[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 26 08:10:34 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
628f8ebd by security tracker role at 2023-01-26T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-24540
+ RESERVED
+CVE-2023-24539
+ RESERVED
+CVE-2023-24538
+ RESERVED
+CVE-2023-24537
+ RESERVED
+CVE-2023-24536
+ RESERVED
+CVE-2023-24535
+ RESERVED
+CVE-2023-24534
+ RESERVED
+CVE-2023-24533
+ RESERVED
+CVE-2023-24532
+ RESERVED
+CVE-2023-24531
+ RESERVED
+CVE-2023-24473
+ RESERVED
+CVE-2023-24472
+ RESERVED
+CVE-2023-22845
+ RESERVED
+CVE-2023-0509
+ RESERVED
+CVE-2023-0508
+ RESERVED
+CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...)
+ TODO: check
+CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...)
+ TODO: check
CVE-2023-24530
RESERVED
CVE-2023-24529
@@ -133,12 +167,12 @@ CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
[bullseye] - spip 3.2.11-3+deb11u6
NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
-CVE-2023-24495
- RESERVED
-CVE-2023-24494
- RESERVED
-CVE-2023-24493
- RESERVED
+CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...)
+ TODO: check
+CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc ...)
+ TODO: check
+CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...)
+ TODO: check
CVE-2023-24492
RESERVED
CVE-2023-24491
@@ -181,8 +215,8 @@ CVE-2023-0478
RESERVED
CVE-2023-0477
RESERVED
-CVE-2023-0476
- RESERVED
+CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
+ TODO: check
CVE-2023-0475
RESERVED
CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
@@ -199,14 +233,12 @@ CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to 109.0.54
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0470
RESERVED
-CVE-2023-0469
- RESERVED
+CVE-2023-0469 (A use-after-free flaw was found in io_uring/filetable.c in io_install_ ...)
- linux 6.0.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7)
-CVE-2023-0468
- RESERVED
+CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_check_ev ...)
- linux 6.0.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7)
@@ -458,7 +490,7 @@ CVE-2023-0451
CVE-2023-0450
RESERVED
CVE-2023-0449
- RESERVED
+ REJECTED
CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...)
@@ -1121,39 +1153,39 @@ CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/488
CVE-2022-48280
RESERVED
-CVE-2023-0412 [wnpa-sec-2023-07: TIPC dissector crash]
+CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770
-CVE-2023-0411 [wnpa-sec-2023-06: Multiple dissector excessive loops]
+CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737
-CVE-2023-0415 [wnpa-sec-2023-05: iSCSI dissector crash]
+CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18796
-CVE-2023-0416 [wnpa-sec-2023-04: GNW dissector crash]
+CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-04.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18779
-CVE-2023-0413 [wnpa-sec-2023-03: Dissection engine crash]
+CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766
-CVE-2023-0417 [wnpa-sec-2023-02: NFS dissector memory leak]
+CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18628
-CVE-2023-0414 [wnpa-sec-2023-01: EAP dissector crash]
+CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial o ...)
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-01.html
@@ -1174,7 +1206,7 @@ CVE-2023-24055 (** DISPUTED ** KeePass through 2.53 (in a default installation)
CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prior to ...)
- pyload <itp> (bug #1001980)
CVE-2023-24054
- RESERVED
+ REJECTED
CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/
@@ -1244,8 +1276,8 @@ CVE-2023-24024
RESERVED
CVE-2023-24023
RESERVED
-CVE-2023-24022
- RESERVED
+CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with ...)
+ TODO: check
CVE-2023-0432
RESERVED
CVE-2023-0431
@@ -2481,8 +2513,8 @@ CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-0322
RESERVED
-CVE-2023-0321
- RESERVED
+CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...)
+ TODO: check
CVE-2023-0320
RESERVED
CVE-2023-0319
@@ -3286,8 +3318,7 @@ CVE-2023-23350
RESERVED
CVE-2023-23349
RESERVED
-CVE-2023-0229
- RESERVED
+CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...)
NOT-FOR-US: OpenShift
CVE-2023-0228
RESERVED
@@ -5119,8 +5150,7 @@ CVE-2023-22738
RESERVED
CVE-2023-22737
RESERVED
-CVE-2023-22736
- RESERVED
+CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22735
RESERVED
@@ -11197,8 +11227,8 @@ CVE-2022-47054
RESERVED
CVE-2022-47053
RESERVED
-CVE-2022-47052
- RESERVED
+CVE-2022-47052 (NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to contain a c ...)
+ TODO: check
CVE-2022-47051
RESERVED
CVE-2022-47050
@@ -14640,8 +14670,8 @@ CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1
NOT-FOR-US: OpenText
CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...)
NOT-FOR-US: FusionAuth
-CVE-2022-45920
- RESERVED
+CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...)
+ TODO: check
CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
@@ -17114,8 +17144,7 @@ CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin befor
NOT-FOR-US: WordPress plugin
CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3924
- RESERVED
+CVE-2022-3924 (This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ...)
- bind9 1:9.18.11-1
NOTE: https://kb.isc.org/docs/cve-2022-3924
CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does ...)
@@ -20959,8 +20988,8 @@ CVE-2022-44020 (An issue was discovered in OpenStack Sushy-Tools through 0.21.0
NOT-FOR-US: OpenStack Sushy-Tools / VirtualBMC
CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote comm ...)
NOT-FOR-US: Total.js CMS
-CVE-2022-44018
- RESERVED
+CVE-2022-44018 (In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discov ...)
+ TODO: check
CVE-2022-44017 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due ...)
NOT-FOR-US: Simmeth Lieferantenmanager
CVE-2022-44016 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...)
@@ -21011,8 +21040,8 @@ CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq
NOT-FOR-US: phpmyfaq
CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43997
- RESERVED
+CVE-2022-43997 (Incorrect access control in Aternity agent in Riverbed Aternity before ...)
+ TODO: check
CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF d ...)
NOT-FOR-US: csaf_provider
CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ...)
@@ -21623,8 +21652,7 @@ CVE-2022-43960
RESERVED
CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server settings in ...)
TODO: check
-CVE-2022-3736
- RESERVED
+CVE-2022-3736 (BIND 9 resolver can crash when stale cache and stale answers are enabl ...)
- bind9 1:9.18.11-1
NOTE: https://kb.isc.org/docs/cve-2022-3736
CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
@@ -25917,8 +25945,8 @@ CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce Word
NOT-FOR-US: WordPress plugin
CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3488
- RESERVED
+CVE-2022-3488 (Processing of repeated responses to the same query, where both respons ...)
+ TODO: check
CVE-2022-3487
RESERVED
CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
@@ -26992,8 +27020,8 @@ CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON in
NOTE: https://cs-syd.eu/posts/2021-09-11-json-vulnerability
NOTE: https://github.com/haskell/aeson/issues/864
NOTE: https://github.com/haskell/aeson/commit/582a844d8028f62e409048a4caae187b27e8e697 (v2.0.1.0)
-CVE-2022-3432
- RESERVED
+CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing proces ...)
+ TODO: check
CVE-2022-3431
RESERVED
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...)
@@ -27387,8 +27415,7 @@ CVE-2022-42332
RESERVED
CVE-2022-42331
RESERVED
-CVE-2022-42330
- RESERVED
+CVE-2022-42330 (Guests can cause Xenstore crash via soft reset When a guest issues a " ...)
- xen <unfixed>
[bullseye] - xen <not-affected> (Only affects 4.17)
[buster] - xen <not-affected> (Only affects 4.17)
@@ -32969,33 +32996,33 @@ CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers tha
CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell Automation St ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-40175
- RESERVED
+ REJECTED
CVE-2022-40174
- RESERVED
+ REJECTED
CVE-2022-40173
- RESERVED
+ REJECTED
CVE-2022-40172
- RESERVED
+ REJECTED
CVE-2022-40171
- RESERVED
+ REJECTED
CVE-2022-40170
- RESERVED
+ REJECTED
CVE-2022-40169
- RESERVED
+ REJECTED
CVE-2022-40168
- RESERVED
+ REJECTED
CVE-2022-40167
- RESERVED
+ REJECTED
CVE-2022-40166
- RESERVED
+ REJECTED
CVE-2022-40165
- RESERVED
+ REJECTED
CVE-2022-40164
- RESERVED
+ REJECTED
CVE-2022-40163
- RESERVED
+ REJECTED
CVE-2022-40162
- RESERVED
+ REJECTED
CVE-2022-40161
REJECTED
CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
@@ -33328,8 +33355,8 @@ CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote attac
TODO: check
CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to ...)
TODO: check
-CVE-2022-40035
- RESERVED
+CVE-2022-40035 (File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing atta ...)
+ TODO: check
CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...)
TODO: check
CVE-2022-40033
@@ -35358,8 +35385,7 @@ CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not preven
NOT-FOR-US: WordPress plugin
CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
NOT-FOR-US: Dart language (different from src:dart)
-CVE-2022-3094
- RESERVED
+CVE-2022-3094 (Sending a flood of dynamic DNS updates may cause `named` to allocate l ...)
- bind9 1:9.18.11-1
NOTE: https://kb.isc.org/docs/cve-2022-3094
CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...)
@@ -56080,23 +56106,23 @@ CVE-2022-31713
RESERVED
CVE-2022-31712
RESERVED
-CVE-2022-31711
- RESERVED
-CVE-2022-31710
- RESERVED
+CVE-2022-31711 (VMware vRealize Log Insight contains an Information Disclosure Vulnera ...)
+ TODO: check
+CVE-2022-31710 (vRealize Log Insight contains a deserialization vulnerability. An unau ...)
+ TODO: check
CVE-2022-31709
RESERVED
CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...)
NOT-FOR-US: VMware
CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...)
NOT-FOR-US: VMware
-CVE-2022-31706
- RESERVED
+CVE-2022-31706 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
+ TODO: check
CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...)
NOT-FOR-US: VMware
-CVE-2022-31704
- RESERVED
-CVE-2022-31703 (vRealize Network Insight (vRNI) directory traversal vulnerability in v ...)
+CVE-2022-31704 (The vRealize Log Insight contains a broken access control vulnerabilit ...)
+ TODO: check
+CVE-2022-31703 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
NOT-FOR-US: VMware
CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...)
NOT-FOR-US: VMware
@@ -56362,12 +56388,12 @@ CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lit
NOT-FOR-US: Modern Events Calendar Lite
CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: Trudesk
-CVE-2022-1892
- RESERVED
-CVE-2022-1891
- RESERVED
-CVE-2022-1890
- RESERVED
+CVE-2022-1892 (A buffer overflow in the SystemBootManagerDxe driver in some Lenovo No ...)
+ TODO: check
+CVE-2022-1891 (A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo No ...)
+ TODO: check
+CVE-2022-1890 (A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook p ...)
+ TODO: check
CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer ...)
@@ -61677,10 +61703,10 @@ CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.
NOT-FOR-US: Progress Ipswitch WhatsUp Gold
CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...)
NOT-FOR-US: Progress Ipswitch WhatsUp Gold
-CVE-2022-29844
- RESERVED
-CVE-2022-29843
- RESERVED
+CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud OS 5 de ...)
+ TODO: check
+CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...)
+ TODO: check
CVE-2022-29842
RESERVED
CVE-2022-29841
@@ -191499,8 +191525,8 @@ CVE-2020-18332
RESERVED
CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless Router m ...)
TODO: check
-CVE-2020-18330
- RESERVED
+CVE-2020-18330 (An issue was discovered in the default configuration of ChinaMobile PL ...)
+ TODO: check
CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb card BIOS v ...)
TODO: check
CVE-2020-18328
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628f8ebd3cb2e9a6399c4a22cb59d03891387060
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628f8ebd3cb2e9a6399c4a22cb59d03891387060
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/9db7a38d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list