Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7fb32a92 by security tracker role at 2023-01-17T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,155 @@
+CVE-2023-23698
+ RESERVED
+CVE-2023-23697
+ RESERVED
+CVE-2023-23696
+ RESERVED
+CVE-2023-23695
+ RESERVED
+CVE-2023-23694
+ RESERVED
+CVE-2023-23693
+ RESERVED
+CVE-2023-23692
+ RESERVED
+CVE-2023-23691
+ RESERVED
+CVE-2023-23690
+ RESERVED
+CVE-2023-23689
+ RESERVED
+CVE-2023-23688
+ RESERVED
+CVE-2023-23687
+ RESERVED
+CVE-2023-23686
+ RESERVED
+CVE-2023-23685
+ RESERVED
+CVE-2023-23684
+ RESERVED
+CVE-2023-23683
+ RESERVED
+CVE-2023-23682
+ RESERVED
+CVE-2023-23681
+ RESERVED
+CVE-2023-23680
+ RESERVED
+CVE-2023-23679
+ RESERVED
+CVE-2023-23678
+ RESERVED
+CVE-2023-23677
+ RESERVED
+CVE-2023-23676
+ RESERVED
+CVE-2023-23675
+ RESERVED
+CVE-2023-23674
+ RESERVED
+CVE-2023-23673
+ RESERVED
+CVE-2023-23672
+ RESERVED
+CVE-2023-23671
+ RESERVED
+CVE-2023-23670
+ RESERVED
+CVE-2023-23669
+ RESERVED
+CVE-2023-23668
+ RESERVED
+CVE-2023-23667
+ RESERVED
+CVE-2023-23666
+ RESERVED
+CVE-2023-23665
+ RESERVED
+CVE-2023-23664
+ RESERVED
+CVE-2023-23663
+ RESERVED
+CVE-2023-23662
+ RESERVED
+CVE-2023-23661
+ RESERVED
+CVE-2023-23660
+ RESERVED
+CVE-2023-23659
+ RESERVED
+CVE-2023-23658
+ RESERVED
+CVE-2023-23657
+ RESERVED
+CVE-2023-23656
+ RESERVED
+CVE-2023-23655
+ RESERVED
+CVE-2023-23654
+ RESERVED
+CVE-2023-23653
+ RESERVED
+CVE-2023-23652
+ RESERVED
+CVE-2023-23651
+ RESERVED
+CVE-2023-23650
+ RESERVED
+CVE-2023-23649
+ RESERVED
+CVE-2023-23648
+ RESERVED
+CVE-2023-23647
+ RESERVED
+CVE-2023-23646
+ RESERVED
+CVE-2023-23645
+ RESERVED
+CVE-2023-23644
+ RESERVED
+CVE-2023-23643
+ RESERVED
+CVE-2023-23642
+ RESERVED
+CVE-2023-23641
+ RESERVED
+CVE-2023-23640
+ RESERVED
+CVE-2023-23639
+ RESERVED
+CVE-2023-23638
+ RESERVED
+CVE-2023-0331
+ RESERVED
+CVE-2023-0330
+ RESERVED
+CVE-2023-0329
+ RESERVED
+CVE-2022-48261
+ RESERVED
+CVE-2020-36652
+ RESERVED
+CVE-2020-36651
+ RESERVED
+CVE-2018-25077
+ RESERVED
+CVE-2017-20171
+ RESERVED
+CVE-2015-10067
+ RESERVED
+CVE-2015-10066
+ RESERVED
+CVE-2015-10065
+ RESERVED
+CVE-2014-125082
+ RESERVED
+CVE-2014-125081
+ RESERVED
+CVE-2010-10007
+ RESERVED
+CVE-2010-10006
+ RESERVED
CVE-2023-23637
RESERVED
CVE-2023-23636
@@ -315,7 +467,7 @@ CVE-2023-0271
CVE-2023-0270
RESERVED
CVE-2023-0269
- RESERVED
+ REJECTED
CVE-2023-0268
RESERVED
CVE-2023-0267
@@ -8409,8 +8561,8 @@ CVE-2022-43493
RESERVED
CVE-2022-41834
RESERVED
-CVE-2020-36611
- RESERVED
+CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning
Manager ...)
+ TODO: check
CVE-2023-0011
RESERVED
CVE-2022-47193
@@ -13503,10 +13655,10 @@ CVE-2022-45442 (Sinatra is a domain-specific language
for creating web applicati
NOTE:
https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a
(v2.2.3)
CVE-2022-45441
RESERVED
-CVE-2022-45440
- RESERVED
-CVE-2022-45439
- RESERVED
+CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel
AX7501-B0 firmwa ...)
+ TODO: check
+CVE-2022-45439 (A pair of spare WiFi credentials is stored in the
configuration file o ...)
+ TODO: check
CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE
(disabled by ...)
NOT-FOR-US: Apache Superset
CVE-2022-45437
@@ -21587,8 +21739,8 @@ CVE-2022-43469
RESERVED
CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cust ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43462
- RESERVED
+CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP
Blacklist ...)
+ TODO: check
CVE-2022-43461
RESERVED
CVE-2022-43459
@@ -21633,8 +21785,8 @@ CVE-2022-42485
RESERVED
CVE-2022-42479
RESERVED
-CVE-2022-42462
- RESERVED
+CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel
Ahmed's ...)
+ TODO: check
CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google
Authenticat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42460 (Broken Access Control vulnerability leading to Stored
Cross-Site Scrip ...)
@@ -26941,8 +27093,8 @@ CVE-2022-3330 (It was possible for a guest user to read
a todo targeting an inac
- gitlab <unfixed>
CVE-2022-3329
RESERVED
-CVE-2022-30544
- RESERVED
+CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa's OSM –
OpenStreetMap ...)
+ TODO: check
CVE-2022-27628
RESERVED
CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mamm ...)
@@ -30190,13 +30342,13 @@ CVE-2022-40275
CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute
arbitrary ...)
NOT-FOR-US: Gridea
CVE-2022-40273
- RESERVED
+ REJECTED
CVE-2022-40272
- RESERVED
+ REJECTED
CVE-2022-40271
- RESERVED
+ REJECTED
CVE-2022-40270
- RESERVED
+ REJECTED
CVE-2022-40269
RESERVED
CVE-2022-40268
@@ -31349,7 +31501,7 @@ CVE-2022-39800 (SAP BusinessObjects BI LaunchPad -
versions 420, 430, is suscept
CVE-2022-39799 (An attacker with no prior authentication could craft and send
maliciou ...)
NOT-FOR-US: SAP
CVE-2022-3117
- RESERVED
+ REJECTED
CVE-2022-3116
RESERVED
CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6.
malidp_c ...)
@@ -32937,8 +33089,8 @@ CVE-2022-3089
RESERVED
CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100
System Imag ...)
NOT-FOR-US: Moxa
-CVE-2022-3087
- RESERVED
+CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and
prior are ...)
+ TODO: check
CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are
vulnerabl ...)
NOT-FOR-US: Moxa
CVE-2022-3085
@@ -38104,7 +38256,7 @@ CVE-2022-2639 (An integer coercion error was found in
the openvswitch kernel mod
NOTE:
https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4)
CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not
validate the ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Storage
Plug-i ...)
+CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi
Storag ...)
NOT-FOR-US: Hitachi
CVE-2022-2636 (Improper Input Validation in GitHub repository
hestiacp/hestiacp prior ...)
NOT-FOR-US: Hestia Control Panel
@@ -58068,19 +58220,19 @@ CVE-2021-46801
CVE-2021-46800
RESERVED
CVE-2021-46799
- RESERVED
+ REJECTED
CVE-2021-46798
RESERVED
CVE-2021-46797
RESERVED
CVE-2021-46796
- RESERVED
+ REJECTED
CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists
where an ...)
NOT-FOR-US: AMD
CVE-2021-46794
RESERVED
CVE-2021-46793
- RESERVED
+ REJECTED
CVE-2021-46792
RESERVED
CVE-2021-46791 (Insufficient input validation during parsing of the System
Management ...)
@@ -63726,7 +63878,7 @@ CVE-2021-46763
CVE-2021-46762
RESERVED
CVE-2021-46761
- RESERVED
+ REJECTED
CVE-2021-46760
RESERVED
CVE-2021-46759
@@ -65587,9 +65739,9 @@ CVE-2022-27678
CVE-2022-27677
RESERVED
CVE-2022-27676
- RESERVED
+ REJECTED
CVE-2022-27675
- RESERVED
+ REJECTED
CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in
AMD μ ...)
NOT-FOR-US: AMD
CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may
potential ...)
@@ -77696,7 +77848,7 @@ CVE-2022-23833 (An issue was discovered in
MultiPartParser in Django 2.2 before
NOTE:
https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
(3.2.12)
NOTE:
https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
(2.2.27)
CVE-2022-23832
- RESERVED
+ REJECTED
CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD
μProf ma ...)
NOT-FOR-US: AMD
CVE-2022-23830
@@ -77706,7 +77858,7 @@ CVE-2022-23829
CVE-2022-23828
RESERVED
CVE-2022-23827
- RESERVED
+ REJECTED
CVE-2022-23826
RESERVED
CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors
to predi ...)
@@ -77745,7 +77897,7 @@ CVE-2022-23818
CVE-2022-23817
RESERVED
CVE-2022-23816
- RESERVED
+ REJECTED
{DSA-5207-1 DSA-5184-1}
- linux 5.18.14-1
[buster] - linux <ignored> (New mitigations are too invasive to
backport)
@@ -139099,7 +139251,7 @@ CVE-2021-26407 (A randomly generated Initialization
Vector (IV) may lead to a co
CVE-2021-26406
RESERVED
CVE-2021-26405
- RESERVED
+ REJECTED
CVE-2021-26404 (Improper input validation and bounds checking in SEV firmware
may leak ...)
TODO: check
CVE-2021-26403 (Insufficient checks in SEV may lead to a malicious hypervisor
disclosi ...)
@@ -139116,7 +139268,7 @@ CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not
sufficiently mitigate CVE-2
CVE-2021-26400 (AMD processors may speculatively re-order load instructions
which can ...)
NOT-FOR-US: AMD
CVE-2021-26399
- RESERVED
+ REJECTED
CVE-2021-26398 (Insufficient input validation in SYS_KEY_DERIVE system call in
a compr ...)
TODO: check
CVE-2021-26397
@@ -139144,7 +139296,7 @@ CVE-2021-26387
CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an
attacker to i ...)
NOT-FOR-US: AMD
CVE-2021-26385
- RESERVED
+ REJECTED
CVE-2021-26384 (A malformed SMI (System Management Interface) command may
allow an att ...)
NOT-FOR-US: AMD
CVE-2021-26383
@@ -139166,7 +139318,7 @@ CVE-2021-26376 (Insufficient checks in System
Management Unit (SMU) FeatureConfi
CVE-2021-26375 (Insufficient General Purpose IO (GPIO) bounds check in System
Manageme ...)
NOT-FOR-US: AMD
CVE-2021-26374
- RESERVED
+ REJECTED
CVE-2021-26373 (Insufficient bound checks in the System Management Unit (SMU)
may resu ...)
NOT-FOR-US: AMD
CVE-2021-26372 (Insufficient bound checks related to PCIE in the System
Management Uni ...)
@@ -139198,9 +139350,9 @@ CVE-2021-26360 (An attacker with local access to the
system can make unauthorize
CVE-2021-26359
RESERVED
CVE-2021-26358
- RESERVED
+ REJECTED
CVE-2021-26357
- RESERVED
+ REJECTED
CVE-2021-26356
RESERVED
CVE-2021-26355 (Insufficient fencing and checks in System Management Unit
(SMU) may re ...)
@@ -139279,7 +139431,7 @@ CVE-2021-26321 (Insufficient ID command validation in
the SEV Firmware may allow
CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in
the SEND_S ...)
NOT-FOR-US: AMD
CVE-2021-26319
- RESERVED
+ REJECTED
CVE-2021-26318 (A timing and power-based side channel attack leveraging the
x86 PREFET ...)
NOT-FOR-US: AMD
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fb32a926c890e9969dbcdf4ec63420f428fb62d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fb32a926c890e9969dbcdf4ec63420f428fb62d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
