[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 1 08:10:24 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26ee6389 by security tracker role at 2023-03-01T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-27381
+ RESERVED
+CVE-2023-27377
+ RESERVED
+CVE-2023-27376
+ RESERVED
+CVE-2023-27375
+ RESERVED
+CVE-2023-27374
+ RESERVED
+CVE-2023-27373
+ RESERVED
+CVE-2023-27308
+ RESERVED
+CVE-2023-27302
+ RESERVED
+CVE-2023-27301
+ RESERVED
+CVE-2023-27300
+ RESERVED
+CVE-2023-27299
+ RESERVED
+CVE-2023-27297
+ RESERVED
+CVE-2023-26597
+ RESERVED
+CVE-2023-26585
+ RESERVED
+CVE-2023-25948
+ RESERVED
+CVE-2023-25770
+ RESERVED
+CVE-2023-25178
+ RESERVED
+CVE-2023-25078
+ RESERVED
+CVE-2023-24589
+ RESERVED
+CVE-2023-24480
+ RESERVED
+CVE-2023-24474
+ RESERVED
+CVE-2023-23905
+ RESERVED
+CVE-2023-23585
+ RESERVED
+CVE-2023-22658
+ RESERVED
+CVE-2023-22435
+ RESERVED
+CVE-2023-1109
+ RESERVED
+CVE-2023-1108
+ RESERVED
+CVE-2023-1107
+ RESERVED
+CVE-2023-1106
+ RESERVED
+CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...)
+ TODO: check
+CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+ TODO: check
+CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+ TODO: check
+CVE-2023-1102
+ RESERVED
+CVE-2023-1101
+ RESERVED
+CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management ...)
+ TODO: check
CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) ...)
- libmicrohttpd <unfixed>
NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76)
@@ -139,8 +211,8 @@ CVE-2023-1097
RESERVED
CVE-2023-1096
RESERVED
-CVE-2023-1095
- RESERVED
+CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...)
+ TODO: check
CVE-2023-1094
RESERVED
CVE-2023-1093
@@ -1650,8 +1722,8 @@ CVE-2023-26610
RESERVED
CVE-2023-26609 (ABUS TVIP 20000-21150 devices allows remote attackers to execute arbit ...)
NOT-FOR-US: ABUS TVIP 20000-21150 devices
-CVE-2023-26608
- RESERVED
+CVE-2023-26608 (SOLDR (System of Orchestration, Lifecycle control, Detection and Respo ...)
+ TODO: check
CVE-2023-26607 (In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr ...)
- linux 4.19.37-1
NOTE: https://lkml.org/lkml/2023/2/21/1353
@@ -3780,8 +3852,8 @@ CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and
NOT-FOR-US: Netgear
CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been ...)
NOT-FOR-US: Netgear
-CVE-2023-0847
- RESERVED
+CVE-2023-0847 (The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulne ...)
+ TODO: check
CVE-2023-25858
RESERVED
CVE-2023-25857
@@ -4852,8 +4924,8 @@ CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior
NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
NOT-FOR-US: Fastify plugin
-CVE-2023-25575
- RESERVED
+CVE-2023-25575 (API Platform Core is the server component of API Platform: hypermedia ...)
+ TODO: check
CVE-2023-25574
RESERVED
CVE-2023-25573
@@ -7789,7 +7861,7 @@ CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.
NOT-FOR-US: Quarkus
CVE-2023-0480
RESERVED
-CVE-2023-27372 [remote code execution vulnerability in public and private spaces]
+CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the ...)
{DLA-3347-1}
- spip 4.1.8+dfsg-1
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
@@ -8890,8 +8962,8 @@ CVE-2023-24047
RESERVED
CVE-2023-24046
RESERVED
-CVE-2023-24045
- RESERVED
+CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...)
+ TODO: check
CVE-2023-24044 (** DISPUTED ** A Host Header Injection issue on the Login page of Ples ...)
NOT-FOR-US: Plesk Obsidian
CVE-2023-24043
@@ -11874,14 +11946,14 @@ CVE-2023-23001
RESERVED
CVE-2023-23000
RESERVED
-CVE-2023-22999
- RESERVED
-CVE-2023-22998
- RESERVED
-CVE-2023-22997
- RESERVED
-CVE-2023-22996
- RESERVED
+CVE-2023-22999 (In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misint ...)
+ TODO: check
+CVE-2023-22998 (In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_objec ...)
+ TODO: check
+CVE-2023-22997 (In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterp ...)
+ TODO: check
+CVE-2023-22996 (In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does n ...)
+ TODO: check
CVE-2023-22995 (In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_regis ...)
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/fa0ef93868a6062babe1144df2807a8b1d4924d2
@@ -19034,10 +19106,10 @@ CVE-2022-47078
RESERVED
CVE-2022-47077
RESERVED
-CVE-2022-47076
- RESERVED
-CVE-2022-47075
- RESERVED
+CVE-2022-47076 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...)
+ TODO: check
+CVE-2022-47075 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...)
+ TODO: check
CVE-2022-47074
RESERVED
CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
@@ -44886,6 +44958,7 @@ CVE-2022-38727
CVE-2022-38726
RESERVED
CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...)
+ {DLA-3348-1}
- syslog-ng 3.38.1-1
NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
NOTE: https://github.com/syslog-ng/syslog-ng/pull/4110
@@ -46491,8 +46564,8 @@ CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...)
NOT-FOR-US: The Isle Evrima
-CVE-2022-38220
- RESERVED
+CVE-2022-38220 (An XSS vulnerability exists within Quest KACE Systems Management Appli ...)
+ TODO: check
CVE-2022-38219
RESERVED
CVE-2022-38218
@@ -79422,11 +79495,11 @@ CVE-2022-26583
RESERVED
CVE-2022-26582 (The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.0 ...)
NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26581 (The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20 ...)
+CVE-2022-26581 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26580 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discove ...)
+CVE-2022-26580 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26579 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root ...)
+CVE-2022-26579 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
CVE-2022-26578
RESERVED
@@ -90438,10 +90511,10 @@ CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a
NOT-FOR-US: TeamViewer
CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...)
NOT-FOR-US: Clustered Data ONTAP
-CVE-2022-23240
- RESERVED
-CVE-2022-23239
- RESERVED
+CVE-2022-23240 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...)
+ TODO: check
+CVE-2022-23239 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...)
+ TODO: check
CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...)
NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale)
CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...)
@@ -235617,7 +235690,7 @@ CVE-2020-5002
RESERVED
CVE-2020-5001
RESERVED
-CVE-2020-5000 (IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cro ...)
+CVE-2020-5000 (IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2020-4999
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26ee638905d18be0494656cf6ac8c5b222fba39b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26ee638905d18be0494656cf6ac8c5b222fba39b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230301/5e21eea0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list