[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 16 Feb 2023 00:15:05 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e752857 by security tracker role at 2023-02-16T08:12:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2023-25909
+       RESERVED
+CVE-2023-25908
+       RESERVED
+CVE-2023-25907
+       RESERVED
+CVE-2023-25906
+       RESERVED
+CVE-2023-25905
+       RESERVED
+CVE-2023-25904
+       RESERVED
+CVE-2023-25903
+       RESERVED
+CVE-2023-25902
+       RESERVED
+CVE-2023-25901
+       RESERVED
+CVE-2023-25900
+       RESERVED
+CVE-2023-25899
+       RESERVED
+CVE-2023-25898
+       RESERVED
+CVE-2023-25897
+       RESERVED
+CVE-2023-25896
+       RESERVED
+CVE-2023-25895
+       RESERVED
+CVE-2023-25894
+       RESERVED
+CVE-2023-25893
+       RESERVED
+CVE-2023-25892
+       RESERVED
+CVE-2023-25891
+       RESERVED
+CVE-2023-25890
+       RESERVED
+CVE-2023-25889
+       RESERVED
+CVE-2023-25888
+       RESERVED
+CVE-2023-25887
+       RESERVED
+CVE-2023-25886
+       RESERVED
+CVE-2023-25885
+       RESERVED
+CVE-2023-25884
+       RESERVED
+CVE-2023-25883
+       RESERVED
+CVE-2023-25882
+       RESERVED
+CVE-2023-25881
+       RESERVED
+CVE-2023-25880
+       RESERVED
+CVE-2023-25879
+       RESERVED
+CVE-2023-25878
+       RESERVED
+CVE-2023-25877
+       RESERVED
+CVE-2023-25876
+       RESERVED
+CVE-2023-25875
+       RESERVED
+CVE-2023-25874
+       RESERVED
+CVE-2023-25873
+       RESERVED
+CVE-2023-25872
+       RESERVED
+CVE-2023-25871
+       RESERVED
+CVE-2023-25870
+       RESERVED
+CVE-2023-25869
+       RESERVED
+CVE-2023-25868
+       RESERVED
+CVE-2023-25867
+       RESERVED
+CVE-2023-25866
+       RESERVED
+CVE-2023-25865
+       RESERVED
+CVE-2023-25864
+       RESERVED
+CVE-2023-25863
+       RESERVED
+CVE-2023-25862
+       RESERVED
+CVE-2023-25861
+       RESERVED
+CVE-2023-25860
+       RESERVED
+CVE-2023-25859
+       RESERVED
+CVE-2023-0850 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and 
classifie ...)
+       TODO: check
+CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 
and clas ...)
+       TODO: check
+CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It 
has been  ...)
+       TODO: check
+CVE-2023-0847
+       RESERVED
 CVE-2023-25858
        RESERVED
 CVE-2023-25857
@@ -287,6 +397,7 @@ CVE-2023-25747
        RESERVED
 CVE-2023-25746
        RESERVED
+       {DSA-5350-1}
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
 CVE-2023-25745
@@ -295,6 +406,7 @@ CVE-2023-25745
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
 CVE-2023-25744
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744
@@ -307,6 +419,7 @@ CVE-2023-25743
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
 CVE-2023-25742
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742
@@ -321,6 +434,7 @@ CVE-2023-25740
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
 CVE-2023-25739
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739
@@ -333,6 +447,7 @@ CVE-2023-25738
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738
 CVE-2023-25737
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25737
@@ -343,6 +458,7 @@ CVE-2023-25736
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
 CVE-2023-25735
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25735
@@ -359,6 +475,7 @@ CVE-2023-25733
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
 CVE-2023-25732
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25732
@@ -369,18 +486,21 @@ CVE-2023-25731
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
 CVE-2023-25730
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730
 CVE-2023-25729
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25729
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729
 CVE-2023-25728
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - firefox-esr 102.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728
@@ -822,6 +942,7 @@ CVE-2023-25613
        RESERVED
 CVE-2023-0767
        RESERVED
+       {DSA-5350-1}
        - firefox 110.0-1
        - nss 2:3.87.1-1
        - firefox-esr 102.8.0esr-1
@@ -2087,8 +2208,7 @@ CVE-2023-25141 (Apache Sling JCR Base &lt; 3.1.12 has a 
critical injection vulne
        NOT-FOR-US: Apache sling-org-apache-sling-jcr-base
 CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All 
versions & ...)
        NOT-FOR-US: Siemens
-CVE-2023-0662 [PHP: DOS vulnerability when parsing multipart request body]
-       RESERVED
+CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X 
before 8.2.3 ...)
        - php8.2 <unfixed> (bug #1031368)
        - php7.4 <removed>
        - php7.3 <removed>
@@ -3411,15 +3531,13 @@ CVE-2023-0570 (A vulnerability, which was classified as 
critical, was found in S
        NOT-FOR-US: SourceCodester Online Tours & Travels Management System
 CVE-2023-0569 (Weak Password Requirements in GitHub repository publify/publify 
prior  ...)
        NOT-FOR-US: Publify
-CVE-2023-0568 [PHP: 1-byte array overrun in common path resolve code]
-       RESERVED
+CVE-2023-0568 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X 
before 8.2.3 ...)
        - php8.2 <unfixed> (bug #1031368)
        - php7.4 <removed>
        - php7.3 <removed>
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81746
        NOTE: Fixed in: 8.2.3
-CVE-2023-0567 [PHP: Password_verify() always return true with some hash]
-       RESERVED
+CVE-2023-0567 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X 
before 8.2.3 ...)
        - php8.2 <unfixed> (bug #1031368)
        - php7.4 <removed>
        - php7.3 <removed>
@@ -8644,8 +8762,8 @@ CVE-2014-125066 (A vulnerability was found in emmflo 
yuko-bot. It has been decla
        NOT-FOR-US: emmflo yuko-bot
 CVE-2007-10002 (A vulnerability, which was classified as critical, has been 
found in w ...)
        NOT-FOR-US: web-cyradm
-CVE-2023-22855
-       RESERVED
+CVE-2023-22855 (Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code 
executio ...)
+       TODO: check
 CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server 
9.2.2.0 ...)
        NOT-FOR-US: Mitel
 CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, 
allows lib/s ...)
@@ -19513,14 +19631,14 @@ CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File 
Upload vulnerability. ...)
        NOT-FOR-US: AyaCMS
 CVE-2022-45547
        RESERVED
-CVE-2022-45546
-       RESERVED
+CVE-2022-45546 (Information Disclosure in Authentication Component of 
ScreenCheck Badg ...)
+       TODO: check
 CVE-2022-45545
        RESERVED
 CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 
2.2.7-2 ...)
        NOT-FOR-US: Schlix Web Inc SCHLIX CMS
-CVE-2022-45543
-       RESERVED
+CVE-2022-45543 (Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows 
attacke ...)
+       TODO: check
 CVE-2022-45542 (EyouCMS &lt;= 1.6.0 was discovered a reflected-XSS in the 
FileManager  ...)
        NOT-FOR-US: EyouCMS
 CVE-2022-45541 (EyouCMS &lt;= 1.6.0 was discovered a reflected-XSS in the 
article attr ...)
@@ -31173,8 +31291,8 @@ CVE-2022-42457 (Generex CS141 through 2.10 allows 
remote command execution by ad
        NOT-FOR-US: Generex CS141
 CVE-2022-42456
        RESERVED
-CVE-2022-42455
-       RESERVED
+CVE-2022-42455 (ASUS EC Tool driver (aka d.sys) 
1beb15c90dcf7a5234ed077833a0a3e900969b ...)
+       TODO: check
 CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to 
man-in-t ...)
        NOT-FOR-US: HCL
 CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a 
user. T ...)
@@ -37464,8 +37582,8 @@ CVE-2022-40018
        RESERVED
 CVE-2022-40017
        RESERVED
-CVE-2022-40016
-       RESERVED
+CVE-2022-40016 (Use After Free (UAF) vulnerability in ireader media-server 
before comm ...)
+       TODO: check
 CVE-2022-40015
        RESERVED
 CVE-2022-40014
@@ -40213,8 +40331,8 @@ CVE-2022-38937
        RESERVED
 CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue 
detecte ...)
        NOT-FOR-US: PBC
-CVE-2022-38935
-       RESERVED
+CVE-2022-38935 (An issue was discovered in NiterForum version 2.5.0-beta in 
/src/main/ ...)
+       TODO: check
 CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read 
vulnerabiliti ...)
        NOT-FOR-US: readelf in ToaruOS
 CVE-2022-38933
@@ -40347,10 +40465,10 @@ CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to 
Information disclosure. ...)
        NOT-FOR-US: free5GC
 CVE-2022-38869
        RESERVED
-CVE-2022-38868
-       RESERVED
-CVE-2022-38867
-       RESERVED
+CVE-2022-38868 (SQL Injection vulnerability in Ehoney version 2.0.0 in 
models/protocol ...)
+       TODO: check
+CVE-2022-38867 (SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, 
and 4.0.2  ...)
+       TODO: check
 CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
        {DLA-3255-1}
        - mplayer 2:1.5+svn38408-1 (unimportant)
@@ -115676,8 +115794,8 @@ CVE-2021-38241 (Deserialization issue discovered in 
Ruoyi before 4.6.1 allows re
        TODO: check
 CVE-2021-38240
        RESERVED
-CVE-2021-38239
-       RESERVED
+CVE-2021-38239 (SQL Injection vulnerability in dataease before 1.2.0, allows 
attackers ...)
+       TODO: check
 CVE-2021-38238
        RESERVED
 CVE-2021-38237
@@ -125814,8 +125932,8 @@ CVE-2021-34119
        RESERVED
 CVE-2021-34118
        RESERVED
-CVE-2021-34117
-       RESERVED
+CVE-2021-34117 (SQL Injection vulnerability in SEO Panel 4.9.0 in 
api/user.api.php in  ...)
+       TODO: check
 CVE-2021-34116
        RESERVED
 CVE-2021-34115
@@ -126222,8 +126340,8 @@ CVE-2021-33927
        RESERVED
 CVE-2021-33926
        RESERVED
-CVE-2021-33925
-       RESERVED
+CVE-2021-33925 (SQL Injection vulnerability in nitinparashar30 cms-corephp 
through com ...)
+       TODO: check
 CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 
6.0.0 i ...)
        NOT-FOR-US: Confluent Ansible
 CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 
5.5.1, 5 ...)
@@ -127684,8 +127802,8 @@ CVE-2021-33398
        RESERVED
 CVE-2021-33397
        RESERVED
-CVE-2021-33396
-       RESERVED
+CVE-2021-33396 (Cross Site Request Forgery (CSRF) vulnerability in baijiacms 
4.1.4, al ...)
+       TODO: check
 CVE-2021-33395
        RESERVED
 CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does 
not gener ...)
@@ -127900,8 +128018,8 @@ CVE-2021-33306
        RESERVED
 CVE-2021-33305
        RESERVED
-CVE-2021-33304
-       RESERVED
+CVE-2021-33304 (Double Free vulnerability in virtualsquare picoTCP v1.7.0 and 
picoTCP- ...)
+       TODO: check
 CVE-2021-33303
        RESERVED
 CVE-2021-33302
@@ -189837,10 +189955,10 @@ CVE-2020-21122 (UReport v2.2.9 contains a 
Server-Side Request Forgery (SSRF) in
        NOT-FOR-US: UReport
 CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection 
vulnerability via  ...)
        NOT-FOR-US: Pligg CMS
-CVE-2020-21120
-       RESERVED
-CVE-2020-21119
-       RESERVED
+CVE-2020-21120 (SQL Injection vulnerability in file 
home\controls\cart.class.php in UQ ...)
+       TODO: check
+CVE-2020-21119 (SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in 
admin/admin_update_ ...)
+       TODO: check
 CVE-2020-21118
        RESERVED
 CVE-2020-21117
@@ -192527,8 +192645,8 @@ CVE-2020-19827
        RESERVED
 CVE-2020-19826
        RESERVED
-CVE-2020-19825
-       RESERVED
+CVE-2020-19825 (Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 
1.30.0 i ...)
+       TODO: check
 CVE-2020-19824
        RESERVED
 CVE-2020-19823



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e75285725cdfeee5b9ff83c3673b9d96f78d631

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e75285725cdfeee5b9ff83c3673b9d96f78d631
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to