[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 8 20:10:28 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
173f8e51 by security tracker role at 2023-02-08T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-25611
+	RESERVED
+CVE-2023-25610
+	RESERVED
+CVE-2023-25609
+	RESERVED
+CVE-2023-25608
+	RESERVED
+CVE-2023-25607
+	RESERVED
+CVE-2023-25606
+	RESERVED
+CVE-2023-25605
+	RESERVED
+CVE-2023-25604
+	RESERVED
+CVE-2023-25603
+	RESERVED
+CVE-2023-25602
+	RESERVED
+CVE-2023-25601
+	RESERVED
+CVE-2023-0753
+	RESERVED
+CVE-2023-0752
+	RESERVED
+CVE-2023-0751
+	RESERVED
+CVE-2023-0750
+	RESERVED
+CVE-2023-0749
+	RESERVED
+CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to  ...)
+	TODO: check
+CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
+	TODO: check
+CVE-2023-0746
+	RESERVED
+CVE-2023-0745
+	RESERVED
+CVE-2022-48321
+	RESERVED
+CVE-2022-48320
+	RESERVED
+CVE-2022-48319
+	RESERVED
+CVE-2022-48318
+	RESERVED
+CVE-2022-48317
+	RESERVED
 CVE-2023-25600
 	RESERVED
 CVE-2023-25599
@@ -22,16 +72,16 @@ CVE-2023-25590
 	RESERVED
 CVE-2023-25589
 	RESERVED
-CVE-2023-0744
-	RESERVED
-CVE-2023-0743
-	RESERVED
-CVE-2023-0742
-	RESERVED
-CVE-2023-0741
-	RESERVED
-CVE-2023-0740
-	RESERVED
+CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...)
+	TODO: check
+CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...)
+	TODO: check
+CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+	TODO: check
+CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...)
+	TODO: check
+CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+	TODO: check
 CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...)
 	NOT-FOR-US: Answer
 CVE-2023-0738
@@ -286,33 +336,43 @@ CVE-2023-25499
 CVE-2023-24019
 	RESERVED
 CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77  ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed  ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...)
+	{DSA-5345-1}
 	- chromium 110.0.5481.77-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0695
@@ -325,8 +385,8 @@ CVE-2023-0692
 	RESERVED
 CVE-2023-0691
 	RESERVED
-CVE-2023-0690
-	RESERVED
+CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...)
+	TODO: check
 CVE-2023-0689
 	RESERVED
 CVE-2023-0688
@@ -537,8 +597,8 @@ CVE-2023-25398
 	RESERVED
 CVE-2023-25397
 	RESERVED
-CVE-2023-25396
-	RESERVED
+CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...)
+	TODO: check
 CVE-2023-25395
 	RESERVED
 CVE-2023-25394
@@ -1114,8 +1174,8 @@ CVE-2023-25154
 	RESERVED
 CVE-2023-25153
 	RESERVED
-CVE-2023-25152
-	RESERVED
+CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...)
+	TODO: check
 CVE-2023-25151
 	RESERVED
 CVE-2023-25150
@@ -4453,8 +4513,7 @@ CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to Cross-Si
 	NOT-FOR-US: Social Warfare plugin for WordPress
 CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to authorization ...)
 	NOT-FOR-US: Social Warfare plugin for WordPress
-CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification]
-	RESERVED
+CVE-2023-0401 (A NULL pointer can be dereferenced when signatures are being verified  ...)
 	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
@@ -5511,8 +5570,7 @@ CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...)
 	NOT-FOR-US: ityouknow favorites-web
-CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
-	RESERVED
+CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address proc ...)
 	{DSA-5343-1}
 	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -5819,8 +5877,8 @@ CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could a
 	NOT-FOR-US: IBM
 CVE-2023-23476
 	RESERVED
-CVE-2023-23475
-	RESERVED
+CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...)
+	TODO: check
 CVE-2023-23474
 	RESERVED
 CVE-2023-23473
@@ -6701,22 +6759,19 @@ CVE-2023-0219
 	RESERVED
 CVE-2023-0218
 	RESERVED
-CVE-2023-0217 [openssl: NULL dereference validating DSA public key]
-	RESERVED
+CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...)
 	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8)
-CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
-	RESERVED
+CVE-2023-0216 (An invalid pointer dereference on read can be triggered when an applic ...)
 	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8)
-CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
-	RESERVED
+CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used for str ...)
 	{DSA-5343-1}
 	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -13415,8 +13470,7 @@ CVE-2022-4452
 	RESERVED
 CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
-	RESERVED
+CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and parses  ...)
 	{DSA-5343-1}
 	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -15435,8 +15489,7 @@ CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
-	RESERVED
+CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption imple ...)
 	{DSA-5343-1}
 	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -18103,8 +18156,8 @@ CVE-2022-45757
 	RESERVED
 CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...)
 	NOT-FOR-US: SENS
-CVE-2022-45755
-	RESERVED
+CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...)
+	TODO: check
 CVE-2022-45754
 	RESERVED
 CVE-2022-45753
@@ -18566,10 +18619,10 @@ CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera
 	NOT-FOR-US: AeroCMS
 CVE-2022-45528
 	RESERVED
-CVE-2022-45527
-	RESERVED
-CVE-2022-45526
-	RESERVED
+CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...)
+	TODO: check
+CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...)
+	TODO: check
 CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
 	NOT-FOR-US: Tenda
 CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
@@ -20066,6 +20119,7 @@ CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1
 CVE-2022-45142 [gsskrb5: fix accidental logic inversions]
 	RESERVED
+	{DSA-5344-1 DLA-3311-1}
 	- heimdal <unfixed> (bug #1030849)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296
@@ -25890,12 +25944,12 @@ CVE-2023-0005
 	RESERVED
 CVE-2023-0004
 	RESERVED
-CVE-2023-0003
-	RESERVED
-CVE-2023-0002
-	RESERVED
-CVE-2023-0001
-	RESERVED
+CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...)
+	TODO: check
+CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
+	TODO: check
+CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...)
+	TODO: check
 CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions).  ...)
 	NOT-FOR-US: QMS Automotive
 CVE-2022-43957
@@ -26343,16 +26397,16 @@ CVE-2022-43767
 	RESERVED
 CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...)
 	NOT-FOR-US: Apache IoTDB
-CVE-2022-43765
-	RESERVED
-CVE-2022-43764
-	RESERVED
-CVE-2022-43763
-	RESERVED
-CVE-2022-43762
-	RESERVED
-CVE-2022-43761
-	RESERVED
+CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process correctly s ...)
+	TODO: check
+CVE-2022-43764 (Insufficient validation of input parameters when changing configuratio ...)
+	TODO: check
+CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of Service co ...)
+	TODO: check
+CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions < R 4.2 ...)
+	TODO: check
+CVE-2022-43761 (Missing authentication when creating and managing the B&R APROL da ...)
+	TODO: check
 CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...)
 	{DLA-3182-1}
 	- vim 2:9.0.0813-1 (unimportant)
@@ -30220,8 +30274,8 @@ CVE-2022-42440
 	RESERVED
 CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...)
 	NOT-FOR-US: IBM
-CVE-2022-42438
-	RESERVED
+CVE-2022-42438 (IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows  ...)
+	TODO: check
 CVE-2022-42437
 	RESERVED
 CVE-2022-42436
@@ -32330,8 +32384,8 @@ CVE-2022-41633
 	RESERVED
 CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...)
 	NOT-FOR-US: Villatheme ALD
-CVE-2022-41620
-	RESERVED
+CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPr ...)
+	TODO: check
 CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41616
@@ -48050,8 +48104,8 @@ CVE-2022-35722 (IBM Jazz for Service Management is vulnerable to stored cross-si
 	NOT-FOR-US: IBM
 CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...)
 	NOT-FOR-US: IBM
-CVE-2022-35720
-	RESERVED
+CVE-2022-35720 (IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Sec ...)
+	TODO: check
 CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...)
 	NOT-FOR-US: IBM
 CVE-2022-35718
@@ -52076,8 +52130,8 @@ CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.
 	- jetty9 <not-affected> (Specific to 10.x)
 	NOTE: https://github.com/eclipse/jetty.project/issues/8161
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
-CVE-2022-34362
-	RESERVED
+CVE-2022-34362 (IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection ...)
+	TODO: check
 CVE-2022-34361 (IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographi ...)
 	NOT-FOR-US: IBM
 CVE-2022-34360
@@ -53810,8 +53864,8 @@ CVE-2022-2096
 	RESERVED
 CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...)
 	- gitlab <unfixed>
-CVE-2022-2094
-	RESERVED
+CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...)
+	TODO: check
 CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
@@ -98152,7 +98206,7 @@ CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
 	NOT-FOR-US: Bitdefender
 CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
 	NOT-FOR-US: Bitdefender
-CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
+CVE-2021-3958 (Improper Handling of Parameters vulnerability in Ipack Automation Syst ...)
 	NOT-FOR-US: iPack SCADA Automation
 CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...)
 	NOT-FOR-US: Trilium Notes



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173f8e5169b5b91232e9e0bcec6916d4350220e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173f8e5169b5b91232e9e0bcec6916d4350220e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/f019986b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list