[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 24 08:10:27 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a78887e3 by security tracker role at 2023-02-24T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2023-26511
+	RESERVED
+CVE-2023-26510
+	RESERVED
+CVE-2023-26509
+	RESERVED
+CVE-2023-26508
+	RESERVED
+CVE-2023-26507
+	RESERVED
+CVE-2023-26506
+	RESERVED
+CVE-2023-26505
+	RESERVED
+CVE-2023-26504
+	RESERVED
+CVE-2023-26503
+	RESERVED
+CVE-2023-26502
+	RESERVED
+CVE-2023-26501
+	RESERVED
+CVE-2023-26500
+	RESERVED
+CVE-2023-26499
+	RESERVED
+CVE-2023-26498
+	RESERVED
+CVE-2023-26497
+	RESERVED
+CVE-2023-26496
+	RESERVED
+CVE-2023-26495
+	RESERVED
+CVE-2023-26494
+	RESERVED
+CVE-2023-26493
+	RESERVED
+CVE-2023-26492
+	RESERVED
+CVE-2023-26491
+	RESERVED
+CVE-2023-26490
+	RESERVED
+CVE-2023-26489
+	RESERVED
+CVE-2023-26488
+	RESERVED
+CVE-2023-26487
+	RESERVED
+CVE-2023-26486
+	RESERVED
+CVE-2023-26485
+	RESERVED
+CVE-2023-26484
+	RESERVED
+CVE-2023-26483
+	RESERVED
+CVE-2023-26482
+	RESERVED
+CVE-2023-26481
+	RESERVED
+CVE-2023-26480
+	RESERVED
+CVE-2023-26479
+	RESERVED
+CVE-2023-26478
+	RESERVED
+CVE-2023-26477
+	RESERVED
+CVE-2023-26476
+	RESERVED
+CVE-2023-26475
+	RESERVED
+CVE-2023-26474
+	RESERVED
+CVE-2023-26473
+	RESERVED
+CVE-2023-26472
+	RESERVED
+CVE-2023-26471
+	RESERVED
+CVE-2023-26470
+	RESERVED
+CVE-2023-26469
+	RESERVED
+CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...)
+	TODO: check
+CVE-2023-26467
+	RESERVED
+CVE-2023-26466
+	RESERVED
+CVE-2023-26465
+	RESERVED
+CVE-2023-25944
+	RESERVED
+CVE-2023-25779
+	RESERVED
+CVE-2023-25777
+	RESERVED
+CVE-2023-25775
+	RESERVED
+CVE-2023-25075
+	RESERVED
+CVE-2023-25073
+	RESERVED
+CVE-2023-24542
+	RESERVED
+CVE-2023-24541
+	RESERVED
+CVE-2023-22342
+	RESERVED
+CVE-2023-22293
+	RESERVED
+CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...)
+	TODO: check
+CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...)
+	TODO: check
+CVE-2023-0994 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...)
+	TODO: check
+CVE-2023-0993
+	RESERVED
+CVE-2023-0992
+	RESERVED
+CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...)
+	TODO: check
 CVE-2023-26464
 	RESERVED
 CVE-2023-0991
@@ -304,10 +430,10 @@ CVE-2023-26328
 	RESERVED
 CVE-2023-26327
 	RESERVED
-CVE-2023-26326
-	RESERVED
-CVE-2023-26325
-	RESERVED
+CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affec ...)
+	TODO: check
+CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin version  ...)
+	TODO: check
 CVE-2023-26324
 	RESERVED
 CVE-2023-26323
@@ -505,6 +631,7 @@ CVE-2023-26269
 CVE-2023-26268
 	RESERVED
 CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.177 all ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0940
@@ -640,24 +767,31 @@ CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO
 CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
 	NOT-FOR-US: Answer
 CVE-2023-0933 (Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allow ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0932 (Use after free in WebRTC in Google Chrome on Windows prior to 110.0.54 ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0931 (Use after free in Video in Google Chrome prior to 110.0.5481.177 allow ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0930 (Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0929 (Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allo ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0928 (Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0927 (Use after free in Web Payments API in Google Chrome on Android prior t ...)
+	{DSA-5359-1}
 	- chromium 110.0.5481.177-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...)
@@ -678,14 +812,17 @@ CVE-2022-48332
 CVE-2022-48331
 	RESERVED
 CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has  ...)
+	{DSA-5360-1}
 	- emacs 1:28.2+1-11 (bug #1031730)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
 	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60295
 CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...)
+	{DSA-5360-1}
 	- emacs 1:28.2+1-11 (bug #1031730)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
 	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268
 CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell  ...)
+	{DSA-5360-1}
 	- emacs 1:28.2+1-11 (bug #1031730)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
 	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817
@@ -911,8 +1048,8 @@ CVE-2023-26104
 	RESERVED
 CVE-2023-26103
 	RESERVED
-CVE-2023-26102
-	RESERVED
+CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype Pollutio ...)
+	TODO: check
 CVE-2023-0926
 	RESERVED
 CVE-2023-0925
@@ -1693,10 +1830,10 @@ CVE-2023-25826
 	RESERVED
 CVE-2023-25825
 	RESERVED
-CVE-2023-25824
-	RESERVED
-CVE-2023-25823
-	RESERVED
+CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions  ...)
+	TODO: check
+CVE-2023-25823 (Gradio is an open-source Python library to build machine learning and  ...)
+	TODO: check
 CVE-2023-25822
 	RESERVED
 CVE-2023-25821
@@ -2557,10 +2694,10 @@ CVE-2023-24014
 	RESERVED
 CVE-2023-0756
 	RESERVED
-CVE-2023-0755
-	RESERVED
-CVE-2023-0754
-	RESERVED
+CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...)
+	TODO: check
+CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...)
+	TODO: check
 CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...)
 	NOT-FOR-US: dimtion Shaarlier
 CVE-2023-25611
@@ -4578,8 +4715,7 @@ CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a sto
 	NOT-FOR-US: Rapid7
 CVE-2023-0598
 	RESERVED
-CVE-2023-0597
-	RESERVED
+CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
 CVE-2023-0596
@@ -6101,8 +6237,8 @@ CVE-2023-24319
 	RESERVED
 CVE-2023-24318
 	RESERVED
-CVE-2023-24317
-	RESERVED
+CVE-2023-24317 (Judging Management System 1.0 was discovered to contain an arbitrary f ...)
+	TODO: check
 CVE-2023-24316
 	RESERVED
 CVE-2023-24315
@@ -6311,8 +6447,8 @@ CVE-2023-24214
 	RESERVED
 CVE-2023-24213
 	RESERVED
-CVE-2023-24212
-	RESERVED
+CVE-2023-24212 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via  ...)
+	TODO: check
 CVE-2023-24211
 	RESERVED
 CVE-2023-24210
@@ -6325,8 +6461,8 @@ CVE-2023-24207
 	RESERVED
 CVE-2023-24206
 	RESERVED
-CVE-2023-24205
-	RESERVED
+CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote code exe ...)
+	TODO: check
 CVE-2023-24204
 	RESERVED
 CVE-2023-24203
@@ -7055,41 +7191,35 @@ CVE-2023-0408
 	RESERVED
 CVE-2023-0407
 	RESERVED
-CVE-2023-23920 [Node.js insecure loading of ICU data through ICU_DATA environment variable]
-	RESERVED
+CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. <19.6.1,  ...)
 	- nodejs <unfixed> (bug #1031834)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920
 	NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1
-CVE-2023-23919 [Node.js OpenSSL error handling issues in nodejs crypto library]
-	RESERVED
+CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0, <18.14. ...)
 	- nodejs <unfixed> (bug #1031834)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919
 	NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029
-CVE-2023-23918 [Node.js Permissions policies can be bypassed via process.mainModule]
-	RESERVED
+CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js <19.6.1, &lt ...)
 	- nodejs <unfixed> (bug #1031834)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-permissions-policies-can-be-bypassed-via-process-mainmodule-high-cve-2023-23918
 	NOTE: Only affects users enabling experimental permissions option with --experimental-policy.
 	NOTE: https://github.com/nodejs/node/commit/af9140088621abd09016848f4526d66b7a81b9ba
 	NOTE: https://github.com/nodejs/node/commit/9b7db62276e4a9c97aedf91daf38bf7b7d23fee4
-CVE-2023-23917
-	RESERVED
-CVE-2023-23916 [curl: HTTP multi-header compression denial of service]
-	RESERVED
+CVE-2023-23917 (A prototype pollution vulnerability exists in Rocket.Chat server <5 ...)
+	TODO: check
+CVE-2023-23916 (An allocation of resources without limits or throttling vulnerability  ...)
 	- curl 7.88.1-1 (bug #1031371)
 	NOTE: https://curl.se/docs/CVE-2023-23916.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9 (curl-7_88_0)
-CVE-2023-23915 [curl: HSTS amnesia with --parallel]
-	RESERVED
+CVE-2023-23915 (A cleartext transmission of sensitive information vulnerability exists ...)
 	- curl 7.88.1-1 (bug #1031371)
 	[bullseye] - curl <ignored> (curl is not built with HSTS support)
 	[buster] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2023-23915.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
 	NOTE: https://github.com/curl/curl/pull/10138
-CVE-2023-23914 [curl: HSTS ignored on multiple requests]
-	RESERVED
+CVE-2023-23914 (A cleartext transmission of sensitive information vulnerability exists ...)
 	- curl 7.88.1-1 (bug #1031371)
 	[bullseye] - curl <ignored> (curl is not built with HSTS support)
 	[buster] - curl <not-affected> (Vulnerable code introduced later)
@@ -9025,12 +9155,12 @@ CVE-2023-23298
 	RESERVED
 CVE-2023-23297
 	RESERVED
-CVE-2023-23296
-	RESERVED
-CVE-2023-23295
-	RESERVED
-CVE-2023-23294
-	RESERVED
+CVE-2023-23296 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vu ...)
+	TODO: check
+CVE-2023-23295 (Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vu ...)
+	TODO: check
+CVE-2023-23294 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vu ...)
+	TODO: check
 CVE-2023-23293
 	RESERVED
 CVE-2023-23292
@@ -10755,6 +10885,7 @@ CVE-2023-22744
 CVE-2023-22743 (Git for Windows is the Windows port of the revision control system Git ...)
 	NOT-FOR-US: Git for Windows
 CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...)
+	{DLA-3340-1}
 	- libgit2 1.5.1+ds-1 (bug #1029368)
 	[bullseye] - libgit2 <no-dsa> (Minor issue)
 	[buster] - libgit2 <no-dsa> (Minor issue)
@@ -12524,10 +12655,10 @@ CVE-2023-22432
 	RESERVED
 CVE-2023-22429
 	RESERVED
-CVE-2023-22427
-	RESERVED
-CVE-2023-22425
-	RESERVED
+CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function  ...)
+	TODO: check
+CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
+	TODO: check
 CVE-2023-22424
 	RESERVED
 CVE-2023-22421
@@ -17722,12 +17853,12 @@ CVE-2022-46788
 	RESERVED
 CVE-2022-46787
 	RESERVED
-CVE-2022-46786
-	RESERVED
-CVE-2022-46785
-	RESERVED
-CVE-2022-46784
-	RESERVED
+CVE-2022-46786 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...)
+	TODO: check
+CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...)
+	TODO: check
+CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open re ...)
+	TODO: check
 CVE-2022-46783
 	RESERVED
 CVE-2022-46782
@@ -18665,8 +18796,8 @@ CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sq
 	NOT-FOR-US: dedecms
 CVE-2022-46441
 	RESERVED
-CVE-2022-46440
-	RESERVED
+CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation violation via  ...)
+	TODO: check
 CVE-2022-46439
 	RESERVED
 CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...)
@@ -28456,8 +28587,8 @@ CVE-2023-20091
 	RESERVED
 CVE-2023-20090
 	RESERVED
-CVE-2023-20089
-	RESERVED
+CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...)
+	TODO: check
 CVE-2023-20088
 	RESERVED
 CVE-2023-20087
@@ -28538,8 +28669,8 @@ CVE-2023-20052
 	NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
 CVE-2023-20051
 	RESERVED
-CVE-2023-20050
-	RESERVED
+CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+	TODO: check
 CVE-2023-20049
 	RESERVED
 CVE-2023-20048
@@ -28611,18 +28742,18 @@ CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco I
 	NOT-FOR-US: Cisco
 CVE-2023-20017
 	RESERVED
-CVE-2023-20016
-	RESERVED
-CVE-2023-20015
-	RESERVED
+CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco UCS Manag ...)
+	TODO: check
+CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firep ...)
+	TODO: check
 CVE-2023-20014
 	RESERVED
 CVE-2023-20013
 	RESERVED
-CVE-2023-20012
-	RESERVED
-CVE-2023-20011
-	RESERVED
+CVE-2023-20012 (A vulnerability in the CLI console login authentication of Cisco Nexus ...)
+	TODO: check
+CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco Applica ...)
+	TODO: check
 CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20009
@@ -49638,8 +49769,8 @@ CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd
 	NOT-FOR-US: Tenda
 CVE-2022-36232
 	RESERVED
-CVE-2022-36231
-	RESERVED
+CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution. ...)
+	TODO: check
 CVE-2022-36230
 	RESERVED
 CVE-2022-36229
@@ -66301,8 +66432,8 @@ CVE-2022-1609
 	RESERVED
 CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1607
-	RESERVED
+CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...)
+	TODO: check
 CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...)
 	NOT-FOR-US: M-Files Server
 CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...)
@@ -212970,13 +213101,13 @@ CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote at
 CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
 	NOT-FOR-US: iSmartgate PRO
 CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
-	{DLA-2936-1}
+	{DLA-3340-1 DLA-2936-1}
 	- libgit2 0.28.4+dfsg.1-2
 	[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
-	{DLA-2936-1}
+	{DLA-3340-1 DLA-2936-1}
 	- libgit2 0.28.4+dfsg.1-2
 	[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a78887e369b6c727b3949da43e71518f0dd8cbd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a78887e369b6c727b3949da43e71518f0dd8cbd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/512db9b9/attachment.htm>

More information about the debian-security-tracker-commits mailing list