[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 6 08:10:30 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c725884f by security tracker role at 2023-01-06T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...)
+	TODO: check
+CVE-2023-22670
+	RESERVED
+CVE-2023-22669
+	RESERVED
+CVE-2023-22668
+	RESERVED
+CVE-2023-22667
+	RESERVED
+CVE-2023-22666
+	RESERVED
+CVE-2023-0094
+	RESERVED
+CVE-2023-0093
+	RESERVED
+CVE-2023-0092
+	RESERVED
+CVE-2023-0090
+	RESERVED
+CVE-2023-0089
+	RESERVED
+CVE-2022-48228
+	RESERVED
+CVE-2022-48227
+	RESERVED
+CVE-2022-48226
+	RESERVED
+CVE-2022-48225
+	RESERVED
+CVE-2022-48224
+	RESERVED
+CVE-2022-48223
+	RESERVED
+CVE-2022-48222
+	RESERVED
+CVE-2022-48221
+	RESERVED
+CVE-2017-20163 (A vulnerability has been found in Red Snapper NView and classified as  ...)
+	TODO: check
+CVE-2014-125045 (A vulnerability has been found in meol1 and classified as critical. Af ...)
+	TODO: check
+CVE-2014-125044 (A vulnerability, which was classified as critical, was found in soshto ...)
+	TODO: check
+CVE-2014-125043 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2014-125042 (A vulnerability classified as problematic was found in vicamo NetworkM ...)
+	TODO: check
 CVE-2023-22665
 	RESERVED
 CVE-2023-22652
@@ -47,6 +95,7 @@ CVE-2023-22301
 CVE-2023-22291
 	RESERVED
 CVE-2023-0091
+	RESERVED
 	NOT-FOR-US: Keycloak
 CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...)
 	NOT-FOR-US: Swifty Page Manager plugin for WordPress
@@ -914,12 +963,12 @@ CVE-2023-22456 (ViewVC, a browser interface for CVS and Subversion version contr
 	NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216
 	NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g
 	NOTE: https://github.com/viewvc/viewvc/commit/2d57d713aa9b64558a9ba3ea187866ce98564c0a (1.1.29)
-CVE-2023-22455
-	RESERVED
-CVE-2023-22454
-	RESERVED
-CVE-2023-22453
-	RESERVED
+CVE-2023-22455 (Discourse is an option source discussion platform. Prior to version 2. ...)
+	TODO: check
+CVE-2023-22454 (Discourse is an option source discussion platform. Prior to version 2. ...)
+	TODO: check
+CVE-2023-22453 (Discourse is an option source discussion platform. Prior to version 2. ...)
+	TODO: check
 CVE-2023-22452 (kenny2automate is a Discord bot. In the web interface for server setti ...)
 	NOT-FOR-US: kenny2automate
 CVE-2023-22451 (Kiwi TCMS is an open source test management system. In version 11.6 an ...)
@@ -3097,10 +3146,10 @@ CVE-2022-47546
 	RESERVED
 CVE-2022-47545
 	RESERVED
-CVE-2022-47544
-	RESERVED
-CVE-2022-47543
-	RESERVED
+CVE-2022-47544 (An issue was discovered in Siren Investigate before 12.1.7. Script var ...)
+	TODO: check
+CVE-2022-47543 (An issue was discovered in Siren Investigate before 12.1.7. There is a ...)
+	TODO: check
 CVE-2022-47542
 	RESERVED
 CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
@@ -8526,8 +8575,8 @@ CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions o
 	NOT-FOR-US: LiuOS
 CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
 	NOT-FOR-US: MeterSphere
-CVE-2022-46177
-	RESERVED
+CVE-2022-46177 (Discourse is an option source discussion platform. Prior to version 2. ...)
+	TODO: check
 CVE-2022-46176
 	RESERVED
 CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be  ...)
@@ -11592,12 +11641,12 @@ CVE-2022-3931
 	REJECTED
 CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3929
-	RESERVED
-CVE-2022-3928
-	RESERVED
-CVE-2022-3927
-	RESERVED
+CVE-2022-3929 (Communication between the client and the server application of the aff ...)
