[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 7 20:10:52 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e391ba1 by security tracker role at 2023-02-07T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2023-25588
+ RESERVED
+CVE-2023-25587
+ RESERVED
+CVE-2023-25586
+ RESERVED
+CVE-2023-25585
+ RESERVED
+CVE-2023-25584
+ RESERVED
+CVE-2023-25583
+ RESERVED
+CVE-2023-25582
+ RESERVED
+CVE-2023-25581
+ RESERVED
+CVE-2023-25580
+ RESERVED
+CVE-2023-25579
+ RESERVED
+CVE-2023-25578
+ RESERVED
+CVE-2023-25577
+ RESERVED
+CVE-2023-25576
+ RESERVED
+CVE-2023-25575
+ RESERVED
+CVE-2023-25574
+ RESERVED
+CVE-2023-25573
+ RESERVED
+CVE-2023-25572
+ RESERVED
+CVE-2023-25571
+ RESERVED
+CVE-2023-25570
+ RESERVED
+CVE-2023-25569
+ RESERVED
+CVE-2023-25568
+ RESERVED
+CVE-2023-25567
+ RESERVED
+CVE-2023-25566
+ RESERVED
+CVE-2023-25565
+ RESERVED
+CVE-2023-25564
+ RESERVED
+CVE-2023-25563
+ RESERVED
+CVE-2023-25562
+ RESERVED
+CVE-2023-25561
+ RESERVED
+CVE-2023-25560
+ RESERVED
+CVE-2023-25559
+ RESERVED
+CVE-2023-25558
+ RESERVED
+CVE-2023-25557
+ RESERVED
+CVE-2023-25556
+ RESERVED
+CVE-2023-25555
+ RESERVED
+CVE-2023-25554
+ RESERVED
+CVE-2023-25553
+ RESERVED
+CVE-2023-25552
+ RESERVED
+CVE-2023-25551
+ RESERVED
+CVE-2023-25550
+ RESERVED
+CVE-2023-25549
+ RESERVED
+CVE-2023-25548
+ RESERVED
+CVE-2023-25547
+ RESERVED
+CVE-2023-25544
+ RESERVED
+CVE-2023-25543
+ RESERVED
+CVE-2023-25542
+ RESERVED
+CVE-2023-25541
+ RESERVED
+CVE-2023-25540
+ RESERVED
+CVE-2023-25539
+ RESERVED
+CVE-2023-25538
+ RESERVED
+CVE-2023-25537
+ RESERVED
+CVE-2023-25536
+ RESERVED
+CVE-2023-25535
+ RESERVED
+CVE-2023-22660
+ RESERVED
+CVE-2023-0731
+ RESERVED
+CVE-2023-0730
+ RESERVED
+CVE-2023-0729
+ RESERVED
+CVE-2023-0728
+ RESERVED
+CVE-2023-0727
+ RESERVED
+CVE-2023-0726
+ RESERVED
+CVE-2023-0725
+ RESERVED
+CVE-2023-0724
+ RESERVED
+CVE-2023-0723
+ RESERVED
+CVE-2023-0722
+ RESERVED
+CVE-2023-0721
+ RESERVED
+CVE-2023-0720
+ RESERVED
+CVE-2023-0719
+ RESERVED
+CVE-2023-0718
+ RESERVED
+CVE-2023-0717
+ RESERVED
+CVE-2023-0716
+ RESERVED
+CVE-2023-0715
+ RESERVED
+CVE-2023-0714
+ RESERVED
+CVE-2023-0713
+ RESERVED
+CVE-2023-0712
+ RESERVED
+CVE-2023-0711
+ RESERVED
+CVE-2023-0710
+ RESERVED
+CVE-2023-0709
+ RESERVED
+CVE-2023-0708
+ RESERVED
+CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...)
+ TODO: check
+CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
CVE-2023-XXXX [RUSTSEC-2023-0004]
- rust-bzip2 0.4.4-1
[bullseye] - rust-bzip2 <no-dsa> (Minor issue)
@@ -745,12 +903,12 @@ CVE-2022-48316
RESERVED
CVE-2022-48315
RESERVED
-CVE-2015-10075
- RESERVED
-CVE-2015-10074
- RESERVED
-CVE-2011-10002
- RESERVED
+CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has been dec ...)
