[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 18 08:10:33 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c29f4b0e by security tracker role at 2023-01-18T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2023-23774
+ RESERVED
+CVE-2023-23773
+ RESERVED
+CVE-2023-23772
+ RESERVED
+CVE-2023-23771
+ RESERVED
+CVE-2023-23770
+ RESERVED
+CVE-2023-23769
+ RESERVED
+CVE-2023-23768
+ RESERVED
+CVE-2023-23767
+ RESERVED
+CVE-2023-23766
+ RESERVED
+CVE-2023-23765
+ RESERVED
+CVE-2023-23764
+ RESERVED
+CVE-2023-23763
+ RESERVED
+CVE-2023-23762
+ RESERVED
+CVE-2023-23761
+ RESERVED
+CVE-2023-23760
+ RESERVED
+CVE-2023-23759
+ RESERVED
+CVE-2023-23758
+ RESERVED
+CVE-2023-23757
+ RESERVED
+CVE-2023-23756
+ RESERVED
+CVE-2023-23755
+ RESERVED
+CVE-2023-23754
+ RESERVED
+CVE-2023-0367
+ RESERVED
+CVE-2023-0366
+ RESERVED
+CVE-2023-0365
+ RESERVED
+CVE-2023-0364
+ RESERVED
+CVE-2023-0363
+ RESERVED
+CVE-2023-0362
+ RESERVED
+CVE-2023-0361
+ RESERVED
+CVE-2023-0360
+ RESERVED
+CVE-2023-0359
+ RESERVED
+CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. ...)
+ TODO: check
+CVE-2023-0357
+ RESERVED
+CVE-2023-0356
+ RESERVED
+CVE-2023-0355
+ RESERVED
+CVE-2023-0354
+ RESERVED
+CVE-2023-0353
+ RESERVED
+CVE-2023-0352
+ RESERVED
+CVE-2023-0351
+ RESERVED
+CVE-2023-0350
+ RESERVED
+CVE-2023-0349
+ RESERVED
+CVE-2023-0348
+ RESERVED
+CVE-2023-0347
+ RESERVED
+CVE-2023-0346
+ RESERVED
+CVE-2023-0345
+ RESERVED
+CVE-2023-0344
+ RESERVED
+CVE-2023-0343
+ RESERVED
+CVE-2010-10009
+ RESERVED
CVE-2023-23753
RESERVED
CVE-2023-23752
@@ -6,8 +100,8 @@ CVE-2023-23751
RESERVED
CVE-2023-23750
RESERVED
-CVE-2023-23749
- RESERVED
+CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & ...)
+ TODO: check
CVE-2023-23748
RESERVED
CVE-2023-23747
@@ -289,28 +383,28 @@ CVE-2022-48261
RESERVED
CVE-2020-36652
RESERVED
-CVE-2020-36651
- RESERVED
-CVE-2018-25077
- RESERVED
-CVE-2017-20171
- RESERVED
-CVE-2015-10067
- RESERVED
-CVE-2015-10066
- RESERVED
-CVE-2015-10065
- RESERVED
-CVE-2014-125082
- RESERVED
-CVE-2014-125081
- RESERVED
-CVE-2010-10007
- RESERVED
-CVE-2010-10006
- RESERVED
-CVE-2023-23637
- RESERVED
+CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and classifi ...)
+ TODO: check
+CVE-2018-25077 (A vulnerability was found in melnaron mel-spintax. It has been rated a ...)
+ TODO: check
+CVE-2017-20171 (A vulnerability classified as critical has been found in PrivateSky ap ...)
+ TODO: check
+CVE-2015-10067 (A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has ...)
+ TODO: check
+CVE-2015-10066 (A vulnerability was found in tynx wuersch and classified as critical. ...)
+ TODO: check
+CVE-2015-10065 (A vulnerability classified as critical was found in AenBleidd FiND. Th ...)
+ TODO: check
+CVE-2014-125082 (A vulnerability was found in nivit redports. It has been declared as c ...)
+ TODO: check
+CVE-2014-125081 (A vulnerability, which was classified as critical, has been found in r ...)
+ TODO: check
+CVE-2010-10007 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil ...)
+ TODO: check
+CVE-2010-10006 (A vulnerability, which was classified as problematic, was found in mic ...)
+ TODO: check
+CVE-2023-23637 (IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain te ...)
+ TODO: check
CVE-2023-23636
RESERVED
CVE-2023-23635
@@ -447,8 +541,8 @@ CVE-2023-0318
RESERVED
CVE-2023-0317
RESERVED
-CVE-2022-4891
- RESERVED
+CVE-2022-4891 (A vulnerability has been found in Sisimai up to 4.25.14p11 and classif ...)
+ TODO: check
CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified ...)
TODO: check
CVE-2016-15021 (A vulnerability was found in nickzren alsdb. It has been rated as crit ...)
@@ -584,8 +678,7 @@ CVE-2023-0298 (Improper Authorization in GitHub repository firefly-iii/firefly-i
NOT-FOR-US: firefly-iii
CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...)
- pyload <itp> (bug #1001980)
-CVE-2023-0296
- RESERVED
+CVE-2023-0296 (The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) ...)
NOT-FOR-US: OpenShift
CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: Launchpad plugin for WordPress
@@ -2571,8 +2664,7 @@ CVE-2023-22859
RESERVED
CVE-2023-22459
RESERVED
-CVE-2023-0122 [NVME driver: null pointer dereference in drivers/nvme/target/auth.c]
- RESERVED
+CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe func ...)
- linux <not-affected> (Vulnerable code not present in any released Debian version)
CVE-2023-0121
RESERVED
@@ -3051,22 +3143,22 @@ CVE-2023-22736
RESERVED
CVE-2023-22735
RESERVED
-CVE-2023-22734
- RESERVED
-CVE-2023-22733
- RESERVED
-CVE-2023-22732
- RESERVED
-CVE-2023-22731
- RESERVED
-CVE-2023-22730
- RESERVED
+CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...)
+ TODO: check
+CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...)
+ TODO: check
+CVE-2023-22732 (Shopware is an open source commerce platform based on Symfony Framewor ...)
+ TODO: check
+CVE-2023-22731 (Shopware is an open source commerce platform based on Symfony Framewor ...)
+ TODO: check
+CVE-2023-22730 (Shopware is an open source commerce platform based on Symfony Framewor ...)
+ TODO: check
CVE-2023-22729
RESERVED
CVE-2023-22728
RESERVED
-CVE-2023-22727
- RESERVED
+CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...)
+ TODO: check
CVE-2023-22726
RESERVED
CVE-2023-22725
@@ -3417,8 +3509,8 @@ CVE-2023-22626 (PgHero before 3.1.0 allows Information Disclosure via EXPLAIN be
- ruby-pghero <itp> (bug #882288)
CVE-2023-22625
RESERVED
-CVE-2023-22624
- RESERVED
+CVE-2023-22624 (Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers ...)
+ TODO: check
CVE-2023-22623
RESERVED
CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...)
@@ -4001,10 +4093,10 @@ CVE-2021-46869
RESERVED
CVE-2023-22500
RESERVED
-CVE-2023-22499
- RESERVED
+CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
+ TODO: check
CVE-2023-22498
- RESERVED
+ REJECTED
CVE-2023-22497 (Netdata is an open source option for real-time infrastructure monitori ...)
- netdata 1.37.0-1
[bullseye] - netdata <no-dsa> (Minor issue)
@@ -5292,8 +5384,8 @@ CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values
NOT-FOR-US: Multi-Party Threshold Signature Scheme
CVE-2022-47930
RESERVED
-CVE-2022-47929
- RESERVED
+CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...)
+ TODO: check
CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...)
NOT-FOR-US: MISP
CVE-2022-47927 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
@@ -5455,12 +5547,12 @@ CVE-2023-22383
RESERVED
CVE-2023-22382
RESERVED
-CVE-2022-47917
- RESERVED
+CVE-2022-47917 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
CVE-2022-47912
RESERVED
-CVE-2022-47911
- RESERVED
+CVE-2022-47911 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
CVE-2022-47896 (In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnera ...)
- intellij-idea <itp> (bug #747616)
CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" act ...)
@@ -5473,16 +5565,16 @@ CVE-2022-47892
RESERVED
CVE-2022-47891
RESERVED
-CVE-2022-47395
- RESERVED
+CVE-2022-47395 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
CVE-2022-47320
RESERVED
CVE-2022-47311
RESERVED
CVE-2022-46738
RESERVED
-CVE-2022-46733
- RESERVED
+CVE-2022-46733 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
CVE-2022-46658
RESERVED
CVE-2022-4634
@@ -5517,20 +5609,20 @@ CVE-2022-45876
RESERVED
CVE-2022-45468
RESERVED
-CVE-2022-45444
- RESERVED
-CVE-2022-45127
- RESERVED
+CVE-2022-45444 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
+CVE-2022-45127 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
CVE-2022-45121
RESERVED
CVE-2022-43512
RESERVED
-CVE-2022-43483
- RESERVED
-CVE-2022-43455
- RESERVED
-CVE-2022-41989
- RESERVED
+CVE-2022-43483 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
+CVE-2022-43455 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
+CVE-2022-41989 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
+ TODO: check
CVE-2022-41696
RESERVED
CVE-2022-40633
@@ -7227,160 +7319,160 @@ CVE-2023-21902
RESERVED
CVE-2023-21901
RESERVED
-CVE-2023-21900
- RESERVED
-CVE-2023-21899
- RESERVED
-CVE-2023-21898
- RESERVED
+CVE-2023-21900 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2023-21899 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-21898 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
CVE-2023-21897
RESERVED
CVE-2023-21896
RESERVED
CVE-2023-21895
RESERVED
-CVE-2023-21894
- RESERVED
-CVE-2023-21893
- RESERVED
-CVE-2023-21892
- RESERVED
-CVE-2023-21891
- RESERVED
-CVE-2023-21890
- RESERVED
-CVE-2023-21889
- RESERVED
-CVE-2023-21888
- RESERVED
-CVE-2023-21887
- RESERVED
-CVE-2023-21886
- RESERVED
-CVE-2023-21885
- RESERVED
-CVE-2023-21884
- RESERVED
-CVE-2023-21883
- RESERVED
-CVE-2023-21882
- RESERVED
-CVE-2023-21881
- RESERVED
-CVE-2023-21880
- RESERVED
-CVE-2023-21879
- RESERVED
-CVE-2023-21878
- RESERVED
-CVE-2023-21877
- RESERVED
-CVE-2023-21876
- RESERVED
-CVE-2023-21875
- RESERVED
-CVE-2023-21874
- RESERVED
-CVE-2023-21873
- RESERVED
-CVE-2023-21872
- RESERVED
-CVE-2023-21871
- RESERVED
-CVE-2023-21870
- RESERVED
-CVE-2023-21869
- RESERVED
-CVE-2023-21868
- RESERVED
-CVE-2023-21867
- RESERVED
-CVE-2023-21866
- RESERVED
-CVE-2023-21865
- RESERVED
-CVE-2023-21864
- RESERVED
-CVE-2023-21863
- RESERVED
-CVE-2023-21862
- RESERVED
-CVE-2023-21861
- RESERVED
-CVE-2023-21860
- RESERVED
-CVE-2023-21859
- RESERVED
-CVE-2023-21858
- RESERVED
-CVE-2023-21857
- RESERVED
-CVE-2023-21856
- RESERVED
-CVE-2023-21855
- RESERVED
-CVE-2023-21854
- RESERVED
-CVE-2023-21853
- RESERVED
-CVE-2023-21852
- RESERVED
-CVE-2023-21851
- RESERVED
-CVE-2023-21850
- RESERVED
-CVE-2023-21849
- RESERVED
-CVE-2023-21848
- RESERVED
-CVE-2023-21847
- RESERVED
-CVE-2023-21846
- RESERVED
-CVE-2023-21845
- RESERVED
-CVE-2023-21844
- RESERVED
-CVE-2023-21843
- RESERVED
-CVE-2023-21842
- RESERVED
-CVE-2023-21841
- RESERVED
-CVE-2023-21840
- RESERVED
-CVE-2023-21839
- RESERVED
-CVE-2023-21838
- RESERVED
-CVE-2023-21837
- RESERVED
-CVE-2023-21836
- RESERVED
-CVE-2023-21835
- RESERVED
-CVE-2023-21834
- RESERVED
+CVE-2023-21894 (Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Fr ...)
+ TODO: check
+CVE-2023-21893 (Vulnerability in the Oracle Data Provider for .NET component of Oracle ...)
+ TODO: check
+CVE-2023-21892 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-21891 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-21890 (Vulnerability in the Oracle Communications Converged Application Serve ...)
+ TODO: check
+CVE-2023-21889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-21888 (Vulnerability in the Primavera Gateway product of Oracle Construction ...)
+ TODO: check
+CVE-2023-21887 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-21885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-21884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-21883 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21882 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21881 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21880 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21879 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21877 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21876 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21875 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21874 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21872 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21871 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21865 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21864 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21863 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21862 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...)
+ TODO: check
+CVE-2023-21861 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-21860 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21859 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
+ TODO: check
+CVE-2023-21858 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...)
+ TODO: check
+CVE-2023-21857 (Vulnerability in the Oracle HCM Common Architecture product of Oracle ...)
+ TODO: check
+CVE-2023-21856 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...)
+ TODO: check
+CVE-2023-21855 (Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Bu ...)
+ TODO: check
+CVE-2023-21854 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ TODO: check
+CVE-2023-21853 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...)
+ TODO: check
+CVE-2023-21852 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...)
+ TODO: check
+CVE-2023-21851 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2023-21850 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...)
+ TODO: check
+CVE-2023-21849 (Vulnerability in the Oracle Applications DBA product of Oracle E-Busin ...)
+ TODO: check
+CVE-2023-21848 (Vulnerability in the Oracle Communications Convergence product of Orac ...)
+ TODO: check
+CVE-2023-21847 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
+ TODO: check
+CVE-2023-21846 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2023-21845 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2023-21842 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-21841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-21840 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21839 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-21838 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-21837 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2023-21834 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...)
+ TODO: check
CVE-2023-21833
RESERVED
-CVE-2023-21832
- RESERVED
-CVE-2023-21831
- RESERVED
-CVE-2023-21830
- RESERVED
-CVE-2023-21829
- RESERVED
-CVE-2023-21828
- RESERVED
-CVE-2023-21827
- RESERVED
-CVE-2023-21826
- RESERVED
-CVE-2023-21825
- RESERVED
-CVE-2023-21824
- RESERVED
+CVE-2023-21832 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2023-21831 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...)
+ TODO: check
+CVE-2023-21830 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2023-21829 (Vulnerability in the Oracle Database RDBMS Security component of Oracl ...)
+ TODO: check
+CVE-2023-21828 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ TODO: check
+CVE-2023-21827 (Vulnerability in the Oracle Database Data Redaction component of Oracl ...)
+ TODO: check
+CVE-2023-21826 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ TODO: check
+CVE-2023-21825 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...)
+ TODO: check
+CVE-2023-21824 (Vulnerability in the Oracle Communications BRM - Elastic Charging Engi ...)
+ TODO: check
CVE-2022-47522
RESERVED
CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...)
@@ -7847,12 +7939,12 @@ CVE-2022-47451
RESERVED
CVE-2022-47450
RESERVED
-CVE-2022-46732
- RESERVED
-CVE-2022-46660
- RESERVED
-CVE-2022-46331
- RESERVED
+CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...)
+ TODO: check
+CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...)
+ TODO: check
+CVE-2022-46331 (An unauthorized user could possibly delete any file on the system. ...)
+ TODO: check
CVE-2022-4517
RESERVED
CVE-2022-4516
@@ -7876,10 +7968,10 @@ CVE-2022-4510
RESERVED
CVE-2022-4509
RESERVED
-CVE-2022-43494
- RESERVED
-CVE-2022-38469
- RESERVED
+CVE-2022-43494 (An unauthorized user could be able to read any file on the system, pot ...)
+ TODO: check
+CVE-2022-38469 (An unauthorized user with network access and the decryption key could ...)
+ TODO: check
CVE-2021-4245 (A vulnerability classified as problematic has been found in chbrown rf ...)
NOT-FOR-US: rfc6902
CVE-2022-47449
@@ -10743,8 +10835,8 @@ CVE-2022-46477
RESERVED
CVE-2022-46476
RESERVED
-CVE-2022-46475
- RESERVED
+CVE-2022-46475 (D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack over ...)
+ TODO: check
CVE-2022-46474
RESERVED
CVE-2022-46473
@@ -19472,12 +19564,12 @@ CVE-2023-20603
RESERVED
CVE-2023-20602
RESERVED
-CVE-2022-43977
- RESERVED
-CVE-2022-43976
- RESERVED
-CVE-2022-43975
- RESERVED
+CVE-2022-43977 (An issue was discovered on GE Grid Solutions MS3000 devices before 3.7 ...)
+ TODO: check
+CVE-2022-43976 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...)
+ TODO: check
+CVE-2022-43975 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...)
+ TODO: check
CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...)
- matrixssl <removed>
CVE-2022-43973 (An arbitrary code execution vulnerability exisits in Linksys WRT54GL W ...)
@@ -23694,7 +23786,7 @@ CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Manageme
NOT-FOR-US: SourceCodester
CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
NOT-FOR-US: SourceCodester
-CVE-2022-42919 (Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege ...)
+CVE-2022-42919 (Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ...)
- python3.11 3.11.0-2
- python3.10 3.10.8-2
- python3.9 <removed>
@@ -26282,8 +26374,8 @@ CVE-2022-41955 (Autolab is a course management service, initially developed by a
TODO: check
CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...)
NOT-FOR-US: MPXJ
-CVE-2022-41953
- RESERVED
+CVE-2022-41953 (Git GUI is a convenient graphical tool that comes with Git for Windows ...)
+ TODO: check
CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...)
- matrix-synapse 1.53.0-1
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
@@ -26399,8 +26491,7 @@ CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI.
NOT-FOR-US: WsgiDAV
CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...)
NOT-FOR-US: Element iOS
-CVE-2022-41903
- RESERVED
+CVE-2022-41903 (Git is distributed revision control system. `git log` can display comm ...)
- git <unfixed> (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE: https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2
@@ -30438,8 +30529,8 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
[bullseye] - libconfuse 3.3-2+deb11u1
NOTE: https://github.com/libconfuse/libconfuse/issues/163
NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
-CVE-2022-40319
- RESERVED
+CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...)
+ TODO: check
CVE-2022-40318
RESERVED
CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: s ...)
@@ -32533,8 +32624,8 @@ CVE-2022-39431
RESERVED
CVE-2022-39430
RESERVED
-CVE-2022-39429
- RESERVED
+CVE-2022-39429 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ TODO: check
CVE-2022-39428 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
NOT-FOR-US: Oracle
CVE-2022-39427 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -33204,8 +33295,8 @@ CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSys
NOT-FOR-US: Cobalt Strike
CVE-2022-39196 (Blackboard Learn 1.10.1 allows remote authenticated users to read unin ...)
NOT-FOR-US: Blackboard Learn
-CVE-2022-39195
- RESERVED
+CVE-2022-39195 (A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web inte ...)
+ TODO: check
CVE-2022-39194 (An issue was discovered in the MediaWiki through 1.38.2. The community ...)
NOT-FOR-US: MediaWiki extension GrowthExperiments
CVE-2022-39193
@@ -33527,8 +33618,7 @@ CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 20
NOT-FOR-US: Quanos "SCHEMA ST4" example web templates
CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
-CVE-2006-20001
- RESERVED
+CVE-2006-20001 (A carefully crafted If: request header can cause a memory read, or wri ...)
- apache2 2.4.55-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/5
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001
@@ -35433,8 +35523,7 @@ CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE vers
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2907
- RESERVED
+CVE-2022-2907 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -38249,8 +38338,7 @@ CVE-2022-37438 (In Splunk Enterprise versions in the following table, an authent
NOT-FOR-US: Splunk
CVE-2022-37437 (When using Ingest Actions to configure a destination that resides on A ...)
NOT-FOR-US: Splunk
-CVE-2022-37436
- RESERVED
+CVE-2022-37436 (Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the ...)
- apache2 2.4.55-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/7
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436
@@ -40164,8 +40252,7 @@ CVE-2022-36762
RESERVED
CVE-2022-36761
RESERVED
-CVE-2022-36760
- RESERVED
+CVE-2022-36760 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
- apache2 2.4.55-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760
@@ -45527,8 +45614,7 @@ CVE-2022-2253 (A user with administrative privileges in Distributed Data Systems
NOT-FOR-US: Distributed Data Systems WebHMI
CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
-CVE-2022-2251
- RESERVED
+CVE-2022-2251 (Improper sanitization of branch names in GitLab Runner affecting all v ...)
- gitlab <unfixed>
CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
- gitlab <unfixed>
@@ -46612,20 +46698,20 @@ CVE-2019-25071 (A vulnerability was found in Apple iPhone up to 12.4.1. It has b
NOT-FOR-US: Apple iPhone
CVE-2022-34463
RESERVED
-CVE-2022-34462
- RESERVED
+CVE-2022-34462 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
+ TODO: check
CVE-2022-34461
RESERVED
-CVE-2022-34460
- RESERVED
+CVE-2022-34460 (Prior Dell BIOS versions contain an improper input validation vulnerab ...)
+ TODO: check
CVE-2022-34459
RESERVED
CVE-2022-34458
RESERVED
CVE-2022-34457
RESERVED
-CVE-2022-34456
- RESERVED
+CVE-2022-34456 (Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection ...)
+ TODO: check
CVE-2022-34455
RESERVED
CVE-2022-34454
@@ -46652,8 +46738,8 @@ CVE-2022-34444
RESERVED
CVE-2022-34443
RESERVED
-CVE-2022-34442
- RESERVED
+CVE-2022-34442 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
+ TODO: check
CVE-2022-34441 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
NOT-FOR-US: EMC
CVE-2022-34440 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
@@ -46734,8 +46820,8 @@ CVE-2022-34403
RESERVED
CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service ...)
NOT-FOR-US: Dell
-CVE-2022-34401
- RESERVED
+CVE-2022-34401 (Dell BIOS contains a stack based buffer overflow vulnerability. A loca ...)
+ TODO: check
CVE-2022-34400
RESERVED
CVE-2022-34399
@@ -46750,8 +46836,8 @@ CVE-2022-34395
RESERVED
CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...)
NOT-FOR-US: Dell
-CVE-2022-34393
- RESERVED
+CVE-2022-34393 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-34392
RESERVED
CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version contain an i ...)
@@ -51552,8 +51638,8 @@ CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A
NOT-FOR-US: Dell
CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A local aut ...)
NOT-FOR-US: Dell
-CVE-2022-32490
- RESERVED
+CVE-2022-32490 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -70839,8 +70925,8 @@ CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service
NOT-FOR-US: Rust crate opcua
CVE-2022-25902
RESERVED
-CVE-2022-25901
- RESERVED
+CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...)
+ TODO: check
CVE-2022-25900 (All versions of package git-clone are vulnerable to Command Injection ...)
NOT-FOR-US: Node git-clone
CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to Improper Verifi ...)
@@ -78876,8 +78962,8 @@ CVE-2022-23540 (In versions `<=8.5.1` of `jsonwebtoken` library, lack of algo
NOT-FOR-US: jsonwebtoken node module
CVE-2022-23539 (Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured ...)
NOT-FOR-US: jsonwebtoken node module
-CVE-2022-23538
- RESERVED
+CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Singular ...)
+ TODO: check
CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...)
NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus)
CVE-2022-23535
@@ -78912,8 +78998,7 @@ CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offs
TODO: check
CVE-2022-23522
RESERVED
-CVE-2022-23521
- RESERVED
+CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...)
- git <unfixed> (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE: https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24
@@ -113472,8 +113557,8 @@ CVE-2021-36649
RESERVED
CVE-2021-36648
RESERVED
-CVE-2021-36647
- RESERVED
+CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function mbedt ...)
+ TODO: check
CVE-2021-36646
RESERVED
CVE-2021-36645
@@ -122747,8 +122832,8 @@ CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sq
NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2)
CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...)
NOT-FOR-US: Flask restx
-CVE-2021-32837
- RESERVED
+CVE-2021-32837 (mechanize, a library for automatically interacting with HTTP web serve ...)
+ TODO: check
CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...)
NOT-FOR-US: ZStack
CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c29f4b0eb3fd256d66d835c07410f73d5cdf1f76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c29f4b0eb3fd256d66d835c07410f73d5cdf1f76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230118/6cc759aa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list