+	TODO: check
+CVE-2022-3928 (Hardcoded credential is found in affected products' message queue. An  ...)
+	TODO: check
+CVE-2022-3927 (The affected products store both public and private key that are used  ...)
+	TODO: check
 CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
@@ -12261,8 +12310,8 @@ CVE-2022-44879
 	RESERVED
 CVE-2022-44878
 	RESERVED
-CVE-2022-44877
-	RESERVED
+CVE-2022-44877 (RESERVED An issue in the /login/index.php component of Centos Web Pane ...)
+	TODO: check
 CVE-2022-44876
 	RESERVED
 CVE-2022-44875
@@ -12275,8 +12324,8 @@ CVE-2022-44872
 	RESERVED
 CVE-2022-44871
 	RESERVED
-CVE-2022-44870
-	RESERVED
+CVE-2022-44870 (A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022 ...)
+	TODO: check
 CVE-2022-44869
 	RESERVED
 CVE-2022-44868
@@ -14326,18 +14375,18 @@ CVE-2022-44543
 	RESERVED
 CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...)
 	NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less)
-CVE-2022-44541
-	RESERVED
-CVE-2022-44540
-	RESERVED
-CVE-2022-44539
-	RESERVED
-CVE-2022-44538
-	RESERVED
-CVE-2022-44537
-	RESERVED
-CVE-2022-44536
-	RESERVED
+CVE-2022-44541 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2022-44540 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2022-44539 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2022-44538 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2022-44537 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2022-44536 (CVE was unused by HPE. ...)
+	TODO: check
 CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
 	NOT-FOR-US: Aruba
 CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
@@ -20025,8 +20074,8 @@ CVE-2022-42981
 	RESERVED
 CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...)
 	NOT-FOR-US: go-admin (aka GO Admin)
-CVE-2022-42979
-	RESERVED
+CVE-2022-42979 (Information disclosure due to an insecure hostname validation in the R ...)
+	TODO: check
 CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...)
 	NOT-FOR-US: Atlassian Confluence addon
 CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...)
@@ -26593,16 +26642,16 @@ CVE-2022-40522
 	RESERVED
 CVE-2022-40521
 	RESERVED
-CVE-2022-40520
-	RESERVED
-CVE-2022-40519
-	RESERVED
-CVE-2022-40518
-	RESERVED
-CVE-2022-40517
-	RESERVED
-CVE-2022-40516
-	RESERVED
+CVE-2022-40520 (Memory corruption due to stack-based buffer overflow in Core ...)
+	TODO: check
+CVE-2022-40519 (Information disclosure due to buffer overread in Core ...)
+	TODO: check
+CVE-2022-40518 (Information disclosure due to buffer overread in Core ...)
+	TODO: check
+CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow ...)
+	TODO: check
+CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ...)
+	TODO: check
 CVE-2022-40515
 	RESERVED
 CVE-2022-40514
@@ -27729,8 +27778,8 @@ CVE-2022-40051
 	RESERVED
 CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload vulner ...)
 	NOT-FOR-US: ZFile
-CVE-2022-40049
-	RESERVED
+CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park Ticketing Sys ...)
+	TODO: check
 CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
 	NOT-FOR-US: Flatpress
 CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...)
@@ -46115,10 +46164,10 @@ CVE-2022-33302
 	RESERVED
 CVE-2022-33301
 	RESERVED
-CVE-2022-33300
-	RESERVED
-CVE-2022-33299
-	RESERVED
+CVE-2022-33300 (Memory corruption in Automotive Android OS due to improper input valid ...)
+	TODO: check
+CVE-2022-33299 (Transient DOS due to null pointer dereference in Bluetooth HOST while  ...)
+	TODO: check
 CVE-2022-33298
 	RESERVED
 CVE-2022-33297
@@ -46135,22 +46184,22 @@ CVE-2022-33292
 	RESERVED
 CVE-2022-33291
 	RESERVED
-CVE-2022-33290
-	RESERVED
+CVE-2022-33290 (Transient DOS in Bluetooth HOST due to null pointer dereference when a ...)
+	TODO: check
 CVE-2022-33289
 	RESERVED
 CVE-2022-33288
 	RESERVED
 CVE-2022-33287
 	RESERVED
-CVE-2022-33286
-	RESERVED
-CVE-2022-33285
-	RESERVED
-CVE-2022-33284
-	RESERVED
-CVE-2022-33283
-	RESERVED
+CVE-2022-33286 (Transient DOS due to buffer over-read in WLAN while processing 802.11  ...)
+	TODO: check
+CVE-2022-33285 (Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA a ...)
+	TODO: check
+CVE-2022-33284 (Information disclosure due to buffer over-read in WLAN while parsing B ...)
+	TODO: check
+CVE-2022-33283 (Information disclosure due to buffer over-read in WLAN while WLAN fram ...)
+	TODO: check
 CVE-2022-33282
 	RESERVED
 CVE-2022-33281
@@ -46163,12 +46212,12 @@ CVE-2022-33278
 	RESERVED
 CVE-2022-33277
 	RESERVED
-CVE-2022-33276
-	RESERVED
+CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
+	TODO: check
 CVE-2022-33275
 	RESERVED
-CVE-2022-33274
-	RESERVED
+CVE-2022-33274 (Memory corruption in android core due to improper validation of array  ...)
+	TODO: check
 CVE-2022-33273
 	RESERVED
 CVE-2022-33272
@@ -46183,10 +46232,10 @@ CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth HOST
 	NOT-FOR-US: Qualcomm
 CVE-2022-33267
 	RESERVED
-CVE-2022-33266
-	RESERVED
-CVE-2022-33265
-	RESERVED
+CVE-2022-33266 (Memory corruption in Audio due to integer overflow to buffer overflow  ...)
+	TODO: check
+CVE-2022-33265 (Memory corruption due to information exposure in Powerline Communicati ...)
+	TODO: check
 CVE-2022-33264
 	RESERVED
 CVE-2022-33263
@@ -46205,14 +46254,14 @@ CVE-2022-33257
 	RESERVED
 CVE-2022-33256
 	RESERVED
-CVE-2022-33255
-	RESERVED
+CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...)
+	TODO: check
 CVE-2022-33254
 	RESERVED
-CVE-2022-33253
-	RESERVED
-CVE-2022-33252
-	RESERVED
+CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted  ...)
+	TODO: check
+CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling  ...)
+	TODO: check
 CVE-2022-33251
 	RESERVED
 CVE-2022-33250
@@ -46277,10 +46326,10 @@ CVE-2022-33221
 	RESERVED
 CVE-2022-33220
 	RESERVED
-CVE-2022-33219
-	RESERVED
-CVE-2022-33218
-	RESERVED
+CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...)
+	TODO: check
+CVE-2022-33218 (Memory corruption in Automotive due to improper input validation. ...)
+	TODO: check
 CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without checking  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33216
@@ -67378,8 +67427,8 @@ CVE-2022-25925
 	RESERVED
 CVE-2022-25924
 	RESERVED
-CVE-2022-25923
-	RESERVED
+CVE-2022-25923 (Versions of the package exec-local-bin before 1.2.0 are vulnerable to  ...)
+	TODO: check
 CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary Code E ...)
 	NOT-FOR-US: Node morgan-json
 CVE-2022-25919
@@ -68049,8 +68098,8 @@ CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer over
 	NOT-FOR-US: Qualcomm
 CVE-2022-25747
 	RESERVED
-CVE-2022-25746
-	RESERVED
+CVE-2022-25746 (Memory corruption in kernel due to missing checks when updating the ac ...)
