[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 14 20:10:39 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc9c549c by security tracker role at 2023-02-14T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-25181
+ RESERVED
+CVE-2023-0833
+ RESERVED
+CVE-2023-0832
+ RESERVED
+CVE-2023-0831
+ RESERVED
+CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS 1.1.0 ...)
+ TODO: check
+CVE-2023-0829
+ RESERVED
+CVE-2023-0828
+ RESERVED
+CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2023-0826
+ RESERVED
+CVE-2023-0825
+ RESERVED
+CVE-2023-0824
+ RESERVED
+CVE-2023-0823
+ RESERVED
CVE-2023-25760
RESERVED
CVE-2023-25759
@@ -108,8 +132,8 @@ CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticat
NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/
CVE-2023-25726
RESERVED
-CVE-2023-25725
- RESERVED
+CVE-2023-25725 (HAProxy before 2.7.3 may allow a bypass of access control because HTTP ...)
+ {DSA-5348-1 DLA-3318-1}
- haproxy 2.6.8-2
NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8 (v2.6.9)
CVE-2023-25724
@@ -678,8 +702,8 @@ CVE-2023-25578
RESERVED
CVE-2023-25577
RESERVED
-CVE-2023-25576
- RESERVED
+CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
+ TODO: check
CVE-2023-25575
RESERVED
CVE-2023-25574
@@ -688,36 +712,31 @@ CVE-2023-25573
RESERVED
CVE-2023-25572 (react-admin is a frontend framework for building browser applications ...)
NOT-FOR-US: react-admin
-CVE-2023-25571
- RESERVED
+CVE-2023-25571 (Backstage is an open platform for building developer portals. `@backst ...)
+ TODO: check
CVE-2023-25570
RESERVED
CVE-2023-25569
RESERVED
CVE-2023-25568
RESERVED
-CVE-2023-25567 [Out-of-bounds read when decoding target information]
- RESERVED
+CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...)
- gss-ntlmssp <unfixed>
NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch
NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0)
-CVE-2023-25566 [Memory leak when parsing usernames]
- RESERVED
+CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
- gss-ntlmssp <unfixed>
NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74
NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0)
-CVE-2023-25565 [Incorrect free when decoding target information]
- RESERVED
+CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
- gss-ntlmssp <unfixed>
NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg
NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0)
-CVE-2023-25564 [Memory corruption when decoding UTF16 strings]
- RESERVED
+CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
- gss-ntlmssp <unfixed>
NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq
NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0)
-CVE-2023-25563 [Multiple out-of-bounds read when decoding NTLM fields]
- RESERVED
+CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
- gss-ntlmssp <unfixed>
NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf
NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0)
@@ -1750,8 +1769,8 @@ CVE-2023-25151 (opentelemetry-go-contrib is a collection of extensions for OpenT
NOT-FOR-US: opentelemetry-go-contrib
CVE-2023-25150 (Nextcloud office/richdocuments is an office suit for the nextcloud ser ...)
NOT-FOR-US: Nextcloud office/richdocuments
-CVE-2023-25149
- RESERVED
+CVE-2023-25149 (TimescaleDB, an open-source time-series SQL database, has a privilege ...)
+ TODO: check
CVE-2023-25148
RESERVED
CVE-2023-25147
@@ -1766,11 +1785,10 @@ CVE-2023-25143
RESERVED
CVE-2023-25142
RESERVED
-CVE-2023-25141
- RESERVED
+CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerabili ...)
NOT-FOR-US: Apache sling-org-apache-sling-jcr-base
-CVE-2023-25140
- RESERVED
+CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...)
+ TODO: check
CVE-2023-0662
RESERVED
CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated ...)
@@ -1939,8 +1957,8 @@ CVE-2023-25067
RESERVED
CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flow ...)
NOT-FOR-US: FolioVision
-CVE-2023-25065
- RESERVED
+CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...)
+ TODO: check
CVE-2023-25064
RESERVED
CVE-2023-25063
@@ -2160,44 +2178,44 @@ CVE-2023-24999
RESERVED
CVE-2023-24998
RESERVED
-CVE-2023-24996
- RESERVED
-CVE-2023-24995
- RESERVED
-CVE-2023-24994
- RESERVED
-CVE-2023-24993
- RESERVED
-CVE-2023-24992
- RESERVED
-CVE-2023-24991
- RESERVED
-CVE-2023-24990
- RESERVED
-CVE-2023-24989
- RESERVED
-CVE-2023-24988
- RESERVED
-CVE-2023-24987
- RESERVED
-CVE-2023-24986
- RESERVED
-CVE-2023-24985
- RESERVED
-CVE-2023-24984
- RESERVED
-CVE-2023-24983
- RESERVED
-CVE-2023-24982
- RESERVED
-CVE-2023-24981
- RESERVED
-CVE-2023-24980
- RESERVED
-CVE-2023-24979
- RESERVED
-CVE-2023-24978
- RESERVED
+CVE-2023-24996 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24995 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24994 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24993 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24992 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24991 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24990 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24989 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24988 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24987 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24986 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24985 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24984 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24983 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24982 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24981 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24980 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24979 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2023-24978 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...)
NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress
CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...)
@@ -3213,8 +3231,8 @@ CVE-2023-24583
RESERVED
CVE-2023-24582
RESERVED
-CVE-2023-24581
- RESERVED
+CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
CVE-2023-22365
RESERVED
CVE-2023-22299
@@ -3343,42 +3361,42 @@ CVE-2023-24568
RESERVED
CVE-2023-24567
RESERVED
-CVE-2023-24566
- RESERVED
-CVE-2023-24565
- RESERVED
-CVE-2023-24564
- RESERVED
-CVE-2023-24563
- RESERVED
-CVE-2023-24562
- RESERVED
-CVE-2023-24561
- RESERVED
-CVE-2023-24560
- RESERVED
-CVE-2023-24559
- RESERVED
-CVE-2023-24558
- RESERVED
-CVE-2023-24557
- RESERVED
-CVE-2023-24556
- RESERVED
-CVE-2023-24555
- RESERVED
-CVE-2023-24554
- RESERVED
-CVE-2023-24553
- RESERVED
-CVE-2023-24552
- RESERVED
-CVE-2023-24551
- RESERVED
-CVE-2023-24550
- RESERVED
-CVE-2023-24549
- RESERVED
+CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24565 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24564 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24563 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24562 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24561 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24560 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24559 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24558 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24557 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24556 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24555 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24554 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24553 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24552 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24551 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24550 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
+CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
+ TODO: check
CVE-2023-24548
RESERVED
CVE-2023-24547
@@ -3607,8 +3625,8 @@ CVE-2023-24484
RESERVED
CVE-2023-24483
RESERVED
-CVE-2023-24482
- RESERVED
+CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions), COM ...)
+ TODO: check
CVE-2023-24477
RESERVED
CVE-2023-24471
@@ -3870,8 +3888,8 @@ CVE-2023-24384
RESERVED
CVE-2023-24383
RESERVED
-CVE-2023-24382
- RESERVED
+CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material ...)
+ TODO: check
CVE-2023-24381
RESERVED
CVE-2023-24380
@@ -3880,8 +3898,8 @@ CVE-2023-24379
RESERVED
CVE-2023-24378
RESERVED
-CVE-2023-24377
- RESERVED
+CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...)
+ TODO: check
CVE-2023-24376
RESERVED
CVE-2023-24375
@@ -4358,12 +4376,12 @@ CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows atta
NOT-FOR-US: Dromara hutool
CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...)
NOT-FOR-US: Dromara hutool
-CVE-2023-24161
- RESERVED
-CVE-2023-24160
- RESERVED
-CVE-2023-24159
- RESERVED
+CVE-2023-24161 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
+ TODO: check
+CVE-2023-24160 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
+ TODO: check
+CVE-2023-24159 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
+ TODO: check
CVE-2023-24158
RESERVED
CVE-2023-24157 (A command injection vulnerability in the serverIp parameter in the fun ...)
@@ -5204,8 +5222,8 @@ CVE-2022-48269
RESERVED
CVE-2015-10071 (A vulnerability was found in gitter-badger ezpublish-modern-legacy. It ...)
NOT-FOR-US: gitter-badger ezpublish-modern-legacy
-CVE-2023-23835
- RESERVED
+CVE-2023-23835 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
CVE-2023-23834
RESERVED
CVE-2023-23833
@@ -5475,6 +5493,7 @@ CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not val
NOT-FOR-US: WordPress plugin
CVE-2023-0361
RESERVED
+ {DSA-5349-1}
- gnutls28 3.7.8-5
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1050
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14
@@ -7706,32 +7725,32 @@ CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, t
NOT-FOR-US: GrowthExperiments extension for MediaWiki
CVE-2023-22944
RESERVED
-CVE-2023-22943
- RESERVED
-CVE-2023-22942
- RESERVED
-CVE-2023-22941
- RESERVED
-CVE-2023-22940
- RESERVED
-CVE-2023-22939
- RESERVED
-CVE-2023-22938
- RESERVED
-CVE-2023-22937
- RESERVED
-CVE-2023-22936
- RESERVED
-CVE-2023-22935
- RESERVED
-CVE-2023-22934
- RESERVED
-CVE-2023-22933
- RESERVED
-CVE-2023-22932
- RESERVED
-CVE-2023-22931
- RESERVED
+CVE-2023-22943 (In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk Clo ...)
+ TODO: check
+CVE-2023-22942 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross ...)
+ TODO: check
+CVE-2023-22941 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an impr ...)
+ TODO: check
+CVE-2023-22940 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases ...)
+ TODO: check
+CVE-2023-22939 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
+ TODO: check
+CVE-2023-22938 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
+ TODO: check
+CVE-2023-22937 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the loo ...)
+ TODO: check
+CVE-2023-22936 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
+ TODO: check
+CVE-2023-22935 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
+ TODO: check
+CVE-2023-22934 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the  ...)
+ TODO: check
+CVE-2023-22933 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View ...)
+ TODO: check
+CVE-2023-22932 (In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cros ...)
+ TODO: check
+CVE-2023-22931 (In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘crea ...)
+ TODO: check
CVE-2023-22930
RESERVED
CVE-2023-22929
@@ -9098,6 +9117,7 @@ CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
- pyload <itp> (bug #1001980)
CVE-2023-0056
RESERVED
+ {DSA-5348-1}
- haproxy 2.6.8-1
[buster] - haproxy <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/haproxy/haproxy/issues/1972
@@ -10025,7 +10045,7 @@ CVE-2022-48112
RESERVED
CVE-2022-48111
RESERVED
-CVE-2022-48110 (CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scrip ...)
+CVE-2022-48110 (** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a ...)
TODO: check
CVE-2022-48109
RESERVED
@@ -10333,8 +10353,8 @@ CVE-2022-47979
RESERVED
CVE-2022-47978
RESERVED
-CVE-2022-47977
- RESERVED
+CVE-2022-47977 (A vulnerability has been identified in JT Open (All versions < V11. ...)
+ TODO: check
CVE-2022-47976 (The DMSDP module of the distributed hardware has a vulnerability that ...)
NOT-FOR-US: Huawei
CVE-2022-47975 (The DUBAI module has a double free vulnerability. Successful exploitat ...)
@@ -10864,8 +10884,8 @@ CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-47937
RESERVED
-CVE-2022-47936
- RESERVED
+CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions < V11. ...)
+ TODO: check
CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions < V11. ...)
NOT-FOR-US: Siemens
CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable to Refle ...)
@@ -15352,8 +15372,8 @@ CVE-2022-46864
RESERVED
CVE-2022-46863
RESERVED
-CVE-2022-46862
- RESERVED
+CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
+ TODO: check
CVE-2022-46861
RESERVED
CVE-2022-46860
@@ -16617,8 +16637,8 @@ CVE-2022-4288
RESERVED
CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
-CVE-2022-4286
- RESERVED
+CVE-2022-4286 (A reflected cross-site scripting (XSS) vulnerability exists in System ...)
+ TODO: check
CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. Parsi ...)
- binutils 2.39.50.20221208-2 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699
@@ -33194,8 +33214,8 @@ CVE-2022-41566
RESERVED
CVE-2022-41565
RESERVED
-CVE-2022-41564
- RESERVED
+CVE-2022-41564 (The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIB ...)
+ TODO: check
CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports S ...)
NOT-FOR-US: TIBCO
CVE-2022-41562 (The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperRepor ...)
@@ -48378,8 +48398,8 @@ CVE-2022-35870 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Ignition
CVE-2022-35869 (This vulnerability allows remote attackers to bypass authentication on ...)
NOT-FOR-US: Ignition
-CVE-2022-35868
- RESERVED
+CVE-2022-35868 (A vulnerability has been identified in TIA Multiuser Server V14 (All v ...)
+ TODO: check
CVE-2022-35867 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: xhyve
CVE-2022-35866 (This vulnerability allows remote attackers to bypass authentication on ...)
@@ -59319,8 +59339,8 @@ CVE-2022-31810
RESERVED
CVE-2022-31809
RESERVED
-CVE-2022-31808
- RESERVED
+CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
+ TODO: check
CVE-2022-31807
RESERVED
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
@@ -77732,7 +77752,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
-CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (All versions), ...)
+CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA ...)
NOT-FOR-US: Siemens
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
@@ -88554,8 +88574,8 @@ CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a p
NOT-FOR-US: Dell
CVE-2022-22565 (Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper autho ...)
NOT-FOR-US: Dell PowerScale OneFS
-CVE-2022-22564
- RESERVED
+CVE-2022-22564 (Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptogr ...)
+ TODO: check
CVE-2022-22563 (Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant informa ...)
NOT-FOR-US: EMC
CVE-2022-22562 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handli ...)
@@ -89583,8 +89603,8 @@ CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <
NOT-FOR-US: OneBlog
CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...)
NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php
-CVE-2021-46023
- RESERVED
+CVE-2021-46023 (An Untrusted Pointer Dereference was discovered in function mrb_vm_exe ...)
+ TODO: check
CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...)
- recutils <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc9c549caf4866bd0aff47ac2d6f877462edca59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc9c549caf4866bd0aff47ac2d6f877462edca59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230214/42ef6582/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list