Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5b1967da by security tracker role at 2023-05-26T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,13 @@ +CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. Authent ...) + TODO: check +CVE-2023-2903 (A vulnerability classified as problematic has been found in NFine Rapi ...) + TODO: check +CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) + TODO: check +CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) + TODO: check +CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) + TODO: check CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) NOT-FOR-US: mipjz CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) @@ -354,7 +364,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10. NOT-FOR-US: Teltonika CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...) NOT-FOR-US: Teltonika -CVE-2023-32067 +CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...) [experimental] - c-ares 1.19.1-1 - c-ares <unfixed> NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc @@ -456,7 +466,7 @@ CVE-2023-2814 (A vulnerability classified as problematic has been found in Sourc NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...) NOT-FOR-US: Weaver e-cology -CVE-2023-2804 +CVE-2023-2804 (A heap-based buffer overflow issue was discovered in libjpeg-turbo in ...) - libjpeg-turbo <not-affected> (Vulnerable code not present) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021 @@ -2237,8 +2247,7 @@ CVE-2023-31149 (An Improper Input Validation vulnerability in the Schweitzer E NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...) NOT-FOR-US: Schweitzer Engineering Laboratories -CVE-2023-31147 - RESERVED +CVE-2023-31147 (c-ares is an asynchronous resolver library. When /dev/urandom or RtlGe ...) [experimental] - c-ares 1.19.1-1 - c-ares <unfixed> (unimportant) NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 @@ -2278,8 +2287,7 @@ CVE-2023-31132 RESERVED CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...) NOT-FOR-US: Greenplum Database -CVE-2023-31130 - RESERVED +CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...) [experimental] - c-ares 1.19.1-1 - c-ares <unfixed> NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v @@ -2294,8 +2302,7 @@ CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by NOT-FOR-US: org.xwiki.commons:xwiki-commons-xml CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...) NOT-FOR-US: Engine.IO -CVE-2023-31124 - RESERVED +CVE-2023-31124 (c-ares is an asynchronous resolver library. When cross-compiling c-are ...) [experimental] - c-ares 1.19.1-1 - c-ares <unfixed> (unimportant) NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1967daf5c957b2d562b128123442ca73a1e752 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1967daf5c957b2d562b128123442ca73a1e752 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits