[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 18 Feb 2023 00:10:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ae81eb64 by security tracker role at 2023-02-18T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-26056
+       RESERVED
+CVE-2023-26055
+       RESERVED
+CVE-2023-26054
+       RESERVED
+CVE-2023-26053
+       RESERVED
+CVE-2023-26052
+       RESERVED
+CVE-2023-26051
+       RESERVED
+CVE-2023-26050
+       RESERVED
+CVE-2023-26049
+       RESERVED
+CVE-2023-26048
+       RESERVED
+CVE-2023-26047
+       RESERVED
+CVE-2023-26046
+       RESERVED
+CVE-2023-26045
+       RESERVED
+CVE-2023-26044
+       RESERVED
+CVE-2023-26043
+       RESERVED
+CVE-2023-26042
+       RESERVED
+CVE-2023-26041
+       RESERVED
+CVE-2023-26040
+       RESERVED
+CVE-2023-26039
+       RESERVED
+CVE-2023-26038
+       RESERVED
+CVE-2023-26037
+       RESERVED
+CVE-2023-26036
+       RESERVED
+CVE-2023-26035
+       RESERVED
+CVE-2023-26034
+       RESERVED
+CVE-2023-26033
+       RESERVED
+CVE-2023-26032
+       RESERVED
+CVE-2023-26031
+       RESERVED
+CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)
+       TODO: check
+CVE-2023-0900
+       RESERVED
+CVE-2023-0899
+       RESERVED
+CVE-2023-0898
+       RESERVED
+CVE-2023-0897
+       RESERVED
 CVE-2023-26030
        RESERVED
 CVE-2023-26029
@@ -1315,7 +1377,7 @@ CVE-2023-25613
        RESERVED
 CVE-2023-0767
        RESERVED
-       {DSA-5350-1 DLA-3319-1}
+       {DSA-5353-1 DSA-5350-1 DLA-3319-1}
        - firefox 110.0-1
        - nss 2:3.87.1-1
        - firefox-esr 102.8.0esr-1
@@ -3459,8 +3521,8 @@ CVE-2023-24811
        RESERVED
 CVE-2023-24810
        RESERVED
-CVE-2023-24809
-       RESERVED
+CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting 
with ver ...)
+       TODO: check
 CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In 
versions pr ...)
        TODO: check, might affect src:ippsample
 CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 
5.19.1, the ...)
@@ -3569,8 +3631,8 @@ CVE-2023-24771
        RESERVED
 CVE-2023-24770
        RESERVED
-CVE-2023-24769
-       RESERVED
+CVE-2023-24769 (Changedetection.io before v0.40.1.1 was discovered to contain 
a stored ...)
+       TODO: check
 CVE-2023-24768
        RESERVED
 CVE-2023-24767
@@ -4401,8 +4463,8 @@ CVE-2023-0484
        RESERVED
 CVE-2023-0483
        RESERVED
-CVE-2023-0482
-       RESERVED
+CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the 
DataSour ...)
+       TODO: check
 CVE-2023-0481
        RESERVED
        NOT-FOR-US: Quarkus
@@ -5815,14 +5877,11 @@ CVE-2023-23924 (Dompdf is an HTML to PDF converter. The 
URI validation on dompdf
        - php-dompdf <not-affected> (Vulnerable code not in any Debian released 
version)
        NOTE: 
https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
        NOTE: 
https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85
 (v2.0.2)
-CVE-2023-23923
-       RESERVED
+CVE-2023-23923 (The vulnerability was found Moodle which exists due to 
insufficient li ...)
        - moodle <removed>
-CVE-2023-23922
-       RESERVED
+CVE-2023-23922 (The vulnerability was found Moodle which exists due to 
insufficient sa ...)
        - moodle <removed>
-CVE-2023-23921
-       RESERVED
+CVE-2023-23921 (The vulnerability was found Moodle which exists due to 
insufficient sa ...)
        - moodle <removed>
 CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository 
builderio/qw ...)
        NOT-FOR-US: builderio/qwik
@@ -8326,8 +8385,8 @@ CVE-2023-23066
        RESERVED
 CVE-2023-23065
        RESERVED
-CVE-2023-23064
-       RESERVED
+CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to 
Incorrect Acce ...)
+       TODO: check
 CVE-2023-23063
        RESERVED
 CVE-2023-23062
@@ -10878,8 +10937,8 @@ CVE-2022-48117
        RESERVED
 CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code 
execution (RCE)  ...)
        NOT-FOR-US: AyaCMS
-CVE-2022-48115
-       RESERVED
+CVE-2022-48115 (The dropdown menu in jspreadsheet before v4.6.0 was discovered 
to be v ...)
+       TODO: check
 CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection 
vulnerabi ...)
        NOT-FOR-US: RuoYi
 CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 
allows una ...)
@@ -12880,48 +12939,48 @@ CVE-2023-22248
        RESERVED
 CVE-2023-22247
        RESERVED
-CVE-2023-22246
-       RESERVED
+CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and 
earlier) a ...)
+       TODO: check
 CVE-2023-22245
        RESERVED
-CVE-2023-22244
-       RESERVED
-CVE-2023-22243
-       RESERVED
+CVE-2023-22244 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a 
Use Aft ...)
+       TODO: check
+CVE-2023-22243 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and 
earlier) a ...)
+       TODO: check
 CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 
22.003.20281 ...)
        NOT-FOR-US: Adobe
 CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 
22.003.20281 ...)
        NOT-FOR-US: Adobe
 CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 
22.003.20281 ...)
        NOT-FOR-US: Adobe
-CVE-2023-22239
-       RESERVED
-CVE-2023-22238
-       RESERVED
-CVE-2023-22237
-       RESERVED
-CVE-2023-22236
-       RESERVED
+CVE-2023-22239 (After Affects versions 23.1 (and earlier), 22.6.3 (and 
earlier) are af ...)
+       TODO: check
+CVE-2023-22238 (After Affects versions 23.1 (and earlier), 22.6.3 (and 
earlier) are af ...)
+       TODO: check
+CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and 
earlier) are af ...)
+       TODO: check
+CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and 
earlier) a ...)
+       TODO: check
 CVE-2023-22235
        RESERVED
-CVE-2023-22234
-       RESERVED
-CVE-2023-22233
-       RESERVED
-CVE-2023-22232
-       RESERVED
-CVE-2023-22231
-       RESERVED
-CVE-2023-22230
-       RESERVED
-CVE-2023-22229
-       RESERVED
-CVE-2023-22228
-       RESERVED
-CVE-2023-22227
-       RESERVED
-CVE-2023-22226
-       RESERVED
+CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a 
Stack-b ...)
+       TODO: check
+CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and 
earlier) are af ...)
+       TODO: check
+CVE-2023-22232 (Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and 
earlier) are  ...)
+       TODO: check
+CVE-2023-22231 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2023-22230 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2023-22229 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2023-22228 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2023-22227 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2023-22226 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
 CVE-2023-22225
        RESERVED
 CVE-2023-22224
@@ -17675,14 +17734,14 @@ CVE-2022-XXXX [node-d3-color redos]
        NOTE: https://github.com/d3/d3-color/pull/100
 CVE-2023-21623
        RESERVED
-CVE-2023-21622
-       RESERVED
-CVE-2023-21621
-       RESERVED
-CVE-2023-21620
-       RESERVED
-CVE-2023-21619
-       RESERVED
+CVE-2023-21622 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21621 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are 
affecte ...)
+       TODO: check
 CVE-2023-21618
        RESERVED
 CVE-2023-21617
@@ -17733,8 +17792,8 @@ CVE-2023-21595 (Adobe InCopy versions 18.0 (and 
earlier), 17.4 (and earlier) are
        NOT-FOR-US: Adobe
 CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) 
are affec ...)
        NOT-FOR-US: Adobe
-CVE-2023-21593
-       RESERVED
+CVE-2023-21593 (Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and 
earlier)  ...)
+       TODO: check
 CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) 
are affe ...)
        NOT-FOR-US: Adobe
 CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) 
are affe ...)
@@ -17751,10 +17810,10 @@ CVE-2023-21586
        RESERVED
 CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 
22.003.20281 ...)
        NOT-FOR-US: Adobe
-CVE-2023-21584
-       RESERVED
-CVE-2023-21583
-       RESERVED
+CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and 
earlier) ar ...)
+       TODO: check
 CVE-2023-21582
        RESERVED
 CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 
22.003.20281 ...)
@@ -17763,16 +17822,16 @@ CVE-2023-21580
        RESERVED
 CVE-2023-21579 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 
22.003.20281 ...)
        NOT-FOR-US: Adobe
-CVE-2023-21578
-       RESERVED
-CVE-2023-21577
-       RESERVED
-CVE-2023-21576
-       RESERVED
-CVE-2023-21575
-       RESERVED
-CVE-2023-21574
-       RESERVED
+CVE-2023-21578 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21577 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21576 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21575 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are 
affecte ...)
+       TODO: check
+CVE-2023-21574 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are 
affecte ...)
+       TODO: check
 CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 
allowed a ...)
        {DSA-5295-1}
        - chromium 108.0.5359.94-1
@@ -37159,8 +37218,8 @@ CVE-2022-40350
        RESERVED
 CVE-2022-40349
        RESERVED
-CVE-2022-40348
-       RESERVED
+CVE-2022-40348 (Cross Site Scripting (XSS) vulnerability in Intern Record 
System versi ...)
+       TODO: check
 CVE-2022-40347 (SQL Injection vulnerability in Intern Record System version 
1.0 in /in ...)
        TODO: check
 CVE-2022-40346
@@ -37986,8 +38045,8 @@ CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is 
vulnerable to Regular expression
        NOTE: https://github.com/sqlalchemy/mako/issues/366
 CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was 
discovered to con ...)
        NOT-FOR-US: Microchip Technology
-CVE-2022-40021
-       RESERVED
+CVE-2022-40021 (QVidium Technologies Amino A140 (prior to firmware version 
1.0.0-283)  ...)
+       TODO: check
 CVE-2022-40020
        RESERVED
 CVE-2022-40019
@@ -43859,8 +43918,8 @@ CVE-2022-37937
        RESERVED
 CVE-2022-37936
        RESERVED
-CVE-2022-37935
-       RESERVED
+CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may 
disclose ...)
+       TODO: check
 CVE-2022-37934 (A potential security vulnerability has been identified in HPE 
OfficeCo ...)
        NOT-FOR-US: HPE
 CVE-2022-37933 (A potential security vulnerability has been identified in HPE 
Superdom ...)
@@ -126065,7 +126124,8 @@ CVE-2021-34252
        RESERVED
 CVE-2021-34251
        RESERVED
-CVE-2021-34250 (An issue was discovered in baijiacms v4. There is a CSRF 
vulnerability ...)
+CVE-2021-34250
+       REJECTED
        NOT-FOR-US: baijiacms
 CVE-2021-34249
        RESERVED
@@ -129590,14 +129650,14 @@ CVE-2021-32848
        RESERVED
 CVE-2021-32847
        RESERVED
-CVE-2021-32846
-       RESERVED
-CVE-2021-32845
-       RESERVED
-CVE-2021-32844
-       RESERVED
-CVE-2021-32843
-       RESERVED
+CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in 
an appl ...)
+       TODO: check
+CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in 
an appl ...)
+       TODO: check
+CVE-2021-32844 (HyperKit is a toolkit for embedding hypervisor capabilities in 
an appl ...)
+       TODO: check
+CVE-2021-32843 (HyperKit is a toolkit for embedding hypervisor capabilities in 
an appl ...)
+       TODO: check
 CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 
library. Starti ...)
        - mono <not-affected> (Vulnerable code not yet uploaded)
        NOTE: 
https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
@@ -146708,8 +146768,8 @@ CVE-2021-26279
        RESERVED
 CVE-2021-26278
        RESERVED
-CVE-2021-26277
-       RESERVED
+CVE-2021-26277 (The framework service handles pendingIntent incorrectly, 
allowing a ma ...)
+       TODO: check
 CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy 
node-config-shield (aka C ...)
        NOT-FOR-US: GoDaddy node-config-shield
 CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package 
through 0.1.5 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae81eb64ac219401b4331abc7cb164649d4d6b95

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae81eb64ac219401b4331abc7cb164649d4d6b95
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to