[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 16 20:15:06 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ec08178 by security tracker role at 2023-02-16T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-25932
+ RESERVED
+CVE-2023-25931
+ RESERVED
+CVE-2023-25930
+ RESERVED
+CVE-2023-25929
+ RESERVED
+CVE-2023-25928
+ RESERVED
+CVE-2023-25927
+ RESERVED
+CVE-2023-25926
+ RESERVED
+CVE-2023-25925
+ RESERVED
+CVE-2023-25924
+ RESERVED
+CVE-2023-25923
+ RESERVED
+CVE-2023-25922
+ RESERVED
+CVE-2023-25921
+ RESERVED
+CVE-2023-25920
+ RESERVED
+CVE-2023-25919
+ RESERVED
+CVE-2023-25918
+ RESERVED
+CVE-2023-25917
+ RESERVED
+CVE-2023-25916
+ RESERVED
+CVE-2023-25915
+ RESERVED
+CVE-2023-25914
+ RESERVED
+CVE-2023-25913
+ RESERVED
+CVE-2023-25912
+ RESERVED
+CVE-2023-25911
+ RESERVED
+CVE-2023-25910
+ RESERVED
+CVE-2023-0872
+ RESERVED
+CVE-2023-0871
+ RESERVED
+CVE-2023-0870
+ RESERVED
+CVE-2023-0869
+ RESERVED
+CVE-2023-0868
+ RESERVED
+CVE-2023-0867
+ RESERVED
+CVE-2023-0866
+ RESERVED
+CVE-2023-0865
+ RESERVED
+CVE-2023-0864
+ RESERVED
+CVE-2023-0863
+ RESERVED
+CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable to path ...)
+ TODO: check
+CVE-2023-0861 (NetModule NSRW web administration interface executes an OS command con ...)
+ TODO: check
+CVE-2023-0860 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
+ TODO: check
+CVE-2023-0859
+ RESERVED
+CVE-2023-0858
+ RESERVED
+CVE-2023-0857
+ RESERVED
+CVE-2023-0856
+ RESERVED
+CVE-2023-0855
+ RESERVED
+CVE-2023-0854
+ RESERVED
+CVE-2023-0853
+ RESERVED
+CVE-2023-0852
+ RESERVED
+CVE-2023-0851
+ RESERVED
+CVE-2022-48327
+ RESERVED
+CVE-2022-48326
+ RESERVED
+CVE-2022-48325
+ RESERVED
+CVE-2022-48324
+ RESERVED
+CVE-2021-46874
+ RESERVED
CVE-2023-25909
RESERVED
CVE-2023-25908
@@ -397,7 +497,7 @@ CVE-2023-25747
RESERVED
CVE-2023-25746
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
CVE-2023-25745
@@ -406,7 +506,7 @@ CVE-2023-25745
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
CVE-2023-25744
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744
@@ -419,7 +519,7 @@ CVE-2023-25743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
CVE-2023-25742
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742
@@ -434,7 +534,7 @@ CVE-2023-25740
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
CVE-2023-25739
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739
@@ -447,7 +547,7 @@ CVE-2023-25738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738
CVE-2023-25737
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25737
@@ -458,7 +558,7 @@ CVE-2023-25736
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25735
@@ -475,7 +575,7 @@ CVE-2023-25733
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25732
@@ -486,21 +586,21 @@ CVE-2023-25731
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
CVE-2023-25730
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730
CVE-2023-25729
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729
CVE-2023-25728
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728
@@ -847,8 +947,8 @@ CVE-2023-25655
RESERVED
CVE-2023-25654
RESERVED
-CVE-2023-25653
- RESERVED
+CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...)
+ TODO: check
CVE-2023-25652
RESERVED
CVE-2023-25651
@@ -942,7 +1042,7 @@ CVE-2023-25613
RESERVED
CVE-2023-0767
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -1013,8 +1113,8 @@ CVE-2023-25604
RESERVED
CVE-2023-25603
RESERVED
-CVE-2023-25602
- RESERVED
+CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
+ TODO: check
CVE-2023-25601
RESERVED
CVE-2023-0753
@@ -2140,8 +2240,7 @@ CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3
NOT-FOR-US: Calendar Event Management System
CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...)
