[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 17 08:10:24 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fb32a92 by security tracker role at 2023-01-17T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,155 @@
+CVE-2023-23698
+	RESERVED
+CVE-2023-23697
+	RESERVED
+CVE-2023-23696
+	RESERVED
+CVE-2023-23695
+	RESERVED
+CVE-2023-23694
+	RESERVED
+CVE-2023-23693
+	RESERVED
+CVE-2023-23692
+	RESERVED
+CVE-2023-23691
+	RESERVED
+CVE-2023-23690
+	RESERVED
+CVE-2023-23689
+	RESERVED
+CVE-2023-23688
+	RESERVED
+CVE-2023-23687
+	RESERVED
+CVE-2023-23686
+	RESERVED
+CVE-2023-23685
+	RESERVED
+CVE-2023-23684
+	RESERVED
+CVE-2023-23683
+	RESERVED
+CVE-2023-23682
+	RESERVED
+CVE-2023-23681
+	RESERVED
+CVE-2023-23680
+	RESERVED
+CVE-2023-23679
+	RESERVED
+CVE-2023-23678
+	RESERVED
+CVE-2023-23677
+	RESERVED
+CVE-2023-23676
+	RESERVED
+CVE-2023-23675
+	RESERVED
+CVE-2023-23674
+	RESERVED
+CVE-2023-23673
+	RESERVED
+CVE-2023-23672
+	RESERVED
+CVE-2023-23671
+	RESERVED
+CVE-2023-23670
+	RESERVED
+CVE-2023-23669
+	RESERVED
+CVE-2023-23668
+	RESERVED
+CVE-2023-23667
+	RESERVED
+CVE-2023-23666
+	RESERVED
+CVE-2023-23665
+	RESERVED
+CVE-2023-23664
+	RESERVED
+CVE-2023-23663
+	RESERVED
+CVE-2023-23662
+	RESERVED
+CVE-2023-23661
+	RESERVED
+CVE-2023-23660
+	RESERVED
+CVE-2023-23659
+	RESERVED
+CVE-2023-23658
+	RESERVED
+CVE-2023-23657
+	RESERVED
+CVE-2023-23656
+	RESERVED
+CVE-2023-23655
+	RESERVED
+CVE-2023-23654
+	RESERVED
+CVE-2023-23653
+	RESERVED
+CVE-2023-23652
+	RESERVED
+CVE-2023-23651
+	RESERVED
+CVE-2023-23650
+	RESERVED
+CVE-2023-23649
+	RESERVED
+CVE-2023-23648
+	RESERVED
+CVE-2023-23647
+	RESERVED
+CVE-2023-23646
+	RESERVED
+CVE-2023-23645
+	RESERVED
+CVE-2023-23644
+	RESERVED
+CVE-2023-23643
+	RESERVED
+CVE-2023-23642
+	RESERVED
+CVE-2023-23641
+	RESERVED
+CVE-2023-23640
+	RESERVED
+CVE-2023-23639
+	RESERVED
+CVE-2023-23638
+	RESERVED
+CVE-2023-0331
+	RESERVED
+CVE-2023-0330
+	RESERVED
+CVE-2023-0329
+	RESERVED
+CVE-2022-48261
+	RESERVED
+CVE-2020-36652
+	RESERVED
+CVE-2020-36651
+	RESERVED
+CVE-2018-25077
+	RESERVED
+CVE-2017-20171
+	RESERVED
+CVE-2015-10067
+	RESERVED
+CVE-2015-10066
+	RESERVED
+CVE-2015-10065
+	RESERVED
+CVE-2014-125082
+	RESERVED
+CVE-2014-125081
+	RESERVED
+CVE-2010-10007
+	RESERVED
+CVE-2010-10006
+	RESERVED
 CVE-2023-23637
 	RESERVED
 CVE-2023-23636
@@ -315,7 +467,7 @@ CVE-2023-0271
 CVE-2023-0270
 	RESERVED
 CVE-2023-0269
-	RESERVED
+	REJECTED
 CVE-2023-0268
 	RESERVED
 CVE-2023-0267
@@ -8409,8 +8561,8 @@ CVE-2022-43493
 	RESERVED
 CVE-2022-41834
 	RESERVED
-CVE-2020-36611
-	RESERVED
+CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager  ...)
+	TODO: check
 CVE-2023-0011
 	RESERVED
 CVE-2022-47193
@@ -13503,10 +13655,10 @@ CVE-2022-45442 (Sinatra is a domain-specific language for creating web applicati
 	NOTE: https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a (v2.2.3)
 CVE-2022-45441
 	RESERVED
-CVE-2022-45440
-	RESERVED
-CVE-2022-45439
-	RESERVED
+CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmwa ...)
+	TODO: check
+CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration file o ...)
+	TODO: check
 CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by ...)
 	NOT-FOR-US: Apache Superset
 CVE-2022-45437
@@ -21587,8 +21739,8 @@ CVE-2022-43469
 	RESERVED
 CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-43462
-	RESERVED
+CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist ...)
+	TODO: check
 CVE-2022-43461
 	RESERVED
 CVE-2022-43459
@@ -21633,8 +21785,8 @@ CVE-2022-42485
 	RESERVED
 CVE-2022-42479
 	RESERVED
-CVE-2022-42462
-	RESERVED
+CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's ...)
+	TODO: check
 CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
@@ -26941,8 +27093,8 @@ CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inac
 	- gitlab <unfixed>
 CVE-2022-3329
 	RESERVED
-CVE-2022-30544
-	RESERVED
+CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap  ...)
+	TODO: check
 CVE-2022-27628
 	RESERVED
 CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
@@ -30190,13 +30342,13 @@ CVE-2022-40275
 CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute arbitrary  ...)
 	NOT-FOR-US: Gridea
 CVE-2022-40273
-	RESERVED
+	REJECTED
 CVE-2022-40272
-	RESERVED
+	REJECTED
 CVE-2022-40271
-	RESERVED
+	REJECTED
 CVE-2022-40270
-	RESERVED
+	REJECTED
 CVE-2022-40269
 	RESERVED
 CVE-2022-40268
@@ -31349,7 +31501,7 @@ CVE-2022-39800 (SAP BusinessObjects BI LaunchPad - versions 420, 430, is suscept
 CVE-2022-39799 (An attacker with no prior authentication could craft and send maliciou ...)
 	NOT-FOR-US: SAP
 CVE-2022-3117
-	RESERVED
+	REJECTED
 CVE-2022-3116
 	RESERVED
 CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...)
@@ -32937,8 +33089,8 @@ CVE-2022-3089
 	RESERVED
 CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...)
 	NOT-FOR-US: Moxa
-CVE-2022-3087
-	RESERVED
+CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are  ...)
+	TODO: check
 CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerabl ...)
 	NOT-FOR-US: Moxa
 CVE-2022-3085
@@ -38104,7 +38256,7 @@ CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel mod
 	NOTE: https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4)
 CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...)
+CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storag ...)
 	NOT-FOR-US: Hitachi
 CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
 	NOT-FOR-US: Hestia Control Panel
@@ -58068,19 +58220,19 @@ CVE-2021-46801
 CVE-2021-46800
 	RESERVED
 CVE-2021-46799
-	RESERVED
+	REJECTED
 CVE-2021-46798
 	RESERVED
 CVE-2021-46797
 	RESERVED
 CVE-2021-46796
-	RESERVED
+	REJECTED
 CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an  ...)
 	NOT-FOR-US: AMD
 CVE-2021-46794
 	RESERVED
 CVE-2021-46793
-	RESERVED
+	REJECTED
 CVE-2021-46792
 	RESERVED
 CVE-2021-46791 (Insufficient input validation during parsing of the System Management  ...)
@@ -63726,7 +63878,7 @@ CVE-2021-46763
 CVE-2021-46762
 	RESERVED
 CVE-2021-46761
-	RESERVED
+	REJECTED
 CVE-2021-46760
 	RESERVED
 CVE-2021-46759
@@ -65587,9 +65739,9 @@ CVE-2022-27678
 CVE-2022-27677
 	RESERVED
 CVE-2022-27676
-	RESERVED
+	REJECTED
 CVE-2022-27675
-	RESERVED
+	REJECTED
 CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in AMD μ ...)
 	NOT-FOR-US: AMD
 CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may potential ...)
@@ -77696,7 +77848,7 @@ CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before
 	NOTE: https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12)
 	NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27)
 CVE-2022-23832
-	RESERVED
+	REJECTED
 CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD μProf ma ...)
 	NOT-FOR-US: AMD
 CVE-2022-23830
@@ -77706,7 +77858,7 @@ CVE-2022-23829
 CVE-2022-23828
 	RESERVED
 CVE-2022-23827
-	RESERVED
+	REJECTED
 CVE-2022-23826
 	RESERVED
 CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to predi ...)
@@ -77745,7 +77897,7 @@ CVE-2022-23818
 CVE-2022-23817
 	RESERVED
 CVE-2022-23816
-	RESERVED
+	REJECTED
 	{DSA-5207-1 DSA-5184-1}
 	- linux 5.18.14-1
 	[buster] - linux <ignored> (New mitigations are too invasive to backport)
@@ -139099,7 +139251,7 @@ CVE-2021-26407 (A randomly generated Initialization Vector (IV) may lead to a co
 CVE-2021-26406
 	RESERVED
 CVE-2021-26405
-	RESERVED
+	REJECTED
 CVE-2021-26404 (Improper input validation and bounds checking in SEV firmware may leak ...)
 	TODO: check
 CVE-2021-26403 (Insufficient checks in SEV may lead to a malicious hypervisor disclosi ...)
@@ -139116,7 +139268,7 @@ CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2
 CVE-2021-26400 (AMD processors may speculatively re-order load instructions which can  ...)
 	NOT-FOR-US: AMD
 CVE-2021-26399
-	RESERVED
+	REJECTED
 CVE-2021-26398 (Insufficient input validation in SYS_KEY_DERIVE system call in a compr ...)
 	TODO: check
 CVE-2021-26397
@@ -139144,7 +139296,7 @@ CVE-2021-26387
 CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an attacker to i ...)
 	NOT-FOR-US: AMD
 CVE-2021-26385
-	RESERVED
+	REJECTED
 CVE-2021-26384 (A malformed SMI (System Management Interface) command may allow an att ...)
 	NOT-FOR-US: AMD
 CVE-2021-26383
@@ -139166,7 +139318,7 @@ CVE-2021-26376 (Insufficient checks in System Management Unit (SMU) FeatureConfi
 CVE-2021-26375 (Insufficient General Purpose IO (GPIO) bounds check in System Manageme ...)
 	NOT-FOR-US: AMD
 CVE-2021-26374
-	RESERVED
+	REJECTED
 CVE-2021-26373 (Insufficient bound checks in the System Management Unit (SMU) may resu ...)
 	NOT-FOR-US: AMD
 CVE-2021-26372 (Insufficient bound checks related to PCIE in the System Management Uni ...)
@@ -139198,9 +139350,9 @@ CVE-2021-26360 (An attacker with local access to the system can make unauthorize
 CVE-2021-26359
 	RESERVED
 CVE-2021-26358
-	RESERVED
+	REJECTED
 CVE-2021-26357
-	RESERVED
+	REJECTED
 CVE-2021-26356
 	RESERVED
 CVE-2021-26355 (Insufficient fencing and checks in System Management Unit (SMU) may re ...)
@@ -139279,7 +139431,7 @@ CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow
 CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...)
 	NOT-FOR-US: AMD
 CVE-2021-26319
-	RESERVED
+	REJECTED
 CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
 	NOT-FOR-US: AMD
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fb32a926c890e9969dbcdf4ec63420f428fb62d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fb32a926c890e9969dbcdf4ec63420f428fb62d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230117/b44891f6/attachment.htm>

More information about the debian-security-tracker-commits mailing list