[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 28 21:10:48 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b5fd3fc by security tracker role at 2023-03-28T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-28936
+	RESERVED
+CVE-2023-28935
+	RESERVED
+CVE-2023-28744
+	RESERVED
+CVE-2023-1672
+	RESERVED
+CVE-2023-1671
+	RESERVED
+CVE-2023-1670
+	RESERVED
+CVE-2023-1669
+	RESERVED
+CVE-2022-4934
+	RESERVED
+CVE-2020-36692
+	RESERVED
 CVE-2023-28934
 	RESERVED
 CVE-2023-28933
@@ -2003,8 +2021,7 @@ CVE-2023-28327
 	[bullseye] - linux 5.10.162-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b3abe42e94900bdd045c472f9c9be620ba5ce553 (6.1)
-CVE-2023-28326
-	RESERVED
+CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apache OpenM ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2023-1405
 	RESERVED
@@ -3789,8 +3806,8 @@ CVE-2023-27823
 	RESERVED
 CVE-2023-27822
 	RESERVED
-CVE-2023-27821
-	RESERVED
+CVE-2023-27821 (Databasir v1.0.7 was discovered to contain a remote code execution (RC ...)
+	TODO: check
 CVE-2023-27820
 	RESERVED
 CVE-2023-27819
@@ -4049,8 +4066,8 @@ CVE-2023-27703
 	RESERVED
 CVE-2023-27702
 	RESERVED
-CVE-2023-27701
-	RESERVED
+CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
+	TODO: check
 CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
 	NOT-FOR-US: MuYuCMS
 CVE-2023-27699
@@ -5416,10 +5433,10 @@ CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow
 	NOTE: Crash in CLI tool, no security implications
 CVE-2023-27248
 	RESERVED
-CVE-2023-27247
-	RESERVED
-CVE-2023-27246
-	RESERVED
+CVE-2023-27247 (An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Admin ...)
+	TODO: check
+CVE-2023-27246 (An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth  ...)
+	TODO: check
 CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Project  ...)
 	NOT-FOR-US: File Management Project
 CVE-2023-27244
@@ -5913,8 +5930,8 @@ CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permi
 	NOT-FOR-US: Wondershare Dr.Fone
 CVE-2023-27009
 	RESERVED
-CVE-2023-27008
-	RESERVED
+CVE-2023-27008 (A Cross-site scripting (XSS) vulnerability in the function encrypt_pas ...)
+	TODO: check
 CVE-2023-27007
 	RESERVED
 CVE-2023-27006
@@ -6083,8 +6100,8 @@ CVE-2023-26925
 	RESERVED
 CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...)
 	TODO: check
-CVE-2023-26923
-	RESERVED
+CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that  ...)
+	TODO: check
 CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...)
 	NOT-FOR-US: Varisicte
 CVE-2023-26921
@@ -8234,8 +8251,8 @@ CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband M
 	NOT-FOR-US: Samsung
 CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
 	NOT-FOR-US: Samsung
-CVE-2023-26071
-	RESERVED
+CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...)
+	TODO: check
 CVE-2023-26070
 	RESERVED
 CVE-2023-26069
@@ -9426,8 +9443,8 @@ CVE-2023-25706
 	RESERVED
 CVE-2023-25705
 	RESERVED
-CVE-2023-25704
-	RESERVED
+CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...)
+	TODO: check
 CVE-2023-25703
 	RESERVED
 CVE-2023-25702
@@ -9652,8 +9669,8 @@ CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository mo
 	NOT-FOR-US: Modoboa
 CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...)
 	NOT-FOR-US: Baicells
-CVE-2023-0775
-	RESERVED
+CVE-2023-0775 (An invalid ‘prepare write request’ command can cause the B ...)
+	TODO: check
 CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...)
 	NOT-FOR-US: SourceCodester Medical Certificate Generator App
 CVE-2023-0773
@@ -10768,8 +10785,8 @@ CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable
 	TODO: check
 CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...)
 	TODO: check
-CVE-2023-25260
-	RESERVED
+CVE-2023-25260 (Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusi ...)
+	TODO: check
 CVE-2023-25259
 	RESERVED
 CVE-2023-25258
@@ -10927,14 +10944,11 @@ CVE-2011-10002 (A vulnerability classified as critical has been found in weblaby
 	NOT-FOR-US: weblabyrinth
 CVE-2023-25198
 	RESERVED
-CVE-2023-25197
-	RESERVED
+CVE-2023-25197 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Apache Fineract
-CVE-2023-25196
-	RESERVED
+CVE-2023-25196 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Apache Fineract
-CVE-2023-25195
-	RESERVED
+CVE-2023-25195 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...)
 	NOT-FOR-US: Apache Fineract
 CVE-2022-48314
 	RESERVED
@@ -13084,15 +13098,13 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che
 	NOTE: https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7)
 CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0466
-	RESERVED
+CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...)
 	- openssl <unfixed>
 	[bullseye] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable)
-CVE-2023-0465
-	RESERVED
+CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...)
 	- openssl <unfixed>
 	[bullseye] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
@@ -21769,8 +21781,8 @@ CVE-2022-47531
 	RESERVED
 CVE-2022-47530
 	RESERVED
-CVE-2022-47529
-	RESERVED
+CVE-2022-47529 (Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWit ...)
+	TODO: check
 CVE-2022-47528
 	RESERVED
 CVE-2022-47527
@@ -24104,8 +24116,8 @@ CVE-2022-47172
 	RESERVED
 CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47170
-	RESERVED
+CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unli ...)
+	TODO: check
 CVE-2022-47169
 	RESERVED
 CVE-2022-47168
@@ -24937,8 +24949,8 @@ CVE-2022-46865
 	RESERVED
 CVE-2022-46864
 	RESERVED
-CVE-2022-46863
-	RESERVED
+CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
+	TODO: check
 CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46861
@@ -24953,8 +24965,8 @@ CVE-2022-46857
 	RESERVED
 CVE-2022-46856
 	RESERVED
-CVE-2022-46855
-	RESERVED
+CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46853
@@ -24967,8 +24979,8 @@ CVE-2022-46850
 	RESERVED
 CVE-2022-46849
 	RESERVED
-CVE-2022-46848
-	RESERVED
+CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2022-46847
 	RESERVED
 CVE-2022-46846
@@ -28109,8 +28121,8 @@ CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <=
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45832
 	RESERVED
-CVE-2022-45831
-	RESERVED
+CVE-2022-45831 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob01 ...)
+	TODO: check
 CVE-2022-45830
 	RESERVED
 CVE-2022-45829 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1  ...)
@@ -36674,16 +36686,16 @@ CVE-2022-43747 (baramundi Management Agent (bMA) in baramundi Management Suite (
 	NOT-FOR-US: baramundi
 CVE-2022-3687
 	RESERVED
-CVE-2022-3686
-	RESERVED
-CVE-2022-3685
-	RESERVED
-CVE-2022-3684
-	RESERVED
-CVE-2022-3683
-	RESERVED
-CVE-2022-3682
-	RESERVED
+CVE-2022-3686 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...)
+	TODO: check
+CVE-2022-3685 (A vulnerability exists in the SDM600 software. The software operates a ...)
+	TODO: check
+CVE-2022-3684 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...)
+	TODO: check
+CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorization va ...)
+	TODO: check
+CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An at ...)
+	TODO: check
 CVE-2022-3681
 	RESERVED
 CVE-2022-43746
@@ -78823,10 +78835,10 @@ CVE-2022-26838
 	RESERVED
 CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...)
 	NOT-FOR-US: plantuml
-CVE-2022-1230
-	RESERVED
-CVE-2022-1229
-	RESERVED
+CVE-2022-1230 (This vulnerability allows local attackers to execute arbitrary code on ...)
+	TODO: check
+CVE-2022-1229 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows an a ...)
@@ -88529,8 +88541,8 @@ CVE-2022-0652 (Confd log files contain local users', including root’s, SHA
 	NOT-FOR-US: Sophos UTM
 CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0650
-	RESERVED
+CVE-2022-0650 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
@@ -89475,10 +89487,10 @@ CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not menti
 	NOTE: of deleted content.
 CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...)
 	NOT-FOR-US: Proofpoint email-isolation
-CVE-2022-24973
-	RESERVED
-CVE-2022-24972
-	RESERVED
+CVE-2022-24973 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-24972 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+	TODO: check
 CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2022-24970
@@ -89647,10 +89659,10 @@ CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow a
 	NOT-FOR-US: Qlik Sense Enterprise
 CVE-2022-24916 (Optimism before @eth-optimism/l2geth at 0.5.11 allows economic griefing b ...)
 	NOT-FOR-US: Optimism
-CVE-2022-24908
-	RESERVED
-CVE-2022-24907
-	RESERVED
+CVE-2022-24908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-24906 (Nextcloud Deck is a Kanban-style project & personal management too ...)
 	NOT-FOR-US: Nextcloud Deck
 CVE-2022-24905 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -90493,12 +90505,12 @@ CVE-2022-24675 (encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a
 	- golang-1.17 1.17.9-1
 	NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
 	NOTE: https://go.dev/issue/51853
-CVE-2022-24674
-	RESERVED
-CVE-2022-24673
-	RESERVED
-CVE-2022-24672
-	RESERVED
+CVE-2022-24674 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-24673 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24672 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-24383 (The affected product is vulnerable to an out-of-bounds read, which may ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2022-21228 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
@@ -91434,10 +91446,10 @@ CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute
 	NOT-FOR-US: TP-Link
 CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: TP-Link
-CVE-2022-24353
-	RESERVED
-CVE-2022-24352
-	RESERVED
+CVE-2022-24353 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-24351
 	RESERVED
 CVE-2022-24350
@@ -94729,6 +94741,7 @@ CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site scripti
 	NOTE: https://github.com/tinymce/tinymce/commit/8bb2d2646d4e1a718fce61a775fa22e9d317b32d
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-gg8r-xjwq-4w92
 CVE-2022-23493 (xrdp is an open source project which provides a graphical login to rem ...)
+	{DLA-3370-1}
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v
 CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go programming l ...)
@@ -94750,9 +94763,11 @@ CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the
 CVE-2022-23485 (Sentry is an error tracking and performance monitoring platform. In ve ...)
 	NOT-FOR-US: Sentry
 CVE-2022-23484 (xrdp is an open source project which provides a graphical login to rem ...)
+	{DLA-3370-1}
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6
 CVE-2022-23483 (xrdp is an open source project which provides a graphical login to rem ...)
+	{DLA-3370-1}
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq
 CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...)
@@ -94766,9 +94781,11 @@ CVE-2022-23480 (xrdp is an open source project which provides a graphical login
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg
 	NOTE: https://github.com/neutrinolabs/xrdp/commit/ae7c17e1f629156cce21f7f1b568d849c63bdc3f
 CVE-2022-23479 (xrdp is an open source project which provides a graphical login to rem ...)
+	{DLA-3370-1}
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh
 CVE-2022-23478 (xrdp is an open source project which provides a graphical login to rem ...)
+	{DLA-3370-1}
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2f49-wwpm-78pj
 CVE-2022-23477 (xrdp is an open source project which provides a graphical login to rem ...)
@@ -94799,6 +94816,7 @@ CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrar
 CVE-2022-23469 (Traefik is an open source HTTP reverse proxy and load balancer. Versio ...)
 	- traefik <itp> (bug #983289)
 CVE-2022-23468 (xrdp is an open source project which provides a graphical login to rem ...)
+	{DLA-3370-1}
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6
 CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to control Ra ...)
@@ -96285,13 +96303,11 @@ CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux k
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7)
-CVE-2022-23125
-	RESERVED
+CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	- netatalk 3.1.13~ds-1
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa
-CVE-2022-23124
-	RESERVED
+CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	- netatalk 3.1.13~ds-1
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
@@ -96300,8 +96316,7 @@ CVE-2022-23124
 	NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
 	NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
 	NOTE: but not reviewed/merged upstream so far
-CVE-2022-23123
-	RESERVED
+CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	- netatalk 3.1.13~ds-1
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33
@@ -96311,8 +96326,7 @@ CVE-2022-23123
 	NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
 	NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
 	NOTE: but not reviewed/merged upstream so far
-CVE-2022-23122
-	RESERVED
+CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	- netatalk 3.1.13~ds-1
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
@@ -96321,8 +96335,7 @@ CVE-2022-23122
 	NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
 	NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
 	NOTE: but not reviewed/merged upstream so far
-CVE-2022-23121
-	RESERVED
+CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	- netatalk 3.1.13~ds-1
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c
@@ -96367,8 +96380,7 @@ CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEm
 	NOT-FOR-US: Reolink
 CVE-2022-21134 (A firmware update vulnerability exists in the &quot;update&quo ...)
 	NOT-FOR-US: Reolink
-CVE-2022-0194
-	RESERVED
+CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	- netatalk 3.1.13~ds-1
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b5fd3fce759ff64843162b419ccae645677ae5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b5fd3fce759ff64843162b419ccae645677ae5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230328/e7f6ba20/attachment.htm>

More information about the debian-security-tracker-commits mailing list