Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
32770945 by security tracker role at 2023-01-20T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2023-23969
+ RESERVED
+CVE-2023-23968
+ RESERVED
+CVE-2023-23967
+ RESERVED
+CVE-2023-23966
+ RESERVED
+CVE-2023-23965
+ RESERVED
+CVE-2023-23964
+ RESERVED
+CVE-2023-23963
+ RESERVED
+CVE-2023-23962
+ RESERVED
+CVE-2023-23961
+ RESERVED
+CVE-2023-23960
+ RESERVED
+CVE-2023-23959
+ RESERVED
+CVE-2023-23958
+ RESERVED
+CVE-2023-23957
+ RESERVED
+CVE-2023-23956
+ RESERVED
+CVE-2023-23955
+ RESERVED
+CVE-2023-23954
+ RESERVED
+CVE-2023-23953
+ RESERVED
+CVE-2023-23952
+ RESERVED
+CVE-2023-23951
+ RESERVED
+CVE-2023-23950
+ RESERVED
+CVE-2023-23949
+ RESERVED
+CVE-2023-23948
+ RESERVED
+CVE-2023-23947
+ RESERVED
+CVE-2023-23946
+ RESERVED
+CVE-2023-23945
+ RESERVED
+CVE-2023-23944
+ RESERVED
+CVE-2023-23943
+ RESERVED
+CVE-2023-23942
+ RESERVED
+CVE-2023-23941
+ RESERVED
+CVE-2023-23940
+ RESERVED
+CVE-2023-23939
+ RESERVED
+CVE-2023-23938
+ RESERVED
+CVE-2023-23937
+ RESERVED
+CVE-2023-23936
+ RESERVED
+CVE-2023-23935
+ RESERVED
+CVE-2023-23934
+ RESERVED
+CVE-2023-23933
+ RESERVED
+CVE-2023-23932
+ RESERVED
+CVE-2023-23931
+ RESERVED
+CVE-2023-23930
+ RESERVED
+CVE-2023-23929
+ RESERVED
+CVE-2023-23928
+ RESERVED
+CVE-2023-23927
+ RESERVED
+CVE-2023-23926
+ RESERVED
+CVE-2023-23925
+ RESERVED
+CVE-2023-23924
+ RESERVED
+CVE-2023-23923
+ RESERVED
+CVE-2023-23922
+ RESERVED
+CVE-2023-23921
+ RESERVED
+CVE-2023-0417
+ RESERVED
+CVE-2023-0416
+ RESERVED
+CVE-2023-0415
+ RESERVED
+CVE-2023-0414
+ RESERVED
+CVE-2023-0413
+ RESERVED
+CVE-2023-0412
+ RESERVED
+CVE-2023-0411
+ RESERVED
+CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository
builderio/qw ...)
+ TODO: check
+CVE-2023-0409
+ RESERVED
+CVE-2023-0408
+ RESERVED
+CVE-2023-0407
+ RESERVED
CVE-2023-23920
RESERVED
CVE-2023-23919
@@ -1045,8 +1165,8 @@ CVE-2013-10012 (A vulnerability, which was classified as
critical, was found in
NOT-FOR-US: antonbolling clan7ups
CVE-2010-10005 (A vulnerability was found in msmania poodim. It has been
declared as c ...)
NOT-FOR-US: msmania poodim
-CVE-2023-23596
- RESERVED
+CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command
injection. W ...)
+ TODO: check
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that
exfiltr ...)
NOT-FOR-US: BlueCat Device Registration Portal
CVE-2023-23594
@@ -3014,8 +3134,8 @@ CVE-2023-0128 (Use after free in Overview Mode in Google
Chrome on Chrome OS pri
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0127
RESERVED
-CVE-2023-0126
- RESERVED
+CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000
firmware ve ...)
+ TODO: check
CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been
declared as ...)
NOT-FOR-US: Control iD Panel
CVE-2023-0124
@@ -3556,16 +3676,16 @@ CVE-2023-22747
RESERVED
CVE-2023-22746
RESERVED
-CVE-2023-22745
- RESERVED
+CVE-2023-22745 (tpm2-tss is an open source software implementation of the
Trusted Comp ...)
+ TODO: check
CVE-2023-22744
RESERVED
CVE-2023-22743
RESERVED
CVE-2023-22742
RESERVED
-CVE-2023-22741
- RESERVED
+CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
+ TODO: check
CVE-2023-22740
RESERVED
CVE-2023-22739
@@ -6106,14 +6226,14 @@ CVE-2023-22381
RESERVED
CVE-2023-22380
RESERVED
-CVE-2023-22373
- RESERVED
-CVE-2023-22339
- RESERVED
-CVE-2023-22334
- RESERVED
-CVE-2023-22331
- RESERVED
+CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System
(CHS) Ver.3 ...)
+ TODO: check
+CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System
(CHS) Ve ...)
+ TODO: check
+CVE-2023-22334 (Use of password hash instead of password for authentication
vulnerabil ...)
+ TODO: check
+CVE-2023-22331 (Use of default credentials vulnerability in CONPROSYS HMI
System (CHS) ...)
+ TODO: check
CVE-2023-0020
RESERVED
CVE-2023-0019
@@ -11287,8 +11407,8 @@ CVE-2022-46478 (The RPC interface in datax-web v1.0.0
and v2.0.0 to v2.1.2 conta
NOT-FOR-US: datax-web
CVE-2022-46477
RESERVED
-CVE-2022-46476
- RESERVED
+CVE-2022-46476 (D-Link DIR-859 A1 1.05 was discovered to contain a command
injection v ...)
+ TODO: check
CVE-2022-46475 (D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a
stack over ...)
NOT-FOR-US: D-Link
CVE-2022-46474
@@ -17818,7 +17938,7 @@ CVE-2022-44643 (A vulnerability in the label-based
access control of Grafana Lab
CVE-2022-44642
RESERVED
CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before
2022.11, use ...)
- {DSA-5318-1}
+ {DSA-5318-1 DLA-3276-1}
- lava 2023.01-1 (bug #1024429)
NOTE:
https://lists.lavasoftware.org/archives/list/[email protected]/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/
NOTE:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5
(2022.11)
@@ -21162,10 +21282,10 @@ CVE-2023-20060
RESERVED
CVE-2023-20059
RESERVED
-CVE-2023-20058
- RESERVED
-CVE-2023-20057
- RESERVED
+CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco
AsyncOS Softwa ...)
+ TODO: check
CVE-2023-20056
RESERVED
CVE-2023-20055
@@ -21184,28 +21304,28 @@ CVE-2023-20049
RESERVED
CVE-2023-20048
RESERVED
-CVE-2023-20047
- RESERVED
+CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature of ...)
+ TODO: check
CVE-2023-20046
RESERVED
-CVE-2023-20045
- RESERVED
-CVE-2023-20044
- RESERVED
-CVE-2023-20043
- RESERVED
+CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an
authenticate ...)
+ TODO: check
+CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an
authenticate ...)
+ TODO: check
CVE-2023-20042
RESERVED
CVE-2023-20041
RESERVED
-CVE-2023-20040
- RESERVED
+CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network
Services Orche ...)
+ TODO: check
CVE-2023-20039
RESERVED
-CVE-2023-20038
- RESERVED
-CVE-2023-20037
- RESERVED
+CVE-2023-20038 (A vulnerability in the monitoring application of Cisco
Industrial Netw ...)
+ TODO: check
+CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could
allow an au ...)
+ TODO: check
CVE-2023-20036
RESERVED
CVE-2023-20035
@@ -21226,10 +21346,10 @@ CVE-2023-20028
RESERVED
CVE-2023-20027
RESERVED
-CVE-2023-20026
- RESERVED
-CVE-2023-20025
- RESERVED
+CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
CVE-2023-20024
RESERVED
CVE-2023-20023
@@ -21238,12 +21358,12 @@ CVE-2023-20022
RESERVED
CVE-2023-20021
RESERVED
-CVE-2023-20020
- RESERVED
-CVE-2023-20019
- RESERVED
-CVE-2023-20018
- RESERVED
+CVE-2023-20020 (A vulnerability in the Device Management Servlet application
of Cisco ...)
+ TODO: check
+CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
+ TODO: check
+CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
+ TODO: check
CVE-2023-20017
RESERVED
CVE-2023-20016
@@ -21258,14 +21378,14 @@ CVE-2023-20012
RESERVED
CVE-2023-20011
RESERVED
-CVE-2023-20010
- RESERVED
+CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
CVE-2023-20009
RESERVED
-CVE-2023-20008
- RESERVED
-CVE-2023-20007
- RESERVED
+CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS
Softwar ...)
+ TODO: check
+CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
CVE-2023-20006
RESERVED
CVE-2023-20005
@@ -21274,8 +21394,8 @@ CVE-2023-20004
RESERVED
CVE-2023-20003
RESERVED
-CVE-2023-20002
- RESERVED
+CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software
could all ...)
+ TODO: check
CVE-2023-20001
RESERVED
CVE-2023-0010
@@ -21760,7 +21880,7 @@ CVE-2022-3705 (A vulnerability was found in vim and
classified as problematic. A
- vim 2:9.0.0813-1 (unimportant)
NOTE:
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731
(v9.0.0805)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-3704 (A vulnerability classified as problematic has been found in
Ruby on Ra ...)
+CVE-2022-3704 (** DISPUTED ** A vulnerability classified as problematic has
been foun ...)
- rails <unfixed> (bug #1024274)
NOTE:
https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4
NOTE: https://github.com/rails/rails/issues/46244
@@ -53765,8 +53885,8 @@ CVE-2022-31903
RESERVED
CVE-2022-31902
RESERVED
-CVE-2022-31901
- RESERVED
+CVE-2022-31901 (Buffer overflow in function Notepad_plus::addHotSpot in
Notepad++ v8.4 ...)
+ TODO: check
CVE-2022-31900
RESERVED
CVE-2022-31899
@@ -95178,14 +95298,14 @@ CVE-2022-20969 (A vulnerability in multiple
management dashboard pages of Cisco
NOT-FOR-US: Cisco
CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing
feature of ...)
NOT-FOR-US: Cisco
-CVE-2022-20967
- RESERVED
-CVE-2022-20966
- RESERVED
-CVE-2022-20965
- RESERVED
-CVE-2022-20964
- RESERVED
+CVE-2022-20967 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2022-20966 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2022-20965 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2022-20964 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco
Identity ...)
@@ -96225,7 +96345,7 @@ CVE-2021-43114 (FORT Validator versions prior to 1.5.2
will crash if an RPKI CA
{DSA-5033-1}
- fort-validator 1.5.2-1
CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection
via a Co ...)
- {DLA-3273-1}
+ {DSA-5323-1 DLA-3273-1}
- libitext5-java 5.5.13.3-1 (bug #1014597)
NOTE:
https://github.com/itext/itextpdf/commit/ce8bbacd631e13717a91f02e9cbd9814b9dc2cca
(5.5.13.3)
CVE-2021-43112
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/327709452e860dfef01c0c1afb9824f0d2d17835
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/327709452e860dfef01c0c1afb9824f0d2d17835
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
