[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 21 08:43:15 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1696d45 by security tracker role at 2023-02-21T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,148 @@
-CVE-2022-48339 [Fix htmlfontify.el command injection vulnerability]
+CVE-2023-26267
+	RESERVED
+CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working director ...)
+	TODO: check
+CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sa ...)
+	TODO: check
+CVE-2023-26264
+	RESERVED
+CVE-2023-26263
+	RESERVED
+CVE-2023-26262
+	RESERVED
+CVE-2023-26261
+	RESERVED
+CVE-2023-26260
+	RESERVED
+CVE-2023-26259
+	RESERVED
+CVE-2023-26258
+	RESERVED
+CVE-2023-26257
+	RESERVED
+CVE-2023-26256
+	RESERVED
+CVE-2023-26255
+	RESERVED
+CVE-2023-26254
+	RESERVED
+CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...)
+	TODO: check
+CVE-2023-26252
+	RESERVED
+CVE-2023-26251
+	RESERVED
+CVE-2023-26250
+	RESERVED
+CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its resources, ...)
+	TODO: check
+CVE-2023-26248
+	RESERVED
+CVE-2023-26247
+	RESERVED
+CVE-2023-26246
+	RESERVED
+CVE-2023-26245
+	RESERVED
+CVE-2023-26244
+	RESERVED
+CVE-2023-26243
+	RESERVED
+CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...)
+	TODO: check
+CVE-2023-26241
+	RESERVED
+CVE-2023-26240
+	RESERVED
+CVE-2023-26239
+	RESERVED
+CVE-2023-26238
+	RESERVED
+CVE-2023-26237
+	RESERVED
+CVE-2023-26236
+	RESERVED
+CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...)
+	TODO: check
+CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...)
+	TODO: check
+CVE-2023-26233
+	RESERVED
+CVE-2023-26232
+	RESERVED
+CVE-2023-26231
+	RESERVED
+CVE-2023-26230
+	RESERVED
+CVE-2023-26229
+	RESERVED
+CVE-2023-26228
+	RESERVED
+CVE-2023-26227
+	RESERVED
+CVE-2023-26226
+	RESERVED
+CVE-2023-26225
+	RESERVED
+CVE-2023-26224
+	RESERVED
+CVE-2023-26223
+	RESERVED
+CVE-2023-26222
+	RESERVED
+CVE-2023-26221
+	RESERVED
+CVE-2023-26220
+	RESERVED
+CVE-2023-26219
+	RESERVED
+CVE-2023-26218
+	RESERVED
+CVE-2023-26217
+	RESERVED
+CVE-2023-26216
+	RESERVED
+CVE-2023-26215
+	RESERVED
+CVE-2023-26214
+	RESERVED
+CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+	TODO: check
+CVE-2023-0933
+	RESERVED
+CVE-2023-0932
+	RESERVED
+CVE-2023-0931
+	RESERVED
+CVE-2023-0930
+	RESERVED
+CVE-2023-0929
+	RESERVED
+CVE-2023-0928
+	RESERVED
+CVE-2023-0927
+	RESERVED
+CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...)
+	TODO: check
+CVE-2022-48336
+	RESERVED
+CVE-2022-48335
+	RESERVED
+CVE-2022-48334
+	RESERVED
+CVE-2022-48333
+	RESERVED
+CVE-2022-48332
+	RESERVED
+CVE-2022-48331
+	RESERVED
+CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has  ...)
 	- emacs <unfixed>
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
-CVE-2022-48338 [Fix ruby-mode.el local command injection vulnerability]
+CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...)
 	- emacs <unfixed>
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
-CVE-2022-48337 [Fix etags local command injection vulnerability]
+CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell  ...)
 	- emacs <unfixed>
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
 CVE-2023-26213
@@ -367,12 +505,12 @@ CVE-2017-20178
 	RESERVED
 CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator Plugin 2.1 ...)
 	NOT-FOR-US: meta4creations Post Duplicator Plugin
-CVE-2015-10082
-	RESERVED
+CVE-2015-10082 (A vulnerability classified as problematic has been found in UIKit0 lib ...)
+	TODO: check
 CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and c ...)
 	NOT-FOR-US: arnoldle submitByMailPlugin
-CVE-2014-125089
-	RESERVED
+CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been ...)
+	TODO: check
 CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed prior to ...)
 	NOT-FOR-US: pixelfed
 CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodester Aut ...)
@@ -4656,8 +4794,8 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certi
 	NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5)
 CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...)
 	NOT-FOR-US: EMC
-CVE-2023-24575
-	RESERVED
+CVE-2023-24575 (Dell Multifunction Printer E525w Driver and Software Suite, versions p ...)
+	TODO: check
 CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...)
 	NOT-FOR-US: Dell
 CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitrary fol ...)
@@ -7966,10 +8104,10 @@ CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through
 	{DSA-5324-1}
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
-CVE-2023-23453
-	RESERVED
-CVE-2023-23452
-	RESERVED
+CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...)
+	TODO: check
+CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...)
+	TODO: check
 CVE-2023-23451
 	RESERVED
 CVE-2023-23450
@@ -25603,8 +25741,8 @@ CVE-2022-44218
 	RESERVED
 CVE-2022-44217
 	RESERVED
-CVE-2022-44216
-	RESERVED
+CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An att ...)
+	TODO: check
 CVE-2022-44215
 	RESERVED
 CVE-2022-44214
@@ -130090,29 +130228,29 @@ CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cro
 	NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
 	TODO: check details, schould affect src:nbconvert
 CVE-2021-32861
-	RESERVED
-CVE-2021-32860
-	RESERVED
-CVE-2021-32859
-	RESERVED
-CVE-2021-32858
-	RESERVED
-CVE-2021-32857
-	RESERVED
-CVE-2021-32856
-	RESERVED
-CVE-2021-32855
-	RESERVED
-CVE-2021-32854
-	RESERVED
-CVE-2021-32853
-	RESERVED
-CVE-2021-32852
-	RESERVED
-CVE-2021-32851
-	RESERVED
-CVE-2021-32850
-	RESERVED
+	REJECTED
+CVE-2021-32860 (iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vu ...)
+	TODO: check
+CVE-2021-32859 (The Baremetrics date range picker is a solution for selecting both dat ...)
+	TODO: check
+CVE-2021-32858 (esdoc-publish-html-plugin is a plugin for the document maintenance sof ...)
+	TODO: check
+CVE-2021-32857 (Cockpit is a content management system that allows addition of content ...)
+	TODO: check
+CVE-2021-32856 (Microweber is a drag and drop website builder and content management s ...)
+	TODO: check
+CVE-2021-32855 (Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are  ...)
+	TODO: check
+CVE-2021-32854 (textAngular is a text editor for Angular.js. Version 1.5.16 and prior  ...)
+	TODO: check
+CVE-2021-32853 (Erxes, an experience operating system (XOS) with a set of plugins, is  ...)
+	TODO: check
+CVE-2021-32852 (Countly, a product analytics solution, is vulnerable to cross-site scr ...)
+	TODO: check
+CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to version 0.1 ...)
+	TODO: check
+CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to version  ...)
+	TODO: check
 CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
 	NOT-FOR-US: Gerapy
 CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior to pull r ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1696d45a582683bc057f481b5ffe61c29b80cef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1696d45a582683bc057f481b5ffe61c29b80cef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/d29fea27/attachment.htm>

More information about the debian-security-tracker-commits mailing list