Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b0224a36 by security tracker role at 2023-03-01T20:10:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2023-27496
+ RESERVED
+CVE-2023-27495
+ RESERVED
+CVE-2023-27494
+ RESERVED
+CVE-2023-27493
+ RESERVED
+CVE-2023-27492
+ RESERVED
+CVE-2023-27491
+ RESERVED
+CVE-2023-27490
+ RESERVED
+CVE-2023-27489
+ RESERVED
+CVE-2023-27488
+ RESERVED
+CVE-2023-27487
+ RESERVED
+CVE-2023-27486
+ RESERVED
+CVE-2023-27485
+ RESERVED
+CVE-2023-27484
+ RESERVED
+CVE-2023-27483
+ RESERVED
+CVE-2023-27482
+ RESERVED
+CVE-2023-27481
+ RESERVED
+CVE-2023-27480
+ RESERVED
+CVE-2023-27479
+ RESERVED
+CVE-2023-27478
+ RESERVED
+CVE-2023-27477
+ RESERVED
+CVE-2023-27476
+ RESERVED
+CVE-2023-27475
+ RESERVED
+CVE-2023-27474
+ RESERVED
+CVE-2023-27473
+ RESERVED
+CVE-2023-27472
+ RESERVED
+CVE-2023-27471
+ RESERVED
+CVE-2023-27470
+ RESERVED
+CVE-2023-27469
+ RESERVED
+CVE-2023-27468
+ RESERVED
+CVE-2023-27467
+ RESERVED
+CVE-2023-27466
+ RESERVED
+CVE-2023-27465
+ RESERVED
+CVE-2023-27464
+ RESERVED
+CVE-2023-27463
+ RESERVED
+CVE-2023-27462
+ RESERVED
+CVE-2023-27461
+ RESERVED
+CVE-2023-27460
+ RESERVED
+CVE-2023-27459
+ RESERVED
+CVE-2023-27458
+ RESERVED
+CVE-2023-27457
+ RESERVED
+CVE-2023-27456
+ RESERVED
+CVE-2023-27455
+ RESERVED
+CVE-2023-27454
+ RESERVED
+CVE-2023-27453
+ RESERVED
+CVE-2023-27452
+ RESERVED
+CVE-2023-27451
+ RESERVED
+CVE-2023-27450
+ RESERVED
+CVE-2023-27449
+ RESERVED
+CVE-2023-27448
+ RESERVED
+CVE-2023-27447
+ RESERVED
+CVE-2023-27446
+ RESERVED
+CVE-2023-27445
+ RESERVED
+CVE-2023-27444
+ RESERVED
+CVE-2023-27443
+ RESERVED
+CVE-2023-27442
+ RESERVED
+CVE-2023-27441
+ RESERVED
+CVE-2023-27440
+ RESERVED
+CVE-2023-27439
+ RESERVED
+CVE-2023-27438
+ RESERVED
+CVE-2023-27437
+ RESERVED
+CVE-2023-27436
+ RESERVED
+CVE-2023-27435
+ RESERVED
+CVE-2023-27434
+ RESERVED
+CVE-2023-27433
+ RESERVED
+CVE-2023-27432
+ RESERVED
+CVE-2023-27431
+ RESERVED
+CVE-2023-27430
+ RESERVED
+CVE-2023-27429
+ RESERVED
+CVE-2023-27428
+ RESERVED
+CVE-2023-27427
+ RESERVED
+CVE-2023-27426
+ RESERVED
+CVE-2023-27425
+ RESERVED
+CVE-2023-27424
+ RESERVED
+CVE-2023-27423
+ RESERVED
+CVE-2023-27422
+ RESERVED
+CVE-2023-27421
+ RESERVED
+CVE-2023-27420
+ RESERVED
+CVE-2023-27419
+ RESERVED
+CVE-2023-27418
+ RESERVED
+CVE-2023-27417
+ RESERVED
+CVE-2023-27416
+ RESERVED
+CVE-2023-27415
+ RESERVED
+CVE-2023-27414
+ RESERVED
+CVE-2023-27413
+ RESERVED
+CVE-2023-27412
+ RESERVED
+CVE-2023-27411
+ RESERVED
+CVE-2023-27410
+ RESERVED
+CVE-2023-27409
+ RESERVED
+CVE-2023-27408
+ RESERVED
+CVE-2023-27407
+ RESERVED
+CVE-2023-27406
+ RESERVED
+CVE-2023-27405
