[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 12 20:10:40 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd267220 by security tracker role at 2023-01-12T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2023-23492
+ RESERVED
+CVE-2023-23491
+ RESERVED
+CVE-2023-23490
+ RESERVED
+CVE-2023-23489
+ RESERVED
+CVE-2023-23488
+ RESERVED
+CVE-2023-23487
+ RESERVED
+CVE-2023-23486
+ RESERVED
+CVE-2023-23485
+ RESERVED
+CVE-2023-23484
+ RESERVED
+CVE-2023-23483
+ RESERVED
+CVE-2023-23482
+ RESERVED
+CVE-2023-23481
+ RESERVED
+CVE-2023-23480
+ RESERVED
+CVE-2023-23479
+ RESERVED
+CVE-2023-23478
+ RESERVED
+CVE-2023-23477
+ RESERVED
+CVE-2023-23476
+ RESERVED
+CVE-2023-23475
+ RESERVED
+CVE-2023-23474
+ RESERVED
+CVE-2023-23473
+ RESERVED
+CVE-2023-23472
+ RESERVED
+CVE-2023-23471
+ RESERVED
+CVE-2023-23470
+ RESERVED
+CVE-2023-23469
+ RESERVED
+CVE-2023-23468
+ RESERVED
+CVE-2023-23467
+ RESERVED
+CVE-2023-23466
+ RESERVED
+CVE-2023-23465
+ RESERVED
+CVE-2023-23464
+ RESERVED
+CVE-2023-23463
+ RESERVED
+CVE-2023-23462
+ RESERVED
+CVE-2023-23461
+ RESERVED
+CVE-2023-23460
+ RESERVED
+CVE-2023-23459
+ RESERVED
+CVE-2023-23458
+ RESERVED
+CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...)
+ TODO: check
+CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...)
+ TODO: check
+CVE-2023-0255
+ RESERVED
+CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2023-0253
+ RESERVED
+CVE-2023-0252
+ RESERVED
+CVE-2023-0251
+ RESERVED
+CVE-2023-0250
+ RESERVED
+CVE-2023-0249
+ RESERVED
+CVE-2023-0248
+ RESERVED
+CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...)
+ TODO: check
+CVE-2023-0246 (A vulnerability, which was classified as problematic, was found in ear ...)
+ TODO: check
+CVE-2023-0245 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-0244 (A vulnerability classified as critical was found in TuziCMS 2.0.6. Thi ...)
+ TODO: check
+CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS 2.0.6 ...)
+ TODO: check
+CVE-2023-0242
+ RESERVED
+CVE-2023-0241
+ RESERVED
+CVE-2023-0240
+ RESERVED
+CVE-2023-0239
+ RESERVED
+CVE-2023-0238
+ RESERVED
+CVE-2023-0237
+ RESERVED
+CVE-2023-0236
+ RESERVED
+CVE-2023-0235
+ RESERVED
+CVE-2023-0234
+ RESERVED
+CVE-2023-0233
+ RESERVED
+CVE-2023-0232
+ RESERVED
+CVE-2023-0231
+ RESERVED
+CVE-2023-0230
+ RESERVED
+CVE-2022-4887
+ RESERVED
+CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-system and ...)
+ TODO: check
+CVE-2012-10005 (A vulnerability has been found in manikandan170890 php-form-builder-cl ...)
+ TODO: check
CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b
@@ -3016,8 +3148,7 @@ CVE-2022-4843 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
- radare2 <not-affected> (Vulnerable code not yet present)
NOTE: https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f
NOTE: https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24
-CVE-2022-4842 [ntfs3: NULL pointer dereference in attr_punch_hole() in fs/ntfs3/attrib.c]
- RESERVED
+CVE-2022-4842 (A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver funct ...)
- linux <unfixed> (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -3962,8 +4093,8 @@ CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0
NOT-FOR-US: Fuji Electric
CVE-2022-4744
RESERVED
-CVE-2022-4743
- RESERVED
+CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...)
+ TODO: check
CVE-2022-4742 (A vulnerability, which was classified as critical, has been found in j ...)
NOT-FOR-US: Node json-pointer module
CVE-2022-47317 (Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier al ...)
@@ -9590,8 +9721,8 @@ CVE-2022-46505
RESERVED
CVE-2022-46504
RESERVED
-CVE-2022-46503
- RESERVED
+CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...)
+ TODO: check
CVE-2022-46502
RESERVED
CVE-2022-46501
@@ -9938,18 +10069,18 @@ CVE-2022-46374
RESERVED
CVE-2022-46373
RESERVED
-CVE-2022-46372
- RESERVED
-CVE-2022-46371
- RESERVED
-CVE-2022-46370
- RESERVED
-CVE-2022-46369
- RESERVED
-CVE-2022-46368
- RESERVED
-CVE-2022-46367
- RESERVED
+CVE-2022-46372 (Alotcer - AR7088H-A firmware version 16.10.3 Command execution Imprope ...)
+ TODO: check
+CVE-2022-46371 (Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. U ...)
+ TODO: check
+CVE-2022-46370 (Rumpus - FTP server version 9.0.7.1 Improper Token Verification– ...)
+ TODO: check
+CVE-2022-46369 (Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (P ...)
+ TODO: check
+CVE-2022-46368 (Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) ...)
+ TODO: check
+CVE-2022-46367 (Rumpus - FTP server Cross-site request forgery (CSRF) – Privileg ...)
+ TODO: check
CVE-2022-46365
RESERVED
CVE-2022-46364 (A SSRF vulnerability in parsing the href attribute of XOP:Include in M ...)
@@ -13629,8 +13760,7 @@ CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified a
NOTE: https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 (nagvis-1.9.34)
CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...)
NOT-FOR-US: NodeBB
-CVE-2022-3977
- RESERVED
+CVE-2022-3977 (A use-after-free flaw was found in the Linux kernel MCTP (Management C ...)
- linux 6.0.2-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -20655,8 +20785,8 @@ CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close
CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...)
- openimageio <unfixed> (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
-CVE-2022-43591
- RESERVED
+CVE-2022-43591 (A buffer overflow vulnerability exists in the QML QtScript Reflect API ...)
+ TODO: check
CVE-2022-43590 (A null pointer dereference vulnerability exists in the handle_ioctl_0x ...)
NOT-FOR-US: Callback technologies CBFS Filter
CVE-2022-43589 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...)
@@ -21050,8 +21180,7 @@ CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared a
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE: https://git.kernel.org/linus/7e97cfed9929eaabc41829c395eb0d1350fccb9d (6.0-rc1)
-CVE-2022-3628
- RESERVED
+CVE-2022-3628 (A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
@@ -21249,8 +21378,7 @@ CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared a
NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1)
CVE-2022-3593
REJECTED
-CVE-2022-3592 [Wide links protection broken]
- RESERVED
+CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a user can ...)
[experimental] - samba 2:4.17.2+dfsg-1
- samba <not-affected> (Vulnerable code only in 4.17.0 and later)
NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html
@@ -22562,8 +22690,7 @@ CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerabili
- libksba 1.6.3-1
NOTE: https://dev.gnupg.org/T6284
NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 (libksba-1.6.3)
-CVE-2022-3515
- RESERVED
+CVE-2022-3515 (A vulnerability was found in the Libksba library due to an integer ove ...)
{DSA-5255-1 DLA-3153-1}
- libksba 1.6.2-1 (bug #1021928)
NOTE: https://gnupg.org/blog/20221017-pepe-left-the-ksba.html
@@ -23301,8 +23428,7 @@ CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28
NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2
CVE-2022-42704
RESERVED
-CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
- RESERVED
+CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba within t ...)
{DSA-5287-1 DLA-3206-1}
- samba 2:4.16.6+dfsg-1
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
@@ -26175,8 +26301,7 @@ CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a compan
NOT-FOR-US: WordPress plugin
CVE-2022-3342
RESERVED
-CVE-2022-3341
- RESERVED
+CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...)
- ffmpeg 7:5.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x)
@@ -27373,8 +27498,8 @@ CVE-2022-41141
RESERVED
CVE-2022-41140
RESERVED
-CVE-2022-40983
- RESERVED
+CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Reflect A ...)
+ TODO: check
CVE-2022-40693
RESERVED
CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...)
@@ -29842,8 +29967,8 @@ CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit
CVE-2022-3146
RESERVED
NOT-FOR-US: tripleo-ansible
-CVE-2022-3145
- RESERVED
+CVE-2022-3145 (An open redirect vulnerability exists in Okta OIDC Middleware prior to ...)
+ TODO: check
CVE-2022-3144 (The Wordfence Security – Firewall & Malware Scan plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3143 (wildfly-elytron: possible timing attacks via use of unsafe comparator. ...)
@@ -32113,18 +32238,18 @@ CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in the
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/e02f0d3970404bfea385b6edb86f2d936db0ea2b (6.0-rc3)
-CVE-2022-39187
- RESERVED
-CVE-2022-39186
- RESERVED
-CVE-2022-39185
- RESERVED
-CVE-2022-39184
- RESERVED
-CVE-2022-39183
- RESERVED
-CVE-2022-39182
- RESERVED
+CVE-2022-39187 (Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripti ...)
+ TODO: check
+CVE-2022-39186 (EXFO - BV-10 Performance Endpoint Unit misconfiguration. System config ...)
+ TODO: check
+CVE-2022-39185 (EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. U ...)
+ TODO: check
+CVE-2022-39184 (EXFO - BV-10 Performance Endpoint Unit authentication bypass User can ...)
+ TODO: check
+CVE-2022-39183 (Moodle Plugin - SAML Auth may allow Open Redirect through unspecified ...)
+ TODO: check
+CVE-2022-39182 (H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 i ...)
+ TODO: check
CVE-2022-39181 (GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). ...)
NOT-FOR-US: GLPI plugin
CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By inserting SQ ...)
@@ -46247,8 +46372,8 @@ CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 al
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-2155
- RESERVED
+CVE-2022-2155 (A vulnerability exists in the affected versions of Lumada APM’s ...)
+ TODO: check
CVE-2022-2154
REJECTED
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd267220999dade7df5406c4bb988d202b508805
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd267220999dade7df5406c4bb988d202b508805
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230112/4e4adf6c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list