[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 22 08:10:44 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f452d45 by security tracker role at 2023-02-22T08:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2023-26314
+CVE-2023-26313
+	RESERVED
+CVE-2023-26312
+	RESERVED
+CVE-2023-26311
+	RESERVED
+CVE-2023-26310
+	RESERVED
+CVE-2023-26309
+	RESERVED
+CVE-2023-26308
+	RESERVED
+CVE-2023-26307
+	RESERVED
+CVE-2023-26306
+	RESERVED
+CVE-2023-26305
+	RESERVED
+CVE-2023-26304
+	RESERVED
+CVE-2023-26303
+	RESERVED
+CVE-2023-26302
+	RESERVED
+CVE-2023-26301
+	RESERVED
+CVE-2023-26300
+	RESERVED
+CVE-2023-26299
+	RESERVED
+CVE-2023-26298
+	RESERVED
+CVE-2023-26297
+	RESERVED
+CVE-2023-26296
+	RESERVED
+CVE-2023-26295
+	RESERVED
+CVE-2023-26294
+	RESERVED
+CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress prior to 1 ...)
+	TODO: check
+CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS Management S ...)
+	TODO: check
+CVE-2023-0945 (A vulnerability, which was classified as problematic, was found in Sou ...)
+	TODO: check
+CVE-2023-0944
+	RESERVED
+CVE-2023-0943 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable to Re ...)
+	TODO: check
+CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...)
 	- mono 6.8.0.105+dfsg-3.3 (bug #972146)
 	[bullseye] - mono <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
@@ -561,10 +613,10 @@ CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order param
 	NOT-FOR-US: MISP
 CVE-2022-48328 (app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.1 ...)
 	NOT-FOR-US: MISP
-CVE-2021-4325
-	RESERVED
-CVE-2017-20179
-	RESERVED
+CVE-2021-4325 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2017-20179 (A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated a ...)
+	TODO: check
 CVE-2015-10085 (A vulnerability was found in GoPistolet. It has been declared as probl ...)
 	TODO: check
 CVE-2015-10084 (A vulnerability was found in irontec klear-library chloe and classifie ...)
@@ -1251,12 +1303,12 @@ CVE-2023-25814
 	RESERVED
 CVE-2023-25813
 	RESERVED
-CVE-2023-25812
-	RESERVED
-CVE-2023-25811
-	RESERVED
-CVE-2023-25810
-	RESERVED
+CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected versions do  ...)
+	TODO: check
+CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...)
+	TODO: check
+CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...)
+	TODO: check
 CVE-2023-25809
 	RESERVED
 CVE-2023-25808
@@ -1691,42 +1743,52 @@ CVE-2023-25691
 CVE-2023-0805
 	RESERVED
 CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/497
 CVE-2023-0803 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/501
 CVE-2023-0802 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/500
 CVE-2023-0801 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_un ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/498
 CVE-2023-0800 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/496
 CVE-2023-0799 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/494
 CVE-2023-0798 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/492
 CVE-2023-0797 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_uni ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/495
 CVE-2023-0796 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/499
 CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+	{DLA-3333-1}
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/493
@@ -1919,8 +1981,8 @@ CVE-2023-25659
 	RESERVED
 CVE-2023-25658
 	RESERVED
-CVE-2023-25657
-	RESERVED
+CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
+	TODO: check
 CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...)
 	NOT-FOR-US: notation-go
 CVE-2023-25655
@@ -3261,10 +3323,10 @@ CVE-2023-25160 (Nextcloud Mail is an email app for the Nextcloud home server pla
 	NOT-FOR-US: Nextcloud Mail
 CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2023-25158
-	RESERVED
-CVE-2023-25157
-	RESERVED
+CVE-2023-25158 (GeoTools is an open source Java library that provides tools for geospa ...)
+	TODO: check
+CVE-2023-25157 (GeoServer is an open source software server written in Java that allow ...)
+	TODO: check
 CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-25155
@@ -5609,8 +5671,8 @@ CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the File
 	NOT-FOR-US: Mojoportal
 CVE-2023-24321
 	RESERVED
-CVE-2023-24320
-	RESERVED
+CVE-2023-24320 (An access control issue in Axcora POS #0~gitf77ec09 allows unauthentic ...)
+	TODO: check
 CVE-2023-24319
 	RESERVED
 CVE-2023-24318
@@ -6033,10 +6095,10 @@ CVE-2023-24110
 	RESERVED
 CVE-2023-24109
 	RESERVED
-CVE-2023-24108
-	RESERVED
-CVE-2023-24107
-	RESERVED
+CVE-2023-24108 (MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to co ...)
+	TODO: check
+CVE-2023-24107 (hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459f ...)
+	TODO: check
 CVE-2023-24106
 	RESERVED
 CVE-2023-24105
@@ -6087,10 +6149,10 @@ CVE-2023-24083
 	RESERVED
 CVE-2023-24082
 	RESERVED
-CVE-2023-24081
-	RESERVED
-CVE-2023-24080
-	RESERVED
+CVE-2023-24081 (Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock  ...)
+	TODO: check
+CVE-2023-24080 (A lack of rate limiting on the password reset endpoint of Chamberlain  ...)
+	TODO: check
 CVE-2023-24079
 	RESERVED
 CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to contain a r ...)
@@ -17755,8 +17817,8 @@ CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correo
 	NOT-FOR-US: Prestashop
 CVE-2022-46638
 	RESERVED
-CVE-2022-46637
-	RESERVED
+CVE-2022-46637 (Prolink router PRS1841 was discovered to contain hardcoded credentials ...)
+	TODO: check
 CVE-2022-46636
 	RESERVED
 CVE-2022-46635
@@ -24899,14 +24961,14 @@ CVE-2023-20860
 	RESERVED
 CVE-2023-20859
 	RESERVED
-CVE-2023-20858
-	RESERVED
+CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
+	TODO: check
 CVE-2023-20857
 	RESERVED
 CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...)
 	NOT-FOR-US: VMware
-CVE-2023-20855
-	RESERVED
+CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity (XXE) vul ...)
+	TODO: check
 CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion vulnerability.  ...)
 	NOT-FOR-US: VMware
 CVE-2022-44605
@@ -41973,8 +42035,8 @@ CVE-2022-38781
 	RESERVED
 CVE-2022-38780
 	RESERVED
-CVE-2022-38779
-	RESERVED
+CVE-2022-38779 (An open redirect issue was discovered in Kibana that could lead to a u ...)
+	TODO: check
 CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of Kibana’s third  ...)
 	- kibana <itp> (bug #700337)
 CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
@@ -43226,8 +43288,8 @@ CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_pr
 CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
-CVE-2022-2883
-	RESERVED
+CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload a zipb ...)
+	TODO: check
 CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either  ...)
@@ -153236,35 +153298,35 @@ CVE-2021-23953 (If a user clicked into a specifically crafted PDF, the PDF reade
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23953
 CVE-2021-23952
-	RESERVED
+	REJECTED
 CVE-2021-23951
-	RESERVED
+	REJECTED
 CVE-2021-23950
-	RESERVED
+	REJECTED
 CVE-2021-23949
-	RESERVED
+	REJECTED
 CVE-2021-23948
-	RESERVED
+	REJECTED
 CVE-2021-23947
-	RESERVED
+	REJECTED
 CVE-2021-23946
-	RESERVED
+	REJECTED
 CVE-2021-23945
-	RESERVED
+	REJECTED
 CVE-2021-23944
-	RESERVED
+	REJECTED
 CVE-2021-23943
-	RESERVED
+	REJECTED
 CVE-2021-23942
-	RESERVED
+	REJECTED
 CVE-2021-23941
-	RESERVED
+	REJECTED
 CVE-2021-23940
-	RESERVED
+	REJECTED
 CVE-2021-23939
-	RESERVED
+	REJECTED
 CVE-2021-23938
-	RESERVED
+	REJECTED
 CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...)
 	NOT-FOR-US: Apache Wicket
 CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f452d4526f14388658993253371dc9f0ab7f57a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f452d4526f14388658993253371dc9f0ab7f57a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230222/6a2509fe/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list