[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 23 08:10:33 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32401dca by security tracker role at 2023-02-23T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,369 @@
+CVE-2023-26463
+ RESERVED
+CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...)
+ TODO: check
+CVE-2023-26461
+ RESERVED
+CVE-2023-26460
+ RESERVED
+CVE-2023-26459
+ RESERVED
+CVE-2023-26458
+ RESERVED
+CVE-2023-26457
+ RESERVED
+CVE-2023-26456
+ RESERVED
+CVE-2023-26455
+ RESERVED
+CVE-2023-26454
+ RESERVED
+CVE-2023-26453
+ RESERVED
+CVE-2023-26452
+ RESERVED
+CVE-2023-26451
+ RESERVED
+CVE-2023-26450
+ RESERVED
+CVE-2023-26449
+ RESERVED
+CVE-2023-26448
+ RESERVED
+CVE-2023-26447
+ RESERVED
+CVE-2023-26446
+ RESERVED
+CVE-2023-26445
+ RESERVED
+CVE-2023-26444
+ RESERVED
+CVE-2023-26443
+ RESERVED
+CVE-2023-26442
+ RESERVED
+CVE-2023-26441
+ RESERVED
+CVE-2023-26440
+ RESERVED
+CVE-2023-26439
+ RESERVED
+CVE-2023-26438
+ RESERVED
+CVE-2023-26437
+ RESERVED
+CVE-2023-26436
+ RESERVED
+CVE-2023-26435
+ RESERVED
+CVE-2023-26434
+ RESERVED
+CVE-2023-26433
+ RESERVED
+CVE-2023-26432
+ RESERVED
+CVE-2023-26431
+ RESERVED
+CVE-2023-26430
+ RESERVED
+CVE-2023-26429
+ RESERVED
+CVE-2023-26428
+ RESERVED
+CVE-2023-26427
+ RESERVED
+CVE-2023-26426
+ RESERVED
+CVE-2023-26425
+ RESERVED
+CVE-2023-26424
+ RESERVED
+CVE-2023-26423
+ RESERVED
+CVE-2023-26422
+ RESERVED
+CVE-2023-26421
+ RESERVED
+CVE-2023-26420
+ RESERVED
+CVE-2023-26419
+ RESERVED
+CVE-2023-26418
+ RESERVED
+CVE-2023-26417
+ RESERVED
+CVE-2023-26416
+ RESERVED
+CVE-2023-26415
+ RESERVED
+CVE-2023-26414
+ RESERVED
+CVE-2023-26413
+ RESERVED
+CVE-2023-26412
+ RESERVED
+CVE-2023-26411
+ RESERVED
+CVE-2023-26410
+ RESERVED
+CVE-2023-26409
+ RESERVED
+CVE-2023-26408
+ RESERVED
+CVE-2023-26407
+ RESERVED
+CVE-2023-26406
+ RESERVED
+CVE-2023-26405
+ RESERVED
+CVE-2023-26404
+ RESERVED
+CVE-2023-26403
+ RESERVED
+CVE-2023-26402
+ RESERVED
+CVE-2023-26401
+ RESERVED
+CVE-2023-26400
+ RESERVED
+CVE-2023-26399
+ RESERVED
+CVE-2023-26398
+ RESERVED
+CVE-2023-26397
+ RESERVED
+CVE-2023-26396
+ RESERVED
+CVE-2023-26395
+ RESERVED
+CVE-2023-26394
+ RESERVED
+CVE-2023-26393
+ RESERVED
+CVE-2023-26392
+ RESERVED
+CVE-2023-26391
+ RESERVED
+CVE-2023-26390
+ RESERVED
+CVE-2023-26389
+ RESERVED
+CVE-2023-26388
+ RESERVED
+CVE-2023-26387
+ RESERVED
+CVE-2023-26386
+ RESERVED
+CVE-2023-26385
+ RESERVED
+CVE-2023-26384
+ RESERVED
+CVE-2023-26383
+ RESERVED
+CVE-2023-26382
+ RESERVED
+CVE-2023-26381
+ RESERVED
+CVE-2023-26380
+ RESERVED
+CVE-2023-26379
+ RESERVED
+CVE-2023-26378
+ RESERVED
+CVE-2023-26377
+ RESERVED
+CVE-2023-26376
+ RESERVED
+CVE-2023-26375
+ RESERVED
+CVE-2023-26374
+ RESERVED
+CVE-2023-26373
+ RESERVED
+CVE-2023-26372
+ RESERVED
+CVE-2023-26371
+ RESERVED
+CVE-2023-26370
+ RESERVED
+CVE-2023-26369
+ RESERVED
+CVE-2023-26368
+ RESERVED
+CVE-2023-26367
+ RESERVED
+CVE-2023-26366
+ RESERVED
+CVE-2023-26365
+ RESERVED
+CVE-2023-26364
+ RESERVED
+CVE-2023-26363
+ RESERVED
+CVE-2023-26362
+ RESERVED
+CVE-2023-26361
+ RESERVED
+CVE-2023-26360
+ RESERVED
+CVE-2023-26359
+ RESERVED
+CVE-2023-26358
+ RESERVED
+CVE-2023-26357
+ RESERVED
+CVE-2023-26356
+ RESERVED
+CVE-2023-26355
+ RESERVED
+CVE-2023-26354
+ RESERVED
+CVE-2023-26353
+ RESERVED
+CVE-2023-26352
+ RESERVED
+CVE-2023-26351
+ RESERVED
+CVE-2023-26350
+ RESERVED
+CVE-2023-26349
+ RESERVED
+CVE-2023-26348
+ RESERVED
+CVE-2023-26347
+ RESERVED
+CVE-2023-26346
+ RESERVED
+CVE-2023-26345
+ RESERVED
+CVE-2023-26344
+ RESERVED
+CVE-2023-26343
+ RESERVED
+CVE-2023-26342
+ RESERVED
+CVE-2023-26341
+ RESERVED
+CVE-2023-26340
+ RESERVED
+CVE-2023-26339
+ RESERVED
+CVE-2023-26338
+ RESERVED
+CVE-2023-26337
+ RESERVED
+CVE-2023-26336
+ RESERVED
+CVE-2023-26335
+ RESERVED
+CVE-2023-26334
+ RESERVED
+CVE-2023-26333
+ RESERVED
+CVE-2023-26332
+ RESERVED
+CVE-2023-26331
+ RESERVED
+CVE-2023-26330
+ RESERVED
+CVE-2023-26329
+ RESERVED
+CVE-2023-26328
+ RESERVED
+CVE-2023-26327
+ RESERVED
+CVE-2023-26326
+ RESERVED
+CVE-2023-26325
+ RESERVED
+CVE-2023-26324
+ RESERVED
+CVE-2023-26323
+ RESERVED
+CVE-2023-26322
+ RESERVED
+CVE-2023-26321
+ RESERVED
+CVE-2023-26320
+ RESERVED
+CVE-2023-26319
+ RESERVED
+CVE-2023-26318
+ RESERVED
+CVE-2023-26317
+ RESERVED
+CVE-2023-26316
+ RESERVED
+CVE-2023-26315
+ RESERVED
+CVE-2023-0979
+ RESERVED
+CVE-2023-0978
+ RESERVED
+CVE-2023-0977
+ RESERVED
+CVE-2023-0976
+ RESERVED
+CVE-2023-0975
+ RESERVED
+CVE-2023-0974
+ RESERVED
+CVE-2023-0973
+ RESERVED
+CVE-2023-0972
+ RESERVED
+CVE-2023-0971
+ RESERVED
+CVE-2023-0970
+ RESERVED
+CVE-2023-0969
+ RESERVED
+CVE-2023-0968
+ RESERVED
+CVE-2023-0967
+ RESERVED
+CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-0965
+ RESERVED
+CVE-2023-0964 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
+ TODO: check
+CVE-2023-0962 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
+ TODO: check
+CVE-2023-0961 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
+ TODO: check
+CVE-2023-0960 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...)
+ TODO: check
+CVE-2023-0959
+ RESERVED
+CVE-2023-0958
+ RESERVED
+CVE-2023-0957
+ RESERVED
+CVE-2023-0956
+ RESERVED
+CVE-2023-0955
+ RESERVED
+CVE-2023-0954
+ RESERVED
+CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...)
+ TODO: check
+CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3.12 an ...)
+ TODO: check
+CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...)
+ TODO: check
+CVE-2023-0950
+ RESERVED
+CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...)
+ TODO: check
+CVE-2023-0948
+ RESERVED
+CVE-2022-48341 (ThingsBoard 3.4.1 could allow a remote authenticated attacker to achie ...)
+ TODO: check
+CVE-2021-4326 (A vulnerability in Imperative framework which allows already-privilege ...)
+ TODO: check
CVE-2023-26313
RESERVED
CVE-2023-26312
@@ -18,10 +384,10 @@ CVE-2023-26305
RESERVED
CVE-2023-26304
RESERVED
-CVE-2023-26303
- RESERVED
-CVE-2023-26302
- RESERVED
+CVE-2023-26303 (Denial of service could be caused to markdown-it-py, before v2.2.0, if ...)
+ TODO: check
+CVE-2023-26302 (Denial of service could be caused to the command line interface of mar ...)
+ TODO: check
CVE-2023-26301
RESERVED
CVE-2023-26300
@@ -106,8 +472,7 @@ CVE-2023-26269
RESERVED
CVE-2023-26268
RESERVED
-CVE-2023-0941
- RESERVED
+CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.177 all ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0940
@@ -236,36 +601,29 @@ CVE-2023-26216
RESERVED
CVE-2023-26215
RESERVED
-CVE-2023-26214
- RESERVED
+CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...)
+ TODO: check
CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
NOT-FOR-US: Answer
-CVE-2023-0933
- RESERVED
+CVE-2023-0933 (Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allow ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0932
- RESERVED
+CVE-2023-0932 (Use after free in WebRTC in Google Chrome on Windows prior to 110.0.54 ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0931
- RESERVED
+CVE-2023-0931 (Use after free in Video in Google Chrome prior to 110.0.5481.177 allow ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0930
- RESERVED
+CVE-2023-0930 (Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0929
- RESERVED
+CVE-2023-0929 (Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allo ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0928
- RESERVED
+CVE-2023-0928 (Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0927
- RESERVED
+CVE-2023-0927 (Use after free in Web Payments API in Google Chrome on Android prior t ...)
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...)
@@ -943,12 +1301,12 @@ CVE-2023-0888
RESERVED
CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
NOT-FOR-US: phjounin TFTPD64-SE
-CVE-2023-0886
- RESERVED
-CVE-2023-0885
- RESERVED
-CVE-2023-0884
- RESERVED
+CVE-2023-0886 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
+ TODO: check
+CVE-2023-0885 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2023-0884 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-25943
@@ -1317,8 +1675,8 @@ CVE-2023-25815
RESERVED
CVE-2023-25814
RESERVED
-CVE-2023-25813
- RESERVED
+CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...)
+ TODO: check
CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected versions do ...)
TODO: check
CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...)
@@ -1383,8 +1741,8 @@ CVE-2023-25782
RESERVED
CVE-2023-25781
RESERVED
-CVE-2023-0846
- RESERVED
+CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
+ TODO: check
CVE-2023-0845
RESERVED
CVE-2023-0844
@@ -2279,8 +2637,8 @@ CVE-2023-25581
RESERVED
CVE-2023-25580
RESERVED
-CVE-2023-25579
- RESERVED
+CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affected vers ...)
+ TODO: check
CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
NOT-FOR-US: Starlite
CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
@@ -3348,8 +3706,8 @@ CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impos
NOT-FOR-US: Kiwi TCMS
CVE-2023-25155
RESERVED
-CVE-2023-25154
- RESERVED
+CVE-2023-25154 (Misskey is an open source, decentralized social media platform. In ver ...)
+ TODO: check
CVE-2023-25153 (containerd is an open source container runtime. Before versions 1.6.18 ...)
- containerd 1.6.18~ds1-1
[bullseye] - containerd <no-dsa> (Minor issue; will be fixed via point release)
@@ -4254,12 +4612,12 @@ CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework rel
CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...)
- php-dompdf 2.0.3+dfsg-1
NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75
-CVE-2023-24812
- RESERVED
-CVE-2023-24811
- RESERVED
-CVE-2023-24810
- RESERVED
+CVE-2023-24812 (Misskey is an open source, decentralized social media platform. In ver ...)
+ TODO: check
+CVE-2023-24811 (Misskey is an open source, decentralized social media platform. In ver ...)
+ TODO: check
+CVE-2023-24810 (Misskey is an open source, decentralized social media platform. Due to ...)
+ TODO: check
CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...)
- nethack <unfixed>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch
@@ -6105,8 +6463,8 @@ CVE-2023-24116
RESERVED
CVE-2023-24115
RESERVED
-CVE-2023-24114
- RESERVED
+CVE-2023-24114 (typecho 1.1/17.10.30 was discovered to contain a remote code execution ...)
+ TODO: check
CVE-2023-24113
RESERVED
CVE-2023-24112
@@ -6147,8 +6505,8 @@ CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrad
NOT-FOR-US: TrendNet
CVE-2023-24094
RESERVED
-CVE-2023-24093
- RESERVED
+CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers ...)
+ TODO: check
CVE-2023-24092
RESERVED
CVE-2023-24091
@@ -6575,6 +6933,7 @@ CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share,
CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...)
+ {DSA-5357-1}
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
NOTE: https://github.com/git/git/commit/fade728df1221598f42d391cf377e9e84a32053f (v2.30.8)
@@ -9154,8 +9513,8 @@ CVE-2023-23065
RESERVED
CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...)
NOT-FOR-US: TOTOLINK
-CVE-2023-23063
- RESERVED
+CVE-2023-23063 (Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure. ...)
+ TODO: check
CVE-2023-23062
RESERVED
CVE-2023-23061
@@ -9200,10 +9559,10 @@ CVE-2023-23042
RESERVED
CVE-2023-23041
RESERVED
-CVE-2023-23040
- RESERVED
-CVE-2023-23039
- RESERVED
+CVE-2023-23040 (TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 ...)
+ TODO: check
+CVE-2023-23039 (An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers ...)
+ TODO: check
CVE-2023-23038
RESERVED
CVE-2023-23037
@@ -9333,12 +9692,12 @@ CVE-2023-22976
RESERVED
CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). ...)
NOT-FOR-US: jfinal_cms
-CVE-2023-22974
- RESERVED
-CVE-2023-22973
- RESERVED
-CVE-2023-22972
- RESERVED
+CVE-2023-22974 (A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unau ...)
+ TODO: check
+CVE-2023-22973 (A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new. ...)
+ TODO: check
+CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in interface/form ...)
+ TODO: check
CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...)
NOT-FOR-US: Hughes
CVE-2023-22970
@@ -10012,7 +10371,8 @@ CVE-2015-10029 (A vulnerability classified as problematic was found in kelvinmo
NOT-FOR-US: kelvinmo
CVE-2014-125065 (A vulnerability, which was classified as critical, was found in john52 ...)
NOT-FOR-US: bottle-auth
-CVE-2014-125064 (A vulnerability, which was classified as critical, has been found in e ...)
