[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c1696d45 by security tracker role at 2023-02-21T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,148 @@
-CVE-2022-48339 [Fix htmlfontify.el command injection vulnerability]
+CVE-2023-26267
+       RESERVED
+CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working 
director ...)
+       TODO: check
+CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not 
sufficiently sa ...)
+       TODO: check
+CVE-2023-26264
+       RESERVED
+CVE-2023-26263
+       RESERVED
+CVE-2023-26262
+       RESERVED
+CVE-2023-26261
+       RESERVED
+CVE-2023-26260
+       RESERVED
+CVE-2023-26259
+       RESERVED
+CVE-2023-26258
+       RESERVED
+CVE-2023-26257
+       RESERVED
+CVE-2023-26256
+       RESERVED
+CVE-2023-26255
+       RESERVED
+CVE-2023-26254
+       RESERVED
+CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an 
xlators/mount/fuse/src/fuse-bri ...)
+       TODO: check
+CVE-2023-26252
+       RESERVED
+CVE-2023-26251
+       RESERVED
+CVE-2023-26250
+       RESERVED
+CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its 
resources, ...)
+       TODO: check
+CVE-2023-26248
+       RESERVED
+CVE-2023-26247
+       RESERVED
+CVE-2023-26246
+       RESERVED
+CVE-2023-26245
+       RESERVED
+CVE-2023-26244
+       RESERVED
+CVE-2023-26243
+       RESERVED
+CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c 
in the  ...)
+       TODO: check
+CVE-2023-26241
+       RESERVED
+CVE-2023-26240
+       RESERVED
+CVE-2023-26239
+       RESERVED
+CVE-2023-26238
+       RESERVED
+CVE-2023-26237
+       RESERVED
+CVE-2023-26236
+       RESERVED
+CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via 
util/net/InterProcessCommunicationUtil.jav ...)
+       TODO: check
+CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via 
UIMainWindowPreferencesProvide ...)
+       TODO: check
+CVE-2023-26233
+       RESERVED
+CVE-2023-26232
+       RESERVED
+CVE-2023-26231
+       RESERVED
+CVE-2023-26230
+       RESERVED
+CVE-2023-26229
+       RESERVED
+CVE-2023-26228
+       RESERVED
+CVE-2023-26227
+       RESERVED
+CVE-2023-26226
+       RESERVED
+CVE-2023-26225
+       RESERVED
+CVE-2023-26224
+       RESERVED
+CVE-2023-26223
+       RESERVED
+CVE-2023-26222
+       RESERVED
+CVE-2023-26221
+       RESERVED
+CVE-2023-26220
+       RESERVED
+CVE-2023-26219
+       RESERVED
+CVE-2023-26218
+       RESERVED
+CVE-2023-26217
+       RESERVED
+CVE-2023-26216
+       RESERVED
+CVE-2023-26215
+       RESERVED
+CVE-2023-26214
+       RESERVED
+CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository 
answerdev/ans ...)
+       TODO: check
+CVE-2023-0933
+       RESERVED
+CVE-2023-0932
+       RESERVED
+CVE-2023-0931
+       RESERVED
+CVE-2023-0930
+       RESERVED
+CVE-2023-0929
+       RESERVED
+CVE-2023-0928
+       RESERVED
+CVE-2023-0927
+       RESERVED
+CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an 
xlators/cluster/dht/src/dht-com ...)
+       TODO: check
+CVE-2022-48336
+       RESERVED
+CVE-2022-48335
+       RESERVED
+CVE-2022-48334
+       RESERVED
+CVE-2022-48333
+       RESERVED
+CVE-2022-48332
+       RESERVED
+CVE-2022-48331
+       RESERVED
+CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. 
htmlfontify.el has  ...)
        - emacs <unfixed>
        NOTE: 
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
-CVE-2022-48338 [Fix ruby-mode.el local command injection vulnerability]
+CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In 
ruby-mode.el, th ...)
        - emacs <unfixed>
        NOTE: 
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
-CVE-2022-48337 [Fix etags local command injection vulnerability]
+CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands 
via shell  ...)
        - emacs <unfixed>
        NOTE: 
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
 CVE-2023-26213
@@ -367,12 +505,12 @@ CVE-2017-20178
        RESERVED
 CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator 
Plugin 2.1 ...)
