[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 26 09:12:12 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b1967da by security tracker role at 2023-05-26T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. Authent ...)
+	TODO: check
+CVE-2023-2903 (A vulnerability classified as problematic has been found in NFine Rapi ...)
+	TODO: check
+CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
+	TODO: check
+CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
+	TODO: check
+CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
+	TODO: check
 CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
 	NOT-FOR-US: mipjz
 CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
@@ -354,7 +364,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.
 	NOT-FOR-US: Teltonika
 CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...)
 	NOT-FOR-US: Teltonika
-CVE-2023-32067
+CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...)
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed>
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
@@ -456,7 +466,7 @@ CVE-2023-2814 (A vulnerability classified as problematic has been found in Sourc
 	NOT-FOR-US: SourceCodester Class Scheduling System
 CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...)
 	NOT-FOR-US: Weaver e-cology
-CVE-2023-2804
+CVE-2023-2804 (A heap-based buffer overflow issue was discovered in libjpeg-turbo in  ...)
 	- libjpeg-turbo <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021
@@ -2237,8 +2247,7 @@ CVE-2023-31149 (An Improper Input Validation vulnerability   in the Schweitzer E
 	NOT-FOR-US: Schweitzer Engineering Laboratories
 CVE-2023-31148 (An Improper Input Validation vulnerability   in the Schweitzer Enginee ...)
 	NOT-FOR-US: Schweitzer Engineering Laboratories
-CVE-2023-31147
-	RESERVED
+CVE-2023-31147 (c-ares is an asynchronous resolver library. When /dev/urandom or RtlGe ...)
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed> (unimportant)
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
@@ -2278,8 +2287,7 @@ CVE-2023-31132
 	RESERVED
 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...)
 	NOT-FOR-US: Greenplum Database
-CVE-2023-31130
-	RESERVED
+CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...)
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed>
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
@@ -2294,8 +2302,7 @@ CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by
 	NOT-FOR-US: org.xwiki.commons:xwiki-commons-xml
 CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
 	NOT-FOR-US: Engine.IO
-CVE-2023-31124
-	RESERVED
+CVE-2023-31124 (c-ares is an asynchronous resolver library. When cross-compiling c-are ...)
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed> (unimportant)
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1967daf5c957b2d562b128123442ca73a1e752

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1967daf5c957b2d562b128123442ca73a1e752
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230526/52a625fb/attachment.htm>

More information about the debian-security-tracker-commits mailing list