[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 1 20:10:30 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95b09bc6 by security tracker role at 2023-02-01T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,72 @@
-CVE-2023-24997
+CVE-2023-25000
RESERVED
- NOT-FOR-US: Apache InLong
-CVE-2023-24977
+CVE-2023-24999
+ RESERVED
+CVE-2023-24998
+ RESERVED
+CVE-2023-24996
+ RESERVED
+CVE-2023-24995
+ RESERVED
+CVE-2023-24994
+ RESERVED
+CVE-2023-24993
+ RESERVED
+CVE-2023-24992
+ RESERVED
+CVE-2023-24991
+ RESERVED
+CVE-2023-24990
+ RESERVED
+CVE-2023-24989
+ RESERVED
+CVE-2023-24988
+ RESERVED
+CVE-2023-24987
+ RESERVED
+CVE-2023-24986
+ RESERVED
+CVE-2023-24985
+ RESERVED
+CVE-2023-24984
+ RESERVED
+CVE-2023-24983
+ RESERVED
+CVE-2023-24982
+ RESERVED
+CVE-2023-24981
RESERVED
+CVE-2023-24980
+ RESERVED
+CVE-2023-24979
+ RESERVED
+CVE-2023-24978
+ RESERVED
+CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...)
+ TODO: check
+CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...)
+ TODO: check
+CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...)
+ TODO: check
+CVE-2023-0616
+ RESERVED
+CVE-2023-0615
+ RESERVED
+CVE-2023-0614
+ RESERVED
+CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...)
+ TODO: check
+CVE-2023-0612 (A vulnerability, which was classified as critical, was found in TRENDn ...)
+ TODO: check
+CVE-2023-0611 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
+ TODO: check
+CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
+ TODO: check
+CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...)
+ NOT-FOR-US: Apache InLong
+CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation Apache ...)
NOT-FOR-US: Apache InLong
CVE-2023-24976
RESERVED
@@ -837,8 +901,8 @@ CVE-2023-24612 (The PdfBook extension through 2.0.5 before b07b6a64 for MediaWik
NOT-FOR-US: MediaWiki PdfBook extension
CVE-2023-24611
RESERVED
-CVE-2023-24610
- RESERVED
+CVE-2023-24610 (NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrar ...)
+ TODO: check
CVE-2023-24609
RESERVED
CVE-2023-24608
@@ -2616,8 +2680,8 @@ CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart
NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/51a30d7b406af95c4143560d9753cf0b6d2151f5 (v2.9.6)
NOTE: Issue relates to CVE-2022-39956 but considered independent change to ModSecurity (C
NOTE: language) codebase.
-CVE-2023-23969
- RESERVED
+CVE-2023-23969 (In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...)
+ {DLA-3306-1}
- python-django 3:3.2.17-1 (bug #1030251)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4
NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17)
@@ -3413,8 +3477,8 @@ CVE-2023-23694
RESERVED
CVE-2023-23693
RESERVED
-CVE-2023-23692
- RESERVED
+CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection ...)
+ TODO: check
CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...)
NOT-FOR-US: EMC
CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...)
@@ -3970,12 +4034,12 @@ CVE-2023-23557
RESERVED
CVE-2023-23556
RESERVED
-CVE-2023-23555
- RESERVED
+CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...)
+ TODO: check
CVE-2023-23553
RESERVED
-CVE-2023-23552
- RESERVED
+CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 bef ...)
+ TODO: check
CVE-2023-23551
RESERVED
CVE-2023-23543
@@ -4080,40 +4144,40 @@ CVE-2023-23494
RESERVED
CVE-2023-23493
RESERVED
-CVE-2023-22842
- RESERVED
-CVE-2023-22839
- RESERVED
-CVE-2023-22664
- RESERVED
-CVE-2023-22657
- RESERVED
-CVE-2023-22422
- RESERVED
-CVE-2023-22418
- RESERVED
-CVE-2023-22374
- RESERVED
-CVE-2023-22358
- RESERVED
-CVE-2023-22341
- RESERVED
-CVE-2023-22340
- RESERVED
-CVE-2023-22326
- RESERVED
-CVE-2023-22323
- RESERVED
-CVE-2023-22302
- RESERVED
+CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14. ...)
+ TODO: check
+CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...)
+ TODO: check
+CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...)
+ TODO: check
+CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginn ...)
+ TODO: check
+CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...)
+ TODO: check
+CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
+ TODO: check
+CVE-2023-22374 (In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, a ...)
+ TODO: check
+CVE-2023-22358 (In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vu ...)
+ TODO: check
+CVE-2023-22341 (On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when th ...)
+ TODO: check
+CVE-2023-22340 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1. ...)
+ TODO: check
+CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...)
+ TODO: check
+CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...)
+ TODO: check
+CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...)
+ TODO: check
CVE-2023-22287
RESERVED
CVE-2023-22284
RESERVED
-CVE-2023-22283
- RESERVED
-CVE-2023-22281
- RESERVED
+CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vuln ...)
+ TODO: check
+CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
+ TODO: check
CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...)
{DSA-5324-1}
- linux 6.1.7-1
@@ -4200,8 +4264,8 @@ CVE-2023-23471
RESERVED
CVE-2023-23470
RESERVED
-CVE-2023-23469
- RESERVED
+CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...)
+ TODO: check
CVE-2023-23468
RESERVED
CVE-2023-23467
@@ -4963,28 +5027,28 @@ CVE-2023-23138
RESERVED
CVE-2023-23137
RESERVED
-CVE-2023-23136
- RESERVED
-CVE-2023-23135
- RESERVED
+CVE-2023-23136 (lmxcms v1.41 was discovered to contain an arbitrary file deletion vuln ...)
+ TODO: check
+CVE-2023-23135 (An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attacker ...)
+ TODO: check
CVE-2023-23134
RESERVED
CVE-2023-23133
RESERVED
-CVE-2023-23132
- RESERVED
-CVE-2023-23131
- RESERVED
-CVE-2023-23130
- RESERVED
+CVE-2023-23132 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclos ...)
+ TODO: check
+CVE-2023-23131 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transpor ...)
+ TODO: check
+CVE-2023-23130 (Connectwise Automate 2022.11 is vulnerable to Cleartext authentication ...)
+ TODO: check
CVE-2023-23129
RESERVED
-CVE-2023-23128
- RESERVED
-CVE-2023-23127
- RESERVED
-CVE-2023-23126
- RESERVED
+CVE-2023-23128 (Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Reso ...)
+ TODO: check
+CVE-2023-23127 (In Connectwise Control 22.8.10013.8329, the login page does not implem ...)
+ TODO: check
+CVE-2023-23126 (Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login ...)
+ TODO: check
CVE-2023-23125
RESERVED
CVE-2023-23124
@@ -5130,18 +5194,18 @@ CVE-2023-23080
RESERVED
CVE-2023-23079
RESERVED
-CVE-2023-23078
- RESERVED
-CVE-2023-23077
- RESERVED
-CVE-2023-23076
- RESERVED
-CVE-2023-23075
- RESERVED
-CVE-2023-23074
- RESERVED
-CVE-2023-23073
- RESERVED
+CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
+ TODO: check
+CVE-2023-23077 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
+ TODO: check
+CVE-2023-23076 (OS Command injection vulnerability in Support Center Plus 11 via Execu ...)
+ TODO: check
+CVE-2023-23075 (Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 vi ...)
+ TODO: check
+CVE-2023-23074 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
+ TODO: check
+CVE-2023-23073 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
+ TODO: check
CVE-2023-23072
RESERVED
CVE-2023-23071
@@ -7006,14 +7070,14 @@ CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been ra
NOT-FOR-US: OpenResolve
CVE-2023-22576
RESERVED
-CVE-2023-22575
- RESERVED
-CVE-2023-22574
- RESERVED
-CVE-2023-22573
- RESERVED
-CVE-2023-22572
- RESERVED
+CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
+ TODO: check
+CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
+ TODO: check
+CVE-2023-22573 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitiv ...)
+ TODO: check
+CVE-2023-22572 (Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitiv ...)
+ TODO: check
CVE-2023-0032
RESERVED
CVE-2023-0031
@@ -7236,8 +7300,8 @@ CVE-2023-22503
RESERVED
CVE-2023-22502
RESERVED
-CVE-2023-22501
- RESERVED
+CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service Managem ...)
+ TODO: check
CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twak ...)
NOT-FOR-US: linagora/Twake
CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot ...)
@@ -7739,10 +7803,10 @@ CVE-2022-48096
RESERVED
CVE-2022-48095
RESERVED
-CVE-2022-48094
- RESERVED
-CVE-2022-48093
- RESERVED
+CVE-2022-48094 (lmxcms v1.41 was discovered to contain an arbitrary file read vulnerab ...)
+ TODO: check
+CVE-2022-48093 (Seacms v12.7 was discovered to contain a remote code execution (RCE) v ...)
+ TODO: check
CVE-2022-48092
RESERVED
CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site ...)
