[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 13 09:12:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d913e43 by security tracker role at 2023-05-13T08:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-32303 (Planet is software that provides satellite data. The secret file store ...)
+	TODO: check
 CVE-2023-32306 (Time Tracker is an open source time tracking system. A time-based blin ...)
 	NOT-FOR-US: Time Tracker
 CVE-2023-32305 (aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contai ...)
@@ -2008,8 +2010,7 @@ CVE-2023-2183
 	RESERVED
 CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2023-2181
-	RESERVED
+CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...)
 	- gitlab <unfixed>
 CVE-2023-2180
 	RESERVED
@@ -2471,8 +2472,7 @@ CVE-2023-22372 (In the pre connection stage, an improper enforcement of message
 	NOT-FOR-US: F5 BIG-IP
 CVE-2023-2089 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
 	NOT-FOR-US: SourceCodester Complaint Management System
-CVE-2023-2088 [OSSA-2023-003: Unauthorized volume access through deleted volume attachments]
-	RESERVED
+CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between Cinder a ...)
 	- cinder 2:21.1.0-3 (bug #1035961)
 	- python-glance-store 4.1.0-4 (bug #1035962; bug #1035978)
 	- nova 2:26.1.0-4 (bug #1035963; bug #1035981)
@@ -12969,8 +12969,8 @@ CVE-2023-1098 (An information disclosure vulnerability has been discovered in Gi
 	- gitlab <unfixed>
 CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through  BCE-ODU-1.0.8 are v ...)
 	NOT-FOR-US: Baicells EG7035-M11 devices
-CVE-2023-1096
-	RESERVED
+CVE-2023-1096 (SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susc ...)
+	TODO: check
 CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...)
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
@@ -19388,16 +19388,16 @@ CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver1
 	NOT-FOR-US: PC settings tool
 CVE-2023-25010 (A malicious actor may convince a victim to open a malicious USD file t ...)
 	NOT-FOR-US: Autodesk
-CVE-2023-25009
-	RESERVED
-CVE-2023-25008
-	RESERVED
-CVE-2023-25007
-	RESERVED
-CVE-2023-25006
-	RESERVED
-CVE-2023-25005
-	RESERVED
+CVE-2023-25009 (A malicious actor may convince a user to open a malicious USD file tha ...)
+	TODO: check
+CVE-2023-25008 (A malicious actor may convince a user to open a malicious USD file tha ...)
+	TODO: check
+CVE-2023-25007 (A malicious actor may convince a user to open a malicious USD file tha ...)
+	TODO: check
+CVE-2023-25006 (A malicious actor may convince a user to open a malicious USD file tha ...)
+	TODO: check
+CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allocated  ...)
+	TODO: check
 CVE-2023-25004
 	RESERVED
 CVE-2023-25003
@@ -41241,14 +41241,14 @@ CVE-2023-20882
 	RESERVED
 CVE-2023-20881
 	RESERVED
-CVE-2023-20880
-	RESERVED
-CVE-2023-20879
-	RESERVED
-CVE-2023-20878
-	RESERVED
-CVE-2023-20877
-	RESERVED
+CVE-2023-20880 (VMware Aria Operations contains a privilege escalation vulnerability.  ...)
+	TODO: check
+CVE-2023-20879 (VMware Aria Operations contains a Local privilege escalation vulnerabi ...)
+	TODO: check
+CVE-2023-20878 (VMware Aria Operations contains a deserialization vulnerability. A mal ...)
+	TODO: check
+CVE-2023-20877 (VMware Aria Operations contains a privilege escalation vulnerability.  ...)
+	TODO: check
 CVE-2023-20876
 	RESERVED
 CVE-2023-20875



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d913e43f3a300818afe457fd6564e8f2f3db0d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d913e43f3a300818afe457fd6564e8f2f3db0d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230513/ff1b268c/attachment.htm>

More information about the debian-security-tracker-commits mailing list