[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 12 21:10:50 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c52fc587 by security tracker role at 2023-04-12T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,42 +1,148 @@
-CVE-2023-30532
+CVE-2023-30570
+ RESERVED
+CVE-2023-30569
+ RESERVED
+CVE-2023-30568
+ RESERVED
+CVE-2023-30567
+ RESERVED
+CVE-2023-30566
+ RESERVED
+CVE-2023-30565
+ RESERVED
+CVE-2023-30564
+ RESERVED
+CVE-2023-30563
+ RESERVED
+CVE-2023-30562
+ RESERVED
+CVE-2023-30561
+ RESERVED
+CVE-2023-30560
+ RESERVED
+CVE-2023-30559
+ RESERVED
+CVE-2023-30558
+ RESERVED
+CVE-2023-30557
+ RESERVED
+CVE-2023-30556
+ RESERVED
+CVE-2023-30555
+ RESERVED
+CVE-2023-30554
+ RESERVED
+CVE-2023-30553
+ RESERVED
+CVE-2023-30552
+ RESERVED
+CVE-2023-30551
+ RESERVED
+CVE-2023-30550
+ RESERVED
+CVE-2023-30549
+ RESERVED
+CVE-2023-30548
+ RESERVED
+CVE-2023-30547
+ RESERVED
+CVE-2023-30546
+ RESERVED
+CVE-2023-30545
+ RESERVED
+CVE-2023-30544
+ RESERVED
+CVE-2023-30543
+ RESERVED
+CVE-2023-30542
+ RESERVED
+CVE-2023-30541
+ RESERVED
+CVE-2023-30540
+ RESERVED
+CVE-2023-30539
+ RESERVED
+CVE-2023-30538
+ RESERVED
+CVE-2023-30537
+ RESERVED
+CVE-2023-30536
+ RESERVED
+CVE-2023-30535
+ RESERVED
+CVE-2023-30534
+ RESERVED
+CVE-2023-30533
+ RESERVED
+CVE-2023-2011
+ RESERVED
+CVE-2023-2010
+ RESERVED
+CVE-2023-2009
+ RESERVED
+CVE-2023-2008
+ RESERVED
+CVE-2023-2007
+ RESERVED
+CVE-2023-2006
+ RESERVED
+CVE-2023-2005
+ RESERVED
+CVE-2023-2004
+ RESERVED
+CVE-2023-2003
+ RESERVED
+CVE-2023-2002
+ RESERVED
+CVE-2023-2001
+ RESERVED
+CVE-2023-2000
+ RESERVED
+CVE-2023-1999
+ RESERVED
+CVE-2023-1997
+ RESERVED
+CVE-2023-1996
+ RESERVED
+CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30531
+CVE-2023-30531 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30530
+CVE-2023-30530 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30529
+CVE-2023-30529 (Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30528
+CVE-2023-30528 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30527
+CVE-2023-30527 (Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30526
+CVE-2023-30526 (A missing permission check in Jenkins Report Portal Plugin 0.5 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30525
+CVE-2023-30525 (A cross-site request forgery (CSRF) vulnerability in Jenkins Report Po ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30524
+CVE-2023-30524 (Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPorta ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30523
+CVE-2023-30523 (Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal acces ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30522
+CVE-2023-30522 (A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30521
+CVE-2023-30521 (A missing permission check in Jenkins Assembla merge request builder P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30520
+CVE-2023-30520 (Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL sche ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30519
+CVE-2023-30519 (A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30518
+CVE-2023-30518 (A missing permission check in Jenkins Thycotic Secret Server Plugin 1. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30517
+CVE-2023-30517 (Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier uncond ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30516
+CVE-2023-30516 (Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30515
+CVE-2023-30515 (Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does no ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30514
+CVE-2023-30514 (Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does no ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-30513
+CVE-2023-30513 (Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not prop ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalat ...)
