[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 20 20:10:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b1527c76 by security tracker role at 2023-02-20T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,241 @@
+CVE-2023-26213
+ RESERVED
+CVE-2023-26212
+ RESERVED
+CVE-2023-26211
+ RESERVED
+CVE-2023-26210
+ RESERVED
+CVE-2023-26209
+ RESERVED
+CVE-2023-26208
+ RESERVED
+CVE-2023-26207
+ RESERVED
+CVE-2023-26206
+ RESERVED
+CVE-2023-26205
+ RESERVED
+CVE-2023-26204
+ RESERVED
+CVE-2023-26203
+ RESERVED
+CVE-2023-26202
+ RESERVED
+CVE-2023-26201
+ RESERVED
+CVE-2023-26200
+ RESERVED
+CVE-2023-26199
+ RESERVED
+CVE-2023-26198
+ RESERVED
+CVE-2023-26197
+ RESERVED
+CVE-2023-26196
+ RESERVED
+CVE-2023-26195
+ RESERVED
+CVE-2023-26194
+ RESERVED
+CVE-2023-26193
+ RESERVED
+CVE-2023-26192
+ RESERVED
+CVE-2023-26191
+ RESERVED
+CVE-2023-26190
+ RESERVED
+CVE-2023-26189
+ RESERVED
+CVE-2023-26188
+ RESERVED
+CVE-2023-26187
+ RESERVED
+CVE-2023-26186
+ RESERVED
+CVE-2023-26185
+ RESERVED
+CVE-2023-26184
+ RESERVED
+CVE-2023-26183
+ RESERVED
+CVE-2023-26182
+ RESERVED
+CVE-2023-26181
+ RESERVED
+CVE-2023-26180
+ RESERVED
+CVE-2023-26179
+ RESERVED
+CVE-2023-26178
+ RESERVED
+CVE-2023-26177
+ RESERVED
+CVE-2023-26176
+ RESERVED
+CVE-2023-26175
+ RESERVED
+CVE-2023-26174
+ RESERVED
+CVE-2023-26173
+ RESERVED
+CVE-2023-26172
+ RESERVED
+CVE-2023-26171
+ RESERVED
+CVE-2023-26170
+ RESERVED
+CVE-2023-26169
+ RESERVED
+CVE-2023-26168
+ RESERVED
+CVE-2023-26167
+ RESERVED
+CVE-2023-26166
+ RESERVED
+CVE-2023-26165
+ RESERVED
+CVE-2023-26164
+ RESERVED
+CVE-2023-26163
+ RESERVED
+CVE-2023-26162
+ RESERVED
+CVE-2023-26161
+ RESERVED
+CVE-2023-26160
+ RESERVED
+CVE-2023-26159
+ RESERVED
+CVE-2023-26158
+ RESERVED
+CVE-2023-26157
+ RESERVED
+CVE-2023-26156
+ RESERVED
+CVE-2023-26155
+ RESERVED
+CVE-2023-26154
+ RESERVED
+CVE-2023-26153
+ RESERVED
+CVE-2023-26152
+ RESERVED
+CVE-2023-26151
+ RESERVED
+CVE-2023-26150
+ RESERVED
+CVE-2023-26149
+ RESERVED
+CVE-2023-26148
+ RESERVED
+CVE-2023-26147
+ RESERVED
+CVE-2023-26146
+ RESERVED
+CVE-2023-26145
+ RESERVED
+CVE-2023-26144
+ RESERVED
+CVE-2023-26143
+ RESERVED
+CVE-2023-26142
+ RESERVED
+CVE-2023-26141
+ RESERVED
+CVE-2023-26140
+ RESERVED
+CVE-2023-26139
+ RESERVED
+CVE-2023-26138
+ RESERVED
+CVE-2023-26137
+ RESERVED
+CVE-2023-26136
+ RESERVED
+CVE-2023-26135
+ RESERVED
+CVE-2023-26134
+ RESERVED
+CVE-2023-26133
+ RESERVED
+CVE-2023-26132
+ RESERVED
+CVE-2023-26131
+ RESERVED
+CVE-2023-26130
+ RESERVED
+CVE-2023-26129
+ RESERVED
+CVE-2023-26128
+ RESERVED
+CVE-2023-26127
+ RESERVED
+CVE-2023-26126
+ RESERVED
+CVE-2023-26125
+ RESERVED
+CVE-2023-26124
+ RESERVED
+CVE-2023-26123
+ RESERVED
+CVE-2023-26122
+ RESERVED
+CVE-2023-26121
+ RESERVED
+CVE-2023-26120
+ RESERVED
+CVE-2023-26119
+ RESERVED
+CVE-2023-26118
+ RESERVED
+CVE-2023-26117
+ RESERVED
+CVE-2023-26116
+ RESERVED
+CVE-2023-26115
+ RESERVED
+CVE-2023-26114
+ RESERVED
+CVE-2023-26113
+ RESERVED
+CVE-2023-26112
+ RESERVED
+CVE-2023-26111
+ RESERVED
+CVE-2023-26110
+ RESERVED
+CVE-2023-26109
+ RESERVED
+CVE-2023-26108
+ RESERVED
+CVE-2023-26107
+ RESERVED
+CVE-2023-26106
+ RESERVED
+CVE-2023-26105
+ RESERVED
+CVE-2023-26104
+ RESERVED
+CVE-2023-26103
+ RESERVED
+CVE-2023-26102
+ RESERVED
+CVE-2023-0926
+ RESERVED
+CVE-2023-0925
+ RESERVED
+CVE-2023-0924
+ RESERVED
+CVE-2023-0923
+ RESERVED
