[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 15 20:10:45 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1658823b by security tracker role at 2023-02-15T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,32 +1,200 @@
+CVE-2023-25858
+ RESERVED
+CVE-2023-25857
+ RESERVED
+CVE-2023-25856
+ RESERVED
+CVE-2023-25855
+ RESERVED
+CVE-2023-25854
+ RESERVED
+CVE-2023-25853
+ RESERVED
+CVE-2023-25852
+ RESERVED
+CVE-2023-25851
+ RESERVED
+CVE-2023-25850
+ RESERVED
+CVE-2023-25849
+ RESERVED
+CVE-2023-25848
+ RESERVED
+CVE-2023-25847
+ RESERVED
+CVE-2023-25846
+ RESERVED
+CVE-2023-25845
+ RESERVED
+CVE-2023-25844
+ RESERVED
+CVE-2023-25843
+ RESERVED
+CVE-2023-25842
+ RESERVED
+CVE-2023-25841
+ RESERVED
+CVE-2023-25840
+ RESERVED
+CVE-2023-25839
+ RESERVED
+CVE-2023-25838
+ RESERVED
+CVE-2023-25837
+ RESERVED
+CVE-2023-25836
+ RESERVED
+CVE-2023-25835
+ RESERVED
+CVE-2023-25834
+ RESERVED
+CVE-2023-25833
+ RESERVED
+CVE-2023-25832
+ RESERVED
+CVE-2023-25831
+ RESERVED
+CVE-2023-25830
+ RESERVED
+CVE-2023-25829
+ RESERVED
+CVE-2023-25828
+ RESERVED
+CVE-2023-25827
+ RESERVED
+CVE-2023-25826
+ RESERVED
+CVE-2023-25825
+ RESERVED
+CVE-2023-25824
+ RESERVED
+CVE-2023-25823
+ RESERVED
+CVE-2023-25822
+ RESERVED
+CVE-2023-25821
+ RESERVED
+CVE-2023-25820
+ RESERVED
+CVE-2023-25819
+ RESERVED
+CVE-2023-25818
+ RESERVED
+CVE-2023-25817
+ RESERVED
+CVE-2023-25816
+ RESERVED
+CVE-2023-25815
+ RESERVED
+CVE-2023-25814
+ RESERVED
+CVE-2023-25813
+ RESERVED
+CVE-2023-25812
+ RESERVED
+CVE-2023-25811
+ RESERVED
+CVE-2023-25810
+ RESERVED
+CVE-2023-25809
+ RESERVED
+CVE-2023-25808
+ RESERVED
+CVE-2023-25807
+ RESERVED
+CVE-2023-25806
+ RESERVED
+CVE-2023-25805
+ RESERVED
+CVE-2023-25804
+ RESERVED
+CVE-2023-25803
+ RESERVED
+CVE-2023-25802
+ RESERVED
+CVE-2023-25801
+ RESERVED
+CVE-2023-25800
+ RESERVED
+CVE-2023-25799
+ RESERVED
+CVE-2023-25798
+ RESERVED
+CVE-2023-25797
+ RESERVED
+CVE-2023-25796
+ RESERVED
+CVE-2023-25795
+ RESERVED
+CVE-2023-25794
+ RESERVED
+CVE-2023-25793
+ RESERVED
+CVE-2023-25792
+ RESERVED
+CVE-2023-25791
+ RESERVED
+CVE-2023-25790
+ RESERVED
+CVE-2023-25789
+ RESERVED
+CVE-2023-25788
+ RESERVED
+CVE-2023-25787
+ RESERVED
+CVE-2023-25786
+ RESERVED
+CVE-2023-25785
+ RESERVED
+CVE-2023-25784
+ RESERVED
+CVE-2023-25783
+ RESERVED
+CVE-2023-25782
+ RESERVED
+CVE-2023-25781
+ RESERVED
+CVE-2023-0846
+ RESERVED
+CVE-2023-0845
+ RESERVED
+CVE-2023-0844
+ RESERVED
+CVE-2023-0843
+ RESERVED
+CVE-2023-0842
+ RESERVED
+CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...)
+ TODO: check
+CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...)
+ TODO: check
+CVE-2023-0839
+ RESERVED
+CVE-2023-0838
+ RESERVED
+CVE-2023-0837
+ RESERVED
CVE-2023-25780
RESERVED
CVE-2023-25776
RESERVED
CVE-2023-25773
RESERVED
-CVE-2023-25768
- RESERVED
+CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25767
- RESERVED
+CVE-2023-25767 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Cre ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25766
- RESERVED
+CVE-2023-25766 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25765
- RESERVED
+CVE-2023-25765 (In Jenkins Email Extension Plugin 2.93 and earlier, templates defined ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25764
- RESERVED
+CVE-2023-25764 (Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanit ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25763
- RESERVED
+CVE-2023-25763 (Jenkins Email Extension Plugin 2.93 and earlier does not escape variou ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25762
- RESERVED
+CVE-2023-25762 (Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape j ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25761
- RESERVED
+CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape t ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-25545
RESERVED
@@ -819,8 +987,8 @@ CVE-2023-25580
RESERVED
CVE-2023-25579
RESERVED
-CVE-2023-25578
- RESERVED
+CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
+ TODO: check
CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
- python-werkzeug <unfixed>
NOTE: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 (2.2.3)
@@ -1770,10 +1938,10 @@ CVE-2014-125085 (A vulnerability, which was classified as critical, was found in
NOT-FOR-US: Gimmie
CVE-2014-125084 (A vulnerability, which was classified as critical, has been found in G ...)
NOT-FOR-US: Gimmie
-CVE-2023-25192
- RESERVED
-CVE-2023-25191
- RESERVED
+CVE-2023-25192 (AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fi ...)
+ TODO: check
+CVE-2023-25191 (AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The ...)
+ TODO: check
CVE-2023-25190
RESERVED
CVE-2023-0678 (Improper Authorization in GitHub repository phpipam/phpipam prior to v ...)
@@ -1848,8 +2016,8 @@ CVE-2023-25173
RESERVED
CVE-2023-25172
RESERVED
-CVE-2023-25171
- RESERVED
+CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...)
+ TODO: check
CVE-2023-25170
RESERVED
CVE-2023-25169
@@ -1878,8 +2046,8 @@ CVE-2023-25158
RESERVED
CVE-2023-25157
RESERVED
-CVE-2023-25156
- RESERVED
+CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
+ TODO: check
CVE-2023-25155
RESERVED
CVE-2023-25154
@@ -3695,10 +3863,10 @@ CVE-2023-24501
RESERVED
CVE-2023-24500
RESERVED
-CVE-2023-24499
- RESERVED
-CVE-2023-24498
- RESERVED
+CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's device. ...)
+ TODO: check
+CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...)
+ TODO: check
CVE-2023-24497
RESERVED
CVE-2023-24496
@@ -5313,16 +5481,13 @@ CVE-2023-23852 (SAP Solution Manager (System Monitoring) - version 720, does not
NOT-FOR-US: SAP
CVE-2023-23851 (SAP Business Planning and Consolidation - versions 200, 300, allows an ...)
NOT-FOR-US: SAP
-CVE-2023-23850
- RESERVED
+CVE-2023-23850 (A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 a ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-23849 (Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an u ...)
NOT-FOR-US: Coverity
-CVE-2023-23848
- RESERVED
+CVE-2023-23848 (Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 an ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-23847
- RESERVED
+CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...)
NOT-FOR-US: Open5GS
@@ -5344,8 +5509,8 @@ CVE-2023-23838
RESERVED
CVE-2023-23837
RESERVED
-CVE-2023-23836
- RESERVED
+CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be susceptible to th ...)
+ TODO: check
CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...)
NOT-FOR-US: Zephyr
CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...)
@@ -5649,8 +5814,7 @@ CVE-2023-0363
RESERVED
CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0361
- RESERVED
+CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange message ...)
{DSA-5349-1}
- gnutls28 3.7.8-5
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1050
@@ -6674,26 +6838,26 @@ CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2,
NOT-FOR-US: IBM
CVE-2023-23468
RESERVED
-CVE-2023-23467
- RESERVED
-CVE-2023-23466
- RESERVED
-CVE-2023-23465
- RESERVED
-CVE-2023-23464
- RESERVED
-CVE-2023-23463
- RESERVED
-CVE-2023-23462
- RESERVED
-CVE-2023-23461
- RESERVED
-CVE-2023-23460
- RESERVED
-CVE-2023-23459
- RESERVED
-CVE-2023-23458
- RESERVED
+CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS possible th ...)
+ TODO: check
+CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently protected ...)
+ TODO: check
+CVE-2023-23465 (Media CP Media Control Panel latest version. CSRF possible through uns ...)
+ TODO: check
+CVE-2023-23464 (Media CP Media Control Panel latest version. A Permissive Flash Cross- ...)
+ TODO: check
+CVE-2023-23463 (Sunell DVR, latest version, Insufficiently Protected Credentials (CWE- ...)
+ TODO: check
+CVE-2023-23462 (Libpeconv – integer overflow, before commit 75b1565 (30/11/2022) ...)
+ TODO: check
+CVE-2023-23461 (Libpeconv – access violation, before commit b076013 (30/11/2022) ...)
+ TODO: check
+CVE-2023-23460 (Priority Web version 19.1.0.68, parameter manipulation on an unspecifi ...)
+ TODO: check
+CVE-2023-23459 (Priority Windows may allow Command Execution via SQL Injection using a ...)
+ TODO: check
+CVE-2023-23458 (Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information ...)
+ TODO: check
CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...)
- upx-ucl <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160382
@@ -8682,16 +8846,16 @@ CVE-2014-125052 (A vulnerability was found in JervenBolleman sparql-identifiers
NOT-FOR-US: JervenBolleman sparql-identifiers
CVE-2013-10008 (A vulnerability was found in sheilazpy eShop. It has been classified a ...)
NOT-FOR-US: sheilazpy eShop
-CVE-2023-22807
- RESERVED
-CVE-2023-22806
- RESERVED
-CVE-2023-22805
- RESERVED
-CVE-2023-22804
- RESERVED
-CVE-2023-22803
- RESERVED
+CVE-2023-22807 (LS ELECTRIC XBC-DN32U with operating system version 01.80 does not pro ...)
+ TODO: check
+CVE-2023-22806 (LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits se ...)
+ TODO: check
+CVE-2023-22805 (LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper ...)
+ TODO: check
+CVE-2023-22804 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
+ TODO: check
+CVE-2023-22803 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
+ TODO: check
CVE-2023-22802
RESERVED
CVE-2023-22801
@@ -8986,10 +9150,10 @@ CVE-2023-22672
RESERVED
CVE-2023-0104
RESERVED
-CVE-2023-0103
- RESERVED
-CVE-2023-0102
- RESERVED
+CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC XBC-DN32 ...)
+ TODO: check
+CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
+ TODO: check
CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...)
NOT-FOR-US: Nessus
CVE-2023-0100
@@ -13607,18 +13771,18 @@ CVE-2022-47510
RESERVED
CVE-2022-47509
RESERVED
-CVE-2022-47508
- RESERVED
-CVE-2022-47507
- RESERVED
-CVE-2022-47506
- RESERVED
+CVE-2022-47508 (Customers who had configured their polling to occur via Kerberos did n ...)
+ TODO: check
+CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
+CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal Vulnera ...)
+ TODO: check
CVE-2022-47505
RESERVED
-CVE-2022-47504
- RESERVED
-CVE-2022-47503
- RESERVED
+CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
+CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
CVE-2022-47502
RESERVED
CVE-2022-47501
@@ -15420,8 +15584,8 @@ CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin thr
NOT-FOR-US: WordPress plugin
CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...)
NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin
-CVE-2022-46892
- RESERVED
+CVE-2022-46892 (In Ampere AltraMax and Ampere Altra before 2.10c, improper access cont ...)
+ TODO: check
CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...)
NOT-FOR-US: Arm Mali
CVE-2022-46890 (Weak access control in NexusPHP before 1.7.33 allows a remote authenti ...)
@@ -19260,10 +19424,10 @@ CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09
NOT-FOR-US: Talend
CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 ...)
NOT-FOR-US: Talend
-CVE-2022-45587
- RESERVED
-CVE-2022-45586
- RESERVED
+CVE-2022-45587 (Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpd ...)
+ TODO: check
+CVE-2022-45586 (Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in ...)
+ TODO: check
CVE-2022-45585
RESERVED
CVE-2022-45584
@@ -20790,10 +20954,10 @@ CVE-2022-45156
RESERVED
CVE-2022-45155
RESERVED
-CVE-2022-45154
- RESERVED
-CVE-2022-45153
- RESERVED
+CVE-2022-45154 (A Cleartext Storage of Sensitive Information vulnerability in suppport ...)
+ TODO: check
+CVE-2022-45153 (An Incorrect Default Permissions vulnerability in saphanabootstrap-for ...)
+ TODO: check
CVE-2022-45152 (A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...)
- moodle <removed>
CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which exists due ...)
@@ -30286,8 +30450,8 @@ CVE-2022-3445 (Use after free in Skia in Google Chrome prior to 106.0.5249.119 a
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-42735
- RESERVED
+CVE-2022-42735 (Improper Privilege Management vulnerability in Apache Software Foundat ...)
+ TODO: check
CVE-2022-42734 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
NOT-FOR-US: syngo Dynamics
CVE-2022-42733 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
@@ -42755,8 +42919,8 @@ CVE-2022-38113 (This vulnerability discloses build and services versions in the
NOT-FOR-US: Solarwinds
CVE-2022-38112 (In DPA 2022.4 and older releases, generated heap memory dumps contain ...)
TODO: check
-CVE-2022-38111
- RESERVED
+CVE-2022-38111 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
CVE-2022-38110 (In Database Performance Analyzer (DPA) 2022.4 and older releases, cert ...)
TODO: check
CVE-2022-38109
@@ -57699,12 +57863,12 @@ CVE-2022-32479
RESERVED
CVE-2022-32478 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
TODO: check
-CVE-2022-32477
- RESERVED
+CVE-2022-32477 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32476 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
TODO: check
-CVE-2022-32475
- RESERVED
+CVE-2022-32475 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32474 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
TODO: check
CVE-2022-32473 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
@@ -57715,8 +57879,8 @@ CVE-2022-32471 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with ker
TODO: check
CVE-2022-32470 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
TODO: check
-CVE-2022-32469
- RESERVED
+CVE-2022-32469 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-32468
RESERVED
CVE-2022-32467
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1658823b21c6b7fbc0eeb8f8f8643f801b2296f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1658823b21c6b7fbc0eeb8f8f8643f801b2296f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230215/930f6353/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list