[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 10 08:10:31 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6899cc1 by security tracker role at 2023-02-10T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-25676
+ RESERVED
+CVE-2023-25675
+ RESERVED
+CVE-2023-25674
+ RESERVED
+CVE-2023-25673
+ RESERVED
+CVE-2023-25672
+ RESERVED
+CVE-2023-25671
+ RESERVED
+CVE-2023-25670
+ RESERVED
+CVE-2023-25669
+ RESERVED
+CVE-2023-25668
+ RESERVED
+CVE-2023-25667
+ RESERVED
+CVE-2023-25666
+ RESERVED
+CVE-2023-25665
+ RESERVED
+CVE-2023-25664
+ RESERVED
+CVE-2023-25663
+ RESERVED
+CVE-2023-25662
+ RESERVED
+CVE-2023-25661
+ RESERVED
+CVE-2023-25660
+ RESERVED
+CVE-2023-25659
+ RESERVED
+CVE-2023-25658
+ RESERVED
+CVE-2023-25657
+ RESERVED
+CVE-2023-25656
+ RESERVED
+CVE-2023-25655
+ RESERVED
+CVE-2023-25654
+ RESERVED
+CVE-2023-25653
+ RESERVED
+CVE-2023-25652
+ RESERVED
+CVE-2023-25651
+ RESERVED
+CVE-2023-25650
+ RESERVED
+CVE-2023-25649
+ RESERVED
+CVE-2023-25648
+ RESERVED
+CVE-2023-25647
+ RESERVED
+CVE-2023-25646
+ RESERVED
+CVE-2023-25645
+ RESERVED
+CVE-2023-25644
+ RESERVED
+CVE-2023-25643
+ RESERVED
+CVE-2023-25642
+ RESERVED
+CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
+ TODO: check
+CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
+ TODO: check
+CVE-2023-0769
+ RESERVED
+CVE-2023-0768
+ RESERVED
CVE-2023-25641
RESERVED
CVE-2023-25640
@@ -98,8 +176,8 @@ CVE-2023-0755
RESERVED
CVE-2023-0754
RESERVED
-CVE-2015-10076
- RESERVED
+CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...)
+ TODO: check
CVE-2023-25611
RESERVED
CVE-2023-25610
@@ -2429,20 +2507,20 @@ CVE-2023-24692
RESERVED
CVE-2023-24691
RESERVED
-CVE-2023-24690
- RESERVED
-CVE-2023-24689
- RESERVED
-CVE-2023-24688
- RESERVED
-CVE-2023-24687
- RESERVED
-CVE-2023-24686
- RESERVED
-CVE-2023-24685
- RESERVED
-CVE-2023-24684
- RESERVED
+CVE-2023-24690 (ChurchCRM 4.5.3 and below was discovered to contain a stored cross-sit ...)
+ TODO: check
+CVE-2023-24689 (An issue in Mojoportal v2.7.0.0 and below allows an authenticated atta ...)
+ TODO: check
+CVE-2023-24688 (An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to ...)
+ TODO: check
+CVE-2023-24687 (Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scri ...)
+ TODO: check
+CVE-2023-24686 (An issue in the CSV Import function of ChurchCRM v4.5.3 and below allo ...)
+ TODO: check
+CVE-2023-24685 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...)
+ TODO: check
+CVE-2023-24684 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...)
+ TODO: check
CVE-2023-24683
RESERVED
CVE-2023-24682
@@ -3549,10 +3627,10 @@ CVE-2023-24325
RESERVED
CVE-2023-24324
RESERVED
-CVE-2023-24323
- RESERVED
-CVE-2023-24322
- RESERVED
+CVE-2023-24323 (Mojoportal v2.7 was discovered to contain an authenticated XML externa ...)
+ TODO: check
+CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the FileDialog ...)
+ TODO: check
CVE-2023-24321
RESERVED
CVE-2023-24320
@@ -4524,8 +4602,8 @@ CVE-2023-23914
RESERVED
CVE-2023-23913
RESERVED
-CVE-2023-23912
- RESERVED
+CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
+ TODO: check
CVE-2023-23911
RESERVED
CVE-2023-23900
@@ -5353,8 +5431,8 @@ CVE-2023-23633
RESERVED
CVE-2023-23632
RESERVED
-CVE-2023-23631
- RESERVED
+CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go- ...)
+ TODO: check
CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...)
NOT-FOR-US: Eta
CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...)
