[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 18 08:10:25 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae81eb64 by security tracker role at 2023-02-18T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-26056
+ RESERVED
+CVE-2023-26055
+ RESERVED
+CVE-2023-26054
+ RESERVED
+CVE-2023-26053
+ RESERVED
+CVE-2023-26052
+ RESERVED
+CVE-2023-26051
+ RESERVED
+CVE-2023-26050
+ RESERVED
+CVE-2023-26049
+ RESERVED
+CVE-2023-26048
+ RESERVED
+CVE-2023-26047
+ RESERVED
+CVE-2023-26046
+ RESERVED
+CVE-2023-26045
+ RESERVED
+CVE-2023-26044
+ RESERVED
+CVE-2023-26043
+ RESERVED
+CVE-2023-26042
+ RESERVED
+CVE-2023-26041
+ RESERVED
+CVE-2023-26040
+ RESERVED
+CVE-2023-26039
+ RESERVED
+CVE-2023-26038
+ RESERVED
+CVE-2023-26037
+ RESERVED
+CVE-2023-26036
+ RESERVED
+CVE-2023-26035
+ RESERVED
+CVE-2023-26034
+ RESERVED
+CVE-2023-26033
+ RESERVED
+CVE-2023-26032
+ RESERVED
+CVE-2023-26031
+ RESERVED
+CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
+CVE-2023-0900
+ RESERVED
+CVE-2023-0899
+ RESERVED
+CVE-2023-0898
+ RESERVED
+CVE-2023-0897
+ RESERVED
CVE-2023-26030
RESERVED
CVE-2023-26029
@@ -1315,7 +1377,7 @@ CVE-2023-25613
RESERVED
CVE-2023-0767
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5353-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -3459,8 +3521,8 @@ CVE-2023-24811
RESERVED
CVE-2023-24810
RESERVED
-CVE-2023-24809
- RESERVED
+CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...)
+ TODO: check
CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
TODO: check, might affect src:ippsample
CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...)
@@ -3569,8 +3631,8 @@ CVE-2023-24771
RESERVED
CVE-2023-24770
RESERVED
-CVE-2023-24769
- RESERVED
+CVE-2023-24769 (Changedetection.io before v0.40.1.1 was discovered to contain a stored ...)
+ TODO: check
CVE-2023-24768
RESERVED
CVE-2023-24767
@@ -4401,8 +4463,8 @@ CVE-2023-0484
RESERVED
CVE-2023-0483
RESERVED
-CVE-2023-0482
- RESERVED
+CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
+ TODO: check
CVE-2023-0481
RESERVED
NOT-FOR-US: Quarkus
@@ -5815,14 +5877,11 @@ CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf
- php-dompdf <not-affected> (Vulnerable code not in any Debian released version)
NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
NOTE: https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85 (v2.0.2)
-CVE-2023-23923
- RESERVED
+CVE-2023-23923 (The vulnerability was found Moodle which exists due to insufficient li ...)
- moodle <removed>
-CVE-2023-23922
- RESERVED
+CVE-2023-23922 (The vulnerability was found Moodle which exists due to insufficient sa ...)
- moodle <removed>
-CVE-2023-23921
- RESERVED
+CVE-2023-23921 (The vulnerability was found Moodle which exists due to insufficient sa ...)
- moodle <removed>
CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qw ...)
NOT-FOR-US: builderio/qwik
@@ -8326,8 +8385,8 @@ CVE-2023-23066
RESERVED
CVE-2023-23065
RESERVED
-CVE-2023-23064
- RESERVED
+CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...)
+ TODO: check
CVE-2023-23063
RESERVED
CVE-2023-23062
@@ -10878,8 +10937,8 @@ CVE-2022-48117
RESERVED
CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) ...)
NOT-FOR-US: AyaCMS
-CVE-2022-48115
- RESERVED
+CVE-2022-48115 (The dropdown menu in jspreadsheet before v4.6.0 was discovered to be v ...)
+ TODO: check
CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...)
NOT-FOR-US: RuoYi
CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...)
@@ -12880,48 +12939,48 @@ CVE-2023-22248
RESERVED
CVE-2023-22247
RESERVED
-CVE-2023-22246
- RESERVED
+CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
+ TODO: check
CVE-2023-22245
RESERVED
-CVE-2023-22244
- RESERVED
-CVE-2023-22243
- RESERVED
+CVE-2023-22244 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use Aft ...)
+ TODO: check
+CVE-2023-22243 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
+ TODO: check
CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
-CVE-2023-22239
- RESERVED
-CVE-2023-22238
- RESERVED
-CVE-2023-22237
- RESERVED
-CVE-2023-22236
- RESERVED
+CVE-2023-22239 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+ TODO: check
+CVE-2023-22238 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+ TODO: check
+CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+ TODO: check
+CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
+ TODO: check
CVE-2023-22235
RESERVED
-CVE-2023-22234
- RESERVED
-CVE-2023-22233
- RESERVED
-CVE-2023-22232
- RESERVED
-CVE-2023-22231
- RESERVED
-CVE-2023-22230
- RESERVED
-CVE-2023-22229
- RESERVED
-CVE-2023-22228
- RESERVED
-CVE-2023-22227
- RESERVED
-CVE-2023-22226
- RESERVED
+CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-b ...)
+ TODO: check
+CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
+ TODO: check
+CVE-2023-22232 (Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are ...)
+ TODO: check
+CVE-2023-22231 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2023-22230 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2023-22229 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2023-22228 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2023-22227 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2023-22226 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
CVE-2023-22225
RESERVED
CVE-2023-22224
@@ -17675,14 +17734,14 @@ CVE-2022-XXXX [node-d3-color redos]
NOTE: https://github.com/d3/d3-color/pull/100
CVE-2023-21623
RESERVED
-CVE-2023-21622
- RESERVED
-CVE-2023-21621
- RESERVED
-CVE-2023-21620
- RESERVED
-CVE-2023-21619
- RESERVED
+CVE-2023-21622 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21621 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+ TODO: check
CVE-2023-21618
RESERVED
CVE-2023-21617
@@ -17733,8 +17792,8 @@ CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are
NOT-FOR-US: Adobe
CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
NOT-FOR-US: Adobe
-CVE-2023-21593
- RESERVED
+CVE-2023-21593 (Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) ...)
+ TODO: check
CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
NOT-FOR-US: Adobe
CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
@@ -17751,10 +17810,10 @@ CVE-2023-21586
RESERVED
CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
-CVE-2023-21584
- RESERVED
-CVE-2023-21583
- RESERVED
+CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
+ TODO: check
CVE-2023-21582
RESERVED
CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
@@ -17763,16 +17822,16 @@ CVE-2023-21580
RESERVED
CVE-2023-21579 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
-CVE-2023-21578
- RESERVED
-CVE-2023-21577
- RESERVED
-CVE-2023-21576
- RESERVED
-CVE-2023-21575
- RESERVED
-CVE-2023-21574
- RESERVED
+CVE-2023-21578 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21577 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21576 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21575 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+ TODO: check
+CVE-2023-21574 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...)
+ TODO: check
CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...)
{DSA-5295-1}
- chromium 108.0.5359.94-1
@@ -37159,8 +37218,8 @@ CVE-2022-40350
RESERVED
CVE-2022-40349
RESERVED
-CVE-2022-40348
- RESERVED
+CVE-2022-40348 (Cross Site Scripting (XSS) vulnerability in Intern Record System versi ...)
+ TODO: check
CVE-2022-40347 (SQL Injection vulnerability in Intern Record System version 1.0 in /in ...)
TODO: check
CVE-2022-40346
@@ -37986,8 +38045,8 @@ CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression
NOTE: https://github.com/sqlalchemy/mako/issues/366
CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...)
NOT-FOR-US: Microchip Technology
-CVE-2022-40021
- RESERVED
+CVE-2022-40021 (QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) ...)
+ TODO: check
CVE-2022-40020
RESERVED
CVE-2022-40019
@@ -43859,8 +43918,8 @@ CVE-2022-37937
RESERVED
CVE-2022-37936
RESERVED
-CVE-2022-37935
- RESERVED
+CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may disclose ...)
+ TODO: check
CVE-2022-37934 (A potential security vulnerability has been identified in HPE OfficeCo ...)
NOT-FOR-US: HPE
CVE-2022-37933 (A potential security vulnerability has been identified in HPE Superdom ...)
@@ -126065,7 +126124,8 @@ CVE-2021-34252
RESERVED
CVE-2021-34251
RESERVED
-CVE-2021-34250 (An issue was discovered in baijiacms v4. There is a CSRF vulnerability ...)
+CVE-2021-34250
+ REJECTED
NOT-FOR-US: baijiacms
CVE-2021-34249
RESERVED
@@ -129590,14 +129650,14 @@ CVE-2021-32848
RESERVED
CVE-2021-32847
RESERVED
-CVE-2021-32846
- RESERVED
-CVE-2021-32845
- RESERVED
-CVE-2021-32844
- RESERVED
-CVE-2021-32843
- RESERVED
+CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+ TODO: check
+CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+ TODO: check
+CVE-2021-32844 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+ TODO: check
+CVE-2021-32843 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+ TODO: check
CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
- mono <not-affected> (Vulnerable code not yet uploaded)
NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
@@ -146708,8 +146768,8 @@ CVE-2021-26279
RESERVED
CVE-2021-26278
RESERVED
-CVE-2021-26277
- RESERVED
+CVE-2021-26277 (The framework service handles pendingIntent incorrectly, allowing a ma ...)
+ TODO: check
CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
NOT-FOR-US: GoDaddy node-config-shield
CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae81eb64ac219401b4331abc7cb164649d4d6b95
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae81eb64ac219401b4331abc7cb164649d4d6b95
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230218/168d4355/attachment.htm>
More information about the debian-security-tracker-commits
mailing list