NOT-FOR-US: CubeFS
@@ -63,6 +169,7 @@ CVE-2023-30502
CVE-2023-30501
RESERVED
CVE-2023-1998
+ RESERVED
- linux 6.1.20-1
NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1)
NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
@@ -1986,10 +2093,10 @@ CVE-2023-29583
RESERVED
CVE-2023-29582
RESERVED
-CVE-2023-29581
- RESERVED
-CVE-2023-29580
- RESERVED
+CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
+ TODO: check
+CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
+ TODO: check
CVE-2023-29579
RESERVED
CVE-2023-29578
@@ -2000,14 +2107,14 @@ CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation viola
NOT-FOR-US: Bento4
CVE-2023-29575
RESERVED
-CVE-2023-29574
- RESERVED
+CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
+ TODO: check
CVE-2023-29573
RESERVED
CVE-2023-29572
RESERVED
-CVE-2023-29571
- RESERVED
+CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ TODO: check
CVE-2023-29570
RESERVED
CVE-2023-29569
@@ -2052,6 +2159,7 @@ CVE-2023-29551
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551
CVE-2023-29550
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2064,6 +2172,7 @@ CVE-2023-29549
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549
CVE-2023-29548
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2103,6 +2212,7 @@ CVE-2023-29542
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542
CVE-2023-29541
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2115,6 +2225,7 @@ CVE-2023-29540
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540
CVE-2023-29539
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2131,6 +2242,7 @@ CVE-2023-29537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537
CVE-2023-29536
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2139,6 +2251,7 @@ CVE-2023-29536
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536
CVE-2023-29535
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2151,6 +2264,7 @@ CVE-2023-29534
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
CVE-2023-29533
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
@@ -2209,6 +2323,7 @@ CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application Sy
NOT-FOR-US: SourceCodester Survey Application System
CVE-2023-1945
RESERVED
+ {DSA-5385-1 DLA-3391-1}
- firefox-esr 102.10.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
@@ -2706,12 +2821,12 @@ CVE-2023-1876
NOT-FOR-US: microweber
CVE-2023-1875
RESERVED
-CVE-2023-1874
- RESERVED
+CVE-2023-1874 (The WP Data Access plugin for WordPress is vulnerable to privilege esc ...)
+ TODO: check
CVE-2023-1873
RESERVED
-CVE-2023-1872
- RESERVED
+CVE-2023-1872 (A use-after-free vulnerability in the Linux Kernel io_uring system can ...)
+ TODO: check
CVE-2023-1871 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...)
NOT-FOR-US: YourChannel plugin for WordPress
CVE-2023-1870 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...)
@@ -3113,8 +3228,7 @@ CVE-2023-1831
RESERVED
CVE-2023-1830
RESERVED
-CVE-2023-1829
- RESERVED
+CVE-2023-1829 (A use-after-free vulnerability in the Linux Kernel traffic control ind ...)
- linux 6.1.20-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
NOTE: https://git.kernel.org/linus/8c710f75256bb3cf05ac7b1672c82b92c43f3d28 (6.3-rc1)
@@ -3175,45 +3289,59 @@ CVE-2023-28384
CVE-2023-1824
RESERVED
CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 112.0.56 ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior to 112 ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior to 112. ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 112.0.56 ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allow ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 112.0.5615 ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in Google ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome prior to ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 112.0.5615.49 allow ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.4 ...)
+ {DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1809
@@ -5670,8 +5798,8 @@ CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that
NOT-FOR-US: WordPress plugin
CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Aw ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28488
- RESERVED
+CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by network-adj ...)
+ TODO: check
CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
- sudo 1.9.13p1-1
[bullseye] - sudo <no-dsa> (Minor issue)
@@ -7982,16 +8110,16 @@ CVE-2023-27832
RESERVED
CVE-2023-27831
RESERVED
-CVE-2023-27830
- RESERVED
+CVE-2023-27830 (TightVNC before v2.8.75 allows attackers to escalate privileges on the ...)
+ TODO: check
CVE-2023-27829
RESERVED
CVE-2023-27828
RESERVED
CVE-2023-27827
RESERVED
-CVE-2023-27826
- RESERVED
+CVE-2023-27826 (SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW ...)
+ TODO: check
CVE-2023-27825
RESERVED
CVE-2023-27824
@@ -8112,8 +8240,8 @@ CVE-2023-27777
RESERVED
CVE-2023-27776
RESERVED
-CVE-2023-27775
- RESERVED
+CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 all ...)
+ TODO: check
CVE-2023-27774
RESERVED
CVE-2023-27773
@@ -8254,10 +8382,10 @@ CVE-2023-27706
RESERVED
CVE-2023-27705
RESERVED
-CVE-2023-27704
- RESERVED
-CVE-2023-27703
- RESERVED
+CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...)
+ TODO: check
+CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to contain an inf ...)
+ TODO: check
CVE-2023-27702
RESERVED
CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
@@ -9693,8 +9821,8 @@ CVE-2023-27218
RESERVED
CVE-2023-27217
RESERVED
-CVE-2023-27216
- RESERVED
+CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...)
+ TODO: check
CVE-2023-27215
RESERVED
CVE-2023-27214 (Online Student Management System v1.0 was discovered to contain multip ...)
@@ -10082,8 +10210,8 @@ CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injecti
NOT-FOR-US: PrestaShop
CVE-2023-27033 (Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code ...)
NOT-FOR-US: Prestashop cdesigner
-CVE-2023-27032
- RESERVED
+CVE-2023-27032 (Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to c ...)
+ TODO: check
CVE-2023-27031
RESERVED
CVE-2023-27030
@@ -10455,8 +10583,8 @@ CVE-2023-26854
RESERVED
CVE-2023-26853
RESERVED
-CVE-2023-26852
- RESERVED
+CVE-2023-26852 (An arbitrary file upload vulnerability in the upload plugin of Textpat ...)
+ TODO: check
CVE-2023-26851
RESERVED
CVE-2023-26850
@@ -10673,7 +10801,7 @@ CVE-2023-26752
RESERVED
CVE-2023-26751
RESERVED
-CVE-2023-26750 (SQL injection vulnerability found in Yii Framework Yii 2 Framework bef ...)
+CVE-2023-26750 (** DISPUTED ** SQL injection vulnerability found in Yii Framework Yii ...)
NOT-FOR-US: Yii 2
CVE-2023-26749
RESERVED
@@ -19920,8 +20048,8 @@ CVE-2023-23593
RESERVED
CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...)
NOT-FOR-US: WALLIX Access Manager
-CVE-2023-23591
- RESERVED
+CVE-2023-23591 (The Logback component in Terminalfour before 8.3.14.1 allows OS admini ...)
+ TODO: check
CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
- radare2 <unfixed> (bug #1029037)
NOTE: https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e/
@@ -23230,8 +23358,8 @@ CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in P
NOTE: https://www.openwall.com/lists/oss-security/2023/01/20/1
NOTE: https://downloads.powerdns.com/patches/2023-01/
NOTE: https://github.com/PowerDNS/pdns/pull/12442
-CVE-2023-22616
- RESERVED
+CVE-2023-22616 (An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5. ...)
+ TODO: check
CVE-2023-22615 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
NOT-FOR-US: Insyde
CVE-2023-22614 (An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kern ...)
@@ -26043,8 +26171,8 @@ CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47606
RESERVED
-CVE-2022-47605
- RESERVED
+CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...)
+ TODO: check
CVE-2022-47604
RESERVED
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...)
@@ -28957,8 +29085,8 @@ CVE-2022-47055
RESERVED
CVE-2022-47054
RESERVED
-CVE-2022-47053
- RESERVED
+CVE-2022-47053 (An arbitrary file upload vulnerability in the Digital Assets Manager m ...)
+ TODO: check
CVE-2022-47052 (The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' i ...)
NOT-FOR-US: NETGEAR
CVE-2022-47051
@@ -40748,12 +40876,12 @@ CVE-2023-0008
RESERVED
CVE-2023-0007
RESERVED
-CVE-2023-0006
- RESERVED
-CVE-2023-0005
- RESERVED
-CVE-2023-0004
- RESERVED
+CVE-2023-0006 (A local file deletion vulnerability in the Palo Alto Networks GlobalPr ...)
+ TODO: check
+CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an authe ...)
+ TODO: check
+CVE-2023-0004 (A local file deletion vulnerability in Palo Alto Networks PAN-OS softw ...)
+ TODO: check
CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...)
NOT-FOR-US: Palo Alto
CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
@@ -64438,12 +64566,14 @@ CVE-2022-2322
CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
NOT-FOR-US: Nakama
CVE-2022-35230 (An authenticated user can create a link with reflected Javascript code ...)
+ {DLA-3390-1}
[experimental] - zabbix 1:6.0.6+dfsg-1
- zabbix 1:6.0.7+dfsg-2 (bug #1014994)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-21305
NOTE: Fixed in: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae (5.0.25rc1)
CVE-2022-35229 (An authenticated user can create a link with reflected Javascript code ...)
+ {DLA-3390-1}
[experimental] - zabbix 1:6.0.6+dfsg-1
- zabbix 1:6.0.7+dfsg-2 (bug #1014992)
[bullseye] - zabbix <no-dsa> (Minor issue)
@@ -89455,7 +89585,7 @@ CVE-2022-26584
RESERVED
CVE-2022-26583
RESERVED
-CVE-2022-26582 (The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.0 ...)
+CVE-2022-26582 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
CVE-2022-26581 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...)
NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
@@ -94298,7 +94428,7 @@ CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 all
CVE-2022-24920
RESERVED
CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...)
- {DLA-2980-1}
+ {DLA-3390-1 DLA-2980-1}
- zabbix 1:6.0.7+dfsg-2
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-20680
@@ -94310,7 +94440,7 @@ CVE-2022-24918 (An authenticated user can create a link with reflected Javascrip
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1)
CVE-2022-24917 (An authenticated user can create a link with reflected Javascript code ...)
- {DLA-2980-1}
+ {DLA-3390-1 DLA-2980-1}
- zabbix 1:6.0.7+dfsg-2
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-20680
@@ -96114,10 +96244,10 @@ CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute
NOT-FOR-US: TP-Link
CVE-2022-24351
RESERVED
-CVE-2022-24350
- RESERVED
+CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
+ TODO: check
CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...)
- {DLA-2980-1}
+ {DLA-3390-1 DLA-2980-1}
- zabbix 1:6.0.7+dfsg-2
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-20680
@@ -113604,6 +113734,7 @@ CVE-2021-43613
RESERVED
CVE-2021-43612 [crash in SONMP decoder]
RESERVED
+ {DLA-3389-1}
- lldpd 1.0.13-1
[bullseye] - lldpd 1.0.11-1+deb11u1
[stretch] - lldpd <no-dsa> (Minor issue)
@@ -156374,6 +156505,7 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef
NOTE: https://jira.mariadb.org/browse/MDEV-25179
NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
+ {DLA-3390-1}
- zabbix 1:5.0.8+dfsg-1
[stretch] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-18942
@@ -187904,7 +188036,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.
NOTE: https://github.com/jasper-software/jasper/issues/252
NOTE: https://github.com/jasper-software/jasper/pull/253
CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch. Specially crafte ...)
- {DSA-4836-1 DLA-2571-1}
+ {DSA-4836-1 DLA-3389-1 DLA-2571-1}
- lldpd 1.0.8-1
[stretch] - lldpd <no-dsa> (Minor issue)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132)
@@ -215511,7 +215643,7 @@ CVE-2020-15805
CVE-2020-15804
RESERVED
CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
- {DLA-2631-1 DLA-2311-1}
+ {DLA-3390-1 DLA-2631-1 DLA-2311-1}
- zabbix 1:5.0.2+dfsg-1 (bug #966146)
NOTE: https://support.zabbix.com/browse/ZBX-18057
CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...)
@@ -270492,7 +270624,7 @@ CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a div
NOTE: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/
NOTE: https://sourceforge.net/p/giflib/bugs/119/
CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...)
- {DLA-2631-1}
+ {DLA-3390-1 DLA-2631-1}
- zabbix 1:5.0.7+dfsg-1 (bug #935027)
[jessie] - zabbix <postponed> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-16532
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52fc5878ee8d9b0deb591a48a4d52efa1f65153
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52fc5878ee8d9b0deb591a48a4d52efa1f65153
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/61ed72d5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list