[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 23 20:10:41 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
046f47aa by security tracker role at 2023-02-23T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-26464
+ RESERVED
+CVE-2023-0991
+ RESERVED
+CVE-2023-0990
+ RESERVED
+CVE-2023-0989
+ RESERVED
+CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-0986 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-0985
+ RESERVED
+CVE-2023-0984
+ RESERVED
+CVE-2023-0983
+ RESERVED
+CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+ TODO: check
+CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+ TODO: check
+CVE-2023-0980 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+ TODO: check
+CVE-2022-48344 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability ...)
+ TODO: check
+CVE-2022-48343 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability ...)
+ TODO: check
+CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on ...)
+ TODO: check
CVE-2023-26463
RESERVED
CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...)
@@ -477,8 +509,8 @@ CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.17
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0940
RESERVED
-CVE-2023-0939
- RESERVED
+CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-0938 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Music Gallery Site
CVE-2023-0937
@@ -1306,12 +1338,12 @@ CVE-2023-0888
RESERVED
CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
NOT-FOR-US: phjounin TFTPD64-SE
-CVE-2023-0886 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
- TODO: check
-CVE-2023-0885 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
-CVE-2023-0884 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+CVE-2023-0886
+ REJECTED
+CVE-2023-0885
+ REJECTED
+CVE-2023-0884
+ REJECTED
CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-25943
@@ -1428,12 +1460,12 @@ CVE-2023-0871
RESERVED
CVE-2023-0870
RESERVED
-CVE-2023-0869
- RESERVED
-CVE-2023-0868
- RESERVED
-CVE-2023-0867
- RESERVED
+CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of OpenNM ...)
+ TODO: check
+CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versions o ...)
+ TODO: check
+CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in ...)
+ TODO: check
CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -2020,8 +2052,8 @@ CVE-2023-24585
RESERVED
CVE-2023-0816
RESERVED
-CVE-2023-0815
- RESERVED
+CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...)
+ TODO: check
CVE-2023-0814 (The Profile Builder – User Profile & User Registration Forms ...)
NOT-FOR-US: Profile Builder – User Profile & User Registration Forms plugin for WordPress
CVE-2023-0813
@@ -2445,8 +2477,7 @@ CVE-2023-25623
RESERVED
CVE-2023-25622
RESERVED
-CVE-2023-25621
- RESERVED
+CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software Foundation Apach ...)
NOT-FOR-US: Apache Sling
CVE-2023-25620
RESERVED
@@ -5814,8 +5845,8 @@ CVE-2023-24417
RESERVED
CVE-2023-24416
RESERVED
-CVE-2023-24415
- RESERVED
+CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...)
+ TODO: check
CVE-2023-24414
RESERVED
CVE-2023-24413
@@ -5876,8 +5907,8 @@ CVE-2023-24386
RESERVED
CVE-2023-24385
RESERVED
-CVE-2023-24384
- RESERVED
+CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...)
+ TODO: check
CVE-2023-24383
RESERVED
CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material ...)
@@ -6489,8 +6520,8 @@ CVE-2023-24106
RESERVED
CVE-2023-24105
RESERVED
-CVE-2023-24104
- RESERVED
+CVE-2023-24104 (Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to ...)
+ TODO: check
CVE-2023-24103
RESERVED
CVE-2023-24102
@@ -6939,7 +6970,7 @@ CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share,
CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...)
- {DSA-5357-1}
+ {DSA-5357-1 DLA-3338-1}
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
NOTE: https://github.com/git/git/commit/fade728df1221598f42d391cf377e9e84a32053f (v2.30.8)
@@ -7793,8 +7824,8 @@ CVE-2023-23661
RESERVED
CVE-2023-23660
RESERVED
-CVE-2023-23659
- RESERVED
+CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Exten ...)
+ TODO: check
CVE-2023-23658
RESERVED
CVE-2023-23657
@@ -11249,8 +11280,7 @@ CVE-2023-0045
NOTE: https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245
NOTE: https://git.kernel.org/linus/a664ec9158eeddd75121d39c9a0758016097fa96 (6.2-rc3)
NOTE: https://github.com/es0j/CVE-2023-0045
-CVE-2023-0044
- RESERVED
+CVE-2023-0044 (If the Quarkus Form Authentication session cookie Path attribute is se ...)
NOT-FOR-US: Quarkus
CVE-2022-4874 (Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1 ...)
NOT-FOR-US: Netcomm
@@ -11728,7 +11758,7 @@ CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is
CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...)
NOT-FOR-US: Gatsby
CVE-2023-22490 (Git is a revision control system. Using a specially-crafted repository ...)
- {DSA-5357-1}
+ {DSA-5357-1 DLA-3338-1}
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
NOTE: https://github.com/git/git/commit/58325b93c5b6212697b088371809e9948fee8052 (v2.30.8)
@@ -11769,8 +11799,8 @@ CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with una
NOT-FOR-US: KubePi
CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
NOT-FOR-US: Mercurius
-CVE-2023-22476
- RESERVED
+CVE-2023-22476 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
+ TODO: check
CVE-2023-0027
RESERVED
CVE-2022-4854
@@ -15634,6 +15664,7 @@ CVE-2022-4512 (The Better Font Awesome WordPress plugin before 2.0.4 does not va
CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...)
NOT-FOR-US: RainyGao DocSys
CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs binwalk f ...)
+ {DLA-3339-1}
- binwalk 2.3.4+dfsg1-1
[bullseye] - binwalk <no-dsa> (Minor issue)
NOTE: https://github.com/ReFirmLabs/binwalk/pull/617
@@ -15786,8 +15817,8 @@ CVE-2022-4494 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: MCPMappingViewer
CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...)
NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
-CVE-2022-4492
- RESERVED
+CVE-2022-4492 (The undertow client is not checking the server identity presented by t ...)
+ TODO: check
CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4490
@@ -17185,7 +17216,8 @@ CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
NOT-FOR-US: yikes-inc-easy-mailchimp-extender
-CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3.5. I ...)
+CVE-2021-4243
+ REJECTED
- jquery-minicolors <unfixed> (bug #1026050)
[bullseye] - jquery-minicolors <no-dsa> (Minor issue)
[buster] - jquery-minicolors <no-dsa> (Minor issue)
@@ -22563,7 +22595,7 @@ CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated a
CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...)
NOT-FOR-US: matrix-appservice-irc
CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-6 (bug #1024737)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
@@ -30048,7 +30080,7 @@ CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtif
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
@@ -30139,7 +30171,7 @@ CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
@@ -32302,13 +32334,13 @@ CVE-2022-42708
CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22. ...)
- mahara <removed>
CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=81f10e847efdbe8ec264062ee234e1098c29b3f6
CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
@@ -37484,8 +37516,8 @@ CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security
NOT-FOR-US: Trend Micro
CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
NOT-FOR-US: Trend Micro
-CVE-2022-3219
- RESERVED
+CVE-2022-3219 (GnuPG can be made to spin on a relatively small input by (for example) ...)
+ TODO: check
CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
NOT-FOR-US: Necta LLC
CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)
@@ -40976,7 +41008,7 @@ CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...)
NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk <unfixed>
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -41073,7 +41105,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -46651,7 +46683,7 @@ CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Window
CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html
@@ -49171,8 +49203,8 @@ CVE-2022-2505 (Mozilla developers and the Mozilla Fuzzing Team reported memory s
[buster] - thunderbird <not-affected> (Only affects 102 ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505
-CVE-2022-2504
- RESERVED
+CVE-2022-2504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems. Loa ...)
- linux 5.18.2-1
[bullseye] - linux 5.10.120-1
@@ -55138,8 +55170,8 @@ CVE-2022-2178
RESERVED
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...)
NOT-FOR-US: Kayrasoft
-CVE-2022-2176
- RESERVED
+CVE-2022-2176 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+ TODO: check
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
@@ -63917,7 +63949,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1017005)
@@ -86961,14 +86993,14 @@ CVE-2022-23549 (Discourse is an option source discussion platform. Prior to vers
CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...)
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk <unfixed>
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3335-1}
+ {DSA-5358-1 DLA-3335-1}
- asterisk <unfixed>
- ring 20230206.0~ds1-1
- pjproject <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046f47aae7370db92b5ff472e7f1a71ee10de5db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046f47aae7370db92b5ff472e7f1a71ee10de5db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230223/fadc5968/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list