[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 22 09:10:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58d922e9 by security tracker role at 2023-04-22T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,325 @@
-CVE-2023-2220
+CVE-2023-31037
RESERVED
-CVE-2023-2219
+CVE-2023-31036
RESERVED
-CVE-2023-2218
+CVE-2023-31035
RESERVED
-CVE-2023-2217
+CVE-2023-31034
RESERVED
-CVE-2023-2216
+CVE-2023-31033
RESERVED
-CVE-2023-2215
+CVE-2023-31032
RESERVED
-CVE-2023-2214
+CVE-2023-31031
RESERVED
-CVE-2023-2213
+CVE-2023-31030
RESERVED
-CVE-2023-2212
+CVE-2023-31029
RESERVED
-CVE-2023-2211
+CVE-2023-31028
RESERVED
-CVE-2023-2210
+CVE-2023-31027
RESERVED
-CVE-2023-2209
+CVE-2023-31026
RESERVED
-CVE-2023-2208
+CVE-2023-31025
RESERVED
-CVE-2023-2207
+CVE-2023-31024
RESERVED
-CVE-2023-2206
+CVE-2023-31023
RESERVED
+CVE-2023-31022
+ RESERVED
+CVE-2023-31021
+ RESERVED
+CVE-2023-31020
+ RESERVED
+CVE-2023-31019
+ RESERVED
+CVE-2023-31018
+ RESERVED
+CVE-2023-31017
+ RESERVED
+CVE-2023-31016
+ RESERVED
+CVE-2023-31015
+ RESERVED
+CVE-2023-31014
+ RESERVED
+CVE-2023-31013
+ RESERVED
+CVE-2023-31012
+ RESERVED
+CVE-2023-31011
+ RESERVED
+CVE-2023-31010
+ RESERVED
+CVE-2023-31009
+ RESERVED
+CVE-2023-31008
+ RESERVED
+CVE-2023-31007
+ RESERVED
+CVE-2023-31006
+ RESERVED
+CVE-2023-31005
+ RESERVED
+CVE-2023-31004
+ RESERVED
+CVE-2023-31003
+ RESERVED
+CVE-2023-31002
+ RESERVED
+CVE-2023-31001
+ RESERVED
+CVE-2023-31000
+ RESERVED
+CVE-2023-30999
+ RESERVED
+CVE-2023-30998
+ RESERVED
+CVE-2023-30997
+ RESERVED
+CVE-2023-30996
+ RESERVED
+CVE-2023-30995
+ RESERVED
+CVE-2023-30994
+ RESERVED
+CVE-2023-30993
+ RESERVED
+CVE-2023-30992
+ RESERVED
+CVE-2023-30991
+ RESERVED
+CVE-2023-30990
+ RESERVED
+CVE-2023-30989
+ RESERVED
+CVE-2023-30988
+ RESERVED
+CVE-2023-30987
+ RESERVED
+CVE-2023-30986
+ RESERVED
+CVE-2023-30985
+ RESERVED
+CVE-2023-30984
+ RESERVED
+CVE-2023-30983
+ RESERVED
+CVE-2023-30982
+ RESERVED
+CVE-2023-30981
+ RESERVED
+CVE-2023-30980
+ RESERVED
+CVE-2023-30979
+ RESERVED
+CVE-2023-30978
+ RESERVED
+CVE-2023-30977
+ RESERVED
+CVE-2023-30976
+ RESERVED
+CVE-2023-30975
+ RESERVED
+CVE-2023-30974
+ RESERVED
+CVE-2023-30973
+ RESERVED
+CVE-2023-30972
+ RESERVED
+CVE-2023-30971
+ RESERVED
+CVE-2023-30970
+ RESERVED
+CVE-2023-30969
+ RESERVED
+CVE-2023-30968
+ RESERVED
+CVE-2023-30967
+ RESERVED
+CVE-2023-30966
+ RESERVED
+CVE-2023-30965
+ RESERVED
+CVE-2023-30964
+ RESERVED
+CVE-2023-30963
+ RESERVED
+CVE-2023-30962
+ RESERVED
+CVE-2023-30961
+ RESERVED
+CVE-2023-30960
+ RESERVED
+CVE-2023-30959
+ RESERVED
+CVE-2023-30958
+ RESERVED
+CVE-2023-30957
+ RESERVED
+CVE-2023-30956
+ RESERVED
+CVE-2023-30955
+ RESERVED
+CVE-2023-30954
