Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1527c76 by security tracker role at 2023-02-20T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,241 @@
+CVE-2023-26213
+ RESERVED
+CVE-2023-26212
+ RESERVED
+CVE-2023-26211
+ RESERVED
+CVE-2023-26210
+ RESERVED
+CVE-2023-26209
+ RESERVED
+CVE-2023-26208
+ RESERVED
+CVE-2023-26207
+ RESERVED
+CVE-2023-26206
+ RESERVED
+CVE-2023-26205
+ RESERVED
+CVE-2023-26204
+ RESERVED
+CVE-2023-26203
+ RESERVED
+CVE-2023-26202
+ RESERVED
+CVE-2023-26201
+ RESERVED
+CVE-2023-26200
+ RESERVED
+CVE-2023-26199
+ RESERVED
+CVE-2023-26198
+ RESERVED
+CVE-2023-26197
+ RESERVED
+CVE-2023-26196
+ RESERVED
+CVE-2023-26195
+ RESERVED
+CVE-2023-26194
+ RESERVED
+CVE-2023-26193
+ RESERVED
+CVE-2023-26192
+ RESERVED
+CVE-2023-26191
+ RESERVED
+CVE-2023-26190
+ RESERVED
+CVE-2023-26189
+ RESERVED
+CVE-2023-26188
+ RESERVED
+CVE-2023-26187
+ RESERVED
+CVE-2023-26186
+ RESERVED
+CVE-2023-26185
+ RESERVED
+CVE-2023-26184
+ RESERVED
+CVE-2023-26183
+ RESERVED
+CVE-2023-26182
+ RESERVED
+CVE-2023-26181
+ RESERVED
+CVE-2023-26180
+ RESERVED
+CVE-2023-26179
+ RESERVED
+CVE-2023-26178
+ RESERVED
+CVE-2023-26177
+ RESERVED
+CVE-2023-26176
+ RESERVED
+CVE-2023-26175
+ RESERVED
+CVE-2023-26174
+ RESERVED
+CVE-2023-26173
+ RESERVED
+CVE-2023-26172
+ RESERVED
+CVE-2023-26171
+ RESERVED
+CVE-2023-26170
+ RESERVED
+CVE-2023-26169
+ RESERVED
+CVE-2023-26168
+ RESERVED
+CVE-2023-26167
+ RESERVED
+CVE-2023-26166
+ RESERVED
+CVE-2023-26165
+ RESERVED
+CVE-2023-26164
+ RESERVED
+CVE-2023-26163
+ RESERVED
+CVE-2023-26162
+ RESERVED
+CVE-2023-26161
+ RESERVED
+CVE-2023-26160
+ RESERVED
+CVE-2023-26159
+ RESERVED
+CVE-2023-26158
+ RESERVED
+CVE-2023-26157
+ RESERVED
+CVE-2023-26156
+ RESERVED
+CVE-2023-26155
+ RESERVED
+CVE-2023-26154
+ RESERVED
+CVE-2023-26153
+ RESERVED
+CVE-2023-26152
+ RESERVED
+CVE-2023-26151
+ RESERVED
+CVE-2023-26150
+ RESERVED
+CVE-2023-26149
+ RESERVED
+CVE-2023-26148
+ RESERVED
+CVE-2023-26147
+ RESERVED
+CVE-2023-26146
+ RESERVED
+CVE-2023-26145
+ RESERVED
+CVE-2023-26144
+ RESERVED
+CVE-2023-26143
+ RESERVED
+CVE-2023-26142
+ RESERVED
+CVE-2023-26141
+ RESERVED
+CVE-2023-26140
+ RESERVED
+CVE-2023-26139
+ RESERVED
+CVE-2023-26138
+ RESERVED
+CVE-2023-26137
+ RESERVED
+CVE-2023-26136
+ RESERVED
+CVE-2023-26135
+ RESERVED
+CVE-2023-26134
+ RESERVED
+CVE-2023-26133
+ RESERVED
+CVE-2023-26132
+ RESERVED
+CVE-2023-26131
+ RESERVED
+CVE-2023-26130
+ RESERVED
+CVE-2023-26129
+ RESERVED
+CVE-2023-26128
+ RESERVED
+CVE-2023-26127
+ RESERVED
+CVE-2023-26126
+ RESERVED
+CVE-2023-26125
+ RESERVED
+CVE-2023-26124
+ RESERVED
+CVE-2023-26123
+ RESERVED
+CVE-2023-26122
+ RESERVED
+CVE-2023-26121
+ RESERVED
+CVE-2023-26120
+ RESERVED
+CVE-2023-26119
+ RESERVED
+CVE-2023-26118
+ RESERVED
+CVE-2023-26117
+ RESERVED
+CVE-2023-26116
+ RESERVED
+CVE-2023-26115
+ RESERVED
+CVE-2023-26114
+ RESERVED
+CVE-2023-26113
+ RESERVED
+CVE-2023-26112
+ RESERVED
+CVE-2023-26111
+ RESERVED
+CVE-2023-26110
+ RESERVED
+CVE-2023-26109
+ RESERVED
+CVE-2023-26108
+ RESERVED
+CVE-2023-26107
+ RESERVED
+CVE-2023-26106
+ RESERVED
+CVE-2023-26105
+ RESERVED
+CVE-2023-26104
+ RESERVED
+CVE-2023-26103
+ RESERVED
+CVE-2023-26102
+ RESERVED
+CVE-2023-0926
+ RESERVED
+CVE-2023-0925
+ RESERVED
+CVE-2023-0924
+ RESERVED
+CVE-2023-0923
+ RESERVED
+CVE-2023-0922
+ RESERVED
+CVE-2023-0921
+ RESERVED
+CVE-2022-48330
+ RESERVED
CVE-2023-26101
RESERVED
CVE-2023-26100
@@ -118,12 +356,12 @@ CVE-2023-0915 (A vulnerability classified as critical has
been found in SourceCo
NOT-FOR-US: SourceCodester Auto Dealer Management System
CVE-2017-20178
RESERVED
-CVE-2016-15027
- RESERVED
+CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator
Plugin 2.1 ...)
+ TODO: check
CVE-2015-10082
RESERVED
-CVE-2015-10081
- RESERVED
+CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin
1.0b2.9 and c ...)
+ TODO: check
CVE-2014-125089
RESERVED
CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed
prior to ...)
@@ -132,16 +370,16 @@ CVE-2023-0913 (A vulnerability classified as critical was
found in SourceCodeste
NOT-FOR-US: SourceCodester Auto Dealer Management System
CVE-2023-0912 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Auto Dealer Management System
-CVE-2019-25104
- RESERVED
-CVE-2016-15026
- RESERVED
-CVE-2016-15025
- RESERVED
-CVE-2015-10080
- RESERVED
-CVE-2014-125088
- RESERVED
+CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and
classified as pro ...)
+ TODO: check
+CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and
classified as p ...)
+ TODO: check
+CVE-2016-15025 (A vulnerability, which was classified as problematic, was
found in gen ...)
+ TODO: check
+CVE-2015-10080 (A vulnerability was found in NREL api-umbrella-web 0.7.1. It
has been ...)
+ TODO: check
+CVE-2014-125088 (A vulnerability was found in qt-users-jp silk 0.0.1. It has
been decla ...)
+ TODO: check
CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It
has been ...)
NOT-FOR-US: OAICat
CVE-2012-10008 (A vulnerability, which was classified as critical, has been
found in u ...)
@@ -798,8 +1036,8 @@ CVE-2023-25807
RESERVED
CVE-2023-25806
RESERVED
-CVE-2023-25805
- RESERVED
+CVE-2023-25805 (versionn, software for changing version information across
multiple fi ...)
+ TODO: check
CVE-2023-25804
RESERVED
CVE-2023-25803
@@ -986,7 +1224,7 @@ CVE-2023-25747
RESERVED
CVE-2023-25746
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746
@@ -997,7 +1235,7 @@ CVE-2023-25745
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
CVE-2023-25744
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1012,7 +1250,7 @@ CVE-2023-25743
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743
CVE-2023-25742
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1029,7 +1267,7 @@ CVE-2023-25740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
CVE-2023-25739
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1046,7 +1284,7 @@ CVE-2023-25738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25738
CVE-2023-25737
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1059,7 +1297,7 @@ CVE-2023-25736
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1080,7 +1318,7 @@ CVE-2023-25733
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1093,7 +1331,7 @@ CVE-2023-25731
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25731
CVE-2023-25730
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1102,7 +1340,7 @@ CVE-2023-25730
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730
CVE-2023-25729
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1111,7 +1349,7 @@ CVE-2023-25729
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25729
CVE-2023-25728
RESERVED
- {DSA-5355-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- firefox-esr 102.8.0esr-1
- thunderbird 1:102.8.0-1
@@ -1453,8 +1691,8 @@ CVE-2023-25658
RESERVED
CVE-2023-25657
RESERVED
-CVE-2023-25656
- RESERVED
+CVE-2023-25656 (notation-go is a collection of libraries for supporting
Notation sign, ...)
+ TODO: check
CVE-2023-25655
RESERVED
CVE-2023-25654
@@ -1552,12 +1790,11 @@ CVE-2023-25615
RESERVED
CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions
700, 701, ...)
NOT-FOR-US: SAP
-CVE-2023-25613
- RESERVED
+CVE-2023-25613 (An LDAP Injection vulnerability exists in the
LdapIdentityBackend of A ...)
NOT-FOR-US: Apache Kerby
CVE-2023-0767
RESERVED
- {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3319-1}
+ {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3327-1 DLA-3324-1 DLA-3319-1}
- firefox 110.0-1
- nss 2:3.87.1-1
- firefox-esr 102.8.0esr-1
@@ -1656,16 +1893,16 @@ CVE-2023-0746
RESERVED
CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc.
Yugabyte Manag ...)
- yugabyte-db <itp> (bug #989673)
-CVE-2022-48321
- RESERVED
-CVE-2022-48320
- RESERVED
-CVE-2022-48319
- RESERVED
-CVE-2022-48318
- RESERVED
-CVE-2022-48317
- RESERVED
+CVE-2022-48321 (Limited Server-Side Request Forgery (SSRF) in agent-receiver
in Tribe2 ...)
+ TODO: check
+CVE-2022-48320 (Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <=
2.1.0p17, ...)
+ TODO: check
+CVE-2022-48319 (Sensitive host secret disclosed in cmk-update-agent.log file
in Tribe2 ...)
+ TODO: check
+CVE-2022-48318 (No authorisation controls in the RestAPI documentation for
Tribe29's C ...)
+ TODO: check
+CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI
for Tribe ...)
+ TODO: check
CVE-2023-25600
RESERVED
CVE-2023-25599
@@ -1754,10 +1991,10 @@ CVE-2023-25572 (react-admin is a frontend framework for
building browser applica
NOT-FOR-US: react-admin
CVE-2023-25571 (Backstage is an open platform for building developer portals.
`@backst ...)
NOT-FOR-US: Backstage
-CVE-2023-25570
- RESERVED
-CVE-2023-25569
- RESERVED
+CVE-2023-25570 (Apollo is a configuration management system. Prior to version
2.1.0, t ...)
+ TODO: check
+CVE-2023-25569 (Apollo is a configuration management system. Prior to version
2.1.0, a ...)
+ TODO: check
CVE-2023-25568
RESERVED
CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that
implements ...)
@@ -3226,8 +3463,8 @@ CVE-2023-25000
RESERVED
CVE-2023-24999
RESERVED
-CVE-2023-24998
- RESERVED
+CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number
of requ ...)
+ TODO: check
CVE-2023-24996 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-24995 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
@@ -3274,7 +3511,7 @@ CVE-2023-0617 (A vulnerability was found in TRENDNet
TEW-811DRU 1.0.10.0. It has
NOT-FOR-US: TRENDnet
CVE-2023-0616
RESERVED
- {DSA-5355-1}
+ {DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616
CVE-2023-0615 (A memory leak flaw and potential divide by zero and Integer
overflow w ...)
@@ -4353,6 +4590,7 @@ CVE-2023-0527 (A vulnerability was found in PHPGurukul
Online Security Guards Hi
CVE-2023-0526
RESERVED
CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in
Django 3.2 ...)
+ {DLA-3329-1}
- python-django 3:3.2.18-1 (bug #1031290)
NOTE:
https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE:
https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
(3.2.18)
@@ -5922,7 +6160,7 @@ CVE-2023-22306
RESERVED
CVE-2023-0430
RESERVED
- {DSA-5355-1}
+ {DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.7.1+1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
@@ -6510,12 +6748,12 @@ CVE-2023-0368
RESERVED
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as
problema ...)
NOT-FOR-US: MyCMS
-CVE-2022-47909
- RESERVED
-CVE-2022-46836
- RESERVED
-CVE-2022-46303
- RESERVED
+CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP
query h ...)
+ TODO: check
+CVE-2022-46836 (PHP code injection in watolib auth.php and hosttags.php in
Tribe29's C ...)
+ TODO: check
+CVE-2022-46303 (Command injection in SMS notifications in Tribe29 Checkmk
<= 2.1.0p ...)
+ TODO: check
CVE-2022-46302
RESERVED
CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29
Checkmk b ...)
@@ -7021,7 +7259,7 @@ CVE-2023-23606
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606
CVE-2023-23605
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7034,7 +7272,7 @@ CVE-2023-23604
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604
CVE-2023-23603
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7043,7 +7281,7 @@ CVE-2023-23603
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603
CVE-2023-23602
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7052,7 +7290,7 @@ CVE-2023-23602
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602
CVE-2023-23601
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7073,7 +7311,7 @@ CVE-2023-23599
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599
CVE-2023-23598
RESERVED
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 109.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -7292,7 +7530,7 @@ CVE-2023-0288 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has
been rate ...)
NOT-FOR-US: ityouknow favorites-web
CVE-2023-0286 (There is a type confusion vulnerability relating to X.400
address proc ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658
(openssl-3.0.8)
@@ -8497,7 +8735,7 @@ CVE-2023-0216 (An invalid pointer dereference on read can
be triggered when an a
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
(openssl-3.0.8)
CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used
for str ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main
releases 1 ...)
@@ -14467,7 +14705,7 @@ CVE-2022-4553 (The FL3R FeelBox WordPress plugin
through 8.1 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have
CSRF check ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4551 (The Rich Table of Contents WordPress plugin through 1.3.7 does
not val ...)
+CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does
not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4550
RESERVED
@@ -14862,7 +15100,7 @@ CVE-2022-4488 (The Widgets on Pages WordPress plugin
through 1.6.0 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not
validate and ...)
+CVE-2022-4486 (The Meteor Slides WordPress plugin before 1.5.7 does not
validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and
escape ...)
NOT-FOR-US: WordPress plugin
@@ -15183,7 +15421,7 @@ CVE-2022-4452
CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and
parses ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83
(openssl-3.0.8)
@@ -16425,7 +16663,7 @@ CVE-2022-46878 (Mozilla developers Randell Jesup,
Valentin Gosu, Olli Pettay, an
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878
CVE-2022-46877 (By confusing the browser, the fullscreen notification could
have been ...)
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 108.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -16461,7 +16699,7 @@ CVE-2022-46872 (An attacker who compromised a content
process could have partial
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872
CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities
that cou ...)
- {DSA-5355-1 DSA-5322-1 DLA-3275-1}
+ {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
- firefox 108.0-1
- firefox-esr 102.7.0esr-1
- thunderbird 1:102.7.1-1
@@ -17201,7 +17439,7 @@ CVE-2022-4306 (The Panda Pods Repeater Field WordPress
plugin before 1.5.4 does
CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks
author ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA
Decryption imple ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d
(openssl-3.0.8)
@@ -20720,7 +20958,7 @@ CVE-2022-43468 (External initialization of trusted
variables or data stores vuln
NOT-FOR-US: WordPress plugin
CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input,
which ma ...)
NOT-FOR-US: TP-Link
-CVE-2022-4010 (The Image Hover Effects WordPress plugin through 5.3 does not
sanitise ...)
+CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4009
RESERVED
@@ -22101,8 +22339,8 @@ CVE-2022-3903 (An incorrect read request flaw was found
in the Infrared Transcei
[bullseye] - linux 5.10.148-1
CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2022-3901
- RESERVED
+CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to
execute ...)
+ TODO: check
CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not
properly valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45058
@@ -27549,6 +27787,7 @@ CVE-2023-20053
RESERVED
CVE-2023-20052
RESERVED
+ {DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
@@ -27592,6 +27831,7 @@ CVE-2023-20033
RESERVED
CVE-2023-20032
RESERVED
+ {DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
@@ -55667,7 +55907,7 @@ CVE-2022-33760
CVE-2022-33759
RESERVED
CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly
optimi ...)
- {DSA-5343-1}
+ {DSA-5343-1 DLA-3325-1}
- openssl 3.0.5-1 (bug #1023424)
NOTE: https://www.openssl.org/news/secadv/20220705.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
(openssl-3.0.5)
@@ -61153,12 +61393,12 @@ CVE-2022-31653
CVE-2022-31652
RESERVED
CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in
rate.c in ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in
lsx_aiffstartwri ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
@@ -111073,7 +111313,7 @@ CVE-2021-40428
CVE-2021-40427
RESERVED
CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the
sphere.c star ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012138)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
NOTE: https://sourceforge.net/p/sox/bugs/362/
@@ -120467,7 +120707,7 @@ CVE-2021-36717 (Synerion TimeNet version 9.21
contains a directory traversal vul
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found
in the S ...)
NOT-FOR-US: Node is-email
CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function
within lib ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
NOTE: Triggered by same reproducer as for CVE-2021-23210
@@ -127265,7 +127505,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's
RSA decryption functions han
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
CVE-2021-33844 (A floating point exception (divide-by-zero) issue was
discovered in So ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1021135)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
NOTE: https://sourceforge.net/p/sox/bugs/349/
@@ -127275,19 +127515,19 @@ CVE-2021-33842 (Improper Authentication
vulnerability in the cookie parameter of
CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not
handle so ...)
NOT-FOR-US: SGE-PLC1000 device
CVE-2021-23210 (A floating point exception (divide-by-zero) issue was
discovered in So ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
NOTE: https://sourceforge.net/p/sox/bugs/351/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow
occurs ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1021134)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
NOTE: https://sourceforge.net/p/sox/bugs/350/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow
occurs ...)
- {DLA-3315-1}
+ {DSA-5356-1 DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1021133)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
NOTE: https://sourceforge.net/p/sox/bugs/352/
@@ -129865,10 +130105,10 @@ CVE-2021-32850
RESERVED
CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to
version ...)
NOT-FOR-US: Gerapy
-CVE-2021-32848
- RESERVED
-CVE-2021-32847
- RESERVED
+CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior
to pull r ...)
+ TODO: check
+CVE-2021-32847 (HyperKit is a toolkit for embedding hypervisor capabilities in
an appl ...)
+ TODO: check
CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in
an appl ...)
TODO: check
CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in
an appl ...)
@@ -211479,7 +211719,7 @@ CVE-2020-12404 (For native-to-JS bridging the app
requires a unique token to be
- firefox <not-affected> (Specific to iOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented
in NSS i ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- nss 2:3.55-1
NOTE:
https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
NOTE:
https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
@@ -211491,7 +211731,7 @@ CVE-2020-12402 (During RSA key generation, bignum
implementations used a variati
NOTE:
https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
CVE-2020-12401 (During ECDSA signature generation, padding applied in the
nonce design ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
NOTE:
https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
@@ -211499,7 +211739,7 @@ CVE-2020-12401 (During ECDSA signature generation,
padding applied in the nonce
NOTE:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
CVE-2020-12400 (When converting coordinates from projective to affine, the
modular inv ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
NOTE:
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
@@ -227157,7 +227397,7 @@ CVE-2020-6831 (A buffer overflow could occur when
parsing and validating SCTP ch
CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to
be passe ...)
- firefox <not-affected> (Firefox on iOS)
CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point
multipl ...)
- {DLA-2388-1}
+ {DLA-3327-1 DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
NOTE:
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1527c76a814fcf05ac0fa82d95f3fe59cb21628
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1527c76a814fcf05ac0fa82d95f3fe59cb21628
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
