[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 9 20:10:37 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20036c8d by security tracker role at 2023-01-09T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-22883
+	RESERVED
+CVE-2023-22882
+	RESERVED
+CVE-2023-22881
+	RESERVED
+CVE-2023-22880
+	RESERVED
+CVE-2023-22879
+	RESERVED
+CVE-2023-22878
+	RESERVED
+CVE-2023-22877
+	RESERVED
+CVE-2023-22876
+	RESERVED
+CVE-2023-22875
+	RESERVED
+CVE-2023-22874
+	RESERVED
+CVE-2023-22873
+	RESERVED
+CVE-2023-22872
+	RESERVED
+CVE-2023-22871
+	RESERVED
+CVE-2023-22870
+	RESERVED
+CVE-2023-22869
+	RESERVED
+CVE-2023-22868
+	RESERVED
+CVE-2023-22867
+	RESERVED
+CVE-2023-22866
+	RESERVED
+CVE-2023-22865
+	RESERVED
+CVE-2023-22864
+	RESERVED
+CVE-2023-22863
+	RESERVED
+CVE-2023-22862
+	RESERVED
+CVE-2023-22861
+	RESERVED
+CVE-2023-22860
+	RESERVED
+CVE-2023-22859
+	RESERVED
+CVE-2023-22459
+	RESERVED
+CVE-2023-0122
+	RESERVED
+CVE-2023-0121
+	RESERVED
+CVE-2023-0120
+	RESERVED
+CVE-2023-0119
+	RESERVED
+CVE-2023-0118
+	RESERVED
+CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and &lt ...)
+	TODO: check
+CVE-2022-4883
+	RESERVED
+CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...)
+	TODO: check
+CVE-2022-48250
+	RESERVED
+CVE-2022-48249
+	RESERVED
+CVE-2022-48248
+	RESERVED
+CVE-2022-48247
+	RESERVED
+CVE-2022-48246
+	RESERVED
+CVE-2022-48245
+	RESERVED
+CVE-2022-48244
+	RESERVED
+CVE-2022-48243
+	RESERVED
+CVE-2022-48242
+	RESERVED
+CVE-2022-48241
+	RESERVED
+CVE-2022-48240
+	RESERVED
+CVE-2022-48239
+	RESERVED
+CVE-2022-48238
+	RESERVED
+CVE-2022-48237
+	RESERVED
+CVE-2022-48236
+	RESERVED
+CVE-2022-48235
+	RESERVED
+CVE-2022-48234
+	RESERVED
+CVE-2022-48233
+	RESERVED
+CVE-2022-48232
+	RESERVED
+CVE-2022-48231
+	RESERVED
+CVE-2022-48230
+	RESERVED
+CVE-2022-46285
+	RESERVED
+CVE-2022-44617
+	RESERVED
+CVE-2021-4311 (A vulnerability classified as problematic was found in Talend Open Stu ...)
+	TODO: check
+CVE-2021-4310 (A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been  ...)
+	TODO: check
+CVE-2017-20165 (A vulnerability classified as problematic has been found in debug-js d ...)
+	TODO: check
+CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared as pr ...)
+	TODO: check
+CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
+	TODO: check
 CVE-2023-22858
 	RESERVED
 CVE-2023-22857
@@ -1385,8 +1509,8 @@ CVE-2023-22479
 	RESERVED
 CVE-2023-22478
 	RESERVED
-CVE-2023-22477
-	RESERVED
+CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
+	TODO: check
 CVE-2023-22476
 	RESERVED
 CVE-2023-0027
@@ -1494,10 +1618,10 @@ CVE-2023-22475 (Canarytokens is an open source tool which helps track activity a
 	NOT-FOR-US: canarytokens
 CVE-2023-22474
 	RESERVED
-CVE-2023-22473
-	RESERVED
-CVE-2023-22472
-	RESERVED
+CVE-2023-22473 (Talk-Android enables users to have video & audio calls through Nex ...)
+	TODO: check
+CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...)
+	TODO: check
 CVE-2023-22471
 	RESERVED
 CVE-2023-22470
@@ -1524,7 +1648,6 @@ CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cro
 CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...)
 	TODO: check
 	NOT-FOR-US: go-ipld-prime
-	RESERVED
 CVE-2023-22458
 	RESERVED
 CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages using CKEd ...)
@@ -3115,8 +3238,8 @@ CVE-2022-47792
 	RESERVED
 CVE-2022-47791
 	RESERVED
-CVE-2022-47790
-	RESERVED
+CVE-2022-47790 (Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable t ...)
+	TODO: check
 CVE-2022-47789
 	RESERVED
 CVE-2022-47788
@@ -7230,8 +7353,7 @@ CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 thr
 	NOT-FOR-US: IBM
 CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through  ...)
 	NOT-FOR-US: qubes-mirage-firewall
-CVE-2022-46769
-	RESERVED
+CVE-2022-46769 (An improper neutralization of input during web page generation ('Cross ...)
 	NOT-FOR-US: Apache Sling
 CVE-2022-4346
 	RESERVED
@@ -9060,8 +9182,8 @@ CVE-2022-46260
 	RESERVED
 CVE-2022-46259
 	RESERVED
-CVE-2022-46258
-	RESERVED
+CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+	TODO: check
 CVE-2022-46257
 	RESERVED
 CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
@@ -9939,7 +10061,7 @@ CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drive
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/
 CVE-2022-45883
-	RESERVED
+	REJECTED
 CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2022-45875 (Improper validation of script alert plugin parameters in Apache Dolphi ...)
@@ -12959,7 +13081,7 @@ CVE-2022-44879
 	RESERVED
 CVE-2022-44878
 	RESERVED
-CVE-2022-44877 (RESERVED An issue in the /login/index.php component of Centos Web Pane ...)
+CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 b ...)
 	NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
 CVE-2022-44876
 	RESERVED
@@ -16783,8 +16905,8 @@ CVE-2022-43976
 	RESERVED
 CVE-2022-43975
 	RESERVED
-CVE-2022-43974
-	RESERVED
+CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...)
+	TODO: check
 CVE-2022-43973
 	RESERVED
 CVE-2022-43972
@@ -18846,6 +18968,7 @@ CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel
 CVE-2021-46849
 	REJECTED
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
+	{DLA-3263-1}
 	- libtasn1-6 4.19.0-2
 	[bullseye] - libtasn1-6 4.16.0-2+deb11u1
 	NOTE: https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 (v4.19.0)
@@ -37072,18 +37195,18 @@ CVE-2022-36932
 	RESERVED
 CVE-2022-36931
 	RESERVED
-CVE-2022-36930
-	RESERVED
-CVE-2022-36929
-	RESERVED
-CVE-2022-36928
-	RESERVED
-CVE-2022-36927
-	RESERVED
-CVE-2022-36926
-	RESERVED
-CVE-2022-36925
-	RESERVED
+CVE-2022-36930 (Zoom Rooms for Windows installers before version 5.13.0 contain a loca ...)
+	TODO: check
+CVE-2022-36929 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local  ...)
+	TODO: check
+CVE-2022-36928 (Zoom for Android clients before version 5.13.0 contain a path traversa ...)
+	TODO: check
+CVE-2022-36927 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...)
+	TODO: check
+CVE-2022-36926 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...)
+	TODO: check
+CVE-2022-36925 (Zoom Rooms for macOS clients before version 5.11.4 contain an insecure ...)
+	TODO: check
 CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local  ...)
 	NOT-FOR-US: Zoom
 CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
@@ -41264,8 +41387,8 @@ CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an auth
 	NOT-FOR-US: IBM
 CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
 	NOT-FOR-US: IBM
-CVE-2022-35281
-	RESERVED
+CVE-2022-35281 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maxi ...)
+	TODO: check
 CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...)
 	NOT-FOR-US: IBM
 CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0 ...)
@@ -43876,8 +43999,7 @@ CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
 	NOT-FOR-US: Exemys
-CVE-2022-2196 [KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS]
-	RESERVED
+CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed  ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
@@ -76239,10 +76361,10 @@ CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch
 	NOT-FOR-US: Amazon CloudWatch Agent
 CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
 	TODO: check
-CVE-2022-23509
-	RESERVED
-CVE-2022-23508
-	RESERVED
+CVE-2022-23509 (Weave GitOps is a simple open source developer platform for people who ...)
+	TODO: check
+CVE-2022-23508 (Weave GitOps is a simple open source developer platform for people who ...)
+	TODO: check
 CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...)
 	TODO: check
 CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery platform  ...)
@@ -80270,8 +80392,8 @@ CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 t
 	NOT-FOR-US: IBM
 CVE-2022-22471
 	RESERVED
-CVE-2022-22470
-	RESERVED
+CVE-2022-22470 (IBM Security Verify Governance 10.0 stores user credentials in plain c ...)
+	TODO: check
 CVE-2022-22469
 	RESERVED
 CVE-2022-22468



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20036c8d30f0e5779b38a0fb4c922d2188df95aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20036c8d30f0e5779b38a0fb4c922d2188df95aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230109/f603b1cc/attachment.htm>


More information about the debian-security-tracker-commits mailing list