[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 14 08:10:28 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
438d5d32 by security tracker role at 2023-01-14T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-23590
+ RESERVED
+CVE-2023-0298
+ RESERVED
+CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...)
+ TODO: check
+CVE-2023-0296
+ RESERVED
+CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-0294 (The Mediamatic – Media Library Folders plugin for WordPress is v ...)
+ TODO: check
+CVE-2023-0293 (The Mediamatic – Media Library Folders plugin for WordPress is v ...)
+ TODO: check
+CVE-2017-20169 (A vulnerability, which was classified as critical, has been found in G ...)
+ TODO: check
+CVE-2015-10043
+ RESERVED
+CVE-2015-10042 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
+ TODO: check
+CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
+ TODO: check
+CVE-2015-10040 (A vulnerability was found in gitlearn. It has been declared as problem ...)
+ TODO: check
CVE-2023-23588
RESERVED
CVE-2023-23587
@@ -66,7 +90,7 @@ CVE-2009-10002 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: dpup fittr-flickr
CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...)
TODO: check
-CVE-2023-23589 [tor TROVE-2022-02]
+CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...)
- tor 0.4.7.13-1
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
@@ -2080,14 +2104,14 @@ CVE-2023-22855
RESERVED
CVE-2023-22854
RESERVED
-CVE-2023-22853
- RESERVED
-CVE-2023-22852
- RESERVED
-CVE-2023-22851
- RESERVED
-CVE-2023-22850
- RESERVED
+CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...)
+ TODO: check
+CVE-2023-22852 (Tiki through 25.0 allows CSRF attacks that are related to tiki-importe ...)
+ TODO: check
+CVE-2023-22851 (Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php P ...)
+ TODO: check
+CVE-2023-22850 (Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib ...)
+ TODO: check
CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has ...)
NOT-FOR-US: Yomguithereal Baobab
CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea ...)
@@ -3377,14 +3401,14 @@ CVE-2023-22499
RESERVED
CVE-2023-22498
RESERVED
-CVE-2023-22497
- RESERVED
-CVE-2023-22496
- RESERVED
-CVE-2023-22495
- RESERVED
-CVE-2023-22494 (a12nserver is an open source lightweight OAuth2 server. Users of a12ns ...)
+CVE-2023-22497 (Netdata is an open source option for real-time infrastructure monitori ...)
+ TODO: check
+CVE-2023-22496 (Netdata is an open source option for real-time infrastructure monitori ...)
TODO: check
+CVE-2023-22495 (Izanami is a shared configuration service well-suited for micro-servic ...)
+ TODO: check
+CVE-2023-22494
+ REJECTED
CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is vulnerable to S ...)
TODO: check
CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OA ...)
@@ -3411,12 +3435,12 @@ CVE-2023-22482
RESERVED
CVE-2023-22481
RESERVED
-CVE-2023-22480
- RESERVED
+CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused on help ...)
+ TODO: check
CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack allows ...)
NOT-FOR-US: KubePi
-CVE-2023-22478
- RESERVED
+CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with unauthori ...)
+ TODO: check
CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...)
NOT-FOR-US: Mercurius
CVE-2023-22476
@@ -3529,10 +3553,10 @@ CVE-2023-22473 (Talk-Android enables users to have video & audio calls throu
NOT-FOR-US: Talk-Android
CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...)
NOT-FOR-US: Deck
-CVE-2023-22471
- RESERVED
-CVE-2023-22470
- RESERVED
+CVE-2023-22471 (Deck is a kanban style organization tool aimed at personal planning an ...)
+ TODO: check
+CVE-2023-22470 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...)
+ TODO: check
CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal planning an ...)
NOT-FOR-US: Deck
CVE-2023-22468
@@ -8644,28 +8668,28 @@ CVE-2022-46958
RESERVED
CVE-2022-46957
RESERVED
-CVE-2022-46956
- RESERVED
-CVE-2022-46955
- RESERVED
-CVE-2022-46954
- RESERVED
-CVE-2022-46953
- RESERVED
-CVE-2022-46952
- RESERVED
-CVE-2022-46951
- RESERVED
-CVE-2022-46950
- RESERVED
-CVE-2022-46949
- RESERVED
+CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46954 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46953 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46952 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46951 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46950 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2022-46949 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-46948
RESERVED
-CVE-2022-46947
- RESERVED
-CVE-2022-46946
- RESERVED
+CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-46945
RESERVED
CVE-2022-46944
@@ -10485,32 +10509,32 @@ CVE-2023-21601
RESERVED
CVE-2023-21600
RESERVED
-CVE-2023-21599
- RESERVED
-CVE-2023-21598
- RESERVED
-CVE-2023-21597
- RESERVED
-CVE-2023-21596
- RESERVED
-CVE-2023-21595
- RESERVED
-CVE-2023-21594
- RESERVED
+CVE-2023-21599 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+ TODO: check
+CVE-2023-21598 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+ TODO: check
+CVE-2023-21597 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+ TODO: check
+CVE-2023-21596 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+ TODO: check
+CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+ TODO: check
+CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
+ TODO: check
CVE-2023-21593
RESERVED
-CVE-2023-21592
- RESERVED
-CVE-2023-21591
- RESERVED
-CVE-2023-21590
- RESERVED
-CVE-2023-21589
- RESERVED
-CVE-2023-21588
- RESERVED
-CVE-2023-21587
- RESERVED
+CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+ TODO: check
+CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+ TODO: check
+CVE-2023-21590 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+ TODO: check
+CVE-2023-21589 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+ TODO: check
+CVE-2023-21588 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+ TODO: check
+CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
+ TODO: check
CVE-2023-21586
RESERVED
CVE-2023-21585
@@ -11523,8 +11547,8 @@ CVE-2022-46095 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 was
NOT-FOR-US: Sourcecodester
CVE-2022-46094
RESERVED
-CVE-2022-46093
- RESERVED
+CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection. Attack ...)
+ TODO: check
CVE-2022-46092
RESERVED
CVE-2022-46091
@@ -13823,8 +13847,8 @@ CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and bel
NOT-FOR-US: Chocolatey Ruby package
CVE-2022-45300
RESERVED
-CVE-2022-45299
- RESERVED
+CVE-2022-45299 (An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allo ...)
+ TODO: check
CVE-2022-45298
RESERVED
CVE-2022-45297
@@ -25232,8 +25256,8 @@ CVE-2022-42138
RESERVED
CVE-2022-42137
RESERVED
-CVE-2022-42136
- RESERVED
+CVE-2022-42136 (Authenticated mail users, under specific circumstances, could add file ...)
+ TODO: check
CVE-2022-42135
RESERVED
CVE-2022-42134
@@ -25631,10 +25655,10 @@ CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior
NOT-FOR-US: super-xray
CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF with Java ...)
NOT-FOR-US: Muhammara Nodejs module
-CVE-2022-41956
- RESERVED
-CVE-2022-41955
- RESERVED
+CVE-2022-41956 (Autolab is a course management service, initially developed by a team ...)
+ TODO: check
+CVE-2022-41955 (Autolab is a course management service, initially developed by a team ...)
+ TODO: check
CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...)
NOT-FOR-US: MPXJ
CVE-2022-41953
@@ -26277,8 +26301,8 @@ CVE-2022-41723
RESERVED
CVE-2022-41722
RESERVED
-CVE-2022-41721
- RESERVED
+CVE-2022-41721 (A request smuggling attack is possible when using MaxBytesHandler. Whe ...)
+ TODO: check
CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...)
- golang-1.19 <not-affected> (Only affects Go on Windows)
- golang-1.18 <not-affected> (Only affects Go on Windows)
@@ -35452,7 +35476,7 @@ CVE-2022-38289
CVE-2022-38288
RESERVED
CVE-2022-38287
- RESERVED
+ REJECTED
CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. ...)
NOT-FOR-US: JFinal CMS
CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. ...)
@@ -51321,7 +51345,7 @@ CVE-2022-32297 (Piwigo v12.2.0 was discovered to contain SQL injection vulnerabi
- piwigo <removed>
CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra refere ...)
NOT-FOR-US: Ampere devices
-CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
+CVE-2022-32294 (** DISPUTED ** Zimbra Collaboration Open Source 8.8.15 does not encryp ...)
NOT-FOR-US: Zimbra
CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
{DSA-5231-1 DLA-3144-1 DLA-3105-1}
@@ -78231,8 +78255,8 @@ CVE-2022-23534
RESERVED
CVE-2022-23533
RESERVED
-CVE-2022-23532
- RESERVED
+CVE-2022-23532 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j tha ...)
+ TODO: check
CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
NOT-FOR-US: GuardDog
CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
@@ -113798,8 +113822,8 @@ CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently valid
NOT-FOR-US: CEVAS
CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)
NOT-FOR-US: Johnson Controls
-CVE-2021-36204
- RESERVED
+CVE-2021-36204 (Under some circumstances an Insufficiently Protected Credentials vulne ...)
+ TODO: check
CVE-2021-36203 (The affected product may allow an attacker to identify and forge reque ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438d5d32b664dfb7d7cd6879526fe82cc168c783
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438d5d32b664dfb7d7cd6879526fe82cc168c783
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230114/51d69854/attachment.htm>
More information about the debian-security-tracker-commits
mailing list