+CVE-2023-0922
+ RESERVED
+CVE-2023-0921
+ RESERVED
+CVE-2022-48330
+ RESERVED
CVE-2023-26101
RESERVED
CVE-2023-26100
@@ -118,12 +356,12 @@ CVE-2023-0915 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Auto Dealer Management System
CVE-2017-20178
RESERVED
-CVE-2016-15027
- RESERVED
+CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator Plugin 2.1 ...)
+ TODO: check
CVE-2015-10082
RESERVED
-CVE-2015-10081
- RESERVED
+CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and c ...)
+ TODO: check
CVE-2014-125089
RESERVED
CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed prior to ...)
@@ -132,16 +370,16 @@ CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Auto Dealer Management System
CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Auto Dealer Management System
-CVE-2019-25104
- RESERVED
-CVE-2016-15026
- RESERVED
-CVE-2016-15025
- RESERVED
-CVE-2015-10080
- RESERVED
-CVE-2014-125088
- RESERVED
+CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...)
+ TODO: check
+CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and classified as p ...)
+ TODO: check
+CVE-2016-15025 (A vulnerability, which was classified as problematic, was found in gen ...)
+ TODO: check
+CVE-2015-10080 (A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been ...)
+ TODO: check
+CVE-2014-125088 (A vulnerability was found in qt-users-jp silk 0.0.1. It has been decla ...)
+ TODO: check
CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been ...)
NOT-FOR-US: OAICat
CVE-2012-10008 (A vulnerability, which was classified as critical, has been found in u ...)
@@ -798,8 +1036,8 @@ CVE-2023-25807
RESERVED
CVE-2023-25806
RESERVED
-CVE-2023-25805
- RESERVED
+CVE-2023-25805 (versionn, software for changing version information across multiple fi ...)
+ TODO: check
CVE-2023-25804
RESERVED
CVE-2023-25803
@@ -986,7 +1224,7 @@ CVE-2023-25747
RESERVED
CVE-2023-25746
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
@@ -997,7 +1235,7 @@ CVE-2023-25745
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
CVE-2023-25744
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1012,7 +1250,7 @@ CVE-2023-25743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
CVE-2023-25742
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1029,7 +1267,7 @@ CVE-2023-25740
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
CVE-2023-25739
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1046,7 +1284,7 @@ CVE-2023-25738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25738
CVE-2023-25737
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1059,7 +1297,7 @@ CVE-2023-25736
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1080,7 +1318,7 @@ CVE-2023-25733
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1093,7 +1331,7 @@ CVE-2023-25731
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
CVE-2023-25730
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1102,7 +1340,7 @@ CVE-2023-25730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730
CVE-2023-25729
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1111,7 +1349,7 @@ CVE-2023-25729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25729
CVE-2023-25728
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1453,8 +1691,8 @@ CVE-2023-25658
RESERVED
CVE-2023-25657
RESERVED
-CVE-2023-25656
- RESERVED
+CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...)
+ TODO: check
CVE-2023-25655
RESERVED
CVE-2023-25654
@@ -1552,12 +1790,11 @@ CVE-2023-25615
RESERVED
CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, ...)
NOT-FOR-US: SAP
-CVE-2023-25613
- RESERVED
+CVE-2023-25613 (An LDAP Injection vulnerability exists in the LdapIdentityBackend of A ...)
NOT-FOR-US: Apache Kerby
CVE-2023-0767
RESERVED
- {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3327-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -1656,16 +1893,16 @@ CVE-2023-0746
RESERVED
CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Manag ...)
- yugabyte-db <itp> (bug #989673)
-CVE-2022-48321
- RESERVED
-CVE-2022-48320
- RESERVED
-CVE-2022-48319
- RESERVED
-CVE-2022-48318
- RESERVED
-CVE-2022-48317
- RESERVED
+CVE-2022-48321 (Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe2 ...)
+ TODO: check
+CVE-2022-48320 (Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, ...)
+ TODO: check
+CVE-2022-48319 (Sensitive host secret disclosed in cmk-update-agent.log file in Tribe2 ...)
+ TODO: check
+CVE-2022-48318 (No authorisation controls in the RestAPI documentation for Tribe29's C ...)
+ TODO: check
+CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for Tribe ...)
+ TODO: check
CVE-2023-25600
RESERVED
CVE-2023-25599
@@ -1754,10 +1991,10 @@ CVE-2023-25572 (react-admin is a frontend framework for building browser applica
NOT-FOR-US: react-admin
CVE-2023-25571 (Backstage is an open platform for building developer portals. `@backst ...)
NOT-FOR-US: Backstage
-CVE-2023-25570
- RESERVED
-CVE-2023-25569
- RESERVED
+CVE-2023-25570 (Apollo is a configuration management system. Prior to version 2.1.0, t ...)
+ TODO: check
+CVE-2023-25569 (Apollo is a configuration management system. Prior to version 2.1.0, a ...)
+ TODO: check
CVE-2023-25568
RESERVED
CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...)
@@ -3226,8 +3463,8 @@ CVE-2023-25000
RESERVED
CVE-2023-24999
RESERVED
-CVE-2023-24998
- RESERVED
+CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
+ TODO: check
CVE-2023-24996 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-24995 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
@@ -3274,7 +3511,7 @@ CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has
NOT-FOR-US: TRENDnet
CVE-2023-0616
RESERVED
- {DSA-5355-1}
+ {DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616
CVE-2023-0615 (A memory leak flaw and potential divide by zero and Integer overflow w ...)
@@ -4353,6 +4590,7 @@ CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hi
CVE-2023-0526
RESERVED
CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Django 3.2 ...)
+ {DLA-3329-1}
- python-django 3:3.2.18-1 (bug #1031290)
NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18)
@@ -5922,7 +6160,7 @@ CVE-2023-22306
RESERVED
CVE-2023-0430
RESERVED
- {DSA-5355-1}
+ {DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.7.1+1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
@@ -6510,12 +6748,12 @@ CVE-2023-0368
RESERVED
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as problema ...)
NOT-FOR-US: MyCMS
-CVE-2022-47909
- RESERVED
-CVE-2022-46836
- RESERVED
-CVE-2022-46303
- RESERVED
+CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP query h ...)
+ TODO: check
+CVE-2022-46836 (PHP code injection in watolib auth.php and hosttags.php in Tribe29's C ...)
+ TODO: check
+CVE-2022-46303 (Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p ...)
+ TODO: check
CVE-2022-46302
RESERVED
CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk b ...)
@@ -7021,7 +7259,7 @@ CVE-2023-23606
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606
CVE-2023-23605
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7034,7 +7272,7 @@ CVE-2023-23604
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604
CVE-2023-23603
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7043,7 +7281,7 @@ CVE-2023-23603
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603
CVE-2023-23602
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7052,7 +7290,7 @@ CVE-2023-23602
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602
CVE-2023-23601
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7073,7 +7311,7 @@ CVE-2023-23599
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599
CVE-2023-23598
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7292,7 +7530,7 @@ CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...)
NOT-FOR-US: ityouknow favorites-web
CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address proc ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8)
@@ -8497,7 +8735,7 @@ CVE-2023-0216 (An invalid pointer dereference on read can be triggered when an a
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8)
CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used for str ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...)
@@ -14467,7 +14705,7 @@ CVE-2022-4553 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4551 (The Rich Table of Contents WordPress plugin through 1.3.7 does not val ...)
+CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4550
RESERVED
@@ -14862,7 +15100,7 @@ CVE-2022-4488 (The Widgets on Pages WordPress plugin through 1.6.0 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not validate and ...)
+CVE-2022-4486 (The Meteor Slides WordPress plugin before 1.5.7 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
@@ -15183,7 +15421,7 @@ CVE-2022-4452
CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and parses ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83 (openssl-3.0.8)
@@ -16425,7 +16663,7 @@ CVE-2022-46878 (Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, an
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878
CVE-2022-46877 (By confusing the browser, the fullscreen notification could have been ...)
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 108.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -16461,7 +16699,7 @@ CVE-2022-46872 (An attacker who compromised a content process could have partial
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872
CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...)
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 108.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -17201,7 +17439,7 @@ CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does
CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption imple ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8)
@@ -20720,7 +20958,7 @@ CVE-2022-43468 (External initialization of trusted variables or data stores vuln
NOT-FOR-US: WordPress plugin
CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, which ma ...)
NOT-FOR-US: TP-Link
-CVE-2022-4010 (The Image Hover Effects WordPress plugin through 5.3 does not sanitise ...)
+CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4009
RESERVED
@@ -22101,8 +22339,8 @@ CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transcei
[bullseye] - linux 5.10.148-1
CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2022-3901
- RESERVED
+CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute ...)
+ TODO: check
CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45058
@@ -27549,6 +27787,7 @@ CVE-2023-20053
RESERVED
CVE-2023-20052
RESERVED
+ {DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
@@ -27592,6 +27831,7 @@ CVE-2023-20033
RESERVED
CVE-2023-20032
RESERVED
+ {DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
@@ -55667,7 +55907,7 @@ CVE-2022-33760
CVE-2022-33759
RESERVED
CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.5-1 (bug #1023424)
NOTE: https://www.openssl.org/news/secadv/20220705.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93 (openssl-3.0.5)
@@ -61153,12 +61393,12 @@ CVE-2022-31653
CVE-2022-31652
RESERVED
CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
@@ -111073,7 +111313,7 @@ CVE-2021-40428
CVE-2021-40427
RESERVED
CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012138)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
NOTE: https://sourceforge.net/p/sox/bugs/362/
@@ -120467,7 +120707,7 @@ CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vul
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
NOT-FOR-US: Node is-email
CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
NOTE: Triggered by same reproducer as for CVE-2021-23210
@@ -127265,7 +127505,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions han
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1021135)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
NOTE: https://sourceforge.net/p/sox/bugs/349/
@@ -127275,19 +127515,19 @@ CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of
CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
NOT-FOR-US: SGE-PLC1000 device
CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered in So ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
NOTE: https://sourceforge.net/p/sox/bugs/351/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1021134)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
NOTE: https://sourceforge.net/p/sox/bugs/350/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1021133)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
NOTE: https://sourceforge.net/p/sox/bugs/352/
@@ -129865,10 +130105,10 @@ CVE-2021-32850
RESERVED
CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
NOT-FOR-US: Gerapy
-CVE-2021-32848
- RESERVED
-CVE-2021-32847
- RESERVED
+CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior to pull r ...)
+ TODO: check
+CVE-2021-32847 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
+ TODO: check
CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
TODO: check
CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
@@ -211479,7 +211719,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be
- firefox <not-affected> (Specific to iOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- nss 2:3.55-1
NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
@@ -211491,7 +211731,7 @@ CVE-2020-12402 (During RSA key generation, bignum implementations used a variati
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
@@ -211499,7 +211739,7 @@ CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
@@ -227157,7 +227397,7 @@ CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP ch
CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...)
- firefox <not-affected> (Firefox on iOS)
CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point multipl ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1527c76a814fcf05ac0fa82d95f3fe59cb21628
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1527c76a814fcf05ac0fa82d95f3fe59cb21628
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230220/4c6a2d74/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list