[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 1 08:10:24 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26ee6389 by security tracker role at 2023-03-01T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-27381
+	RESERVED
+CVE-2023-27377
+	RESERVED
+CVE-2023-27376
+	RESERVED
+CVE-2023-27375
+	RESERVED
+CVE-2023-27374
+	RESERVED
+CVE-2023-27373
+	RESERVED
+CVE-2023-27308
+	RESERVED
+CVE-2023-27302
+	RESERVED
+CVE-2023-27301
+	RESERVED
+CVE-2023-27300
+	RESERVED
+CVE-2023-27299
+	RESERVED
+CVE-2023-27297
+	RESERVED
+CVE-2023-26597
+	RESERVED
+CVE-2023-26585
+	RESERVED
+CVE-2023-25948
+	RESERVED
+CVE-2023-25770
+	RESERVED
+CVE-2023-25178
+	RESERVED
+CVE-2023-25078
+	RESERVED
+CVE-2023-24589
+	RESERVED
+CVE-2023-24480
+	RESERVED
+CVE-2023-24474
+	RESERVED
+CVE-2023-23905
+	RESERVED
+CVE-2023-23585
+	RESERVED
+CVE-2023-22658
+	RESERVED
+CVE-2023-22435
+	RESERVED
+CVE-2023-1109
+	RESERVED
+CVE-2023-1108
+	RESERVED
+CVE-2023-1107
+	RESERVED
+CVE-2023-1106
+	RESERVED
+CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...)
+	TODO: check
+CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+	TODO: check
+CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+	TODO: check
+CVE-2023-1102
+	RESERVED
+CVE-2023-1101
+	RESERVED
+CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management  ...)
+	TODO: check
 CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service)  ...)
 	- libmicrohttpd <unfixed>
 	NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76)
@@ -139,8 +211,8 @@ CVE-2023-1097
 	RESERVED
 CVE-2023-1096
 	RESERVED
-CVE-2023-1095
-	RESERVED
+CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...)
+	TODO: check
 CVE-2023-1094
 	RESERVED
 CVE-2023-1093
@@ -1650,8 +1722,8 @@ CVE-2023-26610
 	RESERVED
 CVE-2023-26609 (ABUS TVIP 20000-21150 devices allows remote attackers to execute arbit ...)
 	NOT-FOR-US: ABUS TVIP 20000-21150 devices
-CVE-2023-26608
-	RESERVED
+CVE-2023-26608 (SOLDR (System of Orchestration, Lifecycle control, Detection and Respo ...)
+	TODO: check
 CVE-2023-26607 (In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr ...)
 	- linux 4.19.37-1
 	NOTE: https://lkml.org/lkml/2023/2/21/1353
@@ -3780,8 +3852,8 @@ CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and
 	NOT-FOR-US: Netgear
 CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been  ...)
 	NOT-FOR-US: Netgear
-CVE-2023-0847
-	RESERVED
+CVE-2023-0847 (The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulne ...)
+	TODO: check
 CVE-2023-25858
 	RESERVED
 CVE-2023-25857
@@ -4852,8 +4924,8 @@ CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
 CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
 	NOT-FOR-US: Fastify plugin
-CVE-2023-25575
-	RESERVED
+CVE-2023-25575 (API Platform Core is the server component of API Platform: hypermedia  ...)
+	TODO: check
 CVE-2023-25574
 	RESERVED
 CVE-2023-25573
@@ -7789,7 +7861,7 @@ CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.
 	NOT-FOR-US: Quarkus
 CVE-2023-0480
 	RESERVED
-CVE-2023-27372 [remote code execution vulnerability in public and private spaces]
+CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the  ...)
 	{DLA-3347-1}
 	- spip 4.1.8+dfsg-1
 	NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
@@ -8890,8 +8962,8 @@ CVE-2023-24047
 	RESERVED
 CVE-2023-24046
 	RESERVED
-CVE-2023-24045
-	RESERVED
+CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...)
+	TODO: check
 CVE-2023-24044 (** DISPUTED ** A Host Header Injection issue on the Login page of Ples ...)
 	NOT-FOR-US: Plesk Obsidian
 CVE-2023-24043
@@ -11874,14 +11946,14 @@ CVE-2023-23001
 	RESERVED
 CVE-2023-23000
 	RESERVED
-CVE-2023-22999
-	RESERVED
-CVE-2023-22998
-	RESERVED
-CVE-2023-22997
-	RESERVED
-CVE-2023-22996
-	RESERVED
+CVE-2023-22999 (In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misint ...)
+	TODO: check
+CVE-2023-22998 (In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_objec ...)
+	TODO: check
+CVE-2023-22997 (In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterp ...)
+	TODO: check
+CVE-2023-22996 (In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does n ...)
+	TODO: check
 CVE-2023-22995 (In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_regis ...)
 	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/fa0ef93868a6062babe1144df2807a8b1d4924d2
@@ -19034,10 +19106,10 @@ CVE-2022-47078
 	RESERVED
 CVE-2022-47077
 	RESERVED
-CVE-2022-47076
-	RESERVED
-CVE-2022-47075
-	RESERVED
+CVE-2022-47076 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...)
+	TODO: check
+CVE-2022-47075 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...)
+	TODO: check
 CVE-2022-47074
 	RESERVED
 CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
@@ -44886,6 +44958,7 @@ CVE-2022-38727
 CVE-2022-38726
 	RESERVED
 CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...)
+	{DLA-3348-1}
 	- syslog-ng 3.38.1-1
 	NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
 	NOTE: https://github.com/syslog-ng/syslog-ng/pull/4110
@@ -46491,8 +46564,8 @@ CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...)
 	NOT-FOR-US: The Isle Evrima
-CVE-2022-38220
-	RESERVED
+CVE-2022-38220 (An XSS vulnerability exists within Quest KACE Systems Management Appli ...)
+	TODO: check
 CVE-2022-38219
 	RESERVED
 CVE-2022-38218
@@ -79422,11 +79495,11 @@ CVE-2022-26583
 	RESERVED
 CVE-2022-26582 (The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.0 ...)
 	NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26581 (The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20 ...)
+CVE-2022-26581 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
 	NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26580 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discove ...)
+CVE-2022-26580 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
 	NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26579 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root ...)
+CVE-2022-26579 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
 	NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
 CVE-2022-26578
 	RESERVED
@@ -90438,10 +90511,10 @@ CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a
 	NOT-FOR-US: TeamViewer
 CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...)
 	NOT-FOR-US: Clustered Data ONTAP
-CVE-2022-23240
-	RESERVED
-CVE-2022-23239
-	RESERVED
+CVE-2022-23240 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...)
+	TODO: check
+CVE-2022-23239 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...)
+	TODO: check
 CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...)
 	NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale)
 CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...)
@@ -235617,7 +235690,7 @@ CVE-2020-5002
 	RESERVED
 CVE-2020-5001
 	RESERVED
-CVE-2020-5000 (IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cro ...)
+CVE-2020-5000 (IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2020-4999
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26ee638905d18be0494656cf6ac8c5b222fba39b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26ee638905d18be0494656cf6ac8c5b222fba39b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230301/5e21eea0/attachment.htm>


More information about the debian-security-tracker-commits mailing list