Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 173f8e51 by security tracker role at 2023-02-08T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,53 @@ +CVE-2023-25611 + RESERVED +CVE-2023-25610 + RESERVED +CVE-2023-25609 + RESERVED +CVE-2023-25608 + RESERVED +CVE-2023-25607 + RESERVED +CVE-2023-25606 + RESERVED +CVE-2023-25605 + RESERVED +CVE-2023-25604 + RESERVED +CVE-2023-25603 + RESERVED +CVE-2023-25602 + RESERVED +CVE-2023-25601 + RESERVED +CVE-2023-0753 + RESERVED +CVE-2023-0752 + RESERVED +CVE-2023-0751 + RESERVED +CVE-2023-0750 + RESERVED +CVE-2023-0749 + RESERVED +CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) + TODO: check +CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) + TODO: check +CVE-2023-0746 + RESERVED +CVE-2023-0745 + RESERVED +CVE-2022-48321 + RESERVED +CVE-2022-48320 + RESERVED +CVE-2022-48319 + RESERVED +CVE-2022-48318 + RESERVED +CVE-2022-48317 + RESERVED CVE-2023-25600 RESERVED CVE-2023-25599 @@ -22,16 +72,16 @@ CVE-2023-25590 RESERVED CVE-2023-25589 RESERVED -CVE-2023-0744 - RESERVED -CVE-2023-0743 - RESERVED -CVE-2023-0742 - RESERVED -CVE-2023-0741 - RESERVED -CVE-2023-0740 - RESERVED +CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...) + TODO: check +CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...) + TODO: check +CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + TODO: check +CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...) + TODO: check +CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + TODO: check CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) NOT-FOR-US: Answer CVE-2023-0738 @@ -286,33 +336,43 @@ CVE-2023-25499 CVE-2023-24019 RESERVED CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-0695 @@ -325,8 +385,8 @@ CVE-2023-0692 RESERVED CVE-2023-0691 RESERVED -CVE-2023-0690 - RESERVED +CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) + TODO: check CVE-2023-0689 RESERVED CVE-2023-0688 @@ -537,8 +597,8 @@ CVE-2023-25398 RESERVED CVE-2023-25397 RESERVED -CVE-2023-25396 - RESERVED +CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...) + TODO: check CVE-2023-25395 RESERVED CVE-2023-25394 @@ -1114,8 +1174,8 @@ CVE-2023-25154 RESERVED CVE-2023-25153 RESERVED -CVE-2023-25152 - RESERVED +CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...) + TODO: check CVE-2023-25151 RESERVED CVE-2023-25150 @@ -4453,8 +4513,7 @@ CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to Cross-Si NOT-FOR-US: Social Warfare plugin for WordPress CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Social Warfare plugin for WordPress -CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification] - RESERVED +CVE-2023-0401 (A NULL pointer can be dereferenced when signatures are being verified ...) - openssl 3.0.8-1 [bullseye] - openssl <not-affected> (Only affects 3.x) [buster] - openssl <not-affected> (Only affects 3.x) @@ -5511,8 +5570,7 @@ CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: Crash in CLI tool, no security impact CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...) NOT-FOR-US: ityouknow favorites-web -CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName] - RESERVED +CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address proc ...) {DSA-5343-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt @@ -5819,8 +5877,8 @@ CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could a NOT-FOR-US: IBM CVE-2023-23476 RESERVED -CVE-2023-23475 - RESERVED +CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...) + TODO: check CVE-2023-23474 RESERVED CVE-2023-23473 @@ -6701,22 +6759,19 @@ CVE-2023-0219 RESERVED CVE-2023-0218 RESERVED -CVE-2023-0217 [openssl: NULL dereference validating DSA public key] - RESERVED +CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...) - openssl 3.0.8-1 [bullseye] - openssl <not-affected> (Only affects 3.x) [buster] - openssl <not-affected> (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8) -CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions] - RESERVED +CVE-2023-0216 (An invalid pointer dereference on read can be triggered when an applic ...) - openssl 3.0.8-1 [bullseye] - openssl <not-affected> (Only affects 3.x) [buster] - openssl <not-affected> (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8) -CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF] - RESERVED +CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used for str ...) {DSA-5343-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt @@ -13415,8 +13470,7 @@ CVE-2022-4452 RESERVED CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...) NOT-FOR-US: WordPress plugin -CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex] - RESERVED +CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and parses ...) {DSA-5343-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt @@ -15435,8 +15489,7 @@ CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does NOT-FOR-US: WordPress plugin CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...) NOT-FOR-US: WordPress plugin -CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption] - RESERVED +CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption imple ...) {DSA-5343-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt @@ -18103,8 +18156,8 @@ CVE-2022-45757 RESERVED CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...) NOT-FOR-US: SENS -CVE-2022-45755 - RESERVED +CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...) + TODO: check CVE-2022-45754 RESERVED CVE-2022-45753 @@ -18566,10 +18619,10 @@ CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera NOT-FOR-US: AeroCMS CVE-2022-45528 RESERVED -CVE-2022-45527 - RESERVED -CVE-2022-45526 - RESERVED +CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...) + TODO: check +CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...) + TODO: check CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) @@ -20066,6 +20119,7 @@ CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0. NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1 CVE-2022-45142 [gsskrb5: fix accidental logic inversions] RESERVED + {DSA-5344-1 DLA-3311-1} - heimdal <unfixed> (bug #1030849) NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 @@ -25890,12 +25944,12 @@ CVE-2023-0005 RESERVED CVE-2023-0004 RESERVED -CVE-2023-0003 - RESERVED -CVE-2023-0002 - RESERVED -CVE-2023-0001 - RESERVED +CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...) + TODO: check +CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...) + TODO: check CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions). ...) NOT-FOR-US: QMS Automotive CVE-2022-43957 @@ -26343,16 +26397,16 @@ CVE-2022-43767 RESERVED CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...) NOT-FOR-US: Apache IoTDB -CVE-2022-43765 - RESERVED -CVE-2022-43764 - RESERVED -CVE-2022-43763 - RESERVED -CVE-2022-43762 - RESERVED -CVE-2022-43761 - RESERVED +CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process correctly s ...) + TODO: check +CVE-2022-43764 (Insufficient validation of input parameters when changing configuratio ...) + TODO: check +CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of Service co ...) + TODO: check +CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions < R 4.2 ...) + TODO: check +CVE-2022-43761 (Missing authentication when creating and managing the B&R APROL da ...) + TODO: check CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...) {DLA-3182-1} - vim 2:9.0.0813-1 (unimportant) @@ -30220,8 +30274,8 @@ CVE-2022-42440 RESERVED CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...) NOT-FOR-US: IBM -CVE-2022-42438 - RESERVED +CVE-2022-42438 (IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows ...) + TODO: check CVE-2022-42437 RESERVED CVE-2022-42436 @@ -32330,8 +32384,8 @@ CVE-2022-41633 RESERVED CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...) NOT-FOR-US: Villatheme ALD -CVE-2022-41620 - RESERVED +CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPr ...) + TODO: check CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...) NOT-FOR-US: WordPress plugin CVE-2022-41616 @@ -48050,8 +48104,8 @@ CVE-2022-35722 (IBM Jazz for Service Management is vulnerable to stored cross-si NOT-FOR-US: IBM CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...) NOT-FOR-US: IBM -CVE-2022-35720 - RESERVED +CVE-2022-35720 (IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Sec ...) + TODO: check CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...) NOT-FOR-US: IBM CVE-2022-35718 @@ -52076,8 +52130,8 @@ CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11. - jetty9 <not-affected> (Specific to 10.x) NOTE: https://github.com/eclipse/jetty.project/issues/8161 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 -CVE-2022-34362 - RESERVED +CVE-2022-34362 (IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection ...) + TODO: check CVE-2022-34361 (IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographi ...) NOT-FOR-US: IBM CVE-2022-34360 @@ -53810,8 +53864,8 @@ CVE-2022-2096 RESERVED CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...) - gitlab <unfixed> -CVE-2022-2094 - RESERVED +CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...) + TODO: check CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) @@ -98152,7 +98206,7 @@ CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Pat NOT-FOR-US: Bitdefender CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) NOT-FOR-US: Bitdefender -CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...) +CVE-2021-3958 (Improper Handling of Parameters vulnerability in Ipack Automation Syst ...) NOT-FOR-US: iPack SCADA Automation CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...) NOT-FOR-US: Trilium Notes View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173f8e5169b5b91232e9e0bcec6916d4350220e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173f8e5169b5b91232e9e0bcec6916d4350220e2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits