[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 9 20:10:36 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c69a2538 by security tracker role at 2023-02-09T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-25641
+ RESERVED
+CVE-2023-25640
+ RESERVED
+CVE-2023-25639
+ RESERVED
+CVE-2023-25638
+ RESERVED
+CVE-2023-25637
+ RESERVED
+CVE-2023-25636
+ RESERVED
+CVE-2023-25635
+ RESERVED
+CVE-2023-25634
+ RESERVED
+CVE-2023-25633
+ RESERVED
+CVE-2023-25632
+ RESERVED
+CVE-2023-25631
+ RESERVED
+CVE-2023-25630
+ RESERVED
+CVE-2023-25629
+ RESERVED
+CVE-2023-25628
+ RESERVED
+CVE-2023-25627
+ RESERVED
+CVE-2023-25626
+ RESERVED
+CVE-2023-25625
+ RESERVED
+CVE-2023-25624
+ RESERVED
+CVE-2023-25623
+ RESERVED
+CVE-2023-25622
+ RESERVED
+CVE-2023-25621
+ RESERVED
+CVE-2023-25620
+ RESERVED
+CVE-2023-25619
+ RESERVED
+CVE-2023-25618
+ RESERVED
+CVE-2023-25617
+ RESERVED
+CVE-2023-25616
+ RESERVED
+CVE-2023-25615
+ RESERVED
+CVE-2023-25614
+ RESERVED
+CVE-2023-25613
+ RESERVED
+CVE-2023-0767
+ RESERVED
+CVE-2023-0766
+ RESERVED
+CVE-2023-0765
+ RESERVED
+CVE-2023-0764
+ RESERVED
+CVE-2023-0763
+ RESERVED
+CVE-2023-0762
+ RESERVED
+CVE-2023-0761
+ RESERVED
+CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
+ TODO: check
+CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2. ...)
+ TODO: check
+CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and classified a ...)
+ TODO: check
+CVE-2023-0757
+ RESERVED
+CVE-2022-4904
+ RESERVED
+CVE-2022-4903
+ RESERVED
+CVE-2015-10077
+ RESERVED
CVE-2023-25612
RESERVED
CVE-2023-25177
@@ -50,8 +136,8 @@ CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayse
NOT-FOR-US: btcpayserver
CVE-2023-0746
RESERVED
-CVE-2023-0745
- RESERVED
+CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Manag ...)
+ TODO: check
CVE-2022-48321
RESERVED
CVE-2022-48320
@@ -1564,7 +1650,8 @@ CVE-2023-25002
RESERVED
CVE-2023-25001
RESERVED
-CVE-2023-0634 (An uncontrolled process operation was found in the newgrp command prov ...)
+CVE-2023-0634
+ REJECTED
- shadow <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166544
NOTE: https://github.com/shadow-maint/shadow/pull/642
@@ -1588,8 +1675,8 @@ CVE-2023-0626
RESERVED
CVE-2023-0625
RESERVED
-CVE-2023-0624
- RESERVED
+CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
+ TODO: check
CVE-2023-0623
RESERVED
CVE-2023-0622
@@ -2066,8 +2153,8 @@ CVE-2023-24817
RESERVED
CVE-2023-24816
RESERVED
-CVE-2023-24815
- RESERVED
+CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web applications i ...)
+ TODO: check
CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...)
NOT-FOR-US: Typo3
CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...)
@@ -2109,10 +2196,10 @@ CVE-2023-0577
RESERVED
CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- yugabyte-db <itp> (bug #989673)
-CVE-2023-0575
- RESERVED
-CVE-2023-0574
- RESERVED
+CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...)
+ TODO: check
+CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled Modification ...)
+ TODO: check
CVE-2022-48305
RESERVED
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
@@ -2536,40 +2623,40 @@ CVE-2023-0568
RESERVED
CVE-2023-0567
RESERVED
-CVE-2022-48302
- RESERVED
-CVE-2022-48301
- RESERVED
-CVE-2022-48300
- RESERVED
-CVE-2022-48299
- RESERVED
-CVE-2022-48298
- RESERVED
-CVE-2022-48297
- RESERVED
-CVE-2022-48296
- RESERVED
-CVE-2022-48295
- RESERVED
-CVE-2022-48294
- RESERVED
-CVE-2022-48293
- RESERVED
-CVE-2022-48292
- RESERVED
+CVE-2022-48302 (The AMS module has a vulnerability of lacking permission verification ...)
+ TODO: check
+CVE-2022-48301 (The bundle management module lacks permission verification in some API ...)
+ TODO: check
+CVE-2022-48300 (The WMS module lacks the authentication mechanism in some APIs. Succes ...)
+ TODO: check
+CVE-2022-48299 (The WMS module lacks the authentication mechanism in some APIs. Succes ...)
+ TODO: check
+CVE-2022-48298 (The geofencing kernel code does not verify the length of the input dat ...)
+ TODO: check
+CVE-2022-48297 (The geofencing kernel code has a vulnerability of not verifying the le ...)
+ TODO: check
+CVE-2022-48296 (The SystemUI has a vulnerability in permission management. Successful ...)
+ TODO: check
+CVE-2022-48295 (The IHwAntiMalPlugin interface lacks permission verification. Successf ...)
+ TODO: check
+CVE-2022-48294 (The IHwAttestationService interface has a defect in authentication. Su ...)
+ TODO: check
+CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploitation ...)
+ TODO: check
+CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...)
+ TODO: check
CVE-2022-48291
RESERVED
-CVE-2022-48290
- RESERVED
-CVE-2022-48289
- RESERVED
-CVE-2022-48288
- RESERVED
-CVE-2022-48287
- RESERVED
-CVE-2022-48286
- RESERVED
+CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...)
+ TODO: check
+CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...)
+ TODO: check
+CVE-2022-48288 (The bundle management module lacks authentication and control mechanis ...)
+ TODO: check
+CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability. Successful exp ...)
+ TODO: check
+CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation vulne ...)
+ TODO: check
CVE-2023-24607
RESERVED
CVE-2023-24606
@@ -4832,8 +4919,8 @@ CVE-2022-46303
RESERVED
CVE-2022-46302
RESERVED
-CVE-2022-43440
- RESERVED
+CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk b ...)
+ TODO: check
CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge of th ...)
NOT-FOR-US: Zowe
CVE-2017-20174 (A vulnerability was found in bastianallgeier Kirby Webmentions Plugin ...)
@@ -7107,8 +7194,8 @@ CVE-2023-22955
RESERVED
CVE-2023-22954
RESERVED
-CVE-2023-22953
- RESERVED
+CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be achieve ...)
+ TODO: check
CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject cu ...)
NOT-FOR-US: SugarCRM
CVE-2023-22951
@@ -7679,7 +7766,7 @@ CVE-2023-0117
CVE-2023-0116
RESERVED
CVE-2023-0115 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- REJECTED
+ TODO: check
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...)
NOT-FOR-US: CapsAdmin PAC3
CVE-2021-4309 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -8565,7 +8652,7 @@ CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an Unauthorized
CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that could caus ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2023-22609
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29948
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a984f112b015b7d33c3c91230eb4c35695926539 (binutils-2_40)
@@ -8577,31 +8664,31 @@ CVE-2023-22608
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09 (binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22607
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29914
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=42f39fdedcf3321cab9964945d3f5bca58967b80 (binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22606
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29908
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa501b69309ccb03ec957101f24109ed7f737733 (binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22605
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29893
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=956bc7a29fd952d709db29667b38f98cdd3db4c9 (binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22604
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29872
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f58a399cf3f946983398cdfe52d0eaa72bf877 (binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22603
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29870
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f58a399cf3f946983398cdfe52d0eaa72bf877 (binutils-2_40)
@@ -9782,7 +9869,7 @@ CVE-2022-47977
RESERVED
CVE-2022-47976 (The DMSDP module of the distributed hardware has a vulnerability that ...)
NOT-FOR-US: Huawei
-CVE-2022-47975 (The DUBAI module has a double free vulnerability.Successful exploitati ...)
+CVE-2022-47975 (The DUBAI module has a double free vulnerability. Successful exploitat ...)
NOT-FOR-US: Huawei
CVE-2022-47974 (The Bluetooth AVRCP module has a vulnerability that can lead to DoS at ...)
NOT-FOR-US: Huawei
@@ -19258,72 +19345,72 @@ CVE-2023-21453
RESERVED
CVE-2023-21452
RESERVED
-CVE-2023-21451
- RESERVED
-CVE-2023-21450
- RESERVED
+CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRI ...)
+ TODO: check
+CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation + prior to v ...)
+ TODO: check
CVE-2023-21449
RESERVED
-CVE-2023-21448
- RESERVED
-CVE-2023-21447
- RESERVED
-CVE-2023-21446
- RESERVED
-CVE-2023-21445
- RESERVED
-CVE-2023-21444
- RESERVED
-CVE-2023-21443
- RESERVED
-CVE-2023-21442
- RESERVED
-CVE-2023-21441
- RESERVED
-CVE-2023-21440
- RESERVED
-CVE-2023-21439
- RESERVED
-CVE-2023-21438
- RESERVED
-CVE-2023-21437
- RESERVED
-CVE-2023-21436
- RESERVED
-CVE-2023-21435
- RESERVED
-CVE-2023-21434
- RESERVED
-CVE-2023-21433
- RESERVED
-CVE-2023-21432
- RESERVED
-CVE-2023-21431
- RESERVED
-CVE-2023-21430
- RESERVED
-CVE-2023-21429
- RESERVED
-CVE-2023-21428
- RESERVED
-CVE-2023-21427
- RESERVED
-CVE-2023-21426
- RESERVED
-CVE-2023-21425
- RESERVED
-CVE-2023-21424
- RESERVED
-CVE-2023-21423
- RESERVED
-CVE-2023-21422
- RESERVED
-CVE-2023-21421
- RESERVED
-CVE-2023-21420
- RESERVED
-CVE-2023-21419
- RESERVED
+CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.3 ...)
+ TODO: check
+CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior to vers ...)
+ TODO: check
+CVE-2023-21446 (Improper input validation in MyFiles prior to version 12.2.09 in Andro ...)
+ TODO: check
+CVE-2023-21445 (Improper access control vulnerability in MyFiles prior to versions 12. ...)
+ TODO: check
+CVE-2023-21444 (Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 ...)
+ TODO: check
+CVE-2023-21443 (Improper cryptographic implementation in Samsung Flow for Android prio ...)
+ TODO: check
+CVE-2023-21442 (Improper access control vulnerability in Runestone application prior t ...)
+ TODO: check
+CVE-2023-21441 (Insufficient Verification of Data Authenticity vulnerability in Routin ...)
+ TODO: check
+CVE-2023-21440 (Improper access control vulnerability in WindowManagerService prior to ...)
+ TODO: check
+CVE-2023-21439 (Improper input validation vulnerability in UwbDataTxStatusEvent prior ...)
+ TODO: check
+CVE-2023-21438 (Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows ph ...)
+ TODO: check
+CVE-2023-21437 (Improper access control vulnerability in Phone application prior to SM ...)
+ TODO: check
+CVE-2023-21436 (Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Re ...)
+ TODO: check
+CVE-2023-21435 (Exposure of Sensitive Information vulnerability in Fingerprint TA prio ...)
+ TODO: check
+CVE-2023-21434 (Improper input validation vulnerability in Galaxy Store prior to versi ...)
+ TODO: check
+CVE-2023-21433 (Improper access control vulnerability in Galaxy Store prior to version ...)
+ TODO: check
+CVE-2023-21432 (Improper access control vulnerabilities in Smart Things prior to 1.7.9 ...)
+ TODO: check
+CVE-2023-21431 (Improper input validation in Bixby Vision prior to version 3.7.70.17 a ...)
+ TODO: check
+CVE-2023-21430 (An out-of-bound read vulnerability in mapToBuffer function in libSDKRe ...)
+ TODO: check
+CVE-2023-21429 (Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release ...)
+ TODO: check
+CVE-2023-21428 (Improper input validation vulnerability in TelephonyUI prior to SMR Ja ...)
+ TODO: check
+CVE-2023-21427 (Improper access control vulnerability in NfcTile prior to SMR Jan-2023 ...)
+ TODO: check
+CVE-2023-21426 (Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Ja ...)
+ TODO: check
+CVE-2023-21425 (Improper access control vulnerability in telecom application prior to ...)
+ TODO: check
+CVE-2023-21424 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...)
+ TODO: check
+CVE-2023-21423 (Improper authorization vulnerability in ChnFileShareKit prior to SMR J ...)
+ TODO: check
+CVE-2023-21422 (Improper authorization vulnerability in semAddPublicDnsAddr in WifiSev ...)
+ TODO: check
+CVE-2023-21421 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...)
+ TODO: check
+CVE-2023-21420 (Use of Externally-Controlled Format String vulnerabilities in STST TA ...)
+ TODO: check
+CVE-2023-21419 (An improper implementation logic in Secure Folder prior to SMR Jan-202 ...)
+ TODO: check
CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
@@ -62672,8 +62759,8 @@ CVE-2022-30566
RESERVED
CVE-2022-30565
RESERVED
-CVE-2022-30564
- RESERVED
+CVE-2022-30564 (Some Dahua embedded products have a vulnerability of unauthorized modi ...)
+ TODO: check
CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the request ...)
NOT-FOR-US: Dahua
CVE-2022-30562 (If the user enables the https function on the device, an attacker can ...)
@@ -101813,9 +101900,9 @@ CVE-2021-42795
CVE-2021-42794
RESERVED
CVE-2021-42793
- RESERVED
+ REJECTED
CVE-2021-42792
- RESERVED
+ REJECTED
CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...)
NOT-FOR-US: VeridiumID
CVE-2021-42790
@@ -107620,7 +107707,7 @@ CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is co
CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...)
NOT-FOR-US: Listary
CVE-2021-41064
- RESERVED
+ REJECTED
CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...)
NOT-FOR-US: Aanderaa GeoView Webservice
CVE-2021-41062
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69a2538b8f4dd90d45c7cfffd6395a088afd118
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69a2538b8f4dd90d45c7cfffd6395a088afd118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230209/c5efe27a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list