[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31f6bc2c by security tracker role at 2023-01-17T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2023-23753
+	RESERVED
+CVE-2023-23752
+	RESERVED
+CVE-2023-23751
+	RESERVED
+CVE-2023-23750
+	RESERVED
+CVE-2023-23749
+	RESERVED
+CVE-2023-23748
+	RESERVED
+CVE-2023-23747
+	RESERVED
+CVE-2023-23746
+	RESERVED
+CVE-2023-23745
+	RESERVED
+CVE-2023-23744
+	RESERVED
+CVE-2023-23743
+	RESERVED
+CVE-2023-23742
+	RESERVED
+CVE-2023-23741
+	RESERVED
+CVE-2023-23740
+	RESERVED
+CVE-2023-23739
+	RESERVED
+CVE-2023-23738
+	RESERVED
+CVE-2023-23737
+	RESERVED
+CVE-2023-23736
+	RESERVED
+CVE-2023-23735
+	RESERVED
+CVE-2023-23734
+	RESERVED
+CVE-2023-23733
+	RESERVED
+CVE-2023-23732
+	RESERVED
+CVE-2023-23731
+	RESERVED
+CVE-2023-23730
+	RESERVED
+CVE-2023-23729
+	RESERVED
+CVE-2023-23728
+	RESERVED
+CVE-2023-23727
+	RESERVED
+CVE-2023-23726
+	RESERVED
+CVE-2023-23725
+	RESERVED
+CVE-2023-23724
+	RESERVED
+CVE-2023-23723
+	RESERVED
+CVE-2023-23722
+	RESERVED
+CVE-2023-23721
+	RESERVED
+CVE-2023-23720
+	RESERVED
+CVE-2023-23719
+	RESERVED
+CVE-2023-23718
+	RESERVED
+CVE-2023-23717
+	RESERVED
+CVE-2023-23716
+	RESERVED
+CVE-2023-23715
+	RESERVED
+CVE-2023-23714
+	RESERVED
+CVE-2023-23713
+	RESERVED
+CVE-2023-23712
+	RESERVED
+CVE-2023-23711
+	RESERVED
+CVE-2023-23710
+	RESERVED
+CVE-2023-23709
+	RESERVED
+CVE-2023-23708
+	RESERVED
+CVE-2023-23707
+	RESERVED
+CVE-2023-23706
+	RESERVED
+CVE-2023-23705
+	RESERVED
+CVE-2023-23704
+	RESERVED
+CVE-2023-23703
+	RESERVED
+CVE-2023-23702
+	RESERVED
+CVE-2023-23701
+	RESERVED
+CVE-2023-23700
+	RESERVED
+CVE-2023-23699
+	RESERVED
+CVE-2023-0342
+	RESERVED
+CVE-2023-0341
+	RESERVED
+CVE-2023-0340
+	RESERVED
+CVE-2023-0339
+	RESERVED
+CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
+	TODO: check
+CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
+	TODO: check
+CVE-2023-0336
+	RESERVED
+CVE-2023-0335
+	RESERVED
+CVE-2023-0334
+	RESERVED
+CVE-2023-0333
+	RESERVED
+CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
+	TODO: check
+CVE-2020-36654
+	RESERVED
+CVE-2020-36653
+	RESERVED
+CVE-2017-20173
+	RESERVED
+CVE-2017-20172
+	RESERVED
+CVE-2015-10068
+	RESERVED
+CVE-2012-10006
+	RESERVED
+CVE-2011-10001
+	RESERVED
+CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...)
+	TODO: check
 CVE-2023-XXXX [RUSTSEC-2023-0002]
 	- rust-git2 0.16.0-1
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0002.html
@@ -266,26 +414,26 @@ CVE-2023-0317
 	RESERVED
 CVE-2022-4891
 	RESERVED
-CVE-2017-20170
-	RESERVED
-CVE-2016-15021
-	RESERVED
-CVE-2015-10064
-	RESERVED
-CVE-2015-10063
-	RESERVED
-CVE-2015-10062
-	RESERVED
-CVE-2015-10061
-	RESERVED
-CVE-2015-10060
-	RESERVED
-CVE-2015-10059
-	RESERVED
-CVE-2015-10058
-	RESERVED
-CVE-2013-10013
-	RESERVED
+CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified  ...)
+	TODO: check
+CVE-2016-15021 (A vulnerability was found in nickzren alsdb. It has been rated as crit ...)
+	TODO: check
+CVE-2015-10064 (A vulnerability was found in VictorFerraresi pokemon-database-php. It  ...)
+	TODO: check
+CVE-2015-10063 (A vulnerability was found in saemorris TheRadSystem and classified as  ...)
+	TODO: check
+CVE-2015-10062 (A vulnerability, which was classified as problematic, was found in gal ...)
+	TODO: check
+CVE-2015-10061 (A vulnerability was found in evandro-machado Trabalho-Web2. It has bee ...)
+	TODO: check
+CVE-2015-10060 (A vulnerability was found in MNBikeways database and classified as cri ...)
+	TODO: check
+CVE-2015-10059 (A vulnerability has been found in s134328 Webapplication-Veganguide an ...)
+	TODO: check
+CVE-2015-10058 (A vulnerability, which was classified as problematic, was found in Wik ...)
+	TODO: check
+CVE-2013-10013 (A vulnerability was found in Bricco Authenticator Plugin. It has been  ...)
+	TODO: check
 CVE-2023-0316 (Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor pr ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-0315 (Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. ...)
@@ -2153,8 +2301,8 @@ CVE-2023-0160
 	RESERVED
 CVE-2023-0159
 	RESERVED
-CVE-2023-0158
-	RESERVED
+CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...)
+	TODO: check
 CVE-2023-0157
 	RESERVED
 CVE-2023-0156
@@ -2352,8 +2500,8 @@ CVE-2023-22877
 	RESERVED
 CVE-2023-22876
 	RESERVED
-CVE-2023-22875
-	RESERVED
+CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...)
+	TODO: check
 CVE-2023-22874
 	RESERVED
 CVE-2023-22873
@@ -4626,24 +4774,24 @@ CVE-2023-22322
 	RESERVED
 CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM ...)
 	NOT-FOR-US: OpenAM Web Policy Agent (different from src:openam)
-CVE-2023-22316
-	RESERVED
-CVE-2023-22304
-	RESERVED
-CVE-2023-22303
-	RESERVED
-CVE-2023-22298
-	RESERVED
-CVE-2023-22296
-	RESERVED
-CVE-2023-22286
-	RESERVED
-CVE-2023-22280
-	RESERVED
-CVE-2023-22279
-	RESERVED
-CVE-2023-22278
-	RESERVED
+CVE-2023-22316 (Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...)
+	TODO: check
+CVE-2023-22304 (OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...)
+	TODO: check
+CVE-2023-22303 (TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 2022 ...)
+	TODO: check
+CVE-2023-22298 (Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allow ...)
+	TODO: check
+CVE-2023-22296 (Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer s ...)
+	TODO: check
+CVE-2023-22286 (Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevance ...)
+	TODO: check
+CVE-2023-22280 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX ...)
+	TODO: check
+CVE-2023-22279 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX ...)
+	TODO: check
+CVE-2023-22278 (m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver ...)
+	TODO: check
 CVE-2022-47969
 	RESERVED
 CVE-2022-4777
@@ -4666,10 +4814,10 @@ CVE-2022-4769
 	RESERVED
 CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classified as  ...)
 	NOT-FOR-US: Dropbox merou
-CVE-2022-47318
-	RESERVED
-CVE-2022-46648
-	RESERVED
+CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
+	TODO: check
+CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
+	TODO: check
 CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It h ...)
 	NOT-FOR-US: OpenMRS
 CVE-2021-4291 (A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It h ...)
@@ -4736,10 +4884,10 @@ CVE-2023-22392
 	RESERVED
 CVE-2023-22391 (A vulnerability in class-of-service (CoS) queue management in Juniper  ...)
 	NOT-FOR-US: Juniper
-CVE-2023-22366
-	RESERVED
-CVE-2023-22357
-	RESERVED
+CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of uninitialized po ...)
+	TODO: check
+CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions, which ma ...)
+	TODO: check
 CVE-2023-22317
 	RESERVED
 CVE-2023-22314
@@ -5476,8 +5624,8 @@ CVE-2022-47855
 	RESERVED
 CVE-2022-47854
 	RESERVED
-CVE-2022-47853
-	RESERVED
+CVE-2022-47853 (TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...)
+	TODO: check
 CVE-2022-47852
 	RESERVED
 CVE-2022-47851
@@ -6066,8 +6214,8 @@ CVE-2022-47580
 	RESERVED
 CVE-2022-4622
 	RESERVED
-CVE-2022-4621
-	RESERVED
+CVE-2022-4621 (Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are  ...)
+	TODO: check
 CVE-2022-4620
 	RESERVED
 CVE-2022-4619 (The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable t ...)
@@ -9342,8 +9490,8 @@ CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1
 	NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin
 CVE-2022-46892
 	RESERVED
-CVE-2022-46891
-	RESERVED
+CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a  ...)
+	TODO: check
 CVE-2022-46890
 	RESERVED
 CVE-2022-46889
@@ -12706,8 +12854,7 @@ CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4
 	NOT-FOR-US: Apache James
 CVE-2022-45786
 	RESERVED
-CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c]
-	RESERVED
+CVE-2022-4121 (In libetpan a null pointer dereference in mailimap_mailbox_data_status ...)
 	{DLA-3261-1}
 	- libetpan 1.9.4-3.1 (bug #1025120)
 	[bullseye] - libetpan <no-dsa> (Minor issue)
@@ -21505,8 +21652,7 @@ CVE-2022-3652 (Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allo
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3651
 	RESERVED
-CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
-	RESERVED
+CVE-2022-3650 (A privilege escalation flaw was found in Ceph. Ceph-crash.service allo ...)
 	- ceph 16.2.10+ds-4 (bug #1024932)
 	[bullseye] - ceph <no-dsa> (Minor issue)
 	[buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
@@ -26308,24 +26454,21 @@ CVE-2022-41863
 	RESERVED
 CVE-2022-41862
 	RESERVED
-CVE-2022-41861 [freeradius: Crash on invalid abinary data]
-	RESERVED
+CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...)
 	- freeradius 3.2.0+dfsg-1
 	[bullseye] - freeradius <no-dsa> (Minor issue)
 	[buster] - freeradius <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26)
 	NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
-CVE-2022-41860 [freeradius: Crash on unknown option in EAP-SIM]
-	RESERVED
+CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...)
 	- freeradius 3.2.0+dfsg-1
 	[bullseye] - freeradius <no-dsa> (Minor issue)
 	[buster] - freeradius <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26)
 	NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM")
-CVE-2022-41859
-	RESERVED
-CVE-2022-41858
-	RESERVED
+CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...)
+	TODO: check
+CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer dereference may o ...)
 	- linux 5.17.6-1
 	[bullseye] - linux 5.10.113-1
 	[buster] - linux 4.19.249-1
@@ -28301,8 +28444,7 @@ CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal ca
 	NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13)
 CVE-2022-41137
 	RESERVED
-CVE-2022-40704
-	RESERVED
+CVE-2022-40704 (A XSS vulnerability was found in phoromatic_r_add_test_details.php in  ...)
 	- phoronix-test-suite <removed>
 CVE-2022-40208
 	RESERVED
@@ -33104,8 +33246,8 @@ CVE-2022-3093
 	RESERVED
 CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds ...)
 	NOT-FOR-US: GE CIMPICITY
-CVE-2022-3091
-	RESERVED
+CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function could ...)
+	TODO: check
 CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1  ...)
 	NOT-FOR-US: Red Lion Controls Crimson
 CVE-2022-3089
@@ -35404,8 +35546,8 @@ CVE-2022-2895 (Measuresoft ScadaPro Server (All Versions) uses unmaintained Acti
 	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...)
 	NOT-FOR-US: Measuresoft ScadaPro
-CVE-2022-2893
-	RESERVED
+CVE-2022-2893 (RONDS EPM version 1.19.5 does not properly validate the filename param ...)
+	TODO: check
 CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...)
 	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task manageme ...)
@@ -78211,8 +78353,8 @@ CVE-2022-23741 (An incorrect authorization vulnerability was identified in GitHu
 	TODO: check
 CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in a comma ...)
 	TODO: check
-CVE-2022-23739
-	RESERVED
+CVE-2022-23739 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+	TODO: check
 CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub Enterpris ...)
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-23737 (An improper privilege management vulnerability was identified in GitHu ...)
@@ -307712,8 +307854,7 @@ CVE-2018-14629 (A denial of service vulnerability was discovered in Samba's LDAP
 	{DSA-4345-1 DLA-1607-1}
 	- samba 2:4.9.2+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
-CVE-2018-14628
-	RESERVED
+CVE-2018-14628 (An information leak vulnerability was discovered in Samba's LDAP serve ...)
 	- samba <unfixed>
 	[bullseye] - samba <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13595



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f6bc2c249e07c3e123b9e3dfcf95560dcc409a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f6bc2c249e07c3e123b9e3dfcf95560dcc409a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230117/d1b72e0c/attachment-0001.htm>