[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 2 08:10:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4c2183a by security tracker role at 2023-02-02T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-25018
+ RESERVED
+CVE-2023-25017
+ RESERVED
+CVE-2023-25016
+ RESERVED
+CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...)
+ TODO: check
+CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
+ TODO: check
+CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
+ TODO: check
+CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...)
+ TODO: check
+CVE-2023-25011
+ RESERVED
+CVE-2023-25010
+ RESERVED
+CVE-2023-25009
+ RESERVED
+CVE-2023-25008
+ RESERVED
+CVE-2023-25007
+ RESERVED
+CVE-2023-25006
+ RESERVED
+CVE-2023-25005
+ RESERVED
+CVE-2023-25004
+ RESERVED
+CVE-2023-25003
+ RESERVED
+CVE-2023-25002
+ RESERVED
+CVE-2023-25001
+ RESERVED
+CVE-2023-0634
+ RESERVED
+CVE-2023-0633
+ RESERVED
+CVE-2023-0632
+ RESERVED
+CVE-2023-0631
+ RESERVED
+CVE-2023-0630
+ RESERVED
+CVE-2023-0629
+ RESERVED
+CVE-2023-0628
+ RESERVED
+CVE-2023-0627
+ RESERVED
+CVE-2023-0626
+ RESERVED
+CVE-2023-0625
+ RESERVED
+CVE-2023-0624
+ RESERVED
+CVE-2023-0623
+ RESERVED
+CVE-2023-0622
+ RESERVED
+CVE-2023-0621
+ RESERVED
+CVE-2023-0620
+ RESERVED
CVE-2023-25000
RESERVED
CVE-2023-24999
@@ -394,8 +460,8 @@ CVE-2023-24834
RESERVED
CVE-2023-0600
RESERVED
-CVE-2023-0599
- RESERVED
+CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
+ TODO: check
CVE-2023-0598
RESERVED
CVE-2023-0597
@@ -3316,10 +3382,10 @@ CVE-2023-23753
RESERVED
CVE-2023-23752
RESERVED
-CVE-2023-23751
- RESERVED
-CVE-2023-23750
- RESERVED
+CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...)
+ TODO: check
+CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...)
+ TODO: check
CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & ...)
NOT-FOR-US: Joomla! extension
CVE-2023-23748
@@ -4175,9 +4241,9 @@ CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.
CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...)
TODO: check
CVE-2023-22287
- RESERVED
+ REJECTED
CVE-2023-22284
- RESERVED
+ REJECTED
CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vuln ...)
TODO: check
CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
@@ -9054,8 +9120,8 @@ CVE-2022-47874
RESERVED
CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...)
NOT-FOR-US: Netcad KEOS
-CVE-2022-47872
- RESERVED
+CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request forgery ( ...)
+ TODO: check
CVE-2022-47871
RESERVED
CVE-2022-47870
@@ -16387,10 +16453,10 @@ CVE-2022-45785
RESERVED
CVE-2022-45784
RESERVED
-CVE-2022-45783
- RESERVED
-CVE-2022-45782
- RESERVED
+CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...)
+ TODO: check
+CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...)
+ TODO: check
CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...)
NOT-FOR-US: WordPress theme
CVE-2022-4113
@@ -18613,8 +18679,8 @@ CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitis
NOT-FOR-US: WordPress plugin
CVE-2022-3914
RESERVED
-CVE-2022-3913
- RESERVED
+CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to v ...)
+ TODO: check
CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + m ...)
@@ -36873,8 +36939,8 @@ CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior
NOT-FOR-US: Fuji
CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
NOT-FOR-US: GE CIMPICITY
-CVE-2022-3083
- RESERVED
+CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Re ...)
+ TODO: check
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...)
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
@@ -42956,10 +43022,10 @@ CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_n
NOTE: https://github.com/FRRouting/frr/issues/11698
NOTE: https://github.com/FRRouting/frr/pull/11926
NOTE: https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee
-CVE-2022-37034
- RESERVED
-CVE-2022-37033
- RESERVED
+CVE-2022-37034 (In dotCMS 5.x-22.06, it is possible to call the TempResource multiple ...)
+ TODO: check
+CVE-2022-37033 (In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary f ...)
+ TODO: check
CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...)
{DLA-3211-1}
- frr 8.4.1-1 (bug #1021016)
@@ -53082,8 +53148,8 @@ CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_serv
NOT-FOR-US: Robustel R1510
CVE-2022-33324 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-33323
- RESERVED
+CVE-2022-33323 (Active Debug Code vulnerability in robot controller of Mitsubishi Elec ...)
+ TODO: check
CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consumer ele ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability due to t ...)
@@ -58543,10 +58609,10 @@ CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs func
NOT-FOR-US: EVE-NG
CVE-2022-31365
RESERVED
-CVE-2022-31364
- RESERVED
-CVE-2022-31363
- RESERVED
+CVE-2022-31364 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...)
+ TODO: check
+CVE-2022-31363 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...)
+ TODO: check
CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
NOT-FOR-US: Docebo
CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
@@ -60063,8 +60129,8 @@ CVE-2022-30906
RESERVED
CVE-2022-30905
RESERVED
-CVE-2022-30904
- RESERVED
+CVE-2022-30904 (In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vul ...)
+ TODO: check
CVE-2022-30903 (Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA ...)
NOT-FOR-US: Nokia "G-2425G-A" Bharti Airtel Routers Hardware
CVE-2022-30902
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4c2183a89664ad70ad66465c98dca3f6c2626eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4c2183a89664ad70ad66465c98dca3f6c2626eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230202/3db55317/attachment.htm>
More information about the debian-security-tracker-commits
mailing list