[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 4 20:10:36 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8fd7e99 by security tracker role at 2023-01-04T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2023-22618
+ RESERVED
+CVE-2023-22617
+ RESERVED
+CVE-2023-22616
+ RESERVED
+CVE-2023-22615
+ RESERVED
+CVE-2023-22614
+ RESERVED
+CVE-2023-22613
+ RESERVED
+CVE-2023-22612
+ RESERVED
+CVE-2023-22611
+ RESERVED
+CVE-2023-22610
+ RESERVED
+CVE-2023-22609
+ RESERVED
+CVE-2023-22608
+ RESERVED
+CVE-2023-22607
+ RESERVED
+CVE-2023-22606
+ RESERVED
+CVE-2023-22605
+ RESERVED
+CVE-2023-22604
+ RESERVED
+CVE-2023-22603
+ RESERVED
+CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. ...)
+ TODO: check
+CVE-2023-0053
+ RESERVED
+CVE-2023-0052
+ RESERVED
+CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
+ TODO: check
+CVE-2023-0050
+ RESERVED
+CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. ...)
+ TODO: check
+CVE-2023-0048 (Code Injection in GitHub repository lirantal/daloradius prior to maste ...)
+ TODO: check
+CVE-2023-0047
+ RESERVED
+CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in GitHub ...)
+ TODO: check
+CVE-2023-0045
+ RESERVED
+CVE-2023-0044
+ RESERVED
+CVE-2022-4874
+ RESERVED
+CVE-2022-4873
+ RESERVED
+CVE-2022-4872
+ RESERVED
+CVE-2022-48217 (** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operatin ...)
+ TODO: check
+CVE-2022-48216 (Uniswap Universal Router before 1.1.0 mishandles reentrancy. This woul ...)
+ TODO: check
+CVE-2020-36639 (A vulnerability has been found in AlliedModders AMX Mod X and classifi ...)
+ TODO: check
+CVE-2019-25094 (A vulnerability, which was classified as problematic, was found in inn ...)
+ TODO: check
+CVE-2016-15008 (A vulnerability was found in oxguy3 coebot-www and classified as probl ...)
+ TODO: check
+CVE-2014-125039 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2010-10003 (A vulnerability classified as critical was found in gesellix titlelink ...)
+ TODO: check
CVE-2023-22602
RESERVED
CVE-2023-22601
@@ -596,23 +670,23 @@ CVE-2023-22467
RESERVED
CVE-2023-22466
RESERVED
-CVE-2023-22465
- RESERVED
-CVE-2023-22463
- RESERVED
+CVE-2023-22465 (Http4s is a Scala interface for HTTP services. Starting with version 0 ...)
+ TODO: check
+CVE-2023-22463 (KubePi is a k8s panel. The jwt authentication function of KubePi throu ...)
+ TODO: check
CVE-2023-22462
RESERVED
-CVE-2023-22461
- RESERVED
-CVE-2023-22460
- RESERVED
+CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cross-sit ...)
+ TODO: check
+CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...)
+ TODO: check
CVE-2023-22459
RESERVED
CVE-2023-22458
RESERVED
-CVE-2023-22457
- RESERVED
-CVE-2023-22464
+CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages using CKEd ...)
+ TODO: check
+CVE-2023-22464 (ViewVC is a browser interface for CVS and Subversion version control r ...)
- viewvc <removed>
NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216
NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h
@@ -7110,10 +7184,10 @@ CVE-2022-46459
RESERVED
CVE-2022-46458
RESERVED
-CVE-2022-46457
- RESERVED
-CVE-2022-46456
- RESERVED
+CVE-2022-46457 (NASM v2.16 was discovered to contain a segmentation violation in the c ...)
+ TODO: check
+CVE-2022-46456 (NASM v2.16 was discovered to contain a global buffer overflow in the c ...)
+ TODO: check
CVE-2022-46455
RESERVED
CVE-2022-46454
@@ -8228,8 +8302,8 @@ CVE-2022-46182
RESERVED
CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...)
NOT-FOR-US: Gotify server
-CVE-2022-46180
- RESERVED
+CVE-2022-46180 (Discourse Mermaid (discourse-mermaid-theme-component) allows users of ...)
+ TODO: check
CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...)
NOT-FOR-US: LiuOS
CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
@@ -8954,8 +9028,8 @@ CVE-2022-45883
RESERVED
CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...)
NOT-FOR-US: OpenHarmony
-CVE-2022-45875
- RESERVED
+CVE-2022-45875 (Improper validation of script alert plugin parameters in Apache Dolphi ...)
+ TODO: check
CVE-2022-45874 (Huawei Aslan Children's Watch has an improper authorization vulnerabil ...)
NOT-FOR-US: Huawei
CVE-2022-45126
@@ -11543,14 +11617,14 @@ CVE-2022-45054
RESERVED
CVE-2022-45053
RESERVED
-CVE-2022-45052
- RESERVED
-CVE-2022-45051
- RESERVED
+CVE-2022-45052 (A Local File Inclusion vulnerability has been found in Axiell Iguana C ...)
+ TODO: check
+CVE-2022-45051 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...)
+ TODO: check
CVE-2022-45050 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...)
NOT-FOR-US: Axiell Iguana CMS
-CVE-2022-45049
- RESERVED
+CVE-2022-45049 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...)
+ TODO: check
CVE-2022-45048
RESERVED
CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
@@ -14270,56 +14344,56 @@ CVE-2022-44448
RESERVED
CVE-2022-44447
RESERVED
-CVE-2022-44446
- RESERVED
-CVE-2022-44445
- RESERVED
-CVE-2022-44444
- RESERVED
-CVE-2022-44443
- RESERVED
-CVE-2022-44442
- RESERVED
-CVE-2022-44441
- RESERVED
-CVE-2022-44440
- RESERVED
-CVE-2022-44439
- RESERVED
-CVE-2022-44438
- RESERVED
-CVE-2022-44437
- RESERVED
-CVE-2022-44436
- RESERVED
-CVE-2022-44435
- RESERVED
-CVE-2022-44434
- RESERVED
+CVE-2022-44446 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44445 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44444 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44443 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44442 (In wlan driver, there is a possible missing bounds check, This could l ...)
+ TODO: check
+CVE-2022-44441 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44440 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44439 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-44438 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-44437 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-44436 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-44435 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-44434 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
CVE-2022-44433
RESERVED
-CVE-2022-44432
- RESERVED
-CVE-2022-44431
- RESERVED
-CVE-2022-44430
- RESERVED
-CVE-2022-44429
- RESERVED
-CVE-2022-44428
- RESERVED
-CVE-2022-44427
- RESERVED
-CVE-2022-44426
- RESERVED
-CVE-2022-44425
- RESERVED
-CVE-2022-44424
- RESERVED
-CVE-2022-44423
- RESERVED
-CVE-2022-44422
- RESERVED
+CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44430 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44429 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44428 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44427 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44426 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44425 (In wlan driver, there is a possible missing bounds check. This could l ...)
+ TODO: check
+CVE-2022-44424 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-44423 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-44422 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
CVE-2022-44421
RESERVED
CVE-2022-44420
@@ -17188,8 +17262,8 @@ CVE-2022-43922
RESERVED
CVE-2022-43921
RESERVED
-CVE-2022-43920
- RESERVED
+CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...)
+ TODO: check
CVE-2022-43919
RESERVED
CVE-2022-43918
@@ -29688,12 +29762,12 @@ CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to
NOT-FOR-US: Unisoc
CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
-CVE-2022-39118
- RESERVED
+CVE-2022-39118 (In sprd_sysdump driver, there is a possible out of bounds write due to ...)
+ TODO: check
CVE-2022-39117 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
-CVE-2022-39116
- RESERVED
+CVE-2022-39116 (In sprd_sysdump driver, there is a possible out of bounds write due to ...)
+ TODO: check
CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...)
@@ -29716,8 +29790,8 @@ CVE-2022-39106 (In sensor driver, there is a possible out of bounds write due to
NOT-FOR-US: Unisoc
CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: Unisoc
-CVE-2022-39104
- RESERVED
+CVE-2022-39104 (In contacts service, there is a missing permission check. This could l ...)
+ TODO: check
CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39102 (In power management service, there is a missing permission check. This ...)
@@ -29748,22 +29822,22 @@ CVE-2022-39090 (In power management service, there is a missing permission check
NOT-FOR-US: Unisoc
CVE-2022-39089
RESERVED
-CVE-2022-39088
- RESERVED
-CVE-2022-39087
- RESERVED
-CVE-2022-39086
- RESERVED
-CVE-2022-39085
- RESERVED
-CVE-2022-39084
- RESERVED
-CVE-2022-39083
- RESERVED
-CVE-2022-39082
- RESERVED
-CVE-2022-39081
- RESERVED
+CVE-2022-39088 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39087 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39086 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39085 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39084 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39083 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39082 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-39081 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before 2.1.6 does ...)
@@ -31077,20 +31151,20 @@ CVE-2022-38686
RESERVED
CVE-2022-38685
RESERVED
-CVE-2022-38684
- RESERVED
-CVE-2022-38683
- RESERVED
-CVE-2022-38682
- RESERVED
+CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...)
+ TODO: check
+CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...)
+ TODO: check
+CVE-2022-38682 (In contacts service, there is a missing permission check. This could l ...)
+ TODO: check
CVE-2022-38681
RESERVED
CVE-2022-38680
RESERVED
CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
-CVE-2022-38678
- RESERVED
+CVE-2022-38678 (In contacts service, there is a missing permission check. This could l ...)
+ TODO: check
CVE-2022-38677 (In cell service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
@@ -55584,7 +55658,7 @@ CVE-2022-29900 (Mis-trained branch predictions for return instructions may allow
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
NOTE: https://xenbits.xen.org/xsa/advisory-407.html
CVE-2022-29899
- RESERVED
+ REJECTED
CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
NOT-FOR-US: RAD-ISM-900-EN
CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
@@ -67044,8 +67118,8 @@ CVE-2022-25928
RESERVED
CVE-2022-25927
RESERVED
-CVE-2022-25926
- RESERVED
+CVE-2022-25926 (Versions of the package window-control before 1.4.5 are vulnerable to ...)
+ TODO: check
CVE-2022-25925
RESERVED
CVE-2022-25924
@@ -76124,7 +76198,7 @@ CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0259
- RESERVED
+ REJECTED
CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...)
NOT-FOR-US: pimcore
CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
@@ -79473,8 +79547,8 @@ CVE-2022-22354 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spec
NOT-FOR-US: IBM
CVE-2022-22353 (IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 c ...)
NOT-FOR-US: IBM
-CVE-2022-22352
- RESERVED
+CVE-2022-22352 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...)
+ TODO: check
CVE-2022-22351 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trust ...)
NOT-FOR-US: IBM
CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
@@ -79501,10 +79575,10 @@ CVE-2022-22340
RESERVED
CVE-2022-22339 (IBM Planning Analytics 2.0 is vulnerable to server-side request forger ...)
NOT-FOR-US: IBM
-CVE-2022-22338
- RESERVED
-CVE-2022-22337
- RESERVED
+CVE-2022-22338 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...)
+ TODO: check
+CVE-2022-22337 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...)
+ TODO: check
CVE-2022-22336 (IBM Sterling External Authentication Server and IBM Sterling Secure Pr ...)
NOT-FOR-US: IBM
CVE-2022-22335
@@ -96116,25 +96190,25 @@ CVE-2021-41988
CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products, an attack ...)
NOT-FOR-US: Mikrotik
CVE-2021-41986
- RESERVED
+ REJECTED
CVE-2021-41985
- RESERVED
+ REJECTED
CVE-2021-41984
- RESERVED
+ REJECTED
CVE-2021-41983
- RESERVED
+ REJECTED
CVE-2021-41982
- RESERVED
+ REJECTED
CVE-2021-41981
- RESERVED
+ REJECTED
CVE-2021-41980
- RESERVED
+ REJECTED
CVE-2021-41979
- RESERVED
+ REJECTED
CVE-2021-41978
- RESERVED
+ REJECTED
CVE-2021-41977
- RESERVED
+ REJECTED
CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...)
NOT-FOR-US: Tad Uploader
CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...)
@@ -103865,8 +103939,8 @@ CVE-2021-38930 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.
NOT-FOR-US: IBM
CVE-2021-38929 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...)
NOT-FOR-US: IBM
-CVE-2021-38928
- RESERVED
+CVE-2021-38928 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 u ...)
+ TODO: check
CVE-2021-38927
RESERVED
CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8fd7e99c1cbfaaf94602937fda6d858dc99d9a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8fd7e99c1cbfaaf94602937fda6d858dc99d9a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230104/0da6427b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list