Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1621c56a by security tracker role at 2022-12-29T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2023-22500
+ RESERVED
+CVE-2023-22499
+ RESERVED
+CVE-2023-22498
+ RESERVED
+CVE-2023-22497
+ RESERVED
+CVE-2023-22496
+ RESERVED
+CVE-2023-22495
+ RESERVED
+CVE-2023-22494
+ RESERVED
+CVE-2023-22493
+ RESERVED
+CVE-2023-22492
+ RESERVED
+CVE-2023-22491
+ RESERVED
+CVE-2023-22490
+ RESERVED
+CVE-2023-22489
+ RESERVED
+CVE-2023-22488
+ RESERVED
+CVE-2023-22487
+ RESERVED
+CVE-2023-22486
+ RESERVED
+CVE-2023-22485
+ RESERVED
+CVE-2023-22484
+ RESERVED
+CVE-2023-22483
+ RESERVED
+CVE-2023-22482
+ RESERVED
+CVE-2023-22481
+ RESERVED
+CVE-2023-22480
+ RESERVED
+CVE-2023-22479
+ RESERVED
+CVE-2023-22478
+ RESERVED
+CVE-2023-22477
+ RESERVED
+CVE-2023-22476
+ RESERVED
+CVE-2023-0027
+ RESERVED
+CVE-2022-4854
+ RESERVED
+CVE-2022-4853
+ RESERVED
+CVE-2022-4852
+ RESERVED
+CVE-2022-4851 (Improper Handling of Values in GitHub repository usememos/memos
prior ...)
+ TODO: check
+CVE-2022-4850 (Cross-Site Request Forgery (CSRF) in GitHub repository
usememos/memos ...)
+ TODO: check
+CVE-2022-4849 (Cross-Site Request Forgery (CSRF) in GitHub repository
usememos/memos ...)
+ TODO: check
+CVE-2022-4848 (Improper Verification of Source of a Communication Channel in
GitHub r ...)
+ TODO: check
+CVE-2022-4847 (Incorrectly Specified Destination in a Communication Channel in
GitHub ...)
+ TODO: check
+CVE-2022-4846 (Cross-Site Request Forgery (CSRF) in GitHub repository
usememos/memos ...)
+ TODO: check
+CVE-2022-4845 (Cross-Site Request Forgery (CSRF) in GitHub repository
usememos/memos ...)
+ TODO: check
+CVE-2022-4844 (Cross-Site Request Forgery (CSRF) in GitHub repository
usememos/memos ...)
+ TODO: check
+CVE-2022-4843 (NULL Pointer Dereference in GitHub repository radareorg/radare2
prior ...)
+ TODO: check
+CVE-2022-4842
+ RESERVED
+CVE-2022-4841 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
+ TODO: check
+CVE-2022-4840 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
+ TODO: check
+CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
+ TODO: check
+CVE-2022-4838
+ RESERVED
+CVE-2022-4837
+ RESERVED
+CVE-2022-4836
+ RESERVED
+CVE-2022-4835
+ RESERVED
+CVE-2022-4834
+ RESERVED
+CVE-2022-4833
+ RESERVED
+CVE-2022-4832
+ RESERVED
+CVE-2022-4831
+ RESERVED
+CVE-2022-4830
+ RESERVED
+CVE-2022-4829
+ RESERVED
+CVE-2022-4828
+ RESERVED
+CVE-2022-4827
+ RESERVED
+CVE-2022-4826
+ RESERVED
+CVE-2022-4825
+ RESERVED
+CVE-2022-4824
+ RESERVED
+CVE-2022-48190
+ RESERVED
+CVE-2022-48189
+ RESERVED
+CVE-2022-48188
+ RESERVED
+CVE-2022-48187
+ RESERVED
+CVE-2022-48186
+ RESERVED
+CVE-2022-48185
+ RESERVED
+CVE-2022-48184
+ RESERVED
+CVE-2022-48183
+ RESERVED
+CVE-2022-48182
+ RESERVED
+CVE-2022-48181
+ RESERVED
+CVE-2022-48180
+ RESERVED
+CVE-2022-48179
+ RESERVED
+CVE-2021-4296 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2021-4295 (A vulnerability classified as problematic was found in ONC
code-valida ...)
+ TODO: check
+CVE-2018-25058 (A vulnerability classified as problematic has been found in
Twitter-Po ...)
+ TODO: check
CVE-2023-22475
RESERVED
CVE-2023-22474
@@ -7619,14 +7763,14 @@ CVE-2022-46183
RESERVED
CVE-2022-46182
RESERVED
-CVE-2022-46181
- RESERVED
+CVE-2022-46181 (Gotify server is a simple server for sending and receiving
messages in ...)
+ TODO: check
CVE-2022-46180
RESERVED
CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions
of a re ...)
TODO: check
-CVE-2022-46178
- RESERVED
+CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing
platform, cov ...)
+ TODO: check
CVE-2022-46177
RESERVED
CVE-2022-46176
@@ -11740,7 +11884,8 @@ CVE-2022-44723
RESERVED
CVE-2022-44722
RESERVED
-CVE-2022-44721 (CrowdStrike Falcon 6.44.15806 allows an administrative
attacker to uni ...)
+CVE-2022-44721
+ REJECTED
NOT-FOR-US: CrowdStrike Falcon
CVE-2022-44720
RESERVED
@@ -21901,6 +22046,7 @@ CVE-2022-41976
CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before
6.22.826 on Win ...)
NOT-FOR-US: RealVNC
CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local
users to ...)
+ {DLA-3250-1}
- multipath-tools 0.9.4-1 (bug #1022742)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
NOTE:
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
@@ -21913,6 +22059,7 @@ CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x
before 0.9.2 allows local us
NOTE:
https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f
(0.9.2)
NOTE:
https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316
(0.9.2)
CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local
users to ...)
+ {DLA-3250-1}
- multipath-tools 0.9.4-1 (bug #1022742)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
NOTE:
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
@@ -33387,7 +33534,7 @@ CVE-2022-37618
RESERVED
CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in
resolve- ...)
NOT-FOR-US: Node browserify-shim
-CVE-2022-37616 (** DISPUTED ** A prototype pollution vulnerability exists in
the funct ...)
+CVE-2022-37616 (A prototype pollution vulnerability exists in the function
copy in dom ...)
{DLA-3154-1}
- node-xmldom 0.8.3-1 (bug #1021618)
[bullseye] - node-xmldom 0.5.0-1+deb11u1
@@ -55369,7 +55516,7 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote
code execution via an in
NOTE: Only supported for trusted users/behind auth, see
README.debian.security
CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in
Fishbow ...)
NOT-FOR-US: Fishbowl Inventory
-CVE-2022-29804 (In filepath.Clean in path/filepath in Go before 1.17.11 and
1.18.x bef ...)
+CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid,
absolute paths ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -60264,7 +60411,7 @@ CVE-2022-28133 (Jenkins Bitbucket Server Integration
Plugin 3.1.0 and earlier do
NOT-FOR-US: Jenkins plugin
CVE-2022-28132
RESERVED
-CVE-2022-28131 (In Decoder.Skip in encoding/xml in Go before 1.17.12 and
1.18.x before ...)
+CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before
Go 1.17. ...)
- golang-1.18 1.18.4-1
- golang-1.15 <removed>
- golang-1.11 <removed>
@@ -159843,7 +159990,7 @@ CVE-2020-28367 (Code injection in the go command with
cgo before Go 1.14.12 and
[stretch] - golang-1.7 <ignored> (validation of cgo flags first
introduced in golang-1.8 / CVE-2018-6574)
NOTE:
https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
NOTE: https://github.com/golang/go/issues/42556
-CVE-2020-28366 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Code
Injection. ...)
+CVE-2020-28366 (Code injection in the go command with cgo before Go 1.14.12
and Go 1.1 ...)
- golang-1.15 1.15.5-1
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1621c56a9290d2ca21423f349f3b64737d0ef713
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1621c56a9290d2ca21423f349f3b64737d0ef713
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
