[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 21 09:10:22 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
00693533 by security tracker role at 2023-04-21T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-2220
+	RESERVED
+CVE-2023-2219
+	RESERVED
+CVE-2023-2218
+	RESERVED
+CVE-2023-2217
+	RESERVED
+CVE-2023-2216
+	RESERVED
+CVE-2023-2215
+	RESERVED
+CVE-2023-2214
+	RESERVED
+CVE-2023-2213
+	RESERVED
+CVE-2023-2212
+	RESERVED
+CVE-2023-2211
+	RESERVED
+CVE-2023-2210
+	RESERVED
+CVE-2023-2209
+	RESERVED
+CVE-2023-2208
+	RESERVED
+CVE-2023-2207
+	RESERVED
+CVE-2023-2206
+	RESERVED
+CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
+	TODO: check
+CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
+	TODO: check
+CVE-2023-2203
+	RESERVED
+CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...)
+	TODO: check
+CVE-2023-2201
+	RESERVED
+CVE-2023-2200
+	RESERVED
+CVE-2023-2199
+	RESERVED
+CVE-2023-2198
+	RESERVED
 CVE-2023-30912
 	RESERVED
 CVE-2023-30911
@@ -34,8 +80,7 @@ CVE-2023-2196
 	RESERVED
 CVE-2023-2195
 	RESERVED
-CVE-2023-2194 [i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()]
-	RESERVED
+CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4)
 CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...)
@@ -142,14 +187,12 @@ CVE-2023-2179
 	RESERVED
 CVE-2023-2178
 	RESERVED
-CVE-2023-2177
-	RESERVED
+CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...)
 	- linux 5.18.16-1
 	[bullseye] - linux 5.10.136-1
 	NOTE: https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=kw@mail.gmail.com/T/
 	NOTE: https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19)
-CVE-2023-2176
-	RESERVED
+CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/infiniba ...)
 	- linux <unfixed>
 	NOTE: https://lkml.org/lkml/2022/12/9/178
 	NOTE: https://www.spinics.net/lists/linux-rdma/msg114749.html
@@ -410,8 +453,8 @@ CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrom
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2132
 	RESERVED
-CVE-2023-2131
-	RESERVED
+CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...)
+	TODO: check
 CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Purchase Order Management System
 CVE-2023-30792
@@ -3726,6 +3769,7 @@ CVE-2023-29470
 	RESERVED
 CVE-2023-29469 [Hashing of empty dict strings isn't deterministic]
 	RESERVED
+	{DSA-5391-1}
 	- libxml2 2.9.14+dfsg-1.2 (bug #1034437)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
@@ -7104,6 +7148,7 @@ CVE-2023-28485
 	RESERVED
 CVE-2023-28484 [NULL dereference in xmlSchemaFixupComplexType]
 	RESERVED
+	{DSA-5391-1}
 	- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
 	NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
@@ -7156,10 +7201,10 @@ CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier)
 	NOT-FOR-US: Array Networks
 CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...)
 	NOT-FOR-US: Array Networks
-CVE-2023-28459
-	RESERVED
-CVE-2023-28458
-	RESERVED
+CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...)
+	TODO: check
+CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...)
+	TODO: check
 CVE-2023-28457
 	RESERVED
 CVE-2023-28456
@@ -9588,9 +9633,9 @@ CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overf
 CVE-2023-27753
 	RESERVED
 CVE-2023-27752
-	RESERVED
+	REJECTED
 CVE-2023-27751
-	RESERVED
+	REJECTED
 CVE-2023-27750
 	RESERVED
 CVE-2023-27749
@@ -10717,14 +10762,14 @@ CVE-2023-27357
 	RESERVED
 CVE-2023-27356
 	RESERVED
-CVE-2023-27355
-	RESERVED
-CVE-2023-27354
-	RESERVED
-CVE-2023-27353
-	RESERVED
-CVE-2023-27352
-	RESERVED
+CVE-2023-27355 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2023-27354 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+	TODO: check
+CVE-2023-27353 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+	TODO: check
+CVE-2023-27352 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2023-27351 (This vulnerability allows remote attackers to bypass authentication on ...)
 	NOT-FOR-US: PaperCut
 CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...)
@@ -11400,8 +11445,8 @@ CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows atta
 	NOT-FOR-US: Jbootfly
 CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...)
 	NOT-FOR-US: XiaoBingby TeaCMS
-CVE-2023-27090
-	RESERVED
+CVE-2023-27090 (Cross Site Scripting vulnerability found in TeaCMS storage allows atta ...)
+	TODO: check
 CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows attacke ...)
 	NOT-FOR-US: Ehuacui
 CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
@@ -38953,8 +38998,8 @@ CVE-2023-20875
 	RESERVED
 CVE-2023-20874
 	RESERVED
-CVE-2023-20873
-	RESERVED
+CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsup ...)
+	TODO: check
 CVE-2023-20872
 	RESERVED
 CVE-2023-20871
@@ -38969,10 +39014,10 @@ CVE-2023-20867
 	RESERVED
 CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
 	NOT-FOR-US: Spring Session
-CVE-2023-20865
-	RESERVED
-CVE-2023-20864
-	RESERVED
+CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...)
+	TODO: check
+CVE-2023-20864 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...)
+	TODO: check
 CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...)
 	- libspring-java <unfixed> (unimportant)
 	NOTE: https://spring.io/security/cve-2023-20863
@@ -135935,8 +135980,8 @@ CVE-2021-36438
 	RESERVED
 CVE-2021-36437
 	RESERVED
-CVE-2021-36436
-	RESERVED
+CVE-2021-36436 (An issue in Mobicint Backend for Credit Unions v3 allows attackers to  ...)
+	TODO: check
 CVE-2021-36435
 	RESERVED
 CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/006935337ba0cd7d4404d0f58136b52a9f88bb81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/006935337ba0cd7d4404d0f58136b52a9f88bb81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230421/2cbb78c5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list