Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f3540fba by security tracker role at 2023-01-18T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,213 @@ +CVE-2023-23835 + RESERVED +CVE-2023-23834 + RESERVED +CVE-2023-23833 + RESERVED +CVE-2023-23832 + RESERVED +CVE-2023-23831 + RESERVED +CVE-2023-23830 + RESERVED +CVE-2023-23829 + RESERVED +CVE-2023-23828 + RESERVED +CVE-2023-23827 + RESERVED +CVE-2023-23826 + RESERVED +CVE-2023-23825 + RESERVED +CVE-2023-23824 + RESERVED +CVE-2023-23823 + RESERVED +CVE-2023-23822 + RESERVED +CVE-2023-23821 + RESERVED +CVE-2023-23820 + RESERVED +CVE-2023-23819 + RESERVED +CVE-2023-23818 + RESERVED +CVE-2023-23817 + RESERVED +CVE-2023-23816 + RESERVED +CVE-2023-23815 + RESERVED +CVE-2023-23814 + RESERVED +CVE-2023-23813 + RESERVED +CVE-2023-23812 + RESERVED +CVE-2023-23811 + RESERVED +CVE-2023-23810 + RESERVED +CVE-2023-23809 + RESERVED +CVE-2023-23808 + RESERVED +CVE-2023-23807 + RESERVED +CVE-2023-23806 + RESERVED +CVE-2023-23805 + RESERVED +CVE-2023-23804 + RESERVED +CVE-2023-23803 + RESERVED +CVE-2023-23802 + RESERVED +CVE-2023-23801 + RESERVED +CVE-2023-23800 + RESERVED +CVE-2023-23799 + RESERVED +CVE-2023-23798 + RESERVED +CVE-2023-23797 + RESERVED +CVE-2023-23796 + RESERVED +CVE-2023-23795 + RESERVED +CVE-2023-23794 + RESERVED +CVE-2023-23793 + RESERVED +CVE-2023-23792 + RESERVED +CVE-2023-23791 + RESERVED +CVE-2023-23790 + RESERVED +CVE-2023-23789 + RESERVED +CVE-2023-23788 + RESERVED +CVE-2023-23787 + RESERVED +CVE-2023-23786 + RESERVED +CVE-2023-23785 + RESERVED +CVE-2023-23784 + RESERVED +CVE-2023-23783 + RESERVED +CVE-2023-23782 + RESERVED +CVE-2023-23781 + RESERVED +CVE-2023-23780 + RESERVED +CVE-2023-23779 + RESERVED +CVE-2023-23778 + RESERVED +CVE-2023-23777 + RESERVED +CVE-2023-23776 + RESERVED +CVE-2023-23775 + RESERVED +CVE-2023-23549 + RESERVED +CVE-2023-23548 + RESERVED +CVE-2023-22359 + RESERVED +CVE-2023-22348 + RESERVED +CVE-2023-22318 + RESERVED +CVE-2023-22309 + RESERVED +CVE-2023-22307 + RESERVED +CVE-2023-22294 + RESERVED +CVE-2023-22288 + RESERVED +CVE-2023-0390 + RESERVED +CVE-2023-0389 + RESERVED +CVE-2023-0388 + RESERVED +CVE-2023-0387 + RESERVED +CVE-2023-0386 + RESERVED +CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0384 + RESERVED +CVE-2023-0383 + RESERVED +CVE-2023-0382 + RESERVED +CVE-2023-0381 + RESERVED +CVE-2023-0380 + RESERVED +CVE-2023-0379 + RESERVED +CVE-2023-0378 + RESERVED +CVE-2023-0377 + RESERVED +CVE-2023-0376 + RESERVED +CVE-2023-0375 + RESERVED +CVE-2023-0374 + RESERVED +CVE-2023-0373 + RESERVED +CVE-2023-0372 + RESERVED +CVE-2023-0371 + RESERVED +CVE-2023-0370 + RESERVED +CVE-2023-0369 + RESERVED +CVE-2023-0368 + RESERVED +CVE-2022-4892 + RESERVED +CVE-2022-47909 + RESERVED +CVE-2022-46836 + RESERVED +CVE-2022-46303 + RESERVED +CVE-2022-46302 + RESERVED +CVE-2022-43440 + RESERVED +CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge of th ...) + TODO: check +CVE-2017-20174 + RESERVED +CVE-2015-10070 + RESERVED +CVE-2015-10069 + RESERVED +CVE-2014-125083 + RESERVED +CVE-2013-10014 + RESERVED CVE-2023-23774 RESERVED CVE-2023-23773 @@ -224,20 +434,20 @@ CVE-2023-0333 RESERVED CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) TODO: check -CVE-2020-36654 - RESERVED -CVE-2020-36653 - RESERVED -CVE-2017-20173 - RESERVED -CVE-2017-20172 - RESERVED -CVE-2015-10068 - RESERVED -CVE-2012-10006 - RESERVED -CVE-2011-10001 - RESERVED +CVE-2020-36654 (A vulnerability classified as problematic has been found in GENI Porta ...) + TODO: check +CVE-2020-36653 (A vulnerability was found in GENI Portal. It has been rated as problem ...) + TODO: check +CVE-2017-20173 (A vulnerability was found in AlexRed contentmap. It has been rated as ...) + TODO: check +CVE-2017-20172 (A vulnerability was found in ridhoq soundslike. It