Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c69a2538 by security tracker role at 2023-02-09T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-25641
+ RESERVED
+CVE-2023-25640
+ RESERVED
+CVE-2023-25639
+ RESERVED
+CVE-2023-25638
+ RESERVED
+CVE-2023-25637
+ RESERVED
+CVE-2023-25636
+ RESERVED
+CVE-2023-25635
+ RESERVED
+CVE-2023-25634
+ RESERVED
+CVE-2023-25633
+ RESERVED
+CVE-2023-25632
+ RESERVED
+CVE-2023-25631
+ RESERVED
+CVE-2023-25630
+ RESERVED
+CVE-2023-25629
+ RESERVED
+CVE-2023-25628
+ RESERVED
+CVE-2023-25627
+ RESERVED
+CVE-2023-25626
+ RESERVED
+CVE-2023-25625
+ RESERVED
+CVE-2023-25624
+ RESERVED
+CVE-2023-25623
+ RESERVED
+CVE-2023-25622
+ RESERVED
+CVE-2023-25621
+ RESERVED
+CVE-2023-25620
+ RESERVED
+CVE-2023-25619
+ RESERVED
+CVE-2023-25618
+ RESERVED
+CVE-2023-25617
+ RESERVED
+CVE-2023-25616
+ RESERVED
+CVE-2023-25615
+ RESERVED
+CVE-2023-25614
+ RESERVED
+CVE-2023-25613
+ RESERVED
+CVE-2023-0767
+ RESERVED
+CVE-2023-0766
+ RESERVED
+CVE-2023-0765
+ RESERVED
+CVE-2023-0764
+ RESERVED
+CVE-2023-0763
+ RESERVED
+CVE-2023-0762
+ RESERVED
+CVE-2023-0761
+ RESERVED
+CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to V2. ...)
+ TODO: check
+CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit
prior to 2. ...)
+ TODO: check
+CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and
classified a ...)
+ TODO: check
+CVE-2023-0757
+ RESERVED
+CVE-2022-4904
+ RESERVED
+CVE-2022-4903
+ RESERVED
+CVE-2015-10077
+ RESERVED
CVE-2023-25612
RESERVED
CVE-2023-25177
@@ -50,8 +136,8 @@ CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub
repository btcpayse
NOT-FOR-US: btcpayserver
CVE-2023-0746
RESERVED
-CVE-2023-0745
- RESERVED
+CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc.
Yugabyte Manag ...)
+ TODO: check
CVE-2022-48321
RESERVED
CVE-2022-48320
@@ -1564,7 +1650,8 @@ CVE-2023-25002
RESERVED
CVE-2023-25001
RESERVED
-CVE-2023-0634 (An uncontrolled process operation was found in the newgrp
command prov ...)
+CVE-2023-0634
+ REJECTED
- shadow <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166544
NOTE: https://github.com/shadow-maint/shadow/pull/642
@@ -1588,8 +1675,8 @@ CVE-2023-0626
RESERVED
CVE-2023-0625
RESERVED
-CVE-2023-0624
- RESERVED
+CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to
obtain arbit ...)
+ TODO: check
CVE-2023-0623
RESERVED
CVE-2023-0622
@@ -2066,8 +2153,8 @@ CVE-2023-24817
RESERVED
CVE-2023-24816
RESERVED
-CVE-2023-24815
- RESERVED
+CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web
applications i ...)
+ TODO: check
CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework
released ...)
NOT-FOR-US: Typo3
CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the
differen ...)
@@ -2109,10 +2196,10 @@ CVE-2023-0577
RESERVED
CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
- yugabyte-db <itp> (bug #989673)
-CVE-2023-0575
- RESERVED
-CVE-2023-0574
- RESERVED
+CVE-2023-0575 (External Control of Critical State Data, Improper Control of
Generatio ...)
+ TODO: check
+CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled
Modification ...)
+ TODO: check
CVE-2022-48305
RESERVED
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
@@ -2536,40 +2623,40 @@ CVE-2023-0568
RESERVED
CVE-2023-0567
RESERVED
-CVE-2022-48302
- RESERVED
-CVE-2022-48301
- RESERVED
-CVE-2022-48300
- RESERVED
-CVE-2022-48299
- RESERVED
-CVE-2022-48298
- RESERVED
-CVE-2022-48297
- RESERVED
-CVE-2022-48296
- RESERVED
-CVE-2022-48295
- RESERVED
-CVE-2022-48294
- RESERVED
-CVE-2022-48293
- RESERVED
-CVE-2022-48292
- RESERVED
+CVE-2022-48302 (The AMS module has a vulnerability of lacking permission
verification ...)
+ TODO: check
+CVE-2022-48301 (The bundle management module lacks permission verification in
some API ...)
+ TODO: check
+CVE-2022-48300 (The WMS module lacks the authentication mechanism in some
APIs. Succes ...)
+ TODO: check
+CVE-2022-48299 (The WMS module lacks the authentication mechanism in some
APIs. Succes ...)
+ TODO: check
+CVE-2022-48298 (The geofencing kernel code does not verify the length of the
input dat ...)
+ TODO: check
+CVE-2022-48297 (The geofencing kernel code has a vulnerability of not
verifying the le ...)
+ TODO: check
+CVE-2022-48296 (The SystemUI has a vulnerability in permission management.
Successful ...)
+ TODO: check
+CVE-2022-48295 (The IHwAntiMalPlugin interface lacks permission verification.
Successf ...)
+ TODO: check
+CVE-2022-48294 (The IHwAttestationService interface has a defect in
authentication. Su ...)
+ TODO: check
+CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful
exploitation ...)
+ TODO: check
+CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability.
Success ...)
+ TODO: check
CVE-2022-48291
RESERVED
-CVE-2022-48290
- RESERVED
-CVE-2022-48289
- RESERVED
-CVE-2022-48288
- RESERVED
-CVE-2022-48287
- RESERVED
-CVE-2022-48286
- RESERVED
+CVE-2022-48290 (The phone-PC collaboration module has a logic bypass
vulnerability. Su ...)
+ TODO: check
+CVE-2022-48289 (The bundle management module lacks authentication and control
mechanis ...)
+ TODO: check
+CVE-2022-48288 (The bundle management module lacks authentication and control
mechanis ...)
+ TODO: check
+CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability.
Successful exp ...)
+ TODO: check
+CVE-2022-48286 (The multi-screen collaboration module has a privilege
escalation vulne ...)
+ TODO: check
CVE-2023-24607
RESERVED
CVE-2023-24606
@@ -4832,8 +4919,8 @@ CVE-2022-46303
RESERVED
CVE-2022-46302
RESERVED
-CVE-2022-43440
- RESERVED
+CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29
Checkmk b ...)
+ TODO: check
CVE-2021-4314 (It is possible to manipulate the JWT token without the
knowledge of th ...)
NOT-FOR-US: Zowe
CVE-2017-20174 (A vulnerability was found in bastianallgeier Kirby Webmentions
Plugin ...)
@@ -7107,8 +7194,8 @@ CVE-2023-22955
RESERVED
CVE-2023-22954
RESERVED
-CVE-2023-22953
- RESERVED
+CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be
achieve ...)
+ TODO: check
CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can
inject cu ...)
NOT-FOR-US: SugarCRM
CVE-2023-22951
@@ -7679,7 +7766,7 @@ CVE-2023-0117
CVE-2023-0116
RESERVED
CVE-2023-0115 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
- REJECTED
+ TODO: check
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated
as prob ...)
NOT-FOR-US: CapsAdmin PAC3
CVE-2021-4309 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -8565,7 +8652,7 @@ CVE-2023-22611 (A CWE-200: Exposure of Sensitive
Information to an Unauthorized
CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that
could caus ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2023-22609
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29948
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a984f112b015b7d33c3c91230eb4c35695926539
(binutils-2_40)
@@ -8577,31 +8664,31 @@ CVE-2023-22608
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09
(binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22607
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29914
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=42f39fdedcf3321cab9964945d3f5bca58967b80
(binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22606
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29908
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa501b69309ccb03ec957101f24109ed7f737733
(binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22605
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29893
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=956bc7a29fd952d709db29667b38f98cdd3db4c9
(binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22604
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29872
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f58a399cf3f946983398cdfe52d0eaa72bf877
(binutils-2_40)
NOTE: binutils not covered by security support
CVE-2023-22603
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29870
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f58a399cf3f946983398cdfe52d0eaa72bf877
(binutils-2_40)
@@ -9782,7 +9869,7 @@ CVE-2022-47977
RESERVED
CVE-2022-47976 (The DMSDP module of the distributed hardware has a
vulnerability that ...)
NOT-FOR-US: Huawei
-CVE-2022-47975 (The DUBAI module has a double free vulnerability.Successful
exploitati ...)
+CVE-2022-47975 (The DUBAI module has a double free vulnerability. Successful
exploitat ...)
NOT-FOR-US: Huawei
CVE-2022-47974 (The Bluetooth AVRCP module has a vulnerability that can lead
to DoS at ...)
NOT-FOR-US: Huawei
@@ -19258,72 +19345,72 @@ CVE-2023-21453
RESERVED
CVE-2023-21452
RESERVED
-CVE-2023-21451
- RESERVED
-CVE-2023-21450
- RESERVED
+CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList
in SECRI ...)
+ TODO: check
+CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation +
prior to v ...)
+ TODO: check
CVE-2023-21449
RESERVED
-CVE-2023-21448
- RESERVED
-CVE-2023-21447
- RESERVED
-CVE-2023-21446
- RESERVED
-CVE-2023-21445
- RESERVED
-CVE-2023-21444
- RESERVED
-CVE-2023-21443
- RESERVED
-CVE-2023-21442
- RESERVED
-CVE-2023-21441
- RESERVED
-CVE-2023-21440
- RESERVED
-CVE-2023-21439
- RESERVED
-CVE-2023-21438
- RESERVED
-CVE-2023-21437
- RESERVED
-CVE-2023-21436
- RESERVED
-CVE-2023-21435
- RESERVED
-CVE-2023-21434
- RESERVED
-CVE-2023-21433
- RESERVED
-CVE-2023-21432
- RESERVED
-CVE-2023-21431
- RESERVED
-CVE-2023-21430
- RESERVED
-CVE-2023-21429
- RESERVED
-CVE-2023-21428
- RESERVED
-CVE-2023-21427
- RESERVED
-CVE-2023-21426
- RESERVED
-CVE-2023-21425
- RESERVED
-CVE-2023-21424
- RESERVED
-CVE-2023-21423
- RESERVED
-CVE-2023-21422
- RESERVED
-CVE-2023-21421
- RESERVED
-CVE-2023-21420
- RESERVED
-CVE-2023-21419
- RESERVED
+CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version
5.3.0.3 ...)
+ TODO: check
+CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior
to vers ...)
+ TODO: check
+CVE-2023-21446 (Improper input validation in MyFiles prior to version 12.2.09
in Andro ...)
+ TODO: check
+CVE-2023-21445 (Improper access control vulnerability in MyFiles prior to
versions 12. ...)
+ TODO: check
+CVE-2023-21444 (Improper cryptographic implementation in Samsung Flow for PC
4.9.14.0 ...)
+ TODO: check
+CVE-2023-21443 (Improper cryptographic implementation in Samsung Flow for
Android prio ...)
+ TODO: check
+CVE-2023-21442 (Improper access control vulnerability in Runestone application
prior t ...)
+ TODO: check
+CVE-2023-21441 (Insufficient Verification of Data Authenticity vulnerability
in Routin ...)
+ TODO: check
+CVE-2023-21440 (Improper access control vulnerability in WindowManagerService
prior to ...)
+ TODO: check
+CVE-2023-21439 (Improper input validation vulnerability in
UwbDataTxStatusEvent prior ...)
+ TODO: check
+CVE-2023-21438 (Improper logic in HomeScreen prior to SMR Feb-2023 Release 1
allows ph ...)
+ TODO: check
+CVE-2023-21437 (Improper access control vulnerability in Phone application
prior to SM ...)
+ TODO: check
+CVE-2023-21436 (Improper usage of implicit intent in Contacts prior to SMR
Feb-2023 Re ...)
+ TODO: check
+CVE-2023-21435 (Exposure of Sensitive Information vulnerability in Fingerprint
TA prio ...)
+ TODO: check
+CVE-2023-21434 (Improper input validation vulnerability in Galaxy Store prior
to versi ...)
+ TODO: check
+CVE-2023-21433 (Improper access control vulnerability in Galaxy Store prior to
version ...)
+ TODO: check
+CVE-2023-21432 (Improper access control vulnerabilities in Smart Things prior
to 1.7.9 ...)
+ TODO: check
+CVE-2023-21431 (Improper input validation in Bixby Vision prior to version
3.7.70.17 a ...)
+ TODO: check
+CVE-2023-21430 (An out-of-bound read vulnerability in mapToBuffer function in
libSDKRe ...)
+ TODO: check
+CVE-2023-21429 (Improper usage of implict intent in ePDG prior to SMR JAN-2023
Release ...)
+ TODO: check
+CVE-2023-21428 (Improper input validation vulnerability in TelephonyUI prior
to SMR Ja ...)
+ TODO: check
+CVE-2023-21427 (Improper access control vulnerability in NfcTile prior to SMR
Jan-2023 ...)
+ TODO: check
+CVE-2023-21426 (Hardcoded AES key to encrypt cardemulation PINs in NFC prior
to SMR Ja ...)
+ TODO: check
+CVE-2023-21425 (Improper access control vulnerability in telecom application
prior to ...)
+ TODO: check
+CVE-2023-21424 (Improper Handling of Insufficient Permissions or Privileges
vulnerabil ...)
+ TODO: check
+CVE-2023-21423 (Improper authorization vulnerability in ChnFileShareKit prior
to SMR J ...)
+ TODO: check
+CVE-2023-21422 (Improper authorization vulnerability in semAddPublicDnsAddr in
WifiSev ...)
+ TODO: check
+CVE-2023-21421 (Improper Handling of Insufficient Permissions or Privileges
vulnerabil ...)
+ TODO: check
+CVE-2023-21420 (Use of Externally-Controlled Format String vulnerabilities in
STST TA ...)
+ TODO: check
+CVE-2023-21419 (An improper implementation logic in Secure Folder prior to SMR
Jan-202 ...)
+ TODO: check
CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto
reported memor ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
@@ -62672,8 +62759,8 @@ CVE-2022-30566
RESERVED
CVE-2022-30565
RESERVED
-CVE-2022-30564
- RESERVED
+CVE-2022-30564 (Some Dahua embedded products have a vulnerability of
unauthorized modi ...)
+ TODO: check
CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the
request ...)
NOT-FOR-US: Dahua
CVE-2022-30562 (If the user enables the https function on the device, an
attacker can ...)
@@ -101813,9 +101900,9 @@ CVE-2021-42795
CVE-2021-42794
RESERVED
CVE-2021-42793
- RESERVED
+ REJECTED
CVE-2021-42792
- RESERVED
+ REJECTED
CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The
HTTP req ...)
NOT-FOR-US: VeridiumID
CVE-2021-42790
@@ -107620,7 +107707,7 @@ CVE-2021-41066 (An issue was discovered in Listary
through 6. When Listary is co
CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can
create a ...)
NOT-FOR-US: Listary
CVE-2021-41064
- RESERVED
+ REJECTED
CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView
Webserv ...)
NOT-FOR-US: Aanderaa GeoView Webservice
CVE-2021-41062
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69a2538b8f4dd90d45c7cfffd6395a088afd118
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69a2538b8f4dd90d45c7cfffd6395a088afd118
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
