[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 24 20:10:30 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13fd774a by security tracker role at 2023-03-24T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2023-28857
+ RESERVED
+CVE-2023-28856
+ RESERVED
+CVE-2023-28855
+ RESERVED
+CVE-2023-28854
+ RESERVED
+CVE-2023-28853
+ RESERVED
+CVE-2023-28852
+ RESERVED
+CVE-2023-28851
+ RESERVED
+CVE-2023-28850
+ RESERVED
+CVE-2023-28849
+ RESERVED
+CVE-2023-28848
+ RESERVED
+CVE-2023-28847
+ RESERVED
+CVE-2023-28846
+ RESERVED
+CVE-2023-28845
+ RESERVED
+CVE-2023-28844
+ RESERVED
+CVE-2023-28843
+ RESERVED
+CVE-2023-28842
+ RESERVED
+CVE-2023-28841
+ RESERVED
+CVE-2023-28840
+ RESERVED
+CVE-2023-28839
+ RESERVED
+CVE-2023-28838
+ RESERVED
+CVE-2023-28837
+ RESERVED
+CVE-2023-28836
+ RESERVED
+CVE-2023-28835
+ RESERVED
+CVE-2023-28834
+ RESERVED
+CVE-2023-28833
+ RESERVED
+CVE-2023-28832
+ RESERVED
+CVE-2023-28831
+ RESERVED
+CVE-2023-28830
+ RESERVED
+CVE-2023-28829
+ RESERVED
+CVE-2023-28828
+ RESERVED
+CVE-2023-28827
+ RESERVED
+CVE-2023-28379
+ RESERVED
+CVE-2023-27395
+ RESERVED
+CVE-2023-22325
+ RESERVED
+CVE-2023-22308
+ RESERVED
+CVE-2023-1624
+ RESERVED
+CVE-2023-1623
+ RESERVED
+CVE-2023-1622
+ RESERVED
+CVE-2023-1621
+ RESERVED
+CVE-2023-1620
+ RESERVED
+CVE-2023-1619
+ RESERVED
+CVE-2023-1618
+ RESERVED
+CVE-2023-1617
+ RESERVED
+CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...)
+ TODO: check
+CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c a ...)
+ TODO: check
+CVE-2016-15030
+ RESERVED
+CVE-2015-10097
+ RESERVED
CVE-2023-28821
RESERVED
CVE-2023-28820
@@ -2233,10 +2327,10 @@ CVE-2023-1357 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
CVE-2023-28153
RESERVED
-CVE-2023-28152
- RESERVED
-CVE-2023-28151
- RESERVED
+CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 1.1.110. The A ...)
+ TODO: check
+CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1.1.110 ...)
+ TODO: check
CVE-2023-28150
RESERVED
CVE-2023-28149
@@ -3866,10 +3960,10 @@ CVE-2023-27603
RESERVED
CVE-2023-27602
RESERVED
-CVE-2023-1177
- RESERVED
-CVE-2023-1176
- RESERVED
+CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)
+ TODO: check
+CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...)
+ TODO: check
CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...)
- vim 2:9.0.1378-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -5028,8 +5122,8 @@ CVE-2023-27244
RESERVED
CVE-2023-27243
RESERVED
-CVE-2023-27242
- RESERVED
+CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to contain a ...)
+ TODO: check
CVE-2023-27241
RESERVED
CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command injection v ...)
@@ -12013,8 +12107,8 @@ CVE-2023-24627
RESERVED
CVE-2023-24626
RESERVED
-CVE-2023-24625
- RESERVED
+CVE-2023-24625 (Faveo 5.0.1 allows remote attackers to obtain sensitive information vi ...)
+ TODO: check
CVE-2023-24624
RESERVED
CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to th ...)
@@ -22605,8 +22699,7 @@ CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Un
NOT-FOR-US: SolarWinds
CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
NOT-FOR-US: SolarWinds
-CVE-2022-47502
- RESERVED
+CVE-2022-47502 (Apache OpenOffice documents can contain links that call internal macro ...)
NOT-FOR-US: Apache OpenOffice
CVE-2022-47501
RESERVED
@@ -38611,8 +38704,8 @@ CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Pe
NOT-FOR-US: Silverstripe
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...)
NOT-FOR-US: Mikrotik
-CVE-2022-42948
- RESERVED
+CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are d ...)
+ TODO: check
CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk Maya 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya ...)
@@ -40301,21 +40394,25 @@ CVE-2022-42336
CVE-2022-42335
RESERVED
CVE-2022-42334 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
NOTE: https://xenbits.xen.org/xsa/advisory-428.html
CVE-2022-42333 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
NOTE: https://xenbits.xen.org/xsa/advisory-428.html
CVE-2022-42332 (x86 shadow plus log-dirty mode use-after-free In environments where ho ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/1
NOTE: https://xenbits.xen.org/xsa/advisory-427.html
CVE-2022-42331 (x86: speculative vulnerability in 32bit SYSCALL path Due to an oversig ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/3
@@ -49725,8 +49822,7 @@ CVE-2022-38747
RESERVED
CVE-2022-38746
RESERVED
-CVE-2022-38745
- RESERVED
+CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to add an e ...)
NOT-FOR-US: Apache OpenOffice
CVE-2022-2993 (There is an error in the condition of the last if-statement in the fun ...)
NOT-FOR-US: zephyr-rtos
@@ -56662,7 +56758,7 @@ CVE-2022-36277
RESERVED
CVE-2022-36276
RESERVED
-CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly escape u ...)
+CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly escape us ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
- gitlab <not-affected> (Specific to EE)
@@ -78709,8 +78805,8 @@ CVE-2022-28497 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to
NOT-FOR-US: TOTOLINK
CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a ...)
NOT-FOR-US: TOTOLINK
-CVE-2022-28495
- RESERVED
+CVE-2022-28495 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...)
+ TODO: check
CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...)
NOT-FOR-US: TOTOLINK
CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start ...)
@@ -93431,6 +93527,7 @@ CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to
NOTE: https://xenbits.xen.org/xsa/advisory-422.html
NOTE: https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf
CVE-2022-23824 (IBPB may not prevent return branch predictions from being specified by ...)
+ {DSA-5378-1}
- xen 4.16.2+90-g0d39a6d1ae-1
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-422.html
@@ -94720,7 +94817,7 @@ CVE-2022-0275
RESERVED
CVE-2022-23398
RESERVED
-CVE-2022-23397 (The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to ...)
+CVE-2022-23397 (** DISPUTED ** The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet porta ...)
NOT-FOR-US: Cedar Gate EZ-NET portal
CVE-2022-23396
RESERVED
@@ -115597,8 +115694,8 @@ CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of si
NOT-FOR-US: Apache OpenOffice
CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...)
NOT-FOR-US: Apache OpenOffice
-CVE-2021-3844
- RESERVED
+CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration when an ...)
+ TODO: check
CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
NOT-FOR-US: Lenovo
CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fd774a84b4f40660873b3fbf5dcf86dcd0c330
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fd774a84b4f40660873b3fbf5dcf86dcd0c330
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230324/91fb239a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list