[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 25 21:10:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a822a108 by security tracker role at 2023-04-25T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-31222
+ RESERVED
+CVE-2023-31221
+ RESERVED
+CVE-2023-31220
+ RESERVED
+CVE-2023-31219
+ RESERVED
+CVE-2023-31218
+ RESERVED
+CVE-2023-31217
+ RESERVED
+CVE-2023-31216
+ RESERVED
+CVE-2023-31215
+ RESERVED
+CVE-2023-31214
+ RESERVED
+CVE-2023-31213
+ RESERVED
+CVE-2023-31212
+ RESERVED
+CVE-2023-31211
+ RESERVED
+CVE-2023-31210
+ RESERVED
+CVE-2023-31209
+ RESERVED
+CVE-2023-31208
+ RESERVED
+CVE-2023-31207
+ RESERVED
+CVE-2023-2283
+ RESERVED
+CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...)
+ TODO: check
+CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...)
+ TODO: check
+CVE-2023-2280
+ RESERVED
+CVE-2023-2279
+ RESERVED
+CVE-2023-2278
+ RESERVED
+CVE-2023-2277
+ RESERVED
+CVE-2023-2276
+ RESERVED
+CVE-2023-2275
+ RESERVED
+CVE-2023-2274
+ RESERVED
+CVE-2023-2273
+ RESERVED
+CVE-2023-2272
+ RESERVED
+CVE-2023-2271
+ RESERVED
CVE-2023-31206
RESERVED
CVE-2023-31205
@@ -969,10 +1027,10 @@ CVE-2023-30841
RESERVED
CVE-2023-30840
RESERVED
-CVE-2023-30839
- RESERVED
-CVE-2023-30838
- RESERVED
+CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...)
+ TODO: check
+CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
+ TODO: check
CVE-2023-30837
RESERVED
CVE-2023-30836
@@ -2029,8 +2087,8 @@ CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted No
NOT-FOR-US: Node vm2
CVE-2023-30546
RESERVED
-CVE-2023-30545
- RESERVED
+CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
+ TODO: check
CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
@@ -2439,8 +2497,8 @@ CVE-2023-30419
RESERVED
CVE-2023-30418
RESERVED
-CVE-2023-30417
- RESERVED
+CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2 ...)
+ TODO: check
CVE-2023-30416
RESERVED
CVE-2023-30415
@@ -2469,8 +2527,8 @@ CVE-2023-30404
RESERVED
CVE-2023-30403
RESERVED
-CVE-2023-30402
- RESERVED
+CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...)
+ TODO: check
CVE-2023-30401
RESERVED
CVE-2023-30400
@@ -2919,8 +2977,8 @@ CVE-2023-30179
RESERVED
CVE-2023-30178
RESERVED
-CVE-2023-30177
- RESERVED
+CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...)
+ TODO: check
CVE-2023-30176
RESERVED
CVE-2023-30175
@@ -3715,8 +3773,8 @@ CVE-2023-29781
RESERVED
CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...)
TODO: check
-CVE-2023-29779
- RESERVED
+CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...)
+ TODO: check
CVE-2023-29778
RESERVED
CVE-2023-29777
@@ -4173,8 +4231,8 @@ CVE-2023-29554
RESERVED
CVE-2023-29553
RESERVED
-CVE-2023-29552
- RESERVED
+CVE-2023-29552 (The Service Location Protocol (SLP, RFC 2608) allows an unauthenticate ...)
+ TODO: check
CVE-2023-29551
RESERVED
- firefox 112.0-1
@@ -5422,8 +5480,8 @@ CVE-2023-29202 (XWiki Commons are technical libraries common to several other to
NOT-FOR-US: XWiki
CVE-2023-29201 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
-CVE-2023-29200
- RESERVED
+CVE-2023-29200 (Contao is an open source content management system. Prior to versions ...)
+ TODO: check
CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...)
NOT-FOR-US: Node vm2
CVE-2023-29198
@@ -6622,8 +6680,8 @@ CVE-2023-28849 (GLPI is a free asset and IT management software package. Startin
NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...)
NOT-FOR-US: user_oidc extension for NextCloud
-CVE-2023-28847
- RESERVED
+CVE-2023-28847 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+ TODO: check
CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
NOT-FOR-US: Unpoly
CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud. ...)
@@ -9234,20 +9292,20 @@ CVE-2023-28092
RESERVED
CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...)
NOT-FOR-US: HPE
-CVE-2023-28090
- RESERVED
-CVE-2023-28089
- RESERVED
-CVE-2023-28088
- RESERVED
-CVE-2023-28087
- RESERVED
-CVE-2023-28086
- RESERVED
+CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials ...)
+ TODO: check
+CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for c7000 Int ...)
+ TODO: check
+CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch administrative cre ...)
+ TODO: check
+CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts ...)
+ TODO: check
+CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential settings ...)
+ TODO: check
CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD ...)
NOT-FOR-US: HPE
-CVE-2023-28084
- RESERVED
+CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps may expos ...)
+ TODO: check
CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...)
NOT-FOR-US: HPE
CVE-2023-28082
@@ -10669,8 +10727,8 @@ CVE-2023-27621
RESERVED
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27619
- RESERVED
+CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2023-27618
RESERVED
CVE-2023-27617
@@ -12166,8 +12224,8 @@ CVE-2023-27107
RESERVED
CVE-2023-27106
RESERVED
-CVE-2023-27105
- RESERVED
+CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...)
+ TODO: check
CVE-2023-27104
RESERVED
CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...)
@@ -12721,16 +12779,16 @@ CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows att
NOT-FOR-US: OpenCATS
CVE-2023-26844
RESERVED
-CVE-2023-26843
- RESERVED
+CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
+ TODO: check
CVE-2023-26842
RESERVED
-CVE-2023-26841
- RESERVED
-CVE-2023-26840
- RESERVED
-CVE-2023-26839
- RESERVED
+CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
+ TODO: check
+CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
+ TODO: check
+CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
+ TODO: check
CVE-2023-26838
RESERVED
CVE-2023-26837
@@ -14694,8 +14752,8 @@ CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint faile
NOT-FOR-US: Progress Flowmon
CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...)
TODO: check
-CVE-2023-26098
- RESERVED
+CVE-2023-26098 (An issue was discovered in the Open Document feature in Telindus Apsal ...)
+ TODO: check
CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...)
TODO: check
CVE-2023-26096
@@ -14777,10 +14835,10 @@ CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the
NOT-FOR-US: Nokia
CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site ...)
NOT-FOR-US: Nokia
-CVE-2023-26058
- RESERVED
-CVE-2023-26057
- RESERVED
+CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...)
+ TODO: check
+CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...)
+ TODO: check
CVE-2023-0920
RESERVED
CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter, ...)
@@ -15561,8 +15619,8 @@ CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-ma
NOT-FOR-US: WordPress plugin
CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25793
- RESERVED
+CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...)
+ TODO: check
CVE-2023-25792
RESERVED
CVE-2023-25791
@@ -15953,8 +16011,8 @@ CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25710
- RESERVED
+CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGI ...)
+ TODO: check
CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR R ...)
@@ -16836,8 +16894,8 @@ CVE-2023-25492
RESERVED
CVE-2023-25491
RESERVED
-CVE-2023-25490
- RESERVED
+CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
+ TODO: check
CVE-2023-25489
RESERVED
CVE-2023-25488
@@ -16846,10 +16904,10 @@ CVE-2023-25487
RESERVED
CVE-2023-25486
RESERVED
-CVE-2023-25485
- RESERVED
-CVE-2023-25484
- RESERVED
+CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...)
+ TODO: check
+CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
+ TODO: check
CVE-2023-25483
RESERVED
CVE-2023-25482
@@ -16858,8 +16916,8 @@ CVE-2023-25481
RESERVED
CVE-2023-25480
RESERVED
-CVE-2023-25479
- RESERVED
+CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
+ TODO: check
CVE-2023-25478
RESERVED
CVE-2023-25477
@@ -17136,12 +17194,12 @@ CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When t
NOT-FOR-US: Faveo Helpdesk
CVE-2023-25349
RESERVED
-CVE-2023-25348
- RESERVED
-CVE-2023-25347
- RESERVED
-CVE-2023-25346
- RESERVED
+CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerabilit ...)
+ TODO: check
+CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, ...)
+ TODO: check
+CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5. ...)
+ TODO: check
CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...)
NOT-FOR-US: swig-templates
CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...)
@@ -17204,10 +17262,10 @@ CVE-2023-25316
RESERVED
CVE-2023-25315
RESERVED
-CVE-2023-25314
- RESERVED
-CVE-2023-25313
- RESERVED
+CVE-2023-25314 (Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Netwo ...)
+ TODO: check
+CVE-2023-25313 (OS injection vulnerability in World Wide Broadcast Network AVideo vers ...)
+ TODO: check
CVE-2023-25312
RESERVED
CVE-2023-25311
@@ -20018,7 +20076,8 @@ CVE-2023-24370
RESERVED
CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...)
NOT-FOR-US: UJCMS
-CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allo ...)
+CVE-2023-24368
+ REJECTED
NOT-FOR-US: Temenos
CVE-2023-24367
REJECTED
@@ -21314,10 +21373,10 @@ CVE-2023-23840
RESERVED
CVE-2023-23839
RESERVED
-CVE-2023-23838
- RESERVED
-CVE-2023-23837
- RESERVED
+CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...)
+ TODO: check
+CVE-2023-23837 (No exception handling vulnerability which revealed sensitive or excess ...)
+ TODO: check
CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be susceptible to th ...)
NOT-FOR-US: SolarWinds
CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...)
@@ -28367,8 +28426,8 @@ CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47609
RESERVED
-CVE-2022-47608
- RESERVED
+CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
+ TODO: check
CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47606
@@ -35025,8 +35084,8 @@ CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute Info ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45837
- RESERVED
+CVE-2022-45837 (Reflected Cross-Site Scripting (XSS) vulnerability in Denis 微&# ...)
+ TODO: check
CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45835
@@ -36760,8 +36819,8 @@ CVE-2022-45293
RESERVED
CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire after bein ...)
NOT-FOR-US: Funkwhale
-CVE-2022-45291
- RESERVED
+CVE-2022-45291 (PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 20 ...)
+ TODO: check
CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...)
NOT-FOR-US: Kbase Doc
CVE-2022-45289
@@ -47674,8 +47733,7 @@ CVE-2022-42337
RESERVED
CVE-2022-42336
RESERVED
-CVE-2022-42335
- RESERVED
+CVE-2022-42335 (x86 shadow paging arbitrary pointer dereference In environments where ...)
- xen <unfixed> (bug #1034842)
[bullseye] - xen <not-affected> (Vulnerable code not present)
[buster] - xen <not-affected> (Vulnerable code not present)
@@ -52012,14 +52070,14 @@ CVE-2022-40727
RESERVED
CVE-2022-40726
RESERVED
-CVE-2022-40725
- RESERVED
-CVE-2022-40724
- RESERVED
-CVE-2022-40723
- RESERVED
-CVE-2022-40722
- RESERVED
+CVE-2022-40725 (PingID Desktop prior to the latest released version 1.7.4 contains a v ...)
+ TODO: check
+CVE-2022-40724 (The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint ...)
+ TODO: check
+CVE-2022-40723 (The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS ...)
+ TODO: check
+CVE-2022-40722 (A misconfiguration of RSA padding implemented in the PingID Adapter fo ...)
+ TODO: check
CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
NOT-FOR-US: php uploader
CVE-2022-40720 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -52678,8 +52736,8 @@ CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection v
NOT-FOR-US: Wedding Planner
CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
NOT-FOR-US: Wedding Planner
-CVE-2022-40482
- RESERVED
+CVE-2022-40482 (The authentication method in Laravel 8.x through 9.x before 9.32.0 was ...)
+ TODO: check
CVE-2022-40481
RESERVED
CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was dis ...)
@@ -77970,8 +78028,8 @@ CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL
NOT-FOR-US: Electrum
CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to inject O ...)
NOT-FOR-US: mailcow
-CVE-2022-31244
- RESERVED
+CVE-2022-31244 (Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows f ...)
+ TODO: check
CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...)
NOT-FOR-US: Insyde
CVE-2022-31242
@@ -101207,8 +101265,8 @@ CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne M
NOT-FOR-US: pingidentity
CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...)
NOT-FOR-US: pingidentity
-CVE-2022-23721
- RESERVED
+CVE-2022-23721 (PingID integration for Windows login prior to 2.9 does not handle dupl ...)
+ TODO: check
CVE-2022-23720 (PingID Windows Login prior to 2.8 does not alert or halt operation if ...)
NOT-FOR-US: PingID Integration for Windows Login
CVE-2022-23719 (PingID Windows Login prior to 2.8 does not authenticate communication ...)
@@ -107067,10 +107125,10 @@ CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) befor
NOT-FOR-US: ControlUp Real-Time Agent
CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
NOT-FOR-US: ControlUp Real-Time Agent
-CVE-2021-44775
- RESERVED
-CVE-2021-44465
- RESERVED
+CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 ...)
+ TODO: check
+CVE-2021-44465 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
+ TODO: check
CVE-2021-4187 (vim is vulnerable to Use After Free ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -107650,20 +107708,20 @@ CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.
NOT-FOR-US: Rust crate derive-com-impl
CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...)
NOT-FOR-US: Rust crate vec-const
-CVE-2021-45111
- RESERVED
-CVE-2021-45071
- RESERVED
-CVE-2021-44547
- RESERVED
-CVE-2021-44476
- RESERVED
+CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
+ TODO: check
+CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
+ TODO: check
+CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 all ...)
+ TODO: check
+CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+ TODO: check
CVE-2021-44475
RESERVED
-CVE-2021-44461
- RESERVED
-CVE-2021-44460
- RESERVED
+CVE-2021-44461 (Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise ...)
+ TODO: check
+CVE-2021-44460 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
+ TODO: check
CVE-2021-4178 (A arbitrary code execution flaw was found in the Fabric 8 Kubernetes c ...)
NOT-FOR-US: fabric8io/kubernetes-client
NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
@@ -107674,16 +107732,16 @@ CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input
NOT-FOR-US: livehelperchat
CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
-CVE-2021-26947
- RESERVED
-CVE-2021-23186
- RESERVED
-CVE-2021-23178
- RESERVED
-CVE-2021-23176
- RESERVED
-CVE-2021-23166
- RESERVED
+CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
+ TODO: check
+CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+ TODO: check
+CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
+ TODO: check
+CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec module in O ...)
+ TODO: check
+CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+ TODO: check
CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
NOT-FOR-US: Rust crate acc_reader
CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
@@ -135485,10 +135543,10 @@ CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy, noVN
[stretch] - nova <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/nova/+bug/1927677
NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
-CVE-2021-26263
- RESERVED
-CVE-2021-23203
- RESERVED
+CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 ...)
+ TODO: check
+CVE-2021-23203 (Improper access control in reporting engine of Odoo Community 14.0 thr ...)
+ TODO: check
CVE-2021-23184
RESERVED
CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822a10814ff863e26684ae6884da0611abb1ced
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822a10814ff863e26684ae6884da0611abb1ced
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230425/b3bcb2b8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list