+CVE-2023-24931
+ RESERVED
+CVE-2023-24930
+ RESERVED
+CVE-2023-24929
+ RESERVED
+CVE-2023-24928
+ RESERVED
+CVE-2023-24927
+ RESERVED
+CVE-2023-24926
+ RESERVED
+CVE-2023-24925
+ RESERVED
+CVE-2023-24924
+ RESERVED
+CVE-2023-24923
+ RESERVED
+CVE-2023-24922
+ RESERVED
+CVE-2023-24921
+ RESERVED
+CVE-2023-24920
+ RESERVED
+CVE-2023-24919
+ RESERVED
+CVE-2023-24918
+ RESERVED
+CVE-2023-24917
+ RESERVED
+CVE-2023-24916
+ RESERVED
+CVE-2023-24915
+ RESERVED
+CVE-2023-24914
+ RESERVED
+CVE-2023-24913
+ RESERVED
+CVE-2023-24912
+ RESERVED
+CVE-2023-24911
+ RESERVED
+CVE-2023-24910
+ RESERVED
+CVE-2023-24909
+ RESERVED
+CVE-2023-24908
+ RESERVED
+CVE-2023-24907
+ RESERVED
+CVE-2023-24906
+ RESERVED
+CVE-2023-24905
+ RESERVED
+CVE-2023-24904
+ RESERVED
+CVE-2023-24903
+ RESERVED
+CVE-2023-24902
+ RESERVED
+CVE-2023-24901
+ RESERVED
+CVE-2023-24900
+ RESERVED
+CVE-2023-24899
+ RESERVED
+CVE-2023-24898
+ RESERVED
+CVE-2023-24897
+ RESERVED
+CVE-2023-24896
+ RESERVED
+CVE-2023-24895
+ RESERVED
+CVE-2023-24894
+ RESERVED
+CVE-2023-24893
+ RESERVED
+CVE-2023-24892
+ RESERVED
+CVE-2023-24891
+ RESERVED
+CVE-2023-24890
+ RESERVED
+CVE-2023-24889
+ RESERVED
+CVE-2023-24888
+ RESERVED
+CVE-2023-24887
+ RESERVED
+CVE-2023-24886
+ RESERVED
+CVE-2023-24885
+ RESERVED
+CVE-2023-24884
+ RESERVED
+CVE-2023-24883
+ RESERVED
+CVE-2023-24882
+ RESERVED
+CVE-2023-24881
+ RESERVED
+CVE-2023-24880
+ RESERVED
+CVE-2023-24879
+ RESERVED
+CVE-2023-24878
+ RESERVED
+CVE-2023-24877
+ RESERVED
+CVE-2023-24876
+ RESERVED
+CVE-2023-24875
+ RESERVED
+CVE-2023-24874
+ RESERVED
+CVE-2023-24873
+ RESERVED
+CVE-2023-24872
+ RESERVED
+CVE-2023-24871
+ RESERVED
+CVE-2023-24870
+ RESERVED
+CVE-2023-24869
+ RESERVED
+CVE-2023-24868
+ RESERVED
+CVE-2023-24867
+ RESERVED
+CVE-2023-24866
+ RESERVED
+CVE-2023-24865
+ RESERVED
+CVE-2023-24864
+ RESERVED
+CVE-2023-24863
+ RESERVED
+CVE-2023-24862
+ RESERVED
+CVE-2023-24861
+ RESERVED
+CVE-2023-24860
+ RESERVED
+CVE-2023-24859
+ RESERVED
+CVE-2023-24858
+ RESERVED
+CVE-2023-24857
+ RESERVED
+CVE-2023-24856
+ RESERVED
+CVE-2023-24016
+ RESERVED
+CVE-2023-23910
+ RESERVED
+CVE-2023-23909
+ RESERVED
+CVE-2023-23569
+ RESERVED
+CVE-2023-22447
+ RESERVED
+CVE-2023-22446
+ RESERVED
+CVE-2023-22443
+ RESERVED
+CVE-2023-22442
+ RESERVED
+CVE-2023-22440
+ RESERVED
+CVE-2023-22276
+ RESERVED
+CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...)
+ TODO: check
+CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...)
+ TODO: check
+CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...)
+ TODO: check
+CVE-2023-0605
+ RESERVED
+CVE-2023-0604
+ RESERVED
+CVE-2023-0603
+ RESERVED
+CVE-2023-0602
+ RESERVED
+CVE-2023-0601
+ RESERVED
CVE-2023-24855
RESERVED
CVE-2023-24854
@@ -79,14 +359,14 @@ CVE-2023-24833
RESERVED
CVE-2023-24832
RESERVED
-CVE-2023-0587
- RESERVED
+CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...)
+ TODO: check
CVE-2023-0586
RESERVED
CVE-2023-0585
RESERVED
-CVE-2016-15023
- RESERVED
+CVE-2016-15023 (A vulnerability, which was classified as problematic, was found in Sit ...)
+ TODO: check
CVE-2023-24831
RESERVED
CVE-2023-24828
@@ -779,8 +1059,8 @@ CVE-2023-22311
RESERVED
CVE-2023-0525
RESERVED
-CVE-2023-0524
- RESERVED
+CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...)
+ TODO: check
CVE-2023-0523
RESERVED
CVE-2023-0522
@@ -1186,8 +1466,8 @@ CVE-2023-0456
RESERVED
CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...)
NOT-FOR-US: unilogies/bumsys
-CVE-2023-0454
- RESERVED
+CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
+ TODO: check
CVE-2023-0453
RESERVED
CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...)
@@ -1672,8 +1952,8 @@ CVE-2023-24243
RESERVED
CVE-2023-24242
RESERVED
-CVE-2023-24241
- RESERVED
+CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
+ TODO: check
CVE-2023-24240
RESERVED
CVE-2023-24239
@@ -2414,16 +2694,16 @@ CVE-2023-23930
RESERVED
CVE-2023-23929
RESERVED
-CVE-2023-23928
- RESERVED
+CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...)
+ TODO: check
CVE-2023-23927
RESERVED
CVE-2023-23926
RESERVED
CVE-2023-23925
RESERVED
-CVE-2023-23924
- RESERVED
+CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...)
+ TODO: check
CVE-2023-23923
RESERVED
- moodle <removed>
@@ -2589,8 +2869,8 @@ CVE-2023-23848
RESERVED
CVE-2023-23847
RESERVED
-CVE-2023-23846
- RESERVED
+CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...)
+ TODO: check
CVE-2023-23845
RESERVED
CVE-2023-23844
@@ -3069,8 +3349,7 @@ CVE-2023-23699
RESERVED
CVE-2023-0342
RESERVED
-CVE-2023-0341 [potential buffer overflow in ec_glob]
- RESERVED
+CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
- editorconfig-core 0.12.6-0.1
[bullseye] - editorconfig-core <no-dsa> (Minor issue)
NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87
@@ -3284,8 +3563,8 @@ CVE-2023-23632
RESERVED
CVE-2023-23631
RESERVED
-CVE-2023-23630
- RESERVED
+CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...)
+ TODO: check
CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...)
NOT-FOR-US: Metabase
CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions ...)
@@ -5666,8 +5945,8 @@ CVE-2023-0117
RESERVED
CVE-2023-0116
RESERVED
-CVE-2023-0115
- RESERVED
+CVE-2023-0115 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+ TODO: check
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...)
NOT-FOR-US: CapsAdmin PAC3
CVE-2021-4309 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -7317,8 +7596,8 @@ CVE-2022-48163
RESERVED
CVE-2022-48162
RESERVED
-CVE-2022-48161
- RESERVED
+CVE-2022-48161 (Easy Images v2.0 was discovered to contain an arbitrary file download ...)
+ TODO: check
CVE-2022-48160
RESERVED
CVE-2022-48159
@@ -8696,8 +8975,8 @@ CVE-2022-47875
RESERVED
CVE-2022-47874
RESERVED
-CVE-2022-47873
- RESERVED
+CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...)
+ TODO: check
CVE-2022-47872
RESERVED
CVE-2022-47871
@@ -8902,12 +9181,12 @@ CVE-2022-47772
RESERVED
CVE-2022-47771
RESERVED
-CVE-2022-47770
- RESERVED
-CVE-2022-47769
- RESERVED
-CVE-2022-47768
- RESERVED
+CVE-2022-47770 (Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Una ...)
+ TODO: check
+CVE-2022-47769 (An arbitrary file write vulnerability in Serenissima Informatica Fast ...)
+ TODO: check
+CVE-2022-47768 (Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Tr ...)
+ TODO: check
CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web ...)
NOT-FOR-US: Solar-Log
CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload vulnerabili ...)
@@ -13062,8 +13341,8 @@ CVE-2022-46758
RESERVED
CVE-2022-46757
RESERVED
-CVE-2022-46756
- RESERVED
+CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...)
+ TODO: check
CVE-2022-46755
RESERVED
CVE-2022-46754
@@ -13359,8 +13638,8 @@ CVE-2022-46681
RESERVED
CVE-2022-46680
RESERVED
-CVE-2022-46679
- RESERVED
+CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
+ TODO: check
CVE-2022-46678
RESERVED
CVE-2022-46677
@@ -14624,8 +14903,7 @@ CVE-2022-46281
RESERVED
CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
-CVE-2022-4206
- RESERVED
+CVE-2022-4206 (A sensitive information leak issue has been discovered in all versions ...)
- gitlab <unfixed>
CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a ...)
- gitlab <unfixed>
@@ -16634,8 +16912,8 @@ CVE-2022-45496
RESERVED
CVE-2022-45495
RESERVED
-CVE-2022-45494
- RESERVED
+CVE-2022-45494 (Buffer overflow vulnerability in function json_parse_object in sheredo ...)
+ TODO: check
CVE-2022-45493
RESERVED
CVE-2022-45492
@@ -16774,8 +17052,8 @@ CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote
NOT-FOR-US: Tiny File Manager
CVE-2022-4063 (The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4062
- RESERVED
+CVE-2022-4062 (A CWE-285: Improper Authorization vulnerability exists that could caus ...)
+ TODO: check
CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...)
NOT-FOR-US: drachtio-server
CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...)
@@ -17580,8 +17858,8 @@ CVE-2022-45299 (An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.
TODO: check
CVE-2022-45298
RESERVED
-CVE-2022-45297
- RESERVED
+CVE-2022-45297 (EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
CVE-2022-45296
RESERVED
CVE-2022-45295
@@ -18166,22 +18444,22 @@ CVE-2022-45104
RESERVED
CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...)
NOT-FOR-US: Dell
-CVE-2022-45102
- RESERVED
-CVE-2022-45101
- RESERVED
-CVE-2022-45100
- RESERVED
-CVE-2022-45099
- RESERVED
-CVE-2022-45098
- RESERVED
-CVE-2022-45097
- RESERVED
-CVE-2022-45096
- RESERVED
-CVE-2022-45095
- RESERVED
+CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...)
+ TODO: check
+CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling ...)
+ TODO: check
+CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Cert ...)
+ TODO: check
+CVE-2022-45099 (Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding f ...)
+ TODO: check
+CVE-2022-45098 (Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of ...)
+ TODO: check
+CVE-2022-45097 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Manag ...)
+ TODO: check
+CVE-2022-45096 (Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface ...)
+ TODO: check
+CVE-2022-45095 (Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulner ...)
+ TODO: check
CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
NOT-FOR-US: Siemens
CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
@@ -20631,8 +20909,8 @@ CVE-2023-20858
RESERVED
CVE-2023-20857
RESERVED
-CVE-2023-20856
- RESERVED
+CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...)
+ TODO: check
CVE-2023-20855
RESERVED
CVE-2023-20854
@@ -26592,14 +26870,14 @@ CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_or
NOT-FOR-US: Phoenix
CVE-2022-42974
RESERVED
-CVE-2022-42973
- RESERVED
-CVE-2022-42972
- RESERVED
-CVE-2022-42971
- RESERVED
-CVE-2022-42970
- RESERVED
+CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
+ TODO: check
+CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...)
+ TODO: check
+CVE-2022-42971 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ TODO: check
+CVE-2022-42970 (A CWE-306: Missing Authentication for Critical Function The software d ...)
+ TODO: check
CVE-2022-3535
REJECTED
CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...)
@@ -40770,8 +41048,8 @@ CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there a
NOT-FOR-US: Patterson Dental Eaglesoft
CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...)
NOT-FOR-US: Tesla
-CVE-2022-37708
- RESERVED
+CVE-2022-37708 (Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permi ...)
+ TODO: check
CVE-2022-37707
RESERVED
CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local users to ...)
@@ -47318,8 +47596,8 @@ CVE-2022-2331
RESERVED
CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: DLP Endpoint for Windows
-CVE-2022-2329
- RESERVED
+CVE-2022-2329 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
+ TODO: check
CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab from ...)
@@ -49844,10 +50122,10 @@ CVE-2022-34461
RESERVED
CVE-2022-34460 (Prior Dell BIOS versions contain an improper input validation vulnerab ...)
TODO: check
-CVE-2022-34459
- RESERVED
-CVE-2022-34458
- RESERVED
+CVE-2022-34459 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...)
+ TODO: check
+CVE-2022-34458 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...)
+ TODO: check
CVE-2022-34457 (Dell command configuration, version 4.8 and prior, contains improper f ...)
TODO: check
CVE-2022-34456 (Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection ...)
@@ -49876,8 +50154,8 @@ CVE-2022-34445
RESERVED
CVE-2022-34444
RESERVED
-CVE-2022-34443
- RESERVED
+CVE-2022-34443 (Dell Rugged Control Center, versions prior to 4.5, contain an Improper ...)
+ TODO: check
CVE-2022-34442 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
NOT-FOR-US: EMC
CVE-2022-34441 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
@@ -49956,22 +50234,22 @@ CVE-2022-34405 (An improper access control vulnerability was identified in the R
TODO: check
CVE-2022-34404
RESERVED
-CVE-2022-34403
- RESERVED
+CVE-2022-34403 (Dell BIOS contains a Stack based buffer overflow vulnerability. A loca ...)
+ TODO: check
CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service ...)
NOT-FOR-US: Dell
CVE-2022-34401 (Dell BIOS contains a stack based buffer overflow vulnerability. A loca ...)
TODO: check
-CVE-2022-34400
- RESERVED
+CVE-2022-34400 (Dell BIOS contains a heap buffer overflow vulnerability. A local attac ...)
+ TODO: check
CVE-2022-34399 (Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer acc ...)
TODO: check
-CVE-2022-34398
- RESERVED
+CVE-2022-34398 (Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local ...)
+ TODO: check
CVE-2022-34397
RESERVED
-CVE-2022-34396
- RESERVED
+CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earli ...)
+ TODO: check
CVE-2022-34395
RESERVED
CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...)
@@ -53547,8 +53825,8 @@ CVE-2022-2054 (Command Injection in GitHub repository nuitka/nuitka prior to 0.9
NOTE: https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad
CVE-2022-32985 (libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.0 ...)
NOT-FOR-US: Nexans FTTO GigaSwitch
-CVE-2022-32984
- RESERVED
+CVE-2022-32984 (BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain s ...)
+ TODO: check
CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when there i ...)
- knot-resolver <unfixed> (unimportant)
NOTE: Just a clarifying documentation update: https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968
@@ -54791,8 +55069,8 @@ CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability. A
NOT-FOR-US: Dell
CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
-CVE-2022-32482
- RESERVED
+CVE-2022-32482 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...)
NOT-FOR-US: Dell
CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9 ...)
@@ -56437,8 +56715,8 @@ CVE-2022-31904 (EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discove
NOT-FOR-US: EGT-Kommunikationstechnik UG Mediacenter
CVE-2022-31903
RESERVED
-CVE-2022-31902
- RESERVED
+CVE-2022-31902 (Notepad++ v8.4.1 was discovered to contain a stack overflow via the co ...)
+ TODO: check
CVE-2022-31901 (Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4 ...)
TODO: check
CVE-2022-31900
@@ -68239,11 +68517,13 @@ CVE-2022-28044 (Irzip v0.640 was discovered to contain a heap memory corruption
CVE-2022-28043
RESERVED
CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based use-after-fr ...)
