Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ec08178 by security tracker role at 2023-02-16T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-25932
+ RESERVED
+CVE-2023-25931
+ RESERVED
+CVE-2023-25930
+ RESERVED
+CVE-2023-25929
+ RESERVED
+CVE-2023-25928
+ RESERVED
+CVE-2023-25927
+ RESERVED
+CVE-2023-25926
+ RESERVED
+CVE-2023-25925
+ RESERVED
+CVE-2023-25924
+ RESERVED
+CVE-2023-25923
+ RESERVED
+CVE-2023-25922
+ RESERVED
+CVE-2023-25921
+ RESERVED
+CVE-2023-25920
+ RESERVED
+CVE-2023-25919
+ RESERVED
+CVE-2023-25918
+ RESERVED
+CVE-2023-25917
+ RESERVED
+CVE-2023-25916
+ RESERVED
+CVE-2023-25915
+ RESERVED
+CVE-2023-25914
+ RESERVED
+CVE-2023-25913
+ RESERVED
+CVE-2023-25912
+ RESERVED
+CVE-2023-25911
+ RESERVED
+CVE-2023-25910
+ RESERVED
+CVE-2023-0872
+ RESERVED
+CVE-2023-0871
+ RESERVED
+CVE-2023-0870
+ RESERVED
+CVE-2023-0869
+ RESERVED
+CVE-2023-0868
+ RESERVED
+CVE-2023-0867
+ RESERVED
+CVE-2023-0866
+ RESERVED
+CVE-2023-0865
+ RESERVED
+CVE-2023-0864
+ RESERVED
+CVE-2023-0863
+ RESERVED
+CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable
to path ...)
+ TODO: check
+CVE-2023-0861 (NetModule NSRW web administration interface executes an OS
command con ...)
+ TODO: check
+CVE-2023-0860 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
+ TODO: check
+CVE-2023-0859
+ RESERVED
+CVE-2023-0858
+ RESERVED
+CVE-2023-0857
+ RESERVED
+CVE-2023-0856
+ RESERVED
+CVE-2023-0855
+ RESERVED
+CVE-2023-0854
+ RESERVED
+CVE-2023-0853
+ RESERVED
+CVE-2023-0852
+ RESERVED
+CVE-2023-0851
+ RESERVED
+CVE-2022-48327
+ RESERVED
+CVE-2022-48326
+ RESERVED
+CVE-2022-48325
+ RESERVED
+CVE-2022-48324
+ RESERVED
+CVE-2021-46874
+ RESERVED
CVE-2023-25909
RESERVED
CVE-2023-25908
@@ -397,7 +497,7 @@ CVE-2023-25747
RESERVED
CVE-2023-25746
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
CVE-2023-25745
@@ -406,7 +506,7 @@ CVE-2023-25745
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
CVE-2023-25744
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744
@@ -419,7 +519,7 @@ CVE-2023-25743
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
CVE-2023-25742
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742
@@ -434,7 +534,7 @@ CVE-2023-25740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
CVE-2023-25739
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739
@@ -447,7 +547,7 @@ CVE-2023-25738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738
CVE-2023-25737
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25737
@@ -458,7 +558,7 @@ CVE-2023-25736
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25735
@@ -475,7 +575,7 @@ CVE-2023-25733
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25732
@@ -486,21 +586,21 @@ CVE-2023-25731
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
CVE-2023-25730
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730
CVE-2023-25729
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25729
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729
CVE-2023-25728
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728
@@ -847,8 +947,8 @@ CVE-2023-25655
RESERVED
CVE-2023-25654
RESERVED
-CVE-2023-25653
- RESERVED
+CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object
Signing an ...)
+ TODO: check
CVE-2023-25652
RESERVED
CVE-2023-25651
@@ -942,7 +1042,7 @@ CVE-2023-25613
RESERVED
CVE-2023-0767
RESERVED
- {DSA-5350-1}
+ {DSA-5350-1 DLA-3319-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -1013,8 +1113,8 @@ CVE-2023-25604
RESERVED
CVE-2023-25603
RESERVED
-CVE-2023-25602
- RESERVED
+CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all
versions, F ...)
+ TODO: check
CVE-2023-25601
RESERVED
CVE-2023-0753
@@ -2140,8 +2240,7 @@ CVE-2023-0663 (A vulnerability was found in Calendar
Event Management System 2.3
NOT-FOR-US: Calendar Event Management System
CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP
Deskjet ...)
NOT-FOR-US: HP
-CVE-2023-25173
- RESERVED
+CVE-2023-25173 (containerd is an open source container runtime. A bug was
found in con ...)
- containerd 1.6.18+ds1-1
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
CVE-2023-25172
@@ -2182,8 +2281,7 @@ CVE-2023-25155
RESERVED
CVE-2023-25154
RESERVED
-CVE-2023-25153
- RESERVED
+CVE-2023-25153 (containerd is an open source container runtime. Before
versions 1.6.18 ...)
- containerd 1.6.18+ds1-1
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions
are sub ...)
@@ -2356,12 +2454,12 @@ CVE-2023-22653
RESERVED
CVE-2023-0658 (A vulnerability, which was classified as critical, was found in
Multil ...)
NOT-FOR-US: Multilaser RE057 and RE170
-CVE-2022-48308
- RESERVED
-CVE-2022-48307
- RESERVED
-CVE-2022-48306
- RESERVED
+CVE-2022-48308 (It was discovered that the sls-logging was not verifying
hostnames in ...)
+ TODO: check
+CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying
hostnames in ...)
+ TODO: check
+CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
+ TODO: check
CVE-2019-25101 (A vulnerability classified as critical has been found in
OnShift Turbo ...)
NOT-FOR-US: OnShift TurboGears
CVE-2018-25080 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -3086,8 +3184,8 @@ CVE-2023-24809
RESERVED
CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In
versions pr ...)
TODO: check, might affect src:ippsample
-CVE-2023-24807
- RESERVED
+CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version
5.19.1, the ...)
+ TODO: check
CVE-2023-24806
REJECTED
CVE-2023-24805
@@ -4054,12 +4152,12 @@ CVE-2023-24487
RESERVED
CVE-2023-24486
RESERVED
-CVE-2023-24485
- RESERVED
-CVE-2023-24484
- RESERVED
-CVE-2023-24483
- RESERVED
+CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow
a stand ...)
+ TODO: check
+CVE-2023-24484 (A malicious user can cause log files to be written to a
directory that ...)
+ TODO: check
+CVE-2023-24483 (A vulnerability has been identified that, if exploited, could
result i ...)
+ TODO: check
CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All
versions), COM ...)
NOT-FOR-US: Siemens
CVE-2023-24477
@@ -4084,8 +4182,8 @@ CVE-2023-0477
RESERVED
CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to
improper va ...)
NOT-FOR-US: Tenable
-CVE-2023-0475
- RESERVED
+CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to
decompressi ...)
+ TODO: check
CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to
109.0.5414.119 a ...)
{DSA-5328-1}
- chromium 109.0.5414.119-1
@@ -4657,12 +4755,12 @@ CVE-2023-24240
RESERVED
CVE-2023-24239
RESERVED
-CVE-2023-24238
- RESERVED
+CVE-2023-24238 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to
contain a co ...)
+ TODO: check
CVE-2023-24237
RESERVED
-CVE-2023-24236
- RESERVED
+CVE-2023-24236 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to
contain a co ...)
+ TODO: check
CVE-2023-24235
RESERVED
CVE-2023-24234 (A stored cross-site scripting (XSS) vulnerability in the
component php ...)
@@ -5371,8 +5469,8 @@ CVE-2023-23949 (An authenticated user can supply
malicious HTML and JavaScript c
NOT-FOR-US: Symantec
CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access,
share, and e ...)
NOT-FOR-US: ownCloud Android app
-CVE-2023-23947
- RESERVED
+CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
CVE-2023-23946 (Git, a revision control system, is vulnerable to path
traversal prior ...)
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
@@ -5400,8 +5498,8 @@ CVE-2023-23938
RESERVED
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management
Platform: P ...)
NOT-FOR-US: Pimcore
-CVE-2023-23936
- RESERVED
+CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with
version 2.0.0 ...)
+ TODO: check
CVE-2023-23935
RESERVED
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library.
Browsers may ...)
@@ -5425,8 +5523,8 @@ CVE-2023-23928 (reason-jose is a JOSE implementation in
ReasonML and OCaml.`Jose
NOT-FOR-US: reason-jose
CVE-2023-23927
RESERVED
-CVE-2023-23926
- RESERVED
+CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for
Neo4j. An ...)
+ TODO: check
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API
which is ...)
NOT-FOR-US: Switcher
CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on
dompdf 2.0.1 ...)
@@ -5776,20 +5874,20 @@ CVE-2023-23786
RESERVED
CVE-2023-23785
RESERVED
-CVE-2023-23784
- RESERVED
-CVE-2023-23783
- RESERVED
-CVE-2023-23782
- RESERVED
-CVE-2023-23781
- RESERVED
-CVE-2023-23780
- RESERVED
-CVE-2023-23779
- RESERVED
-CVE-2023-23778
- RESERVED
+CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0
through 7 ...)
+ TODO: check
+CVE-2023-23783 (A use of externally-controlled format string in Fortinet
FortiWeb vers ...)
+ TODO: check
+CVE-2023-23782 (A heap-based buffer overflow in Fortinet FortiWeb version
7.0.0 throug ...)
+ TODO: check
+CVE-2023-23781 (A stack-based buffer overflow vulnerability [CWE-121] in
FortiWeb vers ...)
+ TODO: check
+CVE-2023-23780 (A stack-based buffer overflow in Fortinet FortiWeb version
7.0.0 throu ...)
+ TODO: check
+CVE-2023-23779 (Multiple improper neutralization of special elements used in
an OS Com ...)
+ TODO: check
+CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb
version 7 ...)
+ TODO: check
CVE-2023-23777
RESERVED
CVE-2023-23776
@@ -5993,8 +6091,8 @@ CVE-2010-10009 (A vulnerability was found in frioux
ptome. It has been rated as
NOT-FOR-US: frioux ptome
CVE-2023-23753
RESERVED
-CVE-2023-23752
- RESERVED
+CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An
improper ac ...)
+ TODO: check
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A
missing ACL ...)
NOT-FOR-US: Joomla!
CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A
missing toke ...)
@@ -6716,8 +6814,8 @@ CVE-2023-23560 (In certain Lexmark products through
2023-01-12, SSRF can occur b
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the
Linux k ...)
- linux 6.1.11-1
NOTE:
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
-CVE-2023-23558
- RESERVED
+CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths
in /tmp. ...)
+ TODO: check
CVE-2023-23557
RESERVED
CVE-2023-23556
@@ -9409,8 +9507,8 @@ CVE-2023-22640
RESERVED
CVE-2023-22639
RESERVED
-CVE-2023-22638
- RESERVED
+CVE-2023-22638 (Several improper neutralization of inputs during web page
generation v ...)
+ TODO: check
CVE-2023-22637
RESERVED
CVE-2023-22636
@@ -9739,12 +9837,12 @@ CVE-2023-22582
RESERVED
CVE-2023-22581
RESERVED
-CVE-2023-22580
- RESERVED
-CVE-2023-22579
- RESERVED
-CVE-2023-22578
- RESERVED
+CVE-2023-22580 (Due to improper input filtering in the sequalize js library,
can malic ...)
+ TODO: check
+CVE-2023-22579 (Due to improper parameter filtering in the sequalize js
library, can a ...)
+ TODO: check
+CVE-2023-22578 (Due to improper artibute filtering in the sequalize js
library, can a ...)
+ TODO: check
CVE-2023-22577
RESERVED
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to
a form ...)
@@ -23589,8 +23687,8 @@ CVE-2022-43446
RESERVED
CVE-2022-42465
RESERVED
-CVE-2022-3843
- RESERVED
+CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version
01 an u ...)
+ TODO: check
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to
105.0.5195.125 a ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
@@ -25741,8 +25839,8 @@ CVE-2022-43971 (An arbitrary code exection
vulnerability exists in Linksys WUMC7
NOT-FOR-US: Linksys
CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL
Wireless-G B ...)
NOT-FOR-US: Linksys
-CVE-2022-43969
- RESERVED
+CVE-2022-43969 (Ricoh mp_c4504ex devices with firmware 1.06 mishandle
credentials. ...)
+ TODO: check
CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 and 9 ...)
@@ -27020,8 +27118,8 @@ CVE-2022-43956
RESERVED
CVE-2022-43955
RESERVED
-CVE-2022-43954
- RESERVED
+CVE-2022-43954 (An insertion of sensitive information into log file
vulnerability [CWE ...)
+ TODO: check
CVE-2022-43953
RESERVED
CVE-2022-43952
@@ -27740,14 +27838,17 @@ CVE-2022-43509 (Out-of-bounds write vulnerability
exists in CX-Programmer v.9.77
CVE-2022-43508 (Use-after free vulnerability exists in CX-Programmer v.9.77
and earlie ...)
NOT-FOR-US: CX-Programmer
CVE-2022-43504 (Improper authentication vulnerability in WordPress versions
prior to 6 ...)
+ {DSA-5279-1}
- wordpress 6.0.3+dfsg1-1 (bug #1022575)
[buster] - wordpress <postponed> (wait for CVE assignment)
NOTE:
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior
to 6.0. ...)
+ {DSA-5279-1}
- wordpress 6.0.3+dfsg1-1 (bug #1022575)
[buster] - wordpress <postponed> (wait for CVE assignment)
NOTE:
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior
to 6.0. ...)
+ {DSA-5279-1}
- wordpress 6.0.3+dfsg1-1 (bug #1022575)
[buster] - wordpress <postponed> (wait for CVE assignment)
NOTE:
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
@@ -31194,8 +31295,8 @@ CVE-2022-42474
RESERVED
CVE-2022-42473 (A missing authentication for a critical function vulnerability
in Fort ...)
NOT-FOR-US: FortiGuard
-CVE-2022-42472
- RESERVED
+CVE-2022-42472 (A improper neutralization of crlf sequences in http headers
('http res ...)
+ TODO: check
CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers
('HTTP Re ...)
NOT-FOR-US: FortiGuard
CVE-2022-42470
@@ -34333,10 +34434,10 @@ CVE-2022-3292 (Use of Cache Containing Sensitive
Information in GitHub repositor
- rdiffweb <itp> (bug #969974)
CVE-2022-41336 (An improper neutralization of input during web page generation
vulnera ...)
NOT-FOR-US: FortiGuard
-CVE-2022-41335
- RESERVED
-CVE-2022-41334
- RESERVED
+CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet
FortiOS v ...)
+ TODO: check
+CVE-2022-41334 (An improper neutralization of input during web page generation
[CWE-79 ...)
+ TODO: check
CVE-2022-41333
RESERVED
CVE-2022-41332
@@ -35896,8 +35997,8 @@ CVE-2022-40696
RESERVED
CVE-2022-40684 (An authentication bypass using an alternate path or channel
[CWE-288] ...)
NOT-FOR-US: FortiGuard
-CVE-2022-40683
- RESERVED
+CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3
may all ...)
+ TODO: check
CVE-2022-40682
RESERVED
CVE-2022-40681
@@ -35906,14 +36007,14 @@ CVE-2022-40680 (A improper neutralization of input
during web page generation ('
NOT-FOR-US: FortiGuard
CVE-2022-40679
RESERVED
-CVE-2022-40678
- RESERVED
-CVE-2022-40677
- RESERVED
+CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC
versions ...)
+ TODO: check
+CVE-2022-40677 (A improper neutralization of argument delimiters in a command
('argume ...)
+ TODO: check
CVE-2022-40676
RESERVED
-CVE-2022-40675
- RESERVED
+CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0
through ...)
+ TODO: check
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my
Post – ...)
@@ -37750,20 +37851,20 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set
(CRS) is affected by a parti
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in
point release)
NOTE:
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
-CVE-2022-39954
- RESERVED
+CVE-2022-39954 (An improper restriction of xml external entity reference in
Fortinet F ...)
+ TODO: check
CVE-2022-39953
RESERVED
-CVE-2022-39952
- RESERVED
+CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC
versions ...)
+ TODO: check
CVE-2022-39951
RESERVED
CVE-2022-39950 (An improper neutralization of input during web page generation
vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-39949 (An improper control of a resource through its lifetime
vulnerability [ ...)
NOT-FOR-US: FortiGuard
-CVE-2022-39948
- RESERVED
+CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in
FortiOS ...)
+ TODO: check
CVE-2022-39947 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-39946
@@ -41013,8 +41114,8 @@ CVE-2022-38733 (OnCommand Insight versions 7.3.1
through 7.3.14 are susceptible
NOT-FOR-US: NetApp
CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content
Security Poli ...)
NOT-FOR-US: SnapCenter (NetAPP)
-CVE-2022-38731
- RESERVED
+CVE-2022-38731 (Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory
Traversal ...)
+ TODO: check
CVE-2022-2985 (In music service, there is a missing permission check. This
could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a
missin ...)
@@ -42234,14 +42335,14 @@ CVE-2022-38380 (An improper access control [CWE-284]
vulnerability in FortiOS ve
NOT-FOR-US: FortiGuard
CVE-2022-38379 (Improper neutralization of input during web page generation
[CWE-79] i ...)
NOT-FOR-US: FortiGuard
-CVE-2022-38378
- RESERVED
+CVE-2022-38378 (An improper privilege management vulnerability [CWE-269] in
Fortinet F ...)
+ TODO: check
CVE-2022-38377 (An improper access control vulnerability [CWE-284] in
FortiManager 7.2 ...)
NOT-FOR-US: FortiGuard
-CVE-2022-38376
- RESERVED
-CVE-2022-38375
- RESERVED
+CVE-2022-38376 (Multiple improper neutralization of input during web page
generation ( ...)
+ TODO: check
+CVE-2022-38375 (An improper authorization vulnerability [CWE-285] in Fortinet
FortiNAC ...)
+ TODO: check
CVE-2022-38374 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-38373 (An improper neutralization of input during web page generation
vulnera ...)
@@ -54742,12 +54843,12 @@ CVE-2022-33873 (An improper neutralization of special
elements used in an OS Com
NOT-FOR-US: Fortiguard
CVE-2022-33872 (An improper neutralization of special elements used in an OS
Command ( ...)
NOT-FOR-US: Fortiguard
-CVE-2022-33871
- RESERVED
+CVE-2022-33871 (A stack-based buffer overflow vulnerability [CWE-121] in
FortiWeb vers ...)
+ TODO: check
CVE-2022-33870 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiGuard
-CVE-2022-33869
- RESERVED
+CVE-2022-33869 (An improper neutralization of special elements used in an OS
command v ...)
+ TODO: check
CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to
stored ...)
@@ -64573,22 +64674,22 @@ CVE-2022-30308 (In Festo Controller CECC-X-M1 product
family in multiple version
NOT-FOR-US: Festo
CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the
RSA SSH h ...)
NOT-FOR-US: FortiGuard
-CVE-2022-30306
- RESERVED
+CVE-2022-30306 (A stack-based buffer overflow vulnerability [CWE-121] in the
CA sign f ...)
+ TODO: check
CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in
FortiSandbox versio ...)
NOT-FOR-US: FortiGuard
-CVE-2022-30304
- RESERVED
-CVE-2022-30303
- RESERVED
+CVE-2022-30304 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
+CVE-2022-30303 (An improper neutralization of special elements used in an os
command ( ...)
+ TODO: check
CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in
FortiDece ...)
NOT-FOR-US: Fortinet
CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0
through ...)
NOT-FOR-US: Fortinet
-CVE-2022-30300
- RESERVED
-CVE-2022-30299
- RESERVED
+CVE-2022-30300 (A relative path traversal vulnerability [CWE-23] in FortiWeb
7.0.0 thr ...)
+ TODO: check
+CVE-2022-30299 (A path traversal vulnerability [CWE-23] in the API of FortiWeb
7.0.0 t ...)
+ TODO: check
CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in
Fortinet F ...)
NOT-FOR-US: FortiGuard
CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server
(Japanese Edi ...)
@@ -68341,8 +68442,8 @@ CVE-2022-29056
RESERVED
CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version
7.2.0, 7 ...)
NOT-FOR-US: FortiGuard
-CVE-2022-29054
- RESERVED
+CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325] in the
functions ...)
+ TODO: check
CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the
functions ...)
NOT-FOR-US: FortiGuard
CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores
private ...)
@@ -71788,8 +71889,8 @@ CVE-2022-27899
RESERVED
CVE-2022-27898
RESERVED
-CVE-2022-27897
- RESERVED
+CVE-2022-27897 (Palantir Gotham versions prior to 3.22.11.2 included an
unauthenticate ...)
+ TODO: check
CVE-2022-27896 (Information Exposure Through Log Files vulnerability
discovered in Fou ...)
NOT-FOR-US: Foundry Code-Workbooks
CVE-2022-27895 (Information Exposure Through Log Files vulnerability
discovered in Fou ...)
@@ -71798,12 +71899,12 @@ CVE-2022-27894 (The Foundry Blobster service was
found to have a cross-site scri
NOT-FOR-US: Foundry Blobster service
CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions
0.15.0 - ...)
NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector
-CVE-2022-27892
- RESERVED
-CVE-2022-27891
- RESERVED
-CVE-2022-27890
- RESERVED
+CVE-2022-27892 (Palantir Gotham versions prior to 3.22.11.2 included an
unauthenticate ...)
+ TODO: check
+CVE-2022-27891 (Palantir Gotham included an unauthenticated endpoint that
listed all a ...)
+ TODO: check
+CVE-2022-27890 (It was discovered that the sls-logging was not verifying
hostnames in ...)
+ TODO: check
CVE-2022-27889 (The Multipass service was found to have code paths that could
be abuse ...)
NOT-FOR-US: Palantir
CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found
to be log ...)
@@ -72877,8 +72978,8 @@ CVE-2022-27491 (A improper verification of source of a
communication channel in
NOT-FOR-US: FortiGuard
CVE-2022-27490
RESERVED
-CVE-2022-27489
- RESERVED
+CVE-2022-27489 (A improper neutralization of special elements used in an os
command (' ...)
+ TODO: check
CVE-2022-27488
RESERVED
CVE-2022-27487
@@ -72891,8 +72992,8 @@ CVE-2022-27484 (A unverified password change in
Fortinet FortiADC version 6.2.0
NOT-FOR-US: FortiGuard
CVE-2022-27483 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: Fortinet
-CVE-2022-27482
- RESERVED
+CVE-2022-27482 (A improper neutralization of special elements used in an os
command (' ...)
+ TODO: check
CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12
(All versi ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031
(All versio ...)
@@ -77005,8 +77106,8 @@ CVE-2022-26117 (An empty password in configuration file
vulnerability [CWE-258]
NOT-FOR-US: Fortinet
CVE-2022-26116 (Multiple improper neutralization of special elements used in
SQL comma ...)
NOT-FOR-US: Fortiguard FortiNAC
-CVE-2022-26115
- RESERVED
+CVE-2022-26115 (A use of password hash with insufficient computational effort
vulnerab ...)
+ TODO: check
CVE-2022-26114 (An improper neutralization of input during web page generation
vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-26113 (An execution with unnecessary privileges vulnerability
[CWE-250] in Fo ...)
@@ -102237,8 +102338,8 @@ CVE-2021-43076 (An improper privilege management
vulnerability [CWE-269] in Fort
NOT-FOR-US: FortiGuard
CVE-2021-43075 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43074
- RESERVED
+CVE-2021-43074 (An improper verification of cryptographic signature
vulnerability [CWE ...)
+ TODO: check
CVE-2021-43073 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43072
@@ -103044,8 +103145,8 @@ CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK
and WPE WebKit before 2.34.1
- wpewebkit 2.34.1-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479
NOTE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
-CVE-2021-42761
- RESERVED
+CVE-2021-42761 (A condition for session fixation vulnerability [CWE-384] in
the sessio ...)
+ TODO: check
CVE-2021-42760 (A improper neutralization of special elements used in an sql
command ( ...)
NOT-FOR-US: FortiGuard
CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP
version 8. ...)
@@ -103054,8 +103155,8 @@ CVE-2021-42758 (An improper access control
vulnerability [CWE-284] in FortiWLC 8
NOT-FOR-US: FortiGuard
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of
FortiOS befo ...)
NOT-FOR-US: FortiGuard
-CVE-2021-42756
- RESERVED
+CVE-2021-42756 (Multiple stack-based buffer overflow vulnerabilities [CWE-121]
in the ...)
+ TODO: check
CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in
FortiSwitc ...)
NOT-FOR-US: Fortinet
CVE-2021-42754 (An improper control of generation of code vulnerability
[CWE-94] in Fo ...)
@@ -110038,8 +110139,8 @@ CVE-2021-40557
RESERVED
CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in
ASUS RT- ...)
NOT-FOR-US: ASUS
-CVE-2021-40555
- RESERVED
+CVE-2021-40555 (Cross site scripting (XSS) vulnerability in flatCore-CMS
2.2.15 allows ...)
+ TODO: check
CVE-2021-40554
RESERVED
CVE-2021-40553 (piwigo 11.5.0 is affected by a remote code execution (RCE)
vulnerabili ...)
@@ -183105,7 +183206,7 @@ CVE-2020-24309
RESERVED
CVE-2020-24308
RESERVED
-CVE-2020-24307 (An issue in mRemoteNG v1.76.20 allows attackers to escalate
privileges ...)
+CVE-2020-24307 (** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers
to esca ...)
TODO: check
CVE-2020-24306
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec0817874691d7ac7ed5c1d242c760f92fca6e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec0817874691d7ac7ed5c1d242c760f92fca6e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
