[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 16 08:14:48 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e752857 by security tracker role at 2023-02-16T08:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2023-25909
+ RESERVED
+CVE-2023-25908
+ RESERVED
+CVE-2023-25907
+ RESERVED
+CVE-2023-25906
+ RESERVED
+CVE-2023-25905
+ RESERVED
+CVE-2023-25904
+ RESERVED
+CVE-2023-25903
+ RESERVED
+CVE-2023-25902
+ RESERVED
+CVE-2023-25901
+ RESERVED
+CVE-2023-25900
+ RESERVED
+CVE-2023-25899
+ RESERVED
+CVE-2023-25898
+ RESERVED
+CVE-2023-25897
+ RESERVED
+CVE-2023-25896
+ RESERVED
+CVE-2023-25895
+ RESERVED
+CVE-2023-25894
+ RESERVED
+CVE-2023-25893
+ RESERVED
+CVE-2023-25892
+ RESERVED
+CVE-2023-25891
+ RESERVED
+CVE-2023-25890
+ RESERVED
+CVE-2023-25889
+ RESERVED
+CVE-2023-25888
+ RESERVED
+CVE-2023-25887
+ RESERVED
+CVE-2023-25886
+ RESERVED
+CVE-2023-25885
+ RESERVED
+CVE-2023-25884
+ RESERVED
+CVE-2023-25883
+ RESERVED
+CVE-2023-25882
+ RESERVED
+CVE-2023-25881
+ RESERVED
+CVE-2023-25880
+ RESERVED
+CVE-2023-25879
+ RESERVED
+CVE-2023-25878
+ RESERVED
+CVE-2023-25877
+ RESERVED
+CVE-2023-25876
+ RESERVED
+CVE-2023-25875
+ RESERVED
+CVE-2023-25874
+ RESERVED
+CVE-2023-25873
+ RESERVED
+CVE-2023-25872
+ RESERVED
+CVE-2023-25871
+ RESERVED
+CVE-2023-25870
+ RESERVED
+CVE-2023-25869
+ RESERVED
+CVE-2023-25868
+ RESERVED
+CVE-2023-25867
+ RESERVED
+CVE-2023-25866
+ RESERVED
+CVE-2023-25865
+ RESERVED
+CVE-2023-25864
+ RESERVED
+CVE-2023-25863
+ RESERVED
+CVE-2023-25862
+ RESERVED
+CVE-2023-25861
+ RESERVED
+CVE-2023-25860
+ RESERVED
+CVE-2023-25859
+ RESERVED
+CVE-2023-0850 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classifie ...)
+ TODO: check
+CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and clas ...)
+ TODO: check
+CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been ...)
+ TODO: check
+CVE-2023-0847
+ RESERVED
CVE-2023-25858
RESERVED
CVE-2023-25857
@@ -287,6 +397,7 @@ CVE-2023-25747
RESERVED
CVE-2023-25746
RESERVED
+ {DSA-5350-1}
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
CVE-2023-25745
@@ -295,6 +406,7 @@ CVE-2023-25745
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
CVE-2023-25744
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744
@@ -307,6 +419,7 @@ CVE-2023-25743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
CVE-2023-25742
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742
@@ -321,6 +434,7 @@ CVE-2023-25740
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
CVE-2023-25739
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739
@@ -333,6 +447,7 @@ CVE-2023-25738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738
CVE-2023-25737
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25737
@@ -343,6 +458,7 @@ CVE-2023-25736
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25735
@@ -359,6 +475,7 @@ CVE-2023-25733
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25732
@@ -369,18 +486,21 @@ CVE-2023-25731
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
CVE-2023-25730
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730
CVE-2023-25729
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729
CVE-2023-25728
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728
@@ -822,6 +942,7 @@ CVE-2023-25613
RESERVED
CVE-2023-0767
RESERVED
+ {DSA-5350-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -2087,8 +2208,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulne
NOT-FOR-US: Apache sling-org-apache-sling-jcr-base
CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...)
NOT-FOR-US: Siemens
-CVE-2023-0662 [PHP: DOS vulnerability when parsing multipart request body]
- RESERVED
+CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...)
- php8.2 <unfixed> (bug #1031368)
- php7.4 <removed>
- php7.3 <removed>
@@ -3411,15 +3531,13 @@ CVE-2023-0570 (A vulnerability, which was classified as critical, was found in S
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0569 (Weak Password Requirements in GitHub repository publify/publify prior ...)
NOT-FOR-US: Publify
-CVE-2023-0568 [PHP: 1-byte array overrun in common path resolve code]
- RESERVED
+CVE-2023-0568 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...)
- php8.2 <unfixed> (bug #1031368)
- php7.4 <removed>
- php7.3 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81746
NOTE: Fixed in: 8.2.3
-CVE-2023-0567 [PHP: Password_verify() always return true with some hash]
- RESERVED
+CVE-2023-0567 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...)
- php8.2 <unfixed> (bug #1031368)
- php7.4 <removed>
- php7.3 <removed>
@@ -8644,8 +8762,8 @@ CVE-2014-125066 (A vulnerability was found in emmflo yuko-bot. It has been decla
NOT-FOR-US: emmflo yuko-bot
CVE-2007-10002 (A vulnerability, which was classified as critical, has been found in w ...)
NOT-FOR-US: web-cyradm
-CVE-2023-22855
- RESERVED
+CVE-2023-22855 (Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code executio ...)
+ TODO: check
CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 ...)
NOT-FOR-US: Mitel
CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...)
@@ -19513,14 +19631,14 @@ CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
NOT-FOR-US: AyaCMS
CVE-2022-45547
RESERVED
-CVE-2022-45546
- RESERVED
+CVE-2022-45546 (Information Disclosure in Authentication Component of ScreenCheck Badg ...)
+ TODO: check
CVE-2022-45545
RESERVED
CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...)
NOT-FOR-US: Schlix Web Inc SCHLIX CMS
-CVE-2022-45543
- RESERVED
+CVE-2022-45543 (Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attacke ...)
+ TODO: check
CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager ...)
NOT-FOR-US: EyouCMS
CVE-2022-45541 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attr ...)
@@ -31173,8 +31291,8 @@ CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by ad
NOT-FOR-US: Generex CS141
CVE-2022-42456
RESERVED
-CVE-2022-42455
- RESERVED
+CVE-2022-42455 (ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b ...)
+ TODO: check
CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-t ...)
NOT-FOR-US: HCL
CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...)
@@ -37464,8 +37582,8 @@ CVE-2022-40018
RESERVED
CVE-2022-40017
RESERVED
-CVE-2022-40016
- RESERVED
+CVE-2022-40016 (Use After Free (UAF) vulnerability in ireader media-server before comm ...)
+ TODO: check
CVE-2022-40015
RESERVED
CVE-2022-40014
@@ -40213,8 +40331,8 @@ CVE-2022-38937
RESERVED
CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue detecte ...)
NOT-FOR-US: PBC
-CVE-2022-38935
- RESERVED
+CVE-2022-38935 (An issue was discovered in NiterForum version 2.5.0-beta in /src/main/ ...)
+ TODO: check
CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...)
NOT-FOR-US: readelf in ToaruOS
CVE-2022-38933
@@ -40347,10 +40465,10 @@ CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
NOT-FOR-US: free5GC
CVE-2022-38869
RESERVED
-CVE-2022-38868
- RESERVED
-CVE-2022-38867
- RESERVED
+CVE-2022-38868 (SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol ...)
+ TODO: check
+CVE-2022-38867 (SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 ...)
+ TODO: check
CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
{DLA-3255-1}
- mplayer 2:1.5+svn38408-1 (unimportant)
@@ -115676,8 +115794,8 @@ CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows re
TODO: check
CVE-2021-38240
RESERVED
-CVE-2021-38239
- RESERVED
+CVE-2021-38239 (SQL Injection vulnerability in dataease before 1.2.0, allows attackers ...)
+ TODO: check
CVE-2021-38238
RESERVED
CVE-2021-38237
@@ -125814,8 +125932,8 @@ CVE-2021-34119
RESERVED
CVE-2021-34118
RESERVED
-CVE-2021-34117
- RESERVED
+CVE-2021-34117 (SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in ...)
+ TODO: check
CVE-2021-34116
RESERVED
CVE-2021-34115
@@ -126222,8 +126340,8 @@ CVE-2021-33927
RESERVED
CVE-2021-33926
RESERVED
-CVE-2021-33925
- RESERVED
+CVE-2021-33925 (SQL Injection vulnerability in nitinparashar30 cms-corephp through com ...)
+ TODO: check
CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...)
NOT-FOR-US: Confluent Ansible
CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...)
@@ -127684,8 +127802,8 @@ CVE-2021-33398
RESERVED
CVE-2021-33397
RESERVED
-CVE-2021-33396
- RESERVED
+CVE-2021-33396 (Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, al ...)
+ TODO: check
CVE-2021-33395
RESERVED
CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...)
@@ -127900,8 +128018,8 @@ CVE-2021-33306
RESERVED
CVE-2021-33305
RESERVED
-CVE-2021-33304
- RESERVED
+CVE-2021-33304 (Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP- ...)
+ TODO: check
CVE-2021-33303
RESERVED
CVE-2021-33302
@@ -189837,10 +189955,10 @@ CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in
NOT-FOR-US: UReport
CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...)
NOT-FOR-US: Pligg CMS
-CVE-2020-21120
- RESERVED
-CVE-2020-21119
- RESERVED
+CVE-2020-21120 (SQL Injection vulnerability in file home\controls\cart.class.php in UQ ...)
+ TODO: check
+CVE-2020-21119 (SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_ ...)
+ TODO: check
CVE-2020-21118
RESERVED
CVE-2020-21117
@@ -192527,8 +192645,8 @@ CVE-2020-19827
RESERVED
CVE-2020-19826
RESERVED
-CVE-2020-19825
- RESERVED
+CVE-2020-19825 (Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 i ...)
+ TODO: check
CVE-2020-19824
RESERVED
CVE-2020-19823
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e75285725cdfeee5b9ff83c3673b9d96f78d631
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e75285725cdfeee5b9ff83c3673b9d96f78d631
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/4e3d4264/attachment.htm>
More information about the debian-security-tracker-commits
mailing list