[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 24 08:10:23 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f457038e by security tracker role at 2023-01-24T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-24470
+ RESERVED
+CVE-2023-24469
+ RESERVED
+CVE-2023-24468
+ RESERVED
+CVE-2023-24467
+ RESERVED
+CVE-2023-24466
+ RESERVED
+CVE-2023-24020
+ RESERVED
+CVE-2023-23582
+ RESERVED
+CVE-2023-22389
+ RESERVED
+CVE-2023-22371
+ RESERVED
+CVE-2023-22315
+ RESERVED
+CVE-2023-0456
+ RESERVED
+CVE-2023-0455
+ RESERVED
+CVE-2023-0454
+ RESERVED
+CVE-2023-0453
+ RESERVED
CVE-2023-24459
RESERVED
CVE-2023-24458
@@ -2140,8 +2168,8 @@ CVE-2023-23610
RESERVED
CVE-2023-23609
RESERVED
-CVE-2023-23608
- RESERVED
+CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web API. In v ...)
+ TODO: check
CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...)
NOT-FOR-US: Dasherr
CVE-2023-23606
@@ -2468,8 +2496,8 @@ CVE-2023-23562
RESERVED
CVE-2023-23561
RESERVED
-CVE-2023-23560
- RESERVED
+CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...)
+ TODO: check
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
- linux <unfixed>
NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
@@ -3075,8 +3103,8 @@ CVE-2023-23333
RESERVED
CVE-2023-23332
RESERVED
-CVE-2023-23331
- RESERVED
+CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2023-23330
RESERVED
CVE-2023-23329
@@ -3871,8 +3899,8 @@ CVE-2023-22962
RESERVED
CVE-2023-22961
RESERVED
-CVE-2023-22960
- RESERVED
+CVE-2023-22960 (Lexmark products through 2023-01-10 have Improper Control of Interacti ...)
+ TODO: check
CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.ph ...)
NOT-FOR-US: WebChess
CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoo ...)
@@ -5210,8 +5238,8 @@ CVE-2023-22632
RESERVED
CVE-2023-22631
RESERVED
-CVE-2023-22630
- RESERVED
+CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection via a get ...)
+ TODO: check
CVE-2023-22629
RESERVED
CVE-2023-22628
@@ -5843,14 +5871,14 @@ CVE-2023-22488 (Flarum is a forum software for building communities. Using the n
NOT-FOR-US: Flarum
CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...)
NOT-FOR-US: Flarum
-CVE-2023-22486
- RESERVED
-CVE-2023-22485
- RESERVED
-CVE-2023-22484
- RESERVED
-CVE-2023-22483
- RESERVED
+CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
+CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
+CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
+CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
CVE-2023-22482
RESERVED
CVE-2023-22481
@@ -9325,10 +9353,10 @@ CVE-2023-21798
RESERVED
CVE-2023-21797
RESERVED
-CVE-2023-21796
- RESERVED
-CVE-2023-21795
- RESERVED
+CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2023-21794
RESERVED
CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique ...)
@@ -9367,8 +9395,8 @@ CVE-2023-21777
RESERVED
CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2023-21775
- RESERVED
+CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-4580
@@ -10074,8 +10102,8 @@ CVE-2023-21721
RESERVED
CVE-2023-21720
RESERVED
-CVE-2023-21719
- RESERVED
+CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2023-21718
RESERVED
CVE-2023-21717
@@ -12245,8 +12273,8 @@ CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command i
NOT-FOR-US: D-Link
CVE-2022-46640
RESERVED
-CVE-2022-46639
- RESERVED
+CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...)
+ TODO: check
CVE-2022-46638
RESERVED
CVE-2022-46637
@@ -15071,8 +15099,8 @@ CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via
NOT-FOR-US: Tenda
CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...)
NOT-FOR-US: Tenda
-CVE-2022-45639
- RESERVED
+CVE-2022-45639 (OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows ...)
+ TODO: check
CVE-2022-45638
RESERVED
CVE-2022-45637
@@ -33042,8 +33070,8 @@ CVE-2022-40036
RESERVED
CVE-2022-40035
RESERVED
-CVE-2022-40034
- RESERVED
+CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...)
+ TODO: check
CVE-2022-40033
RESERVED
CVE-2022-40032
@@ -72705,8 +72733,8 @@ CVE-2022-25911
RESERVED
CVE-2022-25910
RESERVED
-CVE-2022-25908
- RESERVED
+CVE-2022-25908 (All versions of the package create-choo-electron are vulnerable to Com ...)
+ TODO: check
CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Poll ...)
NOT-FOR-US: voodoocreation/ts-deepmerge
CVE-2022-25906
@@ -72798,8 +72826,8 @@ CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tr
NOT-FOR-US: Node sds
CVE-2022-25861
RESERVED
-CVE-2022-25860
- RESERVED
+CVE-2022-25860 (Versions of the package simple-git before 3.16.0 are vulnerable to Rem ...)
+ TODO: check
CVE-2022-25859
RESERVED
CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...)
@@ -72896,8 +72924,8 @@ CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype P
NOT-FOR-US: libnested
CVE-2022-25351
RESERVED
-CVE-2022-25350
- RESERVED
+CVE-2022-25350 (All versions of the package puppet-facter are vulnerable to Command In ...)
+ TODO: check
CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-site S ...)
- materialize <unfixed> (bug #1014727)
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
@@ -82803,8 +82831,8 @@ CVE-2022-23007
RESERVED
CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on Western Digit ...)
NOT-FOR-US: Western Digital
-CVE-2022-23005
- RESERVED
+CVE-2022-23005 (Western Digital has identified a weakness in the UFS standard that cou ...)
+ TODO: check
CVE-2022-23004 (When computing a shared secret or point multiplication on the NIST P-2 ...)
NOT-FOR-US: Western Digital
CVE-2022-23003 (When computing a shared secret or point multiplication on the NIST P-2 ...)
@@ -290302,7 +290330,7 @@ CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB print
CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files vulnerability in yas ...)
NOT-FOR-US: yast-rmt
CVE-2018-20104
- RESERVED
+ REJECTED
CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...)
{DLA-3034-1}
- haproxy 1.8.15-1 (bug #916307)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f457038e7b04ea9397b0811a61328c5c03452106
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f457038e7b04ea9397b0811a61328c5c03452106
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230124/7cf60ae3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list