[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 1 09:10:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62e27d90 by security tracker role at 2023-04-01T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-28938
+ RESERVED
+CVE-2023-28736
+ RESERVED
+CVE-2023-28717
+ RESERVED
+CVE-2023-28711
+ RESERVED
+CVE-2023-28405
+ RESERVED
+CVE-2023-28380
+ RESERVED
+CVE-2023-27883
+ RESERVED
+CVE-2023-27515
+ RESERVED
+CVE-2023-24592
+ RESERVED
+CVE-2023-24591
+ RESERVED
+CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...)
+ TODO: check
+CVE-2023-1788
+ RESERVED
+CVE-2023-1787
+ RESERVED
+CVE-2023-1786
+ RESERVED
+CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...)
+ TODO: check
+CVE-2023-1784 (A vulnerability was found in jeecg-boot 3.5.0 and classified as critic ...)
+ TODO: check
CVE-2023-29149
RESERVED
CVE-2023-29148
@@ -1003,10 +1035,10 @@ CVE-2023-28847
RESERVED
CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
TODO: check
-CVE-2023-28845
- RESERVED
-CVE-2023-28844
- RESERVED
+CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud. ...)
+ TODO: check
+CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...)
+ TODO: check
CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...)
TODO: check
CVE-2023-28842
@@ -1644,8 +1676,8 @@ CVE-2023-28647 (Nextcloud iOS is an ios application used to interface with the n
NOT-FOR-US: Nextcloud iOS application
CVE-2023-28646 (Nextcloud android is an android app for interfacing with the nextcloud ...)
NOT-FOR-US: Nextcloud android application
-CVE-2023-28645
- RESERVED
+CVE-2023-28645 (Nextcloud richdocuments is a Nextcloud app integrating the office suit ...)
+ TODO: check
CVE-2023-28644 (Nextcloud server is an open source home cloud implementation. In relea ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-28643 (Nextcloud server is an open source home cloud implementation. In affec ...)
@@ -6951,8 +6983,8 @@ CVE-2023-26860
RESERVED
CVE-2023-26859
RESERVED
-CVE-2023-26858
- RESERVED
+CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
+ TODO: check
CVE-2023-26857
RESERVED
CVE-2023-26856
@@ -7483,6 +7515,7 @@ CVE-2023-26605 (In the Linux kernel 6.0.8, there is a use-after-free in inode_cg
NOTE: https://lkml.org/lkml/2023/2/22/3
NOTE: https://git.kernel.org/linus/4e3c51f4e805291b057d12f5dda5aeb50a538dc4
CVE-2023-26604 (systemd before 247 does not adequately block local privilege escalatio ...)
+ {DLA-3377-1}
- systemd 247.1-2
NOTE: https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
NOTE: https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
@@ -7867,8 +7900,8 @@ CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creati
NOT-FOR-US: Vega
CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...)
NOT-FOR-US: Vega
-CVE-2023-26485
- RESERVED
+CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
CVE-2023-26484 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...)
NOT-FOR-US: KubeVirt
CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...)
@@ -12683,8 +12716,8 @@ CVE-2023-0588
RESERVED
CVE-2022-4900
RESERVED
-CVE-2022-4899
- RESERVED
+CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...)
+ TODO: check
CVE-2023-24833
RESERVED
CVE-2023-24832
@@ -12707,8 +12740,8 @@ CVE-2023-24826
RESERVED
CVE-2023-24825
RESERVED
-CVE-2023-24824
- RESERVED
+CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
CVE-2023-24823
RESERVED
CVE-2023-24822
@@ -18054,8 +18087,8 @@ CVE-2023-22289
RESERVED
CVE-2023-0209
RESERVED
-CVE-2023-0208
- RESERVED
+CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server c ...)
+ TODO: check
CVE-2023-0207
RESERVED
CVE-2023-0206
@@ -18074,50 +18107,50 @@ CVE-2023-0200
RESERVED
CVE-2023-0199
RESERVED
-CVE-2023-0198
- RESERVED
-CVE-2023-0197
- RESERVED
+CVE-2023-0198 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ TODO: check
+CVE-2023-0197 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...)
- nvidia-cuda-toolkit <unfixed> (bug #1032668)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[buster] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
-CVE-2023-0195
- RESERVED
-CVE-2023-0194
- RESERVED
+CVE-2023-0195 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ TODO: check
+CVE-2023-0194 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ TODO: check
CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a ...)
- nvidia-cuda-toolkit <unfixed> (bug #1032668)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[buster] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
-CVE-2023-0192
- RESERVED
-CVE-2023-0191
- RESERVED
+CVE-2023-0192 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ TODO: check
+CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ TODO: check
CVE-2023-0190
RESERVED
-CVE-2023-0189
- RESERVED
-CVE-2023-0188
- RESERVED
-CVE-2023-0187
- RESERVED
-CVE-2023-0186
- RESERVED
-CVE-2023-0185
- RESERVED
+CVE-2023-0189 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ TODO: check
+CVE-2023-0188 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ TODO: check
+CVE-2023-0187 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ TODO: check
+CVE-2023-0186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ TODO: check
+CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ TODO: check
CVE-2023-0184
RESERVED
-CVE-2023-0183
- RESERVED
-CVE-2023-0182
- RESERVED
-CVE-2023-0181
- RESERVED
-CVE-2023-0180
- RESERVED
+CVE-2023-0183 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ TODO: check
+CVE-2023-0182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ TODO: check
+CVE-2023-0181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ TODO: check
+CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a kern ...)
+ TODO: check
CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter subsystem i ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
@@ -24809,16 +24842,16 @@ CVE-2023-0011
RESERVED
CVE-2022-47193
RESERVED
-CVE-2022-47192
- RESERVED
-CVE-2022-47191
- RESERVED
-CVE-2022-47190
- RESERVED
-CVE-2022-47189
- RESERVED
-CVE-2022-47188
- RESERVED
+CVE-2022-47192 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
+ TODO: check
+CVE-2022-47191 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
+ TODO: check
+CVE-2022-47190 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
+ TODO: check
+CVE-2022-47189 (Generex UPS CS141 below 2.06 version, allows an attacker toupload a fi ...)
+ TODO: check
+CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex UPS CS141 ...)
+ TODO: check
CVE-2022-47187
RESERVED
CVE-2022-47186
@@ -28387,8 +28420,8 @@ CVE-2022-46023
RESERVED
CVE-2022-46022
RESERVED
-CVE-2022-46021
- RESERVED
+CVE-2022-46021 (X-Man 1.0 has a SQL injection vulnerability, which can cause data leak ...)
+ TODO: check
CVE-2022-46020 (WBCE CMS v1.5.4 can implement getshell by modifying the upload file ty ...)
NOT-FOR-US: WBCE CMS
CVE-2022-46019
@@ -96291,6 +96324,7 @@ CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overf
CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...)
NOT-FOR-US: Espruino
CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
+ {DLA-3378-1}
- duktape 2.7.0-1
[bullseye] - duktape <no-dsa> (Minor issue)
NOTE: https://github.com/svaarala/duktape/issues/2448
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e27d90e8353369fa145fb5c17f9f72b156f683
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e27d90e8353369fa145fb5c17f9f72b156f683
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230401/e60eae98/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list