[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 13 20:10:34 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8b53d87d by security tracker role at 2023-01-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-23588
+ RESERVED
+CVE-2023-23587
+ RESERVED
+CVE-2023-23586
+ RESERVED
+CVE-2023-0292
+ RESERVED
+CVE-2023-0291
+ RESERVED
+CVE-2023-0290
+ RESERVED
+CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
+ TODO: check
+CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
+ TODO: check
+CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...)
+ TODO: check
+CVE-2023-0286
+ RESERVED
+CVE-2023-0285
+ RESERVED
+CVE-2023-0284
+ RESERVED
+CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-0282
+ RESERVED
+CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking Mana ...)
+ TODO: check
+CVE-2023-0280
+ RESERVED
+CVE-2023-0279
+ RESERVED
+CVE-2023-0278
+ RESERVED
+CVE-2023-0277
+ RESERVED
+CVE-2023-0276
+ RESERVED
+CVE-2023-0275
+ RESERVED
+CVE-2023-0274
+ RESERVED
+CVE-2023-0273
+ RESERVED
+CVE-2023-0272
+ RESERVED
+CVE-2023-0271
+ RESERVED
+CVE-2023-0270
+ RESERVED
+CVE-2023-0269
+ RESERVED
+CVE-2023-0268
+ RESERVED
+CVE-2023-0267
+ RESERVED
+CVE-2022-4888
+ RESERVED
+CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+ TODO: check
+CVE-2009-10002 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...)
+ TODO: check
CVE-2023-XXXX [tor TROVE-2022-02]
- tor 0.4.7.13-1
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
@@ -171,6 +237,7 @@ CVE-2023-22283
CVE-2023-22281
RESERVED
CVE-2023-0266 [ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF]
+ RESERVED
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1104,8 +1171,8 @@ CVE-2023-23089
RESERVED
CVE-2023-0222
RESERVED
-CVE-2023-0221
- RESERVED
+CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3.4 al ...)
+ TODO: check
CVE-2023-0220
RESERVED
CVE-2023-0219
@@ -1755,45 +1822,59 @@ CVE-2023-0143
CVE-2023-0142
RESERVED
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0140 (Inappropriate implementation in in File System API in Google Chrome on ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0139 (Insufficient validation of untrusted input in Downloads in Google Chro ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0138 (Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0 ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0137 (Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS pr ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0136 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0135 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0134 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0133 (Inappropriate implementation in in Permission prompts in Google Chrome ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0132 (Inappropriate implementation in in Permission prompts in Google Chrome ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0131 (Inappropriate implementation in in iframe Sandbox in Google Chrome pri ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0130 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0129 (Heap buffer overflow in Network Service in Google Chrome prior to 109. ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0128 (Use after free in Overview Mode in Google Chrome on Chrome OS prior to ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0127
@@ -3299,18 +3380,18 @@ CVE-2023-22496
RESERVED
CVE-2023-22495
RESERVED
-CVE-2023-22494
- RESERVED
-CVE-2023-22493
- RESERVED
+CVE-2023-22494 (a12nserver is an open source lightweight OAuth2 server. Users of a12ns ...)
+ TODO: check
+CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is vulnerable to S ...)
+ TODO: check
CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OA ...)
NOT-FOR-US: ZITADEL
-CVE-2023-22491
- RESERVED
+CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...)
+ TODO: check
CVE-2023-22490
RESERVED
-CVE-2023-22489
- RESERVED
+CVE-2023-22489 (Flarum is a discussion platform for websites. If the first post of a d ...)
+ TODO: check
CVE-2023-22488 (Flarum is a forum software for building communities. Using the notific ...)
TODO: check
CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...)
@@ -3682,10 +3763,10 @@ CVE-2022-48093
RESERVED
CVE-2022-48092
RESERVED
-CVE-2022-48091
- RESERVED
-CVE-2022-48090
- RESERVED
+CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site ...)
+ TODO: check
+CVE-2022-48090 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Inject ...)
+ TODO: check
CVE-2022-48089
RESERVED
CVE-2022-48088
@@ -9230,7 +9311,7 @@ CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an I
CVE-2022-4339
REJECTED
CVE-2022-4338 (An integer underflow in Organization Specific TLV was found in various ...)
- {DLA-3253-1}
+ {DSA-5319-1 DLA-3253-1}
- openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
@@ -9238,7 +9319,7 @@ CVE-2022-4338 (An integer underflow in Organization Specific TLV was found in va
NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8 (v2.4.0)
NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4
CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in variou ...)
- {DLA-3253-1}
+ {DSA-5319-1 DLA-3253-1}
- openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
@@ -16522,6 +16603,7 @@ CVE-2022-44643 (A vulnerability in the label-based access control of Grafana Lab
CVE-2022-44642
RESERVED
CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...)
+ {DSA-5318-1}
- lava <unfixed> (bug #1024429)
NOTE: https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/
NOTE: https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5 (2022.11)
@@ -20491,8 +20573,8 @@ CVE-2022-3695
RESERVED
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3693
- RESERVED
+CVE-2022-3693 (The File Management System developed by FileOrbis before version 10.6. ...)
+ TODO: check
CVE-2022-3692
REJECTED
CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.5 dis ...)
@@ -93299,7 +93381,7 @@ CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication writing
NOT-FOR-US: Splunk
CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's implementation of DUO ...)
NOT-FOR-US: Splunk
-CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
+CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43335
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53d87d09dd0d7ed48d3e2b7cdbeab119851acb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53d87d09dd0d7ed48d3e2b7cdbeab119851acb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230113/ec9d4276/attachment.htm>
More information about the debian-security-tracker-commits
mailing list