[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 31 20:10:36 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc002078 by security tracker role at 2023-01-31T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2023-24855
+ RESERVED
+CVE-2023-24854
+ RESERVED
+CVE-2023-24853
+ RESERVED
+CVE-2023-24852
+ RESERVED
+CVE-2023-24851
+ RESERVED
+CVE-2023-24850
+ RESERVED
+CVE-2023-24849
+ RESERVED
+CVE-2023-24848
+ RESERVED
+CVE-2023-24847
+ RESERVED
+CVE-2023-24846
+ RESERVED
+CVE-2023-24845
+ RESERVED
+CVE-2023-24844
+ RESERVED
+CVE-2023-24843
+ RESERVED
+CVE-2023-24842
+ RESERVED
+CVE-2023-24841
+ RESERVED
+CVE-2023-24840
+ RESERVED
+CVE-2023-24839
+ RESERVED
+CVE-2023-24838
+ RESERVED
+CVE-2023-24837
+ RESERVED
+CVE-2023-24836
+ RESERVED
+CVE-2023-24835
+ RESERVED
+CVE-2023-24834
+ RESERVED
+CVE-2023-0600
+ RESERVED
+CVE-2023-0599
+ RESERVED
+CVE-2023-0598
+ RESERVED
+CVE-2023-0597
+ RESERVED
+CVE-2023-0596
+ RESERVED
+CVE-2023-0595
+ RESERVED
+CVE-2023-0594
+ RESERVED
+CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS filesystem extra ...)
+ TODO: check
+CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesystem ex ...)
+ TODO: check
+CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...)
+ TODO: check
+CVE-2023-0590
+ RESERVED
+CVE-2023-0589
+ RESERVED
+CVE-2023-0588
+ RESERVED
+CVE-2022-4900
+ RESERVED
+CVE-2022-4899
+ RESERVED
CVE-2023-24833
RESERVED
CVE-2023-24832
@@ -88,8 +162,7 @@ CVE-2022-48305
RESERVED
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
-CVE-2023-24829
- RESERVED
+CVE-2023-24829 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-24803
RESERVED
@@ -1752,10 +1825,10 @@ CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /go
NOT-FOR-US: Tenda
CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...)
NOT-FOR-US: Tenda
-CVE-2023-24163
- RESERVED
-CVE-2023-24162
- RESERVED
+CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...)
+ TODO: check
+CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...)
+ TODO: check
CVE-2023-24161
RESERVED
CVE-2023-24160
@@ -5308,8 +5381,8 @@ CVE-2023-22902
RESERVED
CVE-2023-22901
RESERVED
-CVE-2023-22900
- RESERVED
+CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...)
+ TODO: check
CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...)
- zip4j 2.11.2-3 (bug #1029038)
[bullseye] - zip4j <no-dsa> (Minor issue)
@@ -6466,10 +6539,10 @@ CVE-2023-22613
RESERVED
CVE-2023-22612
RESERVED
-CVE-2023-22611
- RESERVED
-CVE-2023-22610
- RESERVED
+CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ TODO: check
+CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that could caus ...)
+ TODO: check
CVE-2023-22609
RESERVED
CVE-2023-22608
@@ -8658,8 +8731,8 @@ CVE-2022-47856
RESERVED
CVE-2022-47855
RESERVED
-CVE-2022-47854
- RESERVED
+CVE-2022-47854 (i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplem ...)
+ TODO: check
CVE-2022-47853 (TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...)
NOT-FOR-US: TOTOLINK
CVE-2022-47852
@@ -8806,8 +8879,8 @@ CVE-2022-47782
RESERVED
CVE-2022-47781
RESERVED
-CVE-2022-47780
- RESERVED
+CVE-2022-47780 (SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter. ...)
+ TODO: check
CVE-2022-47779
RESERVED
CVE-2022-47778
@@ -8964,16 +9037,16 @@ CVE-2022-47703
RESERVED
CVE-2022-47702
RESERVED
-CVE-2022-47701
- RESERVED
-CVE-2022-47700
- RESERVED
-CVE-2022-47699
- RESERVED
-CVE-2022-47698
- RESERVED
-CVE-2022-47697
- RESERVED
+CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
+ TODO: check
+CVE-2022-47700 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
+ TODO: check
+CVE-2022-47699 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
+ TODO: check
+CVE-2022-47698 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
+ TODO: check
+CVE-2022-47697 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
+ TODO: check
CVE-2022-47696
RESERVED
CVE-2022-47695
@@ -12135,8 +12208,8 @@ CVE-2022-47037
RESERVED
CVE-2022-47036
RESERVED
-CVE-2022-47035
- RESERVED
+CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...)
+ TODO: check
CVE-2022-47034
RESERVED
CVE-2022-47033
@@ -12752,8 +12825,8 @@ CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subs
NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1
NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73
NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c
-CVE-2022-46835
- RESERVED
+CVE-2022-46835 (IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 ...)
+ TODO: check
CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...)
NOT-FOR-US: SICK
CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...)
@@ -16350,8 +16423,8 @@ CVE-2022-45600
RESERVED
CVE-2022-45599
RESERVED
-CVE-2022-45598
- RESERVED
+CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...)
+ TODO: check
CVE-2022-45597
RESERVED
CVE-2022-45596
@@ -16931,8 +17004,8 @@ CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint an
[buster] - openssl <not-affected> (Only affects 3.0.x)
NOTE: https://www.openssl.org/news/secadv/20221213.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7
-CVE-2022-45435
- RESERVED
+CVE-2022-45435 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...)
+ TODO: check
CVE-2022-45434 (Some Dahua software products have a vulnerability of unauthenticated u ...)
NOT-FOR-US: Dahua
CVE-2022-45433 (Some Dahua software products have a vulnerability of unauthenticated t ...)
@@ -17858,8 +17931,8 @@ CVE-2022-45174
RESERVED
CVE-2022-45173
RESERVED
-CVE-2022-45172
- RESERVED
+CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...)
+ TODO: check
CVE-2022-45171
RESERVED
CVE-2022-45170
@@ -20276,11 +20349,9 @@ CVE-2022-44647 (An Out-of-bounds read vulnerability in Trend Micro Apex One and
NOT-FOR-US: Trend Micro
CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2022-44645
- RESERVED
+CVE-2022-44645 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a de ...)
NOT-FOR-US: Apache Linkis
-CVE-2022-44644
- RESERVED
+CVE-2022-44644 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an a ...)
NOT-FOR-US: Apache Linkis
CVE-2022-3853 (Cross-site Scripting (XSS) is a client-side code injection attack. The ...)
NOT-FOR-US: WordPress plugin
@@ -33709,7 +33780,7 @@ CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges
NOT-FOR-US: AMI
CVE-2022-40260
RESERVED
-CVE-2022-40259 (AMI MegaRAC Redfish Arbitrary Code Execution ...)
+CVE-2022-40259 (MegaRAC Default Credentials Vulnerability ...)
NOT-FOR-US: AMI MegaRAC Redfish
CVE-2022-40258 (AMI Megarac Weak password hashes for Redfish & API ...)
TODO: check
@@ -36709,12 +36780,12 @@ CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request,
NOT-FOR-US: Open5GS UPF
CVE-2022-39062
RESERVED
-CVE-2022-39061
- RESERVED
-CVE-2022-39060
- RESERVED
-CVE-2022-39059
- RESERVED
+CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a vulnerability of Out ...)
+ TODO: check
+CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a vulnerability of imp ...)
+ TODO: check
+CVE-2022-39059 (ChangingTech MegaServiSignAdapter component has a path traversal vulne ...)
+ TODO: check
CVE-2022-39058 (RAVA certification validation system has a path traversal vulnerabilit ...)
NOT-FOR-US: RAVA certification validation system
CVE-2022-39057 (RAVA certificate validation system has insufficient filtering for spec ...)
@@ -67014,8 +67085,8 @@ CVE-2022-28333
RESERVED
CVE-2022-28332
RESERVED
-CVE-2022-28331
- RESERVED
+CVE-2022-28331 (On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond ...)
+ TODO: check
CVE-2022-28330 (Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bound ...)
- apache2 <not-affected> (Windows specific)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/3
@@ -76360,8 +76431,8 @@ CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior t
- snipe-it <itp> (bug #1005172)
CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...)
NOT-FOR-US: Corda
-CVE-2022-25147
- RESERVED
+CVE-2022-25147 (Integer Overflow or Wraparound vulnerability in apr_base64 functions o ...)
+ TODO: check
CVE-2022-0610 (Inappropriate implementation in Gamepad API in Google Chrome prior to ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
@@ -76936,8 +77007,8 @@ CVE-2022-24965
RESERVED
CVE-2022-24964
RESERVED
-CVE-2022-24963
- RESERVED
+CVE-2022-24963 (Integer Overflow or Wraparound vulnerability in apr_encode functions o ...)
+ TODO: check
CVE-2022-24962
RESERVED
CVE-2022-0568
@@ -127377,7 +127448,7 @@ CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer
CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...)
NOT-FOR-US: Gravity
CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...)
- {DLA-2778-1}
+ {DLA-3304-1 DLA-2778-1}
- fig2dev 1:3.2.7b-5 (bug #960736)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/107/
@@ -185412,7 +185483,7 @@ CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without
NOTE: https://github.com/saitoha/libsixel/issues/123
NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
- {DLA-2778-1}
+ {DLA-3304-1 DLA-2778-1}
- fig2dev 1:3.2.8-1
[stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
- transfig <removed>
@@ -185788,14 +185859,14 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_text
NOTE: https://sourceforge.net/p/mcj/tickets/59/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
- {DLA-2778-1}
+ {DLA-3304-1 DLA-2778-1}
- fig2dev 1:3.2.8-1
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/64/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8)
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8)
CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
- {DLA-2778-1}
+ {DLA-3304-1 DLA-2778-1}
- fig2dev 1:3.2.8-1
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/63/
@@ -185808,7 +185879,7 @@ CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects
NOTE: https://sourceforge.net/p/mcj/tickets/61/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
- {DLA-2778-1}
+ {DLA-3304-1 DLA-2778-1}
- fig2dev 1:3.2.8-1
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/65/
@@ -188160,8 +188231,8 @@ CVE-2020-20404
RESERVED
CVE-2020-20403
RESERVED
-CVE-2020-20402
- RESERVED
+CVE-2020-20402 (Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password ...)
+ TODO: check
CVE-2020-20401
RESERVED
CVE-2020-20400
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc002078c5e7858d98fc868f0e282195d87e0e60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc002078c5e7858d98fc868f0e282195d87e0e60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230131/faf8e903/attachment.htm>
More information about the debian-security-tracker-commits
mailing list