[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 4 08:10:22 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6841ce1 by security tracker role at 2023-02-04T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-25189
+ RESERVED
+CVE-2023-25188
+ RESERVED
+CVE-2023-25187
+ RESERVED
+CVE-2023-25186
+ RESERVED
+CVE-2023-25185
+ RESERVED
+CVE-2023-25074
+ RESERVED
+CVE-2023-24590
+ RESERVED
+CVE-2023-24584
+ RESERVED
+CVE-2023-23584
+ RESERVED
+CVE-2023-23576
+ RESERVED
+CVE-2023-23570
+ RESERVED
+CVE-2023-23568
+ RESERVED
+CVE-2023-22439
+ RESERVED
+CVE-2023-22428
+ RESERVED
+CVE-2023-22363
+ RESERVED
+CVE-2023-0672
+ RESERVED
+CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. ...)
+ TODO: check
+CVE-2023-0670
+ RESERVED
+CVE-2023-0669
+ RESERVED
+CVE-2023-0668
+ RESERVED
+CVE-2023-0667
+ RESERVED
+CVE-2023-0666
+ RESERVED
+CVE-2023-0665
+ RESERVED
+CVE-2023-0664
+ RESERVED
+CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 1.0. It ...)
+ TODO: check
+CVE-2022-48311
+ RESERVED
CVE-2023-25173
RESERVED
CVE-2023-25172
@@ -98,17 +150,17 @@ CVE-2023-25132
CVE-2023-25131
RESERVED
CVE-2023-25130
- RESERVED
+ REJECTED
CVE-2023-25129
- RESERVED
+ REJECTED
CVE-2023-25128
- RESERVED
+ REJECTED
CVE-2023-25127
- RESERVED
+ REJECTED
CVE-2023-25126
- RESERVED
+ REJECTED
CVE-2023-25125
- RESERVED
+ REJECTED
CVE-2023-25124
RESERVED
CVE-2023-25123
@@ -215,18 +267,18 @@ CVE-2019-25101
RESERVED
CVE-2018-25080
RESERVED
-CVE-2018-25079
- RESERVED
-CVE-2015-10072
- RESERVED
-CVE-2013-10018
- RESERVED
-CVE-2013-10017
- RESERVED
-CVE-2013-10016
- RESERVED
-CVE-2013-10015
- RESERVED
+CVE-2018-25079 (A vulnerability was found in Segmentio is-url up to 1.2.2. It has been ...)
+ TODO: check
+CVE-2015-10072 (A vulnerability classified as problematic was found in NREL api-umbrel ...)
+ TODO: check
+CVE-2013-10018 (A vulnerability was found in fanzila WebFinance 0.5. It has been decla ...)
+ TODO: check
+CVE-2013-10017 (A vulnerability was found in fanzila WebFinance 0.5. It has been class ...)
+ TODO: check
+CVE-2013-10016 (A vulnerability was found in fanzila WebFinance 0.5 and classified as ...)
+ TODO: check
+CVE-2013-10015 (A vulnerability has been found in fanzila WebFinance 0.5 and classifie ...)
+ TODO: check
CVE-2023-25068
RESERVED
CVE-2023-25067
@@ -935,7 +987,7 @@ CVE-2023-24808
CVE-2023-24807
RESERVED
CVE-2023-24806
- RESERVED
+ REJECTED
CVE-2023-24805
RESERVED
CVE-2023-24804
@@ -2959,8 +3011,8 @@ CVE-2023-24031
RESERVED
CVE-2023-24030
RESERVED
-CVE-2023-24029
- RESERVED
+CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a host admini ...)
+ TODO: check
CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...)
NOT-FOR-US: MISP
CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a netwo ...)
@@ -3192,26 +3244,26 @@ CVE-2023-23943
RESERVED
CVE-2023-23942
RESERVED
-CVE-2023-23941
- RESERVED
-CVE-2023-23940
- RESERVED
+CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...)
+ TODO: check
+CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...)
+ TODO: check
CVE-2023-23939
RESERVED
CVE-2023-23938
RESERVED
-CVE-2023-23937
- RESERVED
+CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
+ TODO: check
CVE-2023-23936
RESERVED
CVE-2023-23935
RESERVED
CVE-2023-23934
RESERVED
-CVE-2023-23933
- RESERVED
-CVE-2023-23932
- RESERVED
+CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...)
+ TODO: check
+CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...)
+ TODO: check
CVE-2023-23931
RESERVED
CVE-2023-23930
@@ -3224,8 +3276,8 @@ CVE-2023-23927
RESERVED
CVE-2023-23926
RESERVED
-CVE-2023-23925
- RESERVED
+CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
+ TODO: check
CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...)
- php-dompdf <undetermined>
NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
@@ -4122,8 +4174,8 @@ CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.2
NOT-FOR-US: OpenMage LTS
CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
NOT-FOR-US: Discourse
-CVE-2023-23615
- RESERVED
+CVE-2023-23615 (Discourse is an open source discussion platform. The embeddable commen ...)
+ TODO: check
CVE-2023-23614 (Pi-hole®'s Web interface (based off of AdminLTE) provides a centr ...)
NOT-FOR-US: Pi-Hole
CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...)
@@ -5647,8 +5699,8 @@ CVE-2023-23084
RESERVED
CVE-2023-23083
RESERVED
-CVE-2023-23082
- RESERVED
+CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Software up ...)
+ TODO: check
CVE-2023-23081
RESERVED
CVE-2023-23080
@@ -6863,8 +6915,8 @@ CVE-2023-22748
RESERVED
CVE-2023-22747
RESERVED
-CVE-2023-22746
- RESERVED
+CVE-2023-22746 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...)
- tpm2-tss <unfixed> (bug #1029369)
[bullseye] - tpm2-tss <no-dsa> (Minor issue)
@@ -8026,8 +8078,8 @@ CVE-2018-25058 (A vulnerability classified as problematic has been found in Twit
NOT-FOR-US: Twitter-Post-Fetcher
CVE-2023-22475 (Canarytokens is an open source tool which helps track activity and act ...)
NOT-FOR-US: canarytokens
-CVE-2023-22474
- RESERVED
+CVE-2023-22474 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
CVE-2023-22473 (Talk-Android enables users to have video & audio calls through Nex ...)
NOT-FOR-US: Talk-Android
CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...)
@@ -8126,8 +8178,8 @@ CVE-2022-48167
RESERVED
CVE-2022-48166
RESERVED
-CVE-2022-48165
- RESERVED
+CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
+ TODO: check
CVE-2022-48164
RESERVED
CVE-2022-48163
@@ -9735,8 +9787,8 @@ CVE-2022-47764
RESERVED
CVE-2022-47763
RESERVED
-CVE-2022-47762
- RESERVED
+CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path Traversal ...)
+ TODO: check
CVE-2022-47761
RESERVED
CVE-2022-47760
@@ -12958,8 +13010,8 @@ CVE-2022-47072
RESERVED
CVE-2022-47071
RESERVED
-CVE-2022-47070
- RESERVED
+CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)
+ TODO: check
CVE-2022-47069
RESERVED
CVE-2022-47068
@@ -17263,8 +17315,8 @@ CVE-2022-45590
RESERVED
CVE-2022-45589
RESERVED
-CVE-2022-45588
- RESERVED
+CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 ...)
+ TODO: check
CVE-2022-45587
RESERVED
CVE-2022-45586
@@ -17447,18 +17499,18 @@ CVE-2022-45498 (An issue in the component tpi_systool_handle(0) (/goform/SysTool
NOT-FOR-US: Tenda
CVE-2022-45497 (Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection ...)
NOT-FOR-US: Tenda
-CVE-2022-45496
- RESERVED
+CVE-2022-45496 (Buffer overflow vulnerability in function json_parse_string in sheredo ...)
+ TODO: check
CVE-2022-45495
RESERVED
CVE-2022-45494 (Buffer overflow vulnerability in function json_parse_object in sheredo ...)
TODO: check
-CVE-2022-45493
- RESERVED
-CVE-2022-45492
- RESERVED
-CVE-2022-45491
- RESERVED
+CVE-2022-45493 (Buffer overflow vulnerability in function json_parse_key in sheredom j ...)
+ TODO: check
+CVE-2022-45492 (Buffer overflow vulnerability in function json_parse_number in sheredo ...)
+ TODO: check
+CVE-2022-45491 (Buffer overflow vulnerability in function json_parse_value in sheredom ...)
+ TODO: check
CVE-2022-45490
RESERVED
CVE-2022-45489
@@ -78022,11 +78074,9 @@ CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to
NOT-FOR-US: Xwiki
CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developmen ...)
NOT-FOR-US: Tuleap
-CVE-2022-24895 [Remove CSRF tokens from storage on successful login]
- RESERVED
+CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 5.4.20+dfsg-1
-CVE-2022-24894 [Remove private headers before storing responses with HttpCache]
- RESERVED
+CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 5.4.20+dfsg-1
CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs. In E ...)
NOT-FOR-US: ESP-IDF
@@ -83045,8 +83095,8 @@ CVE-2022-23500 (TYPO3 is an open source PHP based web content management system.
NOT-FOR-US: Typo3
CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe markup ba ...)
TODO: check
-CVE-2022-23498
- RESERVED
+CVE-2022-23498 (Grafana is an open-source platform for monitoring and observability. W ...)
+ TODO: check
CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configuration f ...)
NOT-FOR-US: FreshRSS
CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6841ce1d510c03d002c64cca3ee94a17acea8be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6841ce1d510c03d002c64cca3ee94a17acea8be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230204/7ebaa6f3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list