Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f457038e by security tracker role at 2023-01-24T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-24470
+ RESERVED
+CVE-2023-24469
+ RESERVED
+CVE-2023-24468
+ RESERVED
+CVE-2023-24467
+ RESERVED
+CVE-2023-24466
+ RESERVED
+CVE-2023-24020
+ RESERVED
+CVE-2023-23582
+ RESERVED
+CVE-2023-22389
+ RESERVED
+CVE-2023-22371
+ RESERVED
+CVE-2023-22315
+ RESERVED
+CVE-2023-0456
+ RESERVED
+CVE-2023-0455
+ RESERVED
+CVE-2023-0454
+ RESERVED
+CVE-2023-0453
+ RESERVED
CVE-2023-24459
RESERVED
CVE-2023-24458
@@ -2140,8 +2168,8 @@ CVE-2023-23610
RESERVED
CVE-2023-23609
RESERVED
-CVE-2023-23608
- RESERVED
+CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web
API. In v ...)
+ TODO: check
CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In
affected v ...)
NOT-FOR-US: Dasherr
CVE-2023-23606
@@ -2468,8 +2496,8 @@ CVE-2023-23562
RESERVED
CVE-2023-23561
RESERVED
-CVE-2023-23560
- RESERVED
+CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur
because ...)
+ TODO: check
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the
Linux k ...)
- linux <unfixed>
NOTE:
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
@@ -3075,8 +3103,8 @@ CVE-2023-23333
RESERVED
CVE-2023-23332
RESERVED
-CVE-2023-23331
- RESERVED
+CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL
Injectio ...)
+ TODO: check
CVE-2023-23330
RESERVED
CVE-2023-23329
@@ -3871,8 +3899,8 @@ CVE-2023-22962
RESERVED
CVE-2023-22961
RESERVED
-CVE-2023-22960
- RESERVED
+CVE-2023-22960 (Lexmark products through 2023-01-10 have Improper Control of
Interacti ...)
+ TODO: check
CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection:
mainmenu.ph ...)
NOT-FOR-US: WebChess
CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may
allow spoo ...)
@@ -5210,8 +5238,8 @@ CVE-2023-22632
RESERVED
CVE-2023-22631
RESERVED
-CVE-2023-22630
- RESERVED
+CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection
via a get ...)
+ TODO: check
CVE-2023-22629
RESERVED
CVE-2023-22628
@@ -5843,14 +5871,14 @@ CVE-2023-22488 (Flarum is a forum software for building
communities. Using the n
NOT-FOR-US: Flarum
CVE-2023-22487 (Flarum is a forum software for building communities. Using the
mention ...)
NOT-FOR-US: Flarum
-CVE-2023-22486
- RESERVED
-CVE-2023-22485
- RESERVED
-CVE-2023-22484
- RESERVED
-CVE-2023-22483
- RESERVED
+CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
+ TODO: check
+CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
+ TODO: check
+CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
+ TODO: check
+CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
+ TODO: check
CVE-2023-22482
RESERVED
CVE-2023-22481
@@ -9325,10 +9353,10 @@ CVE-2023-21798
RESERVED
CVE-2023-21797
RESERVED
-CVE-2023-21796
- RESERVED
-CVE-2023-21795
- RESERVED
+CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2023-21794
RESERVED
CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is
unique ...)
@@ -9367,8 +9395,8 @@ CVE-2023-21777
RESERVED
CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2023-21775
- RESERVED
+CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability. ...)
+ TODO: check
CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-4580
@@ -10074,8 +10102,8 @@ CVE-2023-21721
RESERVED
CVE-2023-21720
RESERVED
-CVE-2023-21719
- RESERVED
+CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability. ...)
+ TODO: check
CVE-2023-21718
RESERVED
CVE-2023-21717
@@ -12245,8 +12273,8 @@ CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was
discovered to contain a command i
NOT-FOR-US: D-Link
CVE-2022-46640
RESERVED
-CVE-2022-46639
- RESERVED
+CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of
Correos Pres ...)
+ TODO: check
CVE-2022-46638
RESERVED
CVE-2022-46637
@@ -15071,8 +15099,8 @@ CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is
vulnerable to Buffer Overflow via
NOT-FOR-US: Tenda
CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer
overflow. Cause ...)
NOT-FOR-US: Tenda
-CVE-2022-45639
- RESERVED
+CVE-2022-45639 (OS Command injection vulnerability in sleuthkit fls tool
4.11.1 allows ...)
+ TODO: check
CVE-2022-45638
RESERVED
CVE-2022-45637
@@ -33042,8 +33070,8 @@ CVE-2022-40036
RESERVED
CVE-2022-40035
RESERVED
-CVE-2022-40034
- RESERVED
+CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen
blog-ssm v1. ...)
+ TODO: check
CVE-2022-40033
RESERVED
CVE-2022-40032
@@ -72705,8 +72733,8 @@ CVE-2022-25911
RESERVED
CVE-2022-25910
RESERVED
-CVE-2022-25908
- RESERVED
+CVE-2022-25908 (All versions of the package create-choo-electron are
vulnerable to Com ...)
+ TODO: check
CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to
Prototype Poll ...)
NOT-FOR-US: voodoocreation/ts-deepmerge
CVE-2022-25906
@@ -72798,8 +72826,8 @@ CVE-2022-25862 (This affects the package sds from
0.0.0. The library could be tr
NOT-FOR-US: Node sds
CVE-2022-25861
RESERVED
-CVE-2022-25860
- RESERVED
+CVE-2022-25860 (Versions of the package simple-git before 3.16.0 are
vulnerable to Rem ...)
+ TODO: check
CVE-2022-25859
RESERVED
CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2
are vuln ...)
@@ -72896,8 +72924,8 @@ CVE-2022-25352 (The package libnested before 1.5.2 are
vulnerable to Prototype P
NOT-FOR-US: libnested
CVE-2022-25351
RESERVED
-CVE-2022-25350
- RESERVED
+CVE-2022-25350 (All versions of the package puppet-facter are vulnerable to
Command In ...)
+ TODO: check
CVE-2022-25349 (All versions of package materialize-css are vulnerable to
Cross-site S ...)
- materialize <unfixed> (bug #1014727)
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
@@ -82803,8 +82831,8 @@ CVE-2022-23007
RESERVED
CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on
Western Digit ...)
NOT-FOR-US: Western Digital
-CVE-2022-23005
- RESERVED
+CVE-2022-23005 (Western Digital has identified a weakness in the UFS standard
that cou ...)
+ TODO: check
CVE-2022-23004 (When computing a shared secret or point multiplication on the
NIST P-2 ...)
NOT-FOR-US: Western Digital
CVE-2022-23003 (When computing a shared secret or point multiplication on the
NIST P-2 ...)
@@ -290302,7 +290330,7 @@ CVE-2018-20106 (In yast2-printer up to and including
version 4.0.2 the SMB print
CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files
vulnerability in yas ...)
NOT-FOR-US: yast-rmt
CVE-2018-20104
- RESERVED
+ REJECTED
CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In
the cas ...)
{DLA-3034-1}
- haproxy 1.8.15-1 (bug #916307)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f457038e7b04ea9397b0811a61328c5c03452106
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f457038e7b04ea9397b0811a61328c5c03452106
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
