[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 26 20:10:39 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3bfd66dc by security tracker role at 2023-02-26T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,175 @@
-CVE-2023-26545 [net: mpls: fix stale pointer if allocation fails during device rename]
+CVE-2023-26602
+ RESERVED
+CVE-2023-26601
+ RESERVED
+CVE-2023-26600
+ RESERVED
+CVE-2023-26599
+ RESERVED
+CVE-2023-26598
+ RESERVED
+CVE-2023-26588
+ RESERVED
+CVE-2023-26584
+ RESERVED
+CVE-2023-26583
+ RESERVED
+CVE-2023-26582
+ RESERVED
+CVE-2023-26581
+ RESERVED
+CVE-2023-26580
+ RESERVED
+CVE-2023-26579
+ RESERVED
+CVE-2023-26578
+ RESERVED
+CVE-2023-26577
+ RESERVED
+CVE-2023-26576
+ RESERVED
+CVE-2023-26575
+ RESERVED
+CVE-2023-26574
+ RESERVED
+CVE-2023-26573
+ RESERVED
+CVE-2023-26572
+ RESERVED
+CVE-2023-26571
+ RESERVED
+CVE-2023-26570
+ RESERVED
+CVE-2023-26569
+ RESERVED
+CVE-2023-26568
+ RESERVED
+CVE-2023-26567
+ RESERVED
+CVE-2023-26566
+ RESERVED
+CVE-2023-26565
+ RESERVED
+CVE-2023-26564
+ RESERVED
+CVE-2023-26563
+ RESERVED
+CVE-2023-26562
+ RESERVED
+CVE-2023-26561
+ RESERVED
+CVE-2023-26560
+ RESERVED
+CVE-2023-26559
+ RESERVED
+CVE-2023-26558
+ RESERVED
+CVE-2023-26557
+ RESERVED
+CVE-2023-26556
+ RESERVED
+CVE-2023-26555
+ RESERVED
+CVE-2023-26554
+ RESERVED
+CVE-2023-26553
+ RESERVED
+CVE-2023-26552
+ RESERVED
+CVE-2023-26551
+ RESERVED
+CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...)
+ TODO: check
+CVE-2023-26549
+ RESERVED
+CVE-2023-26548
+ RESERVED
+CVE-2023-26547
+ RESERVED
+CVE-2023-26546
+ RESERVED
+CVE-2023-24544
+ RESERVED
+CVE-2023-24464
+ RESERVED
+CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...)
+ TODO: check
+CVE-2023-1046 (A vulnerability classified as critical has been found in MuYuCMS 2.2. ...)
+ TODO: check
+CVE-2023-1045 (A vulnerability was found in MuYuCMS 2.2. It has been rated as problem ...)
+ TODO: check
+CVE-2023-1044 (A vulnerability was found in MuYuCMS 2.2. It has been declared as prob ...)
+ TODO: check
+CVE-2023-1043 (A vulnerability was found in MuYuCMS 2.2. It has been classified as pr ...)
+ TODO: check
+CVE-2023-1042 (A vulnerability has been found in SourceCodester Online Pet Shop We Ap ...)
+ TODO: check
+CVE-2023-1041 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-1040 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1039 (A vulnerability classified as critical was found in SourceCodester Cla ...)
+ TODO: check
+CVE-2023-1038 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-1037 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...)
+ TODO: check
+CVE-2023-1036 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...)
+ TODO: check
+CVE-2023-1035 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
+ TODO: check
+CVE-2023-1034 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...)
+ TODO: check
+CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
+ TODO: check
+CVE-2023-1032
+ RESERVED
+CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...)
+ TODO: check
+CVE-2022-48361
+ RESERVED
+CVE-2022-48360
+ RESERVED
+CVE-2022-48359
+ RESERVED
+CVE-2022-48358
+ RESERVED
+CVE-2022-48357
+ RESERVED
+CVE-2022-48356
+ RESERVED
+CVE-2022-48355
+ RESERVED
+CVE-2022-48354
+ RESERVED
+CVE-2022-48353
+ RESERVED
+CVE-2022-48352
+ RESERVED
+CVE-2022-48351
+ RESERVED
+CVE-2022-48350
+ RESERVED
+CVE-2022-48349
+ RESERVED
+CVE-2022-48348
+ RESERVED
+CVE-2022-48347
+ RESERVED
+CVE-2022-48346
+ RESERVED
+CVE-2020-36662
+ RESERVED
+CVE-2015-10087
+ RESERVED
+CVE-2015-10086
+ RESERVED
+CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2)
-CVE-2023-26544 [KASAN: use-after-free Read in run_unpack]
+CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in ...)
- linux <unfixed> (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -19,8 +187,8 @@ CVE-2023-1027
RESERVED
CVE-2023-1026
RESERVED
-CVE-2019-25105
- RESERVED
+CVE-2019-25105 (A vulnerability, which was classified as problematic, was found in dro ...)
+ TODO: check
CVE-2023-26543
RESERVED
CVE-2023-26542
@@ -1198,10 +1366,10 @@ CVE-2023-26106
RESERVED
CVE-2023-26105
RESERVED
-CVE-2023-26104
- RESERVED
-CVE-2023-26103
- RESERVED
+CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to Denial o ...)
+ TODO: check
+CVE-2023-26103 (Versions of the package deno before 1.31.0 are vulnerable to Regular E ...)
+ TODO: check
CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype Pollutio ...)
TODO: check
CVE-2023-0926
@@ -1238,8 +1406,8 @@ CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injec
NOT-FOR-US: Liima
CVE-2023-26092 (Liima before 1.17.28 allows server-side template injection. ...)
NOT-FOR-US: Liima
-CVE-2023-26091
- RESERVED
+CVE-2023-26091 (The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4. ...)
+ TODO: check
CVE-2023-26090
RESERVED
CVE-2023-26089
@@ -1429,22 +1597,22 @@ CVE-2023-26041
RESERVED
CVE-2023-26040
RESERVED
-CVE-2023-26039
- RESERVED
-CVE-2023-26038
- RESERVED
-CVE-2023-26037
- RESERVED
-CVE-2023-26036
- RESERVED
-CVE-2023-26035
- RESERVED
-CVE-2023-26034
- RESERVED
-CVE-2023-26033
- RESERVED
-CVE-2023-26032
- RESERVED
+CVE-2023-26039 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
+CVE-2023-26038 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
+CVE-2023-26037 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
+CVE-2023-26036 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
+CVE-2023-26035 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
+CVE-2023-26034 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
+CVE-2023-26033 (Gentoo soko is the code that powers packages.gentoo.org. Versions prio ...)
+ TODO: check
+CVE-2023-26032 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
CVE-2023-26031
RESERVED
CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
@@ -1981,8 +2149,8 @@ CVE-2023-25827
RESERVED
CVE-2023-25826
RESERVED
-CVE-2023-25825
- RESERVED
+CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television software a ...)
+ TODO: check
CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions ...)
- mod-gnutls <unfixed> (bug #942737)
NOTE: https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8
@@ -1991,8 +2159,8 @@ CVE-2023-25823 (Gradio is an open-source Python library to build machine learnin
TODO: check
CVE-2023-25822
RESERVED
-CVE-2023-25821
- RESERVED
+CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.0.4 an ...)
+ TODO: check
CVE-2023-25820
RESERVED
CVE-2023-25819
@@ -2001,8 +2169,8 @@ CVE-2023-25818
RESERVED
CVE-2023-25817
RESERVED
-CVE-2023-25816
- RESERVED
+CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
+ TODO: check
CVE-2023-25815
RESERVED
CVE-2023-25814
@@ -59793,8 +59961,8 @@ CVE-2022-32538
RESERVED
CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user to learn ...)
NOT-FOR-US: Medtronic
-CVE-2022-2024
- RESERVED
+CVE-2022-2024 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. ...)
+ TODO: check
CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...)
NOT-FOR-US: Trudesk
CVE-2017-20050
@@ -81660,7 +81828,7 @@ CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior t
CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...)
NOT-FOR-US: Corda
CVE-2022-25147 (Integer Overflow or Wraparound vulnerability in apr_base64 functions o ...)
- {DLA-3332-1}
+ {DSA-5364-1 DLA-3332-1}
- apr-util 1.6.3-1
NOTE: https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
NOTE: http://svn.apache.org/r1904728
@@ -148300,8 +148468,8 @@ CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrar
NOT-FOR-US: WinSCP
CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
NOT-FOR-US: Zephyr, different from src:zephyr
-CVE-2021-3329
- RESERVED
+CVE-2021-3329 (Lack of proper validation in HCI Host stack initialization can cause a ...)
+ TODO: check
CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
NOT-FOR-US: Aprelium Abyss Web Server
CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bfd66dc22c0a83a34a75c8f32ae03396e546502
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bfd66dc22c0a83a34a75c8f32ae03396e546502
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230226/140e4df3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list