@@ -5366,10 +5444,10 @@ CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions
[bullseye] - ruby-sanitize <no-dsa> (Minor issue)
NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
NOTE: https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22 (v6.0.1)
-CVE-2023-23626
- RESERVED
-CVE-2023-23625
- RESERVED
+CVE-2023-23626 (go-bitfield is a simple bitfield package for the go language aiming to ...)
+ TODO: check
+CVE-2023-23625 (go-unixfs is an implementation of a unix-like filesystem on top of an ...)
+ TODO: check
CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-23623
@@ -5587,8 +5665,8 @@ CVE-2023-23594
RESERVED
CVE-2023-23593
RESERVED
-CVE-2023-23592
- RESERVED
+CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...)
+ TODO: check
CVE-2023-23591
RESERVED
CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
@@ -6455,8 +6533,8 @@ CVE-2023-23288
RESERVED
CVE-2023-23287
RESERVED
-CVE-2023-23286
- RESERVED
+CVE-2023-23286 (Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows ...)
+ TODO: check
CVE-2023-23285
RESERVED
CVE-2023-23284
@@ -8025,38 +8103,32 @@ CVE-2023-22801
RESERVED
CVE-2023-22800
RESERVED
-CVE-2023-22799
- RESERVED
+CVE-2023-22799 (A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could ...)
- ruby-globalid <unfixed> (bug #1029851)
[bullseye] - ruby-globalid <no-dsa> (Minor issue)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
NOTE: https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b (v1.1.0)
-CVE-2023-22798
- RESERVED
-CVE-2023-22797
- RESERVED
+CVE-2023-22798 (Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://gith ...)
+ TODO: check
+CVE-2023-22797 (An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new ...)
- rails <not-affected> (Only affects 7.x)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
-CVE-2023-22796
- RESERVED
+CVE-2023-22796 (A regular expression based DoS vulnerability in Active Support <6.1 ...)
- rails <unfixed> (bug #1030050)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
NOTE: https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae (6-1-stable)
-CVE-2023-22795
- RESERVED
+CVE-2023-22795 (A regular expression based DoS vulnerability in Action Dispatch <6. ...)
- rails <unfixed> (bug #1030050)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
NOTE: https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2 (6-1-stable)
-CVE-2023-22794
- RESERVED
+CVE-2023-22794 (A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 rel ...)
- rails <unfixed> (bug #1030050)
[buster] - rails <not-affected> (Only affects 6.x and later)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
NOTE: https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable)
CVE-2023-22793
RESERVED
-CVE-2023-22792
- RESERVED
+CVE-2023-22792 (A regular expression based DoS vulnerability in Action Dispatch <6. ...)
- rails <unfixed> (bug #1030050)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable)
@@ -9968,7 +10040,7 @@ CVE-2023-22375
CVE-2023-22370
RESERVED
CVE-2023-22369
- RESERVED
+ REJECTED
CVE-2023-22368
RESERVED
CVE-2023-22367
@@ -15005,8 +15077,8 @@ CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and
NOT-FOR-US: WordPress plugin
CVE-2022-4367
RESERVED
-CVE-2022-43501
- RESERVED
+CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Seq ...)
+ TODO: check
CVE-2022-43460
RESERVED
CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS ...)
@@ -18385,8 +18457,8 @@ CVE-2022-45701
RESERVED
CVE-2022-45700
RESERVED
-CVE-2022-45699
- RESERVED
+CVE-2022-45699 (Command injection in the administration interface in APSystems ECU-R v ...)
+ TODO: check
CVE-2022-45698
RESERVED
CVE-2022-45697
@@ -22890,22 +22962,19 @@ CVE-2022-44574
RESERVED
CVE-2022-44573
RESERVED
-CVE-2022-44572 [rack: Forbid control characters in attributes]
- RESERVED
+CVE-2022-44572 (A denial of service vulnerability in the multipart parsing component o ...)
{DLA-3298-1}
- ruby-rack <unfixed> (bug #1029832)
NOTE: https://github.com/rack/rack/commit/dc50f8e495f67eb933b1fc33ebee550908d945e6 (v2.0.9.2)
NOTE: https://github.com/rack/rack/commit/8291f502b0e1dcf514cc25c34e4bf0beec7a92ae (v2.1.4.2)
NOTE: https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029 (v2.2.6.1)
-CVE-2022-44571 [rack: Fix ReDoS vulnerability in multipart parser]
- RESERVED
+CVE-2022-44571 (There is a denial of service vulnerability in the Content-Disposition ...)
