[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 18 08:10:25 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae81eb64 by security tracker role at 2023-02-18T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-26056
+	RESERVED
+CVE-2023-26055
+	RESERVED
+CVE-2023-26054
+	RESERVED
+CVE-2023-26053
+	RESERVED
+CVE-2023-26052
+	RESERVED
+CVE-2023-26051
+	RESERVED
+CVE-2023-26050
+	RESERVED
+CVE-2023-26049
+	RESERVED
+CVE-2023-26048
+	RESERVED
+CVE-2023-26047
+	RESERVED
+CVE-2023-26046
+	RESERVED
+CVE-2023-26045
+	RESERVED
+CVE-2023-26044
+	RESERVED
+CVE-2023-26043
+	RESERVED
+CVE-2023-26042
+	RESERVED
+CVE-2023-26041
+	RESERVED
+CVE-2023-26040
+	RESERVED
+CVE-2023-26039
+	RESERVED
+CVE-2023-26038
+	RESERVED
+CVE-2023-26037
+	RESERVED
+CVE-2023-26036
+	RESERVED
+CVE-2023-26035
+	RESERVED
+CVE-2023-26034
+	RESERVED
+CVE-2023-26033
+	RESERVED
+CVE-2023-26032
+	RESERVED
+CVE-2023-26031
+	RESERVED
+CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+	TODO: check
+CVE-2023-0900
+	RESERVED
+CVE-2023-0899
+	RESERVED
+CVE-2023-0898
+	RESERVED
+CVE-2023-0897
+	RESERVED
 CVE-2023-26030
 	RESERVED
 CVE-2023-26029
@@ -1315,7 +1377,7 @@ CVE-2023-25613
 	RESERVED
 CVE-2023-0767
 	RESERVED
-	{DSA-5350-1 DLA-3319-1}
+	{DSA-5353-1 DSA-5350-1 DLA-3319-1}
 	- firefox 110.0-1
 	- nss 2:3.87.1-1
 	- firefox-esr 102.8.0esr-1
@@ -3459,8 +3521,8 @@ CVE-2023-24811
 	RESERVED
 CVE-2023-24810
 	RESERVED
-CVE-2023-24809
-	RESERVED
+CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...)
+	TODO: check
 CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
 	TODO: check, might affect src:ippsample
 CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...)
@@ -3569,8 +3631,8 @@ CVE-2023-24771
 	RESERVED
 CVE-2023-24770
 	RESERVED
-CVE-2023-24769
-	RESERVED
+CVE-2023-24769 (Changedetection.io before v0.40.1.1 was discovered to contain a stored ...)
+	TODO: check
 CVE-2023-24768
 	RESERVED
 CVE-2023-24767
@@ -4401,8 +4463,8 @@ CVE-2023-0484
 	RESERVED
 CVE-2023-0483
 	RESERVED
-CVE-2023-0482
-	RESERVED
+CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
+	TODO: check
 CVE-2023-0481
 	RESERVED
 	NOT-FOR-US: Quarkus
@@ -5815,14 +5877,11 @@ CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf
 	- php-dompdf <not-affected> (Vulnerable code not in any Debian released version)
 	NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
 	NOTE: https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85 (v2.0.2)
-CVE-2023-23923
-	RESERVED
+CVE-2023-23923 (The vulnerability was found Moodle which exists due to insufficient li ...)
 	- moodle <removed>
-CVE-2023-23922
-	RESERVED
+CVE-2023-23922 (The vulnerability was found Moodle which exists due to insufficient sa ...)
 	- moodle <removed>
-CVE-2023-23921
-	RESERVED
+CVE-2023-23921 (The vulnerability was found Moodle which exists due to insufficient sa ...)
 	- moodle <removed>
 CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qw ...)
 	NOT-FOR-US: builderio/qwik
@@ -8326,8 +8385,8 @@ CVE-2023-23066
 	RESERVED
 CVE-2023-23065
 	RESERVED
-CVE-2023-23064
-	RESERVED
+CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...)
+	TODO: check
 CVE-2023-23063
 	RESERVED
 CVE-2023-23062
@@ -10878,8 +10937,8 @@ CVE-2022-48117
 	RESERVED
 CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE)  ...)
 	NOT-FOR-US: AyaCMS
-CVE-2022-48115
-	RESERVED
+CVE-2022-48115 (The dropdown menu in jspreadsheet before v4.6.0 was discovered to be v ...)
+	TODO: check
 CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...)
 	NOT-FOR-US: RuoYi
 CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...)
@@ -12880,48 +12939,48 @@ CVE-2023-22248
 	RESERVED
 CVE-2023-22247
 	RESERVED
-CVE-2023-22246
-	RESERVED
+CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
+	TODO: check
 CVE-2023-22245
 	RESERVED
-CVE-2023-22244
-	RESERVED
-CVE-2023-22243
-	RESERVED
+CVE-2023-22244 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use Aft ...)
+	TODO: check
+CVE-2023-22243 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
+	TODO: check
 CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
 	NOT-FOR-US: Adobe
 CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
 	NOT-FOR-US: Adobe
 CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
 	NOT-FOR-US: Adobe
-CVE-2023-22239
-	RESERVED
-CVE-2023-22238
-	RESERVED
-CVE-2023-22237
-	RESERVED
-CVE-2023-22236
-	RESERVED
+CVE-2023-22239 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+	TODO: check
+CVE-2023-22238 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+	TODO: check
+CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+	TODO: check
+CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
+	TODO: check
 CVE-2023-22235
 	RESERVED
-CVE-2023-22234
-	RESERVED
-CVE-2023-22233
-	RESERVED
-CVE-2023-22232
-	RESERVED
-CVE-2023-22231
-	RESERVED
-CVE-2023-22230
-	RESERVED
-CVE-2023-22229
-	RESERVED
-CVE-2023-22228
-	RESERVED
-CVE-2023-22227
-	RESERVED
-CVE-2023-22226
-	RESERVED
+CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-b ...)
+	TODO: check
+CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+	TODO: check
+CVE-2023-22232 (Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are  ...)
+	TODO: check
+CVE-2023-22231 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
+CVE-2023-22230 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
+CVE-2023-22229 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
+CVE-2023-22228 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
+CVE-2023-22227 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
+CVE-2023-22226 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
 CVE-2023-22225
 	RESERVED
 CVE-2023-22224
@@ -17675,14 +17734,14 @@ CVE-2022-XXXX [node-d3-color redos]
 	NOTE: https://github.com/d3/d3-color/pull/100
 CVE-2023-21623
 	RESERVED
-CVE-2023-21622
-	RESERVED
-CVE-2023-21621
-	RESERVED
-CVE-2023-21620
-	RESERVED
-CVE-2023-21619
-	RESERVED
+CVE-2023-21622 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21621 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+	TODO: check
 CVE-2023-21618
 	RESERVED
 CVE-2023-21617
@@ -17733,8 +17792,8 @@ CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are
 	NOT-FOR-US: Adobe
 CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
 	NOT-FOR-US: Adobe
-CVE-2023-21593
-	RESERVED
+CVE-2023-21593 (Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier)  ...)
+	TODO: check
 CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
 	NOT-FOR-US: Adobe
 CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
@@ -17751,10 +17810,10 @@ CVE-2023-21586
 	RESERVED
 CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
 	NOT-FOR-US: Adobe
-CVE-2023-21584
-	RESERVED
-CVE-2023-21583
-	RESERVED
+CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+	TODO: check
 CVE-2023-21582
 	RESERVED
 CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
@@ -17763,16 +17822,16 @@ CVE-2023-21580
 	RESERVED
 CVE-2023-21579 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
 	NOT-FOR-US: Adobe
-CVE-2023-21578
-	RESERVED
-CVE-2023-21577
-	RESERVED
-CVE-2023-21576
-	RESERVED
-CVE-2023-21575
-	RESERVED
-CVE-2023-21574
-	RESERVED
+CVE-2023-21578 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21577 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21576 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21575 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+	TODO: check
+CVE-2023-21574 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+	TODO: check
 CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...)
 	{DSA-5295-1}
 	- chromium 108.0.5359.94-1
@@ -37159,8 +37218,8 @@ CVE-2022-40350
 	RESERVED
 CVE-2022-40349
 	RESERVED
-CVE-2022-40348
-	RESERVED
+CVE-2022-40348 (Cross Site Scripting (XSS) vulnerability in Intern Record System versi ...)
+	TODO: check
 CVE-2022-40347 (SQL Injection vulnerability in Intern Record System version 1.0 in /in ...)
 	TODO: check
 CVE-2022-40346
@@ -37986,8 +38045,8 @@ CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression
 	NOTE: https://github.com/sqlalchemy/mako/issues/366
 CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...)
 	NOT-FOR-US: Microchip Technology
-CVE-2022-40021
-	RESERVED
+CVE-2022-40021 (QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283)  ...)
+	TODO: check
 CVE-2022-40020
 	RESERVED
 CVE-2022-40019
@@ -43859,8 +43918,8 @@ CVE-2022-37937
 	RESERVED
 CVE-2022-37936
 	RESERVED
-CVE-2022-37935
-	RESERVED
+CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may disclose ...)
+	TODO: check
 CVE-2022-37934 (A potential security vulnerability has been identified in HPE OfficeCo ...)
 	NOT-FOR-US: HPE
 CVE-2022-37933 (A potential security vulnerability has been identified in HPE Superdom ...)
@@ -126065,7 +126124,8 @@ CVE-2021-34252
 	RESERVED
 CVE-2021-34251
 	RESERVED
-CVE-2021-34250 (An issue was discovered in baijiacms v4. There is a CSRF vulnerability ...)
+CVE-2021-34250
+	REJECTED
 	NOT-FOR-US: baijiacms
 CVE-2021-34249
 	RESERVED
@@ -129590,14 +129650,14 @@ CVE-2021-32848
 	RESERVED
 CVE-2021-32847
 	RESERVED
-CVE-2021-32846
-	RESERVED
-CVE-2021-32845
-	RESERVED
-CVE-2021-32844
-	RESERVED
-CVE-2021-32843
-	RESERVED
+CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+	TODO: check
+CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+	TODO: check
+CVE-2021-32844 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+	TODO: check
+CVE-2021-32843 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+	TODO: check
 CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
 	- mono <not-affected> (Vulnerable code not yet uploaded)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
@@ -146708,8 +146768,8 @@ CVE-2021-26279
 	RESERVED
 CVE-2021-26278
 	RESERVED
-CVE-2021-26277
-	RESERVED
+CVE-2021-26277 (The framework service handles pendingIntent incorrectly, allowing a ma ...)
+	TODO: check
 CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
 	NOT-FOR-US: GoDaddy node-config-shield
 CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae81eb64ac219401b4331abc7cb164649d4d6b95

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae81eb64ac219401b4331abc7cb164649d4d6b95
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230218/168d4355/attachment.htm>


More information about the debian-security-tracker-commits mailing list