[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 3 20:10:51 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1892e4f9 by security tracker role at 2023-03-03T20:10:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-1168
+ RESERVED
+CVE-2023-1167
+ RESERVED
+CVE-2023-1166
+ RESERVED
+CVE-2022-4929
+ RESERVED
+CVE-2022-4928
+ RESERVED
+CVE-2022-4927
+ RESERVED
+CVE-2021-4329
+ RESERVED
+CVE-2015-10088
+ RESERVED
+CVE-2014-125091
+ RESERVED
+CVE-2014-125090
+ RESERVED
+CVE-2008-10003
+ RESERVED
+CVE-2008-10002
+ RESERVED
CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...)
TODO: check
CVE-2023-27559
@@ -42,7 +66,7 @@ CVE-2023-27540
RESERVED
CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been ...)
NOT-FOR-US: Zhong Bang CRMEB Java
-CVE-2023-1164 (A vulnerability was found in kylin-activation and classified as critic ...)
+CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation and classified ...)
TODO: check
CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and class ...)
NOT-FOR-US: DrayTek Vigor 2960
@@ -2204,8 +2228,8 @@ CVE-2023-26606 (In the Linux kernel 6.0.8, there is a use-after-free in ntfs_tri
CVE-2023-26605 (In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_mov ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2023/2/22/3
-CVE-2023-26604
- RESERVED
+CVE-2023-26604 (systemd before 247 does not adequately block local privilege escalatio ...)
+ TODO: check
CVE-2023-26603
RESERVED
CVE-2022-48363 (In MPD before 0.23.8, as used on Automotive Grade Linux and other plat ...)
@@ -6240,6 +6264,7 @@ CVE-2023-25223
CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...)
- libredwg <itp> (bug #595191)
CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/388
NOTE: https://github.com/strukturag/libde265/commit/857290982330e82d9e25d9d39527c6737021aa7d (v1.0.11)
@@ -7523,32 +7548,39 @@ CVE-2023-24760
CVE-2023-24759
RESERVED
CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/383
NOTE: https://github.com/strukturag/libde265/commit/bfb6de155f9fb015d2904cb4ef07809f17995276 (v1.0.11)
CVE-2023-24757 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/385
NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11)
CVE-2023-24756 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/380
NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11)
CVE-2023-24755 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/384
NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11)
CVE-2023-24754 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/382
NOTE: https://github.com/strukturag/libde265/commit/bfb6de155f9fb015d2904cb4ef07809f17995276 (v1.0.11)
CVE-2023-24753
RESERVED
CVE-2023-24752 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/378
NOTE: https://github.com/strukturag/libde265/commit/052bacb2535cf0024042eefde58e48df2c778f7c (v1.0.11)
CVE-2023-24751 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
+ {DSA-5346-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/379
NOTE: https://github.com/strukturag/libde265/commit/7ea8e3cbb010bc02fa38419e87ed2281d7933850 (v1.0.11)
@@ -12436,6 +12468,7 @@ CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via
CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2023-23009 (Libreswan 4.9 allows remote attackers to cause a denial of service (as ...)
+ {DSA-5368-1}
- libreswan 4.9-2 (bug #1031821)
NOTE: https://github.com/libreswan/libreswan/issues/954
NOTE: https://libreswan.org/security/CVE-2023-23009/CVE-2023-23009.txt
@@ -12511,7 +12544,7 @@ CVE-2023-22986
RESERVED
CVE-2023-22985
RESERVED
-CVE-2023-22984 (A Vulnerability was discovered in Axis 207W network camera. There is a ...)
+CVE-2023-22984 (** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis ...)
NOT-FOR-US: Axis 207W network camera
CVE-2023-22983
RESERVED
@@ -15992,8 +16025,8 @@ CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweb
NOT-FOR-US: microweber
CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4645
- RESERVED
+CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...)
+ TODO: check
CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been declared ...)
@@ -16614,10 +16647,10 @@ CVE-2022-47667
RESERVED
CVE-2022-47666
RESERVED
-CVE-2022-47665
- RESERVED
-CVE-2022-47664
- RESERVED
+CVE-2022-47665 (Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image ...)
+ TODO: check
+CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qp ...)
+ TODO: check
CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -23020,8 +23053,8 @@ CVE-2022-45990 (A cross-site scripting (XSS) vulnerability in the component /sig
NOT-FOR-US: Ecommerce-Website
CVE-2022-45989
RESERVED
-CVE-2022-45988
- RESERVED
+CVE-2022-45988 (starsoftcomm CooCare 5.304 allows local attackers to escalate privileg ...)
+ TODO: check
CVE-2022-45987
RESERVED
CVE-2022-45986
@@ -24060,12 +24093,12 @@ CVE-2022-45555
RESERVED
CVE-2022-45554
RESERVED
-CVE-2022-45553
- RESERVED
-CVE-2022-45552
- RESERVED
-CVE-2022-45551
- RESERVED
+CVE-2022-45553 (An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Route ...)
+ TODO: check
+CVE-2022-45552 (An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ...)
+ TODO: check
+CVE-2022-45551 (An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router ...)
+ TODO: check
CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). ...)
NOT-FOR-US: AyaCMS
CVE-2022-45549
@@ -31214,8 +31247,8 @@ CVE-2023-20106
RESERVED
CVE-2023-20105
RESERVED
-CVE-2023-20104
- RESERVED
+CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...)
+ TODO: check
CVE-2023-20103
RESERVED
CVE-2023-20102
@@ -31246,8 +31279,8 @@ CVE-2023-20090
RESERVED
CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...)
NOT-FOR-US: Cisco
-CVE-2023-20088
- RESERVED
+CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...)
+ TODO: check
CVE-2023-20087
RESERVED
CVE-2023-20086
@@ -31264,10 +31297,10 @@ CVE-2023-20081
RESERVED
CVE-2023-20080
RESERVED
-CVE-2023-20079
- RESERVED
-CVE-2023-20078
- RESERVED
+CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ TODO: check
+CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ TODO: check
CVE-2023-20077
RESERVED
CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...)
@@ -31284,8 +31317,8 @@ CVE-2023-20071
RESERVED
CVE-2023-20070
RESERVED
-CVE-2023-20069
- RESERVED
+CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2023-20068
RESERVED
CVE-2023-20067
@@ -31298,10 +31331,10 @@ CVE-2023-20064
RESERVED
CVE-2023-20063
RESERVED
-CVE-2023-20062
- RESERVED
-CVE-2023-20061
- RESERVED
+CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
+ TODO: check
+CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
+ TODO: check
CVE-2023-20060
RESERVED
CVE-2023-20059
@@ -37279,8 +37312,7 @@ CVE-2022-41864
RESERVED
CVE-2022-41863
RESERVED
-CVE-2022-41862
- RESERVED
+CVE-2022-41862 (In PostgreSQL, a modified, unauthenticated server can send an untermin ...)
- postgresql-15 15.2-1
- postgresql-13 <removed>
[bullseye] - postgresql-13 <no-dsa> (Minor issue)
@@ -44373,6 +44405,7 @@ CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 20
CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2006-20001 (A carefully crafted If: request header can cause a memory read, or wri ...)
+ {DLA-3351-1}
- apache2 2.4.55-1
[bullseye] - apache2 <no-dsa> (Minor update; update proposed via bullseye-pu)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/5
@@ -46748,13 +46781,11 @@ CVE-2022-2839 (The Zephyr Project Manager WordPress plugin before 3.2.55 does no
NOT-FOR-US: WordPress plugin
CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
NOT-FOR-US: Eclipse Sphinx
-CVE-2022-2837
- RESERVED
+CVE-2022-2837 (A flaw was found in coreDNS. This flaw allows a malicious user to redi ...)
- coredns <itp> (bug #880676)
CVE-2022-2836
RESERVED
-CVE-2022-2835
- RESERVED
+CVE-2022-2835 (A flaw was found in coreDNS. This flaw allows a malicious user to rero ...)
- coredns <itp> (bug #880676)
CVE-2022-2834 (The Helpful WordPress plugin before 4.5.26 puts the exported logs and ...)
NOT-FOR-US: WordPress plugin
@@ -49127,6 +49158,7 @@ CVE-2022-37438 (In Splunk Enterprise versions in the following table, an authent
CVE-2022-37437 (When using Ingest Actions to configure a destination that resides on A ...)
NOT-FOR-US: Splunk
CVE-2022-37436 (Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the ...)
+ {DLA-3351-1}
- apache2 2.4.55-1
[bullseye] - apache2 <no-dsa> (Minor update; update proposed via bullseye-pu)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/7
@@ -51054,6 +51086,7 @@ CVE-2022-36762
CVE-2022-36761
RESERVED
CVE-2022-36760 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
+ {DLA-3351-1}
- apache2 2.4.55-1
[bullseye] - apache2 <no-dsa> (Minor update; update proposed via bullseye-pu)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/6
@@ -82127,6 +82160,7 @@ CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Ser
CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...)
NOT-FOR-US: cocoapods-downloader
CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...)
+ {DLA-3350-1}
- node-css-what 5.0.1-1 (bug #1032188)
[bullseye] - node-css-what <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488
@@ -131822,6 +131856,7 @@ CVE-2021-33589
CVE-2021-33588
RESERVED
CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...)
+ {DLA-3350-1}
- node-css-what 5.0.1-1 (bug #989264)
[bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
[buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
@@ -132891,6 +132926,7 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
NOTE: https://github.com/golang/go/issues/46288
CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
+ {DLA-3351-1}
- apache2 2.4.48-4
[bullseye] - apache2 2.4.48-3.1+deb11u1
[stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25)
@@ -244678,7 +244714,7 @@ CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 ha
CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...)
- {DSA-4757-1 DLA-2706-1}
+ {DSA-4757-1 DLA-3351-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
[jessie] - apache2 <ignored> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
@@ -306381,6 +306417,7 @@ CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condit
CVE-2019-0216 (A malicious admin user could edit the state of objects in the Airflow ...)
- airflow <itp> (bug #819700)
CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...)
+ {DLA-3351-1}
- apache2 2.4.38-3
[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1892e4f9e351d289c5f08eba04ba02d6b6c0a843
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1892e4f9e351d289c5f08eba04ba02d6b6c0a843
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/6f26c365/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list