@@ -8001,8 +8065,8 @@ CVE-2022-47985
RESERVED
CVE-2022-47984
RESERVED
-CVE-2022-47983
- RESERVED
+CVE-2022-47983 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2022-47982
RESERVED
CVE-2022-47981
@@ -8445,7 +8509,7 @@ CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45
NOTE: Different issue than CVE-2018-6556
CVE-2022-47951 (An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before ...)
- {DLA-3302-1 DLA-3301-1 DLA-3300-1}
+ {DSA-5338-1 DSA-5337-1 DSA-5336-1 DLA-3302-1 DLA-3301-1 DLA-3300-1}
- nova 2:26.0.0-6 (bug #1029561)
- cinder 2:21.0.0-3 (bug #1029562)
- glance 2:25.0.0-2 (bug #1029563)
@@ -9296,14 +9360,14 @@ CVE-2022-47719
RESERVED
CVE-2022-47718
RESERVED
-CVE-2022-47717
- RESERVED
+CVE-2022-47717 (Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CO ...)
+ TODO: check
CVE-2022-47716
RESERVED
-CVE-2022-47715
- RESERVED
-CVE-2022-47714
- RESERVED
+CVE-2022-47715 (In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted t ...)
+ TODO: check
+CVE-2022-47714 (Last Yard 22.09.8-1 does not enforce HSTS headers ...)
+ TODO: check
CVE-2022-47713
RESERVED
CVE-2022-47712
@@ -10710,7 +10774,7 @@ CVE-2023-21845 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5331-1}
+ {DSA-5335-1 DSA-5331-1}
- openjdk-8 8u362-ga-1
- openjdk-11 11.0.18+10-1
- openjdk-17 17.0.6+10-1
@@ -10730,7 +10794,7 @@ CVE-2023-21837 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.32-1 (bug #1029151)
CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5331-1}
+ {DSA-5335-1 DSA-5331-1}
- openjdk-11 11.0.18+10-1
- openjdk-17 17.0.6+10-1
- openjdk-21 21~7ea-1
@@ -12573,10 +12637,10 @@ CVE-2022-47005
RESERVED
CVE-2022-47004
RESERVED
-CVE-2022-47003
- RESERVED
-CVE-2022-47002
- RESERVED
+CVE-2022-47003 (A vulnerability in the Remember Me function of Mura CMS before v10.0.5 ...)
+ TODO: check
+CVE-2022-47002 (A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and ...)
+ TODO: check
CVE-2022-47001
RESERVED
CVE-2022-47000
@@ -12711,8 +12775,8 @@ CVE-2022-46936
RESERVED
CVE-2022-46935
RESERVED
-CVE-2022-46934
- RESERVED
+CVE-2022-46934 (kkFileView v4.1.0 was discovered to contain a cross-site scripting (XS ...)
+ TODO: check
CVE-2022-46933
RESERVED
CVE-2022-46932
@@ -14689,8 +14753,7 @@ CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4
NOT-FOR-US: WordPress plugin
CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE from 13 ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2022-4254 [libsss_certmap fails to sanitise certificate data used in LDAP filters]
- RESERVED
+CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...)
- sssd 2.3.1-1
[bullseye] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894
@@ -16633,7 +16696,7 @@ CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via
NOT-FOR-US: Tenda
CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...)
NOT-FOR-US: Tenda
-CVE-2022-45639 (OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows ...)
+CVE-2022-45639 (** DISPUTED ** OS Command injection vulnerability in sleuthkit fls too ...)
TODO: check
CVE-2022-45638
RESERVED
@@ -24296,8 +24359,8 @@ CVE-2022-43924
RESERVED
CVE-2022-43923
RESERVED
-CVE-2022-43922
- RESERVED
+CVE-2022-43922 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...)
+ TODO: check
CVE-2022-43921
RESERVED
CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...)
@@ -36090,7 +36153,7 @@ CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1 (bug #1024016)
CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5331-1}
+ {DSA-5335-1 DSA-5331-1}
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
@@ -95435,7 +95498,7 @@ CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of O
CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5331-1}
+ {DSA-5335-1 DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -95451,7 +95514,7 @@ CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1 (bug #1024016)
CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5331-1}
+ {DSA-5335-1 DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -95467,12 +95530,13 @@ CVE-2022-21620 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
- virtualbox 6.1.40-dfsg-1
NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5331-1}
+ {DSA-5335-1 DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5335-1}
- openjdk-17 17.0.5+8-1
CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1 (bug #1024016)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b09bc604b16b7fc63faa07cbe742a2d76984eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b09bc604b16b7fc63faa07cbe742a2d76984eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/a86c6dc0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list