Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b53d87d by security tracker role at 2023-01-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-23588
+ RESERVED
+CVE-2023-23587
+ RESERVED
+CVE-2023-23586
+ RESERVED
+CVE-2023-0292
+ RESERVED
+CVE-2023-0291
+ RESERVED
+CVE-2023-0290
+ RESERVED
+CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository
craigk5n/webc ...)
+ TODO: check
+CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
+ TODO: check
+CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has
been rate ...)
+ TODO: check
+CVE-2023-0286
+ RESERVED
+CVE-2023-0285
+ RESERVED
+CVE-2023-0284
+ RESERVED
+CVE-2023-0283 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-0282
+ RESERVED
+CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight
Booking Mana ...)
+ TODO: check
+CVE-2023-0280
+ RESERVED
+CVE-2023-0279
+ RESERVED
+CVE-2023-0278
+ RESERVED
+CVE-2023-0277
+ RESERVED
+CVE-2023-0276
+ RESERVED
+CVE-2023-0275
+ RESERVED
+CVE-2023-0274
+ RESERVED
+CVE-2023-0273
+ RESERVED
+CVE-2023-0272
+ RESERVED
+CVE-2023-0271
+ RESERVED
+CVE-2023-0270
+ RESERVED
+CVE-2023-0269
+ RESERVED
+CVE-2023-0268
+ RESERVED
+CVE-2023-0267
+ RESERVED
+CVE-2022-4888
+ RESERVED
+CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
+ TODO: check
+CVE-2009-10002 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2009-10001 (A vulnerability classified as problematic was found in
jianlinwei cool ...)
+ TODO: check
CVE-2023-XXXX [tor TROVE-2022-02]
- tor 0.4.7.13-1
NOTE:
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
@@ -171,6 +237,7 @@ CVE-2023-22283
CVE-2023-22281
RESERVED
CVE-2023-0266 [ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF]
+ RESERVED
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1104,8 +1171,8 @@ CVE-2023-23089
RESERVED
CVE-2023-0222
RESERVED
-CVE-2023-0221
- RESERVED
+CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version
8.3.4 al ...)
+ TODO: check
CVE-2023-0220
RESERVED
CVE-2023-0219
@@ -1755,45 +1822,59 @@ CVE-2023-0143
CVE-2023-0142
RESERVED
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior
to 109. ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0140 (Inappropriate implementation in in File System API in Google
Chrome on ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0139 (Insufficient validation of untrusted input in Downloads in
Google Chro ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0138 (Heap buffer overflow in libphonenumber in Google Chrome prior
to 109.0 ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0137 (Heap buffer overflow in Platform Apps in Google Chrome on
Chrome OS pr ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0136 (Inappropriate implementation in in Fullscreen API in Google
Chrome on ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0135 (Use after free in Cart in Google Chrome prior to 109.0.5414.74
allowed ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0134 (Use after free in Cart in Google Chrome prior to 109.0.5414.74
allowed ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0133 (Inappropriate implementation in in Permission prompts in Google
Chrome ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0132 (Inappropriate implementation in in Permission prompts in Google
Chrome ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0131 (Inappropriate implementation in in iframe Sandbox in Google
Chrome pri ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0130 (Inappropriate implementation in in Fullscreen API in Google
Chrome on ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0129 (Heap buffer overflow in Network Service in Google Chrome prior
to 109. ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0128 (Use after free in Overview Mode in Google Chrome on Chrome OS
prior to ...)
+ {DSA-5317-1}
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0127
@@ -3299,18 +3380,18 @@ CVE-2023-22496
RESERVED
CVE-2023-22495
RESERVED
-CVE-2023-22494
- RESERVED
-CVE-2023-22493
- RESERVED
+CVE-2023-22494 (a12nserver is an open source lightweight OAuth2 server. Users
of a12ns ...)
+ TODO: check
+CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is
vulnerable to S ...)
+ TODO: check
CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens
is an OA ...)
NOT-FOR-US: ZITADEL
-CVE-2023-22491
- RESERVED
+CVE-2023-22491 (Gatsby is a free and open source framework based on React that
helps d ...)
+ TODO: check
CVE-2023-22490
RESERVED
-CVE-2023-22489
- RESERVED
+CVE-2023-22489 (Flarum is a discussion platform for websites. If the first
post of a d ...)
+ TODO: check
CVE-2023-22488 (Flarum is a forum software for building communities. Using the
notific ...)
TODO: check
CVE-2023-22487 (Flarum is a forum software for building communities. Using the
mention ...)
@@ -3682,10 +3763,10 @@ CVE-2022-48093
RESERVED
CVE-2022-48092
RESERVED
-CVE-2022-48091
- RESERVED
-CVE-2022-48090
- RESERVED
+CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2022-48090 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to
SQL Inject ...)
+ TODO: check
CVE-2022-48089
RESERVED
CVE-2022-48088
@@ -9230,7 +9311,7 @@ CVE-2022-4340 (The BookingPress WordPress plugin before
1.0.31 suffers from an I
CVE-2022-4339
REJECTED
CVE-2022-4338 (An integer underflow in Organization Specific TLV was found in
various ...)
- {DLA-3253-1}
+ {DSA-5319-1 DLA-3253-1}
- openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
NOTE:
https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
@@ -9238,7 +9319,7 @@ CVE-2022-4338 (An integer underflow in Organization
Specific TLV was found in va
NOTE: Introduced by:
https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8
(v2.4.0)
NOTE: Fixed by:
https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4
CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in
variou ...)
- {DLA-3253-1}
+ {DSA-5319-1 DLA-3253-1}
- openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
NOTE:
https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
@@ -16522,6 +16603,7 @@ CVE-2022-44643 (A vulnerability in the label-based
access control of Grafana Lab
CVE-2022-44642
RESERVED
CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before
2022.11, use ...)
+ {DSA-5318-1}
- lava <unfixed> (bug #1024429)
NOTE:
https://lists.lavasoftware.org/archives/list/[email protected]/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/
NOTE:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5
(2022.11)
@@ -20491,8 +20573,8 @@ CVE-2022-3695
RESERVED
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the
administrator toke ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3693
- RESERVED
+CVE-2022-3693 (The File Management System developed by FileOrbis before
version 10.6. ...)
+ TODO: check
CVE-2022-3692
REJECTED
CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before
1.7.5 dis ...)
@@ -93299,7 +93381,7 @@ CVE-2021-31559 (A crafted request bypasses S2S TCP
Token authentication writing
NOT-FOR-US: Splunk
CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's
implementation of DUO ...)
NOT-FOR-US: Splunk
-CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF
file us ...)
+CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF
or DWG ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43335
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53d87d09dd0d7ed48d3e2b7cdbeab119851acb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53d87d09dd0d7ed48d3e2b7cdbeab119851acb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
