[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 11 08:10:24 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cdafcc2 by security tracker role at 2023-02-11T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,17 @@
-CVE-2023-25678
+CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
+ TODO: check
+CVE-2023-0779
RESERVED
-CVE-2023-25677
+CVE-2023-0778
RESERVED
-CVE-2023-0777
+CVE-2023-25678
RESERVED
-CVE-2023-0776
+CVE-2023-25677
RESERVED
+CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository modoboa ...)
+ TODO: check
+CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...)
+ TODO: check
CVE-2023-0775
RESERVED
CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...)
@@ -350,18 +356,18 @@ CVE-2023-25564
RESERVED
CVE-2023-25563
RESERVED
-CVE-2023-25562
- RESERVED
-CVE-2023-25561
- RESERVED
-CVE-2023-25560
- RESERVED
-CVE-2023-25559
- RESERVED
-CVE-2023-25558
- RESERVED
-CVE-2023-25557
- RESERVED
+CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...)
+ TODO: check
+CVE-2023-25561 (DataHub is an open-source metadata platform. In the event a system is ...)
+ TODO: check
+CVE-2023-25560 (DataHub is an open-source metadata platform. The AuthServiceClient whi ...)
+ TODO: check
+CVE-2023-25559 (DataHub is an open-source metadata platform. When not using authentica ...)
+ TODO: check
+CVE-2023-25558 (DataHub is an open-source metadata platform. When the DataHub frontend ...)
+ TODO: check
+CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub frontend acts ...)
+ TODO: check
CVE-2023-25556
RESERVED
CVE-2023-25555
@@ -2246,8 +2252,8 @@ CVE-2023-24818
RESERVED
CVE-2023-24817
RESERVED
-CVE-2023-24816
- RESERVED
+CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...)
+ TODO: check
CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web applications i ...)
NOT-FOR-US: Vert.x-Web
CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...)
@@ -6802,12 +6808,12 @@ CVE-2023-23165
RESERVED
CVE-2023-23164
RESERVED
-CVE-2023-23163
- RESERVED
-CVE-2023-23162
- RESERVED
-CVE-2023-23161
- RESERVED
+CVE-2023-23163 (Art Gallery Management System Project v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2023-23162 (Art Gallery Management System Project v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2023-23161 (A reflected cross-site scripting (XSS) vulnerability in Art Gallery Ma ...)
+ TODO: check
CVE-2023-23160
RESERVED
CVE-2023-23159
@@ -15285,10 +15291,10 @@ CVE-2022-46757
RESERVED
CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...)
NOT-FOR-US: Dell
-CVE-2022-46755
- RESERVED
-CVE-2022-46754
- RESERVED
+CVE-2022-46755 (Wyse Management Suite 3.8 and below contain an improper access control ...)
+ TODO: check
+CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access control ...)
+ TODO: check
CVE-2022-46753
RESERVED
CVE-2022-46752
@@ -15582,14 +15588,14 @@ CVE-2022-46680
RESERVED
CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
NOT-FOR-US: Dell
-CVE-2022-46678
- RESERVED
-CVE-2022-46677
- RESERVED
-CVE-2022-46676
- RESERVED
-CVE-2022-46675
- RESERVED
+CVE-2022-46678 (Wyse Management Suite 3.8 and below contain an improper access control ...)
+ TODO: check
+CVE-2022-46677 (Wyse Management Suite 3.8 and below contain an improper access control ...)
+ TODO: check
+CVE-2022-46676 (Wyse Management Suite 3.8 and below contain an improper access control ...)
+ TODO: check
+CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an information ...)
+ TODO: check
CVE-2022-46656
RESERVED
CVE-2022-46645
@@ -18035,8 +18041,7 @@ CVE-2022-4134
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147462
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0090
NOTE: https://bugs.launchpad.net/ossn/+bug/1990157
-CVE-2022-4133 [reflected XSS]
- RESERVED
+CVE-2022-4133 (We were unable to verify this vulnerbility. ...)
NOT-FOR-US: Red Hat OpenStack Platform dashboard
CVE-2022-4132
RESERVED
@@ -20403,8 +20408,8 @@ CVE-2022-45106
RESERVED
CVE-2022-45105
RESERVED
-CVE-2022-45104
- RESERVED
+CVE-2022-45104 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...)
+ TODO: check
CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...)
NOT-FOR-US: Dell
CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...)
@@ -23725,8 +23730,8 @@ CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Acc
NOT-FOR-US: Dentsply Sirona Sidexis
CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
NOT-FOR-US: ff4j
-CVE-2022-44261
- RESERVED
+CVE-2022-44261 (Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scrip ...)
+ TODO: check
CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
NOT-FOR-US: TOTOLINK
CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
@@ -52133,22 +52138,22 @@ CVE-2022-34453
RESERVED
CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* ...)
TODO: check
-CVE-2022-34451
- RESERVED
-CVE-2022-34450
- RESERVED
-CVE-2022-34449
- RESERVED
-CVE-2022-34448
- RESERVED
-CVE-2022-34447
- RESERVED
-CVE-2022-34446
- RESERVED
-CVE-2022-34445
- RESERVED
-CVE-2022-34444
- RESERVED
+CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & ...)
+ TODO: check
+CVE-2022-34450 (PowerPath Management Appliance with version 3.3 contains Privilege Esc ...)
+ TODO: check
+CVE-2022-34449 (PowerPath Management Appliance with versions 3.3 & 3.2* contains a ...)
+ TODO: check
+CVE-2022-34448 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & ...)
+ TODO: check
+CVE-2022-34447 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & ...)
+ TODO: check
+CVE-2022-34446 (PowerPath Management Appliance with versions 3.3 & 3.2* contains A ...)
+ TODO: check
+CVE-2022-34445 (Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak enc ...)
+ TODO: check
+CVE-2022-34444 (Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an inf ...)
+ TODO: check
CVE-2022-34443 (Dell Rugged Control Center, versions prior to 4.5, contain an Improper ...)
TODO: check
CVE-2022-34442 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
@@ -52227,8 +52232,8 @@ CVE-2022-34406
RESERVED
CVE-2022-34405 (An improper access control vulnerability was identified in the Realtek ...)
TODO: check
-CVE-2022-34404
- RESERVED
+CVE-2022-34404 (Dell System Update, version 2.0.0 and earlier, contains an Improper Ce ...)
+ TODO: check
CVE-2022-34403 (Dell BIOS contains a Stack based buffer overflow vulnerability. A loca ...)
TODO: check
CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service ...)
@@ -52251,24 +52256,24 @@ CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Va
NOT-FOR-US: Dell
CVE-2022-34393 (Dell BIOS contains an improper input validation vulnerability. A local ...)
TODO: check
-CVE-2022-34392
- RESERVED
+CVE-2022-34392 (SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insu ...)
+ TODO: check
CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version contain an i ...)
NOT-FOR-US: Dell
CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable vulnerability. A lo ...)
NOT-FOR-US: Dell
-CVE-2022-34389
- RESERVED
-CVE-2022-34388
- RESERVED
-CVE-2022-34387
- RESERVED
-CVE-2022-34386
- RESERVED
-CVE-2022-34385
- RESERVED
-CVE-2022-34384
- RESERVED
+CVE-2022-34389 (Dell SupportAssist contains a rate limit bypass issues in screenmeet A ...)
+ TODO: check
+CVE-2022-34388 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...)
+ TODO: check
+CVE-2022-34387 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...)
+ TODO: check
+CVE-2022-34386 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...)
+ TODO: check
+CVE-2022-34385 (SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssis ...)
+ TODO: check
+CVE-2022-34384 (Dell SupportAssist Client Consumer (version 3.11.1 and prior), Support ...)
+ TODO: check
CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operat ...)
NOT-FOR-US: Dell
CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions prior t ...)
@@ -52281,10 +52286,10 @@ CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authe
NOT-FOR-US: EMC
CVE-2022-34378 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9. ...)
NOT-FOR-US: Dell
-CVE-2022-34377
- RESERVED
-CVE-2022-34376
- RESERVED
+CVE-2022-34377 (Dell PowerEdge BIOS contains an Improper SMM communication buffer veri ...)
+ TODO: check
+CVE-2022-34376 (Dell PowerEdge BIOS contains an improper input validation vulnerabilit ...)
+ TODO: check
CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vulnerabi ...)
NOT-FOR-US: Dell
CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command injection in ...)
@@ -52303,12 +52308,12 @@ CVE-2022-34368 (Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 1
NOT-FOR-US: EMC
CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5 ...)
NOT-FOR-US: Dell
-CVE-2022-34366
- RESERVED
+CVE-2022-34366 (Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Ove ...)
+ TODO: check
CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. An atta ...)
NOT-FOR-US: Dell
-CVE-2022-34364
- RESERVED
+CVE-2022-34364 (Dell BSAFE SSL-J when used in debug mode can reveal unnecessary inform ...)
+ TODO: check
CVE-2022-34363
RESERVED
CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server before v ...)
@@ -53632,8 +53637,8 @@ CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vu
NOT-FOR-US: EMC
CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a ...)
NOT-FOR-US: EMC
-CVE-2022-33934
- RESERVED
+CVE-2022-33934 (Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple s ...)
+ TODO: check
CVE-2022-33933
RESERVED
CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
@@ -110264,6 +110269,7 @@ CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort
CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...)
NOT-FOR-US: Cisco
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...)
@@ -123504,6 +123510,7 @@ CVE-2021-34751
CVE-2021-34750
RESERVED
CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...)
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...)
@@ -168065,10 +168072,12 @@ CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
NOT-FOR-US: Cisco
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1494
RESERVED
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
@@ -168595,6 +168604,7 @@ CVE-2021-1238 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Agent c ...)
NOT-FOR-US: Cisco
CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...)
+ {DLA-3317-1}
- snort 2.9.15.1-1
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq
CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
@@ -168620,9 +168630,11 @@ CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified C
CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...)
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2
CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...)
@@ -235370,6 +235382,7 @@ CVE-2020-3317 (A vulnerability in the ssl_inspection component of Cisco Firepowe
CVE-2020-3316
RESERVED
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ {DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...)
@@ -235403,6 +235416,7 @@ CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FM
CVE-2020-3300
RESERVED
CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ {DLA-3317-1}
- snort 2.9.15.1-1
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cdafcc264472cd7841d92e8c86828cbea15d1e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cdafcc264472cd7841d92e8c86828cbea15d1e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230211/dfb62ba6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list