{DLA-3298-1}
- ruby-rack <unfixed> (bug #1029832)
NOTE: https://github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (v2.0.9.2)
NOTE: https://github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 (v2.1.4.2)
NOTE: https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77 (v2.2.6.1)
-CVE-2022-44570 [rack: Fix ReDoS in Rack::Utils.get_byte_ranges]
- RESERVED
+CVE-2022-44570 (A denial of service vulnerability in the Range header parsing componen ...)
{DLA-3298-1}
- ruby-rack <unfixed> (bug #1029832)
NOTE: https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (v2.0.9.2)
@@ -22917,8 +22986,7 @@ CVE-2022-44568
RESERVED
CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3. ...)
NOT-FOR-US: Rocket.Chat-Desktop
-CVE-2022-44566
- RESERVED
+CVE-2022-44566 (A denial of service vulnerability present in ActiveRecord's PostgreSQL ...)
- rails <unfixed> (bug #1030050)
NOTE: https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
NOTE: https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable)
@@ -27155,8 +27223,7 @@ CVE-2022-43554
RESERVED
CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.0.9-ho ...)
NOT-FOR-US: EdgeRouters
-CVE-2022-43552 [HTTP Proxy deny use-after-free]
- RESERVED
+CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl can be ...)
{DSA-5330-1 DLA-3288-1}
- curl 7.86.0-3 (bug #1026830)
NOTE: https://curl.se/docs/CVE-2022-43552.html
@@ -27171,8 +27238,8 @@ CVE-2022-43551 (A vulnerability exists in curl <7.87.0 HSTS check that could
NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
NOTE: Enabled by default since: https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339 (curl-7_77_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/9e71901634e276dd050481c4320f046bebb1bc28 (curl-7_87_0)
-CVE-2022-43550
- RESERVED
+CVE-2022-43550 (A command injection vulnerability exists in Jitsi before commit 8aa7be ...)
+ TODO: check
CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...)
NOT-FOR-US: Veeam
CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14 ...)
@@ -27791,8 +27858,8 @@ CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff l
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/386
CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration ...)
NOT-FOR-US: Zimbra
-CVE-2022-3568
- RESERVED
+CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to deseriali ...)
+ TODO: check
CVE-2022-43378
RESERVED
CVE-2022-43377
@@ -59464,11 +59531,13 @@ CVE-2022-31653
CVE-2022-31652
RESERVED
CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
[bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
[bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/360/
@@ -92537,10 +92606,10 @@ CVE-2022-21942
RESERVED
CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable ...)
NOT-FOR-US: Sensormatic Electronics, LLC
-CVE-2022-21940
- RESERVED
-CVE-2022-21939
- RESERVED
+CVE-2022-21940 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...)
+ TODO: check
+CVE-2022-21939 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Cont ...)
+ TODO: check
CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
NOT-FOR-US: Metasys
CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
@@ -109371,6 +109440,7 @@ CVE-2021-40428
CVE-2021-40427
RESERVED
CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012138)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
NOTE: https://sourceforge.net/p/sox/bugs/362/
@@ -118765,6 +118835,7 @@ CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vul
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
NOT-FOR-US: Node is-email
CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
[bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
@@ -125566,6 +125637,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions han
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1021135)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
NOTE: https://sourceforge.net/p/sox/bugs/349/
@@ -125575,17 +125647,20 @@ CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of
CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
NOT-FOR-US: SGE-PLC1000 device
CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered in So ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
[bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
NOTE: https://sourceforge.net/p/sox/bugs/351/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1021134)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
NOTE: https://sourceforge.net/p/sox/bugs/350/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1021133)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
NOTE: https://sourceforge.net/p/sox/bugs/352/
@@ -261786,6 +261861,7 @@ CVE-2019-13592
CVE-2019-13591
RESERVED
CVE-2019-13590 (An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (start ...)
+ {DLA-3315-1}
- sox 14.4.2+git20190427-2 (low; bug #932082)
NOTE: https://sourceforge.net/p/sox/bugs/325/
NOTE: https://sourceforge.net/p/sox/code/ci/7b6a889217d62ed7e28188621403cc7542fd1f7e/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6899cc18eda9689233813012331dc763a68550a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6899cc18eda9689233813012331dc763a68550a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230210/8c32dbdc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list