Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f1e8a752 by security tracker role at 2023-01-26T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-24576
+ RESERVED
+CVE-2023-24575
+ RESERVED
+CVE-2023-24574
+ RESERVED
+CVE-2023-24573
+ RESERVED
+CVE-2023-24572
+ RESERVED
+CVE-2023-24571
+ RESERVED
+CVE-2023-24570
+ RESERVED
+CVE-2023-24569
+ RESERVED
+CVE-2023-24568
+ RESERVED
+CVE-2023-24567
+ RESERVED
+CVE-2023-24566
+ RESERVED
+CVE-2023-24565
+ RESERVED
+CVE-2023-24564
+ RESERVED
+CVE-2023-24563
+ RESERVED
+CVE-2023-24562
+ RESERVED
+CVE-2023-24561
+ RESERVED
+CVE-2023-24560
+ RESERVED
+CVE-2023-24559
+ RESERVED
+CVE-2023-24558
+ RESERVED
+CVE-2023-24557
+ RESERVED
+CVE-2023-24556
+ RESERVED
+CVE-2023-24555
+ RESERVED
+CVE-2023-24554
+ RESERVED
+CVE-2023-24553
+ RESERVED
+CVE-2023-24552
+ RESERVED
+CVE-2023-24551
+ RESERVED
+CVE-2023-24550
+ RESERVED
+CVE-2023-24549
+ RESERVED
+CVE-2023-24548
+ RESERVED
+CVE-2023-24547
+ RESERVED
+CVE-2023-24546
+ RESERVED
+CVE-2023-24545
+ RESERVED
+CVE-2023-0517
+ RESERVED
+CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours &
Travels ...)
+ TODO: check
+CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours &
Travels ...)
+ TODO: check
+CVE-2023-0514
+ RESERVED
+CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to
4.0.1 a ...)
+ TODO: check
+CVE-2023-0512
+ RESERVED
+CVE-2023-0511
+ RESERVED
+CVE-2023-0510
+ RESERVED
CVE-2023-24540
RESERVED
CVE-2023-24539
@@ -220,15 +300,19 @@ CVE-2023-0476 (A LDAP injection vulnerability exists in
Tenable.sc due to improp
CVE-2023-0475
RESERVED
CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to
109.0.5414.119 a ...)
+ {DSA-5328-1}
- chromium 109.0.5414.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0473 (Type Confusion in ServiceWorker API in Google Chrome prior to
109.0.54 ...)
+ {DSA-5328-1}
- chromium 109.0.5414.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0472 (Use after free in WebRTC in Google Chrome prior to
109.0.5414.119 allo ...)
+ {DSA-5328-1}
- chromium 109.0.5414.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to
109.0.5414.11 ...)
+ {DSA-5328-1}
- chromium 109.0.5414.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0470
@@ -921,20 +1005,20 @@ CVE-2023-24172
RESERVED
CVE-2023-24171
RESERVED
-CVE-2023-24170
- RESERVED
-CVE-2023-24169
- RESERVED
+CVE-2023-24170 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/f ...)
+ TODO: check
+CVE-2023-24169 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/F ...)
+ TODO: check
CVE-2023-24168
RESERVED
-CVE-2023-24167
- RESERVED
-CVE-2023-24166
- RESERVED
-CVE-2023-24165
- RESERVED
-CVE-2023-24164
- RESERVED
+CVE-2023-24167 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/a ...)
+ TODO: check
+CVE-2023-24166 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/f ...)
+ TODO: check
+CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/i ...)
+ TODO: check
+CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/F ...)
+ TODO: check
CVE-2023-24163
RESERVED
CVE-2023-24162
@@ -1285,6 +1369,7 @@ CVE-2023-0431
CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute
arbitrary ...)
- yii <itp> (bug #597899)
CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in
ModSecurity before ...)
+ {DLA-3283-1}
- modsecurity-apache 2.9.7-1 (bug #1029329)
[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
@@ -1422,6 +1507,7 @@ CVE-2022-4894
CVE-2022-4893
RESERVED
CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP
multipart reque ...)
