[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 9 20:10:37 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20036c8d by security tracker role at 2023-01-09T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-22883
+ RESERVED
+CVE-2023-22882
+ RESERVED
+CVE-2023-22881
+ RESERVED
+CVE-2023-22880
+ RESERVED
+CVE-2023-22879
+ RESERVED
+CVE-2023-22878
+ RESERVED
+CVE-2023-22877
+ RESERVED
+CVE-2023-22876
+ RESERVED
+CVE-2023-22875
+ RESERVED
+CVE-2023-22874
+ RESERVED
+CVE-2023-22873
+ RESERVED
+CVE-2023-22872
+ RESERVED
+CVE-2023-22871
+ RESERVED
+CVE-2023-22870
+ RESERVED
+CVE-2023-22869
+ RESERVED
+CVE-2023-22868
+ RESERVED
+CVE-2023-22867
+ RESERVED
+CVE-2023-22866
+ RESERVED
+CVE-2023-22865
+ RESERVED
+CVE-2023-22864
+ RESERVED
+CVE-2023-22863
+ RESERVED
+CVE-2023-22862
+ RESERVED
+CVE-2023-22861
+ RESERVED
+CVE-2023-22860
+ RESERVED
+CVE-2023-22859
+ RESERVED
+CVE-2023-22459
+ RESERVED
+CVE-2023-0122
+ RESERVED
+CVE-2023-0121
+ RESERVED
+CVE-2023-0120
+ RESERVED
+CVE-2023-0119
+ RESERVED
+CVE-2023-0118
+ RESERVED
+CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and < ...)
+ TODO: check
+CVE-2022-4883
+ RESERVED
+CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...)
+ TODO: check
+CVE-2022-48250
+ RESERVED
+CVE-2022-48249
+ RESERVED
+CVE-2022-48248
+ RESERVED
+CVE-2022-48247
+ RESERVED
+CVE-2022-48246
+ RESERVED
+CVE-2022-48245
+ RESERVED
+CVE-2022-48244
+ RESERVED
+CVE-2022-48243
+ RESERVED
+CVE-2022-48242
+ RESERVED
+CVE-2022-48241
+ RESERVED
+CVE-2022-48240
+ RESERVED
+CVE-2022-48239
+ RESERVED
+CVE-2022-48238
+ RESERVED
+CVE-2022-48237
+ RESERVED
+CVE-2022-48236
+ RESERVED
+CVE-2022-48235
+ RESERVED
+CVE-2022-48234
+ RESERVED
+CVE-2022-48233
+ RESERVED
+CVE-2022-48232
+ RESERVED
+CVE-2022-48231
+ RESERVED
+CVE-2022-48230
+ RESERVED
+CVE-2022-46285
+ RESERVED
+CVE-2022-44617
+ RESERVED
+CVE-2021-4311 (A vulnerability classified as problematic was found in Talend Open Stu ...)
+ TODO: check
+CVE-2021-4310 (A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been ...)
+ TODO: check
+CVE-2017-20165 (A vulnerability classified as problematic has been found in debug-js d ...)
+ TODO: check
+CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared as pr ...)
+ TODO: check
+CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
+ TODO: check
CVE-2023-22858
RESERVED
CVE-2023-22857
@@ -1385,8 +1509,8 @@ CVE-2023-22479
RESERVED
CVE-2023-22478
RESERVED
-CVE-2023-22477
- RESERVED
+CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
+ TODO: check
CVE-2023-22476
RESERVED
CVE-2023-0027
@@ -1494,10 +1618,10 @@ CVE-2023-22475 (Canarytokens is an open source tool which helps track activity a
NOT-FOR-US: canarytokens
CVE-2023-22474
RESERVED
-CVE-2023-22473
- RESERVED
-CVE-2023-22472
- RESERVED
+CVE-2023-22473 (Talk-Android enables users to have video & audio calls through Nex ...)
+ TODO: check
+CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...)
+ TODO: check
CVE-2023-22471
RESERVED
CVE-2023-22470
@@ -1524,7 +1648,6 @@ CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cro
CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...)
TODO: check
NOT-FOR-US: go-ipld-prime
- RESERVED
CVE-2023-22458
RESERVED
CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages using CKEd ...)
@@ -3115,8 +3238,8 @@ CVE-2022-47792
RESERVED
CVE-2022-47791
RESERVED
-CVE-2022-47790
- RESERVED
+CVE-2022-47790 (Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable t ...)
+ TODO: check
CVE-2022-47789
RESERVED
CVE-2022-47788
@@ -7230,8 +7353,7 @@ CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 thr
NOT-FOR-US: IBM
CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through ...)
NOT-FOR-US: qubes-mirage-firewall
-CVE-2022-46769
- RESERVED
+CVE-2022-46769 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Apache Sling
CVE-2022-4346
RESERVED
@@ -9060,8 +9182,8 @@ CVE-2022-46260
RESERVED
CVE-2022-46259
RESERVED
-CVE-2022-46258
- RESERVED
+CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
CVE-2022-46257
RESERVED
CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
@@ -9939,7 +10061,7 @@ CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drive
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/
CVE-2022-45883
- RESERVED
+ REJECTED
CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...)
NOT-FOR-US: OpenHarmony
CVE-2022-45875 (Improper validation of script alert plugin parameters in Apache Dolphi ...)
@@ -12959,7 +13081,7 @@ CVE-2022-44879
RESERVED
CVE-2022-44878
RESERVED
-CVE-2022-44877 (RESERVED An issue in the /login/index.php component of Centos Web Pane ...)
+CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 b ...)
NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
CVE-2022-44876
RESERVED
@@ -16783,8 +16905,8 @@ CVE-2022-43976
RESERVED
CVE-2022-43975
RESERVED
-CVE-2022-43974
- RESERVED
+CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...)
+ TODO: check
CVE-2022-43973
RESERVED
CVE-2022-43972
@@ -18846,6 +18968,7 @@ CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel
CVE-2021-46849
REJECTED
CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
+ {DLA-3263-1}
- libtasn1-6 4.19.0-2
[bullseye] - libtasn1-6 4.16.0-2+deb11u1
NOTE: https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 (v4.19.0)
@@ -37072,18 +37195,18 @@ CVE-2022-36932
RESERVED
CVE-2022-36931
RESERVED
-CVE-2022-36930
- RESERVED
-CVE-2022-36929
- RESERVED
-CVE-2022-36928
- RESERVED
-CVE-2022-36927
- RESERVED
-CVE-2022-36926
- RESERVED
-CVE-2022-36925
- RESERVED
+CVE-2022-36930 (Zoom Rooms for Windows installers before version 5.13.0 contain a loca ...)
+ TODO: check
+CVE-2022-36929 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...)
+ TODO: check
+CVE-2022-36928 (Zoom for Android clients before version 5.13.0 contain a path traversa ...)
+ TODO: check
+CVE-2022-36927 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...)
+ TODO: check
+CVE-2022-36926 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...)
+ TODO: check
+CVE-2022-36925 (Zoom Rooms for macOS clients before version 5.11.4 contain an insecure ...)
+ TODO: check
CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...)
NOT-FOR-US: Zoom
CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
@@ -41264,8 +41387,8 @@ CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an auth
NOT-FOR-US: IBM
CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2022-35281
- RESERVED
+CVE-2022-35281 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maxi ...)
+ TODO: check
CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...)
NOT-FOR-US: IBM
CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0 ...)
@@ -43876,8 +43999,7 @@ CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion
NOT-FOR-US: WordPress plugin
CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
NOT-FOR-US: Exemys
-CVE-2022-2196 [KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS]
- RESERVED
+CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
@@ -76239,10 +76361,10 @@ CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch
NOT-FOR-US: Amazon CloudWatch Agent
CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
TODO: check
-CVE-2022-23509
- RESERVED
-CVE-2022-23508
- RESERVED
+CVE-2022-23509 (Weave GitOps is a simple open source developer platform for people who ...)
+ TODO: check
+CVE-2022-23508 (Weave GitOps is a simple open source developer platform for people who ...)
+ TODO: check
CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...)
TODO: check
CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery platform ...)
@@ -80270,8 +80392,8 @@ CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 t
NOT-FOR-US: IBM
CVE-2022-22471
RESERVED
-CVE-2022-22470
- RESERVED
+CVE-2022-22470 (IBM Security Verify Governance 10.0 stores user credentials in plain c ...)
+ TODO: check
CVE-2022-22469
RESERVED
CVE-2022-22468
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20036c8d30f0e5779b38a0fb4c922d2188df95aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20036c8d30f0e5779b38a0fb4c922d2188df95aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230109/f603b1cc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list