+ TODO: check
+CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It has been ...)
+ TODO: check
+CVE-2011-10002 (A vulnerability classified as critical has been found in weblabyrinth ...)
+ TODO: check
CVE-2023-25198
RESERVED
CVE-2023-25197
@@ -1782,10 +1940,9 @@ CVE-2023-24816
RESERVED
CVE-2023-24815
RESERVED
-CVE-2023-24814
- RESERVED
-CVE-2023-24813
- RESERVED
+CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...)
+ TODO: check
+CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...)
- php-dompdf <unfixed>
NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75
CVE-2023-24812
@@ -2650,7 +2807,7 @@ CVE-2023-0495
RESERVED
CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
RESERVED
- {DLA-3310-1}
+ {DSA-5342-1 DLA-3310-1}
- xorg-server 2:21.1.7-1 (bug #1030777)
- xwayland 2:22.1.8-1
NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/1
@@ -4808,8 +4965,8 @@ CVE-2023-23698
RESERVED
CVE-2023-23697
RESERVED
-CVE-2023-23696
- RESERVED
+CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...)
+ TODO: check
CVE-2023-23695
RESERVED
CVE-2023-23694
@@ -7292,8 +7449,7 @@ CVE-2023-0118
RESERVED
CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and < ...)
- check-mk <removed>
-CVE-2022-4883
- RESERVED
+CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz exten ...)
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm <no-dsa> (Minor issue)
[buster] - libxpm <no-dsa> (Minor issue)
@@ -7344,8 +7500,7 @@ CVE-2022-48231
RESERVED
CVE-2022-48230
RESERVED
-CVE-2022-46285
- RESERVED
+CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm <no-dsa> (Minor issue)
[buster] - libxpm <no-dsa> (Minor issue)
@@ -7799,8 +7954,8 @@ CVE-2023-22737 (wire-server provides back end services for Wire, a team communic
NOT-FOR-US: wire-server
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2023-22735
- RESERVED
+CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...)
+ TODO: check
CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...)
NOT-FOR-US: Shopware
CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...)
@@ -8055,8 +8210,8 @@ CVE-2023-22645
RESERVED
CVE-2023-22644
RESERVED
-CVE-2023-22643
- RESERVED
+CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
+ TODO: check
CVE-2023-22642
RESERVED
CVE-2023-22641
@@ -15327,9 +15482,9 @@ CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL
CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...)
NOT-FOR-US: Judging Management System
CVE-2022-46621
- RESERVED
+ REJECTED
CVE-2022-46620
- RESERVED
+ REJECTED
CVE-2022-46619
RESERVED
CVE-2022-46618
@@ -18315,8 +18470,8 @@ CVE-2022-45546
RESERVED
CVE-2022-45545
RESERVED
-CVE-2022-45544
- RESERVED
+CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...)
+ TODO: check
CVE-2022-45543
RESERVED
CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager ...)
@@ -26180,16 +26335,16 @@ CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF c
NOT-FOR-US: WordPress plugin
CVE-2022-43760
RESERVED
-CVE-2022-43759
- RESERVED
-CVE-2022-43758
- RESERVED
-CVE-2022-43757
- RESERVED
-CVE-2022-43756
- RESERVED
-CVE-2022-43755
- RESERVED
+CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher, allows ...)
+ TODO: check
+CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS Command (' ...)
+ TODO: check
+CVE-2022-43757 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...)
+ TODO: check
+CVE-2022-43756 (A Improper Neutralization of Special Elements in Output Used by a Down ...)
+ TODO: check
+CVE-2022-43755 (A Insufficient Entropy vulnerability in SUSE Rancher allows attackers ...)
+ TODO: check
CVE-2022-43754 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: Uyuni
CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
@@ -33097,14 +33252,14 @@ CVE-2022-41317 (An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 thro
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch
NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7)
-CVE-2022-41313
- RESERVED
-CVE-2022-41312
- RESERVED
-CVE-2022-41311
- RESERVED
-CVE-2022-40691
- RESERVED
+CVE-2022-41313 (A stored cross-site scripting vulnerability exists in the web applicat ...)
+ TODO: check
+CVE-2022-41312 (A stored cross-site scripting vulnerability exists in the web applicat ...)
+ TODO: check
+CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web applicat ...)
+ TODO: check
+CVE-2022-40691 (An information disclosure vulnerability exists in the web application ...)
+ TODO: check
CVE-2022-40214
RESERVED
CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
@@ -33225,8 +33380,8 @@ CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3
NOT-FOR-US: Mitel
CVE-2022-41221
RESERVED
-CVE-2022-40224
- RESERVED
+CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...)
+ TODO: check
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...)
NOT-FOR-US: Measuresoft ScadaPro Server
CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...)
@@ -33486,8 +33641,8 @@ CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Ref
NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos
NOTE: https://bugreports.qt.io/browse/QTBUG-107619
NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921
-CVE-2022-40693
- RESERVED
+CVE-2022-40693 (A cleartext transmission vulnerability exists in the web application f ...)
+ TODO: check
CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...)
{DLA-3173-1}
- linux 5.14.6-1
@@ -60299,8 +60454,8 @@ CVE-2022-31256 (A Improper Link Resolution Before File Access ('Link Following')
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1204696
CVE-2022-31255 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: Uyuni
-CVE-2022-31254
- RESERVED
+CVE-2022-31254 (A Incorrect Default Permissions vulnerability in rmt-server-regsharing ...)
+ TODO: check
CVE-2022-31253 (A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory ...)
TODO: check
CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enter ...)
@@ -60309,8 +60464,8 @@ CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging o
- slurm-wlm <not-affected> (SUSE specific packaging issue)
CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...)
NOT-FOR-US: keylime
-CVE-2022-31249
- RESERVED
+CVE-2022-31249 (A Improper Neutralization of Special Elements used in an OS Command (' ...)
+ TODO: check
CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...)
NOT-FOR-US: Uyuni
CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, allows any us ...)
@@ -71435,7 +71590,7 @@ CVE-2022-27501
RESERVED
CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android applica ...)
NOT-FOR-US: Intel
-CVE-2022-27233 (XML injection Quartus(R) Prime Programmer included in the Intel(R) Qua ...)
+CVE-2022-27233 (XML injection in the Quartus(R) Prime Programmer included in the Intel ...)
NOT-FOR-US: Intel
CVE-2022-27229
RESERVED
@@ -78674,8 +78829,8 @@ CVE-2022-24992 (A vulnerability in the component process.php of QR Code Generato
NOT-FOR-US: QR Code Generator
CVE-2022-24991
RESERVED
-CVE-2022-24990
- RESERVED
+CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover ...)
+ TODO: check
CVE-2022-24989
RESERVED
CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...)
@@ -92095,8 +92250,8 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect acces
[bullseye] - glewlwyd 2.5.2-2+deb11u2
[buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
-CVE-2022-21953
- RESERVED
+CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher allows authen ...)
+ TODO: check
CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-java o ...)
NOT-FOR-US: Uyuni
CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...)
@@ -92109,8 +92264,8 @@ CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerab
[buster] - ruby-xmlhash <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
NOTE: https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751 (1.3.8)
-CVE-2022-21948
- RESERVED
+CVE-2022-21948 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of SUSE all ...)
NOT-FOR-US: Rancher
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers configura ...)
@@ -116525,8 +116680,8 @@ CVE-2021-37493
RESERVED
CVE-2021-37492
RESERVED
-CVE-2021-37491
- RESERVED
+CVE-2021-37491 (An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogec ...)
+ TODO: check
CVE-2021-37490
RESERVED
CVE-2021-37489
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e391ba131a5afa5a2257b49f2dd39dac763bc21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e391ba131a5afa5a2257b49f2dd39dac763bc21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230207/9be643ed/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list