Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
890f5de0 by security tracker role at 2023-01-25T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-24513
+ RESERVED
+CVE-2023-24512
+ RESERVED
+CVE-2023-24511
+ RESERVED
+CVE-2023-24510
+ RESERVED
+CVE-2023-24509
+ RESERVED
+CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB
devices with ...)
+ TODO: check
+CVE-2023-24507
+ RESERVED
+CVE-2023-24506
+ RESERVED
+CVE-2023-24505
+ RESERVED
+CVE-2023-24504
+ RESERVED
+CVE-2023-24503
+ RESERVED
+CVE-2023-24502
+ RESERVED
+CVE-2023-24501
+ RESERVED
+CVE-2023-24500
+ RESERVED
+CVE-2023-24499
+ RESERVED
+CVE-2023-24498
+ RESERVED
+CVE-2023-24497
+ RESERVED
+CVE-2023-24496
+ RESERVED
+CVE-2023-0493
+ RESERVED
+CVE-2023-0492
+ RESERVED
+CVE-2023-0491
+ RESERVED
+CVE-2023-0490
+ RESERVED
+CVE-2023-0489
+ RESERVED
+CVE-2023-0488
+ RESERVED
+CVE-2023-0487
+ RESERVED
+CVE-2023-0486
+ RESERVED
+CVE-2023-0485
+ RESERVED
+CVE-2023-0484
+ RESERVED
+CVE-2023-0483
+ RESERVED
+CVE-2023-0482
+ RESERVED
+CVE-2023-0481
+ RESERVED
+CVE-2023-0480
+ RESERVED
CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
- spip 4.1.7+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u6
@@ -55,20 +119,16 @@ CVE-2023-0476
RESERVED
CVE-2023-0475
RESERVED
-CVE-2023-0474
- RESERVED
+CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to
109.0.5414.119 a ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0473
- RESERVED
+CVE-2023-0473 (Type Confusion in ServiceWorker API in Google Chrome prior to
109.0.54 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0472
- RESERVED
+CVE-2023-0472 (Use after free in WebRTC in Google Chrome prior to
109.0.5414.119 allo ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0471
- RESERVED
+CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to
109.0.5414.11 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0470
@@ -333,16 +393,16 @@ CVE-2023-0450
RESERVED
CVE-2023-0449
RESERVED
-CVE-2023-0448
- RESERVED
+CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3,
returns all ...)
+ TODO: check
CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to
authoriza ...)
NOT-FOR-US: My YouTube Channel plugin for WordPress
CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: My YouTube Channel plugin for WordPress
CVE-2023-0445
RESERVED
-CVE-2023-0444
- RESERVED
+CVE-2023-0444 (A privilege escalation vulnerability exists in Delta
Electronics Infra ...)
+ TODO: check
CVE-2023-0443
RESERVED
CVE-2023-0442
@@ -1036,8 +1096,8 @@ CVE-2023-24059 (Grand Theft Auto V for PC allows
attackers to achieve partial re
NOT-FOR-US: Grand Theft Auto V for PC
CVE-2023-24058 (Booked Scheduler 2.5.5 allows authenticated users to create
and schedu ...)
NOT-FOR-US: Booked Scheduler
-CVE-2023-24057
- RESERVED
+CVE-2023-24057 (HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow
attackers ...)
+ TODO: check
CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause
unbounded str ...)
- pkgconf 1.8.1-1
[bullseye] - pkgconf <no-dsa> (Minor issue)
@@ -1126,7 +1186,7 @@ CVE-2023-0431
RESERVED
CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute
arbitrary ...)
- yii <itp> (bug #597899)
-CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes
lacked the co ...)
+CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in
ModSecurity before ...)
- modsecurity-apache 2.9.7-1 (bug #1029329)
[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
@@ -1374,20 +1434,20 @@ CVE-2023-23922
RESERVED
CVE-2023-23921
RESERVED
-CVE-2023-0417
- RESERVED
-CVE-2023-0416
- RESERVED
-CVE-2023-0415
- RESERVED
-CVE-2023-0414
- RESERVED
-CVE-2023-0413
- RESERVED
-CVE-2023-0412
- RESERVED
-CVE-2023-0411
- RESERVED
+CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2
and 3.6.0 ...)
+ TODO: check
+CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to
3.6.10 an ...)
+ TODO: check
+CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to
3.6.10 ...)
+ TODO: check
+CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows
denial o ...)
+ TODO: check
+CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to
3.6.10 ...)
+ TODO: check
+CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to
3.6.10 a ...)
+ TODO: check
+CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to
4.0.2 and ...)
+ TODO: check
CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository
builderio/qw ...)
NOT-FOR-US: builderio/qwik
CVE-2023-0409
@@ -2272,16 +2332,16 @@ CVE-2023-23615
RESERVED
CVE-2023-23614
RESERVED
-CVE-2023-23613
- RESERVED
-CVE-2023-23612
- RESERVED
-CVE-2023-23611
- RESERVED
-CVE-2023-23610
- RESERVED
-CVE-2023-23609
- RESERVED
+CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search
engine. In ...)
+ TODO: check
+CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search
engine. Op ...)
+ TODO: check
+CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI
specificat ...)
+ TODO: check
+CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package.
Versions prio ...)
+ TODO: check
+CVE-2023-23609 (Contiki-NG is an open-source, cross-platform operating system
for Next ...)
+ TODO: check
CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web
API. In v ...)
TODO: check
CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In
affected v ...)
@@ -5029,14 +5089,14 @@ CVE-2023-22727 (CakePHP is a development framework for
PHP web apps. In affected
NOT-FOR-US: CakePHP
CVE-2023-22726 (act is a project which allows for local running of github
actions. The ...)
NOT-FOR-US: act
-CVE-2023-22725
- RESERVED
-CVE-2023-22724
- RESERVED
+CVE-2023-22725 (GLPI is a Free Asset and IT Management Software package.
Versions 0.6. ...)
+ TODO: check
+CVE-2023-22724 (GLPI is a Free Asset and IT Management Software package.
Versions prio ...)
+ TODO: check
CVE-2023-22723
RESERVED
-CVE-2023-22722
- RESERVED
+CVE-2023-22722 (GLPI is a Free Asset and IT Management Software package.
Versions 9.4. ...)
+ TODO: check
CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22720
@@ -5758,8 +5818,8 @@ CVE-2023-0029 (A vulnerability was found in Multilaser
RE708 RE1200R4GC-2T2R-V3_
NOT-FOR-US: Multilaser RE708
CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It
has been ...)
NOT-FOR-US: Evolution Events Artaxerxes
-CVE-2022-48199
- RESERVED
+CVE-2022-48199 (SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to
execute a m ...)
+ TODO: check
CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4
and class ...)
NOT-FOR-US: trampgeek jobe
CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss
Dashboar ...)
@@ -5964,8 +6024,8 @@ CVE-2021-46870
RESERVED
CVE-2021-46869
RESERVED
-CVE-2023-22500
- RESERVED
+CVE-2023-22500 (GLPI is a Free Asset and IT Management Software package.
Versions 10.0 ...)
+ TODO: check
CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8
and is bu ...)
NOT-FOR-US: Deno
CVE-2023-22498
@@ -7073,7 +7133,7 @@ CVE-2022-47951
- glance 2:25.0.0-2 (bug #1029563)
NOTE: https://bugs.launchpad.net/nova/+bug/1996188
CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1,
2.29.x befor ...)
- {DSA-5327-1}
+ {DSA-5327-1 DLA-3281-1}
- swift 2.30.0-4 (bug #1029154)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1
CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing:
New Hori ...)
@@ -8075,6 +8135,7 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is
vulnerable to Buffer Ov
NOTE: https://github.com/gpac/gpac/issues/2353
NOTE:
https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf
(v2.2.0)
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function
void put_q ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/367
@@ -10951,8 +11012,8 @@ CVE-2022-47102 (A cross-site scripting (XSS)
vulnerability in Student Study Cent
NOT-FOR-US: Student Study Center Management System
CVE-2022-47101
RESERVED
-CVE-2022-47100
- RESERVED
+CVE-2022-47100 (A vulnerability in Sengled Smart bulb 0x0000024 allows
attackers to ar ...)
+ TODO: check
CVE-2022-47099
RESERVED
CVE-2022-47098
@@ -11041,8 +11102,8 @@ CVE-2022-47075
RESERVED
CVE-2022-47074
RESERVED
-CVE-2022-47073
- RESERVED
+CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create
Ticket page o ...)
+ TODO: check
CVE-2022-47072
RESERVED
CVE-2022-47071
@@ -11103,12 +11164,12 @@ CVE-2022-47044
RESERVED
CVE-2022-47043
RESERVED
-CVE-2022-47042
- RESERVED
+CVE-2022-47042 (MCMS v5.2.10 and below was discovered to contain an arbitrary
file wri ...)
+ TODO: check
CVE-2022-47041
RESERVED
-CVE-2022-47040
- RESERVED
+CVE-2022-47040 (An issue in ASKEY router RTF3505VW-N1
BR_SV_g000_R3505VMN1001_s32_7 al ...)
+ TODO: check
CVE-2022-47039
RESERVED
CVE-2022-47038
@@ -11276,8 +11337,8 @@ CVE-2022-46959 (An issue in the component
/admin/backups/work-dir of Sonic v1.0.
TODO: check
CVE-2022-46958
RESERVED
-CVE-2022-46957
- RESERVED
+CVE-2022-46957 (Sourcecodester.com Online Graduate Tracer System V 1.0.0 is
vulnerable ...)
+ TODO: check
CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
@@ -12443,8 +12504,8 @@ CVE-2022-46626
RESERVED
CVE-2022-46625
RESERVED
-CVE-2022-46624
- RESERVED
+CVE-2022-46624 (A cross-site scripting (XSS) vulnerability in Online Graduate
Tracer S ...)
+ TODO: check
CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a
SQL injec ...)
NOT-FOR-US: Judging Management System
CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging
Management Syste ...)
@@ -14104,8 +14165,8 @@ CVE-2022-46130
RESERVED
CVE-2022-46129
RESERVED
-CVE-2022-46128
- RESERVED
+CVE-2022-46128 (phpgurukul Doctor Appointment Management System V 1.0.0 is
vulnerable ...)
+ TODO: check
CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection
via /hs ...)
NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection
via /hs ...)
@@ -15056,8 +15117,8 @@ CVE-2022-45732
RESERVED
CVE-2022-45731
RESERVED
-CVE-2022-45730
- RESERVED
+CVE-2022-45730 (A cross-site scripting (XSS) vulnerability in Doctor
Appointment Manag ...)
+ TODO: check
CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor
Appointment Manag ...)
NOT-FOR-US: Doctor Appointment Management System
CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to
contain ...)
@@ -15584,8 +15645,8 @@ CVE-2022-4094
RESERVED
CVE-2022-4093 (SQL injection attacks can result in unauthorized access to
sensitive d ...)
- dolibarr <removed>
-CVE-2022-4092
- RESERVED
+CVE-2022-4092 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
CVE-2022-44608 (Uncontrolled resource consumption vulnerability in Cybozu
Remote Servi ...)
NOT-FOR-US: Cybozu
CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
@@ -15722,8 +15783,7 @@ CVE-2022-4055 (When xdg-mail is configured to use
thunderbird for mailto URLs, i
- xdg-utils <unfixed> (bug #1027160)
NOTE:
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
-CVE-2022-4054
- RESERVED
+CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-45462 (Alarm instance management has command injection when there is
a specif ...)
NOT-FOR-US: Apache DolphinScheduler
@@ -17220,8 +17280,7 @@ CVE-2022-3904 (The MonsterInsights WordPress plugin
before 8.9.1 does not saniti
CVE-2022-3903 (An incorrect read request flaw was found in the Infrared
Transceiver U ...)
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
-CVE-2022-3902
- RESERVED
+CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-3901
RESERVED
@@ -19413,8 +19472,7 @@ CVE-2022-3821 (An off-by-one Error issue was discovered
in Systemd in format_tim
NOTE: https://github.com/systemd/systemd/pull/23933
NOTE:
https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
(v252-rc1)
NOTE:
https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7
(v251.3)
-CVE-2022-3820
- RESERVED
+CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
@@ -20964,8 +21022,7 @@ CVE-2022-3742
RESERVED
CVE-2022-3741 (Impact varies for each individual vulnerability in the
application. Fo ...)
NOT-FOR-US: chatwoot
-CVE-2022-3740
- RESERVED
+CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-3739
RESERVED
@@ -24459,8 +24516,7 @@ CVE-2022-3574 (The WPForms Pro WordPress plugin before
1.7.7 does not validate i
NOT-FOR-US: WordPress plugin
CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2022-3572
- RESERVED
+CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
- gitlab <unfixed>
CVE-2022-3571
RESERVED
@@ -24744,20 +24800,25 @@ CVE-2022-43254 (GPAC
v2.1-DEV-rev368-gfd054169b-master was discovered to contain
NOTE:
https://github.com/gpac/gpac/commit/4520e38aa030f059264c69b426bd8133206fbfe6
NOTE: Negligible security impact
CVE-2022-43253 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/348
CVE-2022-43252 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/347
CVE-2022-43251
RESERVED
CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/346
CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 <unfixed> (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/345
CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/349
CVE-2022-43247
@@ -24765,36 +24826,47 @@ CVE-2022-43247
CVE-2022-43246
RESERVED
CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation
violation via ...)
+ {DLA-3280-1}
- libde265 <unfixed> (bug #1029357)
NOTE: https://github.com/strukturag/libde265/issues/352
CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/342
CVE-2022-43243 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/339
CVE-2022-43242 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/340
CVE-2022-43241 (Libde265 v1.0.8 was discovered to contain an unknown crash via
ff_hevc ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/338
CVE-2022-43240 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/335
CVE-2022-43239 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/341
CVE-2022-43238 (Libde265 v1.0.8 was discovered to contain an unknown crash via
ff_hevc ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/338
CVE-2022-43237 (Libde265 v1.0.8 was discovered to contain a
stack-buffer-overflow vuln ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/344
CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain a
stack-buffer-overflow vuln ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/343
CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ {DLA-3280-1}
- libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/337
CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments
component o ...)
@@ -25800,8 +25872,7 @@ CVE-2022-3484 (The WPB Show Core WordPress plugin
through TODO does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2022-3482
- RESERVED
+CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all
version ...)
- gitlab <unfixed>
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does
not prop ...)
NOT-FOR-US: WordPress plugin
@@ -25849,8 +25920,7 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka
krb5) before 1.19.4 and 1.20.
NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows
unauthe ...)
NOT-FOR-US: Array Networks
-CVE-2022-3478
- RESERVED
+CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2
allows arbi ...)
{DLA-3277-1}
@@ -28333,8 +28403,8 @@ CVE-2022-41943 (sourcegraph is a code intelligence
platform. As a site admin it
NOT-FOR-US: Sourcegraph
CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior
to 4.1. ...)
NOT-FOR-US: Sourcegraph
-CVE-2022-41941
- RESERVED
+CVE-2022-41941 (GLPI is a Free Asset and IT Management Software package.
Versions 10.0 ...)
+ TODO: check
CVE-2022-41940 (Engine.IO is the implementation of transport-based
cross-browser/cross ...)
NOT-FOR-US: Engine.io
CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the
developme ...)
@@ -33193,10 +33263,10 @@ CVE-2022-40039
RESERVED
CVE-2022-40038
RESERVED
-CVE-2022-40037
- RESERVED
-CVE-2022-40036
- RESERVED
+CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote
attacker to ...)
+ TODO: check
+CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an
attacker to ...)
+ TODO: check
CVE-2022-40035
RESERVED
CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen
blog-ssm v1. ...)
@@ -71951,8 +72021,8 @@ CVE-2022-26331 (Potential vulnerabilities have been
identified in Micro Focus Ar
NOT-FOR-US: Micro Focus
CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus
ArcSight ...)
NOT-FOR-US: Micro Focus
-CVE-2022-26329
- RESERVED
+CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity
Manager plug ...)
+ TODO: check
CVE-2022-26328
RESERVED
CVE-2022-26327
@@ -72791,8 +72861,8 @@ CVE-2022-25964
RESERVED
CVE-2022-25963
RESERVED
-CVE-2022-25962
- RESERVED
+CVE-2022-25962 (All versions of the package vagrant.js are vulnerable to
Command Injec ...)
+ TODO: check
CVE-2022-25961
RESERVED
CVE-2022-25956
@@ -72841,8 +72911,8 @@ CVE-2022-25929 (The package smoothie from 1.31.0 and
before 1.36.1 are vulnerabl
TODO: check
CVE-2022-25928
RESERVED
-CVE-2022-25927
- RESERVED
+CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before
0.7.33, fr ...)
+ TODO: check
CVE-2022-25926 (Versions of the package window-control before 1.4.5 are
vulnerable to ...)
TODO: check
CVE-2022-25925
@@ -72898,8 +72968,8 @@ CVE-2022-25896 (This affects the package passport
before 0.6.0. When a user logs
NOTE: https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to
Directory Tr ...)
TODO: check
-CVE-2022-25894
- RESERVED
+CVE-2022-25894 (All versions of the package com.bstek.uflo:uflo-core are
vulnerable to ...)
+ TODO: check
CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code
Executi ...)
NOT-FOR-US: Node vm2
CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before
3.1.1; all v ...)
@@ -72923,8 +72993,8 @@ CVE-2022-25884
RESERVED
CVE-2022-25883
RESERVED
-CVE-2022-25882
- RESERVED
+CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to
Directory ...)
+ TODO: check
CVE-2022-25881
RESERVED
CVE-2022-25879
@@ -72997,8 +73067,8 @@ CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0
are vulnerable to Cross-
NOT-FOR-US: joyqi/hyper-down
CVE-2022-25848 (This affects all versions of package static-dev-server. This
is becaus ...)
TODO: check
-CVE-2022-25847
- RESERVED
+CVE-2022-25847 (All versions of the package serve-lite are vulnerable to
Cross-site Sc ...)
+ TODO: check
CVE-2022-25846
RESERVED
CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable
to Deser ...)
@@ -73176,8 +73246,8 @@ CVE-2022-22138 (All versions of package
fast-string-search are vulnerable to Den
NOT-FOR-US: Node fast-string-search
CVE-2022-21811
RESERVED
-CVE-2022-21810
- RESERVED
+CVE-2022-21810 (All versions of the package smartctl are vulnerable to Command
Injecti ...)
+ TODO: check
CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the
memory en ...)
NOT-FOR-US: node nconf
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to
Cross-site Script ...)
@@ -73224,8 +73294,8 @@ CVE-2022-21208 (The package node-opcua before 2.74.0
are vulnerable to Denial of
NOT-FOR-US: node-opcua/node-opcua
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular
Expression ...)
NOT-FOR-US: AlexFlipnote/url_regex
-CVE-2022-21192
- RESERVED
+CVE-2022-21192 (All versions of the package serve-lite are vulnerable to
Directory Tra ...)
+ TODO: check
CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are
vulnerabl ...)
TODO: check
CVE-2022-21190 (This affects the package convict before 6.2.3. This is a
bypass of [CV ...)
@@ -136396,8 +136466,8 @@ CVE-2021-28512
RESERVED
CVE-2021-28511 (This advisory documents the impact of an internally found
vulnerabilit ...)
NOT-FOR-US: Arista
-CVE-2021-28510
- RESERVED
+CVE-2021-28510 (For certain systems running EOS, a Precision Time Protocol
(PTP) packe ...)
+ TODO: check
CVE-2021-28509 (This advisory documents the impact of an internally found
vulnerabilit ...)
NOT-FOR-US: Arista
CVE-2021-28508 (This advisory documents the impact of an internally found
vulnerabilit ...)
@@ -184503,16 +184573,19 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap
buffer overflow in the de265_ima
NOTE: https://github.com/strukturag/libde265/issues/235
NOTE:
https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25
(v1.0.9)
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the
ff_hevc_put_unw ...)
+ {DLA-3280-1}
- libde265 1.0.9-1 (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the
mc_chroma funct ...)
+ {DLA-3280-1}
- libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the
decode_CABAC_ ...)
+ {DLA-3280-1}
- libde265 <unfixed> (bug #1029397)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
@@ -191360,12 +191433,12 @@ CVE-2020-18333
RESERVED
CVE-2020-18332
RESERVED
-CVE-2020-18331
- RESERVED
+CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless
Router m ...)
+ TODO: check
CVE-2020-18330
RESERVED
-CVE-2020-18329
- RESERVED
+CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb
card BIOS v ...)
+ TODO: check
CVE-2020-18328
RESERVED
CVE-2020-18327 (Cross Site Scripting (XSS) vulnerability exists in Alfresco
Alfresco C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890f5de06c671523a921bc092803562c38720236
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890f5de06c671523a921bc092803562c38720236
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
