[Git][security-tracker-team/security-tracker][master] automatic update

Thu Feb 23 20:10:41 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
046f47aa by security tracker role at 2023-02-23T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-26464
+	RESERVED
+CVE-2023-0991
+	RESERVED
+CVE-2023-0990
+	RESERVED
+CVE-2023-0989
+	RESERVED
+CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2023-0986 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-0985
+	RESERVED
+CVE-2023-0984
+	RESERVED
+CVE-2023-0983
+	RESERVED
+CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+	TODO: check
+CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+	TODO: check
+CVE-2023-0980 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+	TODO: check
+CVE-2022-48344 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability  ...)
+	TODO: check
+CVE-2022-48343 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability  ...)
+	TODO: check
+CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on ...)
+	TODO: check
 CVE-2023-26463
 	RESERVED
 CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...)
@@ -477,8 +509,8 @@ CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.17
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0940
 	RESERVED
-CVE-2023-0939
-	RESERVED
+CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2023-0938 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Music Gallery Site
 CVE-2023-0937
@@ -1306,12 +1338,12 @@ CVE-2023-0888
 	RESERVED
 CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
 	NOT-FOR-US: phjounin TFTPD64-SE
-CVE-2023-0886 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
-	TODO: check
-CVE-2023-0885 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	TODO: check
-CVE-2023-0884 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	TODO: check
+CVE-2023-0886
+	REJECTED
+CVE-2023-0885
+	REJECTED
+CVE-2023-0884
+	REJECTED
 CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
 	NOT-FOR-US: SourceCodester Online Pizza Ordering System
 CVE-2023-25943
@@ -1428,12 +1460,12 @@ CVE-2023-0871
 	RESERVED
 CVE-2023-0870
 	RESERVED
-CVE-2023-0869
-	RESERVED
-CVE-2023-0868
-	RESERVED
-CVE-2023-0867
-	RESERVED
+CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of OpenNM ...)
+	TODO: check
+CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versions o ...)
+	TODO: check
+CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in  ...)
+	TODO: check
 CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <no-dsa> (Minor issue)
@@ -2020,8 +2052,8 @@ CVE-2023-24585
 	RESERVED
 CVE-2023-0816
 	RESERVED
-CVE-2023-0815
-	RESERVED
+CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...)
+	TODO: check
 CVE-2023-0814 (The Profile Builder – User Profile & User Registration Forms ...)
 	NOT-FOR-US: Profile Builder – User Profile & User Registration Forms plugin for WordPress
 CVE-2023-0813
@@ -2445,8 +2477,7 @@ CVE-2023-25623
 	RESERVED
 CVE-2023-25622
 	RESERVED
-CVE-2023-25621
-	RESERVED
+CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software Foundation Apach ...)
 	NOT-FOR-US: Apache Sling
 CVE-2023-25620
 	RESERVED
@@ -5814,8 +5845,8 @@ CVE-2023-24417
 	RESERVED
 CVE-2023-24416
 	RESERVED
-CVE-2023-24415
-	RESERVED
+CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...)
+	TODO: check
 CVE-2023-24414
 	RESERVED
 CVE-2023-24413
@@ -5876,8 +5907,8 @@ CVE-2023-24386
 	RESERVED
 CVE-2023-24385
 	RESERVED
-CVE-2023-24384
-	RESERVED
+CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...)
+	TODO: check
 CVE-2023-24383
 	RESERVED
 CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material  ...)
@@ -6489,8 +6520,8 @@ CVE-2023-24106
 	RESERVED
 CVE-2023-24105
 	RESERVED
-CVE-2023-24104
-	RESERVED
+CVE-2023-24104 (Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to  ...)
+	TODO: check
 CVE-2023-24103
 	RESERVED
 CVE-2023-24102
@@ -6939,7 +6970,7 @@ CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share,
 CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior  ...)
-	{DSA-5357-1}
+	{DSA-5357-1 DLA-3338-1}
 	- git 1:2.39.2-1 (bug #1031310)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
 	NOTE: https://github.com/git/git/commit/fade728df1221598f42d391cf377e9e84a32053f (v2.30.8)
@@ -7793,8 +7824,8 @@ CVE-2023-23661
 	RESERVED
 CVE-2023-23660
 	RESERVED
-CVE-2023-23659
-	RESERVED
+CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Exten ...)
+	TODO: check
 CVE-2023-23658
 	RESERVED
 CVE-2023-23657
@@ -11249,8 +11280,7 @@ CVE-2023-0045
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245
 	NOTE: https://git.kernel.org/linus/a664ec9158eeddd75121d39c9a0758016097fa96 (6.2-rc3)
 	NOTE: https://github.com/es0j/CVE-2023-0045
-CVE-2023-0044
-	RESERVED
+CVE-2023-0044 (If the Quarkus Form Authentication session cookie Path attribute is se ...)
 	NOT-FOR-US: Quarkus
 CVE-2022-4874 (Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1 ...)
 	NOT-FOR-US: Netcomm
@@ -11728,7 +11758,7 @@ CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is
 CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...)
 	NOT-FOR-US: Gatsby
 CVE-2023-22490 (Git is a revision control system. Using a specially-crafted repository ...)
-	{DSA-5357-1}
+	{DSA-5357-1 DLA-3338-1}
 	- git 1:2.39.2-1 (bug #1031310)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
 	NOTE: https://github.com/git/git/commit/58325b93c5b6212697b088371809e9948fee8052 (v2.30.8)
@@ -11769,8 +11799,8 @@ CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with una
 	NOT-FOR-US: KubePi
 CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
 	NOT-FOR-US: Mercurius
-CVE-2023-22476
-	RESERVED
+CVE-2023-22476 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
+	TODO: check
 CVE-2023-0027
 	RESERVED
 CVE-2022-4854
@@ -15634,6 +15664,7 @@ CVE-2022-4512 (The Better Font Awesome WordPress plugin before 2.0.4 does not va
 CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...)
 	NOT-FOR-US: RainyGao DocSys
 CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs binwalk f ...)
+	{DLA-3339-1}
 	- binwalk 2.3.4+dfsg1-1
 	[bullseye] - binwalk <no-dsa> (Minor issue)
 	NOTE: https://github.com/ReFirmLabs/binwalk/pull/617
@@ -15786,8 +15817,8 @@ CVE-2022-4494 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: MCPMappingViewer
 CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...)
 	NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
-CVE-2022-4492
-	RESERVED
+CVE-2022-4492 (The undertow client is not checking the server identity presented by t ...)
+	TODO: check
 CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4490
@@ -17185,7 +17216,8 @@ CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress pl
 	NOT-FOR-US: WordPress plugin
 CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
 	NOT-FOR-US: yikes-inc-easy-mailchimp-extender
-CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3.5. I ...)
+CVE-2021-4243
+	REJECTED
 	- jquery-minicolors <unfixed> (bug #1026050)
 	[bullseye] - jquery-minicolors <no-dsa> (Minor issue)
 	[buster] - jquery-minicolors <no-dsa> (Minor issue)
@@ -22563,7 +22595,7 @@ CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated a
 CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...)
 	NOT-FOR-US: matrix-appservice-irc
 CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...)
-	{DLA-3278-1}
+	{DSA-5333-1 DLA-3278-1}
 	- tiff 4.4.0-6 (bug #1024737)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
@@ -30048,7 +30080,7 @@ CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtif
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
 CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...)
-	{DLA-3278-1}
+	{DSA-5333-1 DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
@@ -30139,7 +30171,7 @@ CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
 CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...)
-	{DLA-3278-1}
+	{DSA-5333-1 DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
@@ -32302,13 +32334,13 @@ CVE-2022-42708
 CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22. ...)
 	- mahara <removed>
 CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
 	NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=81f10e847efdbe8ec264062ee234e1098c29b3f6
 CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
@@ -37484,8 +37516,8 @@ CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security
 	NOT-FOR-US: Trend Micro
 CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
 	NOT-FOR-US: Trend Micro
-CVE-2022-3219
-	RESERVED
+CVE-2022-3219 (GnuPG can be made to spin on a relatively small input by (for example) ...)
+	TODO: check
 CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
 	NOT-FOR-US: Necta LLC
 CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)
@@ -40976,7 +41008,7 @@ CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and
 CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...)
 	NOT-FOR-US: DiscoTOC Discourse theme
 CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk <unfixed>
 	- pjproject <removed>
 	- ring 20230206.0~ds1-1
@@ -41073,7 +41105,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers
 CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
 	NOT-FOR-US: Makedeb Mist
 CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
 	- pjproject <removed>
 	- ring 20230206.0~ds1-1
@@ -46651,7 +46683,7 @@ CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Window
 CVE-2022-37326
 	RESERVED
 CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html
@@ -49171,8 +49203,8 @@ CVE-2022-2505 (Mozilla developers and the Mozilla Fuzzing Team reported memory s
 	[buster] - thunderbird <not-affected> (Only affects 102 ESR)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505
-CVE-2022-2504
-	RESERVED
+CVE-2022-2504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems. Loa ...)
 	- linux 5.18.2-1
 	[bullseye] - linux 5.10.120-1
@@ -55138,8 +55170,8 @@ CVE-2022-2178
 	RESERVED
 CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...)
 	NOT-FOR-US: Kayrasoft
-CVE-2022-2176
-	RESERVED
+CVE-2022-2176 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+	TODO: check
 CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
 	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
@@ -63917,7 +63949,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
 CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
 	NOT-FOR-US: Tuleap
 CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
 	- pjproject <removed>
 	- ring 20230206.0~ds1-1 (bug #1017005)
@@ -86961,14 +86993,14 @@ CVE-2022-23549 (Discourse is an option source discussion platform. Prior to vers
 CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...)
 	NOT-FOR-US: Discourse
 CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk <unfixed>
 	- ring 20230206.0~ds1-1
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
 	NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
 CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
-	{DLA-3335-1}
+	{DSA-5358-1 DLA-3335-1}
 	- asterisk <unfixed>
 	- ring 20230206.0~ds1-1
 	- pjproject <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046f47aae7370db92b5ff472e7f1a71ee10de5db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046f47aae7370db92b5ff472e7f1a71ee10de5db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230223/fadc5968/attachment-0001.htm>
