[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 26 08:10:34 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
628f8ebd by security tracker role at 2023-01-26T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-24540
+	RESERVED
+CVE-2023-24539
+	RESERVED
+CVE-2023-24538
+	RESERVED
+CVE-2023-24537
+	RESERVED
+CVE-2023-24536
+	RESERVED
+CVE-2023-24535
+	RESERVED
+CVE-2023-24534
+	RESERVED
+CVE-2023-24533
+	RESERVED
+CVE-2023-24532
+	RESERVED
+CVE-2023-24531
+	RESERVED
+CVE-2023-24473
+	RESERVED
+CVE-2023-24472
+	RESERVED
+CVE-2023-22845
+	RESERVED
+CVE-2023-0509
+	RESERVED
+CVE-2023-0508
+	RESERVED
+CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...)
+	TODO: check
+CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...)
+	TODO: check
 CVE-2023-24530
 	RESERVED
 CVE-2023-24529
@@ -133,12 +167,12 @@ CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
 	[bullseye] - spip 3.2.11-3+deb11u6
 	NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
 	NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
-CVE-2023-24495
-	RESERVED
-CVE-2023-24494
-	RESERVED
-CVE-2023-24493
-	RESERVED
+CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...)
+	TODO: check
+CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc ...)
+	TODO: check
+CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...)
+	TODO: check
 CVE-2023-24492
 	RESERVED
 CVE-2023-24491
@@ -181,8 +215,8 @@ CVE-2023-0478
 	RESERVED
 CVE-2023-0477
 	RESERVED
-CVE-2023-0476
-	RESERVED
+CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
+	TODO: check
 CVE-2023-0475
 	RESERVED
 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
@@ -199,14 +233,12 @@ CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to 109.0.54
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0470
 	RESERVED
-CVE-2023-0469
-	RESERVED
+CVE-2023-0469 (A use-after-free flaw was found in io_uring/filetable.c in io_install_ ...)
 	- linux 6.0.12-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7)
-CVE-2023-0468
-	RESERVED
+CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_check_ev ...)
 	- linux 6.0.12-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7)
@@ -458,7 +490,7 @@ CVE-2023-0451
 CVE-2023-0450
 	RESERVED
 CVE-2023-0449
-	RESERVED
+	REJECTED
 CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...)
@@ -1121,39 +1153,39 @@ CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/488
 CVE-2022-48280
 	RESERVED
-CVE-2023-0412 [wnpa-sec-2023-07: TIPC dissector crash]
+CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770
-CVE-2023-0411 [wnpa-sec-2023-06: Multiple dissector excessive loops]
+CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737
-CVE-2023-0415 [wnpa-sec-2023-05: iSCSI dissector crash]
+CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10  ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18796
-CVE-2023-0416 [wnpa-sec-2023-04: GNW dissector crash]
+CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-04.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18779
-CVE-2023-0413 [wnpa-sec-2023-03: Dissection engine crash]
+CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10  ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766
-CVE-2023-0417 [wnpa-sec-2023-02: NFS dissector memory leak]
+CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18628
-CVE-2023-0414 [wnpa-sec-2023-01: EAP dissector crash]
+CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial o ...)
 	- wireshark 4.0.3-1
 	[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-01.html
@@ -1174,7 +1206,7 @@ CVE-2023-24055 (** DISPUTED ** KeePass through 2.53 (in a default installation)
 CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prior to  ...)
 	- pyload <itp> (bug #1001980)
 CVE-2023-24054
-	RESERVED
+	REJECTED
 CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/
@@ -1244,8 +1276,8 @@ CVE-2023-24024
 	RESERVED
 CVE-2023-24023
 	RESERVED
-CVE-2023-24022
-	RESERVED
+CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with  ...)
+	TODO: check
 CVE-2023-0432
 	RESERVED
 CVE-2023-0431
@@ -2481,8 +2513,8 @@ CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 	NOT-FOR-US: pimcore
 CVE-2023-0322
 	RESERVED
-CVE-2023-0321
-	RESERVED
+CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...)
+	TODO: check
 CVE-2023-0320
 	RESERVED
 CVE-2023-0319
@@ -3286,8 +3318,7 @@ CVE-2023-23350
 	RESERVED
 CVE-2023-23349
 	RESERVED
-CVE-2023-0229
-	RESERVED
+CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...)
