[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 26 20:10:29 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1e8a752 by security tracker role at 2023-01-26T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-24576
+	RESERVED
+CVE-2023-24575
+	RESERVED
+CVE-2023-24574
+	RESERVED
+CVE-2023-24573
+	RESERVED
+CVE-2023-24572
+	RESERVED
+CVE-2023-24571
+	RESERVED
+CVE-2023-24570
+	RESERVED
+CVE-2023-24569
+	RESERVED
+CVE-2023-24568
+	RESERVED
+CVE-2023-24567
+	RESERVED
+CVE-2023-24566
+	RESERVED
+CVE-2023-24565
+	RESERVED
+CVE-2023-24564
+	RESERVED
+CVE-2023-24563
+	RESERVED
+CVE-2023-24562
+	RESERVED
+CVE-2023-24561
+	RESERVED
+CVE-2023-24560
+	RESERVED
+CVE-2023-24559
+	RESERVED
+CVE-2023-24558
+	RESERVED
+CVE-2023-24557
+	RESERVED
+CVE-2023-24556
+	RESERVED
+CVE-2023-24555
+	RESERVED
+CVE-2023-24554
+	RESERVED
+CVE-2023-24553
+	RESERVED
+CVE-2023-24552
+	RESERVED
+CVE-2023-24551
+	RESERVED
+CVE-2023-24550
+	RESERVED
+CVE-2023-24549
+	RESERVED
+CVE-2023-24548
+	RESERVED
+CVE-2023-24547
+	RESERVED
+CVE-2023-24546
+	RESERVED
+CVE-2023-24545
+	RESERVED
+CVE-2023-0517
+	RESERVED
+CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+	TODO: check
+CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+	TODO: check
+CVE-2023-0514
+	RESERVED
+CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 a ...)
+	TODO: check
+CVE-2023-0512
+	RESERVED
+CVE-2023-0511
+	RESERVED
+CVE-2023-0510
+	RESERVED
 CVE-2023-24540
 	RESERVED
 CVE-2023-24539
@@ -220,15 +300,19 @@ CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improp
 CVE-2023-0475
 	RESERVED
 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
+	{DSA-5328-1}
 	- chromium 109.0.5414.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0473 (Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.54 ...)
+	{DSA-5328-1}
 	- chromium 109.0.5414.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0472 (Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allo ...)
+	{DSA-5328-1}
 	- chromium 109.0.5414.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to 109.0.5414.11 ...)
+	{DSA-5328-1}
 	- chromium 109.0.5414.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0470
@@ -921,20 +1005,20 @@ CVE-2023-24172
 	RESERVED
 CVE-2023-24171
 	RESERVED
-CVE-2023-24170
-	RESERVED
-CVE-2023-24169
-	RESERVED
+CVE-2023-24170 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/f ...)
+	TODO: check
+CVE-2023-24169 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...)
+	TODO: check
 CVE-2023-24168
 	RESERVED
-CVE-2023-24167
-	RESERVED
-CVE-2023-24166
-	RESERVED
-CVE-2023-24165
-	RESERVED
-CVE-2023-24164
-	RESERVED
+CVE-2023-24167 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/a ...)
+	TODO: check
+CVE-2023-24166 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/f ...)
+	TODO: check
+CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/i ...)
+	TODO: check
+CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...)
+	TODO: check
 CVE-2023-24163
 	RESERVED
 CVE-2023-24162
@@ -1285,6 +1369,7 @@ CVE-2023-0431
 CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...)
 	- yii <itp> (bug #597899)
 CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...)
+	{DLA-3283-1}
 	- modsecurity-apache 2.9.7-1 (bug #1029329)
 	[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
 	NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
@@ -1422,6 +1507,7 @@ CVE-2022-4894
 CVE-2022-4893
 	RESERVED
 CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...)
