[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 8 08:10:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c2d3861 by security tracker role at 2023-02-08T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-25600
+ RESERVED
+CVE-2023-25599
+ RESERVED
+CVE-2023-25598
+ RESERVED
+CVE-2023-25597
+ RESERVED
+CVE-2023-25596
+ RESERVED
+CVE-2023-25595
+ RESERVED
+CVE-2023-25594
+ RESERVED
+CVE-2023-25593
+ RESERVED
+CVE-2023-25592
+ RESERVED
+CVE-2023-25591
+ RESERVED
+CVE-2023-25590
+ RESERVED
+CVE-2023-25589
+ RESERVED
+CVE-2023-0744
+ RESERVED
+CVE-2023-0743
+ RESERVED
+CVE-2023-0742
+ RESERVED
+CVE-2023-0741
+ RESERVED
+CVE-2023-0740
+ RESERVED
+CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...)
+ TODO: check
+CVE-2023-0738
+ RESERVED
+CVE-2023-0737
+ RESERVED
+CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...)
+ TODO: check
+CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
+ TODO: check
+CVE-2023-0734
+ RESERVED
+CVE-2023-0733
+ RESERVED
+CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
+ TODO: check
CVE-2023-25588
RESERVED
CVE-2023-25587
@@ -104,48 +154,48 @@ CVE-2023-25535
RESERVED
CVE-2023-22660
RESERVED
-CVE-2023-0731
- RESERVED
-CVE-2023-0730
- RESERVED
+CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
CVE-2023-0729
RESERVED
-CVE-2023-0728
- RESERVED
-CVE-2023-0727
- RESERVED
-CVE-2023-0726
- RESERVED
-CVE-2023-0725
- RESERVED
-CVE-2023-0724
- RESERVED
-CVE-2023-0723
- RESERVED
-CVE-2023-0722
- RESERVED
+CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
CVE-2023-0721
RESERVED
-CVE-2023-0720
- RESERVED
-CVE-2023-0719
- RESERVED
-CVE-2023-0718
- RESERVED
-CVE-2023-0717
- RESERVED
-CVE-2023-0716
- RESERVED
-CVE-2023-0715
- RESERVED
+CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
CVE-2023-0714
RESERVED
-CVE-2023-0713
- RESERVED
-CVE-2023-0712
- RESERVED
-CVE-2023-0711
- RESERVED
+CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
CVE-2023-0710
RESERVED
CVE-2023-0709
@@ -240,44 +290,34 @@ CVE-2023-25499
RESERVED
CVE-2023-24019
RESERVED
-CVE-2023-0705
- RESERVED
+CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0704
- RESERVED
+CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0703
- RESERVED
+CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0702
- RESERVED
+CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0701
- RESERVED
+CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0700
- RESERVED
+CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0699
- RESERVED
+CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0698
- RESERVED
+CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0697
- RESERVED
+CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0696
- RESERVED
+CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...)
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0695
@@ -296,8 +336,8 @@ CVE-2023-0689
RESERVED
CVE-2023-0688
RESERVED
-CVE-2011-10003
- RESERVED
+CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...)
+ TODO: check
CVE-2023-25498
RESERVED
CVE-2023-25497
@@ -905,10 +945,10 @@ CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been decl
TODO: check
CVE-2023-0686 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
-CVE-2023-0685
- RESERVED
-CVE-2023-0684
- RESERVED
+CVE-2023-0685 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
CVE-2023-0683
RESERVED
CVE-2023-0682
@@ -943,8 +983,7 @@ CVE-2022-48313
RESERVED
CVE-2022-48312
RESERVED
-CVE-2023-25194
- RESERVED
+CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka ...)
- kafka <itp> (bug #786460)
CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo Chat A ...)
TODO: check
@@ -1933,8 +1972,8 @@ CVE-2016-15023 (A vulnerability, which was classified as problematic, was found
NOT-FOR-US: SiteFusion
CVE-2023-24831
RESERVED
-CVE-2023-24828
- RESERVED
+CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions ...)
+ TODO: check
CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...)
TODO: check
CVE-2023-24826
@@ -4269,8 +4308,8 @@ CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receiv
NOT-FOR-US: OpenSearch Anomaly Detection
CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...)
NOT-FOR-US: OpenDDS
-CVE-2023-23931
- RESERVED
+CVE-2023-23931 (cryptography is a package designed to expose cryptographic primitives ...)
+ TODO: check
CVE-2023-23930
RESERVED
CVE-2023-23929
@@ -5476,6 +5515,7 @@ CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been
NOT-FOR-US: ityouknow favorites-web
CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
RESERVED
+ {DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8)
@@ -6679,6 +6719,7 @@ CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8)
CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
RESERVED
+ {DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...)
@@ -6840,8 +6881,8 @@ CVE-2023-23028
RESERVED
CVE-2023-23027
RESERVED
-CVE-2023-23026
- RESERVED
+CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...)
+ TODO: check
CVE-2023-23025
RESERVED
CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
@@ -6870,8 +6911,8 @@ CVE-2023-23013
RESERVED
CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...)
NOT-FOR-US: craigrodway classroombookings
-CVE-2023-23011
- RESERVED
+CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...)
+ TODO: check
CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2023-23009
@@ -12963,22 +13004,22 @@ CVE-2022-47421
RESERVED
CVE-2022-47420
RESERVED
-CVE-2022-47419
- RESERVED
-CVE-2022-47418
- RESERVED
-CVE-2022-47417
- RESERVED
-CVE-2022-47416
- RESERVED
-CVE-2022-47415
- RESERVED
-CVE-2022-47414
- RESERVED
-CVE-2022-47413
- RESERVED
-CVE-2022-47412
- RESERVED
+CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...)
+ TODO: check
+CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
+ TODO: check
+CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
+ TODO: check
+CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type ...)
+ TODO: check
+CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
+ TODO: check
+CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is authentica ...)
+ TODO: check
+CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM DMS is ...)
+ TODO: check
+CVE-2022-47412 (Given a malicious document provided by an attacker, the ONLYOFFICE Wor ...)
+ TODO: check
CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
NOT-FOR-US: TYPO3 extension
CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
@@ -13377,6 +13418,7 @@ CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not valida
NOT-FOR-US: WordPress plugin
CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
RESERVED
+ {DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83 (openssl-3.0.8)
@@ -15396,6 +15438,7 @@ CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks a
NOT-FOR-US: WordPress plugin
CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
RESERVED
+ {DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8)
@@ -15416,8 +15459,7 @@ CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does no
NOT-FOR-US: WordPress plugin
CVE-2022-4296 (A vulnerability classified as problematic has been found in TP-Link TL ...)
NOT-FOR-US: TP-Link
-CVE-2022-46663 [less -R filtering bypass]
- RESERVED
+CVE-2022-46663 (In GNU Less before 609, crafted data can result in "less -R" not filte ...)
- less <unfixed> (bug #1030825)
[bullseye] - less <not-affected> (Vulnerable code not present)
[buster] - less <not-affected> (Vulnerable code not present)
@@ -18036,8 +18078,8 @@ CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in Adgu
NOT-FOR-US: Adguard
CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...)
NOT-FOR-US: ClicShopping_V3
-CVE-2022-45768
- RESERVED
+CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. Wireles ...)
+ TODO: check
CVE-2022-45767
RESERVED
CVE-2022-45766
@@ -19851,12 +19893,12 @@ CVE-2022-45194 (CBRN-Analysis before 22 allows XXE attacks via am mws XML docume
NOT-FOR-US: CBRN-Analysis
CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public Profile ...)
NOT-FOR-US: CBRN-Analysis
-CVE-2022-45192
- RESERVED
-CVE-2022-45191
- RESERVED
-CVE-2022-45190
- RESERVED
+CVE-2022-45192 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...)
+ TODO: check
+CVE-2022-45191 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...)
+ TODO: check
+CVE-2022-45190 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...)
+ TODO: check
CVE-2022-45189
RESERVED
CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ...)
@@ -35285,8 +35327,8 @@ CVE-2022-40482
RESERVED
CVE-2022-40481
RESERVED
-CVE-2022-40480
- RESERVED
+CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was dis ...)
+ TODO: check
CVE-2022-40479
RESERVED
CVE-2022-40478
@@ -53757,6 +53799,7 @@ CVE-2022-33760
CVE-2022-33759
RESERVED
CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ...)
+ {DSA-5343-1}
- openssl 3.0.5-1 (bug #1023424)
[buster] - openssl <postponed> (Minor issue, fix along in next round of security updates)
NOTE: https://www.openssl.org/news/secadv/20220705.txt
@@ -116700,8 +116743,8 @@ CVE-2021-37494
RESERVED
CVE-2021-37493
RESERVED
-CVE-2021-37492
- RESERVED
+CVE-2021-37492 (An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 ...)
+ TODO: check
CVE-2021-37491 (An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogec ...)
TODO: check
CVE-2021-37490
@@ -119067,8 +119110,8 @@ CVE-2021-36473
RESERVED
CVE-2021-36472
RESERVED
-CVE-2021-36471
- RESERVED
+CVE-2021-36471 (Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote atta ...)
+ TODO: check
CVE-2021-36470
RESERVED
CVE-2021-36469
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c2d3861664ca695f5216a42bd8e9b7d8f0b1a83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c2d3861664ca695f5216a42bd8e9b7d8f0b1a83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/1dcaff37/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list