[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 3 08:10:31 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ba343b5 by security tracker role at 2023-03-03T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...)
+ TODO: check
+CVE-2023-27559
+ RESERVED
+CVE-2023-27558
+ RESERVED
+CVE-2023-27557
+ RESERVED
+CVE-2023-27556
+ RESERVED
+CVE-2023-27555
+ RESERVED
+CVE-2023-27554
+ RESERVED
+CVE-2023-27553
+ RESERVED
+CVE-2023-27552
+ RESERVED
+CVE-2023-27551
+ RESERVED
+CVE-2023-27550
+ RESERVED
+CVE-2023-27549
+ RESERVED
+CVE-2023-27548
+ RESERVED
+CVE-2023-27547
+ RESERVED
+CVE-2023-27546
+ RESERVED
+CVE-2023-27545
+ RESERVED
+CVE-2023-27544
+ RESERVED
+CVE-2023-27543
+ RESERVED
+CVE-2023-27542
+ RESERVED
+CVE-2023-27541
+ RESERVED
+CVE-2023-27540
+ RESERVED
+CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been ...)
+ TODO: check
+CVE-2023-1164 (A vulnerability was found in kylin-activation and classified as critic ...)
+ TODO: check
+CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and class ...)
+ TODO: check
+CVE-2023-1162 (A vulnerability, which was classified as critical, was found in DrayTe ...)
+ TODO: check
+CVE-2023-1161
+ RESERVED
+CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository ...)
+ TODO: check
+CVE-2023-1159
+ RESERVED
+CVE-2023-1158
+ RESERVED
+CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
+ TODO: check
+CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2021-4328 (A vulnerability has been found in 狮子鱼CMS and clas ...)
+ TODO: check
+CVE-2020-36665
+ RESERVED
+CVE-2020-36664
+ RESERVED
+CVE-2020-36663
+ RESERVED
CVE-2023-27539
RESERVED
CVE-2023-27538
@@ -449,8 +519,8 @@ CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpres
NOT-FOR-US: flatpressblog
CVE-2023-1102
RESERVED
-CVE-2023-1101
- RESERVED
+CVE-2023-1101 (SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerab ...)
+ TODO: check
CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Catering Reservation System
CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management ...)
@@ -2525,18 +2595,18 @@ CVE-2023-26477 (XWiki Platform is a generic wiki platform. Starting in versions
NOT-FOR-US: XWiki
CVE-2023-26476 (XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, ...)
NOT-FOR-US: XWiki
-CVE-2023-26475
- RESERVED
-CVE-2023-26474
- RESERVED
-CVE-2023-26473
- RESERVED
-CVE-2023-26472
- RESERVED
-CVE-2023-26471
- RESERVED
-CVE-2023-26470
- RESERVED
+CVE-2023-26475 (XWiki Platform is a generic wiki platform. Starting in version 2.3-mil ...)
+ TODO: check
+CVE-2023-26474 (XWiki Platform is a generic wiki platform. Starting in version 13.10, ...)
+ TODO: check
+CVE-2023-26473 (XWiki Platform is a generic wiki platform. Starting in version 1.3-rc- ...)
+ TODO: check
+CVE-2023-26472 (XWiki Platform is a generic wiki platform. Starting in version 6.2-mil ...)
+ TODO: check
+CVE-2023-26471 (XWiki Platform is a generic wiki platform. Starting in version 11.6-rc ...)
+ TODO: check
+CVE-2023-26470 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
CVE-2023-26469
RESERVED
CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...)
@@ -2958,8 +3028,8 @@ CVE-2023-0959
RESERVED
CVE-2023-0958
RESERVED
-CVE-2023-0957
- RESERVED
+CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
+ TODO: check
CVE-2023-0956
RESERVED
CVE-2023-0955
@@ -3716,20 +3786,20 @@ CVE-2014-125087 (A vulnerability was found in java-xmlbuilder up to 1.1. It has
NOT-FOR-US: java-xmlbuilder
CVE-2012-10007 (A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. ...)
NOT-FOR-US: madgicweb BuddyStream Plugin
-CVE-2023-26056
- RESERVED
-CVE-2023-26055
- RESERVED
+CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3.0-mil ...)
+ TODO: check
+CVE-2023-26055 (XWiki Commons are technical libraries common to several other top leve ...)
+ TODO: check
CVE-2023-26054
RESERVED
CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...)
- gradle <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
TODO: check, said that only 6.2 to 7.6 are impacted (upstream reference?)
-CVE-2023-26052
- RESERVED
-CVE-2023-26051
- RESERVED
+CVE-2023-26052 (Saleor is a headless, GraphQL commerce platform delivering personalize ...)
+ TODO: check
+CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering personalize ...)
+ TODO: check
CVE-2023-26050
RESERVED
CVE-2023-26049
@@ -6701,8 +6771,8 @@ CVE-2023-25019
RESERVED
CVE-2023-0657
RESERVED
-CVE-2023-0656
- RESERVED
+CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...)
+ TODO: check
CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...)
NOT-FOR-US: SonicWall
CVE-2023-0654
@@ -7341,10 +7411,10 @@ CVE-2023-0580
RESERVED
CVE-2023-0579
RESERVED
-CVE-2023-0578
- RESERVED
-CVE-2023-0577
- RESERVED
+CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- yugabyte-db <itp> (bug #989673)
CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...)
@@ -8400,8 +8470,8 @@ CVE-2023-0459
RESERVED
CVE-2023-0458
RESERVED
-CVE-2023-0457
- RESERVED
+CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...)
+ TODO: check
CVE-2022-4896
RESERVED
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
@@ -10108,7 +10178,7 @@ CVE-2023-22294
CVE-2023-22288
RESERVED
CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2
NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
@@ -10920,6 +10990,7 @@ CVE-2023-23588
CVE-2023-23587
RESERVED
CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible to le ...)
+ {DLA-3349-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.162-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -11177,7 +11248,7 @@ CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijackin
CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0265
@@ -11328,6 +11399,7 @@ CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different pri
CVE-2023-0241
RESERVED
CVE-2023-0240 (There is a logic error in io_uring's implementation which can be used ...)
+ {DLA-3349-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.162-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -11359,11 +11431,11 @@ CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-syst
CVE-2012-10005 (A vulnerability has been found in manikandan170890 php-form-builder-cl ...)
NOT-FOR-US: manikandan170890 php-form-builder-class
CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1. ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b
CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...)
@@ -12634,7 +12706,7 @@ CVE-2023-0180
RESERVED
CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits]
RESERVED
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2
@@ -13773,8 +13845,8 @@ CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable t
NOT-FOR-US: JetWidgets for Elementor plugin for WordPress
CVE-2023-0085 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress
-CVE-2023-0084
- RESERVED
+CVE-2023-0084 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
+ TODO: check
CVE-2023-0083
RESERVED
CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate and ...)
@@ -15710,7 +15782,7 @@ CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cro
CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: ProfilePress plugin for WordPress
CVE-2022-4696 (There exists a use-after-free vulnerability in the Linux kernel throug ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
@@ -15789,7 +15861,7 @@ CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values
CVE-2022-47930
RESERVED
CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/96398560f26aa07e8f2969d73c8197e6a6d10407 (6.2-rc4)
CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...)
@@ -16031,8 +16103,8 @@ CVE-2022-41989 (Sewio’s Real-Time Location System (RTLS) Studio version 2.
NOT-FOR-US: Sewio
CVE-2022-41696
RESERVED
-CVE-2022-40633
- RESERVED
+CVE-2022-40633 (A malicious actor can clone access cards used to open control cabinets ...)
+ TODO: check
CVE-2021-4274 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: bird-lg
CVE-2021-4273 (A vulnerability classified as problematic was found in studygolang. Th ...)
@@ -16065,8 +16137,8 @@ CVE-2020-36621 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: chedabob whatismyudid
CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It ...)
NOT-FOR-US: Brondahl EnumStringValues
-CVE-2023-22381
- RESERVED
+CVE-2023-22381 (A code injection vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
@@ -21239,8 +21311,8 @@ CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /adm
NOT-FOR-US: Online Student Enrollment System
CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to contain a SQL ...)
NOT-FOR-US: Online Student Enrollment System
-CVE-2022-46501
- RESERVED
+CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discov ...)
+ TODO: check
CVE-2022-46500
RESERVED
CVE-2022-46499
@@ -23057,7 +23129,7 @@ CVE-2022-4146
CVE-2022-45935 (Usage of temporary files with insecure permissions by the Apache James ...)
NOT-FOR-US: Apache James
CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...)
@@ -32814,7 +32886,7 @@ CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as probl
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1)
CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.0.3-1
[buster] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
@@ -34045,7 +34117,7 @@ CVE-2022-3547 (A vulnerability was found in SourceCodester Simple Cold Storage M
CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
NOT-FOR-US: SourceCodester Simple Cold Storage Management System
CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as criti ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/02e1a114fdb71e59ee6770294166c30d437bf86a (6.0-rc1)
CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...)
@@ -39065,7 +39137,7 @@ CVE-2022-41220 (** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via
CVE-2022-41219
RESERVED
CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://lore.kernel.org/all/87sfklgozd.wl-tiwai@suse.de/
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4
@@ -41699,7 +41771,7 @@ CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
NOTE: Might be OpenAnolis specific issues, check when Bugzilla entries are public
CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e
@@ -46492,7 +46564,7 @@ CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...)
- {DSA-5324-1}
+ {DSA-5324-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048
NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/
@@ -53821,8 +53893,8 @@ CVE-2022-35647
RESERVED
CVE-2022-35646 (IBM Security Verify Governance, Identity Manager 10.0.1 software compo ...)
NOT-FOR-US: IBM
-CVE-2022-35645
- RESERVED
+CVE-2022-35645 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo A ...)
+ TODO: check
CVE-2022-35644
RESERVED
CVE-2022-35643 (IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with syst ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ba343b56d6f3acec6b4445b0387e1e9b963ff70
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ba343b56d6f3acec6b4445b0387e1e9b963ff70
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/9dd6efbd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list