+	{DLA-3283-1}
 	- modsecurity-apache 2.9.6-1
 	[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
 	- modsecurity 3.0.8-1
@@ -2404,8 +2490,8 @@ CVE-2023-23621
 	RESERVED
 CVE-2023-23620
 	RESERVED
-CVE-2023-23619
-	RESERVED
+CVE-2023-23619 (Modelina is a library for generating data models based on inputs such  ...)
+	TODO: check
 CVE-2023-23618
 	RESERVED
 CVE-2023-23617
@@ -2414,8 +2500,8 @@ CVE-2023-23616
 	RESERVED
 CVE-2023-23615
 	RESERVED
-CVE-2023-23614
-	RESERVED
+CVE-2023-23614 (Pi-hole®'s Web interface (based off of AdminLTE) provides a centr ...)
+	TODO: check
 CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...)
 	NOT-FOR-US: OpenSearch
 CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...)
@@ -4148,8 +4234,8 @@ CVE-2023-22973
 	RESERVED
 CVE-2023-22972
 	RESERVED
-CVE-2023-22971
-	RESERVED
+CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...)
+	TODO: check
 CVE-2023-22970
 	RESERVED
 CVE-2023-22969
@@ -5146,8 +5232,8 @@ CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant wi
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
 CVE-2023-22740
 	RESERVED
-CVE-2023-22739
-	RESERVED
+CVE-2023-22739 (Discourse is an open source platform for community discussion. Version ...)
+	TODO: check
 CVE-2023-22738
 	RESERVED
 CVE-2023-22737
@@ -6287,8 +6373,8 @@ CVE-2023-22470 (Nextcloud Deck is a kanban style organization tool aimed at pers
 	NOT-FOR-US: Deck
 CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal planning an ...)
 	NOT-FOR-US: Deck
-CVE-2023-22468
-	RESERVED
+CVE-2023-22468 (Discourse is an open source platform for community discussion. Version ...)
+	TODO: check
 CVE-2023-22467 (Luxon is a library for working with dates and times in JavaScript. On  ...)
 	NOT-FOR-US: Luxon
 CVE-2023-22466 (Tokio is a runtime for writing applications with Rust. Starting with v ...)
@@ -9576,7 +9662,7 @@ CVE-2022-4586 (A vulnerability classified as problematic was found in Opencachin
 	NOT-FOR-US: Opencaching Deutschland oc-server3
 CVE-2022-4585 (A vulnerability classified as problematic has been found in Opencachin ...)
 	NOT-FOR-US: Opencaching Deutschland oc-server3
-CVE-2022-4584 (A vulnerability was found in Axiomatic Bento4. It has been rated as cr ...)
+CVE-2022-4584 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has  ...)
 	NOT-FOR-US: Bento4
 CVE-2022-4583 (A vulnerability was found in jLEMS. It has been declared as critical.  ...)
 	NOT-FOR-US: jLEMS
@@ -17158,6 +17244,7 @@ CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin befor
 CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3924 (This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ...)
+	{DSA-5329-1}
 	- bind9 1:9.18.11-1
 	NOTE: https://kb.isc.org/docs/cve-2022-3924
 CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does ...)
@@ -20430,8 +20517,8 @@ CVE-2022-44299
 	RESERVED
 CVE-2022-44298
 	RESERVED
-CVE-2022-44297
-	RESERVED
+CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...)
+	TODO: check
 CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: Sanitization Management System
 CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -21666,6 +21753,7 @@ CVE-2022-43960
 CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server settings in ...)
 	TODO: check
 CVE-2022-3736 (BIND 9 resolver can crash when stale cache and stale answers are enabl ...)
+	{DSA-5329-1}
 	- bind9 1:9.18.11-1
 	NOTE: https://kb.isc.org/docs/cve-2022-3736
 CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
@@ -27246,116 +27334,116 @@ CVE-2022-42425
 	RESERVED
 CVE-2022-42424
 	RESERVED
-CVE-2022-42423
-	RESERVED
+CVE-2022-42423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-42422
 	RESERVED
-CVE-2022-42421
-	RESERVED
-CVE-2022-42420
-	RESERVED
-CVE-2022-42419
-	RESERVED
-CVE-2022-42418
-	RESERVED
-CVE-2022-42417
-	RESERVED
-CVE-2022-42416
-	RESERVED
-CVE-2022-42415
-	RESERVED
-CVE-2022-42414
-	RESERVED
-CVE-2022-42413
-	RESERVED
-CVE-2022-42412
-	RESERVED
-CVE-2022-42411
-	RESERVED
-CVE-2022-42410
-	RESERVED
-CVE-2022-42409
-	RESERVED
-CVE-2022-42408
-	RESERVED
-CVE-2022-42407
-	RESERVED
-CVE-2022-42406
-	RESERVED
-CVE-2022-42405
-	RESERVED
-CVE-2022-42404
-	RESERVED
-CVE-2022-42403
-	RESERVED
-CVE-2022-42402
-	RESERVED
-CVE-2022-42401
-	RESERVED
-CVE-2022-42400
-	RESERVED
-CVE-2022-42399
-	RESERVED
-CVE-2022-42398
-	RESERVED
-CVE-2022-42397
-	RESERVED
-CVE-2022-42396
-	RESERVED
-CVE-2022-42395
-	RESERVED
-CVE-2022-42394
-	RESERVED
-CVE-2022-42393
-	RESERVED
-CVE-2022-42392
-	RESERVED
-CVE-2022-42391
-	RESERVED
-CVE-2022-42390
-	RESERVED
-CVE-2022-42389
-	RESERVED
-CVE-2022-42388
-	RESERVED
-CVE-2022-42387
-	RESERVED
-CVE-2022-42386
-	RESERVED
-CVE-2022-42385
-	RESERVED
-CVE-2022-42384
-	RESERVED
-CVE-2022-42383
-	RESERVED
-CVE-2022-42382
-	RESERVED
-CVE-2022-42381
-	RESERVED
-CVE-2022-42380
-	RESERVED
-CVE-2022-42379
-	RESERVED
-CVE-2022-42378
-	RESERVED
-CVE-2022-42377
-	RESERVED
-CVE-2022-42376
-	RESERVED
-CVE-2022-42375
-	RESERVED
-CVE-2022-42374
-	RESERVED
-CVE-2022-42373
-	RESERVED
-CVE-2022-42372
-	RESERVED
-CVE-2022-42371
-	RESERVED
-CVE-2022-42370
-	RESERVED
-CVE-2022-42369
-	RESERVED
+CVE-2022-42421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42420 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42419 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42418 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42415 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42414 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42413 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42412 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42411 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42410 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42409 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42408 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42407 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42406 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42405 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42404 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42402 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42401 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42400 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42399 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42398 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42397 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42396 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42395 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42394 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42393 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42392 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42391 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42390 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42389 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42388 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42387 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42386 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42385 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42384 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42383 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42382 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42381 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42380 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42379 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42378 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42377 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42376 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42375 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-42374 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42373 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42372 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42371 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42370 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-42369 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2022-42368
 	RESERVED
 CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
@@ -28594,6 +28682,7 @@ CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI.
 CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...)
 	NOT-FOR-US: Element iOS
 CVE-2022-41903 (Git is distributed revision control system. `git log` can display comm ...)
+	{DLA-3282-1}
 	- git 1:2.39.1-0.1 (bug #1029114)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
 	NOTE: https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2
@@ -30655,34 +30744,34 @@ CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution)
 	NOT-FOR-US: Kyungrinara
 CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...)
 	NOT-FOR-US: OndiskPlayerAgent
-CVE-2022-41153
-	RESERVED
-CVE-2022-41152
-	RESERVED
-CVE-2022-41151
-	RESERVED
-CVE-2022-41150
-	RESERVED
-CVE-2022-41149
-	RESERVED
-CVE-2022-41148
-	RESERVED
-CVE-2022-41147
-	RESERVED
-CVE-2022-41146
-	RESERVED
-CVE-2022-41145
-	RESERVED
-CVE-2022-41144
-	RESERVED
-CVE-2022-41143
-	RESERVED
-CVE-2022-41142
-	RESERVED
-CVE-2022-41141
-	RESERVED
-CVE-2022-41140
-	RESERVED
+CVE-2022-41153 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-41152 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41151 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41150 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41149 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41148 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41147 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41146 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-41145 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-41144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41143 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-41142 (This vulnerability allows remote attackers to escalate privileges on a ...)
+	TODO: check
+CVE-2022-41141 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2022-41140 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Reflect A ...)
 	- qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant)
 	- qtdeclarative-opensource-src <unfixed> (unimportant)
@@ -31664,14 +31753,14 @@ CVE-2022-40722
 	RESERVED
 CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
 	NOT-FOR-US: php uploader
-CVE-2022-40720
-	RESERVED
-CVE-2022-40719
-	RESERVED
-CVE-2022-40718
-	RESERVED
-CVE-2022-40717
-	RESERVED
+CVE-2022-40720 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-40719 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-40718 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...)
 	- consul <unfixed> (bug #1027161)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
@@ -35408,6 +35497,7 @@ CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not preven
 CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
 	NOT-FOR-US: Dart language (different from src:dart)
 CVE-2022-3094 (Sending a flood of dynamic DNS updates may cause `named` to allocate l ...)
+	{DSA-5329-1}
 	- bind9 1:9.18.11-1
 	NOTE: https://kb.isc.org/docs/cve-2022-3094
 CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...)
@@ -37514,13 +37604,13 @@ CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA
 	- rhonabwy 1.1.7-1
 	[bullseye] - rhonabwy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399
-CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03  ...)
+CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
 	NOT-FOR-US: EasyVista
 CVE-2022-38491 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
 	NOT-FOR-US: EasyVista
 CVE-2022-38490 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
 	NOT-FOR-US: EasyVista
-CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1. ...)
+CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03  ...)
 	NOT-FOR-US: EasyVista
 CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...)
 	NOT-FOR-US: logrocket-oauth2-example
@@ -81139,6 +81229,7 @@ CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offs
 CVE-2022-23522
 	RESERVED
 CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...)
+	{DLA-3282-1}
 	- git 1:2.39.1-0.1 (bug #1029114)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
 	NOTE: https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24
@@ -115614,8 +115705,8 @@ CVE-2021-36688
 	RESERVED
 CVE-2021-36687
 	RESERVED
-CVE-2021-36686
-	RESERVED
+CVE-2021-36686 (Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attacker ...)
+	TODO: check
 CVE-2021-36685
 	RESERVED
 CVE-2021-36684
@@ -115913,8 +116004,8 @@ CVE-2021-36541
 	RESERVED
 CVE-2021-36540
 	RESERVED
-CVE-2021-36539
-	RESERVED
+CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to locked/unpublish ...)
+	TODO: check
 CVE-2021-36538
 	RESERVED
 CVE-2021-36537
@@ -182738,8 +182829,8 @@ CVE-2020-22454
 	RESERVED
 CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...)
 	NOT-FOR-US: Untis WebUntis
-CVE-2020-22452
-	RESERVED
+CVE-2020-22452 (SQL Injection vulnerability in function getTableCreationQuery in Creat ...)
+	TODO: check
 CVE-2020-22451
 	RESERVED
 CVE-2020-22450
@@ -182993,8 +183084,8 @@ CVE-2020-22329
 	RESERVED
 CVE-2020-22328
 	RESERVED
-CVE-2020-22327
-	RESERVED
+CVE-2020-22327 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...)
+	TODO: check
 CVE-2020-22326
 	RESERVED
 CVE-2020-22325



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1e8a75293ab084e06f4129b435f03abb98a220f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1e8a75293ab084e06f4129b435f03abb98a220f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/92d36528/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list