[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 24 Mar 2023 13:10:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
13fd774a by security tracker role at 2023-03-24T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2023-28857
+       RESERVED
+CVE-2023-28856
+       RESERVED
+CVE-2023-28855
+       RESERVED
+CVE-2023-28854
+       RESERVED
+CVE-2023-28853
+       RESERVED
+CVE-2023-28852
+       RESERVED
+CVE-2023-28851
+       RESERVED
+CVE-2023-28850
+       RESERVED
+CVE-2023-28849
+       RESERVED
+CVE-2023-28848
+       RESERVED
+CVE-2023-28847
+       RESERVED
+CVE-2023-28846
+       RESERVED
+CVE-2023-28845
+       RESERVED
+CVE-2023-28844
+       RESERVED
+CVE-2023-28843
+       RESERVED
+CVE-2023-28842
+       RESERVED
+CVE-2023-28841
+       RESERVED
+CVE-2023-28840
+       RESERVED
+CVE-2023-28839
+       RESERVED
+CVE-2023-28838
+       RESERVED
+CVE-2023-28837
+       RESERVED
+CVE-2023-28836
+       RESERVED
+CVE-2023-28835
+       RESERVED
+CVE-2023-28834
+       RESERVED
+CVE-2023-28833
+       RESERVED
+CVE-2023-28832
+       RESERVED
+CVE-2023-28831
+       RESERVED
+CVE-2023-28830
+       RESERVED
+CVE-2023-28829
+       RESERVED
+CVE-2023-28828
+       RESERVED
+CVE-2023-28827
+       RESERVED
+CVE-2023-28379
+       RESERVED
+CVE-2023-27395
+       RESERVED
+CVE-2023-22325
+       RESERVED
+CVE-2023-22308
+       RESERVED
+CVE-2023-1624
+       RESERVED
+CVE-2023-1623
+       RESERVED
+CVE-2023-1622
+       RESERVED
+CVE-2023-1621
+       RESERVED
+CVE-2023-1620
+       RESERVED
+CVE-2023-1619
+       RESERVED
+CVE-2023-1618
+       RESERVED
+CVE-2023-1617
+       RESERVED
+CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It 
has bee ...)
+       TODO: check
+CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8. 
lib/nlattr.c a ...)
+       TODO: check
+CVE-2016-15030
+       RESERVED
+CVE-2015-10097
+       RESERVED
 CVE-2023-28821
        RESERVED
 CVE-2023-28820
@@ -2233,10 +2327,10 @@ CVE-2023-1357 (A vulnerability, which was classified as 
critical, has been found
        NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
 CVE-2023-28153
        RESERVED
-CVE-2023-28152
-       RESERVED
-CVE-2023-28151
-       RESERVED
+CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 
1.1.110. The A ...)
+       TODO: check
+CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 
1.1.110 ...)
+       TODO: check
 CVE-2023-28150
        RESERVED
 CVE-2023-28149
@@ -3866,10 +3960,10 @@ CVE-2023-27603
        RESERVED
 CVE-2023-27602
        RESERVED
-CVE-2023-1177
-       RESERVED
-CVE-2023-1176
-       RESERVED
+CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository 
mlflow/mlflow prio ...)
+       TODO: check
+CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow 
prior to 2. ...)
+       TODO: check
 CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository 
vim/vim prio ...)
        - vim 2:9.0.1378-1
        [bullseye] - vim <no-dsa> (Minor issue)
@@ -5028,8 +5122,8 @@ CVE-2023-27244
        RESERVED
 CVE-2023-27243
        RESERVED
-CVE-2023-27242
-       RESERVED
+CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to 
contain a ...)
+       TODO: check
 CVE-2023-27241
        RESERVED
 CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command 
injection v ...)
@@ -12013,8 +12107,8 @@ CVE-2023-24627
        RESERVED
 CVE-2023-24626
        RESERVED
-CVE-2023-24625
-       RESERVED
+CVE-2023-24625 (Faveo 5.0.1 allows remote attackers to obtain sensitive 
information vi ...)
+       TODO: check
 CVE-2023-24624
        RESERVED
 CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is 
equivalent to th ...)
@@ -22605,8 +22699,7 @@ CVE-2022-47504 (SolarWinds Platform was susceptible to 
the Deserialization of Un
        NOT-FOR-US: SolarWinds
 CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of 
Untruste ...)
        NOT-FOR-US: SolarWinds
-CVE-2022-47502
-       RESERVED
+CVE-2022-47502 (Apache OpenOffice documents can contain links that call 
internal macro ...)
        NOT-FOR-US: Apache OpenOffice
 CVE-2022-47501
        RESERVED
@@ -38611,8 +38704,8 @@ CVE-2022-42949 (Silverstripe silverstripe/subsites 
through 2.6.0 has Insecure Pe
        NOT-FOR-US: Silverstripe
 CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in 
releases  ...)
        NOT-FOR-US: Mikrotik
-CVE-2022-42948
-       RESERVED
+CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when 
they are d ...)
+       TODO: check
 CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk 
Maya 2023  ...)
        NOT-FOR-US: Autodesk
 CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force 
Autodesk Maya ...)
@@ -40301,21 +40394,25 @@ CVE-2022-42336
 CVE-2022-42335
        RESERVED
 CVE-2022-42334 (x86/HVM pinned cache attributes mis-handling T[his CNA 
information rec ...)
+       {DSA-5378-1}
        - xen <unfixed> (bug #1033297)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
        NOTE: https://xenbits.xen.org/xsa/advisory-428.html
 CVE-2022-42333 (x86/HVM pinned cache attributes mis-handling T[his CNA 
information rec ...)
+       {DSA-5378-1}
        - xen <unfixed> (bug #1033297)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
        NOTE: https://xenbits.xen.org/xsa/advisory-428.html
 CVE-2022-42332 (x86 shadow plus log-dirty mode use-after-free In environments 
where ho ...)
+       {DSA-5378-1}
        - xen <unfixed> (bug #1033297)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/1
        NOTE: https://xenbits.xen.org/xsa/advisory-427.html
 CVE-2022-42331 (x86: speculative vulnerability in 32bit SYSCALL path Due to an 
oversig ...)
+       {DSA-5378-1}
        - xen <unfixed> (bug #1033297)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/3
@@ -49725,8 +49822,7 @@ CVE-2022-38747
        RESERVED
 CVE-2022-38746
        RESERVED
-CVE-2022-38745
-       RESERVED
+CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to 
add an e ...)
        NOT-FOR-US: Apache OpenOffice
 CVE-2022-2993 (There is an error in the condition of the last if-statement in 
the fun ...)
        NOT-FOR-US: zephyr-rtos
@@ -56662,7 +56758,7 @@ CVE-2022-36277
        RESERVED
 CVE-2022-36276
        RESERVED
-CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly 
escape u ...)
+CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly 
escape us ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all 
versions befor ...)
        - gitlab <not-affected> (Specific to EE)
@@ -78709,8 +78805,8 @@ CVE-2022-28497 (TOTOLink outdoor CPE CP900 
V6.3c.566_B20171026 is discovered to
        NOT-FOR-US: TOTOLINK
 CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to 
contain a ...)
        NOT-FOR-US: TOTOLINK
-CVE-2022-28495
-       RESERVED
+CVE-2022-28495 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered 
to contai ...)
+       TODO: check
 CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered 
to contai ...)
        NOT-FOR-US: TOTOLINK
 CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers 
to start  ...)
@@ -93431,6 +93527,7 @@ CVE-2022-23825 (Aliases in the branch predictor may 
cause some AMD processors to
        NOTE: https://xenbits.xen.org/xsa/advisory-422.html
        NOTE: 
https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf
 CVE-2022-23824 (IBPB may not prevent return branch predictions from being 
specified by ...)
+       {DSA-5378-1}
        - xen 4.16.2+90-g0d39a6d1ae-1
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://xenbits.xen.org/xsa/advisory-422.html
@@ -94720,7 +94817,7 @@ CVE-2022-0275
        RESERVED
 CVE-2022-23398
        RESERVED
-CVE-2022-23397 (The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a 
call to ...)
+CVE-2022-23397 (** DISPUTED ** The Cedar Gate EZ-NET portal 6.5.5 6.8.0 
Internet porta ...)
        NOT-FOR-US: Cedar Gate EZ-NET portal
 CVE-2022-23396
        RESERVED
@@ -115597,8 +115694,8 @@ CVE-2021-41831 (It is possible for an attacker to 
manipulate the timestamp of si
        NOT-FOR-US: Apache OpenOffice
 CVE-2021-41830 (It is possible for an attacker to manipulate signed documents 
and macr ...)
        NOT-FOR-US: Apache OpenOffice
-CVE-2021-3844
-       RESERVED
+CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration 
when an  ...)
+       TODO: check
 CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM 
in some ...)
        NOT-FOR-US: Lenovo
 CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fd774a84b4f40660873b3fbf5dcf86dcd0c330

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fd774a84b4f40660873b3fbf5dcf86dcd0c330
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to