+CVE-2014-125064
+ REJECTED
NOT-FOR-US: gosqljson
CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified as crit ...)
NOT-FOR-US: DrAzraelTod pyChao
@@ -10494,8 +10854,8 @@ CVE-2023-22673
RESERVED
CVE-2023-22672
RESERVED
-CVE-2023-0104
- RESERVED
+CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable to a Zi ...)
+ TODO: check
CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC XBC-DN32 ...)
NOT-FOR-US: LS ELECTRIC
CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...)
@@ -11361,6 +11721,7 @@ CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is
CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...)
NOT-FOR-US: Gatsby
CVE-2023-22490 (Git is a revision control system. Using a specially-crafted repository ...)
+ {DSA-5357-1}
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
NOTE: https://github.com/git/git/commit/58325b93c5b6212697b088371809e9948fee8052 (v2.30.8)
@@ -11637,8 +11998,8 @@ CVE-2022-48151
RESERVED
CVE-2022-48150
RESERVED
-CVE-2022-48149
- RESERVED
+CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0 was discov ...)
+ TODO: check
CVE-2022-48148
RESERVED
CVE-2022-48147
@@ -14786,6 +15147,7 @@ CVE-2022-47517 (An issue was discovered in the libsofia-sip fork in drachtio-ser
NOT-FOR-US: libsofia-sip fork in drachtio-server
NOTE: CVE corresponds partially to issues fixed for CVE-2022-31002 for src:sofia-sip
CVE-2022-47516 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...)
+ {DLA-3334-1}
- sofia-sip <unfixed> (bug #1031792)
NOTE: Report in fork: https://github.com/drachtio/drachtio-server/issues/244
NOTE: https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14)
@@ -20758,10 +21120,10 @@ CVE-2022-45602
RESERVED
CVE-2022-45601
RESERVED
-CVE-2022-45600
- RESERVED
-CVE-2022-45599
- RESERVED
+CVE-2022-45600 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices imprope ...)
+ TODO: check
+CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable t ...)
+ TODO: check
CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...)
NOT-FOR-US: Joplin Desktop App
CVE-2022-45597
@@ -28478,14 +28840,14 @@ CVE-2022-43875 (IBM Financial Transaction Manager for SWIFT Services for Multipl
NOT-FOR-US: IBM
CVE-2022-43874
RESERVED
-CVE-2022-43873
- RESERVED
+CVE-2022-43873 (An authenticated user can exploit a vulnerability in the IBM Spectrum ...)
+ TODO: check
CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks are done ...)
NOT-FOR-US: IBM
CVE-2022-43871
RESERVED
-CVE-2022-43870
- RESERVED
+CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server ...)
+ TODO: check
CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...)
NOT-FOR-US: IBM
CVE-2022-43868
@@ -29294,8 +29656,8 @@ CVE-2022-43580
RESERVED
CVE-2022-43579 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...)
NOT-FOR-US: IBM
-CVE-2022-43578
- RESERVED
+CVE-2022-43578 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...)
+ TODO: check
CVE-2022-43577
RESERVED
CVE-2022-43576
@@ -31930,12 +32292,14 @@ CVE-2022-42708
CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22. ...)
- mahara <removed>
CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...)
+ {DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=81f10e847efdbe8ec264062ee234e1098c29b3f6
CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
+ {DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
@@ -34942,12 +35306,12 @@ CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastru
NOT-FOR-US: Hitachi
CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing an inva ...)
NOT-FOR-US: LINE client for iOS
-CVE-2022-41567
- RESERVED
-CVE-2022-41566
- RESERVED
-CVE-2022-41565
- RESERVED
+CVE-2022-41567 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...)
+ TODO: check
+CVE-2022-41566 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
+ TODO: check
+CVE-2022-41565 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...)
+ TODO: check
CVE-2022-41564 (The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIB ...)
NOT-FOR-US: TIBCO
CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports S ...)
@@ -35945,10 +36309,10 @@ CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5
NOTE: https://lore.kernel.org/all/87sfklgozd.wl-tiwai@suse.de/
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4
NOTE: https://git.kernel.org/linus/fd3d91ab1c6ab0628fe642dd570b56302c30a792
-CVE-2022-41217
- RESERVED
-CVE-2022-41216
- RESERVED
+CVE-2022-41217 (Cloudflow contains a unauthenticated file upload vulnerability, which ...)
+ TODO: check
+CVE-2022-41216 (Local File Inclusion vulnerability within Cloudflow allows attackers t ...)
+ TODO: check
CVE-2022-41215 (SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated ...)
NOT-FOR-US: SAP
CVE-2022-41214 (Due to insufficient input validation, SAP NetWeaver Application Server ...)
@@ -38908,8 +39272,8 @@ CVE-2022-39985
RESERVED
CVE-2022-39984
RESERVED
-CVE-2022-39983
- RESERVED
+CVE-2022-39983 (File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows at ...)
+ TODO: check
CVE-2022-39982
RESERVED
CVE-2022-39981
@@ -40604,6 +40968,7 @@ CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...)
NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3335-1}
- asterisk <unfixed>
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -40700,6 +41065,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -44700,12 +45066,12 @@ CVE-2022-37940
RESERVED
CVE-2022-37939
RESERVED
-CVE-2022-37938
- RESERVED
-CVE-2022-37937
- RESERVED
-CVE-2022-37936
- RESERVED
+CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...)
+ TODO: check
+CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard ...)
+ TODO: check
+CVE-2022-37936 (Unauthenticated Java deserialization vulnerability in Serviceguard Man ...)
+ TODO: check
CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may disclose ...)
NOT-FOR-US: HPE OneView for VMware vCenter
CVE-2022-37934 (A potential security vulnerability has been identified in HPE OfficeCo ...)
@@ -46277,6 +46643,7 @@ CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Window
CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
+ {DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
@@ -63543,6 +63910,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1017005)
@@ -68870,8 +69238,8 @@ CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tamp
NOT-FOR-US: Insyde
CVE-2022-29274
RESERVED
-CVE-2022-29273
- RESERVED
+CVE-2022-29273 (pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in th ...)
+ TODO: check
CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...)
NOT-FOR-US: Nagios XI
CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...)
@@ -80131,6 +80499,7 @@ CVE-2022-0693 (The Master Elements WordPress plugin through 8.0 does not validat
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
NOT-FOR-US: alltube
CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ {DLA-3336-1}
- node-url-parse 1.5.9+~1.4.8-1
[bullseye] - node-url-parse 1.5.3-1+deb11u1
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
@@ -80150,6 +80519,7 @@ CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to
CVE-2022-0687 (The Amelia WordPress plugin before 1.0.47 stores image blobs into actu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ {DLA-3336-1}
- node-url-parse 1.5.9+~1.4.8-1
[bullseye] - node-url-parse 1.5.3-1+deb11u1
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
@@ -80615,6 +80985,7 @@ CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not sanitiz
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ {DLA-3336-1}
- node-url-parse 1.5.7-1
[bullseye] - node-url-parse <no-dsa> (Minor issue)
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
@@ -83215,6 +83586,7 @@ CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater
CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ {DLA-3336-1}
- node-url-parse 1.5.7-1
[bullseye] - node-url-parse <no-dsa> (Minor issue)
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
@@ -86580,12 +86952,14 @@ CVE-2022-23549 (Discourse is an option source discussion platform. Prior to vers
CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...)
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3335-1}
- asterisk <unfixed>
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3335-1}
- asterisk <unfixed>
- ring 20230206.0~ds1-1
- pjproject <removed>
@@ -95324,8 +95698,8 @@ CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WIT
NOT-FOR-US: Siemens
CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
NOT-FOR-US: Siemens
-CVE-2021-45032
- RESERVED
+CVE-2021-45032 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+ TODO: check
CVE-2021-45031 (A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in ...)
NOT-FOR-US: MEPSAN
CVE-2021-45030
@@ -119381,6 +119755,7 @@ CVE-2021-37411
CVE-2021-3665
RESERVED
CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site ...)
+ {DLA-3336-1}
- node-url-parse 1.5.3-1 (bug #991577)
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/
@@ -129151,8 +129526,8 @@ CVE-2021-33369
RESERVED
CVE-2021-33368
RESERVED
-CVE-2021-33367
- RESERVED
+CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to ...)
+ TODO: check
CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...)
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
@@ -144560,6 +144935,7 @@ CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of back
NOTE: https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839 (v1.19.6)
NOTE: https://github.com/medialize/URI.js/releases/tag/v1.19.6
CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...)
+ {DLA-3336-1}
- node-url-parse 1.5.1-1 (bug #985110)
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0)
@@ -405458,145 +405834,145 @@ CVE-2017-1071
CVE-2017-1070
REJECTED
CVE-2017-1069
- RESERVED
+ REJECTED
CVE-2017-1068
- RESERVED
+ REJECTED
CVE-2017-1067
- RESERVED
+ REJECTED
CVE-2017-1066
- RESERVED
+ REJECTED
CVE-2017-1065
- RESERVED
+ REJECTED
CVE-2017-1064
- RESERVED
+ REJECTED
CVE-2017-1063
- RESERVED
+ REJECTED
CVE-2017-1062
- RESERVED
+ REJECTED
CVE-2017-1061
- RESERVED
+ REJECTED
CVE-2017-1060
- RESERVED
+ REJECTED
CVE-2017-1059
- RESERVED
+ REJECTED
CVE-2017-1058
- RESERVED
+ REJECTED
CVE-2017-1057
- RESERVED
+ REJECTED
CVE-2017-1056
- RESERVED
+ REJECTED
CVE-2017-1055
- RESERVED
+ REJECTED
CVE-2017-1054
- RESERVED
+ REJECTED
CVE-2017-1053
- RESERVED
+ REJECTED
CVE-2017-1052
- RESERVED
+ REJECTED
CVE-2017-1051
- RESERVED
+ REJECTED
CVE-2017-1050
- RESERVED
+ REJECTED
CVE-2017-1049
- RESERVED
+ REJECTED
CVE-2017-1048
- RESERVED
+ REJECTED
CVE-2017-1047
- RESERVED
+ REJECTED
CVE-2017-1046
- RESERVED
+ REJECTED
CVE-2017-1045
- RESERVED
+ REJECTED
CVE-2017-1044
- RESERVED
+ REJECTED
CVE-2017-1043
- RESERVED
+ REJECTED
CVE-2017-1042
- RESERVED
+ REJECTED
CVE-2017-1041
- RESERVED
+ REJECTED
CVE-2017-1040
- RESERVED
+ REJECTED
CVE-2017-1039
- RESERVED
+ REJECTED
CVE-2017-1038
- RESERVED
+ REJECTED
CVE-2017-1037
- RESERVED
+ REJECTED
CVE-2017-1036
- RESERVED
+ REJECTED
CVE-2017-1035
- RESERVED
+ REJECTED
CVE-2017-1034
- RESERVED
+ REJECTED
CVE-2017-1033
- RESERVED
+ REJECTED
CVE-2017-1032
- RESERVED
+ REJECTED
CVE-2017-1031
- RESERVED
+ REJECTED
CVE-2017-1030
- RESERVED
+ REJECTED
CVE-2017-1029
- RESERVED
+ REJECTED
CVE-2017-1028
- RESERVED
+ REJECTED
CVE-2017-1027
- RESERVED
+ REJECTED
CVE-2017-1026
- RESERVED
+ REJECTED
CVE-2017-1025
- RESERVED
+ REJECTED
CVE-2017-1024
- RESERVED
+ REJECTED
CVE-2017-1023
- RESERVED
+ REJECTED
CVE-2017-1022
- RESERVED
+ REJECTED
CVE-2017-1021
- RESERVED
+ REJECTED
CVE-2017-1020
- RESERVED
+ REJECTED
CVE-2017-1019
- RESERVED
+ REJECTED
CVE-2017-1018
- RESERVED
+ REJECTED
CVE-2017-1017
- RESERVED
+ REJECTED
CVE-2017-1016
- RESERVED
+ REJECTED
CVE-2017-1015
- RESERVED
+ REJECTED
CVE-2017-1014
- RESERVED
+ REJECTED
CVE-2017-1013
- RESERVED
+ REJECTED
CVE-2017-1012
- RESERVED
+ REJECTED
CVE-2017-1011
- RESERVED
+ REJECTED
CVE-2017-1010
- RESERVED
+ REJECTED
CVE-2017-1009
- RESERVED
+ REJECTED
CVE-2017-1008
- RESERVED
+ REJECTED
CVE-2017-1007
- RESERVED
+ REJECTED
CVE-2017-1006
- RESERVED
+ REJECTED
CVE-2017-1005
- RESERVED
+ REJECTED
CVE-2017-1004
- RESERVED
+ REJECTED
CVE-2017-1003
- RESERVED
+ REJECTED
CVE-2017-1002
- RESERVED
+ REJECTED
CVE-2017-1001
- RESERVED
+ REJECTED
CVE-2017-1000
- RESERVED
+ REJECTED
- linux 4.12.6-1
[stretch] - linux 4.9.30-2+deb9u4
[jessie] - linux 3.16.43-2+deb8u4
@@ -405604,43 +405980,43 @@ CVE-2017-1000
NOTE: Same commit as for CVE-2017-1000112 and thus probably should be treated
NOTE: as duplicate. Defer decision to MITRE.
CVE-2017-0999
- RESERVED
+ REJECTED
CVE-2017-0998
- RESERVED
+ REJECTED
CVE-2017-0997
- RESERVED
+ REJECTED
CVE-2017-0996
- RESERVED
+ REJECTED
CVE-2017-0995
- RESERVED
+ REJECTED
CVE-2017-0994
- RESERVED
+ REJECTED
CVE-2017-0993
- RESERVED
+ REJECTED
CVE-2017-0992
- RESERVED
+ REJECTED
CVE-2017-0991
- RESERVED
+ REJECTED
CVE-2017-0990
- RESERVED
+ REJECTED
CVE-2017-0989
- RESERVED
+ REJECTED
CVE-2017-0988
- RESERVED
+ REJECTED
CVE-2017-0987
- RESERVED
+ REJECTED
CVE-2017-0986
- RESERVED
+ REJECTED
CVE-2017-0985
- RESERVED
+ REJECTED
CVE-2017-0984
- RESERVED
+ REJECTED
CVE-2017-0983
- RESERVED
+ REJECTED
CVE-2017-0982
- RESERVED
+ REJECTED
CVE-2017-0981
- RESERVED
+ REJECTED
CVE-2017-0980
RESERVED
CVE-2017-0979
@@ -455451,11 +455827,11 @@ CVE-2015-2910
RESERVED
CVE-2015-2909 (Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 dev ...)
NOT-FOR-US: Dedicated Micros DVR products
-CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
+CVE-2015-2908 (Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x ...)
NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
-CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
+CVE-2015-2907 (Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x ...)
NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
-CVE-2015-2906 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
+CVE-2015-2906 (Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x ...)
NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2905 (Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN m ...)
NOT-FOR-US: Actiontec
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32401dca0e954266c3ca57c7a6d4d90585f778ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32401dca0e954266c3ca57c7a6d4d90585f778ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230223/1f04b6ac/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list