+ RESERVED
+CVE-2023-30953
+ RESERVED
+CVE-2023-30952
+ RESERVED
+CVE-2023-30951
+ RESERVED
+CVE-2023-30950
+ RESERVED
+CVE-2023-30949
+ RESERVED
+CVE-2023-30948
+ RESERVED
+CVE-2023-30947
+ RESERVED
+CVE-2023-30946
+ RESERVED
+CVE-2023-30945
+ RESERVED
+CVE-2023-30944
+ RESERVED
+CVE-2023-30943
+ RESERVED
+CVE-2023-30942
+ RESERVED
+CVE-2023-30941
+ RESERVED
+CVE-2023-30940
+ RESERVED
+CVE-2023-30939
+ RESERVED
+CVE-2023-30938
+ RESERVED
+CVE-2023-30937
+ RESERVED
+CVE-2023-30936
+ RESERVED
+CVE-2023-30935
+ RESERVED
+CVE-2023-30934
+ RESERVED
+CVE-2023-30933
+ RESERVED
+CVE-2023-30932
+ RESERVED
+CVE-2023-30931
+ RESERVED
+CVE-2023-30930
+ RESERVED
+CVE-2023-30929
+ RESERVED
+CVE-2023-30928
+ RESERVED
+CVE-2023-30927
+ RESERVED
+CVE-2023-30926
+ RESERVED
+CVE-2023-30925
+ RESERVED
+CVE-2023-30924
+ RESERVED
+CVE-2023-30923
+ RESERVED
+CVE-2023-30922
+ RESERVED
+CVE-2023-30921
+ RESERVED
+CVE-2023-30920
+ RESERVED
+CVE-2023-30919
+ RESERVED
+CVE-2023-30918
+ RESERVED
+CVE-2023-30917
+ RESERVED
+CVE-2023-30916
+ RESERVED
+CVE-2023-30915
+ RESERVED
+CVE-2023-30914
+ RESERVED
+CVE-2023-30913
+ RESERVED
+CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...)
+ TODO: check
+CVE-2023-2239
+ RESERVED
+CVE-2023-2238
+ RESERVED
+CVE-2023-2237
+ RESERVED
+CVE-2023-2236
+ RESERVED
+CVE-2023-2235
+ RESERVED
+CVE-2023-2234
+ RESERVED
+CVE-2023-2233
+ RESERVED
+CVE-2023-2232
+ RESERVED
+CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...)
+ TODO: check
+CVE-2023-2230
+ RESERVED
+CVE-2023-2229
+ RESERVED
+CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
+ TODO: check
+CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior to 2 ...)
+ TODO: check
+CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...)
+ TODO: check
+CVE-2023-2225
+ RESERVED
+CVE-2023-2224
+ RESERVED
+CVE-2023-2223
+ RESERVED
+CVE-2023-2222
+ RESERVED
+CVE-2023-2221
+ RESERVED
+CVE-2022-4944
+ RESERVED
+CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...)
+ TODO: check
+CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...)
+ TODO: check
+CVE-2023-2218 (A vulnerability has been found in SourceCodester Task Reminder System ...)
+ TODO: check
+CVE-2023-2217 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-2216 (A vulnerability classified as problematic was found in Campcodes Coffe ...)
+ TODO: check
+CVE-2023-2215 (A vulnerability classified as critical has been found in Campcodes Cof ...)
+ TODO: check
+CVE-2023-2214 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...)
+ TODO: check
+CVE-2023-2213 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...)
+ TODO: check
+CVE-2023-2212 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...)
+ TODO: check
+CVE-2023-2211 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and ...)
+ TODO: check
+CVE-2023-2210 (A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 ...)
+ TODO: check
+CVE-2023-2209 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2023-2208 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2023-2207 (A vulnerability classified as critical was found in Campcodes Retro Ba ...)
+ TODO: check
+CVE-2023-2206 (A vulnerability classified as critical has been found in Campcodes Ret ...)
+ TODO: check
CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
@@ -344,8 +636,8 @@ CVE-2023-30800
RESERVED
CVE-2023-30799
RESERVED
-CVE-2023-30798
- RESERVED
+CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framework bef ...)
+ TODO: check
CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...)
NOT-FOR-US: Netflix Lemur
CVE-2023-30796
@@ -406,12 +698,12 @@ CVE-2023-2143
RESERVED
CVE-2023-2142
RESERVED
-CVE-2023-2141
- RESERVED
-CVE-2023-2140
- RESERVED
-CVE-2023-2139
- RESERVED
+CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release 2017 th ...)
+ TODO: check
+CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2 ...)
+ TODO: check
+CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso ...)
+ TODO: check
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...)
NOT-FOR-US: eslint-detailed-reporter
CVE-2022-48475
@@ -516,8 +808,8 @@ CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable
NOT-FOR-US: Thumbnail carousel slider plugin for WordPress
CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress
-CVE-2023-2118
- RESERVED
+CVE-2023-2118 (Insufficient access control in support ticket feature in Devolutions S ...)
+ TODO: check
CVE-2023-2117
RESERVED
CVE-2023-2116
@@ -930,14 +1222,14 @@ CVE-2023-30623
RESERVED
CVE-2023-30622
RESERVED
-CVE-2023-30621
- RESERVED
-CVE-2023-30620
- RESERVED
+CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...)
+ TODO: check
+CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...)
+ TODO: check
CVE-2023-30619
RESERVED
-CVE-2023-30618
- RESERVED
+CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...)
+ TODO: check
CVE-2023-30617
RESERVED
CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
@@ -1443,8 +1735,7 @@ CVE-2023-30502
RESERVED
CVE-2023-30501
RESERVED
-CVE-2023-1998
- RESERVED
+CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...)
- linux 6.1.20-1
NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1)
NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
@@ -2699,8 +2990,8 @@ CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote co
NOT-FOR-US: PowerJob
CVE-2023-29925
RESERVED
-CVE-2023-29924
- RESERVED
+CVE-2023-29924 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows ...)
+ TODO: check
CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list jo ...)
NOT-FOR-US: PowerJob
CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...)
@@ -2713,32 +3004,32 @@ CVE-2023-29919
RESERVED
CVE-2023-29918
RESERVED
-CVE-2023-29917
- RESERVED
-CVE-2023-29916
- RESERVED
-CVE-2023-29915
- RESERVED
-CVE-2023-29914
- RESERVED
-CVE-2023-29913
- RESERVED
-CVE-2023-29912
- RESERVED
-CVE-2023-29911
- RESERVED
-CVE-2023-29910
- RESERVED
-CVE-2023-29909
- RESERVED
-CVE-2023-29908
- RESERVED
-CVE-2023-29907
- RESERVED
-CVE-2023-29906
- RESERVED
-CVE-2023-29905
- RESERVED
+CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29915 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29914 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29913 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29912 (H3C Magic R200 R200V100R004 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2023-29911 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29910 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29909 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29908 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29907 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29906 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
+CVE-2023-29905 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
+ TODO: check
CVE-2023-29904
RESERVED
CVE-2023-29903
@@ -3401,8 +3692,8 @@ CVE-2023-29577
RESERVED
CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...)
NOT-FOR-US: Bento4
-CVE-2023-29575
- RESERVED
+CVE-2023-29575 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
+ TODO: check
CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
NOT-FOR-US: Bento4
CVE-2023-29573 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
@@ -5262,10 +5553,10 @@ CVE-2023-1709
RESERVED
CVE-2023-29021
RESERVED
-CVE-2023-29020
- RESERVED
-CVE-2023-29019
- RESERVED
+CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...)
+ TODO: check
+CVE-2023-29019 (@fastify/passport is a port of passport authentication library for the ...)
+ TODO: check
CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...)
NOT-FOR-US: open-feature-operator
CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
@@ -5862,6 +6153,7 @@ CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It
CVE-2023-28857
RESERVED
CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...)
+ {DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
[bullseye] - redis <no-dsa> (Minor issue)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
@@ -7141,6 +7433,7 @@ CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that
CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Aw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by network-adj ...)
+ {DLA-3397-1}
- connman 1.41-3 (bug #1034393)
NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
@@ -10235,6 +10528,7 @@ CVE-2023-27539
NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl prior to v8.0 ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27538.html
@@ -10247,12 +10541,14 @@ CVE-2023-27537 (A double free vulnerability exists in libcurl <8.0.0 when sha
NOTE: Introduced by: https://github.com/curl/curl/commit/076a2f629119222aeeb50f5a03bf9f9052fabb9a (curl-7_88_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/dca4cdf071be095bcdc7126eaa77a8946ea4790b (curl-8_0_0)
CVE-2023-27536 (An authentication bypass vulnerability exists libcurl <8.0.0 in the ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27536.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f (curl-7_22_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 (curl-8_0_0)
CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 in ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27535.html
@@ -10266,6 +10562,7 @@ CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP imp
NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0)
CVE-2023-27533 (A vulnerability in input validation exists in curl <8.0 during comm ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27533.html
@@ -11907,8 +12204,8 @@ CVE-2023-26878
RESERVED
CVE-2023-26877
RESERVED
-CVE-2023-26876
- RESERVED
+CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and before allows ...)
+ TODO: check
CVE-2023-26875
RESERVED
CVE-2023-26874
@@ -12550,10 +12847,10 @@ CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author bef
NOT-FOR-US: Oxygen XML Web Author
CVE-2023-26558
RESERVED
-CVE-2023-26557
- RESERVED
-CVE-2023-26556
- RESERVED
+CVE-2023-26557 (io.finnet tss-lib before 2.0.0 can leak the lambda value of a private ...)
+ TODO: check
+CVE-2023-26556 (io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side ...)
+ TODO: check
CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...)
- ntp <removed>
[bullseye] - ntp <no-dsa> (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver)
@@ -13940,10 +14237,10 @@ CVE-2023-0921
RESERVED
CVE-2022-48330
RESERVED
-CVE-2023-26101
- RESERVED
-CVE-2023-26100
- RESERVED
+CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...)
+ TODO: check
+CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
+ TODO: check
CVE-2023-26099
RESERVED
CVE-2023-26098
@@ -15969,26 +16266,26 @@ CVE-2023-25516
RESERVED
CVE-2023-25515
RESERVED
-CVE-2023-25514
- RESERVED
-CVE-2023-25513
- RESERVED
-CVE-2023-25512
- RESERVED
-CVE-2023-25511
- RESERVED
-CVE-2023-25510
- RESERVED
-CVE-2023-25509
- RESERVED
-CVE-2023-25508
- RESERVED
-CVE-2023-25507
- RESERVED
-CVE-2023-25506
- RESERVED
-CVE-2023-25505
- RESERVED
+CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
+ TODO: check
+CVE-2023-25513 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
+ TODO: check
+CVE-2023-25512 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
+ TODO: check
+CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in ...)
+ TODO: check
+CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer ...)
+ TODO: check
+CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to ...)
+ TODO: check
+CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where a ...)
+ TODO: check
+CVE-2023-25507 (NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where a ...)
+ TODO: check
+CVE-2023-25506 (NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a pr ...)
+ TODO: check
+CVE-2023-25505 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the A ...)
+ TODO: check
CVE-2023-25504 (A malicious actor who has been authenticated and granted specific perm ...)