NOT-FOR-US: HP
-CVE-2023-25173
- RESERVED
+CVE-2023-25173 (containerd is an open source container runtime. A bug was found in con ...)
- containerd 1.6.18+ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
CVE-2023-25172
@@ -2182,8 +2281,7 @@ CVE-2023-25155
RESERVED
CVE-2023-25154
RESERVED
-CVE-2023-25153
- RESERVED
+CVE-2023-25153 (containerd is an open source container runtime. Before versions 1.6.18 ...)
- containerd 1.6.18+ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...)
@@ -2356,12 +2454,12 @@ CVE-2023-22653
RESERVED
CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...)
NOT-FOR-US: Multilaser RE057 and RE170
-CVE-2022-48308
- RESERVED
-CVE-2022-48307
- RESERVED
-CVE-2022-48306
- RESERVED
+CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...)
+ TODO: check
+CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying hostnames in ...)
+ TODO: check
+CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
+ TODO: check
CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...)
NOT-FOR-US: OnShift TurboGears
CVE-2018-25080 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -3086,8 +3184,8 @@ CVE-2023-24809
RESERVED
CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
TODO: check, might affect src:ippsample
-CVE-2023-24807
- RESERVED
+CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...)
+ TODO: check
CVE-2023-24806
REJECTED
CVE-2023-24805
@@ -4054,12 +4152,12 @@ CVE-2023-24487
RESERVED
CVE-2023-24486
RESERVED
-CVE-2023-24485
- RESERVED
-CVE-2023-24484
- RESERVED
-CVE-2023-24483
- RESERVED
+CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...)
+ TODO: check
+CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...)
+ TODO: check
+CVE-2023-24483 (A vulnerability has been identified that, if exploited, could result i ...)
+ TODO: check
CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions), COM ...)
NOT-FOR-US: Siemens
CVE-2023-24477
@@ -4084,8 +4182,8 @@ CVE-2023-0477
RESERVED
CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
NOT-FOR-US: Tenable
-CVE-2023-0475
- RESERVED
+CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
+ TODO: check
CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
{DSA-5328-1}
- chromium 109.0.5414.119-1
@@ -4657,12 +4755,12 @@ CVE-2023-24240
RESERVED
CVE-2023-24239
RESERVED
-CVE-2023-24238
- RESERVED
+CVE-2023-24238 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
+ TODO: check
CVE-2023-24237
RESERVED
-CVE-2023-24236
- RESERVED
+CVE-2023-24236 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
+ TODO: check
CVE-2023-24235
RESERVED
CVE-2023-24234 (A stored cross-site scripting (XSS) vulnerability in the component php ...)
@@ -5371,8 +5469,8 @@ CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript c
NOT-FOR-US: Symantec
CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share, and e ...)
NOT-FOR-US: ownCloud Android app
-CVE-2023-23947
- RESERVED
+CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...)
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
@@ -5400,8 +5498,8 @@ CVE-2023-23938
RESERVED
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
NOT-FOR-US: Pimcore
-CVE-2023-23936
- RESERVED
+CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...)
+ TODO: check
CVE-2023-23935
RESERVED
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
@@ -5425,8 +5523,8 @@ CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose
NOT-FOR-US: reason-jose
CVE-2023-23927
RESERVED
-CVE-2023-23926
- RESERVED
+CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...)
+ TODO: check
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
NOT-FOR-US: Switcher
CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...)
@@ -5776,20 +5874,20 @@ CVE-2023-23786
RESERVED
CVE-2023-23785
RESERVED
-CVE-2023-23784
- RESERVED
-CVE-2023-23783
- RESERVED
-CVE-2023-23782
- RESERVED
-CVE-2023-23781
- RESERVED
-CVE-2023-23780
- RESERVED
-CVE-2023-23779
- RESERVED
-CVE-2023-23778
- RESERVED
+CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...)
