Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8f1d852d by security tracker role at 2023-01-27T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-24595
+ RESERVED
+CVE-2023-24583
+ RESERVED
+CVE-2023-24582
+ RESERVED
+CVE-2023-24581
+ RESERVED
+CVE-2023-22365
+ RESERVED
+CVE-2023-22299
+ RESERVED
+CVE-2023-0549 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-0548
+ RESERVED
+CVE-2023-0547
+ RESERVED
+CVE-2023-0546
+ RESERVED
+CVE-2023-0545
+ RESERVED
+CVE-2023-0544
+ RESERVED
+CVE-2023-0543
+ RESERVED
+CVE-2023-0542
+ RESERVED
+CVE-2023-0541
+ RESERVED
+CVE-2023-0540
+ RESERVED
+CVE-2023-0539
+ RESERVED
+CVE-2023-0538
+ RESERVED
+CVE-2023-0537
+ RESERVED
+CVE-2023-0536
+ RESERVED
+CVE-2023-0535
+ RESERVED
+CVE-2023-0534 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-0533 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-0532 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2023-0531 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-0530 (A vulnerability was found in SourceCodester Online Tours &
Travels ...)
+ TODO: check
+CVE-2023-0529 (A vulnerability was found in SourceCodester Online Tours &
Travels ...)
+ TODO: check
+CVE-2023-0528 (A vulnerability was found in SourceCodester Online Tours &
Travels ...)
+ TODO: check
+CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards
Hiring ...)
+ TODO: check
+CVE-2023-0526
+ RESERVED
CVE-2023-24580
RESERVED
CVE-2023-24579
@@ -6718,22 +6778,22 @@ CVE-2022-48075
RESERVED
CVE-2022-48074
RESERVED
-CVE-2022-48073
- RESERVED
-CVE-2022-48072
- RESERVED
-CVE-2022-48071
- RESERVED
-CVE-2022-48070
- RESERVED
-CVE-2022-48069
- RESERVED
+CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and
admin pa ...)
+ TODO: check
+CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2022-48071 (Phicomm K2 v22.6.534.263 was discovered to store the root and
admin pa ...)
+ TODO: check
+CVE-2022-48070 (Phicomm K2 v22.6.534.263 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2022-48069 (Totolink A830R V4.1.2cu.5182 was discovered to contain a
command injec ...)
+ TODO: check
CVE-2022-48068
RESERVED
-CVE-2022-48067
- RESERVED
-CVE-2022-48066
- RESERVED
+CVE-2022-48067 (An information disclosure vulnerability in Totolink A830R
V4.1.2cu.518 ...)
+ TODO: check
+CVE-2022-48066 (An issue in the component global.so of Totolink A830R
V4.1.2cu.5182 al ...)
+ TODO: check
CVE-2022-48065
RESERVED
CVE-2022-48064
@@ -6838,20 +6898,20 @@ CVE-2022-48015
RESERVED
CVE-2022-48014
RESERVED
-CVE-2022-48013
- RESERVED
-CVE-2022-48012
- RESERVED
-CVE-2022-48011
- RESERVED
-CVE-2022-48010
- RESERVED
+CVE-2022-48013 (Opencats v0.9.7 was discovered to contain a stored cross-site
scriptin ...)
+ TODO: check
+CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored
cross-site scrip ...)
+ TODO: check
CVE-2022-48009
RESERVED
-CVE-2022-48008
- RESERVED
-CVE-2022-48007
- RESERVED
+CVE-2022-48008 (An arbitrary file upload vulnerability in the plugin manager
of LimeSu ...)
+ TODO: check
+CVE-2022-48007 (A stored cross-site scripting (XSS) vulnerability in
identification.ph ...)
+ TODO: check
CVE-2022-48006
RESERVED
CVE-2022-48005
@@ -8443,8 +8503,8 @@ CVE-2022-47634 (M-Link Archive Server in Isode M-Link
R16.2v1 through R17.0 befo
NOT-FOR-US: M-Link
CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno
1.8.3 an ...)
