[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 14 08:10:28 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
438d5d32 by security tracker role at 2023-01-14T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-23590
+	RESERVED
+CVE-2023-0298
+	RESERVED
+CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...)
+	TODO: check
+CVE-2023-0296
+	RESERVED
+CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2023-0294 (The Mediamatic – Media Library Folders plugin for WordPress is v ...)
+	TODO: check
+CVE-2023-0293 (The Mediamatic – Media Library Folders plugin for WordPress is v ...)
+	TODO: check
+CVE-2017-20169 (A vulnerability, which was classified as critical, has been found in G ...)
+	TODO: check
+CVE-2015-10043
+	RESERVED
+CVE-2015-10042 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
+	TODO: check
+CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
+	TODO: check
+CVE-2015-10040 (A vulnerability was found in gitlearn. It has been declared as problem ...)
+	TODO: check
 CVE-2023-23588
 	RESERVED
 CVE-2023-23587
@@ -66,7 +90,7 @@ CVE-2009-10002 (A vulnerability, which was classified as problematic, has been f
 	NOT-FOR-US: dpup fittr-flickr
 CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...)
 	TODO: check
-CVE-2023-23589 [tor TROVE-2022-02]
+CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...)
 	- tor 0.4.7.13-1
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
@@ -2080,14 +2104,14 @@ CVE-2023-22855
 	RESERVED
 CVE-2023-22854
 	RESERVED
-CVE-2023-22853
-	RESERVED
-CVE-2023-22852
-	RESERVED
-CVE-2023-22851
-	RESERVED
-CVE-2023-22850
-	RESERVED
+CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...)
+	TODO: check
+CVE-2023-22852 (Tiki through 25.0 allows CSRF attacks that are related to tiki-importe ...)
+	TODO: check
+CVE-2023-22851 (Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php P ...)
+	TODO: check
+CVE-2023-22850 (Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib ...)
+	TODO: check
 CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has  ...)
 	NOT-FOR-US: Yomguithereal Baobab
 CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea  ...)
@@ -3377,14 +3401,14 @@ CVE-2023-22499
 	RESERVED
 CVE-2023-22498
 	RESERVED
-CVE-2023-22497
-	RESERVED
-CVE-2023-22496
-	RESERVED
-CVE-2023-22495
-	RESERVED
-CVE-2023-22494 (a12nserver is an open source lightweight OAuth2 server. Users of a12ns ...)
+CVE-2023-22497 (Netdata is an open source option for real-time infrastructure monitori ...)
+	TODO: check
+CVE-2023-22496 (Netdata is an open source option for real-time infrastructure monitori ...)
 	TODO: check
+CVE-2023-22495 (Izanami is a shared configuration service well-suited for micro-servic ...)
+	TODO: check
+CVE-2023-22494
+	REJECTED
 CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is vulnerable to S ...)
 	TODO: check
 CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OA ...)
@@ -3411,12 +3435,12 @@ CVE-2023-22482
 	RESERVED
 CVE-2023-22481
 	RESERVED
-CVE-2023-22480
-	RESERVED
+CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused on help ...)
+	TODO: check
 CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack allows  ...)
 	NOT-FOR-US: KubePi
-CVE-2023-22478
-	RESERVED
+CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with unauthori ...)
+	TODO: check
 CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
 	NOT-FOR-US: Mercurius
 CVE-2023-22476
@@ -3529,10 +3553,10 @@ CVE-2023-22473 (Talk-Android enables users to have video & audio calls throu
 	NOT-FOR-US: Talk-Android
 CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...)
 	NOT-FOR-US: Deck
-CVE-2023-22471
-	RESERVED
-CVE-2023-22470
-	RESERVED
+CVE-2023-22471 (Deck is a kanban style organization tool aimed at personal planning an ...)
+	TODO: check
+CVE-2023-22470 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...)
+	TODO: check
 CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal planning an ...)
 	NOT-FOR-US: Deck
 CVE-2023-22468
@@ -8644,28 +8668,28 @@ CVE-2022-46958
 	RESERVED
 CVE-2022-46957
 	RESERVED
-CVE-2022-46956
-	RESERVED
-CVE-2022-46955
-	RESERVED
-CVE-2022-46954
-	RESERVED
-CVE-2022-46953
-	RESERVED
-CVE-2022-46952
-	RESERVED
-CVE-2022-46951
-	RESERVED
-CVE-2022-46950
-	RESERVED
-CVE-2022-46949
-	RESERVED
+CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46954 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46953 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46952 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46951 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46950 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+	TODO: check
+CVE-2022-46949 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-46948
 	RESERVED
-CVE-2022-46947
-	RESERVED
-CVE-2022-46946
-	RESERVED
+CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-46945
 	RESERVED
 CVE-2022-46944
@@ -10485,32 +10509,32 @@ CVE-2023-21601
 	RESERVED
 CVE-2023-21600
 	RESERVED
-CVE-2023-21599
-	RESERVED
-CVE-2023-21598
-	RESERVED
-CVE-2023-21597
-	RESERVED
-CVE-2023-21596
-	RESERVED
-CVE-2023-21595
-	RESERVED
-CVE-2023-21594
-	RESERVED
+CVE-2023-21599 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+	TODO: check
+CVE-2023-21598 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+	TODO: check
+CVE-2023-21597 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+	TODO: check
+CVE-2023-21596 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+	TODO: check
+CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+	TODO: check
+CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+	TODO: check
 CVE-2023-21593
 	RESERVED
-CVE-2023-21592
-	RESERVED
-CVE-2023-21591
-	RESERVED
-CVE-2023-21590
-	RESERVED
-CVE-2023-21589
-	RESERVED
-CVE-2023-21588
-	RESERVED
-CVE-2023-21587
-	RESERVED
+CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+	TODO: check
+CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+	TODO: check
+CVE-2023-21590 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+	TODO: check
+CVE-2023-21589 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+	TODO: check
+CVE-2023-21588 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+	TODO: check
+CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+	TODO: check
 CVE-2023-21586
 	RESERVED
 CVE-2023-21585
@@ -11523,8 +11547,8 @@ CVE-2022-46095 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 was
 	NOT-FOR-US: Sourcecodester
 CVE-2022-46094
 	RESERVED
-CVE-2022-46093
-	RESERVED
+CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection. Attack ...)
+	TODO: check
 CVE-2022-46092
 	RESERVED
 CVE-2022-46091
@@ -13823,8 +13847,8 @@ CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and bel
 	NOT-FOR-US: Chocolatey Ruby package
 CVE-2022-45300
 	RESERVED
-CVE-2022-45299
-	RESERVED
+CVE-2022-45299 (An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allo ...)
+	TODO: check
 CVE-2022-45298
 	RESERVED
 CVE-2022-45297
@@ -25232,8 +25256,8 @@ CVE-2022-42138
 	RESERVED
 CVE-2022-42137
 	RESERVED
-CVE-2022-42136
-	RESERVED
+CVE-2022-42136 (Authenticated mail users, under specific circumstances, could add file ...)
+	TODO: check
 CVE-2022-42135
 	RESERVED
 CVE-2022-42134
@@ -25631,10 +25655,10 @@ CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior
 	NOT-FOR-US: super-xray
 CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF with Java ...)
 	NOT-FOR-US: Muhammara Nodejs module
-CVE-2022-41956
-	RESERVED
-CVE-2022-41955
-	RESERVED
+CVE-2022-41956 (Autolab is a course management service, initially developed by a team  ...)
+	TODO: check
+CVE-2022-41955 (Autolab is a course management service, initially developed by a team  ...)
+	TODO: check
 CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a  ...)
 	NOT-FOR-US: MPXJ
 CVE-2022-41953
@@ -26277,8 +26301,8 @@ CVE-2022-41723
 	RESERVED
 CVE-2022-41722
 	RESERVED
-CVE-2022-41721
-	RESERVED
+CVE-2022-41721 (A request smuggling attack is possible when using MaxBytesHandler. Whe ...)
+	TODO: check
 CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...)
 	- golang-1.19 <not-affected> (Only affects Go on Windows)
 	- golang-1.18 <not-affected> (Only affects Go on Windows)
@@ -35452,7 +35476,7 @@ CVE-2022-38289
 CVE-2022-38288
 	RESERVED
 CVE-2022-38287
-	RESERVED
+	REJECTED
 CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. ...)
 	NOT-FOR-US: JFinal CMS
 CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. ...)
@@ -51321,7 +51345,7 @@ CVE-2022-32297 (Piwigo v12.2.0 was discovered to contain SQL injection vulnerabi
 	- piwigo <removed>
 CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra refere ...)
 	NOT-FOR-US: Ampere devices
-CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
+CVE-2022-32294 (** DISPUTED ** Zimbra Collaboration Open Source 8.8.15 does not encryp ...)
 	NOT-FOR-US: Zimbra
 CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
 	{DSA-5231-1 DLA-3144-1 DLA-3105-1}
@@ -78231,8 +78255,8 @@ CVE-2022-23534
 	RESERVED
 CVE-2022-23533
 	RESERVED
-CVE-2022-23532
-	RESERVED
+CVE-2022-23532 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j tha ...)
+	TODO: check
 CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
 	NOT-FOR-US: GuardDog
 CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
@@ -113798,8 +113822,8 @@ CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently valid
 	NOT-FOR-US: CEVAS
 CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)
 	NOT-FOR-US: Johnson Controls
-CVE-2021-36204
-	RESERVED
+CVE-2021-36204 (Under some circumstances an Insufficiently Protected Credentials vulne ...)
+	TODO: check
 CVE-2021-36203 (The affected product may allow an attacker to identify and forge reque ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438d5d32b664dfb7d7cd6879526fe82cc168c783

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438d5d32b664dfb7d7cd6879526fe82cc168c783
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230114/51d69854/attachment.htm>


More information about the debian-security-tracker-commits mailing list