Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0245ecc0 by security tracker role at 2022-12-27T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2023-22417
+ RESERVED
+CVE-2023-22416
+ RESERVED
+CVE-2023-22415
+ RESERVED
+CVE-2023-22414
+ RESERVED
+CVE-2023-22413
+ RESERVED
+CVE-2023-22412
+ RESERVED
+CVE-2023-22411
+ RESERVED
+CVE-2023-22410
+ RESERVED
+CVE-2023-22409
+ RESERVED
+CVE-2023-22408
+ RESERVED
+CVE-2023-22407
+ RESERVED
+CVE-2023-22406
+ RESERVED
+CVE-2023-22405
+ RESERVED
+CVE-2023-22404
+ RESERVED
+CVE-2023-22403
+ RESERVED
+CVE-2023-22402
+ RESERVED
+CVE-2023-22401
+ RESERVED
+CVE-2023-22400
+ RESERVED
+CVE-2023-22399
+ RESERVED
+CVE-2023-22398
+ RESERVED
+CVE-2023-22397
+ RESERVED
+CVE-2023-22396
+ RESERVED
+CVE-2023-22395
+ RESERVED
+CVE-2023-22394
+ RESERVED
+CVE-2023-22393
+ RESERVED
+CVE-2023-22392
+ RESERVED
+CVE-2023-22391
+ RESERVED
+CVE-2023-22366
+ RESERVED
+CVE-2023-22357
+ RESERVED
+CVE-2023-22317
+ RESERVED
+CVE-2023-22314
+ RESERVED
+CVE-2023-22277
+ RESERVED
+CVE-2023-0026
+ RESERVED
+CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected
XSS via ...)
+ TODO: check
+CVE-2022-47967
+ RESERVED
+CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to
0.9.1. ...)
+ TODO: check
+CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to
4.5.5. I ...)
+ TODO: check
+CVE-2022-4765
+ RESERVED
+CVE-2022-4764
+ RESERVED
+CVE-2022-4763
+ RESERVED
+CVE-2022-4762
+ RESERVED
+CVE-2022-4761
+ RESERVED
+CVE-2022-4760
+ RESERVED
+CVE-2022-4759
+ RESERVED
+CVE-2022-4758
+ RESERVED
+CVE-2022-4757
+ RESERVED
+CVE-2022-4756
+ RESERVED
+CVE-2022-4755 (A vulnerability was found in FlatPress and classified as
problematic. ...)
+ TODO: check
+CVE-2022-4754
+ RESERVED
+CVE-2022-4753
+ RESERVED
+CVE-2022-4752
+ RESERVED
+CVE-2022-4751
+ RESERVED
+CVE-2022-4750
+ RESERVED
+CVE-2022-4749
+ RESERVED
+CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified
as crit ...)
+ TODO: check
+CVE-2022-4747
+ RESERVED
+CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS
openmrs ...)
+ TODO: check
+CVE-2021-4288 (A vulnerability was found in OpenMRS
openmrs-module-referenceapplicati ...)
+ TODO: check
+CVE-2021-4287 (A vulnerability, which was classified as problematic, was found
in ReF ...)
+ TODO: check
+CVE-2021-4286 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2021-4285 (A vulnerability classified as problematic was found in Nagios
NCPA. Th ...)
+ TODO: check
+CVE-2021-4284 (A vulnerability classified as problematic has been found in
OpenMRS HT ...)
+ TODO: check
+CVE-2021-4283 (A vulnerability was found in FreeBPX voicemail. It has been
rated as p ...)
+ TODO: check
+CVE-2021-4282 (A vulnerability was found in FreePBX voicemail. It has been
declared a ...)
+ TODO: check
+CVE-2020-36634 (A vulnerability classified as problematic has been found in
Indeed Eng ...)
+ TODO: check
+CVE-2020-36633 (A vulnerability was found in moodle-block_sitenews 1.0. It has
been cl ...)
+ TODO: check
+CVE-2019-25090 (A vulnerability was found in FreePBX arimanager up to 13.0.5.3
and cla ...)
+ TODO: check
+CVE-2019-25089 (A vulnerability has been found in Morgawr Muon 0.1.1 and
classified as ...)
+ TODO: check
+CVE-2019-25088 (A vulnerability was found in ytti Oxidized Web. It has been
classified ...)
+ TODO: check
+CVE-2019-25087 (A vulnerability was found in RamseyK httpserver. It has been
rated as ...)
+ TODO: check
+CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to
1.5.0. It ...)
+ TODO: check
+CVE-2018-25049 (A vulnerability was found in email-existence. It has been
rated as pro ...)
+ TODO: check
+CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has
been classi ...)
+ TODO: check
CVE-2022-47966
RESERVED
CVE-2022-4746
@@ -1182,9 +1328,9 @@ CVE-2022-4617 (Cross-site Scripting (XSS) - Reflected in
GitHub repository micro
NOT-FOR-US: microweber
CVE-2022-47579
RESERVED
-CVE-2022-47578 (An issue was discovered in the endpoint protection agent in
Zoho Manag ...)
+CVE-2022-47578 (** DISPUTED ** An issue was discovered in the endpoint
protection agen ...)
NOT-FOR-US: Zoho
-CVE-2022-47577 (An issue was discovered in the endpoint protection agent in
Zoho Manag ...)
+CVE-2022-47577 (** DISPUTED ** An issue was discovered in the endpoint
protection agen ...)
