[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 21 08:43:15 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1696d45 by security tracker role at 2023-02-21T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,148 @@
-CVE-2022-48339 [Fix htmlfontify.el command injection vulnerability]
+CVE-2023-26267
+ RESERVED
+CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working director ...)
+ TODO: check
+CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sa ...)
+ TODO: check
+CVE-2023-26264
+ RESERVED
+CVE-2023-26263
+ RESERVED
+CVE-2023-26262
+ RESERVED
+CVE-2023-26261
+ RESERVED
+CVE-2023-26260
+ RESERVED
+CVE-2023-26259
+ RESERVED
+CVE-2023-26258
+ RESERVED
+CVE-2023-26257
+ RESERVED
+CVE-2023-26256
+ RESERVED
+CVE-2023-26255
+ RESERVED
+CVE-2023-26254
+ RESERVED
+CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...)
+ TODO: check
+CVE-2023-26252
+ RESERVED
+CVE-2023-26251
+ RESERVED
+CVE-2023-26250
+ RESERVED
+CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its resources, ...)
+ TODO: check
+CVE-2023-26248
+ RESERVED
+CVE-2023-26247
+ RESERVED
+CVE-2023-26246
+ RESERVED
+CVE-2023-26245
+ RESERVED
+CVE-2023-26244
+ RESERVED
+CVE-2023-26243
+ RESERVED
+CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...)
+ TODO: check
+CVE-2023-26241
+ RESERVED
+CVE-2023-26240
+ RESERVED
+CVE-2023-26239
+ RESERVED
+CVE-2023-26238
+ RESERVED
+CVE-2023-26237
+ RESERVED
+CVE-2023-26236
+ RESERVED
+CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...)
+ TODO: check
+CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...)
+ TODO: check
+CVE-2023-26233
+ RESERVED
+CVE-2023-26232
+ RESERVED
+CVE-2023-26231
+ RESERVED
+CVE-2023-26230
+ RESERVED
+CVE-2023-26229
+ RESERVED
+CVE-2023-26228
+ RESERVED
+CVE-2023-26227
+ RESERVED
+CVE-2023-26226
+ RESERVED
+CVE-2023-26225
+ RESERVED
+CVE-2023-26224
+ RESERVED
+CVE-2023-26223
+ RESERVED
+CVE-2023-26222
+ RESERVED
+CVE-2023-26221
+ RESERVED
+CVE-2023-26220
+ RESERVED
+CVE-2023-26219
+ RESERVED
+CVE-2023-26218
+ RESERVED
+CVE-2023-26217
+ RESERVED
+CVE-2023-26216
+ RESERVED
+CVE-2023-26215
+ RESERVED
+CVE-2023-26214
+ RESERVED
+CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-0933
+ RESERVED
+CVE-2023-0932
+ RESERVED
+CVE-2023-0931
+ RESERVED
+CVE-2023-0930
+ RESERVED
+CVE-2023-0929
+ RESERVED
+CVE-2023-0928
+ RESERVED
+CVE-2023-0927
+ RESERVED
+CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...)
+ TODO: check
+CVE-2022-48336
+ RESERVED
+CVE-2022-48335
+ RESERVED
+CVE-2022-48334
+ RESERVED
+CVE-2022-48333
+ RESERVED
+CVE-2022-48332
+ RESERVED
+CVE-2022-48331
+ RESERVED
+CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...)
- emacs <unfixed>
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
-CVE-2022-48338 [Fix ruby-mode.el local command injection vulnerability]
+CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...)
- emacs <unfixed>
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
-CVE-2022-48337 [Fix etags local command injection vulnerability]
+CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...)
- emacs <unfixed>
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
CVE-2023-26213
@@ -367,12 +505,12 @@ CVE-2017-20178
RESERVED
CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator Plugin 2.1 ...)
NOT-FOR-US: meta4creations Post Duplicator Plugin
-CVE-2015-10082
- RESERVED
+CVE-2015-10082 (A vulnerability classified as problematic has been found in UIKit0 lib ...)
+ TODO: check
CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and c ...)
NOT-FOR-US: arnoldle submitByMailPlugin
-CVE-2014-125089
- RESERVED
+CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been ...)
+ TODO: check
CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed prior to ...)
NOT-FOR-US: pixelfed
CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodester Aut ...)
@@ -4656,8 +4794,8 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certi
NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5)
CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...)
NOT-FOR-US: EMC
-CVE-2023-24575
- RESERVED
+CVE-2023-24575 (Dell Multifunction Printer E525w Driver and Software Suite, versions p ...)
+ TODO: check
CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...)
NOT-FOR-US: Dell
CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitrary fol ...)
@@ -7966,10 +8104,10 @@ CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through
{DSA-5324-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
-CVE-2023-23453
- RESERVED
-CVE-2023-23452
- RESERVED
+CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...)
+ TODO: check
+CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...)
+ TODO: check
CVE-2023-23451
RESERVED
CVE-2023-23450
@@ -25603,8 +25741,8 @@ CVE-2022-44218
RESERVED
CVE-2022-44217
RESERVED
-CVE-2022-44216
- RESERVED
+CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An att ...)
+ TODO: check
CVE-2022-44215
RESERVED
CVE-2022-44214
@@ -130090,29 +130228,29 @@ CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cro
NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
TODO: check details, schould affect src:nbconvert
CVE-2021-32861
- RESERVED
-CVE-2021-32860
- RESERVED
-CVE-2021-32859
- RESERVED
-CVE-2021-32858
- RESERVED
-CVE-2021-32857
- RESERVED
-CVE-2021-32856
- RESERVED
-CVE-2021-32855
- RESERVED
-CVE-2021-32854
- RESERVED
-CVE-2021-32853
- RESERVED
-CVE-2021-32852
- RESERVED
-CVE-2021-32851
- RESERVED
-CVE-2021-32850
- RESERVED
+ REJECTED
+CVE-2021-32860 (iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vu ...)
+ TODO: check
+CVE-2021-32859 (The Baremetrics date range picker is a solution for selecting both dat ...)
+ TODO: check
+CVE-2021-32858 (esdoc-publish-html-plugin is a plugin for the document maintenance sof ...)
+ TODO: check
+CVE-2021-32857 (Cockpit is a content management system that allows addition of content ...)
+ TODO: check
+CVE-2021-32856 (Microweber is a drag and drop website builder and content management s ...)
+ TODO: check
+CVE-2021-32855 (Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are ...)
+ TODO: check
+CVE-2021-32854 (textAngular is a text editor for Angular.js. Version 1.5.16 and prior ...)
+ TODO: check
+CVE-2021-32853 (Erxes, an experience operating system (XOS) with a set of plugins, is ...)
+ TODO: check
+CVE-2021-32852 (Countly, a product analytics solution, is vulnerable to cross-site scr ...)
+ TODO: check
+CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to version 0.1 ...)
+ TODO: check
+CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to version ...)
+ TODO: check
CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
NOT-FOR-US: Gerapy
CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior to pull r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1696d45a582683bc057f481b5ffe61c29b80cef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1696d45a582683bc057f481b5ffe61c29b80cef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/d29fea27/attachment.htm>
More information about the debian-security-tracker-commits
mailing list