Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4dba77d by security tracker role at 2023-01-27T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-24580
+ RESERVED
+CVE-2023-24579
+ RESERVED
+CVE-2023-24578
+ RESERVED
+CVE-2023-24577
+ RESERVED
+CVE-2023-24543
+ RESERVED
+CVE-2023-23908
+ RESERVED
+CVE-2023-23580
+ RESERVED
+CVE-2023-23577
+ RESERVED
+CVE-2023-23544
+ RESERVED
+CVE-2023-22841
+ RESERVED
+CVE-2023-22840
+ RESERVED
+CVE-2023-22655
+ RESERVED
+CVE-2023-22431
+ RESERVED
+CVE-2023-22311
+ RESERVED
+CVE-2023-0525
+ RESERVED
+CVE-2023-0524
+ RESERVED
+CVE-2023-0523
+ RESERVED
+CVE-2023-0522
+ RESERVED
+CVE-2023-0521
+ RESERVED
+CVE-2023-0520
+ RESERVED
+CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository
modoboa/modob ...)
+ TODO: check
+CVE-2023-0518
+ RESERVED
+CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the
X.509 cer ...)
+ TODO: check
+CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509
certificate ...)
+ TODO: check
CVE-2023-24576
RESERVED
CVE-2023-24575
@@ -72,8 +120,8 @@ CVE-2023-0514
RESERVED
CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to
4.0.1 a ...)
NOT-FOR-US: isoftforce Dreamer CMS
-CVE-2023-0512
- RESERVED
+CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
...)
+ TODO: check
CVE-2023-0511
RESERVED
CVE-2023-0510
@@ -104,8 +152,8 @@ CVE-2023-24472
RESERVED
CVE-2023-22845
RESERVED
-CVE-2023-0509
- RESERVED
+CVE-2023-0509 (Improper Certificate Validation in GitHub repository
pyload/pyload pri ...)
+ TODO: check
CVE-2023-0508
RESERVED
CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with
access to t ...)
@@ -214,8 +262,8 @@ CVE-2023-24497
RESERVED
CVE-2023-24496
RESERVED
-CVE-2023-0493
- RESERVED
+CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in
GitHub repos ...)
+ TODO: check
CVE-2023-0492
RESERVED
CVE-2023-0491
@@ -224,8 +272,8 @@ CVE-2023-0490
RESERVED
CVE-2023-0489
RESERVED
-CVE-2023-0488
- RESERVED
+CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository
pyload/pyload ...)
+ TODO: check
CVE-2023-0487
RESERVED
CVE-2023-0486
@@ -315,8 +363,8 @@ CVE-2023-0471 (Use after free in WebTransport in Google
Chrome prior to 109.0.54
{DSA-5328-1}
- chromium 109.0.5414.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0470
- RESERVED
+CVE-2023-0470 (Cross-site Scripting (XSS) - Stored in GitHub repository
modoboa/modob ...)
+ TODO: check
CVE-2023-0469 (A use-after-free flaw was found in io_uring/filetable.c in
io_install_ ...)
- linux 6.0.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -375,8 +423,8 @@ CVE-2023-22315
RESERVED
CVE-2023-0456
RESERVED
-CVE-2023-0455
- RESERVED
+CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub
repository u ...)
+ TODO: check
CVE-2023-0454
RESERVED
CVE-2023-0453
@@ -567,10 +615,10 @@ CVE-2023-22321
RESERVED
CVE-2023-22295
RESERVED
-CVE-2023-0452
- RESERVED
-CVE-2023-0451
- RESERVED
+CVE-2023-0452 (All versions of Econolite EOS traffic control software are
vulnerable ...)
+ TODO: check
+CVE-2023-0451 (All versions of Econolite EOS traffic control software are
vulnerable ...)
+ TODO: check
CVE-2023-0450
RESERVED
CVE-2023-0449
@@ -1225,8 +1273,8 @@ CVE-2023-24062
RESERVED
CVE-2023-24061
RESERVED
-CVE-2023-24060
- RESERVED
+CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via
the feed[u ...)
+ TODO: check
CVE-2023-0435 (Excessive Attack Surface in GitHub repository pyload/pyload
prior to 0 ...)
- pyload <itp> (bug #1001980)
CVE-2022-4895
@@ -5232,8 +5280,8 @@ CVE-2023-22741 (Sofia-SIP is an open-source SIP
User-Agent library, compliant wi
- sofia-sip <unfixed> (bug #1029654)
NOTE:
https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6
(v1.13.11)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
-CVE-2023-22740
- RESERVED
+CVE-2023-22740 (Discourse is an open source platform for community discussion.
Version ...)
+ TODO: check
CVE-2023-22739 (Discourse is an open source platform for community discussion.
Version ...)
NOT-FOR-US: Discourse
CVE-2023-22738
@@ -7307,8 +7355,7 @@ CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is
installed setuid root, and
NOTE: https://github.com/MaherAzzouzi/CVE-2022-47952
NOTE:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45
NOTE: Different issue than CVE-2018-6556
-CVE-2022-47951
- RESERVED
+CVE-2022-47951 (An issue was discovered in OpenStack Cinder before 19.1.2,
20.x before ...)
- nova 2:26.0.0-6 (bug #1029561)
- cinder 2:21.0.0-3 (bug #1029562)
- glance 2:25.0.0-2 (bug #1029563)
@@ -11500,10 +11547,10 @@ CVE-2022-46969
RESERVED
CVE-2022-46968
RESERVED
-CVE-2022-46967
- RESERVED
-CVE-2022-46966
- RESERVED
+CVE-2022-46967 (An access control issue in Revenue Collection System v1.0
allows unaut ...)
+ TODO: check
+CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-46965
RESERVED
CVE-2022-46964
@@ -15220,8 +15267,8 @@ CVE-2022-45772
RESERVED
CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows
attacker ...)
NOT-FOR-US: Pwndoc
-CVE-2022-45770
- RESERVED
+CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in
Adguard Fo ...)
+ TODO: check
CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3
v3.402 a ...)
NOT-FOR-US: ClicShopping_V3
CVE-2022-45768
@@ -20585,10 +20632,10 @@ CVE-2022-44266
RESERVED
CVE-2022-44265
RESERVED
-CVE-2022-44264
- RESERVED
-CVE-2022-44263
- RESERVED
+CVE-2022-44264 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted
Service Pa ...)
+ TODO: check
+CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect
Access Co ...)
+ TODO: check
CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
NOT-FOR-US: ff4j
CVE-2022-44261
@@ -27133,14 +27180,14 @@ CVE-2022-3431
RESERVED
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some
consumer Len ...)
NOT-FOR-US: Lenovo
-CVE-2022-42493
- RESERVED
-CVE-2022-42492
- RESERVED
-CVE-2022-42491
- RESERVED
-CVE-2022-42490
- RESERVED
+CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
+ TODO: check
+CVE-2022-42492 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
+ TODO: check
+CVE-2022-42491 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
+ TODO: check
+CVE-2022-42490 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
+ TODO: check
CVE-2022-42484
RESERVED
CVE-2022-42483
@@ -27174,8 +27221,8 @@ CVE-2022-41999 (A denial of service vulnerability
exists in the DDS native tile
- openimageio <unfixed> (bug #1027808)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
NOTE: https://github.com/OpenImageIO/oiio/pull/3625
-CVE-2022-41991
- RESERVED
+CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m
DELETE_FI ...)
+ TODO: check
CVE-2022-41988 (An information disclosure vulnerability exists in the
OpenImageIO::dec ...)
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
@@ -27191,10 +27238,10 @@ CVE-2022-41632
RESERVED
CVE-2022-41630
RESERVED
-CVE-2022-41154
- RESERVED
-CVE-2022-40222
- RESERVED
+CVE-2022-41154 (A directory traversal vulnerability exists in the m2m
DELETE_FILE cmd ...)
+ TODO: check
+CVE-2022-40222 (An OS command injection vulnerability exists in the m2m
DELETE_FILE cm ...)
+ TODO: check
CVE-2022-38451
RESERVED
CVE-2022-38091
@@ -30803,8 +30850,8 @@ CVE-2022-40704 (A XSS vulnerability was found in
phoromatic_r_add_test_details.p
- phoronix-test-suite <removed>
CVE-2022-40208
RESERVED
-CVE-2022-38066
- RESERVED
+CVE-2022-38066 (An OS command injection vulnerability exists in the httpd SNMP
functio ...)
+ TODO: check
CVE-2022-3253
RESERVED
CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO
Extras ...)
@@ -31043,98 +31090,98 @@ CVE-2022-41031 (Microsoft Word Remote Code Execution
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2022-41030
- RESERVED
-CVE-2022-41029
- RESERVED
-CVE-2022-41028
- RESERVED
-CVE-2022-41027
- RESERVED
-CVE-2022-41026
- RESERVED
-CVE-2022-41025
- RESERVED
-CVE-2022-41024
- RESERVED
-CVE-2022-41023
- RESERVED
-CVE-2022-41022
- RESERVED
-CVE-2022-41021
- RESERVED
-CVE-2022-41020
- RESERVED
-CVE-2022-41019
- RESERVED
-CVE-2022-41018
- RESERVED
-CVE-2022-41017
- RESERVED
-CVE-2022-41016
- RESERVED
-CVE-2022-41015
- RESERVED
-CVE-2022-41014
- RESERVED
-CVE-2022-41013
- RESERVED
-CVE-2022-41012
- RESERVED
-CVE-2022-41011
- RESERVED
-CVE-2022-41010
- RESERVED
-CVE-2022-41009
- RESERVED
-CVE-2022-41008
- RESERVED
-CVE-2022-41007
- RESERVED
-CVE-2022-41006
- RESERVED
-CVE-2022-41005
- RESERVED
-CVE-2022-41004
- RESERVED
-CVE-2022-41003
- RESERVED
-CVE-2022-41002
- RESERVED
-CVE-2022-41001
- RESERVED
-CVE-2022-41000
- RESERVED
-CVE-2022-40999
- RESERVED
-CVE-2022-40998
- RESERVED
-CVE-2022-40997
- RESERVED
-CVE-2022-40996
- RESERVED
-CVE-2022-40995
- RESERVED
-CVE-2022-40994
- RESERVED
-CVE-2022-40993
- RESERVED
-CVE-2022-40992
- RESERVED
-CVE-2022-40991
- RESERVED
-CVE-2022-40990
- RESERVED
-CVE-2022-40989
- RESERVED
-CVE-2022-40988
- RESERVED
-CVE-2022-40987
- RESERVED
-CVE-2022-40986
- RESERVED
-CVE-2022-40985
- RESERVED
+CVE-2022-41030 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41029 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41028 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41027 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41026 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41025 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41024 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41023 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41022 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41021 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41020 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41019 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41018 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41017 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41016 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41015 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41014 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41013 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41012 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41011 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41010 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41009 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41008 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41007 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41006 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41005 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41004 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41003 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41002 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41001 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-41000 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40999 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40998 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40997 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40996 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40995 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40994 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40993 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40992 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40991 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40990 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40989 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40988 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40987 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40986 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
+CVE-2022-40985 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
+ TODO: check
CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend
Micro M ...)
NOT-FOR-US: Trend Micro
CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables
of "pas ...)
@@ -31145,8 +31192,8 @@ CVE-2022-40977 (A path traversal vulnerability was
discovered in Pilz PASvisu Se
NOT-FOR-US: Pilz PASvisu Server
CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz
product ...)
NOT-FOR-US: Pilz
-CVE-2022-40969
- RESERVED
+CVE-2022-40969 (An os command injection vulnerability exists in the httpd
delfile.cgi ...)
+ TODO: check
CVE-2022-40962 (Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian
Hengst, And ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
@@ -31202,20 +31249,20 @@ CVE-2022-40955 (In versions of Apache InLong prior to
1.3.0, an attacker with su
NOT-FOR-US: Apache InLong
CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
NOT-FOR-US: Airflow Spark provider
-CVE-2022-40701
- RESERVED
-CVE-2022-40220
- RESERVED
-CVE-2022-39045
- RESERVED
-CVE-2022-38715
- RESERVED
-CVE-2022-38459
- RESERVED
-CVE-2022-38088
- RESERVED
-CVE-2022-36279
- RESERVED
+CVE-2022-40701 (A directory traversal vulnerability exists in the httpd
delfile.cgi fu ...)
+ TODO: check
+CVE-2022-40220 (An OS command injection vulnerability exists in the httpd
txt/restore. ...)
+ TODO: check
+CVE-2022-39045 (A file write vulnerability exists in the httpd upload.cgi
functionalit ...)
+ TODO: check
+CVE-2022-38715 (A leftover debug code vulnerability exists in the httpd
shell.cgi func ...)
+ TODO: check
+CVE-2022-38459 (A stack-based buffer overflow vulnerability exists in the
httpd downfi ...)
+ TODO: check
+CVE-2022-38088 (A directory traversal vulnerability exists in the httpd
downfile.cgi f ...)
+ TODO: check
+CVE-2022-36279 (A stack-based buffer overflow vulnerability exists in the
httpd delfil ...)
+ TODO: check
CVE-2022-3240 (The "Follow Me Plugin" plugin for WordPress is vulnerable to
Cross-Sit ...)
NOT-FOR-US: "Follow Me Plugin" plugin for WordPress
CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver
was found ...)
@@ -102184,10 +102231,10 @@ CVE-2021-41990 (The gmp plugin in strongSwan before
5.9.4 has a remote integer o
- strongswan 5.9.4-1
[stretch] - strongswan <not-affected> (The vulnerable code was
introduced later in version 5.6.1)
NOTE:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
-CVE-2021-41989
- RESERVED
-CVE-2021-41988
- RESERVED
+CVE-2021-41989 (Qlik QlikView through 12.60.20100.0 creates a Temporary File
in a Dire ...)
+ TODO: check
+CVE-2021-41988 (Qlik NPrinting Designer through 21.14.3.0 creates a Temporary
File in ...)
+ TODO: check
CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products,
an attack ...)
NOT-FOR-US: Mikrotik
CVE-2021-41986
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dba77d0f4e50a3fe71b178d4d9a1449fd37c81
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dba77d0f4e50a3fe71b178d4d9a1449fd37c81
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
