Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
58d922e9 by security tracker role at 2023-04-22T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,325 @@
-CVE-2023-2220
+CVE-2023-31037
RESERVED
-CVE-2023-2219
+CVE-2023-31036
RESERVED
-CVE-2023-2218
+CVE-2023-31035
RESERVED
-CVE-2023-2217
+CVE-2023-31034
RESERVED
-CVE-2023-2216
+CVE-2023-31033
RESERVED
-CVE-2023-2215
+CVE-2023-31032
RESERVED
-CVE-2023-2214
+CVE-2023-31031
RESERVED
-CVE-2023-2213
+CVE-2023-31030
RESERVED
-CVE-2023-2212
+CVE-2023-31029
RESERVED
-CVE-2023-2211
+CVE-2023-31028
RESERVED
-CVE-2023-2210
+CVE-2023-31027
RESERVED
-CVE-2023-2209
+CVE-2023-31026
RESERVED
-CVE-2023-2208
+CVE-2023-31025
RESERVED
-CVE-2023-2207
+CVE-2023-31024
RESERVED
-CVE-2023-2206
+CVE-2023-31023
RESERVED
+CVE-2023-31022
+ RESERVED
+CVE-2023-31021
+ RESERVED
+CVE-2023-31020
+ RESERVED
+CVE-2023-31019
+ RESERVED
+CVE-2023-31018
+ RESERVED
+CVE-2023-31017
+ RESERVED
+CVE-2023-31016
+ RESERVED
+CVE-2023-31015
+ RESERVED
+CVE-2023-31014
+ RESERVED
+CVE-2023-31013
+ RESERVED
+CVE-2023-31012
+ RESERVED
+CVE-2023-31011
+ RESERVED
+CVE-2023-31010
+ RESERVED
+CVE-2023-31009
+ RESERVED
+CVE-2023-31008
+ RESERVED
+CVE-2023-31007
+ RESERVED
+CVE-2023-31006
+ RESERVED
+CVE-2023-31005
+ RESERVED
+CVE-2023-31004
+ RESERVED
+CVE-2023-31003
+ RESERVED
+CVE-2023-31002
+ RESERVED
+CVE-2023-31001
+ RESERVED
+CVE-2023-31000
+ RESERVED
+CVE-2023-30999
+ RESERVED
+CVE-2023-30998
+ RESERVED
+CVE-2023-30997
+ RESERVED
+CVE-2023-30996
+ RESERVED
+CVE-2023-30995
+ RESERVED
+CVE-2023-30994
+ RESERVED
+CVE-2023-30993
+ RESERVED
+CVE-2023-30992
+ RESERVED
+CVE-2023-30991
+ RESERVED
+CVE-2023-30990
+ RESERVED
+CVE-2023-30989
+ RESERVED
+CVE-2023-30988
+ RESERVED
+CVE-2023-30987
+ RESERVED
+CVE-2023-30986
+ RESERVED
+CVE-2023-30985
+ RESERVED
+CVE-2023-30984
+ RESERVED
+CVE-2023-30983
+ RESERVED
+CVE-2023-30982
+ RESERVED
+CVE-2023-30981
+ RESERVED
+CVE-2023-30980
+ RESERVED
+CVE-2023-30979
+ RESERVED
+CVE-2023-30978
+ RESERVED
+CVE-2023-30977
+ RESERVED
+CVE-2023-30976
+ RESERVED
+CVE-2023-30975
+ RESERVED
+CVE-2023-30974
+ RESERVED
+CVE-2023-30973
+ RESERVED
+CVE-2023-30972
+ RESERVED
+CVE-2023-30971
+ RESERVED
+CVE-2023-30970
+ RESERVED
+CVE-2023-30969
+ RESERVED
+CVE-2023-30968
+ RESERVED
+CVE-2023-30967
+ RESERVED
+CVE-2023-30966
+ RESERVED
+CVE-2023-30965
+ RESERVED
+CVE-2023-30964
+ RESERVED
+CVE-2023-30963
+ RESERVED
+CVE-2023-30962
+ RESERVED
+CVE-2023-30961
+ RESERVED
+CVE-2023-30960
+ RESERVED
+CVE-2023-30959
+ RESERVED
+CVE-2023-30958
+ RESERVED
+CVE-2023-30957
+ RESERVED
+CVE-2023-30956
+ RESERVED
+CVE-2023-30955
+ RESERVED
+CVE-2023-30954
+ RESERVED
+CVE-2023-30953
+ RESERVED
+CVE-2023-30952
+ RESERVED
+CVE-2023-30951
+ RESERVED
+CVE-2023-30950
+ RESERVED
+CVE-2023-30949
+ RESERVED
+CVE-2023-30948
+ RESERVED
+CVE-2023-30947
+ RESERVED
+CVE-2023-30946
+ RESERVED
+CVE-2023-30945
+ RESERVED
+CVE-2023-30944
+ RESERVED
+CVE-2023-30943
+ RESERVED
+CVE-2023-30942
+ RESERVED
+CVE-2023-30941
+ RESERVED
+CVE-2023-30940
+ RESERVED
+CVE-2023-30939
+ RESERVED
+CVE-2023-30938
+ RESERVED
+CVE-2023-30937
+ RESERVED
+CVE-2023-30936
+ RESERVED
+CVE-2023-30935
+ RESERVED
+CVE-2023-30934
+ RESERVED
+CVE-2023-30933
+ RESERVED
+CVE-2023-30932
+ RESERVED
+CVE-2023-30931
+ RESERVED
+CVE-2023-30930
+ RESERVED
+CVE-2023-30929
+ RESERVED
+CVE-2023-30928
+ RESERVED
+CVE-2023-30927
+ RESERVED
+CVE-2023-30926
+ RESERVED
+CVE-2023-30925
+ RESERVED
+CVE-2023-30924
+ RESERVED
+CVE-2023-30923
+ RESERVED
+CVE-2023-30922
+ RESERVED
+CVE-2023-30921
+ RESERVED
+CVE-2023-30920
+ RESERVED
+CVE-2023-30919
+ RESERVED
+CVE-2023-30918
+ RESERVED
+CVE-2023-30917
+ RESERVED
+CVE-2023-30916
+ RESERVED
+CVE-2023-30915
+ RESERVED
+CVE-2023-30914
+ RESERVED
+CVE-2023-30913
+ RESERVED
+CVE-2023-2240 (Improper Privilege Management in GitHub repository
microweber/microweb ...)
+ TODO: check
+CVE-2023-2239
+ RESERVED
+CVE-2023-2238
+ RESERVED
+CVE-2023-2237
+ RESERVED
+CVE-2023-2236
+ RESERVED
+CVE-2023-2235
+ RESERVED
+CVE-2023-2234
+ RESERVED
+CVE-2023-2233
+ RESERVED
+CVE-2023-2232
+ RESERVED
+CVE-2023-2231 (A vulnerability, which was classified as critical, was found in
MAXTEC ...)
+ TODO: check
+CVE-2023-2230
+ RESERVED
+CVE-2023-2229
+ RESERVED
+CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
+ TODO: check
+CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa
prior to 2 ...)
+ TODO: check
+CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in
Rapid7's V ...)
+ TODO: check
+CVE-2023-2225
+ RESERVED
+CVE-2023-2224
+ RESERVED
+CVE-2023-2223
+ RESERVED
+CVE-2023-2222
+ RESERVED
+CVE-2023-2221
+ RESERVED
+CVE-2022-4944
+ RESERVED
+CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5.
It has ...)
+ TODO: check
+CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder
System 1.0 a ...)
+ TODO: check
+CVE-2023-2218 (A vulnerability has been found in SourceCodester Task Reminder
System ...)