+	TODO: check
 CVE-2022-25745
 	RESERVED
 CVE-2022-25744
@@ -68091,28 +68140,28 @@ CVE-2022-25727 (Memory Corruption in modem due to improper length check while co
 	NOT-FOR-US: Snapdragon
 CVE-2022-25726
 	RESERVED
-CVE-2022-25725
-	RESERVED
+CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling ...)
+	TODO: check
 CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback  ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-25722
-	RESERVED
-CVE-2022-25721
-	RESERVED
+CVE-2022-25722 (Information exposure in DSP services due to improper handling of freei ...)
+	TODO: check
+CVE-2022-25721 (Memory corruption in video driver due to type confusion error during v ...)
+	TODO: check
 CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access during conn ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25719 (Information disclosure in WLAN due to improper length check while proc ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return value whil ...)
 	NOT-FOR-US: Qualcomm
-CVE-2022-25717
-	RESERVED
-CVE-2022-25716
-	RESERVED
-CVE-2022-25715
-	RESERVED
+CVE-2022-25717 (Memory corruption in display due to double free while allocating frame ...)
+	TODO: check
+CVE-2022-25716 (Memory corruption in Multimedia Framework due to unsafe access to the  ...)
+	TODO: check
+CVE-2022-25715 (Memory corruption in display driver due to incorrect type casting whil ...)
+	TODO: check
 CVE-2022-25714
 	RESERVED
 CVE-2022-25713
@@ -82384,8 +82433,8 @@ CVE-2022-22090 (Memory corruption in audio due to use after free while managing
 	NOT-FOR-US: Snapdragon
 CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...)
 	NOT-FOR-US: Qualcomm
-CVE-2022-22088
-	RESERVED
+CVE-2022-22088 (Memory corruption in Bluetooth HOST due to buffer overflow while parsi ...)
+	TODO: check
 CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22086 (Memory corruption in video due to double free while parsing 3gp clip w ...)
@@ -82402,8 +82451,8 @@ CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Sna
 	NOT-FOR-US: Qualcomm
 CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-22079
-	RESERVED
+CVE-2022-22079 (Denial of service while processing fastboot flash command on mmc due t ...)
+	TODO: check
 CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...)
@@ -98960,16 +99009,16 @@ CVE-2021-41012
 	RESERVED
 CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...)
 	NOT-FOR-US: LINE client for iOS
-CVE-2021-41010
-	RESERVED
-CVE-2021-41009
-	RESERVED
-CVE-2021-41008
-	RESERVED
-CVE-2021-41007
-	RESERVED
-CVE-2021-41006
-	RESERVED
+CVE-2021-41010 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2021-41009 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2021-41008 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2021-41007 (CVE was unused by HPE. ...)
+	TODO: check
+CVE-2021-41006 (CVE was unused by HPE. ...)
+	TODO: check
 CVE-2021-41005 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch  ...)
 	NOT-FOR-US: Aruba Instant On
 CVE-2021-41004 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch  ...)
@@ -100719,10 +100768,10 @@ CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includ
 	NOT-FOR-US: Nagios XI
 CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions  ...)
 	NOT-FOR-US: Nagios XI
-CVE-2021-40342
-	RESERVED
-CVE-2021-40341
-	RESERVED
+CVE-2021-40342 (In the DES implementation, the affected product versions use a default ...)
+	TODO: check
+CVE-2021-40341 (DES cipher, which has inadequate encryption strength, is used Hitachi  ...)
+	TODO: check
 CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
 	NOT-FOR-US: Hitachi
 CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due  ...)
@@ -119344,8 +119393,8 @@ CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locat
 	NOT-FOR-US: Node @diez/generation
 CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
 	NOT-FOR-US: ZStack
-CVE-2021-32828
-	RESERVED
+CVE-2021-32828 (The Nuxeo Platform is an open source content management platform for b ...)
+	TODO: check
 CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
 	NOT-FOR-US: MockServer
 CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c725884fed441422f0e810a7de86d8dd6fcf00e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c725884fed441422f0e810a7de86d8dd6fcf00e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230106/3648fd89/attachment.htm>


More information about the debian-security-tracker-commits mailing list