[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 21 08:10:24 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b6873a8 by security tracker role at 2023-01-21T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-24053
+	RESERVED
+CVE-2023-24052
+	RESERVED
+CVE-2023-24051
+	RESERVED
+CVE-2023-24050
+	RESERVED
+CVE-2023-24049
+	RESERVED
+CVE-2023-24048
+	RESERVED
+CVE-2023-24047
+	RESERVED
+CVE-2023-24046
+	RESERVED
+CVE-2023-24045
+	RESERVED
+CVE-2023-24044
+	RESERVED
+CVE-2023-24043
+	RESERVED
+CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to achieve ...)
+	TODO: check
+CVE-2023-24041
+	RESERVED
+CVE-2023-24040 (** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environm ...)
+	TODO: check
+CVE-2023-24039 (** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in Parse ...)
+	TODO: check
+CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_ ...)
+	TODO: check
+CVE-2023-24037
+	RESERVED
+CVE-2023-24036
+	RESERVED
+CVE-2023-24035
+	RESERVED
+CVE-2023-24034
+	RESERVED
+CVE-2023-24033
+	RESERVED
+CVE-2023-24032
+	RESERVED
+CVE-2023-24031
+	RESERVED
+CVE-2023-24030
+	RESERVED
+CVE-2023-24029
+	RESERVED
+CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...)
+	TODO: check
+CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a netwo ...)
+	TODO: check
+CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerabilit ...)
+	TODO: check
+CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2 ...)
+	TODO: check
+CVE-2023-24024
+	RESERVED
+CVE-2023-24023
+	RESERVED
+CVE-2023-24022
+	RESERVED
+CVE-2023-0432
+	RESERVED
+CVE-2023-0431
+	RESERVED
+CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...)
+	TODO: check
 CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the co ...)
 	- modsecurity-apache <unfixed>
 	[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
@@ -1154,8 +1224,8 @@ CVE-2023-23609
 	RESERVED
 CVE-2023-23608
 	RESERVED
-CVE-2023-23607
-	RESERVED
+CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...)
+	TODO: check
 CVE-2023-23606
 	RESERVED
 	- firefox 109.0-1
@@ -3834,8 +3904,8 @@ CVE-2023-22744
 	RESERVED
 CVE-2023-22743
 	RESERVED
-CVE-2023-22742
-	RESERVED
+CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...)
+	TODO: check
 CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...)
 	TODO: check
 CVE-2023-22740
@@ -3866,8 +3936,8 @@ CVE-2023-22728
 	RESERVED
 CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...)
 	NOT-FOR-US: CakePHP
-CVE-2023-22726
-	RESERVED
+CVE-2023-22726 (act is a project which allows for local running of github actions. The ...)
+	TODO: check
 CVE-2023-22725
 	RESERVED
 CVE-2023-22724
@@ -4327,8 +4397,8 @@ CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.114
 	NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145)
 CVE-2023-0053
 	RESERVED
-CVE-2023-0052
-	RESERVED
+CVE-2023-0052 (SAUTER Controls Nova 200–220 Series with firmware version 3.3-00 ...)
+	TODO: check
 CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
@@ -15565,6 +15635,7 @@ CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated a
 CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...)
 	NOT-FOR-US: matrix-appservice-irc
 CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-6 (bug #1024737)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
@@ -15952,8 +16023,8 @@ CVE-2022-45064
 	RESERVED
 CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3918
-	RESERVED
+CVE-2022-3918 (A program using FoundationNetworking in swift-corelibs-foundation is p ...)
+	TODO: check
 CVE-2022-3917 (Improper access control of bootloader function was discovered in Motor ...)
 	NOT-FOR-US: Motorola
 CVE-2022-3916
@@ -22981,10 +23052,12 @@ CVE-2022-3628 (A buffer overflow flaw was found in the Linux kernel Broadcom Ful
 	[bullseye] - linux 5.10.158-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
 CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
 CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
@@ -23069,14 +23142,17 @@ CVE-2022-3601 (The Image Hover Effects Css3 WordPress plugin through 4.5 does no
 CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
 CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
 CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
@@ -23279,6 +23355,7 @@ CVE-2022-3572
 CVE-2022-3571
 	RESERVED
 CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-5 (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381
@@ -36589,17 +36666,20 @@ CVE-2022-38105 (An information disclosure vulnerability exists in the cm_process
 CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
 	NOTE: Additional misreport for laravel, likely to be rejected
 CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
+	{DLA-3278-1}
 	- tiff 4.4.0~rc1-1
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
 CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...)
+	{DLA-3278-1}
 	- tiff 4.4.0~rc1-1
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
 CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...)
+	{DLA-3278-1}
 	- tiff 4.4.0~rc1-1
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
@@ -47155,6 +47235,7 @@ CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stac
 CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a command in ...)
 	NOT-FOR-US: D-Link
 CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-4
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
@@ -51124,18 +51205,21 @@ CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plu
 CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13.  ...)
 	NOT-FOR-US: pgadmin on Windows
 CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to  ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-3 (bug #1014494)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
 CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to  ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-3 (bug #1014494)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
 CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to  ...)
+	{DLA-3278-1}
 	- tiff 4.4.0-3 (bug #1014494)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
@@ -62076,12 +62160,14 @@ CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attac
 CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...)
 	NOT-FOR-US: Cambium Networks cnMaestro
 CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...)
+	{DLA-3278-1}
 	- tiff 4.3.0-8 (bug #1011160)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
 CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...)
+	{DLA-3278-1}
 	- tiff 4.3.0-7
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
@@ -66044,8 +66130,8 @@ CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow a
 	NOT-FOR-US: Tesla
 CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...)
 	NOT-FOR-US: Lenovo
-CVE-2022-1109
-	RESERVED
+CVE-2022-1109 (An incorrect default permissions vulnerability in Lenovo Leyun cloud m ...)
+	TODO: check
 CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-1107 (During an internal product security audit a potential vulnerability du ...)
@@ -121504,10 +121590,10 @@ CVE-2021-33644 (An attacker who submits a crafted tar file with size in header s
 	NOT-FOR-US: Huawei OpenEuler OS
 CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct  ...)
 	NOT-FOR-US: Huawei OpenEuler OS
-CVE-2021-33642
-	RESERVED
-CVE-2021-33641
-	RESERVED
+CVE-2021-33642 (When a file is processed, an infinite loop occurs in next_inline() of  ...)
+	TODO: check
+CVE-2021-33641 (When processing files, malloc stores the data of the current line. Whe ...)
+	TODO: check
 CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by pointer  ...)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2143012
 	TODO: check details, possibly Huawei OpenEuler OS specific as the related CVEs
@@ -174590,8 +174676,8 @@ CVE-2020-25504
 	RESERVED
 CVE-2020-25503
 	RESERVED
-CVE-2020-25502
-	RESERVED
+CVE-2020-25502 (Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.34 ...)
+	TODO: check
 CVE-2020-25501
 	RESERVED
 CVE-2020-25500



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b6873a8eb6f2f677d4c6077691d50c5d90c0933

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b6873a8eb6f2f677d4c6077691d50c5d90c0933
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230121/e41d8f95/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list