[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 01 Mar 2023 00:10:33 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26ee6389 by security tracker role at 2023-03-01T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-27381
+       RESERVED
+CVE-2023-27377
+       RESERVED
+CVE-2023-27376
+       RESERVED
+CVE-2023-27375
+       RESERVED
+CVE-2023-27374
+       RESERVED
+CVE-2023-27373
+       RESERVED
+CVE-2023-27308
+       RESERVED
+CVE-2023-27302
+       RESERVED
+CVE-2023-27301
+       RESERVED
+CVE-2023-27300
+       RESERVED
+CVE-2023-27299
+       RESERVED
+CVE-2023-27297
+       RESERVED
+CVE-2023-26597
+       RESERVED
+CVE-2023-26585
+       RESERVED
+CVE-2023-25948
+       RESERVED
+CVE-2023-25770
+       RESERVED
+CVE-2023-25178
+       RESERVED
+CVE-2023-25078
+       RESERVED
+CVE-2023-24589
+       RESERVED
+CVE-2023-24480
+       RESERVED
+CVE-2023-24474
+       RESERVED
+CVE-2023-23905
+       RESERVED
+CVE-2023-23585
+       RESERVED
+CVE-2023-22658
+       RESERVED
+CVE-2023-22435
+       RESERVED
+CVE-2023-1109
+       RESERVED
+CVE-2023-1108
+       RESERVED
+CVE-2023-1107
+       RESERVED
+CVE-2023-1106
+       RESERVED
+CVE-2023-1105 (External Control of File Name or Path in GitHub repository 
flatpressbl ...)
+       TODO: check
+CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository 
flatpressblog ...)
+       TODO: check
+CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository 
flatpressblog ...)
+       TODO: check
+CVE-2023-1102
+       RESERVED
+CVE-2023-1101
+       RESERVED
+CVE-2023-1100 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+       TODO: check
+CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student 
Management  ...)
+       TODO: check
 CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of 
Service)  ...)
        - libmicrohttpd <unfixed>
        NOTE: 
https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec
 (v0.9.76)
@@ -139,8 +211,8 @@ CVE-2023-1097
        RESERVED
 CVE-2023-1096
        RESERVED
-CVE-2023-1095
-       RESERVED
+CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an 
error, nft ...)
+       TODO: check
 CVE-2023-1094
        RESERVED
 CVE-2023-1093
@@ -1650,8 +1722,8 @@ CVE-2023-26610
        RESERVED
 CVE-2023-26609 (ABUS TVIP 20000-21150 devices allows remote attackers to 
execute arbit ...)
        NOT-FOR-US: ABUS TVIP 20000-21150 devices
-CVE-2023-26608
-       RESERVED
+CVE-2023-26608 (SOLDR (System of Orchestration, Lifecycle control, Detection 
and Respo ...)
+       TODO: check
 CVE-2023-26607 (In the Linux kernel 6.0.8, there is an out-of-bounds read in 
ntfs_attr ...)
        - linux 4.19.37-1
        NOTE: https://lkml.org/lkml/2023/2/21/1353
@@ -3780,8 +3852,8 @@ CVE-2023-0849 (A vulnerability has been found in Netgear 
WNDR3700v2 1.0.1.14 and
        NOT-FOR-US: Netgear
 CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It 
has been  ...)
        NOT-FOR-US: Netgear
-CVE-2023-0847
-       RESERVED
+CVE-2023-0847 (The Sub-IoT implementation of the DASH 7 Alliance protocol has 
a vulne ...)
+       TODO: check
 CVE-2023-25858
        RESERVED
 CVE-2023-25857
@@ -4852,8 +4924,8 @@ CVE-2023-25577 (Werkzeug is a comprehensive WSGI web 
application library. Prior
        NOTE: 
https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
 CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart 
content- ...)
        NOT-FOR-US: Fastify plugin
-CVE-2023-25575
-       RESERVED
+CVE-2023-25575 (API Platform Core is the server component of API Platform: 
hypermedia  ...)
+       TODO: check
 CVE-2023-25574
        RESERVED
 CVE-2023-25573
@@ -7789,7 +7861,7 @@ CVE-2023-0481 (In RestEasy Reactive implementation of 
Quarkus the insecure File.
        NOT-FOR-US: Quarkus
 CVE-2023-0480
        RESERVED
-CVE-2023-27372 [remote code execution vulnerability in public and private 
spaces]
+CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values 
in the  ...)
        {DLA-3347-1}
        - spip 4.1.8+dfsg-1
        NOTE: 
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
@@ -8890,8 +8962,8 @@ CVE-2023-24047
        RESERVED
 CVE-2023-24046
        RESERVED
-CVE-2023-24045
-       RESERVED
+CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku 
files th ...)
+       TODO: check
 CVE-2023-24044 (** DISPUTED ** A Host Header Injection issue on the Login page 
of Ples ...)
        NOT-FOR-US: Plesk Obsidian
 CVE-2023-24043
@@ -11874,14 +11946,14 @@ CVE-2023-23001
        RESERVED
 CVE-2023-23000
        RESERVED
-CVE-2023-22999
-       RESERVED
-CVE-2023-22998
-       RESERVED
-CVE-2023-22997
-       RESERVED
-CVE-2023-22996
-       RESERVED
+CVE-2023-22999 (In the Linux kernel before 5.16.3, 
drivers/usb/dwc3/dwc3-qcom.c misint ...)
+       TODO: check
+CVE-2023-22998 (In the Linux kernel before 6.0.3, 
drivers/gpu/drm/virtio/virtgpu_objec ...)
+       TODO: check
+CVE-2023-22997 (In the Linux kernel before 6.1.2, kernel/module/decompress.c 
misinterp ...)
+       TODO: check
+CVE-2023-22996 (In the Linux kernel before 5.17.2, 
drivers/soc/qcom/qcom_aoss.c does n ...)
+       TODO: check
 CVE-2023-22995 (In the Linux kernel before 5.17, an error path in 
dwc3_qcom_acpi_regis ...)
        - linux 5.17.3-1
        NOTE: 
https://git.kernel.org/linus/fa0ef93868a6062babe1144df2807a8b1d4924d2
@@ -19034,10 +19106,10 @@ CVE-2022-47078
        RESERVED
 CVE-2022-47077
        RESERVED
-CVE-2022-47076
-       RESERVED
-CVE-2022-47075
-       RESERVED
+CVE-2022-47076 (An issue was discovered in Smart Office Web 20.28 and earlier 
allows a ...)
+       TODO: check
+CVE-2022-47075 (An issue was discovered in Smart Office Web 20.28 and earlier 
allows a ...)
+       TODO: check
 CVE-2022-47074
        RESERVED
 CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create 
Ticket page o ...)
@@ -44886,6 +44958,7 @@ CVE-2022-38727
 CVE-2022-38726
        RESERVED
 CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity 
syslog-ng 3. ...)
+       {DLA-3348-1}
        - syslog-ng 3.38.1-1
        NOTE: 
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
        NOTE: https://github.com/syslog-ng/syslog-ng/pull/4110
@@ -46491,8 +46564,8 @@ CVE-2022-38222 (There is a use-after-free issue in 
JBIG2Stream::close() located
        - xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle 
Evrima (the d ...)
        NOT-FOR-US: The Isle Evrima
-CVE-2022-38220
-       RESERVED
+CVE-2022-38220 (An XSS vulnerability exists within Quest KACE Systems 
Management Appli ...)
+       TODO: check
 CVE-2022-38219
        RESERVED
 CVE-2022-38218
@@ -79422,11 +79495,11 @@ CVE-2022-26583
        RESERVED
 CVE-2022-26582 (The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo 
V04.4.0 ...)
        NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26581 (The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo 
V04.4.02 20 ...)
+CVE-2022-26581 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 
can allo ...)
        NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26580 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was 
discove ...)
+CVE-2022-26580 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 
can allo ...)
        NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
-CVE-2022-26579 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 
allows root ...)
+CVE-2022-26579 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 
can allo ...)
        NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
 CVE-2022-26578
        RESERVED
@@ -90438,10 +90511,10 @@ CVE-2022-23242 (TeamViewer Linux versions before 
15.28 do not properly execute a
        NOT-FOR-US: TeamViewer
 CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with 
SnapLock co ...)
        NOT-FOR-US: Clustered Data ONTAP
-CVE-2022-23240
-       RESERVED
-CVE-2022-23239
-       RESERVED
+CVE-2022-23240 (Active IQ Unified Manager for VMware vSphere, Linux, and 
Microsoft Win ...)
+       TODO: check
+CVE-2022-23239 (Active IQ Unified Manager for VMware vSphere, Linux, and 
Microsoft Win ...)
+       TODO: check
 CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID 
Webscale) versi ...)
        NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale)
 CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions 
through 11.70 ...)
@@ -235617,7 +235690,7 @@ CVE-2020-5002
        RESERVED
 CVE-2020-5001
        RESERVED
-CVE-2020-5000 (IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable 
to cro ...)
+CVE-2020-5000 (IBM Financial Transaction Manager 3.2.0 through 3.2.8 is 
vulnerable to ...)
        NOT-FOR-US: IBM
 CVE-2020-4999
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26ee638905d18be0494656cf6ac8c5b222fba39b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26ee638905d18be0494656cf6ac8c5b222fba39b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to