 	NOT-FOR-US: OpenShift
 CVE-2023-0228
 	RESERVED
@@ -5119,8 +5150,7 @@ CVE-2023-22738
 	RESERVED
 CVE-2023-22737
 	RESERVED
-CVE-2023-22736
-	RESERVED
+CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-22735
 	RESERVED
@@ -11197,8 +11227,8 @@ CVE-2022-47054
 	RESERVED
 CVE-2022-47053
 	RESERVED
-CVE-2022-47052
-	RESERVED
+CVE-2022-47052 (NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to contain a c ...)
+	TODO: check
 CVE-2022-47051
 	RESERVED
 CVE-2022-47050
@@ -14640,8 +14670,8 @@ CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1
 	NOT-FOR-US: OpenText
 CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...)
 	NOT-FOR-US: FusionAuth
-CVE-2022-45920
-	RESERVED
+CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...)
+	TODO: check
 CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
@@ -17114,8 +17144,7 @@ CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin befor
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3924
-	RESERVED
+CVE-2022-3924 (This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ...)
 	- bind9 1:9.18.11-1
 	NOTE: https://kb.isc.org/docs/cve-2022-3924
 CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does ...)
@@ -20959,8 +20988,8 @@ CVE-2022-44020 (An issue was discovered in OpenStack Sushy-Tools through 0.21.0
 	NOT-FOR-US: OpenStack Sushy-Tools / VirtualBMC
 CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote comm ...)
 	NOT-FOR-US: Total.js CMS
-CVE-2022-44018
-	RESERVED
+CVE-2022-44018 (In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discov ...)
+	TODO: check
 CVE-2022-44017 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due  ...)
 	NOT-FOR-US: Simmeth Lieferantenmanager
 CVE-2022-44016 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...)
@@ -21011,8 +21040,8 @@ CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq
 	NOT-FOR-US: phpmyfaq
 CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-43997
-	RESERVED
+CVE-2022-43997 (Incorrect access control in Aternity agent in Riverbed Aternity before ...)
+	TODO: check
 CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF d ...)
 	NOT-FOR-US: csaf_provider
 CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ...)
@@ -21623,8 +21652,7 @@ CVE-2022-43960
 	RESERVED
 CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server settings in ...)
 	TODO: check
-CVE-2022-3736
-	RESERVED
+CVE-2022-3736 (BIND 9 resolver can crash when stale cache and stale answers are enabl ...)
 	- bind9 1:9.18.11-1
 	NOTE: https://kb.isc.org/docs/cve-2022-3736
 CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
@@ -25917,8 +25945,8 @@ CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce Word
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3488
-	RESERVED
+CVE-2022-3488 (Processing of repeated responses to the same query, where both respons ...)
+	TODO: check
 CVE-2022-3487
 	RESERVED
 CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions  ...)
@@ -26992,8 +27020,8 @@ CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON in
 	NOTE: https://cs-syd.eu/posts/2021-09-11-json-vulnerability
 	NOTE: https://github.com/haskell/aeson/issues/864
 	NOTE: https://github.com/haskell/aeson/commit/582a844d8028f62e409048a4caae187b27e8e697 (v2.0.1.0)
-CVE-2022-3432
-	RESERVED
+CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing proces ...)
+	TODO: check
 CVE-2022-3431
 	RESERVED
 CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...)
@@ -27387,8 +27415,7 @@ CVE-2022-42332
 	RESERVED
 CVE-2022-42331
 	RESERVED
-CVE-2022-42330
-	RESERVED
+CVE-2022-42330 (Guests can cause Xenstore crash via soft reset When a guest issues a " ...)
 	- xen <unfixed>
 	[bullseye] - xen <not-affected> (Only affects 4.17)
 	[buster] - xen <not-affected> (Only affects 4.17)
@@ -32969,33 +32996,33 @@ CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers tha
 CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell Automation St ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-40175
-	RESERVED
+	REJECTED
 CVE-2022-40174
-	RESERVED
+	REJECTED
 CVE-2022-40173
-	RESERVED
+	REJECTED
 CVE-2022-40172
-	RESERVED
+	REJECTED
 CVE-2022-40171
-	RESERVED
+	REJECTED
 CVE-2022-40170
-	RESERVED
+	REJECTED
 CVE-2022-40169
-	RESERVED
+	REJECTED
 CVE-2022-40168
-	RESERVED
+	REJECTED
 CVE-2022-40167
-	RESERVED
+	REJECTED
 CVE-2022-40166
-	RESERVED
+	REJECTED
 CVE-2022-40165
-	RESERVED
+	REJECTED
 CVE-2022-40164
-	RESERVED
+	REJECTED
 CVE-2022-40163
-	RESERVED
+	REJECTED
 CVE-2022-40162
-	RESERVED
+	REJECTED
 CVE-2022-40161
 	REJECTED
 CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
@@ -33328,8 +33355,8 @@ CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote attac
 	TODO: check
 CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to ...)
 	TODO: check
-CVE-2022-40035
-	RESERVED
+CVE-2022-40035 (File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing atta ...)
+	TODO: check
 CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...)
 	TODO: check
 CVE-2022-40033
@@ -35358,8 +35385,7 @@ CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not preven
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
 	NOT-FOR-US: Dart language (different from src:dart)
-CVE-2022-3094
-	RESERVED
+CVE-2022-3094 (Sending a flood of dynamic DNS updates may cause `named` to allocate l ...)
 	- bind9 1:9.18.11-1
 	NOTE: https://kb.isc.org/docs/cve-2022-3094
 CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...)
@@ -56080,23 +56106,23 @@ CVE-2022-31713
 	RESERVED
 CVE-2022-31712
 	RESERVED
-CVE-2022-31711
-	RESERVED
-CVE-2022-31710
-	RESERVED
+CVE-2022-31711 (VMware vRealize Log Insight contains an Information Disclosure Vulnera ...)
+	TODO: check
+CVE-2022-31710 (vRealize Log Insight contains a deserialization vulnerability. An unau ...)
+	TODO: check
 CVE-2022-31709
 	RESERVED
 CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...)
 	NOT-FOR-US: VMware
 CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...)
 	NOT-FOR-US: VMware
-CVE-2022-31706
-	RESERVED
+CVE-2022-31706 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
+	TODO: check
 CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...)
 	NOT-FOR-US: VMware
-CVE-2022-31704
-	RESERVED
-CVE-2022-31703 (vRealize Network Insight (vRNI) directory traversal vulnerability in v ...)
+CVE-2022-31704 (The vRealize Log Insight contains a broken access control vulnerabilit ...)
+	TODO: check
+CVE-2022-31703 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
 	NOT-FOR-US: VMware
 CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...)
 	NOT-FOR-US: VMware
@@ -56362,12 +56388,12 @@ CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lit
 	NOT-FOR-US: Modern Events Calendar Lite
 CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	NOT-FOR-US: Trudesk
-CVE-2022-1892
-	RESERVED
-CVE-2022-1891
-	RESERVED
-CVE-2022-1890
-	RESERVED
+CVE-2022-1892 (A buffer overflow in the SystemBootManagerDxe driver in some Lenovo No ...)
+	TODO: check
+CVE-2022-1891 (A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo No ...)
+	TODO: check
+CVE-2022-1890 (A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook p ...)
+	TODO: check
 CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer  ...)
@@ -61677,10 +61703,10 @@ CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.
 	NOT-FOR-US: Progress Ipswitch WhatsUp Gold
 CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...)
 	NOT-FOR-US: Progress Ipswitch WhatsUp Gold
-CVE-2022-29844
-	RESERVED
-CVE-2022-29843
-	RESERVED
+CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud OS 5 de ...)
+	TODO: check
+CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...)
+	TODO: check
 CVE-2022-29842
 	RESERVED
 CVE-2022-29841
@@ -191499,8 +191525,8 @@ CVE-2020-18332
 	RESERVED
 CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless Router m ...)
 	TODO: check
-CVE-2020-18330
-	RESERVED
+CVE-2020-18330 (An issue was discovered in the default configuration of ChinaMobile PL ...)
+	TODO: check
 CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb card BIOS v ...)
 	TODO: check
 CVE-2020-18328



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628f8ebd3cb2e9a6399c4a22cb59d03891387060

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628f8ebd3cb2e9a6399c4a22cb59d03891387060
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/9db7a38d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list