NOT-FOR-US: Kyverno
-CVE-2022-47632
- RESERVED
+CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege
escalation due t ...)
+ TODO: check
CVE-2022-47631
RESERVED
CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in
the X.509 ...)
@@ -8636,12 +8696,12 @@ CVE-2023-22244
RESERVED
CVE-2023-22243
RESERVED
-CVE-2023-22242
- RESERVED
-CVE-2023-22241
- RESERVED
-CVE-2023-22240
- RESERVED
+CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier),
22.003.20281 ...)
+ TODO: check
+CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier),
22.003.20281 ...)
+ TODO: check
+CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier),
22.003.20281 ...)
+ TODO: check
CVE-2023-22239
RESERVED
CVE-2023-22238
@@ -12309,8 +12369,8 @@ CVE-2022-4337 (An out-of-bounds read in Organization
Specific TLV was found in v
NOTE: Fixed by:
https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4
CVE-2022-4336 (In BAOTA linux panel there exists a stored xss vulnerability
attackers ...)
NOT-FOR-US: BAOTA linux panel
-CVE-2022-4335
- RESERVED
+CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of
GitLab EE ...)
+ TODO: check
CVE-2022-4334
REJECTED
CVE-2022-4333
@@ -13205,8 +13265,7 @@ CVE-2022-4287 (Authentication bypass in local
application lock feature in Devolu
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-4286
RESERVED
-CVE-2022-4285
- RESERVED
+CVE-2022-4285 (An illegal memory access flaw was found in the binutils
package. Parsi ...)
- binutils 2.39.50.20221208-2 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
@@ -14098,131 +14157,131 @@ CVE-2022-46246
CVE-2022-46245
RESERVED
CVE-2022-46244
- RESERVED
+ REJECTED
CVE-2022-46243
- RESERVED
+ REJECTED
CVE-2022-46242
- RESERVED
+ REJECTED
CVE-2022-46241
- RESERVED
+ REJECTED
CVE-2022-46240
- RESERVED
+ REJECTED
CVE-2022-46239
- RESERVED
+ REJECTED
CVE-2022-46238
- RESERVED
+ REJECTED
CVE-2022-46237
- RESERVED
+ REJECTED
CVE-2022-46236
- RESERVED
+ REJECTED
CVE-2022-46235
- RESERVED
+ REJECTED
CVE-2022-46234
- RESERVED
+ REJECTED
CVE-2022-46233
- RESERVED
+ REJECTED
CVE-2022-46232
- RESERVED
+ REJECTED
CVE-2022-46231
- RESERVED
+ REJECTED
CVE-2022-46230
- RESERVED
+ REJECTED
CVE-2022-46229
- RESERVED
+ REJECTED
CVE-2022-46228
- RESERVED
+ REJECTED
CVE-2022-46227
- RESERVED
+ REJECTED
CVE-2022-46226
- RESERVED
+ REJECTED
CVE-2022-46225
- RESERVED
+ REJECTED
CVE-2022-46224
- RESERVED
+ REJECTED
CVE-2022-46223
- RESERVED
+ REJECTED
CVE-2022-46222
- RESERVED
+ REJECTED
CVE-2022-46221
- RESERVED
+ REJECTED
CVE-2022-46220
- RESERVED
+ REJECTED
CVE-2022-46219
- RESERVED
+ REJECTED
CVE-2022-46218
- RESERVED
+ REJECTED
CVE-2022-46217
- RESERVED
+ REJECTED
CVE-2022-46216
- RESERVED
+ REJECTED
CVE-2022-46215
- RESERVED
+ REJECTED
CVE-2022-46214
- RESERVED
+ REJECTED
CVE-2022-46213
- RESERVED
+ REJECTED
CVE-2022-46212
- RESERVED
+ REJECTED
CVE-2022-46211
- RESERVED
+ REJECTED
CVE-2022-46210
- RESERVED
+ REJECTED
CVE-2022-46209
- RESERVED
+ REJECTED
CVE-2022-46208
- RESERVED
+ REJECTED
CVE-2022-46207
- RESERVED
+ REJECTED
CVE-2022-46206
- RESERVED
+ REJECTED
CVE-2022-46205
- RESERVED
+ REJECTED
CVE-2022-46204
- RESERVED
+ REJECTED
CVE-2022-46203
- RESERVED
+ REJECTED
CVE-2022-46202
- RESERVED
+ REJECTED
CVE-2022-46201
- RESERVED
+ REJECTED
CVE-2022-46200
- RESERVED
+ REJECTED
CVE-2022-46199
- RESERVED
+ REJECTED
CVE-2022-46198
- RESERVED
+ REJECTED
CVE-2022-46197
- RESERVED
+ REJECTED
CVE-2022-46196
- RESERVED
+ REJECTED
CVE-2022-46195
- RESERVED
+ REJECTED
CVE-2022-46194
- RESERVED
+ REJECTED
CVE-2022-46193
- RESERVED
+ REJECTED
CVE-2022-46192
- RESERVED
+ REJECTED
CVE-2022-46191
- RESERVED
+ REJECTED
CVE-2022-46190
- RESERVED
+ REJECTED
CVE-2022-46189
- RESERVED
+ REJECTED
CVE-2022-46188
- RESERVED
+ REJECTED
CVE-2022-46187
- RESERVED
+ REJECTED
CVE-2022-46186
- RESERVED
+ REJECTED
CVE-2022-46185
- RESERVED
+ REJECTED
CVE-2022-46184
- RESERVED
+ REJECTED
CVE-2022-46183
- RESERVED
+ REJECTED
CVE-2022-46182
- RESERVED
+ REJECTED
CVE-2022-46181 (Gotify server is a simple server for sending and receiving
messages in ...)
NOT-FOR-US: Gotify server
CVE-2022-46180 (Discourse Mermaid (discourse-mermaid-theme-component) allows
users of ...)
@@ -14912,8 +14971,7 @@ CVE-2022-4141 (Heap based buffer overflow in vim/vim
9.0.0946 and below by allow
NOTE:
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
(v9.0.0947)
CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not
validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4139
- RESERVED
+CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux
kernel’s GPU ...)
{DLA-3244-1}
- linux 6.0.10-2
[bullseye] - linux 5.10.158-1
@@ -18383,14 +18441,14 @@ CVE-2022-44720
RESERVED
CVE-2022-44719
RESERVED
-CVE-2022-44718
- RESERVED
-CVE-2022-44717
- RESERVED
+CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build
904. Open R ...)
+ TODO: check
+CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build
904. Open R ...)
+ TODO: check
CVE-2022-44716
RESERVED
-CVE-2022-44715
- RESERVED
+CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build
904 allow ...)
+ TODO: check
CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object
Injection ...)
@@ -20602,8 +20660,8 @@ CVE-2022-44300
RESERVED
CVE-2022-44299
RESERVED
-CVE-2022-44298
- RESERVED
+CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
+ TODO: check
CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the
background. ...)
NOT-FOR-US: SiteServer CMS
CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL
Injection via ...)
@@ -20900,7 +20958,7 @@ CVE-2022-44151 (Simple Inventory Management System v1.0
is vulnerable to SQL Inj
NOT-FOR-US: Simple Inventory Management System
CVE-2022-44150
RESERVED
-CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095
devices allow ...)
+CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and
80.103.2. ...)
NOT-FOR-US: Nexxt Amp300 ARN02304U8
CVE-2022-44148
RESERVED
@@ -21153,18 +21211,18 @@ CVE-2022-44030 (Redmine 5.x before 5.0.4 allows
downloading of file attachments
NOTE:
https://github.com/redmine/redmine/commit/df615b7047e58a5dfb236d3b011dfe1619559acc
NOTE:
https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909
NOTE:
https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833
-CVE-2022-44029
- RESERVED
-CVE-2022-44028
- RESERVED
-CVE-2022-44027
- RESERVED
-CVE-2022-44026
- RESERVED
-CVE-2022-44025
- RESERVED
-CVE-2022-44024
- RESERVED
+CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
+ TODO: check
+CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
+ TODO: check
+CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
+ TODO: check
+CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
+ TODO: check
+CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
+ TODO: check
+CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
+ TODO: check
CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify
disabled ...)
NOT-FOR-US: PwnDoc
CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify
valid us ...)
@@ -24173,6 +24231,7 @@ CVE-2022-43553 (A remote code execution vulnerability
in EdgeRouters (Version 2.
NOT-FOR-US: EdgeRouters
CVE-2022-43552 [HTTP Proxy deny use-after-free]
RESERVED
+ {DSA-5330-1}
- curl 7.86.0-3 (bug #1026830)
NOTE: https://curl.se/docs/CVE-2022-43552.html
NOTE: Introduced by (telnet):
https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482
(curl-7_16_0)
@@ -39629,8 +39688,8 @@ CVE-2022-2714 (Improper Handling of Length Parameter
Inconsistency in GitHub rep
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository
cockpit-hq/cockpi ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
-CVE-2022-2712
- RESERVED
+CVE-2022-2712 (In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a
vulnerability ...)
+ TODO: check
CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9
is not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape
some o ...)
@@ -54730,6 +54789,7 @@ CVE-2022-32222 (A cryptographic vulnerability exists on
Node.js on linux in vers
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
NOTE:
https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use
the read c ...)
+ {DSA-5330-1}
- curl 7.86.0-1
NOTE: https://curl.se/docs/CVE-2022-32221.html
NOTE: https://github.com/curl/curl/issues/9507
@@ -104178,8 +104238,8 @@ CVE-2021-41233 (Nextcloud text is a collaborative
document editing using Markdow
NOT-FOR-US: Nextcloud text app
CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the
theme o ...)
NOT-FOR-US: Thunderdome
-CVE-2021-41231
- RESERVED
+CVE-2021-41231 (OpenMage LTS is an e-commerce platform. Prior to versions
19.4.22 and ...)
+ TODO: check
CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In
affected ve ...)
NOT-FOR-US: Pomerium
CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected
versions a ...)
@@ -104430,10 +104490,10 @@ CVE-2021-41146 (qutebrowser is an open source
keyboard-focused browser with a mi
CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
- freeswitch <itp> (bug #389591)
NOTE:
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
-CVE-2021-41144
- RESERVED
-CVE-2021-41143
- RESERVED
+CVE-2021-41144 (OpenMage LTS is an e-commerce platform. Prior to versions
19.4.22 and ...)
+ TODO: check
+CVE-2021-41143 (OpenMage LTS is an e-commerce platform. Prior to versions
19.4.22 and ...)
+ TODO: check
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
NOT-FOR-US: Tuleap
CVE-2021-41141 (PJSIP is a free and open source multimedia communication
library writt ...)
@@ -109363,8 +109423,8 @@ CVE-2021-39219 (Wasmtime is an open source runtime
for WebAssembly & WASI. W
NOT-FOR-US: wasmtime
CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI.
In Wasm ...)
NOT-FOR-US: wasmtime
-CVE-2021-39217
- RESERVED
+CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions
19.4.22 and ...)
+ TODO: check
CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI.
In Wasm ...)
NOT-FOR-US: wasmtime
CVE-2021-39215 (Jitsi Meet is an open source video conferencing application.
In versio ...)
@@ -155390,8 +155450,8 @@ CVE-2021-21397
RESERVED
CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure
collaboratio ...)
NOT-FOR-US: wire-server
-CVE-2021-21395
- RESERVED
+CVE-2021-21395 (Magneto LTS (Long Term Support) is a community developed
alternative t ...)
+ TODO: check
CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python
(pypi packa ...)
- matrix-synapse 1.28.0-1
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1d852d320de0cc134056cafbc58c34ef34d460
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1d852d320de0cc134056cafbc58c34ef34d460
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
