[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 6 08:10:30 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c725884f by security tracker role at 2023-01-06T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...)
+ TODO: check
+CVE-2023-22670
+ RESERVED
+CVE-2023-22669
+ RESERVED
+CVE-2023-22668
+ RESERVED
+CVE-2023-22667
+ RESERVED
+CVE-2023-22666
+ RESERVED
+CVE-2023-0094
+ RESERVED
+CVE-2023-0093
+ RESERVED
+CVE-2023-0092
+ RESERVED
+CVE-2023-0090
+ RESERVED
+CVE-2023-0089
+ RESERVED
+CVE-2022-48228
+ RESERVED
+CVE-2022-48227
+ RESERVED
+CVE-2022-48226
+ RESERVED
+CVE-2022-48225
+ RESERVED
+CVE-2022-48224
+ RESERVED
+CVE-2022-48223
+ RESERVED
+CVE-2022-48222
+ RESERVED
+CVE-2022-48221
+ RESERVED
+CVE-2017-20163 (A vulnerability has been found in Red Snapper NView and classified as ...)
+ TODO: check
+CVE-2014-125045 (A vulnerability has been found in meol1 and classified as critical. Af ...)
+ TODO: check
+CVE-2014-125044 (A vulnerability, which was classified as critical, was found in soshto ...)
+ TODO: check
+CVE-2014-125043 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2014-125042 (A vulnerability classified as problematic was found in vicamo NetworkM ...)
+ TODO: check
CVE-2023-22665
RESERVED
CVE-2023-22652
@@ -47,6 +95,7 @@ CVE-2023-22301
CVE-2023-22291
RESERVED
CVE-2023-0091
+ RESERVED
NOT-FOR-US: Keycloak
CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...)
NOT-FOR-US: Swifty Page Manager plugin for WordPress
@@ -914,12 +963,12 @@ CVE-2023-22456 (ViewVC, a browser interface for CVS and Subversion version contr
NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216
NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g
NOTE: https://github.com/viewvc/viewvc/commit/2d57d713aa9b64558a9ba3ea187866ce98564c0a (1.1.29)
-CVE-2023-22455
- RESERVED
-CVE-2023-22454
- RESERVED
-CVE-2023-22453
- RESERVED
+CVE-2023-22455 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
+CVE-2023-22454 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
+CVE-2023-22453 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
CVE-2023-22452 (kenny2automate is a Discord bot. In the web interface for server setti ...)
NOT-FOR-US: kenny2automate
CVE-2023-22451 (Kiwi TCMS is an open source test management system. In version 11.6 an ...)
@@ -3097,10 +3146,10 @@ CVE-2022-47546
RESERVED
CVE-2022-47545
RESERVED
-CVE-2022-47544
- RESERVED
-CVE-2022-47543
- RESERVED
+CVE-2022-47544 (An issue was discovered in Siren Investigate before 12.1.7. Script var ...)
+ TODO: check
+CVE-2022-47543 (An issue was discovered in Siren Investigate before 12.1.7. There is a ...)
+ TODO: check
CVE-2022-47542
RESERVED
CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
@@ -8526,8 +8575,8 @@ CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions o
NOT-FOR-US: LiuOS
CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
NOT-FOR-US: MeterSphere
-CVE-2022-46177
- RESERVED
+CVE-2022-46177 (Discourse is an option source discussion platform. Prior to version 2. ...)
+ TODO: check
CVE-2022-46176
RESERVED
CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be ...)
@@ -11592,12 +11641,12 @@ CVE-2022-3931
REJECTED
CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3929
- RESERVED
-CVE-2022-3928
- RESERVED
-CVE-2022-3927
- RESERVED
+CVE-2022-3929 (Communication between the client and the server application of the aff ...)
+ TODO: check
+CVE-2022-3928 (Hardcoded credential is found in affected products' message queue. An ...)
+ TODO: check
+CVE-2022-3927 (The affected products store both public and private key that are used ...)
+ TODO: check
CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
@@ -12261,8 +12310,8 @@ CVE-2022-44879
RESERVED
CVE-2022-44878
RESERVED
-CVE-2022-44877
- RESERVED
+CVE-2022-44877 (RESERVED An issue in the /login/index.php component of Centos Web Pane ...)
+ TODO: check
CVE-2022-44876
RESERVED
CVE-2022-44875
@@ -12275,8 +12324,8 @@ CVE-2022-44872
RESERVED
CVE-2022-44871
RESERVED
-CVE-2022-44870
- RESERVED
+CVE-2022-44870 (A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022 ...)
+ TODO: check
CVE-2022-44869
RESERVED
CVE-2022-44868
@@ -14326,18 +14375,18 @@ CVE-2022-44543
RESERVED
CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...)
NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less)
-CVE-2022-44541
- RESERVED
-CVE-2022-44540
- RESERVED
-CVE-2022-44539
- RESERVED
-CVE-2022-44538
- RESERVED
-CVE-2022-44537
- RESERVED
-CVE-2022-44536
- RESERVED
+CVE-2022-44541 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2022-44540 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2022-44539 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2022-44538 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2022-44537 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2022-44536 (CVE was unused by HPE. ...)
+ TODO: check
CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
NOT-FOR-US: Aruba
CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
@@ -20025,8 +20074,8 @@ CVE-2022-42981
RESERVED
CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...)
NOT-FOR-US: go-admin (aka GO Admin)
-CVE-2022-42979
- RESERVED
+CVE-2022-42979 (Information disclosure due to an insecure hostname validation in the R ...)
+ TODO: check
CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...)
NOT-FOR-US: Atlassian Confluence addon
CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...)
@@ -26593,16 +26642,16 @@ CVE-2022-40522
RESERVED
CVE-2022-40521
RESERVED
-CVE-2022-40520
- RESERVED
-CVE-2022-40519
- RESERVED
-CVE-2022-40518
- RESERVED
-CVE-2022-40517
- RESERVED
-CVE-2022-40516
- RESERVED
+CVE-2022-40520 (Memory corruption due to stack-based buffer overflow in Core ...)
+ TODO: check
+CVE-2022-40519 (Information disclosure due to buffer overread in Core ...)
+ TODO: check
+CVE-2022-40518 (Information disclosure due to buffer overread in Core ...)
+ TODO: check
+CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow ...)
+ TODO: check
+CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ...)
+ TODO: check
CVE-2022-40515
RESERVED
CVE-2022-40514
@@ -27729,8 +27778,8 @@ CVE-2022-40051
RESERVED
CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload vulner ...)
NOT-FOR-US: ZFile
-CVE-2022-40049
- RESERVED
+CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park Ticketing Sys ...)
+ TODO: check
CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
NOT-FOR-US: Flatpress
CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...)
@@ -46115,10 +46164,10 @@ CVE-2022-33302
RESERVED
CVE-2022-33301
RESERVED
-CVE-2022-33300
- RESERVED
-CVE-2022-33299
- RESERVED
+CVE-2022-33300 (Memory corruption in Automotive Android OS due to improper input valid ...)
+ TODO: check
+CVE-2022-33299 (Transient DOS due to null pointer dereference in Bluetooth HOST while ...)
+ TODO: check
CVE-2022-33298
RESERVED
CVE-2022-33297
@@ -46135,22 +46184,22 @@ CVE-2022-33292
RESERVED
CVE-2022-33291
RESERVED
-CVE-2022-33290
- RESERVED
+CVE-2022-33290 (Transient DOS in Bluetooth HOST due to null pointer dereference when a ...)
+ TODO: check
CVE-2022-33289
RESERVED
CVE-2022-33288
RESERVED
CVE-2022-33287
RESERVED
-CVE-2022-33286
- RESERVED
-CVE-2022-33285
- RESERVED
-CVE-2022-33284
- RESERVED
-CVE-2022-33283
- RESERVED
+CVE-2022-33286 (Transient DOS due to buffer over-read in WLAN while processing 802.11 ...)
+ TODO: check
+CVE-2022-33285 (Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA a ...)
+ TODO: check
+CVE-2022-33284 (Information disclosure due to buffer over-read in WLAN while parsing B ...)
+ TODO: check
+CVE-2022-33283 (Information disclosure due to buffer over-read in WLAN while WLAN fram ...)
+ TODO: check
CVE-2022-33282
RESERVED
CVE-2022-33281
@@ -46163,12 +46212,12 @@ CVE-2022-33278
RESERVED
CVE-2022-33277
RESERVED
-CVE-2022-33276
- RESERVED
+CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
+ TODO: check
CVE-2022-33275
RESERVED
-CVE-2022-33274
- RESERVED
+CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...)
+ TODO: check
CVE-2022-33273
RESERVED
CVE-2022-33272
@@ -46183,10 +46232,10 @@ CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth HOST
NOT-FOR-US: Qualcomm
CVE-2022-33267
RESERVED
-CVE-2022-33266
- RESERVED
-CVE-2022-33265
- RESERVED
+CVE-2022-33266 (Memory corruption in Audio due to integer overflow to buffer overflow ...)
+ TODO: check
+CVE-2022-33265 (Memory corruption due to information exposure in Powerline Communicati ...)
+ TODO: check
CVE-2022-33264
RESERVED
CVE-2022-33263
@@ -46205,14 +46254,14 @@ CVE-2022-33257
RESERVED
CVE-2022-33256
RESERVED
-CVE-2022-33255
- RESERVED
+CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...)
+ TODO: check
CVE-2022-33254
RESERVED
-CVE-2022-33253
- RESERVED
-CVE-2022-33252
- RESERVED
+CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted ...)
+ TODO: check
+CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling ...)
+ TODO: check
CVE-2022-33251
RESERVED
CVE-2022-33250
@@ -46277,10 +46326,10 @@ CVE-2022-33221
RESERVED
CVE-2022-33220
RESERVED
-CVE-2022-33219
- RESERVED
-CVE-2022-33218
- RESERVED
+CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...)
+ TODO: check
+CVE-2022-33218 (Memory corruption in Automotive due to improper input validation. ...)
+ TODO: check
CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without checking ...)
NOT-FOR-US: Qualcomm
CVE-2022-33216
@@ -67378,8 +67427,8 @@ CVE-2022-25925
RESERVED
CVE-2022-25924
RESERVED
-CVE-2022-25923
- RESERVED
+CVE-2022-25923 (Versions of the package exec-local-bin before 1.2.0 are vulnerable to ...)
+ TODO: check
CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary Code E ...)
NOT-FOR-US: Node morgan-json
CVE-2022-25919
@@ -68049,8 +68098,8 @@ CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer over
NOT-FOR-US: Qualcomm
CVE-2022-25747
RESERVED
-CVE-2022-25746
- RESERVED
+CVE-2022-25746 (Memory corruption in kernel due to missing checks when updating the ac ...)
+ TODO: check
CVE-2022-25745
RESERVED
CVE-2022-25744
@@ -68091,28 +68140,28 @@ CVE-2022-25727 (Memory Corruption in modem due to improper length check while co
NOT-FOR-US: Snapdragon
CVE-2022-25726
RESERVED
-CVE-2022-25725
- RESERVED
+CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling ...)
+ TODO: check
CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...)
NOT-FOR-US: Snapdragon
CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25722
- RESERVED
-CVE-2022-25721
- RESERVED
+CVE-2022-25722 (Information exposure in DSP services due to improper handling of freei ...)
+ TODO: check
+CVE-2022-25721 (Memory corruption in video driver due to type confusion error during v ...)
+ TODO: check
CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access during conn ...)
NOT-FOR-US: Qualcomm
CVE-2022-25719 (Information disclosure in WLAN due to improper length check while proc ...)
NOT-FOR-US: Qualcomm
CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return value whil ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25717
- RESERVED
-CVE-2022-25716
- RESERVED
-CVE-2022-25715
- RESERVED
+CVE-2022-25717 (Memory corruption in display due to double free while allocating frame ...)
+ TODO: check
+CVE-2022-25716 (Memory corruption in Multimedia Framework due to unsafe access to the ...)
+ TODO: check
+CVE-2022-25715 (Memory corruption in display driver due to incorrect type casting whil ...)
+ TODO: check
CVE-2022-25714
RESERVED
CVE-2022-25713
@@ -82384,8 +82433,8 @@ CVE-2022-22090 (Memory corruption in audio due to use after free while managing
NOT-FOR-US: Snapdragon
CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...)
NOT-FOR-US: Qualcomm
-CVE-2022-22088
- RESERVED
+CVE-2022-22088 (Memory corruption in Bluetooth HOST due to buffer overflow while parsi ...)
+ TODO: check
CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
NOT-FOR-US: Snapdragon
CVE-2022-22086 (Memory corruption in video due to double free while parsing 3gp clip w ...)
@@ -82402,8 +82451,8 @@ CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Sna
NOT-FOR-US: Qualcomm
CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22079
- RESERVED
+CVE-2022-22079 (Denial of service while processing fastboot flash command on mmc due t ...)
+ TODO: check
CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...)
NOT-FOR-US: Snapdragon
CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...)
@@ -98960,16 +99009,16 @@ CVE-2021-41012
RESERVED
CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...)
NOT-FOR-US: LINE client for iOS
-CVE-2021-41010
- RESERVED
-CVE-2021-41009
- RESERVED
-CVE-2021-41008
- RESERVED
-CVE-2021-41007
- RESERVED
-CVE-2021-41006
- RESERVED
+CVE-2021-41010 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2021-41009 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2021-41008 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2021-41007 (CVE was unused by HPE. ...)
+ TODO: check
+CVE-2021-41006 (CVE was unused by HPE. ...)
+ TODO: check
CVE-2021-41005 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...)
NOT-FOR-US: Aruba Instant On
CVE-2021-41004 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...)
@@ -100719,10 +100768,10 @@ CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includ
NOT-FOR-US: Nagios XI
CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...)
NOT-FOR-US: Nagios XI
-CVE-2021-40342
- RESERVED
-CVE-2021-40341
- RESERVED
+CVE-2021-40342 (In the DES implementation, the affected product versions use a default ...)
+ TODO: check
+CVE-2021-40341 (DES cipher, which has inadequate encryption strength, is used Hitachi ...)
+ TODO: check
CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
NOT-FOR-US: Hitachi
CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...)
@@ -119344,8 +119393,8 @@ CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locat
NOT-FOR-US: Node @diez/generation
CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
NOT-FOR-US: ZStack
-CVE-2021-32828
- RESERVED
+CVE-2021-32828 (The Nuxeo Platform is an open source content management platform for b ...)
+ TODO: check
CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
NOT-FOR-US: MockServer
CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c725884fed441422f0e810a7de86d8dd6fcf00e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c725884fed441422f0e810a7de86d8dd6fcf00e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230106/3648fd89/attachment.htm>
More information about the debian-security-tracker-commits
mailing list