[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 8 20:10:28 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
173f8e51 by security tracker role at 2023-02-08T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-25611
+ RESERVED
+CVE-2023-25610
+ RESERVED
+CVE-2023-25609
+ RESERVED
+CVE-2023-25608
+ RESERVED
+CVE-2023-25607
+ RESERVED
+CVE-2023-25606
+ RESERVED
+CVE-2023-25605
+ RESERVED
+CVE-2023-25604
+ RESERVED
+CVE-2023-25603
+ RESERVED
+CVE-2023-25602
+ RESERVED
+CVE-2023-25601
+ RESERVED
+CVE-2023-0753
+ RESERVED
+CVE-2023-0752
+ RESERVED
+CVE-2023-0751
+ RESERVED
+CVE-2023-0750
+ RESERVED
+CVE-2023-0749
+ RESERVED
+CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...)
+ TODO: check
+CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
+ TODO: check
+CVE-2023-0746
+ RESERVED
+CVE-2023-0745
+ RESERVED
+CVE-2022-48321
+ RESERVED
+CVE-2022-48320
+ RESERVED
+CVE-2022-48319
+ RESERVED
+CVE-2022-48318
+ RESERVED
+CVE-2022-48317
+ RESERVED
CVE-2023-25600
RESERVED
CVE-2023-25599
@@ -22,16 +72,16 @@ CVE-2023-25590
RESERVED
CVE-2023-25589
RESERVED
-CVE-2023-0744
- RESERVED
-CVE-2023-0743
- RESERVED
-CVE-2023-0742
- RESERVED
-CVE-2023-0741
- RESERVED
-CVE-2023-0740
- RESERVED
+CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...)
+ TODO: check
+CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...)
+ TODO: check
+CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...)
+ TODO: check
+CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...)
NOT-FOR-US: Answer
CVE-2023-0738
@@ -286,33 +336,43 @@ CVE-2023-25499
CVE-2023-24019
RESERVED
CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0695
@@ -325,8 +385,8 @@ CVE-2023-0692
RESERVED
CVE-2023-0691
RESERVED
-CVE-2023-0690
- RESERVED
+CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...)
+ TODO: check
CVE-2023-0689
RESERVED
CVE-2023-0688
@@ -537,8 +597,8 @@ CVE-2023-25398
RESERVED
CVE-2023-25397
RESERVED
-CVE-2023-25396
- RESERVED
+CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...)
+ TODO: check
CVE-2023-25395
RESERVED
CVE-2023-25394
@@ -1114,8 +1174,8 @@ CVE-2023-25154
RESERVED
CVE-2023-25153
RESERVED
-CVE-2023-25152
- RESERVED
+CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...)
+ TODO: check
CVE-2023-25151
RESERVED
CVE-2023-25150
@@ -4453,8 +4513,7 @@ CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to Cross-Si
NOT-FOR-US: Social Warfare plugin for WordPress
CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: Social Warfare plugin for WordPress
-CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification]
- RESERVED
+CVE-2023-0401 (A NULL pointer can be dereferenced when signatures are being verified ...)
- openssl 3.0.8-1
[bullseye] - openssl <not-affected> (Only affects 3.x)
[buster] - openssl <not-affected> (Only affects 3.x)
@@ -5511,8 +5570,7 @@ CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: Crash in CLI tool, no security impact
CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...)
NOT-FOR-US: ityouknow favorites-web
-CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
- RESERVED
+CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address proc ...)
{DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -5819,8 +5877,8 @@ CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could a
NOT-FOR-US: IBM
CVE-2023-23476
RESERVED
-CVE-2023-23475
- RESERVED
+CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2023-23474
RESERVED
CVE-2023-23473
@@ -6701,22 +6759,19 @@ CVE-2023-0219
RESERVED
CVE-2023-0218
RESERVED
-CVE-2023-0217 [openssl: NULL dereference validating DSA public key]
- RESERVED
+CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...)
- openssl 3.0.8-1
[bullseye] - openssl <not-affected> (Only affects 3.x)
[buster] - openssl <not-affected> (Only affects 3.x)
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8)
-CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
- RESERVED
+CVE-2023-0216 (An invalid pointer dereference on read can be triggered when an applic ...)
- openssl 3.0.8-1
[bullseye] - openssl <not-affected> (Only affects 3.x)
[buster] - openssl <not-affected> (Only affects 3.x)
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8)
-CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
- RESERVED
+CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used for str ...)
{DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -13415,8 +13470,7 @@ CVE-2022-4452
RESERVED
CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
- RESERVED
+CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and parses ...)
{DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -15435,8 +15489,7 @@ CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does
NOT-FOR-US: WordPress plugin
CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
- RESERVED
+CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption imple ...)
{DSA-5343-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -18103,8 +18156,8 @@ CVE-2022-45757
RESERVED
CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...)
NOT-FOR-US: SENS
-CVE-2022-45755
- RESERVED
+CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...)
+ TODO: check
CVE-2022-45754
RESERVED
CVE-2022-45753
@@ -18566,10 +18619,10 @@ CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera
NOT-FOR-US: AeroCMS
CVE-2022-45528
RESERVED
-CVE-2022-45527
- RESERVED
-CVE-2022-45526
- RESERVED
+CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...)
+ TODO: check
+CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...)
+ TODO: check
CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
NOT-FOR-US: Tenda
CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
@@ -20066,6 +20119,7 @@ CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.
NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1
CVE-2022-45142 [gsskrb5: fix accidental logic inversions]
RESERVED
+ {DSA-5344-1 DLA-3311-1}
- heimdal <unfixed> (bug #1030849)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296
@@ -25890,12 +25944,12 @@ CVE-2023-0005
RESERVED
CVE-2023-0004
RESERVED
-CVE-2023-0003
- RESERVED
-CVE-2023-0002
- RESERVED
-CVE-2023-0001
- RESERVED
+CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...)
+ TODO: check
+CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
+ TODO: check
+CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...)
+ TODO: check
CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions). ...)
NOT-FOR-US: QMS Automotive
CVE-2022-43957
@@ -26343,16 +26397,16 @@ CVE-2022-43767
RESERVED
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...)
NOT-FOR-US: Apache IoTDB
-CVE-2022-43765
- RESERVED
-CVE-2022-43764
- RESERVED
-CVE-2022-43763
- RESERVED
-CVE-2022-43762
- RESERVED
-CVE-2022-43761
- RESERVED
+CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process correctly s ...)
+ TODO: check
+CVE-2022-43764 (Insufficient validation of input parameters when changing configuratio ...)
+ TODO: check
+CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of Service co ...)
+ TODO: check
+CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions < R 4.2 ...)
+ TODO: check
+CVE-2022-43761 (Missing authentication when creating and managing the B&R APROL da ...)
+ TODO: check
CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...)
{DLA-3182-1}
- vim 2:9.0.0813-1 (unimportant)
@@ -30220,8 +30274,8 @@ CVE-2022-42440
RESERVED
CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...)
NOT-FOR-US: IBM
-CVE-2022-42438
- RESERVED
+CVE-2022-42438 (IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows ...)
+ TODO: check
CVE-2022-42437
RESERVED
CVE-2022-42436
@@ -32330,8 +32384,8 @@ CVE-2022-41633
RESERVED
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...)
NOT-FOR-US: Villatheme ALD
-CVE-2022-41620
- RESERVED
+CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPr ...)
+ TODO: check
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41616
@@ -48050,8 +48104,8 @@ CVE-2022-35722 (IBM Jazz for Service Management is vulnerable to stored cross-si
NOT-FOR-US: IBM
CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...)
NOT-FOR-US: IBM
-CVE-2022-35720
- RESERVED
+CVE-2022-35720 (IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Sec ...)
+ TODO: check
CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...)
NOT-FOR-US: IBM
CVE-2022-35718
@@ -52076,8 +52130,8 @@ CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.
- jetty9 <not-affected> (Specific to 10.x)
NOTE: https://github.com/eclipse/jetty.project/issues/8161
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
-CVE-2022-34362
- RESERVED
+CVE-2022-34362 (IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection ...)
+ TODO: check
CVE-2022-34361 (IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographi ...)
NOT-FOR-US: IBM
CVE-2022-34360
@@ -53810,8 +53864,8 @@ CVE-2022-2096
RESERVED
CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...)
- gitlab <unfixed>
-CVE-2022-2094
- RESERVED
+CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...)
+ TODO: check
CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
@@ -98152,7 +98206,7 @@ CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
NOT-FOR-US: Bitdefender
CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
NOT-FOR-US: Bitdefender
-CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
+CVE-2021-3958 (Improper Handling of Parameters vulnerability in Ipack Automation Syst ...)
NOT-FOR-US: iPack SCADA Automation
CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...)
NOT-FOR-US: Trilium Notes
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173f8e5169b5b91232e9e0bcec6916d4350220e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173f8e5169b5b91232e9e0bcec6916d4350220e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/f019986b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list