[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 18 20:10:36 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3153beaa by security tracker role at 2023-02-18T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-0911
+ RESERVED
+CVE-2023-0910 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
+ TODO: check
+CVE-2023-0909 (A vulnerability, which was classified as problematic, was found in cxa ...)
+ TODO: check
+CVE-2023-0908 (A vulnerability, which was classified as problematic, was found in Xos ...)
+ TODO: check
+CVE-2023-0907 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-0906 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+ TODO: check
+CVE-2023-0905 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-0904 (A vulnerability was found in SourceCodester Employee Task Management S ...)
+ TODO: check
+CVE-2023-0903 (A vulnerability was found in SourceCodester Employee Task Management S ...)
+ TODO: check
+CVE-2023-0902 (A vulnerability was found in SourceCodester Simple Food Ordering Syste ...)
+ TODO: check
+CVE-2016-15024
+ RESERVED
+CVE-2014-125087
+ RESERVED
+CVE-2012-10007
+ RESERVED
CVE-2023-26056
RESERVED
CVE-2023-26055
@@ -808,7 +834,7 @@ CVE-2023-25747
RESERVED
CVE-2023-25746
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
@@ -819,7 +845,7 @@ CVE-2023-25745
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
CVE-2023-25744
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird <unfixed>
@@ -834,7 +860,7 @@ CVE-2023-25743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
CVE-2023-25742
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -851,7 +877,7 @@ CVE-2023-25740
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
CVE-2023-25739
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -868,7 +894,7 @@ CVE-2023-25738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25738
CVE-2023-25737
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -881,7 +907,7 @@ CVE-2023-25736
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -902,7 +928,7 @@ CVE-2023-25733
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -915,7 +941,7 @@ CVE-2023-25731
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
CVE-2023-25730
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -924,7 +950,7 @@ CVE-2023-25730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730
CVE-2023-25729
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -933,7 +959,7 @@ CVE-2023-25729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25729
CVE-2023-25728
RESERVED
- {DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1377,7 +1403,7 @@ CVE-2023-25613
RESERVED
CVE-2023-0767
RESERVED
- {DSA-5353-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -3088,6 +3114,7 @@ CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has
NOT-FOR-US: TRENDnet
CVE-2023-0616
RESERVED
+ {DSA-5355-1}
- thunderbird 1:102.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616
CVE-2023-0615 (A memory leak flaw and potential divide by zero and Integer overflow w ...)
@@ -5730,6 +5757,7 @@ CVE-2023-22306
RESERVED
CVE-2023-0430
RESERVED
+ {DSA-5355-1}
- thunderbird 1:102.7.1+1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
@@ -6394,7 +6422,7 @@ CVE-2023-0363
CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange message ...)
- {DSA-5349-1}
+ {DSA-5349-1 DLA-3321-1}
- gnutls28 3.7.8-5
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1050
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14
@@ -6827,7 +6855,7 @@ CVE-2023-23606
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606
CVE-2023-23605
RESERVED
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -6840,7 +6868,7 @@ CVE-2023-23604
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604
CVE-2023-23603
RESERVED
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -6849,7 +6877,7 @@ CVE-2023-23603
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603
CVE-2023-23602
RESERVED
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -6858,7 +6886,7 @@ CVE-2023-23602
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602
CVE-2023-23601
RESERVED
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -6879,7 +6907,7 @@ CVE-2023-23599
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599
CVE-2023-23598
RESERVED
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -11244,7 +11272,7 @@ CVE-2022-47988
RESERVED
CVE-2022-47987
RESERVED
-CVE-2022-47986 (IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbit ...)
+CVE-2022-47986 (IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote ...)
NOT-FOR-US: IBM
CVE-2022-47985
RESERVED
@@ -16225,7 +16253,7 @@ CVE-2022-46878 (Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, an
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878
CVE-2022-46877 (By confusing the browser, the fullscreen notification could have been ...)
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 108.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -16261,7 +16289,7 @@ CVE-2022-46872 (An attacker who compromised a content process could have partial
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872
CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...)
- {DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3275-1}
- firefox 108.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -111685,7 +111713,7 @@ CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort
CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...)
NOT-FOR-US: Cisco
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...)
@@ -124924,7 +124952,7 @@ CVE-2021-34751
CVE-2021-34750
RESERVED
CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...)
@@ -169487,12 +169515,12 @@ CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
NOT-FOR-US: Cisco
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1494
RESERVED
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
@@ -170019,7 +170047,7 @@ CVE-2021-1238 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Agent c ...)
NOT-FOR-US: Cisco
CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort 2.9.15.1-1
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq
CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
@@ -170045,11 +170073,11 @@ CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified C
CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2
CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...)
@@ -236796,7 +236824,7 @@ CVE-2020-3317 (A vulnerability in the ssl_inspection component of Cisco Firepowe
CVE-2020-3316
RESERVED
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort <unfixed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...)
@@ -236830,7 +236858,7 @@ CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FM
CVE-2020-3300
RESERVED
CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- {DLA-3317-1}
+ {DSA-5354-1 DLA-3317-1}
- snort 2.9.15.1-1
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
@@ -251666,6 +251694,7 @@ CVE-2019-16886
CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remo ...)
NOT-FOR-US: OkayCMS
CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...)
+ {DLA-3322-1}
- runc 1.0.0~rc9+dfsg1-1 (bug #942026)
[buster] - runc <no-dsa> (Minor issue)
[stretch] - runc <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3153beaa192359b0619e72fbb5492e17b98365a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3153beaa192359b0619e72fbb5492e17b98365a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230218/41ade16f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list