+ {DLA-3305-1}
- libstb <unfixed> (bug #1014531)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1289
NOTE: https://github.com/nothings/stb/pull/1297
CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer overflow via th ...)
+ {DLA-3305-1}
- libstb <unfixed> (bug #1014531)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1292
@@ -74037,8 +74317,8 @@ CVE-2022-25919
RESERVED
CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Re ...)
NOT-FOR-US: shescape
-CVE-2022-25916
- RESERVED
+CVE-2022-25916 (Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to C ...)
+ TODO: check
CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...)
NOT-FOR-US: com.google.cloud.tools:jib-core
CVE-2022-25913
@@ -74053,8 +74333,8 @@ CVE-2022-25908 (All versions of the package create-choo-electron are vulnerable
TODO: check
CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Poll ...)
NOT-FOR-US: voodoocreation/ts-deepmerge
-CVE-2022-25906
- RESERVED
+CVE-2022-25906 (All versions of the package is-http2 are vulnerable to Command Injecti ...)
+ TODO: check
CVE-2022-25904 (All versions of package safe-eval are vulnerable to Prototype Pollutio ...)
TODO: check
CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
@@ -79027,8 +79307,8 @@ CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
[stretch] - mruby <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027
NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e
-CVE-2022-24324
- RESERVED
+CVE-2022-24324 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ TODO: check
CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
@@ -99947,6 +100227,7 @@ CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader
NOTE: 16-bin PNM support was added in
NOTE: https://github.com/nothings/stb/commit/8befa752b005da174b2429c1ffaafffe452b2997
CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...)
+ {DLA-3305-1}
- libstb <unfixed> (bug #1014532)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1224
@@ -113924,6 +114205,7 @@ CVE-2021-37791 (MyAdmin v1.0 is affected by an incorrect access control vulnerab
CVE-2021-37790
RESERVED
CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...)
+ {DLA-3305-1}
- libstb <unfixed> (bug #1023693)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1178
@@ -138841,6 +139123,7 @@ CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic
CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk softwar ...)
NOT-FOR-US: ServiceTonic
CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...)
+ {DLA-3305-1}
- libstb 0.0~git20220908.8b5f1f3+ds-1 (bug #1014530)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1108
@@ -151468,8 +151751,8 @@ CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could c
NOT-FOR-US: Schneider Electric
CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22786
- RESERVED
+CVE-2021-22786 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
+ TODO: check
CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
@@ -202091,7 +202374,7 @@ CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvnccli
[jessie] - libvncserver <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
CVE-2020-14395
- RESERVED
+ REJECTED
CVE-2020-14394 (An infinite loop flaw was found in the USB xHCI controller emulation o ...)
- qemu 1:7.1+dfsg-1 (bug #979677)
[bullseye] - qemu <postponed> (Minor issue)
@@ -260548,30 +260831,37 @@ CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6
- php7.0 <removed>
NOTE: https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
CVE-2019-13223 (A reachable assertion in the lookup1_values function in stb_vorbis thr ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13222 (An out-of-bounds read of a global buffer in the draw_line function in ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13221 (A stack buffer overflow in the compute_codewords function in stb_vorbi ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2
CVE-2019-13220 (Use of uninitialized stack variables in the start_decoder function in ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13219 (A NULL pointer dereference in the get_window function in stb_vorbis th ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13218 (Division by zero in the predict_point function in stb_vorbis through 2 ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2
CVE-2019-13217 (A heap buffer overflow in the start_decoder function in stb_vorbis thr ...)
+ {DLA-3305-1}
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
@@ -304931,6 +305221,7 @@ CVE-2018-16983 (NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and
CVE-2018-16982 (Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial ...)
NOT-FOR-US: Open Chinese Convert (OpenCC)
CVE-2018-16981 (stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...)
+ {DLA-3305-1}
- libstb 0.0~git20190617.5.c72a95d-1
NOTE: https://github.com/nothings/stb/issues/656
NOTE: https://github.com/nothings/stb/commit/50b1bfba583b12ceb23ef949567bdd914461e524
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b64ece53f201c74ccdb3d9d559ebaff03b20255
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b64ece53f201c74ccdb3d9d559ebaff03b20255
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/5f0fbc60/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list