+ TODO: check
+CVE-2023-23783 (A use of externally-controlled format string in Fortinet FortiWeb vers ...)
+ TODO: check
+CVE-2023-23782 (A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 throug ...)
+ TODO: check
+CVE-2023-23781 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...)
+ TODO: check
+CVE-2023-23780 (A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 throu ...)
+ TODO: check
+CVE-2023-23779 (Multiple improper neutralization of special elements used in an OS Com ...)
+ TODO: check
+CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb version 7 ...)
+ TODO: check
CVE-2023-23777
RESERVED
CVE-2023-23776
@@ -5993,8 +6091,8 @@ CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as
NOT-FOR-US: frioux ptome
CVE-2023-23753
RESERVED
-CVE-2023-23752
- RESERVED
+CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...)
+ TODO: check
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...)
NOT-FOR-US: Joomla!
CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...)
@@ -6716,8 +6814,8 @@ CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur b
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
- linux 6.1.11-1
NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
-CVE-2023-23558
- RESERVED
+CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...)
+ TODO: check
CVE-2023-23557
RESERVED
CVE-2023-23556
@@ -9409,8 +9507,8 @@ CVE-2023-22640
RESERVED
CVE-2023-22639
RESERVED
-CVE-2023-22638
- RESERVED
+CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...)
+ TODO: check
CVE-2023-22637
RESERVED
CVE-2023-22636
@@ -9739,12 +9837,12 @@ CVE-2023-22582
RESERVED
CVE-2023-22581
RESERVED
-CVE-2023-22580
- RESERVED
-CVE-2023-22579
- RESERVED
-CVE-2023-22578
- RESERVED
+CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)
+ TODO: check
+CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...)
+ TODO: check
+CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a ...)
+ TODO: check
CVE-2023-22577
RESERVED
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
@@ -23589,8 +23687,8 @@ CVE-2022-43446
RESERVED
CVE-2022-42465
RESERVED
-CVE-2022-3843
- RESERVED
+CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...)
+ TODO: check
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
@@ -25741,8 +25839,8 @@ CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC7
NOT-FOR-US: Linksys
CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...)
NOT-FOR-US: Linksys
-CVE-2022-43969
- RESERVED
+CVE-2022-43969 (Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. ...)
+ TODO: check
CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
@@ -27020,8 +27118,8 @@ CVE-2022-43956
RESERVED
CVE-2022-43955
RESERVED
-CVE-2022-43954
- RESERVED
+CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
+ TODO: check
CVE-2022-43953
RESERVED
CVE-2022-43952
@@ -27740,14 +27838,17 @@ CVE-2022-43509 (Out-of-bounds write vulnerability exists in CX-Programmer v.9.77
CVE-2022-43508 (Use-after free vulnerability exists in CX-Programmer v.9.77 and earlie ...)
NOT-FOR-US: CX-Programmer
CVE-2022-43504 (Improper authentication vulnerability in WordPress versions prior to 6 ...)
+ {DSA-5279-1}
- wordpress 6.0.3+dfsg1-1 (bug #1022575)
[buster] - wordpress <postponed> (wait for CVE assignment)
NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
+ {DSA-5279-1}
- wordpress 6.0.3+dfsg1-1 (bug #1022575)
[buster] - wordpress <postponed> (wait for CVE assignment)
NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
+ {DSA-5279-1}
- wordpress 6.0.3+dfsg1-1 (bug #1022575)
[buster] - wordpress <postponed> (wait for CVE assignment)
NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
@@ -31194,8 +31295,8 @@ CVE-2022-42474
RESERVED
CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...)
NOT-FOR-US: FortiGuard
-CVE-2022-42472
- RESERVED
+CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...)
+ TODO: check
CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
NOT-FOR-US: FortiGuard
CVE-2022-42470
@@ -34333,10 +34434,10 @@ CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repositor
- rdiffweb <itp> (bug #969974)
CVE-2022-41336 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
-CVE-2022-41335
- RESERVED
-CVE-2022-41334
- RESERVED
+CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
+ TODO: check
+CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...)
+ TODO: check
CVE-2022-41333
RESERVED
CVE-2022-41332
@@ -35896,8 +35997,8 @@ CVE-2022-40696
RESERVED
CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...)
NOT-FOR-US: FortiGuard
-CVE-2022-40683
- RESERVED
+CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...)
+ TODO: check
CVE-2022-40682
RESERVED
CVE-2022-40681
@@ -35906,14 +36007,14 @@ CVE-2022-40680 (A improper neutralization of input during web page generation ('
NOT-FOR-US: FortiGuard
CVE-2022-40679
RESERVED
-CVE-2022-40678
- RESERVED
-CVE-2022-40677
- RESERVED
+CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions ...)
+ TODO: check
+CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
+ TODO: check
CVE-2022-40676
RESERVED
-CVE-2022-40675
- RESERVED
+CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...)
+ TODO: check
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – ...)
@@ -37750,20 +37851,20 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
-CVE-2022-39954
- RESERVED
+CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
+ TODO: check
CVE-2022-39953
RESERVED
-CVE-2022-39952
- RESERVED
+CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...)
+ TODO: check
CVE-2022-39951
RESERVED
CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...)
NOT-FOR-US: FortiGuard
-CVE-2022-39948
- RESERVED
+CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
+ TODO: check
CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-39946
@@ -41013,8 +41114,8 @@ CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible
NOT-FOR-US: NetApp
CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
NOT-FOR-US: SnapCenter (NetAPP)
-CVE-2022-38731
- RESERVED
+CVE-2022-38731 (Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal ...)
+ TODO: check
CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
@@ -42234,14 +42335,14 @@ CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS ve
NOT-FOR-US: FortiGuard
CVE-2022-38379 (Improper neutralization of input during web page generation [CWE-79] i ...)
NOT-FOR-US: FortiGuard
-CVE-2022-38378
- RESERVED
+CVE-2022-38378 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
+ TODO: check
CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...)
NOT-FOR-US: FortiGuard
-CVE-2022-38376
- RESERVED
-CVE-2022-38375
- RESERVED
+CVE-2022-38376 (Multiple improper neutralization of input during web page generation ( ...)
+ TODO: check
+CVE-2022-38375 (An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC ...)
+ TODO: check
CVE-2022-38374 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-38373 (An improper neutralization of input during web page generation vulnera ...)
@@ -54742,12 +54843,12 @@ CVE-2022-33873 (An improper neutralization of special elements used in an OS Com
NOT-FOR-US: Fortiguard
CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...)
NOT-FOR-US: Fortiguard
-CVE-2022-33871
- RESERVED
+CVE-2022-33871 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...)
+ TODO: check
CVE-2022-33870 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiGuard
-CVE-2022-33869
- RESERVED
+CVE-2022-33869 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored ...)
@@ -64573,22 +64674,22 @@ CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple version
NOT-FOR-US: Festo
CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the RSA SSH h ...)
NOT-FOR-US: FortiGuard
-CVE-2022-30306
- RESERVED
+CVE-2022-30306 (A stack-based buffer overflow vulnerability [CWE-121] in the CA sign f ...)
+ TODO: check
CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in FortiSandbox versio ...)
NOT-FOR-US: FortiGuard
-CVE-2022-30304
- RESERVED
-CVE-2022-30303
- RESERVED
+CVE-2022-30304 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
+CVE-2022-30303 (An improper neutralization of special elements used in an os command ( ...)
+ TODO: check
CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiDece ...)
NOT-FOR-US: Fortinet
CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through ...)
NOT-FOR-US: Fortinet
-CVE-2022-30300
- RESERVED
-CVE-2022-30299
- RESERVED
+CVE-2022-30300 (A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 thr ...)
+ TODO: check
+CVE-2022-30299 (A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 t ...)
+ TODO: check
CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
NOT-FOR-US: FortiGuard
CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edi ...)
