[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 27 20:10:33 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f1d852d by security tracker role at 2023-01-27T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-24595
+	RESERVED
+CVE-2023-24583
+	RESERVED
+CVE-2023-24582
+	RESERVED
+CVE-2023-24581
+	RESERVED
+CVE-2023-22365
+	RESERVED
+CVE-2023-22299
+	RESERVED
+CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-0548
+	RESERVED
+CVE-2023-0547
+	RESERVED
+CVE-2023-0546
+	RESERVED
+CVE-2023-0545
+	RESERVED
+CVE-2023-0544
+	RESERVED
+CVE-2023-0543
+	RESERVED
+CVE-2023-0542
+	RESERVED
+CVE-2023-0541
+	RESERVED
+CVE-2023-0540
+	RESERVED
+CVE-2023-0539
+	RESERVED
+CVE-2023-0538
+	RESERVED
+CVE-2023-0537
+	RESERVED
+CVE-2023-0536
+	RESERVED
+CVE-2023-0535
+	RESERVED
+CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2023-0533 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2023-0532 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+	TODO: check
+CVE-2023-0531 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-0530 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+	TODO: check
+CVE-2023-0529 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+	TODO: check
+CVE-2023-0528 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+	TODO: check
+CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hiring  ...)
+	TODO: check
+CVE-2023-0526
+	RESERVED
 CVE-2023-24580
 	RESERVED
 CVE-2023-24579
@@ -6718,22 +6778,22 @@ CVE-2022-48075
 	RESERVED
 CVE-2022-48074
 	RESERVED
-CVE-2022-48073
-	RESERVED
-CVE-2022-48072
-	RESERVED
-CVE-2022-48071
-	RESERVED
-CVE-2022-48070
-	RESERVED
-CVE-2022-48069
-	RESERVED
+CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...)
+	TODO: check
+CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...)
+	TODO: check
+CVE-2022-48071 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...)
+	TODO: check
+CVE-2022-48070 (Phicomm K2 v22.6.534.263 was discovered to contain a command injection ...)
+	TODO: check
+CVE-2022-48069 (Totolink A830R V4.1.2cu.5182 was discovered to contain a command injec ...)
+	TODO: check
 CVE-2022-48068
 	RESERVED
-CVE-2022-48067
-	RESERVED
-CVE-2022-48066
-	RESERVED
+CVE-2022-48067 (An information disclosure vulnerability in Totolink A830R V4.1.2cu.518 ...)
+	TODO: check
+CVE-2022-48066 (An issue in the component global.so of Totolink A830R V4.1.2cu.5182 al ...)
+	TODO: check
 CVE-2022-48065
 	RESERVED
 CVE-2022-48064
@@ -6838,20 +6898,20 @@ CVE-2022-48015
 	RESERVED
 CVE-2022-48014
 	RESERVED
-CVE-2022-48013
-	RESERVED
-CVE-2022-48012
-	RESERVED
-CVE-2022-48011
-	RESERVED
-CVE-2022-48010
-	RESERVED
+CVE-2022-48013 (Opencats v0.9.7 was discovered to contain a stored cross-site scriptin ...)
+	TODO: check
+CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected cross-site scrip ...)
+	TODO: check
+CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored cross-site scrip ...)
+	TODO: check
 CVE-2022-48009
 	RESERVED
-CVE-2022-48008
-	RESERVED
-CVE-2022-48007
-	RESERVED
+CVE-2022-48008 (An arbitrary file upload vulnerability in the plugin manager of LimeSu ...)
+	TODO: check
+CVE-2022-48007 (A stored cross-site scripting (XSS) vulnerability in identification.ph ...)
+	TODO: check
 CVE-2022-48006
 	RESERVED
 CVE-2022-48005
@@ -8443,8 +8503,8 @@ CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 befo
 	NOT-FOR-US: M-Link
 CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...)
 	NOT-FOR-US: Kyverno
-CVE-2022-47632
-	RESERVED
+CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...)
+	TODO: check
 CVE-2022-47631
 	RESERVED
 CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509  ...)
@@ -8636,12 +8696,12 @@ CVE-2023-22244
 	RESERVED
 CVE-2023-22243
 	RESERVED
-CVE-2023-22242
-	RESERVED
-CVE-2023-22241
-	RESERVED
-CVE-2023-22240
-	RESERVED
+CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
+	TODO: check
+CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
+	TODO: check
+CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
+	TODO: check
 CVE-2023-22239
 	RESERVED
 CVE-2023-22238
@@ -12309,8 +12369,8 @@ CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in v
 	NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4
 CVE-2022-4336 (In BAOTA linux panel there exists a stored xss vulnerability attackers ...)
 	NOT-FOR-US: BAOTA linux panel
-CVE-2022-4335
-	RESERVED
+CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of GitLab EE ...)
+	TODO: check
 CVE-2022-4334
 	REJECTED
 CVE-2022-4333
@@ -13205,8 +13265,7 @@ CVE-2022-4287 (Authentication bypass in local application lock feature in Devolu
 	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-4286
 	RESERVED
-CVE-2022-4285
-	RESERVED
+CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. Parsi ...)
 	- binutils 2.39.50.20221208-2 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
@@ -14098,131 +14157,131 @@ CVE-2022-46246
 CVE-2022-46245
 	RESERVED
 CVE-2022-46244
-	RESERVED
+	REJECTED
 CVE-2022-46243
-	RESERVED
+	REJECTED
 CVE-2022-46242
-	RESERVED
+	REJECTED
 CVE-2022-46241
-	RESERVED
+	REJECTED
 CVE-2022-46240
-	RESERVED
+	REJECTED
 CVE-2022-46239
-	RESERVED
+	REJECTED
 CVE-2022-46238
-	RESERVED
+	REJECTED
 CVE-2022-46237
-	RESERVED
+	REJECTED
 CVE-2022-46236
-	RESERVED
+	REJECTED
 CVE-2022-46235
-	RESERVED
+	REJECTED
 CVE-2022-46234
-	RESERVED
+	REJECTED
 CVE-2022-46233
-	RESERVED
+	REJECTED
 CVE-2022-46232
-	RESERVED
+	REJECTED
 CVE-2022-46231
-	RESERVED
+	REJECTED
 CVE-2022-46230
-	RESERVED
+	REJECTED
 CVE-2022-46229
-	RESERVED
+	REJECTED
 CVE-2022-46228
-	RESERVED
+	REJECTED
 CVE-2022-46227
-	RESERVED
+	REJECTED
 CVE-2022-46226
-	RESERVED
+	REJECTED
 CVE-2022-46225
-	RESERVED
+	REJECTED
 CVE-2022-46224
-	RESERVED
+	REJECTED
 CVE-2022-46223
-	RESERVED
+	REJECTED
 CVE-2022-46222
-	RESERVED
+	REJECTED
 CVE-2022-46221
-	RESERVED
+	REJECTED
 CVE-2022-46220
-	RESERVED
+	REJECTED
 CVE-2022-46219
-	RESERVED
+	REJECTED
 CVE-2022-46218
-	RESERVED
+	REJECTED
 CVE-2022-46217
-	RESERVED
+	REJECTED
 CVE-2022-46216
-	RESERVED
+	REJECTED
 CVE-2022-46215
-	RESERVED
+	REJECTED
 CVE-2022-46214
-	RESERVED
+	REJECTED
 CVE-2022-46213
-	RESERVED
+	REJECTED
 CVE-2022-46212
-	RESERVED
+	REJECTED
 CVE-2022-46211
-	RESERVED
+	REJECTED
 CVE-2022-46210
-	RESERVED
+	REJECTED
 CVE-2022-46209
-	RESERVED
+	REJECTED
 CVE-2022-46208
-	RESERVED
+	REJECTED
 CVE-2022-46207
-	RESERVED
+	REJECTED
 CVE-2022-46206
-	RESERVED
+	REJECTED
 CVE-2022-46205
-	RESERVED
+	REJECTED
 CVE-2022-46204
-	RESERVED
+	REJECTED
 CVE-2022-46203
-	RESERVED
+	REJECTED
 CVE-2022-46202
-	RESERVED
+	REJECTED
 CVE-2022-46201
-	RESERVED
+	REJECTED
 CVE-2022-46200
-	RESERVED
+	REJECTED
 CVE-2022-46199
-	RESERVED
+	REJECTED
 CVE-2022-46198
-	RESERVED
+	REJECTED
 CVE-2022-46197
-	RESERVED
+	REJECTED
 CVE-2022-46196
-	RESERVED
+	REJECTED
 CVE-2022-46195
-	RESERVED
+	REJECTED
 CVE-2022-46194
-	RESERVED
+	REJECTED
 CVE-2022-46193
-	RESERVED
+	REJECTED
 CVE-2022-46192
-	RESERVED
+	REJECTED
 CVE-2022-46191
-	RESERVED
+	REJECTED
 CVE-2022-46190
-	RESERVED
+	REJECTED
 CVE-2022-46189
-	RESERVED
+	REJECTED
 CVE-2022-46188
-	RESERVED
+	REJECTED
 CVE-2022-46187
-	RESERVED
+	REJECTED
 CVE-2022-46186
-	RESERVED
+	REJECTED
 CVE-2022-46185
-	RESERVED
+	REJECTED
 CVE-2022-46184
-	RESERVED
+	REJECTED
 CVE-2022-46183
-	RESERVED
+	REJECTED
 CVE-2022-46182
-	RESERVED
+	REJECTED
 CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...)
 	NOT-FOR-US: Gotify server
 CVE-2022-46180 (Discourse Mermaid (discourse-mermaid-theme-component) allows users of  ...)
@@ -14912,8 +14971,7 @@ CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allow
 	NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947)
 CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4139
-	RESERVED
+CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux kernel’s GPU ...)
 	{DLA-3244-1}
 	- linux 6.0.10-2
 	[bullseye] - linux 5.10.158-1
@@ -18383,14 +18441,14 @@ CVE-2022-44720
 	RESERVED
 CVE-2022-44719
 	RESERVED
-CVE-2022-44718
-	RESERVED
-CVE-2022-44717
-	RESERVED
+CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...)
+	TODO: check
+CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...)
+	TODO: check
 CVE-2022-44716
 	RESERVED
-CVE-2022-44715
-	RESERVED
+CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allow ...)
+	TODO: check
 CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection  ...)
@@ -20602,8 +20660,8 @@ CVE-2022-44300
 	RESERVED
 CVE-2022-44299
 	RESERVED
-CVE-2022-44298
-	RESERVED
+CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
+	TODO: check
 CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...)
 	NOT-FOR-US: SiteServer CMS
 CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -20900,7 +20958,7 @@ CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Inj
 	NOT-FOR-US: Simple Inventory Management System
 CVE-2022-44150
 	RESERVED
-CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allow ...)
+CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2. ...)
 	NOT-FOR-US: Nexxt Amp300 ARN02304U8
 CVE-2022-44148
 	RESERVED
@@ -21153,18 +21211,18 @@ CVE-2022-44030 (Redmine 5.x before 5.0.4 allows downloading of file attachments
 	NOTE: https://github.com/redmine/redmine/commit/df615b7047e58a5dfb236d3b011dfe1619559acc
 	NOTE: https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909
 	NOTE: https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833
-CVE-2022-44029
-	RESERVED
-CVE-2022-44028
-	RESERVED
-CVE-2022-44027
-	RESERVED
-CVE-2022-44026
-	RESERVED
-CVE-2022-44025
-	RESERVED
-CVE-2022-44024
-	RESERVED
+CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
+	TODO: check
+CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
+	TODO: check
+CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
+	TODO: check
+CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
+	TODO: check
+CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
+	TODO: check
+CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
+	TODO: check
 CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify disabled ...)
 	NOT-FOR-US: PwnDoc
 CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify valid us ...)
@@ -24173,6 +24231,7 @@ CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.
 	NOT-FOR-US: EdgeRouters
 CVE-2022-43552 [HTTP Proxy deny use-after-free]
 	RESERVED
+	{DSA-5330-1}
 	- curl 7.86.0-3 (bug #1026830)
 	NOTE: https://curl.se/docs/CVE-2022-43552.html
 	NOTE: Introduced by (telnet): https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482 (curl-7_16_0)
@@ -39629,8 +39688,8 @@ CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub rep
 	NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...)
 	NOT-FOR-US: Cockpit-HQ/Cockpit
-CVE-2022-2712
-	RESERVED
+CVE-2022-2712 (In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability ...)
+	TODO: check
 CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
@@ -54730,6 +54789,7 @@ CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in vers
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
 	NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
 CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use the read c ...)
+	{DSA-5330-1}
 	- curl 7.86.0-1
 	NOTE: https://curl.se/docs/CVE-2022-32221.html
 	NOTE: https://github.com/curl/curl/issues/9507
@@ -104178,8 +104238,8 @@ CVE-2021-41233 (Nextcloud text is a collaborative document editing using Markdow
 	NOT-FOR-US: Nextcloud text app
 CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...)
 	NOT-FOR-US: Thunderdome
-CVE-2021-41231
-	RESERVED
+CVE-2021-41231 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and  ...)
+	TODO: check
 CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...)
 	NOT-FOR-US: Pomerium
 CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a  ...)
@@ -104430,10 +104490,10 @@ CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a mi
 CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
 	- freeswitch <itp> (bug #389591)
 	NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
-CVE-2021-41144
-	RESERVED
-CVE-2021-41143
-	RESERVED
+CVE-2021-41144 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and  ...)
+	TODO: check
+CVE-2021-41143 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and  ...)
+	TODO: check
 CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
 	NOT-FOR-US: Tuleap
 CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -109363,8 +109423,8 @@ CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. W
 	NOT-FOR-US: wasmtime
 CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
 	NOT-FOR-US: wasmtime
-CVE-2021-39217
-	RESERVED
+CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and  ...)
+	TODO: check
 CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
 	NOT-FOR-US: wasmtime
 CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
@@ -155390,8 +155450,8 @@ CVE-2021-21397
 	RESERVED
 CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
 	NOT-FOR-US: wire-server
-CVE-2021-21395
-	RESERVED
+CVE-2021-21395 (Magneto LTS (Long Term Support) is a community developed alternative t ...)
+	TODO: check
 CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
 	- matrix-synapse 1.28.0-1
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1d852d320de0cc134056cafbc58c34ef34d460

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1d852d320de0cc134056cafbc58c34ef34d460
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230127/b82a6177/attachment.htm>

More information about the debian-security-tracker-commits mailing list