Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b1967da by security tracker role at 2023-05-26T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud.
Authent ...)
+ TODO: check
+CVE-2023-2903 (A vulnerability classified as problematic has been found in
NFine Rapi ...)
+ TODO: check
+CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform
20230511 ...)
+ TODO: check
+CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform
20230511 ...)
+ TODO: check
+CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform
20230511 ...)
+ TODO: check
CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz
v5.0.5 allo ...)
NOT-FOR-US: mipjz
CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz
v5.0.5 allo ...)
@@ -354,7 +364,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System
versions prior to 4.10.
NOT-FOR-US: Teltonika
CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is
vulnerabl ...)
NOT-FOR-US: Teltonika
-CVE-2023-32067
+CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is
vulnerable to de ...)
[experimental] - c-ares 1.19.1-1
- c-ares <unfixed>
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
@@ -456,7 +466,7 @@ CVE-2023-2814 (A vulnerability classified as problematic
has been found in Sourc
NOT-FOR-US: SourceCodester Class Scheduling System
CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver
e-cology ...)
NOT-FOR-US: Weaver e-cology
-CVE-2023-2804
+CVE-2023-2804 (A heap-based buffer overflow issue was discovered in
libjpeg-turbo in ...)
- libjpeg-turbo <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021
@@ -2237,8 +2247,7 @@ CVE-2023-31149 (An Improper Input Validation
vulnerability in the Schweitzer E
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer
Enginee ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
-CVE-2023-31147
- RESERVED
+CVE-2023-31147 (c-ares is an asynchronous resolver library. When /dev/urandom
or RtlGe ...)
[experimental] - c-ares 1.19.1-1
- c-ares <unfixed> (unimportant)
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
@@ -2278,8 +2287,7 @@ CVE-2023-31132
RESERVED
CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse
based on Po ...)
NOT-FOR-US: Greenplum Database
-CVE-2023-31130
- RESERVED
+CVE-2023-31130 (c-ares is an asynchronous resolver library.
ares_inet_net_pton() is vu ...)
[experimental] - c-ares 1.19.1-1
- c-ares <unfixed>
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
@@ -2294,8 +2302,7 @@ CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is
an XML library used by
NOT-FOR-US: org.xwiki.commons:xwiki-commons-xml
CVE-2023-31125 (Engine.IO is the implementation of transport-based
cross-browser/cross ...)
NOT-FOR-US: Engine.IO
-CVE-2023-31124
- RESERVED
+CVE-2023-31124 (c-ares is an asynchronous resolver library. When
cross-compiling c-are ...)
[experimental] - c-ares 1.19.1-1
- c-ares <unfixed> (unimportant)
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1967daf5c957b2d562b128123442ca73a1e752
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1967daf5c957b2d562b128123442ca73a1e752
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