NOT-FOR-US: Apache Superset
CVE-2023-25503
@@ -23194,28 +23491,27 @@ CVE-2023-22328
RESERVED
CVE-2023-22289
RESERVED
-CVE-2023-0209
- RESERVED
+CVE-2023-0209 (NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, ...)
+ TODO: check
CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server c ...)
NOT-FOR-US: NVIDIA DCGM for Linux
-CVE-2023-0207
- RESERVED
-CVE-2023-0206
- RESERVED
-CVE-2023-0205
- RESERVED
-CVE-2023-0204
- RESERVED
-CVE-2023-0203
- RESERVED
-CVE-2023-0202
- RESERVED
-CVE-2023-0201
- RESERVED
-CVE-2023-0200
- RESERVED
-CVE-2023-0199
- RESERVED
+CVE-2023-0207 (NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modi ...)
+ TODO: check
+CVE-2023-0206 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...)
+ TODO: check
+CVE-2023-0205 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...)
+ TODO: check
+CVE-2023-0204 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...)
+ TODO: check
+CVE-2023-0203 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...)
+ TODO: check
+CVE-2023-0202 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...)
+ TODO: check
+CVE-2023-0201 (NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with ...)
+ TODO: check
+CVE-2023-0200 (NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high p ...)
+ TODO: check
+CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
@@ -23324,8 +23620,7 @@ CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
-CVE-2023-0190
- RESERVED
+CVE-2023-0190 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
@@ -23414,8 +23709,7 @@ CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
-CVE-2023-0184
- RESERVED
+CVE-2023-0184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
@@ -25648,8 +25942,8 @@ CVE-2022-48152 (SQL Injection vulnerability in RemoteClinic 2.0 allows attackers
NOT-FOR-US: RemoteClinic
CVE-2022-48151
RESERVED
-CVE-2022-48150
- RESERVED
+CVE-2022-48150 (Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0 was discov ...)
NOT-FOR-US: Online Student Admission System in PHP Free Source Code
CVE-2022-48148
@@ -26680,8 +26974,8 @@ CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause
- brave-browser <itp> (bug #864795)
CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values. ...)
NOT-FOR-US: Multi-Party Threshold Signature Scheme
-CVE-2022-47930
- RESERVED
+CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The paramet ...)
+ TODO: check
CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
@@ -29161,16 +29455,16 @@ CVE-2022-47511
RESERVED
CVE-2022-47510
RESERVED
-CVE-2022-47509
- RESERVED
+CVE-2022-47509 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...)
+ TODO: check
CVE-2022-47508 (Customers who had configured their polling to occur via Kerberos did n ...)
NOT-FOR-US: SolarWinds
CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
NOT-FOR-US: SolarWinds
CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal Vulnera ...)
NOT-FOR-US: SolarWinds
-CVE-2022-47505
- RESERVED
+CVE-2022-47505 (The SolarWinds Platform was susceptible to the Local Privilege Escalat ...)
+ TODO: check
CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
NOT-FOR-US: SolarWinds
CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
@@ -61548,8 +61842,8 @@ CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input fie
NOT-FOR-US: Solarwinds
CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
NOT-FOR-US: SolarWinds
-CVE-2022-36963
- RESERVED
+CVE-2022-36963 (The SolarWinds Platform was susceptible to the Command Injection Vulne ...)
+ TODO: check
CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This vulnera ...)
NOT-FOR-US: SolarWinds
CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...)
@@ -142909,8 +143203,8 @@ CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to
NOT-FOR-US: Naver Comic Viewer
CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
NOT-FOR-US: GattLib
-CVE-2021-33589
- RESERVED
+CVE-2021-33589 (Ribose RNP before 0.15.1 does not implement a required step in a crypt ...)
+ TODO: check
CVE-2021-33588
RESERVED
CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58d922e965e3261ebfa29063cbe5f7c4571bbf6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58d922e965e3261ebfa29063cbe5f7c4571bbf6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230422/97b586fe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list