[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31f6bc2c by security tracker role at 2023-01-17T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2023-23753
+       RESERVED
+CVE-2023-23752
+       RESERVED
+CVE-2023-23751
+       RESERVED
+CVE-2023-23750
+       RESERVED
+CVE-2023-23749
+       RESERVED
+CVE-2023-23748
+       RESERVED
+CVE-2023-23747
+       RESERVED
+CVE-2023-23746
+       RESERVED
+CVE-2023-23745
+       RESERVED
+CVE-2023-23744
+       RESERVED
+CVE-2023-23743
+       RESERVED
+CVE-2023-23742
+       RESERVED
+CVE-2023-23741
+       RESERVED
+CVE-2023-23740
+       RESERVED
+CVE-2023-23739
+       RESERVED
+CVE-2023-23738
+       RESERVED
+CVE-2023-23737
+       RESERVED
+CVE-2023-23736
+       RESERVED
+CVE-2023-23735
+       RESERVED
+CVE-2023-23734
+       RESERVED
+CVE-2023-23733
+       RESERVED
+CVE-2023-23732
+       RESERVED
+CVE-2023-23731
+       RESERVED
+CVE-2023-23730
+       RESERVED
+CVE-2023-23729
+       RESERVED
+CVE-2023-23728
+       RESERVED
+CVE-2023-23727
+       RESERVED
+CVE-2023-23726
+       RESERVED
+CVE-2023-23725
+       RESERVED
+CVE-2023-23724
+       RESERVED
+CVE-2023-23723
+       RESERVED
+CVE-2023-23722
+       RESERVED
+CVE-2023-23721
+       RESERVED
+CVE-2023-23720
+       RESERVED
+CVE-2023-23719
+       RESERVED
+CVE-2023-23718
+       RESERVED
+CVE-2023-23717
+       RESERVED
+CVE-2023-23716
+       RESERVED
+CVE-2023-23715
+       RESERVED
+CVE-2023-23714
+       RESERVED
+CVE-2023-23713
+       RESERVED
+CVE-2023-23712
+       RESERVED
+CVE-2023-23711
+       RESERVED
+CVE-2023-23710
+       RESERVED
+CVE-2023-23709
+       RESERVED
+CVE-2023-23708
+       RESERVED
+CVE-2023-23707
+       RESERVED
+CVE-2023-23706
+       RESERVED
+CVE-2023-23705
+       RESERVED
+CVE-2023-23704
+       RESERVED
+CVE-2023-23703
+       RESERVED
+CVE-2023-23702
+       RESERVED
+CVE-2023-23701
+       RESERVED
+CVE-2023-23700
+       RESERVED
+CVE-2023-23699
+       RESERVED
+CVE-2023-0342
+       RESERVED
+CVE-2023-0341
+       RESERVED
+CVE-2023-0340
+       RESERVED
+CVE-2023-0339
+       RESERVED
+CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
lirantal/d ...)
+       TODO: check
+CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
lirantal/d ...)
+       TODO: check
+CVE-2023-0336
+       RESERVED
+CVE-2023-0335
+       RESERVED
+CVE-2023-0334
+       RESERVED
+CVE-2023-0333
+       RESERVED
+CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food 
Ordering Syste ...)
+       TODO: check
+CVE-2020-36654
+       RESERVED
+CVE-2020-36653
+       RESERVED
+CVE-2017-20173
+       RESERVED
+CVE-2017-20172
+       RESERVED
+CVE-2015-10068
+       RESERVED
+CVE-2012-10006
+       RESERVED
+CVE-2011-10001
+       RESERVED
+CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 
simplesam ...)
+       TODO: check
 CVE-2023-XXXX [RUSTSEC-2023-0002]
        - rust-git2 0.16.0-1
        NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0002.html
@@ -266,26 +414,26 @@ CVE-2023-0317
        RESERVED
 CVE-2022-4891
        RESERVED
-CVE-2017-20170
-       RESERVED
-CVE-2016-15021
-       RESERVED
-CVE-2015-10064
-       RESERVED
-CVE-2015-10063
-       RESERVED
-CVE-2015-10062
-       RESERVED
-CVE-2015-10061
-       RESERVED
-CVE-2015-10060
-       RESERVED
-CVE-2015-10059
-       RESERVED
-CVE-2015-10058
-       RESERVED
-CVE-2013-10013
-       RESERVED
+CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been 
classified  ...)
+       TODO: check
+CVE-2016-15021 (A vulnerability was found in nickzren alsdb. It has been rated 
as crit ...)
+       TODO: check
+CVE-2015-10064 (A vulnerability was found in VictorFerraresi 
pokemon-database-php. It  ...)
+       TODO: check
+CVE-2015-10063 (A vulnerability was found in saemorris TheRadSystem and 
classified as  ...)
+       TODO: check
+CVE-2015-10062 (A vulnerability, which was classified as problematic, was 
found in gal ...)
+       TODO: check
+CVE-2015-10061 (A vulnerability was found in evandro-machado Trabalho-Web2. It 
has bee ...)
+       TODO: check
+CVE-2015-10060 (A vulnerability was found in MNBikeways database and 
classified as cri ...)
+       TODO: check
+CVE-2015-10059 (A vulnerability has been found in s134328 
Webapplication-Veganguide an ...)
+       TODO: check
+CVE-2015-10058 (A vulnerability, which was classified as problematic, was 
found in Wik ...)
+       TODO: check
+CVE-2013-10013 (A vulnerability was found in Bricco Authenticator Plugin. It 
has been  ...)
+       TODO: check
 CVE-2023-0316 (Path Traversal: '\..\filename' in GitHub repository 
froxlor/froxlor pr ...)
        - froxlor <itp> (bug #581792)
 CVE-2023-0315 (Command Injection in GitHub repository froxlor/froxlor prior to 
2.0.8. ...)
@@ -2153,8 +2301,8 @@ CVE-2023-0160
        RESERVED
 CVE-2023-0159
        RESERVED
-CVE-2023-0158
-       RESERVED
+CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository 
content ...)
+       TODO: check
 CVE-2023-0157
        RESERVED
 CVE-2023-0156
@@ -2352,8 +2500,8 @@ CVE-2023-22877
        RESERVED
 CVE-2023-22876
        RESERVED
-CVE-2023-22875
-       RESERVED
+CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used 
for SSL/T ...)
+       TODO: check
 CVE-2023-22874
        RESERVED
 CVE-2023-22873
@@ -4626,24 +4774,24 @@ CVE-2023-22322
        RESERVED
 CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided 
by OpenAM ...)
        NOT-FOR-US: OpenAM Web Policy Agent (different from src:openam)
-CVE-2023-22316
-       RESERVED
-CVE-2023-22304
-       RESERVED
-CVE-2023-22303
-       RESERVED
-CVE-2023-22298
-       RESERVED
-CVE-2023-22296
-       RESERVED
-CVE-2023-22286
-       RESERVED
-CVE-2023-22280
-       RESERVED
-CVE-2023-22279
-       RESERVED
-CVE-2023-22278
-       RESERVED
+CVE-2023-22316 (Hidden functionality vulnerability in PIX-RT100 versions 
RT100_TEQ_2.1 ...)
+       TODO: check
+CVE-2023-22304 (OS command injection vulnerability in PIX-RT100 versions 
RT100_TEQ_2.1 ...)
+       TODO: check
+CVE-2023-22303 (TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 
Build 2022 ...)
+       TODO: check
+CVE-2023-22298 (Open redirect vulnerability in pgAdmin 4 versions prior to 
v6.14 allow ...)
+       TODO: check
+CVE-2023-22296 (Reflected cross-site scripting vulnerability in MAHO-PBX 
NetDevancer s ...)
+       TODO: check
+CVE-2023-22286 (Cross-site request forgery (CSRF) vulnerability in MAHO-PBX 
NetDevance ...)
+       TODO: check
+CVE-2023-22280 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, 
MAHO-PBX ...)
+       TODO: check
+CVE-2023-22279 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, 
MAHO-PBX ...)
+       TODO: check
+CVE-2023-22278 (m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER 
prior to Ver ...)
+       TODO: check
 CVE-2022-47969
        RESERVED
 CVE-2022-4777
@@ -4666,10 +4814,10 @@ CVE-2022-4769
        RESERVED
 CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been 
classified as  ...)
        NOT-FOR-US: Dropbox merou
-CVE-2022-47318
-       RESERVED
-CVE-2022-46648
-       RESERVED
+CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote 
authenticated attac ...)
+       TODO: check
+CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote 
authenticated attac ...)
+       TODO: check
 CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to 
1.4.x. It h ...)
        NOT-FOR-US: OpenMRS
 CVE-2021-4291 (A vulnerability was found in OpenMRS Admin UI Module up to 
1.5.x. It h ...)
@@ -4736,10 +4884,10 @@ CVE-2023-22392
        RESERVED
 CVE-2023-22391 (A vulnerability in class-of-service (CoS) queue management in 
Juniper  ...)
        NOT-FOR-US: Juniper
-CVE-2023-22366
-       RESERVED
-CVE-2023-22357
-       RESERVED
+CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of 
uninitialized po ...)
+       TODO: check
+CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions, 
which ma ...)
+       TODO: check
 CVE-2023-22317
        RESERVED
 CVE-2023-22314
@@ -5476,8 +5624,8 @@ CVE-2022-47855
        RESERVED
 CVE-2022-47854
        RESERVED
-CVE-2022-47853
-       RESERVED
+CVE-2022-47853 (TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to 
Command Inject ...)
+       TODO: check
 CVE-2022-47852
        RESERVED
 CVE-2022-47851
@@ -6066,8 +6214,8 @@ CVE-2022-47580
        RESERVED
 CVE-2022-4622
        RESERVED
-CVE-2022-4621
-       RESERVED
+CVE-2022-4621 (Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 
2.03-0x are  ...)
+       TODO: check
 CVE-2022-4620
        RESERVED
 CVE-2022-4619 (The Sidebar Widgets by CodeLights plugin for WordPress is 
vulnerable t ...)
@@ -9342,8 +9490,8 @@ CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour 
Builder plugin through 1
        NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin
 CVE-2022-46892
        RESERVED
-CVE-2022-46891
-       RESERVED
+CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. 
There is a  ...)
+       TODO: check
 CVE-2022-46890
        RESERVED
 CVE-2022-46889
@@ -12706,8 +12854,7 @@ CVE-2022-45787 (Unproper laxist permissions on the 
temporary files used by MIME4
        NOT-FOR-US: Apache James
 CVE-2022-45786
        RESERVED
-CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free 
in low-level/imap/mailimap_types.c]
-       RESERVED
+CVE-2022-4121 (In libetpan a null pointer dereference in 
mailimap_mailbox_data_status ...)
        {DLA-3261-1}
        - libetpan 1.9.4-3.1 (bug #1025120)
        [bullseye] - libetpan <no-dsa> (Minor issue)
@@ -21505,8 +21652,7 @@ CVE-2022-3652 (Type confusion in V8 in Google Chrome 
prior to 107.0.5304.62 allo
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3651
        RESERVED
-CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
-       RESERVED
+CVE-2022-3650 (A privilege escalation flaw was found in Ceph. 
Ceph-crash.service allo ...)
        - ceph 16.2.10+ds-4 (bug #1024932)
        [bullseye] - ceph <no-dsa> (Minor issue)
        [buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
@@ -26308,24 +26454,21 @@ CVE-2022-41863
        RESERVED
 CVE-2022-41862
        RESERVED
-CVE-2022-41861 [freeradius: Crash on invalid abinary data]
-       RESERVED
+CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or 
home serv ...)
        - freeradius 3.2.0+dfsg-1
        [bullseye] - freeradius <no-dsa> (Minor issue)
        [buster] - freeradius <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62
 (release_3_0_26)
        NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
-CVE-2022-41860 [freeradius: Crash on unknown option in EAP-SIM]
-       RESERVED
+CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM 
option, ...)
        - freeradius 3.2.0+dfsg-1
        [bullseye] - freeradius <no-dsa> (Minor issue)
        [buster] - freeradius <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708
 (release_3_0_26)
        NOTE: https://freeradius.org/security/ ("Crash on unknown option in 
EAP-SIM")
-CVE-2022-41859
-       RESERVED
-CVE-2022-41858
-       RESERVED
+CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() 
leaks i ...)
+       TODO: check
+CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer 
dereference may o ...)
        - linux 5.17.6-1
        [bullseye] - linux 5.10.113-1
        [buster] - linux 4.19.249-1
@@ -28301,8 +28444,7 @@ CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text 
written to the terminal ca
        NOTE: 
https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
 (0.13)
 CVE-2022-41137
        RESERVED
-CVE-2022-40704
-       RESERVED
+CVE-2022-40704 (A XSS vulnerability was found in 
phoromatic_r_add_test_details.php in  ...)
        - phoronix-test-suite <removed>
 CVE-2022-40208
        RESERVED
@@ -33104,8 +33246,8 @@ CVE-2022-3093
        RESERVED
 CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an 
out-of-bounds ...)
        NOT-FOR-US: GE CIMPICITY
-CVE-2022-3091
-       RESERVED
+CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a 
function could ...)
+       TODO: check
 CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, 
Crimson 3.1  ...)
        NOT-FOR-US: Red Lion Controls Crimson
 CVE-2022-3089
@@ -35404,8 +35546,8 @@ CVE-2022-2895 (Measuresoft ScadaPro Server (All 
Versions) uses unmaintained Acti
        NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained 
ActiveX c ...)
        NOT-FOR-US: Measuresoft ScadaPro
-CVE-2022-2893
-       RESERVED
+CVE-2022-2893 (RONDS EPM version 1.19.5 does not properly validate the 
filename param ...)
+       TODO: check
 CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an 
unmain ...)
        NOT-FOR-US: Measuresoft ScadaPro
 CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task 
manageme ...)
@@ -78211,8 +78353,8 @@ CVE-2022-23741 (An incorrect authorization 
vulnerability was identified in GitHu
        TODO: check
 CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in 
a comma ...)
        TODO: check
-CVE-2022-23739
-       RESERVED
+CVE-2022-23739 (An incorrect authorization vulnerability was identified in 
GitHub Ente ...)
+       TODO: check
 CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub 
Enterpris ...)
        NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-23737 (An improper privilege management vulnerability was identified 
in GitHu ...)
@@ -307712,8 +307854,7 @@ CVE-2018-14629 (A denial of service vulnerability was 
discovered in Samba's LDAP
        {DSA-4345-1 DLA-1607-1}
        - samba 2:4.9.2+dfsg-2
        NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
-CVE-2018-14628
-       RESERVED
+CVE-2018-14628 (An information leak vulnerability was discovered in Samba's 
LDAP serve ...)
        - samba <unfixed>
        [bullseye] - samba <no-dsa> (Minor issue)
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13595



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f6bc2c249e07c3e123b9e3dfcf95560dcc409a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f6bc2c249e07c3e123b9e3dfcf95560dcc409a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits