Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8f1d852d by security tracker role at 2023-01-27T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,63 @@ +CVE-2023-24595 + RESERVED +CVE-2023-24583 + RESERVED +CVE-2023-24582 + RESERVED +CVE-2023-24581 + RESERVED +CVE-2023-22365 + RESERVED +CVE-2023-22299 + RESERVED +CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-0548 + RESERVED +CVE-2023-0547 + RESERVED +CVE-2023-0546 + RESERVED +CVE-2023-0545 + RESERVED +CVE-2023-0544 + RESERVED +CVE-2023-0543 + RESERVED +CVE-2023-0542 + RESERVED +CVE-2023-0541 + RESERVED +CVE-2023-0540 + RESERVED +CVE-2023-0539 + RESERVED +CVE-2023-0538 + RESERVED +CVE-2023-0537 + RESERVED +CVE-2023-0536 + RESERVED +CVE-2023-0535 + RESERVED +CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2023-0533 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2023-0532 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2023-0531 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2023-0530 (A vulnerability was found in SourceCodester Online Tours & Travels ...) + TODO: check +CVE-2023-0529 (A vulnerability was found in SourceCodester Online Tours & Travels ...) + TODO: check +CVE-2023-0528 (A vulnerability was found in SourceCodester Online Tours & Travels ...) + TODO: check +CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hiring ...) + TODO: check +CVE-2023-0526 + RESERVED CVE-2023-24580 RESERVED CVE-2023-24579 @@ -6718,22 +6778,22 @@ CVE-2022-48075 RESERVED CVE-2022-48074 RESERVED -CVE-2022-48073 - RESERVED -CVE-2022-48072 - RESERVED -CVE-2022-48071 - RESERVED -CVE-2022-48070 - RESERVED -CVE-2022-48069 - RESERVED +CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...) + TODO: check +CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...) + TODO: check +CVE-2022-48071 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...) + TODO: check +CVE-2022-48070 (Phicomm K2 v22.6.534.263 was discovered to contain a command injection ...) + TODO: check +CVE-2022-48069 (Totolink A830R V4.1.2cu.5182 was discovered to contain a command injec ...) + TODO: check CVE-2022-48068 RESERVED -CVE-2022-48067 - RESERVED -CVE-2022-48066 - RESERVED +CVE-2022-48067 (An information disclosure vulnerability in Totolink A830R V4.1.2cu.518 ...) + TODO: check +CVE-2022-48066 (An issue in the component global.so of Totolink A830R V4.1.2cu.5182 al ...) + TODO: check CVE-2022-48065 RESERVED CVE-2022-48064 @@ -6838,20 +6898,20 @@ CVE-2022-48015 RESERVED CVE-2022-48014 RESERVED -CVE-2022-48013 - RESERVED -CVE-2022-48012 - RESERVED -CVE-2022-48011 - RESERVED -CVE-2022-48010 - RESERVED +CVE-2022-48013 (Opencats v0.9.7 was discovered to contain a stored cross-site scriptin ...) + TODO: check +CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected cross-site scrip ...) + TODO: check +CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored cross-site scrip ...) + TODO: check CVE-2022-48009 RESERVED -CVE-2022-48008 - RESERVED -CVE-2022-48007 - RESERVED +CVE-2022-48008 (An arbitrary file upload vulnerability in the plugin manager of LimeSu ...) + TODO: check +CVE-2022-48007 (A stored cross-site scripting (XSS) vulnerability in identification.ph ...) + TODO: check CVE-2022-48006 RESERVED CVE-2022-48005 @@ -8443,8 +8503,8 @@ CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 befo NOT-FOR-US: M-Link CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...) NOT-FOR-US: Kyverno -CVE-2022-47632 - RESERVED +CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...) + TODO: check CVE-2022-47631 RESERVED CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 ...) @@ -8636,12 +8696,12 @@ CVE-2023-22244 RESERVED CVE-2023-22243 RESERVED -CVE-2023-22242 - RESERVED -CVE-2023-22241 - RESERVED -CVE-2023-22240 - RESERVED +CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check +CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + TODO: check CVE-2023-22239 RESERVED CVE-2023-22238 @@ -12309,8 +12369,8 @@ CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in v NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4 CVE-2022-4336 (In BAOTA linux panel there exists a stored xss vulnerability attackers ...) NOT-FOR-US: BAOTA linux panel -CVE-2022-4335 - RESERVED +CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of GitLab EE ...) + TODO: check CVE-2022-4334 REJECTED CVE-2022-4333 @@ -13205,8 +13265,7 @@ CVE-2022-4287 (Authentication bypass in local application lock feature in Devolu NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-4286 RESERVED -CVE-2022-4285 - RESERVED +CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. Parsi ...) - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 @@ -14098,131 +14157,131 @@ CVE-2022-46246 CVE-2022-46245 RESERVED CVE-2022-46244 - RESERVED + REJECTED CVE-2022-46243 - RESERVED + REJECTED CVE-2022-46242 - RESERVED + REJECTED CVE-2022-46241 - RESERVED + REJECTED CVE-2022-46240 - RESERVED + REJECTED CVE-2022-46239 - RESERVED + REJECTED CVE-2022-46238 - RESERVED + REJECTED CVE-2022-46237 - RESERVED + REJECTED CVE-2022-46236 - RESERVED + REJECTED CVE-2022-46235 - RESERVED + REJECTED CVE-2022-46234 - RESERVED + REJECTED CVE-2022-46233 - RESERVED + REJECTED CVE-2022-46232 - RESERVED + REJECTED CVE-2022-46231 - RESERVED + REJECTED CVE-2022-46230 - RESERVED + REJECTED CVE-2022-46229 - RESERVED + REJECTED CVE-2022-46228 - RESERVED + REJECTED CVE-2022-46227 - RESERVED + REJECTED CVE-2022-46226 - RESERVED + REJECTED CVE-2022-46225 - RESERVED + REJECTED CVE-2022-46224 - RESERVED + REJECTED CVE-2022-46223 - RESERVED + REJECTED CVE-2022-46222 - RESERVED + REJECTED CVE-2022-46221 - RESERVED + REJECTED CVE-2022-46220 - RESERVED + REJECTED CVE-2022-46219 - RESERVED + REJECTED CVE-2022-46218 - RESERVED + REJECTED CVE-2022-46217 - RESERVED + REJECTED CVE-2022-46216 - RESERVED + REJECTED CVE-2022-46215 - RESERVED + REJECTED CVE-2022-46214 - RESERVED + REJECTED CVE-2022-46213 - RESERVED + REJECTED CVE-2022-46212 - RESERVED + REJECTED CVE-2022-46211 - RESERVED + REJECTED CVE-2022-46210 - RESERVED + REJECTED CVE-2022-46209 - RESERVED + REJECTED CVE-2022-46208 - RESERVED + REJECTED CVE-2022-46207 - RESERVED + REJECTED CVE-2022-46206 - RESERVED + REJECTED CVE-2022-46205 - RESERVED + REJECTED CVE-2022-46204 - RESERVED + REJECTED CVE-2022-46203 - RESERVED + REJECTED CVE-2022-46202 - RESERVED + REJECTED CVE-2022-46201 - RESERVED + REJECTED CVE-2022-46200 - RESERVED + REJECTED CVE-2022-46199 - RESERVED + REJECTED CVE-2022-46198 - RESERVED + REJECTED CVE-2022-46197 - RESERVED + REJECTED CVE-2022-46196 - RESERVED + REJECTED CVE-2022-46195 - RESERVED + REJECTED CVE-2022-46194 - RESERVED + REJECTED CVE-2022-46193 - RESERVED + REJECTED CVE-2022-46192 - RESERVED + REJECTED CVE-2022-46191 - RESERVED + REJECTED CVE-2022-46190 - RESERVED + REJECTED CVE-2022-46189 - RESERVED + REJECTED CVE-2022-46188 - RESERVED + REJECTED CVE-2022-46187 - RESERVED + REJECTED CVE-2022-46186 - RESERVED + REJECTED CVE-2022-46185 - RESERVED + REJECTED CVE-2022-46184 - RESERVED + REJECTED CVE-2022-46183 - RESERVED + REJECTED CVE-2022-46182 - RESERVED + REJECTED CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...) NOT-FOR-US: Gotify server CVE-2022-46180 (Discourse Mermaid (discourse-mermaid-theme-component) allows users of ...) @@ -14912,8 +14971,7 @@ CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allow NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...) NOT-FOR-US: WordPress plugin -CVE-2022-4139 - RESERVED +CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux kernel’s GPU ...) {DLA-3244-1} - linux 6.0.10-2 [bullseye] - linux 5.10.158-1 @@ -18383,14 +18441,14 @@ CVE-2022-44720 RESERVED CVE-2022-44719 RESERVED -CVE-2022-44718 - RESERVED -CVE-2022-44717 - RESERVED +CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...) + TODO: check +CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...) + TODO: check CVE-2022-44716 RESERVED -CVE-2022-44715 - RESERVED +CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allow ...) + TODO: check CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...) @@ -20602,8 +20660,8 @@ CVE-2022-44300 RESERVED CVE-2022-44299 RESERVED -CVE-2022-44298 - RESERVED +CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...) + TODO: check CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...) NOT-FOR-US: SiteServer CMS CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) @@ -20900,7 +20958,7 @@ CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Inj NOT-FOR-US: Simple Inventory Management System CVE-2022-44150 RESERVED -CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allow ...) +CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2. ...) NOT-FOR-US: Nexxt Amp300 ARN02304U8 CVE-2022-44148 RESERVED @@ -21153,18 +21211,18 @@ CVE-2022-44030 (Redmine 5.x before 5.0.4 allows downloading of file attachments NOTE: https://github.com/redmine/redmine/commit/df615b7047e58a5dfb236d3b011dfe1619559acc NOTE: https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909 NOTE: https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833 -CVE-2022-44029 - RESERVED -CVE-2022-44028 - RESERVED -CVE-2022-44027 - RESERVED -CVE-2022-44026 - RESERVED -CVE-2022-44025 - RESERVED -CVE-2022-44024 - RESERVED +CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + TODO: check +CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + TODO: check +CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + TODO: check +CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + TODO: check +CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + TODO: check +CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + TODO: check CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify disabled ...) NOT-FOR-US: PwnDoc CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify valid us ...) @@ -24173,6 +24231,7 @@ CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2. NOT-FOR-US: EdgeRouters CVE-2022-43552 [HTTP Proxy deny use-after-free] RESERVED + {DSA-5330-1} - curl 7.86.0-3 (bug #1026830) NOTE: https://curl.se/docs/CVE-2022-43552.html NOTE: Introduced by (telnet): https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482 (curl-7_16_0) @@ -39629,8 +39688,8 @@ CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub rep NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...) NOT-FOR-US: Cockpit-HQ/Cockpit -CVE-2022-2712 - RESERVED +CVE-2022-2712 (In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability ...) + TODO: check CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...) NOT-FOR-US: WordPress plugin CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...) @@ -54730,6 +54789,7 @@ CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in vers NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222 NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001 CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use the read c ...) + {DSA-5330-1} - curl 7.86.0-1 NOTE: https://curl.se/docs/CVE-2022-32221.html NOTE: https://github.com/curl/curl/issues/9507 @@ -104178,8 +104238,8 @@ CVE-2021-41233 (Nextcloud text is a collaborative document editing using Markdow NOT-FOR-US: Nextcloud text app CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...) NOT-FOR-US: Thunderdome -CVE-2021-41231 - RESERVED +CVE-2021-41231 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + TODO: check CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) NOT-FOR-US: Pomerium CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) @@ -104430,10 +104490,10 @@ CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a mi CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch <itp> (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m -CVE-2021-41144 - RESERVED -CVE-2021-41143 - RESERVED +CVE-2021-41144 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + TODO: check +CVE-2021-41143 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + TODO: check CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...) @@ -109363,8 +109423,8 @@ CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. W NOT-FOR-US: wasmtime CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) NOT-FOR-US: wasmtime -CVE-2021-39217 - RESERVED +CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + TODO: check CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) NOT-FOR-US: wasmtime CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...) @@ -155390,8 +155450,8 @@ CVE-2021-21397 RESERVED CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...) NOT-FOR-US: wire-server -CVE-2021-21395 - RESERVED +CVE-2021-21395 (Magneto LTS (Long Term Support) is a community developed alternative t ...) + TODO: check CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1d852d320de0cc134056cafbc58c34ef34d460 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1d852d320de0cc134056cafbc58c34ef34d460 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits