Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00693533 by security tracker role at 2023-04-21T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-2220
+ RESERVED
+CVE-2023-2219
+ RESERVED
+CVE-2023-2218
+ RESERVED
+CVE-2023-2217
+ RESERVED
+CVE-2023-2216
+ RESERVED
+CVE-2023-2215
+ RESERVED
+CVE-2023-2214
+ RESERVED
+CVE-2023-2213
+ RESERVED
+CVE-2023-2212
+ RESERVED
+CVE-2023-2211
+ RESERVED
+CVE-2023-2210
+ RESERVED
+CVE-2023-2209
+ RESERVED
+CVE-2023-2208
+ RESERVED
+CVE-2023-2207
+ RESERVED
+CVE-2023-2206
+ RESERVED
+CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes
Online S ...)
+ TODO: check
+CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes
Online S ...)
+ TODO: check
+CVE-2023-2203
+ RESERVED
+CVE-2023-2202 (Improper Access Control in GitHub repository
francoisjacquet/rosariosi ...)
+ TODO: check
+CVE-2023-2201
+ RESERVED
+CVE-2023-2200
+ RESERVED
+CVE-2023-2199
+ RESERVED
+CVE-2023-2198
+ RESERVED
CVE-2023-30912
RESERVED
CVE-2023-30911
@@ -34,8 +80,7 @@ CVE-2023-2196
RESERVED
CVE-2023-2195
RESERVED
-CVE-2023-2194 [i2c: xgene-slimpro: Fix out-of-bounds bug in
xgene_slimpro_i2c_xfer()]
- RESERVED
+CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux
kernel's S ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4)
CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes
when deaut ...)
@@ -142,14 +187,12 @@ CVE-2023-2179
RESERVED
CVE-2023-2178
RESERVED
-CVE-2023-2177
- RESERVED
+CVE-2023-2177 (A null pointer dereference issue was found in the sctp network
protoco ...)
- linux 5.18.16-1
[bullseye] - linux 5.10.136-1
NOTE:
https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=k...@mail.gmail.com/T/
NOTE:
https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19)
-CVE-2023-2176
- RESERVED
+CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in
drivers/infiniba ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2022/12/9/178
NOTE: https://www.spinics.net/lists/linux-rdma/msg114749.html
@@ -410,8 +453,8 @@ CVE-2023-2133 (Out of bounds memory access in Service
Worker API in Google Chrom
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2132
RESERVED
-CVE-2023-2131
- RESERVED
+CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable
to OS co ...)
+ TODO: check
CVE-2023-2130 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Purchase Order Management System
CVE-2023-30792
@@ -3726,6 +3769,7 @@ CVE-2023-29470
RESERVED
CVE-2023-29469 [Hashing of empty dict strings isn't deterministic]
RESERVED
+ {DSA-5391-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034437)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
@@ -7104,6 +7148,7 @@ CVE-2023-28485
RESERVED
CVE-2023-28484 [NULL dereference in xmlSchemaFixupComplexType]
RESERVED
+ {DSA-5391-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
NOTE: Related (but not strictly part of the CVE):
https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
(v2.10.4)
@@ -7156,10 +7201,10 @@ CVE-2023-28461 (Array Networks Array AG Series and vxAG
(9.4.0.481 and earlier)
NOT-FOR-US: Array Networks
CVE-2023-28460 (A command injection vulnerability was discovered in Array
Networks APV ...)
NOT-FOR-US: Array Networks
-CVE-2023-28459
- RESERVED
-CVE-2023-28458
- RESERVED
+CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML
export (a non ...)
+ TODO: check
+CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML
export (a non ...)
+ TODO: check
CVE-2023-28457
RESERVED
CVE-2023-28456
@@ -9588,9 +9633,9 @@ CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in
main.cpp, this is stack-overf
CVE-2023-27753
RESERVED
CVE-2023-27752
- RESERVED
+ REJECTED
CVE-2023-27751
- RESERVED
+ REJECTED
CVE-2023-27750
RESERVED
CVE-2023-27749
@@ -10717,14 +10762,14 @@ CVE-2023-27357
RESERVED
CVE-2023-27356
RESERVED
-CVE-2023-27355
- RESERVED
-CVE-2023-27354
- RESERVED
-CVE-2023-27353
- RESERVED
-CVE-2023-27352
- RESERVED
+CVE-2023-27355 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2023-27354 (This vulnerability allows network-adjacent attackers to
disclose sensi ...)
+ TODO: check
+CVE-2023-27353 (This vulnerability allows network-adjacent attackers to
disclose sensi ...)
+ TODO: check
+CVE-2023-27352 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2023-27351 (This vulnerability allows remote attackers to bypass
authentication on ...)
NOT-FOR-US: PaperCut
CVE-2023-27350 (This vulnerability allows remote attackers to bypass
authentication on ...)
@@ -11400,8 +11445,8 @@ CVE-2023-27092 (Cross Site Scripting vulnerability
found in Jbootfly allows atta
NOT-FOR-US: Jbootfly
CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3
allows a ...)
NOT-FOR-US: XiaoBingby TeaCMS
-CVE-2023-27090
- RESERVED
+CVE-2023-27090 (Cross Site Scripting vulnerability found in TeaCMS storage
allows atta ...)
+ TODO: check
CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows
attacke ...)
NOT-FOR-US: Ehuacui
CVE-2023-27088 (feiqu-opensource Background Vertical authorization
vulnerability exist ...)
@@ -38953,8 +38998,8 @@ CVE-2023-20875
RESERVED
CVE-2023-20874
RESERVED
-CVE-2023-20873
- RESERVED
+CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and
older unsup ...)
+ TODO: check
CVE-2023-20872
RESERVED
CVE-2023-20871
@@ -38969,10 +39014,10 @@ CVE-2023-20867
RESERVED
CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged
to the s ...)
NOT-FOR-US: Spring Session
-CVE-2023-20865
- RESERVED
-CVE-2023-20864
- RESERVED
+CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection
vulnerabi ...)
+ TODO: check
+CVE-2023-20864 (VMware Aria Operations for Logs contains a deserialization
vulnerabili ...)
+ TODO: check
CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+
and 6.0 ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2023-20863
@@ -135935,8 +135980,8 @@ CVE-2021-36438
RESERVED
CVE-2021-36437
RESERVED
-CVE-2021-36436
- RESERVED
+CVE-2021-36436 (An issue in Mobicint Backend for Credit Unions v3 allows
attackers to ...)
+ TODO: check
CVE-2021-36435
RESERVED
CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote
attackers to ru ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/006935337ba0cd7d4404d0f58136b52a9f88bb81
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/006935337ba0cd7d4404d0f58136b52a9f88bb81
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