NOT-FOR-US: Zoho
CVE-2022-4616
RESERVED
@@ -8729,30 +8875,30 @@ CVE-2022-3996 (If an X.509 certificate contains a
malformed policy constraint an
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7
CVE-2022-45435
RESERVED
-CVE-2022-45434
- RESERVED
-CVE-2022-45433
- RESERVED
-CVE-2022-45432
- RESERVED
-CVE-2022-45431
- RESERVED
-CVE-2022-45430
- RESERVED
-CVE-2022-45429
- RESERVED
-CVE-2022-45428
- RESERVED
-CVE-2022-45427
- RESERVED
-CVE-2022-45426
- RESERVED
-CVE-2022-45425
- RESERVED
-CVE-2022-45424
- RESERVED
-CVE-2022-45423
- RESERVED
+CVE-2022-45434 (Some Dahua software products have a vulnerability of
unauthenticated u ...)
+ TODO: check
+CVE-2022-45433 (Some Dahua software products have a vulnerability of
unauthenticated t ...)
+ TODO: check
+CVE-2022-45432 (Some Dahua software products have a vulnerability of
unauthenticated s ...)
+ TODO: check
+CVE-2022-45431 (Some Dahua software products have a vulnerability of
unauthenticated r ...)
+ TODO: check
+CVE-2022-45430 (Some Dahua software products have a vulnerability of
unauthenticated e ...)
+ TODO: check
+CVE-2022-45429 (Some Dahua software products have a vulnerability of
server-side reque ...)
+ TODO: check
+CVE-2022-45428 (Some Dahua software products have a vulnerability of sensitive
informa ...)
+ TODO: check
+CVE-2022-45427 (Some Dahua software products have a vulnerability of
unrestricted uplo ...)
+ TODO: check
+CVE-2022-45426 (Some Dahua software products have a vulnerability of
unrestricted down ...)
+ TODO: check
+CVE-2022-45425 (Some Dahua software products have a vulnerability of using of
hard-cod ...)
+ TODO: check
+CVE-2022-45424 (Some Dahua software products have a vulnerability of
unauthenticated r ...)
+ TODO: check
+CVE-2022-45423 (Some Dahua software products have a vulnerability of
unauthenticated r ...)
+ TODO: check
CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is
possibl ...)
NOT-FOR-US: LG
CVE-2022-45122 (Cross-site scripting vulnerability in Movable Type Movable
Type 7 r.53 ...)
@@ -23793,7 +23939,7 @@ CVE-2022-40899 (An issue discovered in Python Charmers
Future 0.18.2 and earlier
TODO: check
CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel
0.37.1 ...)
TODO: check
-CVE-2022-40897 (An issue discovered in Python Packaging Authority (PyPA)
setuptools 65 ...)
+CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1
allows remo ...)
TODO: check
CVE-2022-40896
RESERVED
@@ -25551,8 +25697,8 @@ CVE-2022-3158 (Rockwell Automation FactoryTalk
VantagePoint versions 8.0, 8.10,
NOT-FOR-US: Rockwell Automation
CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers
that all ...)
NOT-FOR-US: Rockwell
-CVE-2022-3156
- RESERVED
+CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell
Automation St ...)
+ TODO: check
CVE-2022-40175
RESERVED
CVE-2022-40174
@@ -26492,7 +26638,7 @@ CVE-2022-3110 (An issue was discovered in the Linux
kernel through 5.16-rc6. _rt
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
-CVE-2022-3109 (An issue was discovered in the FFmpeg through 3.0.
vp3_decode_frame in ...)
+CVE-2022-3109 (An issue was discovered in the FFmpeg package, where
vp3_decode_frame ...)
- ffmpeg 7:5.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
@@ -98629,7 +98775,7 @@ CVE-2021-40405 (A denial of service vulnerability
exists in the cgiserver.cgi Up
CVE-2021-40404 (An authentication bypass vulnerability exists in the
cgiserver.cgi Log ...)
NOT-FOR-US: Reolink
CVE-2021-40403 (An information disclosure vulnerability exists in the
pick-and-place r ...)
- {DLA-3210-1}
+ {DSA-5306-1 DLA-3210-1}
- gerbv 2.9.2-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
NOTE: https://github.com/gerbv/gerbv/issues/82
@@ -98640,7 +98786,7 @@ CVE-2021-40402 (An out-of-bounds read vulnerability
exists in the RS-274X apertu
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
NOTE: Crash in GUI tool, no security impact
CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture
definiti ...)
- {DLA-3210-1}
+ {DSA-5306-1 DLA-3210-1}
- gerbv 2.9.2-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
NOTE: Fixed by:
https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069
(v2.9.0-rc.1)
@@ -98663,6 +98809,7 @@ CVE-2021-40396 (A privilege escalation vulnerability
exists in the installation
CVE-2021-40395
REJECTED
CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X
aperture ma ...)
+ {DSA-5306-1}
- gerbv 2.8.1-1
[buster] - gerbv <no-dsa> (Minor issue)
[stretch] - gerbv <no-dsa> (Minor issue)
@@ -98670,6 +98817,7 @@ CVE-2021-40394 (An out-of-bounds write vulnerability
exists in the RS-274X apert
NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28
NOTE:
https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f
(v2.8.1-rc.1)
CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X
aperture ma ...)
+ {DSA-5306-1}
- gerbv 2.8.2-1
[buster] - gerbv <no-dsa> (Minor issue)
[stretch] - gerbv <no-dsa> (Minor issue)
@@ -120003,7 +120151,7 @@ CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1
does not properly implement t
- bitcoin <unfixed> (bug #1014166)
NOTE:
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876
NOTE:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
-CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously
formed JSO ...)
+CVE-2021-31875 (** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a
malicio ...)
NOT-FOR-US: Cesanta MongooseOS mJS
CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare
situations, ...)
NOT-FOR-US: Zoho
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0245ecc017a7c8ea3ef5a68e24380f6f91d5982d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0245ecc017a7c8ea3ef5a68e24380f6f91d5982d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