has been classified ...) + TODO: check +CVE-2015-10068 (A vulnerability classified as critical was found in danynab movify-j. ...) + TODO: check +CVE-2012-10006 (A vulnerability classified as critical has been found in ale7714 sigep ...) + TODO: check +CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been declared ...) + TODO: check CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...) TODO: check CVE-2023-XXXX [RUSTSEC-2023-0002] @@ -472,6 +682,7 @@ CVE-2023-23606 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606 CVE-2023-23605 RESERVED + {DSA-5322-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23605 @@ -482,18 +693,21 @@ CVE-2023-23604 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604 CVE-2023-23603 RESERVED + {DSA-5322-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603 CVE-2023-23602 RESERVED + {DSA-5322-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23602 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602 CVE-2023-23601 RESERVED + {DSA-5322-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23601 @@ -510,6 +724,7 @@ CVE-2023-23599 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599 CVE-2023-23598 RESERVED + {DSA-5322-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598 @@ -1889,8 +2104,8 @@ CVE-2023-0216 RESERVED CVE-2023-0215 RESERVED -CVE-2023-0214 - RESERVED +CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...) + TODO: check CVE-2023-0213 RESERVED CVE-2023-0212 @@ -2652,8 +2867,8 @@ CVE-2023-22865 RESERVED CVE-2023-22864 RESERVED -CVE-2023-22863 - RESERVED +CVE-2023-22863 (IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP ...) + TODO: check CVE-2023-22862 RESERVED CVE-2023-22861 @@ -2951,8 +3166,8 @@ CVE-2023-22811 RESERVED CVE-2023-22810 RESERVED -CVE-2023-22809 - RESERVED +CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ...) + {DSA-5321-1 DLA-3272-1} - sudo <unfixed> NOTE: https://www.sudo.ws/security/advisories/sudoedit_any/ NOTE: https://github.com/sudo-project/sudo/commit/0274a4f3b403162a37a10f199c989f3727ed3ad4 @@ -3688,12 +3903,12 @@ CVE-2023-22596 RESERVED CVE-2023-22595 RESERVED -CVE-2023-22594 - RESERVED +CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is ...) + TODO: check CVE-2023-22593 RESERVED -CVE-2023-22592 - RESERVED +CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 cou ...) + TODO: check CVE-2023-22591 RESERVED CVE-2023-22590 @@ -3730,8 +3945,8 @@ CVE-2023-22578 RESERVED CVE-2023-22577 RESERVED -CVE-2023-0040 - RESERVED +CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...) + TODO: check CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to auth ...) NOT-FOR-US: User Post Gallery - UPG plugin for WordPress CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...) @@ -4737,8 +4952,8 @@ CVE-2022-4801 (Insufficient Granularity of Access Control in GitHub repository u NOT-FOR-US: usememos CVE-2022-4800 (Improper Verification of Source of a Communication Channel in GitHub r ...) NOT-FOR-US: usememos -CVE-2022-47990 - RESERVED +CVE-2022-47990 (IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged loca ...) + TODO: check CVE-2022-4799 (Improper Authentication in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-47989 @@ -5113,8 +5328,8 @@ CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated NOT-FOR-US: email-existence CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...) NOT-FOR-US: Fuji Electric -CVE-2022-47966 - RESERVED +CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Pl ...) + TODO: check CVE-2022-4746 RESERVED CVE-2022-4745 @@ -5189,8 +5404,7 @@ CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and NOTE: Different issue than CVE-2018-6556 CVE-2022-47951 RESERVED -CVE-2022-47950 - RESERVED +CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...) - swift <unfixed> (bug #1029154) NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1 CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...) @@ -5704,8 +5918,8 @@ CVE-2022-47883 RESERVED CVE-2022-47882 RESERVED -CVE-2022-47881 - RESERVED +CVE-2022-47881 (Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of ...) + TODO: check CVE-2022-47880 RESERVED CVE-2022-47879 @@ -9687,6 +9901,7 @@ CVE-2022-46878 (Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, an NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878 CVE-2022-46877 (By confusing the browser, the fullscreen notification could have been ...) + {DSA-5322-1} - firefox 108.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46877 @@ -9720,6 +9935,7 @@ CVE-2022-46872 (An attacker who compromised a content process could have partial NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872 CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...) + {DSA-5322-1} - firefox 108.0-1 - firefox-esr 102.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871 @@ -10785,8 +11001,8 @@ CVE-2022-46507 RESERVED CVE-2022-46506 RESERVED -CVE-2022-46505 - RESERVED +CVE-2022-46505 (An issue in MatrixSSL 4.5.1-open and earlier leads to failure to secur ...) + TODO: check CVE-2022-46504 RESERVED CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...) @@ -10875,7 +11091,7 @@ CVE-2022-46465 RESERVED CVE-2022-46464 (ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection ...) NOT-FOR-US: ConcreteCMS -CVE-2022-46463 (An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to ...) +CVE-2022-46463 (** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allo ...) NOT-FOR-US: Harbor CVE-2022-46462 RESERVED @@ -11203,34 +11419,34 @@ CVE-2023-21616 RESERVED CVE-2023-21615 RESERVED -CVE-2023-21614 - RESERVED -CVE-2023-21613 - RESERVED -CVE-2023-21612 - RESERVED -CVE-2023-21611 - RESERVED -CVE-2023-21610 - RESERVED -CVE-2023-21609 - RESERVED -CVE-2023-21608 - RESERVED -CVE-2023-21607 - RESERVED -CVE-2023-21606 - RESERVED -CVE-2023-21605 - RESERVED -CVE-2023-21604 - RESERVED -CVE-2023-21603 - RESERVED +CVE-2023-21614 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21613 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21612 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21611 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21610 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21609 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21608 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21607 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21606 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21605 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21604 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-21603 (Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of- ...) + TODO: check CVE-2023-21602 RESERVED -CVE-2023-21601 - RESERVED +CVE-2023-21601 (Adobe Dimension version 3.4.6 (and earlier) are affected by a Use Afte ...) + TODO: check CVE-2023-21600 RESERVED CVE-2023-21599 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) @@ -11261,20 +11477,20 @@ CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) ar NOT-FOR-US: Adobe CVE-2023-21586 RESERVED -CVE-2023-21585 - RESERVED +CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check CVE-2023-21584 RESERVED CVE-2023-21583 RESERVED CVE-2023-21582 RESERVED -CVE-2023-21581 - RESERVED +CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check CVE-2023-21580 RESERVED -CVE-2023-21579 - RESERVED +CVE-2023-21579 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check CVE-2023-21578 RESERVED CVE-2023-21577 @@ -13392,8 +13608,8 @@ CVE-2022-45615 RESERVED CVE-2022-45614 REJECTED -CVE-2022-45613 - RESERVED +CVE-2022-45613 (Book Store Management System v1.0 was discovered to contain a