[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 22 09:12:19 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86e28370 by security tracker role at 2023-07-22T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
+	TODO: check
+CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
+	TODO: check
+CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's net/sched:  ...)
+	TODO: check
+CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+	TODO: check
+CVE-2023-3609 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...)
+	TODO: check
+CVE-2023-37918 (Dapr is a portable, event-driven, runtime for building distributed app ...)
+	TODO: check
+CVE-2023-37917 (KubePi is an opensource kubernetes management panel. A normal user has ...)
+	TODO: check
+CVE-2023-37916 (KubePi is an opensource kubernetes management panel. The endpoint /kub ...)
+	TODO: check
+CVE-2023-35077 (An out-of-bounds write vulnerability on windows operating systems caus ...)
+	TODO: check
 CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
 	NOT-FOR-US: pimcore
 CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -8150,7 +8168,8 @@ CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free v
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://github.com/podofo/podofo/issues/70
-CVE-2023-31557 (xpdf pdfimages v4.04 was discovered to contain a stack overflow in the ...)
+CVE-2023-31557
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2023-31556 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...)
 	- libpodofo <not-affected> (Vulnerable code not present)
@@ -8162,7 +8181,8 @@ CVE-2023-31555 (podofoinfo 0.10.0 was discovered to contain a segmentation viola
 	NOTE: https://github.com/podofo/podofo/issues/67
 	NOTE: Fixed by: https://github.com/podofo/podofo/commit/3759eb6aae7c01f2d8670f16ac46f5e116c7f468
 	NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184
-CVE-2023-31554 (xpdf pdfimages v4.04 was discovered to contain a stack overflow in the ...)
+CVE-2023-31554
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2023-31471 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...)
 	NOT-FOR-US: GL.iNet devices
@@ -17177,8 +17197,8 @@ CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent w
 	[bookworm] - openssh <no-dsa> (Minor issue)
 	[bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
 	[buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
-CVE-2023-28530
-	RESERVED
+CVE-2023-28530 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site  ...)
+	TODO: check
 CVE-2023-28529 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
 	NOT-FOR-US: IBM
 CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
@@ -20173,7 +20193,8 @@ CVE-2023-27657
 	RESERVED
 CVE-2023-27656
 	RESERVED
-CVE-2023-27655 (xpdf v4.04 was discovered to contain a stack overflow in the component ...)
+CVE-2023-27655
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...)
 	NOT-FOR-US: WHO
@@ -22157,15 +22178,20 @@ CVE-2023-26940
 	RESERVED
 CVE-2023-26939
 	RESERVED
-CVE-2023-26938 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker  ...)
+CVE-2023-26938
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26937 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker  ...)
+CVE-2023-26937
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26936 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker  ...)
+CVE-2023-26936
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26935 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker  ...)
+CVE-2023-26935
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-26934 (An issue found in XPDF v.4.04 allows an attacker to cause a denial of  ...)
+CVE-2023-26934
+	REJECTED
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2023-26933
 	RESERVED
@@ -24898,8 +24924,8 @@ CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps, whic
 	NOT-FOR-US: Pelvic Health clinician apps
 CVE-2023-25930 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...)
 	NOT-FOR-US: IBM
-CVE-2023-25929
-	RESERVED
+CVE-2023-25929 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripti ...)
+	TODO: check
 CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
 	NOT-FOR-US: IBM
 CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and ...)
@@ -27441,7 +27467,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerab
 	NOT-FOR-US: Apache sling-org-apache-sling-jcr-base
 CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
 	NOT-FOR-US: Siemens
-CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP]
+CVE-2023-3247 (In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before ...)
 	{DSA-5425-1 DSA-5424-1 DLA-3458-1}
 	- php8.2 8.2.7-1
 	- php7.4 <removed>
@@ -43784,22 +43810,22 @@ CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerabili
 	NOT-FOR-US: ChangingTec ServiSign
 CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for special ...)
 	NOT-FOR-US: ChangingTec ServiSign
-CVE-2022-46295
-	RESERVED
-CVE-2022-46294
-	RESERVED
-CVE-2022-46293
-	RESERVED
-CVE-2022-46292
-	RESERVED
-CVE-2022-46291
-	RESERVED
-CVE-2022-46290
-	RESERVED
-CVE-2022-46289
-	RESERVED
-CVE-2022-46280
-	RESERVED
+CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
+	TODO: check
+CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
+	TODO: check
+CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
+	TODO: check
+CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
+	TODO: check
+CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
+	TODO: check
+CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format  ...)
+	TODO: check
+CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format  ...)
+	TODO: check
+CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format  ...)
+	TODO: check
 CVE-2022-46278
 	RESERVED
 CVE-2022-46277
@@ -43836,18 +43862,18 @@ CVE-2022-44615
 	RESERVED
 CVE-2022-44453
 	RESERVED
-CVE-2022-44451
-	RESERVED
+CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format  ...)
+	TODO: check
 CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...)
 	NOT-FOR-US: Ichitaro
 CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...)
 	NOT-FOR-US: WellinTech KingHistorian
 CVE-2022-43503
 	REJECTED
-CVE-2022-43467
-	RESERVED
-CVE-2022-42885
-	RESERVED
+CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...)
+	TODO: check
+CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format  ...)
+	TODO: check
 CVE-2022-42489
 	RESERVED
 CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6,  ...)
@@ -43928,8 +43954,8 @@ CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 al
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-41795
 	RESERVED
-CVE-2022-41793
-	RESERVED
+CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...)
+	TODO: check
 CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...)
 	{DSA-5293-1}
 	- chromium 108.0.5359.71-1
@@ -43967,8 +43993,8 @@ CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the
 	NOTE: https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk@c--e.de/
 CVE-2022-40973
 	RESERVED
-CVE-2022-37331
-	RESERVED
+CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...)
+	TODO: check
 CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
 	NOT-FOR-US: Siemens
 CVE-2022-46264
@@ -54078,8 +54104,8 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
-CVE-2022-43607
-	RESERVED
+CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...)
+	TODO: check
 CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...)
 	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeList at ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e283703d8172715dac891699b43038f3d57132

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e283703d8172715dac891699b43038f3d57132
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230722/e1114a21/attachment.htm>

More information about the debian-security-tracker-commits mailing list