@@ -68341,8 +68442,8 @@ CVE-2022-29056
RESERVED
CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
NOT-FOR-US: FortiGuard
-CVE-2022-29054
- RESERVED
+CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
+ TODO: check
CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
NOT-FOR-US: FortiGuard
CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private ...)
@@ -71788,8 +71889,8 @@ CVE-2022-27899
RESERVED
CVE-2022-27898
RESERVED
-CVE-2022-27897
- RESERVED
+CVE-2022-27897 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...)
+ TODO: check
CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
NOT-FOR-US: Foundry Code-Workbooks
CVE-2022-27895 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
@@ -71798,12 +71899,12 @@ CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scri
NOT-FOR-US: Foundry Blobster service
CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...)
NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector
-CVE-2022-27892
- RESERVED
-CVE-2022-27891
- RESERVED
-CVE-2022-27890
- RESERVED
+CVE-2022-27892 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...)
+ TODO: check
+CVE-2022-27891 (Palantir Gotham included an unauthenticated endpoint that listed all a ...)
+ TODO: check
+CVE-2022-27890 (It was discovered that the sls-logging was not verifying hostnames in ...)
+ TODO: check
CVE-2022-27889 (The Multipass service was found to have code paths that could be abuse ...)
NOT-FOR-US: Palantir
CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
@@ -72877,8 +72978,8 @@ CVE-2022-27491 (A improper verification of source of a communication channel in
NOT-FOR-US: FortiGuard
CVE-2022-27490
RESERVED
-CVE-2022-27489
- RESERVED
+CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2022-27488
RESERVED
CVE-2022-27487
@@ -72891,8 +72992,8 @@ CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0
NOT-FOR-US: FortiGuard
CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
-CVE-2022-27482
- RESERVED
+CVE-2022-27482 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...)
@@ -77005,8 +77106,8 @@ CVE-2022-26117 (An empty password in configuration file vulnerability [CWE-258]
NOT-FOR-US: Fortinet
CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...)
NOT-FOR-US: Fortiguard FortiNAC
-CVE-2022-26115
- RESERVED
+CVE-2022-26115 (A use of password hash with insufficient computational effort vulnerab ...)
+ TODO: check
CVE-2022-26114 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...)
@@ -102237,8 +102338,8 @@ CVE-2021-43076 (An improper privilege management vulnerability [CWE-269] in Fort
NOT-FOR-US: FortiGuard
CVE-2021-43075 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43074
- RESERVED
+CVE-2021-43074 (An improper verification of cryptographic signature vulnerability [CWE ...)
+ TODO: check
CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43072
@@ -103044,8 +103145,8 @@ CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1
- wpewebkit 2.34.1-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
-CVE-2021-42761
- RESERVED
+CVE-2021-42761 (A condition for session fixation vulnerability [CWE-384] in the sessio ...)
+ TODO: check
CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: FortiGuard
CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
@@ -103054,8 +103155,8 @@ CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8
NOT-FOR-US: FortiGuard
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
NOT-FOR-US: FortiGuard
-CVE-2021-42756
- RESERVED
+CVE-2021-42756 (Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the ...)
+ TODO: check
CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitc ...)
NOT-FOR-US: Fortinet
CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
@@ -110038,8 +110139,8 @@ CVE-2021-40557
RESERVED
CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in ASUS RT- ...)
NOT-FOR-US: ASUS
-CVE-2021-40555
- RESERVED
+CVE-2021-40555 (Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows ...)
+ TODO: check
CVE-2021-40554
RESERVED
CVE-2021-40553 (piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerabili ...)
@@ -183105,7 +183206,7 @@ CVE-2020-24309
RESERVED
CVE-2020-24308
RESERVED
-CVE-2020-24307 (An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges ...)
+CVE-2020-24307 (** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to esca ...)
TODO: check
CVE-2020-24306
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec0817874691d7ac7ed5c1d242c760f92fca6e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec0817874691d7ac7ed5c1d242c760f92fca6e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/1423eb46/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list