+ TODO: check
+CVE-2023-2217 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-2216 (A vulnerability classified as problematic was found in
Campcodes Coffe ...)
+ TODO: check
+CVE-2023-2215 (A vulnerability classified as critical has been found in
Campcodes Cof ...)
+ TODO: check
+CVE-2023-2214 (A vulnerability was found in Campcodes Coffee Shop POS System
1.0. It ...)
+ TODO: check
+CVE-2023-2213 (A vulnerability was found in Campcodes Coffee Shop POS System
1.0. It ...)
+ TODO: check
+CVE-2023-2212 (A vulnerability was found in Campcodes Coffee Shop POS System
1.0. It ...)
+ TODO: check
+CVE-2023-2211 (A vulnerability was found in Campcodes Coffee Shop POS System
1.0 and ...)
+ TODO: check
+CVE-2023-2210 (A vulnerability has been found in Campcodes Coffee Shop POS
System 1.0 ...)
+ TODO: check
+CVE-2023-2209 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2023-2208 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2023-2207 (A vulnerability classified as critical was found in Campcodes
Retro Ba ...)
+ TODO: check
+CVE-2023-2206 (A vulnerability classified as critical has been found in
Campcodes Ret ...)
+ TODO: check
CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes
Online S ...)
NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes
Online S ...)
@@ -344,8 +636,8 @@ CVE-2023-30800
RESERVED
CVE-2023-30799
RESERVED
-CVE-2023-30798
- RESERVED
+CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python
framework bef ...)
+ TODO: check
CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random
values w ...)
NOT-FOR-US: Netflix Lemur
CVE-2023-30796
@@ -406,12 +698,12 @@ CVE-2023-2143
RESERVED
CVE-2023-2142
RESERVED
-CVE-2023-2141
- RESERVED
-CVE-2023-2140
- RESERVED
-CVE-2023-2139
- RESERVED
+CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release
2017 th ...)
+ TODO: check
+CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso
Release 2 ...)
+ TODO: check
+CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA
Apriso ...)
+ TODO: check
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter
up to 0 ...)
NOT-FOR-US: eslint-detailed-reporter
CVE-2022-48475
@@ -516,8 +808,8 @@ CVE-2023-2120 (The Thumbnail carousel slider plugin for
WordPress is vulnerable
NOT-FOR-US: Thumbnail carousel slider plugin for WordPress
CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is
vulnerable ...)
NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress
-CVE-2023-2118
- RESERVED
+CVE-2023-2118 (Insufficient access control in support ticket feature in
Devolutions S ...)
+ TODO: check
CVE-2023-2117
RESERVED
CVE-2023-2116
@@ -930,14 +1222,14 @@ CVE-2023-30623
RESERVED
CVE-2023-30622
RESERVED
-CVE-2023-30621
- RESERVED
-CVE-2023-30620
- RESERVED
+CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as
modular and us ...)
+ TODO: check
+CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers
build AI sol ...)
+ TODO: check
CVE-2023-30619
RESERVED
-CVE-2023-30618
- RESERVED
+CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which
enable ...)
+ TODO: check
CVE-2023-30617
RESERVED
CVE-2023-30616 (Form block is a wordpress plugin designed to make form
creation easier ...)
@@ -1443,8 +1735,7 @@ CVE-2023-30502
RESERVED
CVE-2023-30501
RESERVED
-CVE-2023-1998
- RESERVED
+CVE-2023-1998 (The Linux kernel allows userspace processes to enable
mitigations by c ...)
- linux 6.1.20-1
NOTE:
https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1)
NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
@@ -2699,8 +2990,8 @@ CVE-2023-29926 (PowerJob V4.3.2 has unauthorized
interface that causes remote co
NOT-FOR-US: PowerJob
CVE-2023-29925
RESERVED
-CVE-2023-29924
- RESERVED
+CVE-2023-29924 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control that
allows ...)
+ TODO: check
CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the
list jo ...)
NOT-FOR-US: PowerJob
CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via
the crea ...)
@@ -2713,32 +3004,32 @@ CVE-2023-29919
RESERVED
CVE-2023-29918
RESERVED
-CVE-2023-29917
- RESERVED
-CVE-2023-29916
- RESERVED
-CVE-2023-29915
- RESERVED
-CVE-2023-29914
- RESERVED
-CVE-2023-29913
- RESERVED
-CVE-2023-29912
- RESERVED
-CVE-2023-29911
- RESERVED
-CVE-2023-29910
- RESERVED
-CVE-2023-29909
- RESERVED
-CVE-2023-29908
- RESERVED
-CVE-2023-29907
- RESERVED
-CVE-2023-29906
- RESERVED
-CVE-2023-29905
- RESERVED
+CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29915 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29914 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29913 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29912 (H3C Magic R200 R200V100R004 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2023-29911 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29910 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29909 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29908 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29907 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29906 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2023-29905 (H3C Magic R200 version R200V100R004 was discovered to contain
a stack ...)
+ TODO: check
CVE-2023-29904
RESERVED
CVE-2023-29903
@@ -3401,8 +3692,8 @@ CVE-2023-29577
RESERVED
CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation
violation v ...)
NOT-FOR-US: Bento4
-CVE-2023-29575
- RESERVED
+CVE-2023-29575 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory
bug in th ...)
+ TODO: check
CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory
bug in th ...)
NOT-FOR-US: Bento4
CVE-2023-29573 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory
bug in th ...)
@@ -5262,10 +5553,10 @@ CVE-2023-1709
RESERVED
CVE-2023-29021
RESERVED
-CVE-2023-29020
- RESERVED
-CVE-2023-29019
- RESERVED
+CVE-2023-29020 (@fastify/passport is a port of passport authentication library
for the ...)
+ TODO: check
+CVE-2023-29019 (@fastify/passport is a port of passport authentication library
for the ...)
+ TODO: check
CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags
to appli ...)
NOT-FOR-US: open-feature-operator
CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted
Node's b ...)
@@ -5862,6 +6153,7 @@ CVE-2023-1626 (A vulnerability was found in Jianming
Antivirus 16.2.2022.418. It
CVE-2023-28857
RESERVED
CVE-2023-28856 (Redis is an open source, in-memory database that persists on
disk. Aut ...)
+ {DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
[bullseye] - redis <no-dsa> (Minor issue)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
@@ -7141,6 +7433,7 @@ CVE-2023-1426 (The WP Tiles WordPress plugin through
1.1.2 does not ensure that
CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for
WordPress | Aw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by
network-adj ...)
+ {DLA-3397-1}
- connman 1.41-3 (bug #1034393)
NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
@@ -10235,6 +10528,7 @@ CVE-2023-27539
NOTE:
https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
(v2.2.6.4)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl prior
to v8.0 ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27538.html
@@ -10247,12 +10541,14 @@ CVE-2023-27537 (A double free vulnerability exists in
libcurl <8.0.0 when sha
NOTE: Introduced by:
https://github.com/curl/curl/commit/076a2f629119222aeeb50f5a03bf9f9052fabb9a
(curl-7_88_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/dca4cdf071be095bcdc7126eaa77a8946ea4790b
(curl-8_0_0)
CVE-2023-27536 (An authentication bypass vulnerability exists libcurl
<8.0.0 in the ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27536.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f
(curl-7_22_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
(curl-8_0_0)
CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl
<8.0.0 in ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27535.html
@@ -10266,6 +10562,7 @@ CVE-2023-27534 (A path traversal vulnerability exists
in curl <8.0.0 SFTP imp
NOTE: Introduced by:
https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a
(curl-7_18_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6
(curl-8_0_0)
CVE-2023-27533 (A vulnerability in input validation exists in curl <8.0
during comm ...)
+ {DLA-3398-1}
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27533.html
@@ -11907,8 +12204,8 @@ CVE-2023-26878
RESERVED
CVE-2023-26877
RESERVED
-CVE-2023-26876
- RESERVED
+CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and
before allows ...)
+ TODO: check
CVE-2023-26875
RESERVED
CVE-2023-26874
@@ -12550,10 +12847,10 @@ CVE-2023-26559 (A directory traversal vulnerability
in Oxygen XML Web Author bef
NOT-FOR-US: Oxygen XML Web Author
CVE-2023-26558
RESERVED
-CVE-2023-26557
- RESERVED
-CVE-2023-26556
- RESERVED
+CVE-2023-26557 (io.finnet tss-lib before 2.0.0 can leak the lambda value of a
private ...)
+ TODO: check
+CVE-2023-26556 (io.finnet tss-lib before 2.0.0 can leak a secret key via a
timing side ...)
+ TODO: check
CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has
an out-o ...)
- ntp <removed>
[bullseye] - ntp <no-dsa> (Minor issue; affects only the clock driver
for the Trimble Palisade GPS timing receiver)
@@ -13940,10 +14237,10 @@ CVE-2023-0921
RESERVED
CVE-2022-48330
RESERVED
-CVE-2023-26101
- RESERVED
-CVE-2023-26100
- RESERVED
+CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a
Flowmon user ...)
+ TODO: check
+CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint
failed to s ...)
+ TODO: check
CVE-2023-26099
RESERVED
CVE-2023-26098
@@ -15969,26 +16266,26 @@ CVE-2023-25516
RESERVED
CVE-2023-25515
RESERVED
-CVE-2023-25514
- RESERVED
-CVE-2023-25513
- RESERVED
-CVE-2023-25512
- RESERVED
-CVE-2023-25511
- RESERVED
-CVE-2023-25510
- RESERVED
-CVE-2023-25509
- RESERVED
-CVE-2023-25508
- RESERVED
-CVE-2023-25507
- RESERVED
-CVE-2023-25506
- RESERVED
-CVE-2023-25505
- RESERVED
+CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
+ TODO: check
+CVE-2023-25513 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
+ TODO: check
+CVE-2023-25512 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
+ TODO: check
+CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a
vulnerability in ...)
+ TODO: check
+CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL
pointer ...)
+ TODO: check
+CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may
lead to ...)
+ TODO: check
+CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler,
where a ...)
+ TODO: check
+CVE-2023-25507 (NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API,
where a ...)
+ TODO: check
+CVE-2023-25506 (NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS,
where a pr ...)
+ TODO: check
+CVE-2023-25505 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler
of the A ...)
+ TODO: check
CVE-2023-25504 (A malicious actor who has been authenticated and granted
specific perm ...)
NOT-FOR-US: Apache Superset
CVE-2023-25503
@@ -23194,28 +23491,27 @@ CVE-2023-22328
RESERVED
CVE-2023-22289
RESERVED
-CVE-2023-0209
- RESERVED
+CVE-2023-0209 (NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI
module, ...)
+ TODO: check
CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine
(server c ...)
NOT-FOR-US: NVIDIA DCGM for Linux
-CVE-2023-0207
- RESERVED
-CVE-2023-0206
- RESERVED
-CVE-2023-0205
- RESERVED
-CVE-2023-0204
- RESERVED
-CVE-2023-0203
- RESERVED
-CVE-2023-0202
- RESERVED
-CVE-2023-0201
- RESERVED
-CVE-2023-0200
- RESERVED
-CVE-2023-0199
- RESERVED
+CVE-2023-0207 (NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker
may modi ...)
+ TODO: check
+CVE-2023-0206 (NVIDIA DGX A100 SBIOS contains a vulnerability where an
attacker may m ...)
+ TODO: check
+CVE-2023-0205 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a
vulnerabilit ...)
+ TODO: check
+CVE-2023-0204 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a
vulnerabilit ...)
+ TODO: check
+CVE-2023-0203 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a
vulnerabilit ...)
+ TODO: check
+CVE-2023-0202 (NVIDIA DGX A100 SBIOS contains a vulnerability where an
attacker may m ...)
+ TODO: check
+CVE-2023-0201 (NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a
user with ...)
+ TODO: check
+CVE-2023-0200 (NVIDIA DGX-2 contains a vulnerability in OFBD where a user with
high p ...)
+ TODO: check
+CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
@@ -23324,8 +23620,7 @@ CVE-2023-0191 (NVIDIA GPU Display Driver for Windows
and Linux contains a vulner
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
-CVE-2023-0190
- RESERVED
+CVE-2023-0190 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
the ke ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
@@ -23414,8 +23709,7 @@ CVE-2023-0185 (NVIDIA GPU Display Driver for Linux
contains a vulnerability in t
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
-CVE-2023-0184
- RESERVED
+CVE-2023-0184 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
@@ -25648,8 +25942,8 @@ CVE-2022-48152 (SQL Injection vulnerability in
RemoteClinic 2.0 allows attackers
NOT-FOR-US: RemoteClinic
CVE-2022-48151
RESERVED
-CVE-2022-48150
- RESERVED
+CVE-2022-48150 (Shopware v5.5.10 was discovered to contain a cross-site
scripting (XSS ...)
+ TODO: check
CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0
was discov ...)
NOT-FOR-US: Online Student Admission System in PHP Free Source Code
CVE-2022-48148
@@ -26680,8 +26974,8 @@ CVE-2022-47932 (Brave Browser before 1.43.34 allowed a
remote attacker to cause
- brave-browser <itp> (bug #864795)
CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash
values. ...)
NOT-FOR-US: Multi-Party Threshold Signature Scheme
-CVE-2022-47930
- RESERVED
+CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The
paramet ...)
+ TODO: check
CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference
bug in th ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
@@ -29161,16 +29455,16 @@ CVE-2022-47511
RESERVED
CVE-2022-47510
RESERVED
-CVE-2022-47509
- RESERVED
+CVE-2022-47509 (The SolarWinds Platform was susceptible to the Incorrect Input
Neutral ...)
+ TODO: check
CVE-2022-47508 (Customers who had configured their polling to occur via
Kerberos did n ...)
NOT-FOR-US: SolarWinds
CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of
Untruste ...)
NOT-FOR-US: SolarWinds
CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal
Vulnera ...)
NOT-FOR-US: SolarWinds
-CVE-2022-47505
- RESERVED
+CVE-2022-47505 (The SolarWinds Platform was susceptible to the Local Privilege
Escalat ...)
+ TODO: check
CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of
Untruste ...)
NOT-FOR-US: SolarWinds
CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of
Untruste ...)
@@ -61548,8 +61842,8 @@ CVE-2022-36965 (Insufficient sanitization of inputs in
QoE application input fie
NOT-FOR-US: Solarwinds
CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of
Untruste ...)
NOT-FOR-US: SolarWinds
-CVE-2022-36963
- RESERVED
+CVE-2022-36963 (The SolarWinds Platform was susceptible to the Command
Injection Vulne ...)
+ TODO: check
CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This
vulnera ...)
NOT-FOR-US: SolarWinds
CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL
Injecti ...)
@@ -142909,8 +143203,8 @@ CVE-2021-33591 (An exposed remote debugging port in
Naver Comic Viewer prior to
NOT-FOR-US: Naver Comic Viewer
CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in
get_device_path_ ...)
NOT-FOR-US: GattLib
-CVE-2021-33589
- RESERVED
+CVE-2021-33589 (Ribose RNP before 0.15.1 does not implement a required step in
a crypt ...)
+ TODO: check
CVE-2021-33588
RESERVED
CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not
ensure t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58d922e965e3261ebfa29063cbe5f7c4571bbf6c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58d922e965e3261ebfa29063cbe5f7c4571bbf6c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