cross-si ...) + TODO: check CVE-2022-45612 RESERVED CVE-2022-45611 @@ -15156,8 +15372,8 @@ CVE-2022-45105 RESERVED CVE-2022-45104 RESERVED -CVE-2022-45103 - RESERVED +CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) + TODO: check CVE-2022-45102 RESERVED CVE-2022-45101 @@ -27869,8 +28085,8 @@ CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via th NOT-FOR-US: Bento4 CVE-2022-41418 (An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/Upload ...) NOT-FOR-US: BlogEngine.NET -CVE-2022-41417 - RESERVED +CVE-2022-41417 (BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with " ...) + TODO: check CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...) @@ -31898,8 +32114,7 @@ CVE-2022-3102 CVE-2022-3101 RESERVED NOT-FOR-US: tripleo-ansible -CVE-2022-3100 [access policy bypass via query string injection] - RESERVED +CVE-2022-3100 (A flaw was found in the openstack-barbican component. This issue allow ...) {DSA-5247-1 DLA-3136-1} - barbican 1:15.0.0~rc3-1 (bug #1021139) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125404 @@ -46726,8 +46941,8 @@ CVE-2022-34459 RESERVED CVE-2022-34458 RESERVED -CVE-2022-34457 - RESERVED +CVE-2022-34457 (Dell command configuration, version 4.8 and prior, contains improper f ...) + TODO: check CVE-2022-34456 (Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection ...) NOT-FOR-US: EMC CVE-2022-34455 @@ -46768,10 +46983,10 @@ CVE-2022-34438 (Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privile NOT-FOR-US: Dell CVE-2022-34437 (Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command inj ...) NOT-FOR-US: Dell -CVE-2022-34436 - RESERVED -CVE-2022-34435 - RESERVED +CVE-2022-34436 (Dell iDRAC8 version 2.83.83.83 and prior contain an improper input val ...) + TODO: check +CVE-2022-34435 (Dell iDRAC9 version 6.00.02.00 and prior contain an improper input val ...) + TODO: check CVE-2022-34434 (Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an ...) NOT-FOR-US: Dell CVE-2022-34433 @@ -46842,8 +47057,8 @@ CVE-2022-34401 (Dell BIOS contains a stack based buffer overflow vulnerability. TODO: check CVE-2022-34400 RESERVED -CVE-2022-34399 - RESERVED +CVE-2022-34399 (Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer acc ...) + TODO: check CVE-2022-34398 RESERVED CVE-2022-34397 @@ -113609,8 +113824,8 @@ CVE-2021-36632 RESERVED CVE-2021-36631 (Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and ...) TODO: check -CVE-2021-36630 - RESERVED +CVE-2021-36630 (DDOS reflection amplification vulnerability in eAut module of Ruckus W ...) + TODO: check CVE-2021-36629 RESERVED CVE-2021-36628 @@ -119901,8 +120116,8 @@ CVE-2021-33961 (A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-g NOT-FOR-US: enhanced-github browser extension CVE-2021-33960 RESERVED -CVE-2021-33959 - RESERVED +CVE-2021-33959 (Plex media server 1.21 and before is vulnerable to ddos reflection att ...) + TODO: check CVE-2021-33958 RESERVED CVE-2021-33957 @@ -157582,8 +157797,8 @@ CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...) NOT-FOR-US: Courier Management System CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...) NOT-FOR-US: Courier Management System -CVE-2020-35326 - RESERVED +CVE-2020-35326 (SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/ ...) + TODO: check CVE-2020-35325 RESERVED CVE-2020-35324 @@ -181655,8 +181870,8 @@ CVE-2020-22009 RESERVED CVE-2020-22008 RESERVED -CVE-2020-22007 - RESERVED +CVE-2020-22007 (OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, a ...) + TODO: check CVE-2020-22006 RESERVED CVE-2020-22005 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3540fba3d91a6812c79b22bb4cdf4925eed8c47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3540fba3d91a6812c79b22bb4cdf4925eed8c47 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits