[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 25 08:10:40 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
890f5de0 by security tracker role at 2023-01-25T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-24513
+ RESERVED
+CVE-2023-24512
+ RESERVED
+CVE-2023-24511
+ RESERVED
+CVE-2023-24510
+ RESERVED
+CVE-2023-24509
+ RESERVED
+CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with ...)
+ TODO: check
+CVE-2023-24507
+ RESERVED
+CVE-2023-24506
+ RESERVED
+CVE-2023-24505
+ RESERVED
+CVE-2023-24504
+ RESERVED
+CVE-2023-24503
+ RESERVED
+CVE-2023-24502
+ RESERVED
+CVE-2023-24501
+ RESERVED
+CVE-2023-24500
+ RESERVED
+CVE-2023-24499
+ RESERVED
+CVE-2023-24498
+ RESERVED
+CVE-2023-24497
+ RESERVED
+CVE-2023-24496
+ RESERVED
+CVE-2023-0493
+ RESERVED
+CVE-2023-0492
+ RESERVED
+CVE-2023-0491
+ RESERVED
+CVE-2023-0490
+ RESERVED
+CVE-2023-0489
+ RESERVED
+CVE-2023-0488
+ RESERVED
+CVE-2023-0487
+ RESERVED
+CVE-2023-0486
+ RESERVED
+CVE-2023-0485
+ RESERVED
+CVE-2023-0484
+ RESERVED
+CVE-2023-0483
+ RESERVED
+CVE-2023-0482
+ RESERVED
+CVE-2023-0481
+ RESERVED
+CVE-2023-0480
+ RESERVED
CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
- spip 4.1.7+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u6
@@ -55,20 +119,16 @@ CVE-2023-0476
RESERVED
CVE-2023-0475
RESERVED
-CVE-2023-0474
- RESERVED
+CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0473
- RESERVED
+CVE-2023-0473 (Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.54 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0472
- RESERVED
+CVE-2023-0472 (Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allo ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0471
- RESERVED
+CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to 109.0.5414.11 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0470
@@ -333,16 +393,16 @@ CVE-2023-0450
RESERVED
CVE-2023-0449
RESERVED
-CVE-2023-0448
- RESERVED
+CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all ...)
+ TODO: check
CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...)
NOT-FOR-US: My YouTube Channel plugin for WordPress
CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: My YouTube Channel plugin for WordPress
CVE-2023-0445
RESERVED
-CVE-2023-0444
- RESERVED
+CVE-2023-0444 (A privilege escalation vulnerability exists in Delta Electronics Infra ...)
+ TODO: check
CVE-2023-0443
RESERVED
CVE-2023-0442
@@ -1036,8 +1096,8 @@ CVE-2023-24059 (Grand Theft Auto V for PC allows attackers to achieve partial re
NOT-FOR-US: Grand Theft Auto V for PC
CVE-2023-24058 (Booked Scheduler 2.5.5 allows authenticated users to create and schedu ...)
NOT-FOR-US: Booked Scheduler
-CVE-2023-24057
- RESERVED
+CVE-2023-24057 (HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers ...)
+ TODO: check
CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbounded str ...)
- pkgconf 1.8.1-1
[bullseye] - pkgconf <no-dsa> (Minor issue)
@@ -1126,7 +1186,7 @@ CVE-2023-0431
RESERVED
CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...)
- yii <itp> (bug #597899)
-CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the co ...)
+CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...)
- modsecurity-apache 2.9.7-1 (bug #1029329)
[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
@@ -1374,20 +1434,20 @@ CVE-2023-23922
RESERVED
CVE-2023-23921
RESERVED
-CVE-2023-0417
- RESERVED
-CVE-2023-0416
- RESERVED
-CVE-2023-0415
- RESERVED
-CVE-2023-0414
- RESERVED
-CVE-2023-0413
- RESERVED
-CVE-2023-0412
- RESERVED
-CVE-2023-0411
- RESERVED
+CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...)
+ TODO: check
+CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...)
+ TODO: check
+CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
+ TODO: check
+CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial o ...)
+ TODO: check
+CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
+ TODO: check
+CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...)
+ TODO: check
+CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...)
+ TODO: check
CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qw ...)
NOT-FOR-US: builderio/qwik
CVE-2023-0409
@@ -2272,16 +2332,16 @@ CVE-2023-23615
RESERVED
CVE-2023-23614
RESERVED
-CVE-2023-23613
- RESERVED
-CVE-2023-23612
- RESERVED
-CVE-2023-23611
- RESERVED
-CVE-2023-23610
- RESERVED
-CVE-2023-23609
- RESERVED
+CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...)
+ TODO: check
+CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...)
+ TODO: check
+CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...)
+ TODO: check
+CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...)
+ TODO: check
+CVE-2023-23609 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web API. In v ...)
TODO: check
CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...)
@@ -5029,14 +5089,14 @@ CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected
NOT-FOR-US: CakePHP
CVE-2023-22726 (act is a project which allows for local running of github actions. The ...)
NOT-FOR-US: act
-CVE-2023-22725
- RESERVED
-CVE-2023-22724
- RESERVED
+CVE-2023-22725 (GLPI is a Free Asset and IT Management Software package. Versions 0.6. ...)
+ TODO: check
+CVE-2023-22724 (GLPI is a Free Asset and IT Management Software package. Versions prio ...)
+ TODO: check
CVE-2023-22723
RESERVED
-CVE-2023-22722
- RESERVED
+CVE-2023-22722 (GLPI is a Free Asset and IT Management Software package. Versions 9.4. ...)
+ TODO: check
CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22720
@@ -5758,8 +5818,8 @@ CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_
NOT-FOR-US: Multilaser RE708
CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It has been ...)
NOT-FOR-US: Evolution Events Artaxerxes
-CVE-2022-48199
- RESERVED
+CVE-2022-48199 (SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a m ...)
+ TODO: check
CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...)
NOT-FOR-US: trampgeek jobe
CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss Dashboar ...)
@@ -5964,8 +6024,8 @@ CVE-2021-46870
RESERVED
CVE-2021-46869
RESERVED
-CVE-2023-22500
- RESERVED
+CVE-2023-22500 (GLPI is a Free Asset and IT Management Software package. Versions 10.0 ...)
+ TODO: check
CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
NOT-FOR-US: Deno
CVE-2023-22498
@@ -7073,7 +7133,7 @@ CVE-2022-47951
- glance 2:25.0.0-2 (bug #1029563)
NOTE: https://bugs.launchpad.net/nova/+bug/1996188
CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...)
- {DSA-5327-1}
+ {DSA-5327-1 DLA-3281-1}
- swift 2.30.0-4 (bug #1029154)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1
CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...)
@@ -8075,6 +8135,7 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Ov
NOTE: https://github.com/gpac/gpac/issues/2353
NOTE: https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0)
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/367
@@ -10951,8 +11012,8 @@ CVE-2022-47102 (A cross-site scripting (XSS) vulnerability in Student Study Cent
NOT-FOR-US: Student Study Center Management System
CVE-2022-47101
RESERVED
-CVE-2022-47100
- RESERVED
+CVE-2022-47100 (A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to ar ...)
+ TODO: check
CVE-2022-47099
RESERVED
CVE-2022-47098
@@ -11041,8 +11102,8 @@ CVE-2022-47075
RESERVED
CVE-2022-47074
RESERVED
-CVE-2022-47073
- RESERVED
+CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
+ TODO: check
CVE-2022-47072
RESERVED
CVE-2022-47071
@@ -11103,12 +11164,12 @@ CVE-2022-47044
RESERVED
CVE-2022-47043
RESERVED
-CVE-2022-47042
- RESERVED
+CVE-2022-47042 (MCMS v5.2.10 and below was discovered to contain an arbitrary file wri ...)
+ TODO: check
CVE-2022-47041
RESERVED
-CVE-2022-47040
- RESERVED
+CVE-2022-47040 (An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 al ...)
+ TODO: check
CVE-2022-47039
RESERVED
CVE-2022-47038
@@ -11276,8 +11337,8 @@ CVE-2022-46959 (An issue in the component /admin/backups/work-dir of Sonic v1.0.
TODO: check
CVE-2022-46958
RESERVED
-CVE-2022-46957
- RESERVED
+CVE-2022-46957 (Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable ...)
+ TODO: check
CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
@@ -12443,8 +12504,8 @@ CVE-2022-46626
RESERVED
CVE-2022-46625
RESERVED
-CVE-2022-46624
- RESERVED
+CVE-2022-46624 (A cross-site scripting (XSS) vulnerability in Online Graduate Tracer S ...)
+ TODO: check
CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL injec ...)
NOT-FOR-US: Judging Management System
CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...)
@@ -14104,8 +14165,8 @@ CVE-2022-46130
RESERVED
CVE-2022-46129
RESERVED
-CVE-2022-46128
- RESERVED
+CVE-2022-46128 (phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable ...)
+ TODO: check
CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
@@ -15056,8 +15117,8 @@ CVE-2022-45732
RESERVED
CVE-2022-45731
RESERVED
-CVE-2022-45730
- RESERVED
+CVE-2022-45730 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...)
+ TODO: check
CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...)
NOT-FOR-US: Doctor Appointment Management System
CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain ...)
@@ -15584,8 +15645,8 @@ CVE-2022-4094
RESERVED
CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensitive d ...)
- dolibarr <removed>
-CVE-2022-4092
- RESERVED
+CVE-2022-4092 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2022-44608 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...)
NOT-FOR-US: Cybozu
CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management System. ...)
@@ -15722,8 +15783,7 @@ CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, i
- xdg-utils <unfixed> (bug #1027160)
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
-CVE-2022-4054
- RESERVED
+CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...)
NOT-FOR-US: Apache DolphinScheduler
@@ -17220,8 +17280,7 @@ CVE-2022-3904 (The MonsterInsights WordPress plugin before 8.9.1 does not saniti
CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transceiver U ...)
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
-CVE-2022-3902
- RESERVED
+CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-3901
RESERVED
@@ -19413,8 +19472,7 @@ CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_tim
NOTE: https://github.com/systemd/systemd/pull/23933
NOTE: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e (v252-rc1)
NOTE: https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7 (v251.3)
-CVE-2022-3820
- RESERVED
+CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
@@ -20964,8 +21022,7 @@ CVE-2022-3742
RESERVED
CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...)
NOT-FOR-US: chatwoot
-CVE-2022-3740
- RESERVED
+CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-3739
RESERVED
@@ -24459,8 +24516,7 @@ CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate i
NOT-FOR-US: WordPress plugin
CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-3572
- RESERVED
+CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- gitlab <unfixed>
CVE-2022-3571
RESERVED
@@ -24744,20 +24800,25 @@ CVE-2022-43254 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain
NOTE: https://github.com/gpac/gpac/commit/4520e38aa030f059264c69b426bd8133206fbfe6
NOTE: Negligible security impact
CVE-2022-43253 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/348
CVE-2022-43252 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/347
CVE-2022-43251
RESERVED
CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/346
CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 <unfixed> (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/345
CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/349
CVE-2022-43247
@@ -24765,36 +24826,47 @@ CVE-2022-43247
CVE-2022-43246
RESERVED
CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation violation via ...)
+ {DLA-3280-1}
- libde265 <unfixed> (bug #1029357)
NOTE: https://github.com/strukturag/libde265/issues/352
CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/342
CVE-2022-43243 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/339
CVE-2022-43242 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/340
CVE-2022-43241 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/338
CVE-2022-43240 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/335
CVE-2022-43239 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/341
CVE-2022-43238 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/338
CVE-2022-43237 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/344
CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/343
CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/337
CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments component o ...)
@@ -25800,8 +25872,7 @@ CVE-2022-3484 (The WPB Show Core WordPress plugin through TODO does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-3482
- RESERVED
+CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all version ...)
- gitlab <unfixed>
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
NOT-FOR-US: WordPress plugin
@@ -25849,8 +25920,7 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.
NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
NOT-FOR-US: Array Networks
-CVE-2022-3478
- RESERVED
+CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
{DLA-3277-1}
@@ -28333,8 +28403,8 @@ CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it
NOT-FOR-US: Sourcegraph
CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...)
NOT-FOR-US: Sourcegraph
-CVE-2022-41941
- RESERVED
+CVE-2022-41941 (GLPI is a Free Asset and IT Management Software package. Versions 10.0 ...)
+ TODO: check
CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
NOT-FOR-US: Engine.io
CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...)
@@ -33193,10 +33263,10 @@ CVE-2022-40039
RESERVED
CVE-2022-40038
RESERVED
-CVE-2022-40037
- RESERVED
-CVE-2022-40036
- RESERVED
+CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to ...)
+ TODO: check
+CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to ...)
+ TODO: check
CVE-2022-40035
RESERVED
CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...)
@@ -71951,8 +72021,8 @@ CVE-2022-26331 (Potential vulnerabilities have been identified in Micro Focus Ar
NOT-FOR-US: Micro Focus
CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
NOT-FOR-US: Micro Focus
-CVE-2022-26329
- RESERVED
+CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity Manager plug ...)
+ TODO: check
CVE-2022-26328
RESERVED
CVE-2022-26327
@@ -72791,8 +72861,8 @@ CVE-2022-25964
RESERVED
CVE-2022-25963
RESERVED
-CVE-2022-25962
- RESERVED
+CVE-2022-25962 (All versions of the package vagrant.js are vulnerable to Command Injec ...)
+ TODO: check
CVE-2022-25961
RESERVED
CVE-2022-25956
@@ -72841,8 +72911,8 @@ CVE-2022-25929 (The package smoothie from 1.31.0 and before 1.36.1 are vulnerabl
TODO: check
CVE-2022-25928
RESERVED
-CVE-2022-25927
- RESERVED
+CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...)
+ TODO: check
CVE-2022-25926 (Versions of the package window-control before 1.4.5 are vulnerable to ...)
TODO: check
CVE-2022-25925
@@ -72898,8 +72968,8 @@ CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs
NOTE: https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to Directory Tr ...)
TODO: check
-CVE-2022-25894
- RESERVED
+CVE-2022-25894 (All versions of the package com.bstek.uflo:uflo-core are vulnerable to ...)
+ TODO: check
CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Executi ...)
NOT-FOR-US: Node vm2
CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all v ...)
@@ -72923,8 +72993,8 @@ CVE-2022-25884
RESERVED
CVE-2022-25883
RESERVED
-CVE-2022-25882
- RESERVED
+CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to Directory ...)
+ TODO: check
CVE-2022-25881
RESERVED
CVE-2022-25879
@@ -72997,8 +73067,8 @@ CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-
NOT-FOR-US: joyqi/hyper-down
CVE-2022-25848 (This affects all versions of package static-dev-server. This is becaus ...)
TODO: check
-CVE-2022-25847
- RESERVED
+CVE-2022-25847 (All versions of the package serve-lite are vulnerable to Cross-site Sc ...)
+ TODO: check
CVE-2022-25846
RESERVED
CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...)
@@ -73176,8 +73246,8 @@ CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Den
NOT-FOR-US: Node fast-string-search
CVE-2022-21811
RESERVED
-CVE-2022-21810
- RESERVED
+CVE-2022-21810 (All versions of the package smartctl are vulnerable to Command Injecti ...)
+ TODO: check
CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the memory en ...)
NOT-FOR-US: node nconf
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...)
@@ -73224,8 +73294,8 @@ CVE-2022-21208 (The package node-opcua before 2.74.0 are vulnerable to Denial of
NOT-FOR-US: node-opcua/node-opcua
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
NOT-FOR-US: AlexFlipnote/url_regex
-CVE-2022-21192
- RESERVED
+CVE-2022-21192 (All versions of the package serve-lite are vulnerable to Directory Tra ...)
+ TODO: check
CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are vulnerabl ...)
TODO: check
CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...)
@@ -136396,8 +136466,8 @@ CVE-2021-28512
RESERVED
CVE-2021-28511 (This advisory documents the impact of an internally found vulnerabilit ...)
NOT-FOR-US: Arista
-CVE-2021-28510
- RESERVED
+CVE-2021-28510 (For certain systems running EOS, a Precision Time Protocol (PTP) packe ...)
+ TODO: check
CVE-2021-28509 (This advisory documents the impact of an internally found vulnerabilit ...)
NOT-FOR-US: Arista
CVE-2021-28508 (This advisory documents the impact of an internally found vulnerabilit ...)
@@ -184503,16 +184573,19 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_ima
NOTE: https://github.com/strukturag/libde265/issues/235
NOTE: https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25 (v1.0.9)
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
+ {DLA-3280-1}
- libde265 1.0.9-1 (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
+ {DLA-3280-1}
- libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
+ {DLA-3280-1}
- libde265 <unfixed> (bug #1029397)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -191360,12 +191433,12 @@ CVE-2020-18333
RESERVED
CVE-2020-18332
RESERVED
-CVE-2020-18331
- RESERVED
+CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless Router m ...)
+ TODO: check
CVE-2020-18330
RESERVED
-CVE-2020-18329
- RESERVED
+CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb card BIOS v ...)
+ TODO: check
CVE-2020-18328
RESERVED
CVE-2020-18327 (Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco C ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890f5de06c671523a921bc092803562c38720236
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890f5de06c671523a921bc092803562c38720236
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230125/29f15e8b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list