Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20036c8d by security tracker role at 2023-01-09T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-22883
+ RESERVED
+CVE-2023-22882
+ RESERVED
+CVE-2023-22881
+ RESERVED
+CVE-2023-22880
+ RESERVED
+CVE-2023-22879
+ RESERVED
+CVE-2023-22878
+ RESERVED
+CVE-2023-22877
+ RESERVED
+CVE-2023-22876
+ RESERVED
+CVE-2023-22875
+ RESERVED
+CVE-2023-22874
+ RESERVED
+CVE-2023-22873
+ RESERVED
+CVE-2023-22872
+ RESERVED
+CVE-2023-22871
+ RESERVED
+CVE-2023-22870
+ RESERVED
+CVE-2023-22869
+ RESERVED
+CVE-2023-22868
+ RESERVED
+CVE-2023-22867
+ RESERVED
+CVE-2023-22866
+ RESERVED
+CVE-2023-22865
+ RESERVED
+CVE-2023-22864
+ RESERVED
+CVE-2023-22863
+ RESERVED
+CVE-2023-22862
+ RESERVED
+CVE-2023-22861
+ RESERVED
+CVE-2023-22860
+ RESERVED
+CVE-2023-22859
+ RESERVED
+CVE-2023-22459
+ RESERVED
+CVE-2023-0122
+ RESERVED
+CVE-2023-0121
+ RESERVED
+CVE-2023-0120
+ RESERVED
+CVE-2023-0119
+ RESERVED
+CVE-2023-0118
+ RESERVED
+CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32
and < ...)
+ TODO: check
+CVE-2022-4883
+ RESERVED
+CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has
been r ...)
+ TODO: check
+CVE-2022-48250
+ RESERVED
+CVE-2022-48249
+ RESERVED
+CVE-2022-48248
+ RESERVED
+CVE-2022-48247
+ RESERVED
+CVE-2022-48246
+ RESERVED
+CVE-2022-48245
+ RESERVED
+CVE-2022-48244
+ RESERVED
+CVE-2022-48243
+ RESERVED
+CVE-2022-48242
+ RESERVED
+CVE-2022-48241
+ RESERVED
+CVE-2022-48240
+ RESERVED
+CVE-2022-48239
+ RESERVED
+CVE-2022-48238
+ RESERVED
+CVE-2022-48237
+ RESERVED
+CVE-2022-48236
+ RESERVED
+CVE-2022-48235
+ RESERVED
+CVE-2022-48234
+ RESERVED
+CVE-2022-48233
+ RESERVED
+CVE-2022-48232
+ RESERVED
+CVE-2022-48231
+ RESERVED
+CVE-2022-48230
+ RESERVED
+CVE-2022-46285
+ RESERVED
+CVE-2022-44617
+ RESERVED
+CVE-2021-4311 (A vulnerability classified as problematic was found in Talend
Open Stu ...)
+ TODO: check
+CVE-2021-4310 (A vulnerability was found in 01-Scripts 01-Artikelsystem. It
has been ...)
+ TODO: check
+CVE-2017-20165 (A vulnerability classified as problematic has been found in
debug-js d ...)
+ TODO: check
+CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been
declared as pr ...)
+ TODO: check
+CVE-2010-10004 (A vulnerability was found in Information Cards Module and
classified a ...)
+ TODO: check
CVE-2023-22858
RESERVED
CVE-2023-22857
@@ -1385,8 +1509,8 @@ CVE-2023-22479
RESERVED
CVE-2023-22478
RESERVED
-CVE-2023-22477
- RESERVED
+CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of
Mercurius unt ...)
+ TODO: check
CVE-2023-22476
RESERVED
CVE-2023-0027
@@ -1494,10 +1618,10 @@ CVE-2023-22475 (Canarytokens is an open source tool
which helps track activity a
NOT-FOR-US: canarytokens
CVE-2023-22474
RESERVED
-CVE-2023-22473
- RESERVED
-CVE-2023-22472
- RESERVED
+CVE-2023-22473 (Talk-Android enables users to have video & audio calls
through Nex ...)
+ TODO: check
+CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal
planning an ...)
+ TODO: check
CVE-2023-22471
RESERVED
CVE-2023-22470
@@ -1524,7 +1648,6 @@ CVE-2023-22461 (The `sanitize-svg` package, a small SVG
sanitizer to prevent cro
CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary
Linked Data ( ...)
TODO: check
NOT-FOR-US: go-ipld-prime
- RESERVED
CVE-2023-22458
RESERVED
CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages
using CKEd ...)
@@ -3115,8 +3238,8 @@ CVE-2022-47792
RESERVED
CVE-2022-47791
RESERVED
-CVE-2022-47790
- RESERVED
+CVE-2022-47790 (Sourcecodester Dynamic Transaction Queuing System v1.0 is
vulnerable t ...)
+ TODO: check
CVE-2022-47789
RESERVED
CVE-2022-47788
@@ -7230,8 +7353,7 @@ CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0
through 6.2.7.18, 7.0.5.0 thr
NOT-FOR-US: IBM
CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x
through ...)
NOT-FOR-US: qubes-mirage-firewall
-CVE-2022-46769
- RESERVED
+CVE-2022-46769 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Apache Sling
CVE-2022-4346
RESERVED
@@ -9060,8 +9182,8 @@ CVE-2022-46260
RESERVED
CVE-2022-46259
RESERVED
-CVE-2022-46258
- RESERVED
+CVE-2022-46258 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
CVE-2022-46257
RESERVED
CVE-2022-46256 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
@@ -9939,7 +10061,7 @@ CVE-2022-45884 (An issue was discovered in the Linux
kernel through 6.0.9. drive
- linux <unfixed>
NOTE:
https://lore.kernel.org/linux-media/[email protected]/
CVE-2022-45883
- RESERVED
+ REJECTED
CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability.
PIN code i ...)
NOT-FOR-US: OpenHarmony
CVE-2022-45875 (Improper validation of script alert plugin parameters in
Apache Dolphi ...)
@@ -12959,7 +13081,7 @@ CVE-2022-44879
RESERVED
CVE-2022-44878
RESERVED
-CVE-2022-44877 (RESERVED An issue in the /login/index.php component of Centos
Web Pane ...)
+CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web
Panel) 7 b ...)
NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
CVE-2022-44876
RESERVED
@@ -16783,8 +16905,8 @@ CVE-2022-43976
RESERVED
CVE-2022-43975
RESERVED
-CVE-2022-43974
- RESERVED
+CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in
matrixSslDeco ...)
+ TODO: check
CVE-2022-43973
RESERVED
CVE-2022-43972
@@ -18846,6 +18968,7 @@ CVE-2021-46850 (myVesta Control Panel before
0.9.8-26-43 and Vesta Control Panel
CVE-2021-46849
REJECTED
CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array
size check ...)
+ {DLA-3263-1}
- libtasn1-6 4.19.0-2
[bullseye] - libtasn1-6 4.16.0-2+deb11u1
NOTE:
https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5
(v4.19.0)
@@ -37072,18 +37195,18 @@ CVE-2022-36932
RESERVED
CVE-2022-36931
RESERVED
-CVE-2022-36930
- RESERVED
-CVE-2022-36929
- RESERVED
-CVE-2022-36928
- RESERVED
-CVE-2022-36927
- RESERVED
-CVE-2022-36926
- RESERVED
-CVE-2022-36925
- RESERVED
+CVE-2022-36930 (Zoom Rooms for Windows installers before version 5.13.0
contain a loca ...)
+ TODO: check
+CVE-2022-36929 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains
a local ...)
+ TODO: check
+CVE-2022-36928 (Zoom for Android clients before version 5.13.0 contain a path
traversa ...)
+ TODO: check
+CVE-2022-36927 (Zoom Rooms for macOS clients before version 5.11.3 contain a
local pri ...)
+ TODO: check
+CVE-2022-36926 (Zoom Rooms for macOS clients before version 5.11.3 contain a
local pri ...)
+ TODO: check
+CVE-2022-36925 (Zoom Rooms for macOS clients before version 5.11.4 contain an
insecure ...)
+ TODO: check
CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains
a local ...)
NOT-FOR-US: Zoom
CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP,
Network Co ...)
@@ -41264,8 +41387,8 @@ CVE-2022-35283 (IBM Security Verify Information Queue
10.0.2 could allow an auth
NOT-FOR-US: IBM
CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
NOT-FOR-US: IBM
-CVE-2022-35281
- RESERVED
+CVE-2022-35281 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the
IBM Maxi ...)
+ TODO: check
CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does
not req ...)
NOT-FOR-US: IBM
CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1,
18.0.0.2, 19.0.0 ...)
@@ -43876,8 +43999,7 @@ CVE-2022-2198 (The WPQA Builder WordPress plugin before
5.7 which is a companion
NOT-FOR-US: WordPress plugin
CVE-2022-2197 (By using a specific credential string, an attacker with network
access ...)
NOT-FOR-US: Exemys
-CVE-2022-2196 [KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS]
- RESERVED
+CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that
allowed ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
@@ -76239,10 +76361,10 @@ CVE-2022-23511 (A privilege escalation issue exists
within the Amazon CloudWatch
NOT-FOR-US: Amazon CloudWatch Agent
CVE-2022-23510 (cube-js is a headless business intelligence platform. In
version 0.31. ...)
TODO: check
-CVE-2022-23509
- RESERVED
-CVE-2022-23508
- RESERVED
+CVE-2022-23509 (Weave GitOps is a simple open source developer platform for
people who ...)
+ TODO: check
+CVE-2022-23508 (Weave GitOps is a simple open source developer platform for
people who ...)
+ TODO: check
CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine
for Byzan ...)
TODO: check
CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery
platform ...)
@@ -80270,8 +80392,8 @@ CVE-2022-22472 (IBM Spectrum Protect Plus Container
Backup and Restore (10.1.5 t
NOT-FOR-US: IBM
CVE-2022-22471
RESERVED
-CVE-2022-22470
- RESERVED
+CVE-2022-22470 (IBM Security Verify Governance 10.0 stores user credentials in
plain c ...)
+ TODO: check
CVE-2022-22469
RESERVED
CVE-2022-22468
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20036c8d30f0e5779b38a0fb4c922d2188df95aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20036c8d30f0e5779b38a0fb4c922d2188df95aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
