Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13fd774a by security tracker role at 2023-03-24T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2023-28857
+ RESERVED
+CVE-2023-28856
+ RESERVED
+CVE-2023-28855
+ RESERVED
+CVE-2023-28854
+ RESERVED
+CVE-2023-28853
+ RESERVED
+CVE-2023-28852
+ RESERVED
+CVE-2023-28851
+ RESERVED
+CVE-2023-28850
+ RESERVED
+CVE-2023-28849
+ RESERVED
+CVE-2023-28848
+ RESERVED
+CVE-2023-28847
+ RESERVED
+CVE-2023-28846
+ RESERVED
+CVE-2023-28845
+ RESERVED
+CVE-2023-28844
+ RESERVED
+CVE-2023-28843
+ RESERVED
+CVE-2023-28842
+ RESERVED
+CVE-2023-28841
+ RESERVED
+CVE-2023-28840
+ RESERVED
+CVE-2023-28839
+ RESERVED
+CVE-2023-28838
+ RESERVED
+CVE-2023-28837
+ RESERVED
+CVE-2023-28836
+ RESERVED
+CVE-2023-28835
+ RESERVED
+CVE-2023-28834
+ RESERVED
+CVE-2023-28833
+ RESERVED
+CVE-2023-28832
+ RESERVED
+CVE-2023-28831
+ RESERVED
+CVE-2023-28830
+ RESERVED
+CVE-2023-28829
+ RESERVED
+CVE-2023-28828
+ RESERVED
+CVE-2023-28827
+ RESERVED
+CVE-2023-28379
+ RESERVED
+CVE-2023-27395
+ RESERVED
+CVE-2023-22325
+ RESERVED
+CVE-2023-22308
+ RESERVED
+CVE-2023-1624
+ RESERVED
+CVE-2023-1623
+ RESERVED
+CVE-2023-1622
+ RESERVED
+CVE-2023-1621
+ RESERVED
+CVE-2023-1620
+ RESERVED
+CVE-2023-1619
+ RESERVED
+CVE-2023-1618
+ RESERVED
+CVE-2023-1617
+ RESERVED
+CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It
has bee ...)
+ TODO: check
+CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8.
lib/nlattr.c a ...)
+ TODO: check
+CVE-2016-15030
+ RESERVED
+CVE-2015-10097
+ RESERVED
CVE-2023-28821
RESERVED
CVE-2023-28820
@@ -2233,10 +2327,10 @@ CVE-2023-1357 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
CVE-2023-28153
RESERVED
-CVE-2023-28152
- RESERVED
-CVE-2023-28151
- RESERVED
+CVE-2023-28152 (An issue was discovered in Independentsoft JWord before
1.1.110. The A ...)
+ TODO: check
+CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before
1.1.110 ...)
+ TODO: check
CVE-2023-28150
RESERVED
CVE-2023-28149
@@ -3866,10 +3960,10 @@ CVE-2023-27603
RESERVED
CVE-2023-27602
RESERVED
-CVE-2023-1177
- RESERVED
-CVE-2023-1176
- RESERVED
+CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository
mlflow/mlflow prio ...)
+ TODO: check
+CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow
prior to 2. ...)
+ TODO: check
CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository
vim/vim prio ...)
- vim 2:9.0.1378-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -5028,8 +5122,8 @@ CVE-2023-27244
RESERVED
CVE-2023-27243
RESERVED
-CVE-2023-27242
- RESERVED
+CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to
contain a ...)
+ TODO: check
CVE-2023-27241
RESERVED
CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command
injection v ...)
@@ -12013,8 +12107,8 @@ CVE-2023-24627
RESERVED
CVE-2023-24626
RESERVED
-CVE-2023-24625
- RESERVED
+CVE-2023-24625 (Faveo 5.0.1 allows remote attackers to obtain sensitive
information vi ...)
+ TODO: check
CVE-2023-24624
RESERVED
CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is
equivalent to th ...)
@@ -22605,8 +22699,7 @@ CVE-2022-47504 (SolarWinds Platform was susceptible to
the Deserialization of Un
NOT-FOR-US: SolarWinds
CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of
Untruste ...)
NOT-FOR-US: SolarWinds
-CVE-2022-47502
- RESERVED
+CVE-2022-47502 (Apache OpenOffice documents can contain links that call
internal macro ...)
NOT-FOR-US: Apache OpenOffice
CVE-2022-47501
RESERVED
@@ -38611,8 +38704,8 @@ CVE-2022-42949 (Silverstripe silverstripe/subsites
through 2.6.0 has Insecure Pe
NOT-FOR-US: Silverstripe
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in
releases ...)
NOT-FOR-US: Mikrotik
-CVE-2022-42948
- RESERVED
+CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when
they are d ...)
+ TODO: check
CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk
Maya 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force
Autodesk Maya ...)
@@ -40301,21 +40394,25 @@ CVE-2022-42336
CVE-2022-42335
RESERVED
CVE-2022-42334 (x86/HVM pinned cache attributes mis-handling T[his CNA
information rec ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
NOTE: https://xenbits.xen.org/xsa/advisory-428.html
CVE-2022-42333 (x86/HVM pinned cache attributes mis-handling T[his CNA
information rec ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
NOTE: https://xenbits.xen.org/xsa/advisory-428.html
CVE-2022-42332 (x86 shadow plus log-dirty mode use-after-free In environments
where ho ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/1
NOTE: https://xenbits.xen.org/xsa/advisory-427.html
CVE-2022-42331 (x86: speculative vulnerability in 32bit SYSCALL path Due to an
oversig ...)
+ {DSA-5378-1}
- xen <unfixed> (bug #1033297)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/3
@@ -49725,8 +49822,7 @@ CVE-2022-38747
RESERVED
CVE-2022-38746
RESERVED
-CVE-2022-38745
- RESERVED
+CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to
add an e ...)
NOT-FOR-US: Apache OpenOffice
CVE-2022-2993 (There is an error in the condition of the last if-statement in
the fun ...)
NOT-FOR-US: zephyr-rtos
@@ -56662,7 +56758,7 @@ CVE-2022-36277
RESERVED
CVE-2022-36276
RESERVED
-CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly
escape u ...)
+CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly
escape us ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all
versions befor ...)
- gitlab <not-affected> (Specific to EE)
@@ -78709,8 +78805,8 @@ CVE-2022-28497 (TOTOLink outdoor CPE CP900
V6.3c.566_B20171026 is discovered to
NOT-FOR-US: TOTOLINK
CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to
contain a ...)
NOT-FOR-US: TOTOLINK
-CVE-2022-28495
- RESERVED
+CVE-2022-28495 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered
to contai ...)
+ TODO: check
CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered
to contai ...)
NOT-FOR-US: TOTOLINK
CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers
to start ...)
@@ -93431,6 +93527,7 @@ CVE-2022-23825 (Aliases in the branch predictor may
cause some AMD processors to
NOTE: https://xenbits.xen.org/xsa/advisory-422.html
NOTE:
https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf
CVE-2022-23824 (IBPB may not prevent return branch predictions from being
specified by ...)
+ {DSA-5378-1}
- xen 4.16.2+90-g0d39a6d1ae-1
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-422.html
@@ -94720,7 +94817,7 @@ CVE-2022-0275
RESERVED
CVE-2022-23398
RESERVED
-CVE-2022-23397 (The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a
call to ...)
+CVE-2022-23397 (** DISPUTED ** The Cedar Gate EZ-NET portal 6.5.5 6.8.0
Internet porta ...)
NOT-FOR-US: Cedar Gate EZ-NET portal
CVE-2022-23396
RESERVED
@@ -115597,8 +115694,8 @@ CVE-2021-41831 (It is possible for an attacker to
manipulate the timestamp of si
NOT-FOR-US: Apache OpenOffice
CVE-2021-41830 (It is possible for an attacker to manipulate signed documents
and macr ...)
NOT-FOR-US: Apache OpenOffice
-CVE-2021-3844
- RESERVED
+CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration
when an ...)
+ TODO: check
CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM
in some ...)
NOT-FOR-US: Lenovo
CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fd774a84b4f40660873b3fbf5dcf86dcd0c330
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fd774a84b4f40660873b3fbf5dcf86dcd0c330
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