        NOT-FOR-US: meta4creations Post Duplicator Plugin
-CVE-2015-10082
-       RESERVED
+CVE-2015-10082 (A vulnerability classified as problematic has been found in 
UIKit0 lib ...)
+       TODO: check
 CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 
1.0b2.9 and c ...)
        NOT-FOR-US: arnoldle submitByMailPlugin
-CVE-2014-125089
-       RESERVED
+CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It 
has been ...)
+       TODO: check
 CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed 
prior to ...)
        NOT-FOR-US: pixelfed
 CVE-2023-0913 (A vulnerability classified as critical was found in 
SourceCodester Aut ...)
@@ -4656,8 +4794,8 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5, 
validity of the X.509 certi
        NOTE: Fixed by: 
https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f
 (v0.5)
 CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an 
unauthenticated remo ...)
        NOT-FOR-US: EMC
-CVE-2023-24575
-       RESERVED
+CVE-2023-24575 (Dell Multifunction Printer E525w Driver and Software Suite, 
versions p ...)
+       TODO: check
 CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains 
an "Unc ...)
        NOT-FOR-US: Dell
 CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an 
arbitrary fol ...)
@@ -7966,10 +8104,10 @@ CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in 
the Linux kernel through
        {DSA-5324-1}
        - linux 6.1.7-1
        NOTE: 
https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
-CVE-2023-23453
-       RESERVED
-CVE-2023-23452
-       RESERVED
+CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT 
v3 Firmw ...)
+       TODO: check
+CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT 
v3 Firmw ...)
+       TODO: check
 CVE-2023-23451
        RESERVED
 CVE-2023-23450
@@ -25603,8 +25741,8 @@ CVE-2022-44218
        RESERVED
 CVE-2022-44217
        RESERVED
-CVE-2022-44216
-       RESERVED
+CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure 
Permissions. An att ...)
+       TODO: check
 CVE-2022-44215
        RESERVED
 CVE-2022-44214
@@ -130090,29 +130228,29 @@ CVE-2021-32862 (The GitHub Security Lab discovered 
sixteen ways to exploit a cro
        NOTE: 
https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
        TODO: check details, schould affect src:nbconvert
 CVE-2021-32861
-       RESERVED
-CVE-2021-32860
-       RESERVED
-CVE-2021-32859
-       RESERVED
-CVE-2021-32858
-       RESERVED
-CVE-2021-32857
-       RESERVED
-CVE-2021-32856
-       RESERVED
-CVE-2021-32855
-       RESERVED
-CVE-2021-32854
-       RESERVED
-CVE-2021-32853
-       RESERVED
-CVE-2021-32852
-       RESERVED
-CVE-2021-32851
-       RESERVED
-CVE-2021-32850
-       RESERVED
+       REJECTED
+CVE-2021-32860 (iziModal is a modal plugin with jQuery. Versions prior to 
1.6.1 are vu ...)
+       TODO: check
+CVE-2021-32859 (The Baremetrics date range picker is a solution for selecting 
both dat ...)
+       TODO: check
+CVE-2021-32858 (esdoc-publish-html-plugin is a plugin for the document 
maintenance sof ...)
+       TODO: check
+CVE-2021-32857 (Cockpit is a content management system that allows addition of 
content ...)
+       TODO: check
+CVE-2021-32856 (Microweber is a drag and drop website builder and content 
management s ...)
+       TODO: check
+CVE-2021-32855 (Vditor is a browser-side Markdown editor. Versions prior to 
3.8.7 are  ...)
+       TODO: check
+CVE-2021-32854 (textAngular is a text editor for Angular.js. Version 1.5.16 
and prior  ...)
+       TODO: check
+CVE-2021-32853 (Erxes, an experience operating system (XOS) with a set of 
plugins, is  ...)
+       TODO: check
+CVE-2021-32852 (Countly, a product analytics solution, is vulnerable to 
cross-site scr ...)
+       TODO: check
+CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to 
version 0.1 ...)
+       TODO: check
+CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to 
version  ...)
+       TODO: check
 CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to 
version ...)
        NOT-FOR-US: Gerapy
 CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior 
to pull r ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1696d45a582683bc057f481b5ffe61c29b80cef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1696d45a582683bc057f481b5ffe61c29b80cef
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits