[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 5 20:10:28 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae5c4d76 by security tracker role at 2023-01-05T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2023-22665
+ RESERVED
+CVE-2023-22652
+ RESERVED
+CVE-2023-22651
+ RESERVED
+CVE-2023-22650
+ RESERVED
+CVE-2023-22649
+ RESERVED
+CVE-2023-22648
+ RESERVED
+CVE-2023-22647
+ RESERVED
+CVE-2023-22646
+ RESERVED
+CVE-2023-22645
+ RESERVED
+CVE-2023-22644
+ RESERVED
+CVE-2023-22643
+ RESERVED
+CVE-2023-22642
+ RESERVED
+CVE-2023-22641
+ RESERVED
+CVE-2023-22640
+ RESERVED
+CVE-2023-22639
+ RESERVED
+CVE-2023-22638
+ RESERVED
+CVE-2023-22637
+ RESERVED
+CVE-2023-22636
+ RESERVED
+CVE-2023-22635
+ RESERVED
+CVE-2023-22634
+ RESERVED
+CVE-2023-22633
+ RESERVED
+CVE-2023-22436
+ RESERVED
+CVE-2023-22301
+ RESERVED
+CVE-2023-22291
+ RESERVED
+CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2023-0085
+ RESERVED
+CVE-2023-0084
+ RESERVED
+CVE-2023-0083
+ RESERVED
+CVE-2023-0082
+ RESERVED
+CVE-2023-0081
+ RESERVED
+CVE-2023-0080
+ RESERVED
+CVE-2023-0079
+ RESERVED
+CVE-2023-0078
+ RESERVED
+CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...)
+ TODO: check
+CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...)
+ TODO: check
+CVE-2022-48220
+ RESERVED
+CVE-2022-48219
+ RESERVED
+CVE-2022-48218
+ RESERVED
+CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has been rat ...)
+ TODO: check
+CVE-2021-4304 (A vulnerability was found in eprintsug ulcc-core. It has been declared ...)
+ TODO: check
+CVE-2021-4303 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2020-36641 (A vulnerability classified as problematic was found in gturri aXMLRPC ...)
+ TODO: check
+CVE-2020-36640 (A vulnerability, which was classified as problematic, was found in bon ...)
+ TODO: check
+CVE-2019-25098 (A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has b ...)
+ TODO: check
+CVE-2019-25097 (A vulnerability was found in soerennb eXtplorer up to 2.1.12 and class ...)
+ TODO: check
+CVE-2019-25096 (A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and ...)
+ TODO: check
+CVE-2019-25095 (A vulnerability, which was classified as problematic, was found in kak ...)
+ TODO: check
+CVE-2018-25065 (A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags a ...)
+ TODO: check
+CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has been rate ...)
+ TODO: check
+CVE-2017-20162 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2016-15010 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+ TODO: check
+CVE-2016-15009 (A vulnerability classified as problematic has been found in OpenACS bu ...)
+ TODO: check
+CVE-2015-10015 (A vulnerability, which was classified as critical, has been found in g ...)
+ TODO: check
+CVE-2015-10014 (A vulnerability classified as critical has been found in arekk uke. Th ...)
+ TODO: check
+CVE-2015-10013 (A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up ...)
+ TODO: check
+CVE-2014-125041 (A vulnerability classified as critical was found in Miccighel PR-CWT. ...)
+ TODO: check
+CVE-2014-125040 (A vulnerability was found in stevejagodzinski DevNewsAggregator. It ha ...)
+ TODO: check
+CVE-2007-10001 (A vulnerability classified as problematic has been found in web-cyradm ...)
+ TODO: check
CVE-2023-22632
RESERVED
CVE-2023-22631
@@ -10,8 +130,8 @@ CVE-2023-22628
RESERVED
CVE-2023-22627
RESERVED
-CVE-2023-22626
- RESERVED
+CVE-2023-22626 (PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because ...)
+ TODO: check
CVE-2023-22625
RESERVED
CVE-2023-22624
@@ -386,8 +506,8 @@ CVE-2023-0030
NOTE: https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)
CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411 ...)
NOT-FOR-US: Multilaser RE708
-CVE-2022-4869
- RESERVED
+CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It has been ...)
+ TODO: check
CVE-2022-48199
RESERVED
CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...)
@@ -2621,28 +2741,28 @@ CVE-2022-47665
RESERVED
CVE-2022-47664
RESERVED
-CVE-2022-47663
- RESERVED
-CVE-2022-47662
- RESERVED
-CVE-2022-47661
- RESERVED
-CVE-2022-47660
- RESERVED
-CVE-2022-47659
- RESERVED
-CVE-2022-47658
- RESERVED
-CVE-2022-47657
- RESERVED
-CVE-2022-47656
- RESERVED
-CVE-2022-47655
- RESERVED
-CVE-2022-47654
- RESERVED
-CVE-2022-47653
- RESERVED
+CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
+ TODO: check
+CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...)
+ TODO: check
+CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...)
+ TODO: check
+CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
+ TODO: check
+CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
+ TODO: check
+CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...)
+ TODO: check
+CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
+ TODO: check
CVE-2022-47652
RESERVED
CVE-2022-47651
@@ -3055,8 +3175,8 @@ CVE-2022-47525
RESERVED
CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...)
NOT-FOR-US: F-Secure SAFE Browser
-CVE-2022-47523
- RESERVED
+CVE-2022-47523 (Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pr ...)
+ TODO: check
CVE-2022-4607 (A vulnerability was found in 3D City Database OGC Web Feature Service ...)
NOT-FOR-US: 3D City Database OGC Web Feature Service
CVE-2021-4257 (A vulnerability was found in ctrlo lenio. It has been declared as prob ...)
@@ -5285,14 +5405,14 @@ CVE-2022-4436 (Use after free in Blink Media in Google Chrome prior to 108.0.535
{DSA-5302-1}
- chromium 108.0.5359.124-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-4435
- RESERVED
-CVE-2022-4434
- RESERVED
-CVE-2022-4433
- RESERVED
-CVE-2022-4432
- RESERVED
+CVE-2022-4435 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...)
+ TODO: check
+CVE-2022-4434 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...)
+ TODO: check
+CVE-2022-4433 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...)
+ TODO: check
+CVE-2022-4432 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...)
+ TODO: check
CVE-2022-4431
RESERVED
CVE-2022-4430
@@ -5503,26 +5623,26 @@ CVE-2022-47097
RESERVED
CVE-2022-47096
RESERVED
-CVE-2022-47095
- RESERVED
-CVE-2022-47094
- RESERVED
-CVE-2022-47093
- RESERVED
-CVE-2022-47092
- RESERVED
-CVE-2022-47091
- RESERVED
+CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
+ TODO: check
+CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
+ TODO: check
+CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...)
+ TODO: check
+CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow ...)
+ TODO: check
+CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
+ TODO: check
CVE-2022-47090
RESERVED
-CVE-2022-47089
- RESERVED
-CVE-2022-47088
- RESERVED
-CVE-2022-47087
- RESERVED
-CVE-2022-47086
- RESERVED
+CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...)
+ TODO: check
+CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
+ TODO: check
CVE-2022-47085
RESERVED
CVE-2022-47084
@@ -6216,8 +6336,7 @@ CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has bee
NOT-FOR-US: S-CMS
CVE-2022-4376
RESERVED
-CVE-2022-4378
- RESERVED
+CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
@@ -7214,10 +7333,10 @@ CVE-2022-46492 (nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discov
NOT-FOR-US: nbnbk
CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administr ...)
NOT-FOR-US: nbnbk
-CVE-2022-46490
- RESERVED
-CVE-2022-46489
- RESERVED
+CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
+ TODO: check
+CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
+ TODO: check
CVE-2022-46488
RESERVED
CVE-2022-46487
@@ -8433,8 +8552,8 @@ CVE-2022-46169 (Cacti is an open source platform which provides a robust and ext
NOTE: Fixup for 1.2.x with PHP < 7.0: https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
-CVE-2022-46168
- RESERVED
+CVE-2022-46168 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...)
NOT-FOR-US: Capsule
CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...)
@@ -8851,8 +8970,8 @@ CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. ..
NOT-FOR-US: Tenda
CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd ...)
NOT-FOR-US: Tenda
-CVE-2022-45995
- RESERVED
+CVE-2022-45995 (There is an unauthorized buffer overflow vulnerability in Tenda AX12 v ...)
+ TODO: check
CVE-2022-45994
RESERVED
CVE-2022-45993
@@ -9204,8 +9323,8 @@ CVE-2022-45859
RESERVED
CVE-2022-45858
RESERVED
-CVE-2022-45857
- RESERVED
+CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the FortiManag ...)
+ TODO: check
CVE-2022-45856
RESERVED
CVE-2022-45855
@@ -9389,6 +9508,7 @@ CVE-2022-45786
RESERVED
CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c]
RESERVED
+ {DLA-3261-1}
- libetpan 1.9.4-3.1 (bug #1025120)
[bullseye] - libetpan <no-dsa> (Minor issue)
NOTE: https://github.com/dinhvh/libetpan/issues/420
@@ -17292,8 +17412,7 @@ CVE-2022-3717
REJECTED
CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Online Medicine Ordering System
-CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]
- RESERVED
+CVE-2022-3715 (A flaw was found in the bash package, where a heap-buffer overflow can ...)
- bash 5.2-1
[bullseye] - bash <no-dsa> (Minor issue)
[buster] - bash <no-dsa> (Minor issue)
@@ -17347,8 +17466,8 @@ CVE-2022-3707
NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...)
- gitlab <unfixed>
-CVE-2022-43932
- RESERVED
+CVE-2022-43932 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop Functionality in S ...)
NOT-FOR-US: Synology VPN Plus Server
CVE-2022-43930
@@ -17523,8 +17642,8 @@ CVE-2022-43846
RESERVED
CVE-2022-43845
RESERVED
-CVE-2022-43844
- RESERVED
+CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is v ...)
+ TODO: check
CVE-2022-43843
RESERVED
CVE-2022-43842
@@ -18271,8 +18390,8 @@ CVE-2022-43575
RESERVED
CVE-2022-43574 ("IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21 ...)
NOT-FOR-US: IBM
-CVE-2022-43573
- RESERVED
+CVE-2022-43573 (IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to e ...)
+ TODO: check
CVE-2022-43572 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...)
@@ -23365,8 +23484,8 @@ CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open
- nginx 1.22.1-1
NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1)
NOTE: Only affects the nginx-extras binary package
-CVE-2022-41740
- RESERVED
+CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could allow an att ...)
+ TODO: check
CVE-2022-41739
RESERVED
CVE-2022-41738
@@ -25958,6 +26077,7 @@ CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (
CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)
NOT-FOR-US: VBASE
CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
+ {DLA-3262-1}
- smarty3 3.1.47-1 (bug #1019897)
- smarty4 4.2.1-1 (bug #1019896)
NOTE: https://github.com/smarty-php/smarty/issues/454
@@ -75299,10 +75419,10 @@ CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Ku
NOT-FOR-US: aad-pod-identity
CVE-2022-23550
RESERVED
-CVE-2022-23549
- RESERVED
-CVE-2022-23548
- RESERVED
+CVE-2022-23549 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
+CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
- asterisk <unfixed>
- ring <unfixed>
@@ -75317,8 +75437,8 @@ CVE-2022-23547 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr
NOTE: https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36
-CVE-2022-23546
- RESERVED
+CVE-2022-23546 (In version 2.9.0.beta14 of Discourse, an open-source discussion platfo ...)
+ TODO: check
CVE-2022-23545
RESERVED
CVE-2022-23544 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5c4d767d787a31a8c87e31d0b8e15d2aa7b3ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5c4d767d787a31a8c87e31d0b8e15d2aa7b3ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230105/a3a38229/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list