+ RESERVED
+CVE-2023-27404
+ RESERVED
+CVE-2023-27403
+ RESERVED
+CVE-2023-27402
+ RESERVED
+CVE-2023-27401
+ RESERVED
+CVE-2023-27400
+ RESERVED
+CVE-2023-27399
+ RESERVED
+CVE-2023-27398
+ RESERVED
+CVE-2023-27383
+ RESERVED
+CVE-2023-27307
+ RESERVED
+CVE-2023-27303
+ RESERVED
+CVE-2023-26596
+ RESERVED
+CVE-2023-26592
+ RESERVED
+CVE-2023-26591
+ RESERVED
+CVE-2023-25080
+ RESERVED
+CVE-2023-24478
+ RESERVED
+CVE-2023-24463
+ RESERVED
+CVE-2023-22312
+ RESERVED
+CVE-2023-1129
+ RESERVED
+CVE-2023-1128
+ RESERVED
+CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
...)
+ TODO: check
+CVE-2023-1126
+ RESERVED
+CVE-2023-1125
+ RESERVED
+CVE-2023-1124
+ RESERVED
+CVE-2023-1123
+ RESERVED
+CVE-2023-1122
+ RESERVED
+CVE-2023-1121
+ RESERVED
+CVE-2023-1120
+ RESERVED
+CVE-2023-1119
+ RESERVED
+CVE-2023-1118
+ RESERVED
+CVE-2023-1117 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-1114 (Improper Input Validation vulnerability in Eskom Bilgisayar
e-Belediye ...)
+ TODO: check
+CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll
System 1.0. ...)
+ TODO: check
+CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload
Contac ...)
+ TODO: check
+CVE-2023-1111
+ RESERVED
+CVE-2023-1110
+ RESERVED
+CVE-2022-4926
+ RESERVED
+CVE-2021-4327 (A vulnerability was found in SerenityOS. It has been rated as
critical ...)
+ TODO: check
CVE-2023-27381
RESERVED
CVE-2023-27377
@@ -388,8 +650,8 @@ CVE-2023-1066
RESERVED
CVE-2023-1065 (This vulnerability in the Snyk Kubernetes Monitor can result in
irrele ...)
NOT-FOR-US: Snyk Kubernetes Monitor
-CVE-2023-1064
- RESERVED
+CVE-2023-1064 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors
Appointment S ...)
NOT-FOR-US: SourceCodester Doctors Appointment System
CVE-2023-1062 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -2681,8 +2943,8 @@ CVE-2023-26283
RESERVED
CVE-2023-26282
RESERVED
-CVE-2023-26281
- RESERVED
+CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server
could all ...)
+ TODO: check
CVE-2023-26280
RESERVED
CVE-2023-26279
@@ -3657,8 +3919,8 @@ CVE-2023-0873
RESERVED
CVE-2023-25932
RESERVED
-CVE-2023-25931
- RESERVED
+CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps,
which are ...)
+ TODO: check
CVE-2023-25930
RESERVED
CVE-2023-25929
@@ -4398,7 +4660,7 @@ CVE-2023-25696 (Improper Input Validation vulnerability
in the Apache Airflow Hi
CVE-2023-25695
RESERVED
CVE-2023-25694
- RESERVED
+ REJECTED
CVE-2023-25693 (Improper Input Validation vulnerability in the Apache Airflow
Sqoop Pr ...)
NOT-FOR-US: Apache Airflow Sqoop Provider
CVE-2023-25692 (Improper Input Validation vulnerability in the Apache Airflow
Google P ...)
@@ -5007,8 +5269,8 @@ CVE-2023-25548
RESERVED
CVE-2023-25547
RESERVED
-CVE-2023-25544
- RESERVED
+CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache
Tomcat' versi ...)
+ TODO: check
CVE-2023-25543
RESERVED
CVE-2023-25542
@@ -5770,10 +6032,10 @@ CVE-2023-25224
RESERVED
CVE-2023-25223
RESERVED
-CVE-2023-25222
- RESERVED
-CVE-2023-25221
- RESERVED
+CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU
LibreDWG v0.12 ...)
+ TODO: check
+CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a
heap-buffer-overflow vuln ...)
+ TODO: check
CVE-2023-25220
RESERVED
CVE-2023-25219
@@ -6047,12 +6309,12 @@ CVE-2023-0660
RESERVED
CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has
been clas ...)
NOT-FOR-US: BDCOM
-CVE-2022-4901
- RESERVED
-CVE-2022-48310
- RESERVED
-CVE-2022-48309
- RESERVED
+CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions
older t ...)
+ TODO: check
+CVE-2022-48310 (An information disclosure vulnerability allows sensitive key
material ...)
+ TODO: check
+CVE-2022-48309 (A CSRF vulnerability allows malicious websites to retrieve
logs and te ...)
+ TODO: check
CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer
overflow (out-o ...)
- glibc <not-affected> (Vulnerable code introduced in 2.37)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068
@@ -6837,8 +7099,8 @@ CVE-2023-0596
RESERVED
CVE-2023-0595 (A CWE-117: Improper Output Neutralization for Logs
vulnerability exist ...)
NOT-FOR-US: Schneider
-CVE-2023-0594
- RESERVED
+CVE-2023-0594 (Grafana is an open-source platform for monitoring and
observability. S ...)
+ TODO: check
CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS
filesystem extra ...)
NOT-FOR-US: ProjectSendyaffshiv
CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2
filesystem ex ...)
@@ -7049,22 +7311,22 @@ CVE-2023-24760
RESERVED
CVE-2023-24759
RESERVED
-CVE-2023-24758
- RESERVED
-CVE-2023-24757
- RESERVED
-CVE-2023-24756
- RESERVED
-CVE-2023-24755
- RESERVED
-CVE-2023-24754
- RESERVED
+CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
+CVE-2023-24757 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
+CVE-2023-24756 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
+CVE-2023-24755 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
+CVE-2023-24754 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
CVE-2023-24753
RESERVED
-CVE-2023-24752
- RESERVED
-CVE-2023-24751
- RESERVED
+CVE-2023-24752 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
+CVE-2023-24751 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
CVE-2023-24750
RESERVED
CVE-2023-24749
@@ -7637,8 +7899,8 @@ CVE-2023-24569 (Dell Alienware Command Center versions
5.5.37.0 and prior contai
NOT-FOR-US: Dell
CVE-2023-24568
RESERVED
-CVE-2023-24567
- RESERVED
+CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ'
version di ...)
+ TODO: check
CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2023-24565 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
@@ -7772,8 +8034,8 @@ CVE-2023-24514
RESERVED
CVE-2023-23546
RESERVED
-CVE-2023-0507
- RESERVED
+CVE-2023-0507 (Grafana is an open-source platform for monitoring and
observability. S ...)
+ TODO: check
CVE-2023-0506
RESERVED
CVE-2023-0505
@@ -7982,8 +8244,8 @@ CVE-2023-0462
CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel
which can ...)
- linux 6.1.7-1
NOTE:
https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
-CVE-2023-0460
- RESERVED
+CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the
YouTube Mai ...)
+ TODO: check
CVE-2023-0459
RESERVED
CVE-2023-0458
@@ -9098,8 +9360,8 @@ CVE-2023-23986
RESERVED
CVE-2023-23985
RESERVED
-CVE-2023-23984
- RESERVED
+CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company
Bubble ...)
+ TODO: check
CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart
Responsive ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23982
@@ -9118,10 +9380,10 @@ CVE-2023-23976
RESERVED
CVE-2023-23975
RESERVED
-CVE-2023-23974
- RESERVED
-CVE-2023-23973
- RESERVED
+CVE-2023-23974 (Cross-Site Request Forgery (CSRF) vulnerability in Fullworks
Quick Eve ...)
+ TODO: check
+CVE-2023-23973 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev
Software Cont ...)
+ TODO: check
CVE-2023-23972
RESERVED
CVE-2023-23971
@@ -11250,8 +11512,8 @@ CVE-2023-23317
RESERVED
CVE-2023-23316
RESERVED
-CVE-2023-23315
- RESERVED
+CVE-2023-23315 (The PrestaShop e-commerce platform module stripejs contains a
Blind SQ ...)
+ TODO: check
CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload
component of ...)
NOT-FOR-US: Zdir
CVE-2023-23313
@@ -11961,10 +12223,10 @@ CVE-2023-23003
RESERVED
CVE-2023-23002
RESERVED
-CVE-2023-23001
- RESERVED
-CVE-2023-23000
- RESERVED
+CVE-2023-23001 (In the Linux kernel before 5.16.3,
drivers/scsi/ufs/ufs-mediatek.c mis ...)
+ TODO: check
+CVE-2023-23000 (In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c
mishandles t ...)
+ TODO: check
CVE-2023-22999 (In the Linux kernel before 5.16.3,
drivers/usb/dwc3/dwc3-qcom.c misint ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -18957,8 +19219,8 @@ CVE-2022-47150
RESERVED
CVE-2022-47149
RESERVED
-CVE-2022-47148
- RESERVED
+CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Overnight PDF In ...)
+ TODO: check
CVE-2022-47147
RESERVED
CVE-2022-47146
@@ -19920,10 +20182,10 @@ CVE-2022-46808
RESERVED
CVE-2022-46807
RESERVED
-CVE-2022-46806
- RESERVED
-CVE-2022-46805
- RESERVED
+CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme
Cart All ...)
+ TODO: check
+CVE-2022-46805 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri
Karisola / WP ...)
+ TODO: check
CVE-2022-46804
RESERVED
CVE-2022-46803
@@ -19936,10 +20198,10 @@ CVE-2022-46800
RESERVED
CVE-2022-46799
RESERVED
-CVE-2022-46798
- RESERVED
-CVE-2022-46797
- RESERVED
+CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
ShopLento ...)
+ TODO: check
+CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios
All-in-o ...)
+ TODO: check
CVE-2022-46796
RESERVED
CVE-2022-46795
@@ -22963,8 +23225,8 @@ CVE-2022-45806
RESERVED
CVE-2022-45805
RESERVED
-CVE-2022-45804
- RESERVED
+CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft
Photo Gall ...)
+ TODO: check
CVE-2022-45803
RESERVED
CVE-2022-45802
@@ -23442,8 +23704,8 @@ CVE-2022-45610
RESERVED
CVE-2022-45609
RESERVED
-CVE-2022-45608
- RESERVED
+CVE-2022-45608 (An issue was discovered in ThingsBoard 3.4.1, allows low
privileged at ...)
+ TODO: check
CVE-2022-45607
RESERVED
CVE-2022-45606
@@ -25278,8 +25540,8 @@ CVE-2022-45070
RESERVED
CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in
Crowdsignal ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45068
- RESERVED
+CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado
Pago Mercad ...)
+ TODO: check
CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability in DevsCred
Exclusive ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in
WooSwipe Wo ...)
@@ -30743,8 +31005,8 @@ CVE-2023-20087
RESERVED
CVE-2023-20086
RESERVED
-CVE-2023-20085
- RESERVED
+CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
CVE-2023-20084
RESERVED
CVE-2023-20083
@@ -30763,8 +31025,8 @@ CVE-2023-20077
RESERVED
CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting
environment could ...)
NOT-FOR-US: Cisco
-CVE-2023-20075
- RESERVED
+CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could
allow an ...)
+ TODO: check
CVE-2023-20074
RESERVED
CVE-2023-20073
@@ -30807,10 +31069,9 @@ CVE-2023-20055
RESERVED
CVE-2023-20054
RESERVED
-CVE-2023-20053
- RESERVED
-CVE-2023-20052
- RESERVED
+CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco
Nexus D ...)
+ TODO: check
+CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV
scanning li ...)
{DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
@@ -30853,8 +31114,7 @@ CVE-2023-20034
RESERVED
CVE-2023-20033
RESERVED
-CVE-2023-20032
- RESERVED
+CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV
scanning li ...)
{DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
@@ -30894,8 +31154,8 @@ CVE-2023-20016 (A vulnerability in the backup
configuration feature of Cisco UCS
NOT-FOR-US: Cisco
CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series,
Cisco Firep ...)
NOT-FOR-US: Cisco
-CVE-2023-20014
- RESERVED
+CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus
Dashboard Soft ...)
+ TODO: check
CVE-2023-20013
RESERVED
CVE-2023-20012 (A vulnerability in the CLI console login authentication of
Cisco Nexus ...)
@@ -30904,8 +31164,8 @@ CVE-2023-20011 (A vulnerability in the web-based
management interface of Cisco A
NOT-FOR-US: Cisco
CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
-CVE-2023-20009
- RESERVED
+CVE-2023-20009 (A vulnerability in the Web UI and administrative CLI of the
Cisco Secu ...)
+ TODO: check
CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS
Softwar ...)
NOT-FOR-US: Cisco
CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco
Small B ...)
@@ -35622,17 +35882,17 @@ CVE-2022-42300 (An issue was discovered in Veritas
NetBackup through 10.0.0.1 an
CVE-2022-42299 (An issue was discovered in Veritas NetBackup through 10.0.0.1
and rela ...)
NOT-FOR-US: Veritas
CVE-2022-42298
- RESERVED
+ REJECTED
CVE-2022-42297
- RESERVED
+ REJECTED
CVE-2022-42296
- RESERVED
+ REJECTED
CVE-2022-42295
- RESERVED
+ REJECTED
CVE-2022-42294
- RESERVED
+ REJECTED
CVE-2022-42293
- RESERVED
+ REJECTED
CVE-2022-42292 (NVIDIA GeForce Experience contains a vulnerability in the
NVContainer ...)
NOT-FOR-US: NVIDIA
CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the
installer, w ...)
@@ -36474,7 +36734,7 @@ CVE-2022-41976
CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before
6.22.826 on Win ...)
NOT-FOR-US: RealVNC
CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local
users to ...)
- {DLA-3250-1}
+ {DSA-5366-1 DLA-3250-1}
- multipath-tools 0.9.4-1 (bug #1022742)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
NOTE:
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
@@ -36487,7 +36747,7 @@ CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x
before 0.9.2 allows local us
NOTE:
https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f
(0.9.2)
NOTE:
https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316
(0.9.2)
CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local
users to ...)
- {DLA-3250-1}
+ {DSA-5366-1 DLA-3250-1}
- multipath-tools 0.9.4-1 (bug #1022742)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
NOTE:
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
@@ -39888,8 +40148,8 @@ CVE-2022-40131 (Cross-Site Request Forgery (CSRF)
vulnerability in a3rev Softwar
NOT-FOR-US: WordPress plugin
CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS
premium p ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38468
- RESERVED
+CVE-2022-38468 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely
WordPress G ...)
+ TODO: check
CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS
premium p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io
Image Opt ...)
@@ -40975,7 +41235,7 @@ CVE-2022-3169 (A flaw was found in the Linux kernel. A
denial of service flaw ma
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=214771
CVE-2022-3168
- RESERVED
+ REJECTED
[experimental] - android-platform-tools 33.0.3-1~exp1
- android-platform-tools 29.0.6-23
- android-platform-system-core <removed>
@@ -41020,8 +41280,8 @@ CVE-2022-40225
REJECTED
CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in
wpForo Foru ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40198
- RESERVED
+CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in
StandaloneTech Tera ...)
+ TODO: check
CVE-2022-40197
RESERVED
CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
@@ -41217,7 +41477,7 @@ CVE-2022-40149 (Those using Jettison to parse untrusted
XML or JSON data may be
NOTE: https://github.com/jettison-json/jettison/issues/45
NOTE:
https://github.com/jettison-json/jettison/commit/395f8625bcf688743872c8e7f59360d372e77811
(jettison-1.5.1)
CVE-2022-40148
- RESERVED
+ REJECTED
CVE-2022-40147 (A vulnerability has been identified in Industrial Edge
Management (All ...)
NOT-FOR-US: Siemens
CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
@@ -43454,8 +43714,8 @@ CVE-2022-39230 (fhir-works-on-aws-authz-smart is an
implementation of the author
NOT-FOR-US: fhir-works-on-aws-authz-smart
CVE-2022-39229 (Grafana is an open source data visualization platform for
metrics, log ...)
- grafana <removed>
-CVE-2022-39228
- RESERVED
+CVE-2022-39228 (vantage6 is a privacy preserving federated learning
infrastructure for ...)
+ TODO: check
CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web
Tokens. V ...)
NOT-FOR-US: python-jwt (not the same as src:pyjwt)
CVE-2022-39226 (Discourse is an open source discussion platform. In versions
prior to ...)
@@ -44943,19 +45203,19 @@ CVE-2022-38743 (Rockwell Automation FactoryTalk
VantagePoint versions 8.0, 8.10,
CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 -
13.0.0 is ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-38741
- RESERVED
+ REJECTED
CVE-2022-38740
- RESERVED
+ REJECTED
CVE-2022-38739
- RESERVED
+ REJECTED
CVE-2022-38738
- RESERVED
+ REJECTED
CVE-2022-38737
- RESERVED
+ REJECTED
CVE-2022-38736
- RESERVED
+ REJECTED
CVE-2022-38735
- RESERVED
+ REJECTED
CVE-2022-38734
RESERVED
CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are
susceptible to an ...)
@@ -52486,8 +52746,8 @@ CVE-2022-36023 (Hyperledger Fabric is an
enterprise-grade permissioned distribut
NOT-FOR-US: Hyperledger Fabric
CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training
deep lea ...)
NOT-FOR-US: Deeplearning4J
-CVE-2022-36021
- RESERVED
+CVE-2022-36021 (Redis is an in-memory database that persists on disk.
Authenticated us ...)
+ TODO: check
CVE-2022-36020 (The typo3/html-sanitizer package is an HTML sanitizer, written
in PHP, ...)
NOT-FOR-US: typo3/html-sanitizer
CVE-2022-36019 (TensorFlow is an open source platform for machine learning. If
`FakeQu ...)
@@ -105128,8 +105388,8 @@ CVE-2022-20954 (Multiple vulnerabilities in Cisco
TelePresence Collaboration End
NOT-FOR-US: Cisco
CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
NOT-FOR-US: Cisco
-CVE-2022-20952
- RESERVED
+CVE-2022-20952 (A vulnerability in the scanning engines of Cisco AsyncOS
Software for ...)
+ TODO: check
CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for
Cisco Firepo ...)
@@ -168398,8 +168658,8 @@ CVE-2020-35139
RESERVED
CVE-2020-35138 (** DISPUTED ** The MobileIron agents through 2021-03-22 for
Android an ...)
NOT-FOR-US: MobileIron
-CVE-2020-35137
- REJECTED
+CVE-2020-35137 (** DISPUTED ** The MobileIron agents through 2021-03-22 for
Android an ...)
+ TODO: check
CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code
Execution. ...)
- dolibarr <removed>
CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress
allows ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0224a36b0bd85260ff24fb377562d3551307394
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0224a36b0bd85260ff24fb377562d3551307394
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