+ {DLA-3283-1}
- modsecurity-apache 2.9.6-1
[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
- modsecurity 3.0.8-1
@@ -2404,8 +2490,8 @@ CVE-2023-23621
RESERVED
CVE-2023-23620
RESERVED
-CVE-2023-23619
- RESERVED
+CVE-2023-23619 (Modelina is a library for generating data models based on
inputs such ...)
+ TODO: check
CVE-2023-23618
RESERVED
CVE-2023-23617
@@ -2414,8 +2500,8 @@ CVE-2023-23616
RESERVED
CVE-2023-23615
RESERVED
-CVE-2023-23614
- RESERVED
+CVE-2023-23614 (Pi-hole®'s Web interface (based off of AdminLTE) provides
a centr ...)
+ TODO: check
CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search
engine. In ...)
NOT-FOR-US: OpenSearch
CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search
engine. Op ...)
@@ -4148,8 +4234,8 @@ CVE-2023-22973
RESERVED
CVE-2023-22972
RESERVED
-CVE-2023-22971
- RESERVED
+CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network
Systems Rou ...)
+ TODO: check
CVE-2023-22970
RESERVED
CVE-2023-22969
@@ -5146,8 +5232,8 @@ CVE-2023-22741 (Sofia-SIP is an open-source SIP
User-Agent library, compliant wi
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
CVE-2023-22740
RESERVED
-CVE-2023-22739
- RESERVED
+CVE-2023-22739 (Discourse is an open source platform for community discussion.
Version ...)
+ TODO: check
CVE-2023-22738
RESERVED
CVE-2023-22737
@@ -6287,8 +6373,8 @@ CVE-2023-22470 (Nextcloud Deck is a kanban style
organization tool aimed at pers
NOT-FOR-US: Deck
CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal
planning an ...)
NOT-FOR-US: Deck
-CVE-2023-22468
- RESERVED
+CVE-2023-22468 (Discourse is an open source platform for community discussion.
Version ...)
+ TODO: check
CVE-2023-22467 (Luxon is a library for working with dates and times in
JavaScript. On ...)
NOT-FOR-US: Luxon
CVE-2023-22466 (Tokio is a runtime for writing applications with Rust.
Starting with v ...)
@@ -9576,7 +9662,7 @@ CVE-2022-4586 (A vulnerability classified as problematic
was found in Opencachin
NOT-FOR-US: Opencaching Deutschland oc-server3
CVE-2022-4585 (A vulnerability classified as problematic has been found in
Opencachin ...)
NOT-FOR-US: Opencaching Deutschland oc-server3
-CVE-2022-4584 (A vulnerability was found in Axiomatic Bento4. It has been
rated as cr ...)
+CVE-2022-4584 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639.
It has ...)
NOT-FOR-US: Bento4
CVE-2022-4583 (A vulnerability was found in jLEMS. It has been declared as
critical. ...)
NOT-FOR-US: jLEMS
@@ -17158,6 +17244,7 @@ CVE-2022-3926 (The WP OAuth Server (OAuth
Authentication) WordPress plugin befor
CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3924 (This issue can affect BIND 9 resolvers with
`stale-answer-enable yes;` ...)
+ {DSA-5329-1}
- bind9 1:9.18.11-1
NOTE: https://kb.isc.org/docs/cve-2022-3924
CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through
1.9.6 does ...)
@@ -20430,8 +20517,8 @@ CVE-2022-44299
RESERVED
CVE-2022-44298
RESERVED
-CVE-2022-44297
- RESERVED
+CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the
background. ...)
+ TODO: check
CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL
Injection via ...)
NOT-FOR-US: Sanitization Management System
CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL
Injection via ...)
@@ -21666,6 +21753,7 @@ CVE-2022-43960
CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server
settings in ...)
TODO: check
CVE-2022-3736 (BIND 9 resolver can crash when stale cache and stale answers
are enabl ...)
+ {DSA-5329-1}
- bind9 1:9.18.11-1
NOTE: https://kb.isc.org/docs/cve-2022-3736
CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated
as crit ...)
@@ -27246,116 +27334,116 @@ CVE-2022-42425
RESERVED
CVE-2022-42424
RESERVED
-CVE-2022-42423
- RESERVED
+CVE-2022-42423 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2022-42422
RESERVED
-CVE-2022-42421
- RESERVED
-CVE-2022-42420
- RESERVED
-CVE-2022-42419
- RESERVED
-CVE-2022-42418
- RESERVED
-CVE-2022-42417
- RESERVED
-CVE-2022-42416
- RESERVED
-CVE-2022-42415
- RESERVED
-CVE-2022-42414
- RESERVED
-CVE-2022-42413
- RESERVED
-CVE-2022-42412
- RESERVED
-CVE-2022-42411
- RESERVED
-CVE-2022-42410
- RESERVED
-CVE-2022-42409
- RESERVED
-CVE-2022-42408
- RESERVED
-CVE-2022-42407
- RESERVED
-CVE-2022-42406
- RESERVED
-CVE-2022-42405
- RESERVED
-CVE-2022-42404
- RESERVED
-CVE-2022-42403
- RESERVED
-CVE-2022-42402
- RESERVED
-CVE-2022-42401
- RESERVED
-CVE-2022-42400
- RESERVED
-CVE-2022-42399
- RESERVED
-CVE-2022-42398
- RESERVED
-CVE-2022-42397
- RESERVED
-CVE-2022-42396
- RESERVED
-CVE-2022-42395
- RESERVED
-CVE-2022-42394
- RESERVED
-CVE-2022-42393
- RESERVED
-CVE-2022-42392
- RESERVED
-CVE-2022-42391
- RESERVED
-CVE-2022-42390
- RESERVED
-CVE-2022-42389
- RESERVED
-CVE-2022-42388
- RESERVED
-CVE-2022-42387
- RESERVED
-CVE-2022-42386
- RESERVED
-CVE-2022-42385
- RESERVED
-CVE-2022-42384
- RESERVED
-CVE-2022-42383
- RESERVED
-CVE-2022-42382
- RESERVED
-CVE-2022-42381
- RESERVED
-CVE-2022-42380
- RESERVED
-CVE-2022-42379
- RESERVED
-CVE-2022-42378
- RESERVED
-CVE-2022-42377
- RESERVED
-CVE-2022-42376
- RESERVED
-CVE-2022-42375
- RESERVED
-CVE-2022-42374
- RESERVED
-CVE-2022-42373
- RESERVED
-CVE-2022-42372
- RESERVED
-CVE-2022-42371
- RESERVED
-CVE-2022-42370
- RESERVED
-CVE-2022-42369
- RESERVED
+CVE-2022-42421 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42420 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42419 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42418 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42417 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42416 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42415 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42414 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42413 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42412 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42411 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42410 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42409 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42408 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42407 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42406 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42405 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42404 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42403 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42402 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42401 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42400 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42399 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42398 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42397 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42396 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42395 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42394 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42393 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42392 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42391 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42390 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42389 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42388 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42387 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42386 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42385 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42384 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42383 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42382 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42381 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42380 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42379 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42378 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42377 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42376 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42375 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-42374 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42373 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42372 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42371 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42370 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-42369 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
CVE-2022-42368
RESERVED
CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
@@ -28594,6 +28682,7 @@ CVE-2022-41905 (WsgiDAV is a generic and extendable
WebDAV server based on WSGI.
CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is
based o ...)
NOT-FOR-US: Element iOS
CVE-2022-41903 (Git is distributed revision control system. `git log` can
display comm ...)
+ {DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE:
https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2
@@ -30655,34 +30744,34 @@ CVE-2022-41157 (A specific file on the sERP server if
Kyungrinara(ERP solution)
NOT-FOR-US: Kyungrinara
CVE-2022-41156 (Remote code execution vulnerability due to insufficient
verification o ...)
NOT-FOR-US: OndiskPlayerAgent
-CVE-2022-41153
- RESERVED
-CVE-2022-41152
- RESERVED
-CVE-2022-41151
- RESERVED
-CVE-2022-41150
- RESERVED
-CVE-2022-41149
- RESERVED
-CVE-2022-41148
- RESERVED
-CVE-2022-41147
- RESERVED
-CVE-2022-41146
- RESERVED
-CVE-2022-41145
- RESERVED
-CVE-2022-41144
- RESERVED
-CVE-2022-41143
- RESERVED
-CVE-2022-41142
- RESERVED
-CVE-2022-41141
- RESERVED
-CVE-2022-41140
- RESERVED
+CVE-2022-41153 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-41152 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41151 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41150 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41149 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41148 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41147 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41146 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-41145 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-41144 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41143 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-41142 (This vulnerability allows remote attackers to escalate
privileges on a ...)
+ TODO: check
+CVE-2022-41141 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
+CVE-2022-41140 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript
Reflect A ...)
- qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant)
- qtdeclarative-opensource-src <unfixed> (unimportant)
@@ -31664,14 +31753,14 @@ CVE-2022-40722
RESERVED
CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
NOT-FOR-US: php uploader
-CVE-2022-40720
- RESERVED
-CVE-2022-40719
- RESERVED
-CVE-2022-40718
- RESERVED
-CVE-2022-40717
- RESERVED
+CVE-2022-40720 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2022-40719 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2022-40718 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2022-40717 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4,
and 1.13. ...)
- consul <unfixed> (bug #1027161)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
@@ -35408,6 +35497,7 @@ CVE-2022-3096 (The WP Total Hacks WordPress plugin
through 4.7.2 does not preven
CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class
for vers ...)
NOT-FOR-US: Dart language (different from src:dart)
CVE-2022-3094 (Sending a flood of dynamic DNS updates may cause `named` to
allocate l ...)
+ {DSA-5329-1}
- bind9 1:9.18.11-1
NOTE: https://kb.isc.org/docs/cve-2022-3094
CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in
HelpSystems C ...)
@@ -37514,13 +37604,13 @@ CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before
1.1.7 doesn't check the RSA
- rhonabwy 1.1.7-1
[bullseye] - rhonabwy <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399
-CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and
2022.1.109.0.03 ...)
+CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and
2022.1.109.0.03. ...)
NOT-FOR-US: EasyVista
CVE-2022-38491 (An issue was discovered in EasyVista 2020.2.125.3 and
2022.1.109.0.03. ...)
NOT-FOR-US: EasyVista
CVE-2022-38490 (An issue was discovered in EasyVista 2020.2.125.3 and
2022.1.109.0.03. ...)
NOT-FOR-US: EasyVista
-CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 before
2022.1.110.1. ...)
+CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 and
2022.1.109.0.03 ...)
NOT-FOR-US: EasyVista
CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL
injection via t ...)
NOT-FOR-US: logrocket-oauth2-example
@@ -81139,6 +81229,7 @@ CVE-2022-23523 (In versions prior to 0.8.1, the
linux-loader crate uses the offs
CVE-2022-23522
RESERVED
CVE-2022-23521 (Git is distributed revision control system. gitattributes are
a mechan ...)
+ {DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE:
https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24
@@ -115614,8 +115705,8 @@ CVE-2021-36688
RESERVED
CVE-2021-36687
RESERVED
-CVE-2021-36686
- RESERVED
+CVE-2021-36686 (Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows
attacker ...)
+ TODO: check
CVE-2021-36685
RESERVED
CVE-2021-36684
@@ -115913,8 +116004,8 @@ CVE-2021-36541
RESERVED
CVE-2021-36540
RESERVED
-CVE-2021-36539
- RESERVED
+CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to
locked/unpublish ...)
+ TODO: check
CVE-2021-36538
RESERVED
CVE-2021-36537
@@ -182738,8 +182829,8 @@ CVE-2020-22454
RESERVED
CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple
functions that s ...)
NOT-FOR-US: Untis WebUntis
-CVE-2020-22452
- RESERVED
+CVE-2020-22452 (SQL Injection vulnerability in function getTableCreationQuery
in Creat ...)
+ TODO: check
CVE-2020-22451
RESERVED
CVE-2020-22450
@@ -182993,8 +183084,8 @@ CVE-2020-22329
RESERVED
CVE-2020-22328
RESERVED
-CVE-2020-22327
- RESERVED
+CVE-2020-22327 (An issue was discovered in HFish 0.5.1. When a payload is
inserted whe ...)
+ TODO: check
CVE-2020-22326
RESERVED
CVE-2020-22325
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1e8a75293ab084e06f4129b435f03abb98a220f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1e8a75293ab084e06f4129b435f03abb98a220f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
