[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 19 08:11:18 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21109cf0 by security tracker role at 2023-01-19T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2023-23860
+ RESERVED
+CVE-2023-23859
+ RESERVED
+CVE-2023-23858
+ RESERVED
+CVE-2023-23857
+ RESERVED
+CVE-2023-23856
+ RESERVED
+CVE-2023-23855
+ RESERVED
+CVE-2023-23854
+ RESERVED
+CVE-2023-23853
+ RESERVED
+CVE-2023-23852
+ RESERVED
+CVE-2023-23851
+ RESERVED
+CVE-2023-23850
+ RESERVED
+CVE-2023-23849
+ RESERVED
+CVE-2023-23848
+ RESERVED
+CVE-2023-23847
+ RESERVED
+CVE-2023-23846
+ RESERVED
+CVE-2023-23845
+ RESERVED
+CVE-2023-23844
+ RESERVED
+CVE-2023-23843
+ RESERVED
+CVE-2023-23842
+ RESERVED
+CVE-2023-23841
+ RESERVED
+CVE-2023-23840
+ RESERVED
+CVE-2023-23839
+ RESERVED
+CVE-2023-23838
+ RESERVED
+CVE-2023-23837
+ RESERVED
+CVE-2023-23836
+ RESERVED
+CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...)
+ TODO: check
+CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...)
+ TODO: check
+CVE-2023-0395
+ RESERVED
+CVE-2023-0393
+ RESERVED
+CVE-2023-0392
+ RESERVED
+CVE-2023-0391
+ RESERVED
+CVE-2022-48278
+ RESERVED
+CVE-2022-48277
+ RESERVED
+CVE-2022-48276
+ RESERVED
+CVE-2022-48275
+ RESERVED
+CVE-2022-48274
+ RESERVED
+CVE-2022-48273
+ RESERVED
+CVE-2022-48272
+ RESERVED
+CVE-2022-48271
+ RESERVED
+CVE-2022-48270
+ RESERVED
+CVE-2022-48269
+ RESERVED
+CVE-2015-10071
+ RESERVED
CVE-2023-23835
RESERVED
CVE-2023-23834
@@ -139,6 +223,7 @@ CVE-2023-22294
CVE-2023-22288
RESERVED
CVE-2023-0394 [ipv6: raw: Deduct extension header length in rawv6_push_pending_frames]
+ RESERVED
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2
NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
@@ -306,8 +391,8 @@ CVE-2023-0344
RESERVED
CVE-2023-0343
RESERVED
-CVE-2010-10009
- RESERVED
+CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...)
+ TODO: check
CVE-2023-23753
RESERVED
CVE-2023-23752
@@ -928,8 +1013,8 @@ CVE-2023-0292
RESERVED
CVE-2023-0291
RESERVED
-CVE-2023-0290
- RESERVED
+CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID parameter ...)
+ TODO: check
CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
NOT-FOR-US: craigk5n/webcalendar
CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
@@ -1305,8 +1390,8 @@ CVE-2023-0244 (A vulnerability classified as critical was found in TuziCMS 2.0.6
NOT-FOR-US: TuziCMS
CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS 2.0.6 ...)
NOT-FOR-US: TuziCMS
-CVE-2023-0242
- RESERVED
+CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different privileg ...)
+ TODO: check
CVE-2023-0241
RESERVED
CVE-2023-0240
@@ -2584,8 +2669,8 @@ CVE-2023-0166
RESERVED
CVE-2023-0165
RESERVED
-CVE-2023-0164
- RESERVED
+CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
+ TODO: check
CVE-2022-48253 (nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that m ...)
NOT-FOR-US: Nostromo webserver
CVE-2022-48252 (The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote ...)
@@ -4313,8 +4398,8 @@ CVE-2022-48193
RESERVED
CVE-2022-48192
RESERVED
-CVE-2022-48191
- RESERVED
+CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) whe ...)
+ TODO: check
CVE-2021-46870
RESERVED
CVE-2021-46869
@@ -11701,8 +11786,8 @@ CVE-2022-4237 (The Welcart e-Commerce WordPress plugin before 2.8.6 does not val
NOT-FOR-US: WordPress plugin
CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4235
- RESERVED
+CVE-2022-4235 (RushBet version 2022.23.1-b490616d allows a remote attacker to steal c ...)
+ TODO: check
CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...)
@@ -12832,20 +12917,20 @@ CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL
NOT-FOR-US: OpenDaylight
CVE-2022-45929
RESERVED
-CVE-2022-45928
- RESERVED
-CVE-2022-45927
- RESERVED
-CVE-2022-45926
- RESERVED
-CVE-2022-45925
- RESERVED
-CVE-2022-45924
- RESERVED
-CVE-2022-45923
- RESERVED
-CVE-2022-45922
- RESERVED
+CVE-2022-45928 (A remote OScript execution issue was discovered in OpenText Content Su ...)
+ TODO: check
+CVE-2022-45927 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
+ TODO: check
+CVE-2022-45926 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
+ TODO: check
+CVE-2022-45925 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
+ TODO: check
+CVE-2022-45924 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
+ TODO: check
+CVE-2022-45923 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
+ TODO: check
+CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
+ TODO: check
CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...)
NOT-FOR-US: FusionAuth
CVE-2022-45920
@@ -17961,8 +18046,8 @@ CVE-2022-3808
REJECTED
CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...)
NOT-FOR-US: Bento4
-CVE-2022-3806
- RESERVED
+CVE-2022-3806 (Inconsistent handling of error cases in bluetooth hci may lead to a do ...)
+ TODO: check
CVE-2022-3805 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...)
NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
CVE-2022-3804 (A vulnerability was found in eolinker apinto-dashboard. It has been cl ...)
@@ -33656,8 +33741,8 @@ CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior
TODO: check
CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerabl ...)
NOT-FOR-US: Moxa
-CVE-2022-3085
- RESERVED
+CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...)
+ TODO: check
CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-3083
@@ -52494,7 +52579,7 @@ CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg
{DSA-5164-1 DLA-3056-1}
- exo 4.16.4-1 (bug #1013129)
NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4)
-CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Refer ...)
+CVE-2022-32277 (** DISPUTED ** Squiz Matrix CMS 6.20 is vulnerable to an Insecure Dire ...)
NOT-FOR-US: Squiz Matrix CMS
CVE-2022-32276 (** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for ex ...)
- grafana <removed>
@@ -96011,6 +96096,7 @@ CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA
{DSA-5033-1}
- fort-validator 1.5.2-1
CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection via a Co ...)
+ {DLA-3273-1}
- libitext5-java 5.5.13.3-1 (bug #1014597)
NOTE: https://github.com/itext/itextpdf/commit/ce8bbacd631e13717a91f02e9cbd9814b9dc2cca (5.5.13.3)
CVE-2021-43112
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21109cf0143fc7e916bb8e3a62abf3212b97a907
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21109cf0143fc7e916bb8e3a62abf3212b97a907
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230119/417a4ff1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list