[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 25 21:10:32 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a822a108 by security tracker role at 2023-04-25T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-31222
+	RESERVED
+CVE-2023-31221
+	RESERVED
+CVE-2023-31220
+	RESERVED
+CVE-2023-31219
+	RESERVED
+CVE-2023-31218
+	RESERVED
+CVE-2023-31217
+	RESERVED
+CVE-2023-31216
+	RESERVED
+CVE-2023-31215
+	RESERVED
+CVE-2023-31214
+	RESERVED
+CVE-2023-31213
+	RESERVED
+CVE-2023-31212
+	RESERVED
+CVE-2023-31211
+	RESERVED
+CVE-2023-31210
+	RESERVED
+CVE-2023-31209
+	RESERVED
+CVE-2023-31208
+	RESERVED
+CVE-2023-31207
+	RESERVED
+CVE-2023-2283
+	RESERVED
+CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...)
+	TODO: check
+CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...)
+	TODO: check
+CVE-2023-2280
+	RESERVED
+CVE-2023-2279
+	RESERVED
+CVE-2023-2278
+	RESERVED
+CVE-2023-2277
+	RESERVED
+CVE-2023-2276
+	RESERVED
+CVE-2023-2275
+	RESERVED
+CVE-2023-2274
+	RESERVED
+CVE-2023-2273
+	RESERVED
+CVE-2023-2272
+	RESERVED
+CVE-2023-2271
+	RESERVED
 CVE-2023-31206
 	RESERVED
 CVE-2023-31205
@@ -969,10 +1027,10 @@ CVE-2023-30841
 	RESERVED
 CVE-2023-30840
 	RESERVED
-CVE-2023-30839
-	RESERVED
-CVE-2023-30838
-	RESERVED
+CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...)
+	TODO: check
+CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
+	TODO: check
 CVE-2023-30837
 	RESERVED
 CVE-2023-30836
@@ -2029,8 +2087,8 @@ CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted No
 	NOT-FOR-US: Node vm2
 CVE-2023-30546
 	RESERVED
-CVE-2023-30545
-	RESERVED
+CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
+	TODO: check
 CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
@@ -2439,8 +2497,8 @@ CVE-2023-30419
 	RESERVED
 CVE-2023-30418
 	RESERVED
-CVE-2023-30417
-	RESERVED
+CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2 ...)
+	TODO: check
 CVE-2023-30416
 	RESERVED
 CVE-2023-30415
@@ -2469,8 +2527,8 @@ CVE-2023-30404
 	RESERVED
 CVE-2023-30403
 	RESERVED
-CVE-2023-30402
-	RESERVED
+CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...)
+	TODO: check
 CVE-2023-30401
 	RESERVED
 CVE-2023-30400
@@ -2919,8 +2977,8 @@ CVE-2023-30179
 	RESERVED
 CVE-2023-30178
 	RESERVED
-CVE-2023-30177
-	RESERVED
+CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker  ...)
+	TODO: check
 CVE-2023-30176
 	RESERVED
 CVE-2023-30175
@@ -3715,8 +3773,8 @@ CVE-2023-29781
 	RESERVED
 CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...)
 	TODO: check
-CVE-2023-29779
-	RESERVED
+CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...)
+	TODO: check
 CVE-2023-29778
 	RESERVED
 CVE-2023-29777
@@ -4173,8 +4231,8 @@ CVE-2023-29554
 	RESERVED
 CVE-2023-29553
 	RESERVED
-CVE-2023-29552
-	RESERVED
+CVE-2023-29552 (The Service Location Protocol (SLP, RFC 2608) allows an unauthenticate ...)
+	TODO: check
 CVE-2023-29551
 	RESERVED
 	- firefox 112.0-1
@@ -5422,8 +5480,8 @@ CVE-2023-29202 (XWiki Commons are technical libraries common to several other to
 	NOT-FOR-US: XWiki
 CVE-2023-29201 (XWiki Commons are technical libraries common to several other top leve ...)
 	NOT-FOR-US: XWiki
-CVE-2023-29200
-	RESERVED
+CVE-2023-29200 (Contao is an open source content management system. Prior to versions  ...)
+	TODO: check
 CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...)
 	NOT-FOR-US: Node vm2
 CVE-2023-29198
@@ -6622,8 +6680,8 @@ CVE-2023-28849 (GLPI is a free asset and IT management software package. Startin
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...)
 	NOT-FOR-US: user_oidc extension for NextCloud
-CVE-2023-28847
-	RESERVED
+CVE-2023-28847 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+	TODO: check
 CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
 	NOT-FOR-US: Unpoly
 CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud.  ...)
@@ -9234,20 +9292,20 @@ CVE-2023-28092
 	RESERVED
 CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...)
 	NOT-FOR-US: HPE
-CVE-2023-28090
-	RESERVED
-CVE-2023-28089
-	RESERVED
-CVE-2023-28088
-	RESERVED
-CVE-2023-28087
-	RESERVED
-CVE-2023-28086
-	RESERVED
+CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials ...)
+	TODO: check
+CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for c7000 Int ...)
+	TODO: check
+CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch administrative cre ...)
+	TODO: check
+CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts ...)
+	TODO: check
+CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential settings ...)
+	TODO: check
 CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD  ...)
 	NOT-FOR-US: HPE
-CVE-2023-28084
-	RESERVED
+CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps may expos ...)
+	TODO: check
 CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...)
 	NOT-FOR-US: HPE
 CVE-2023-28082
@@ -10669,8 +10727,8 @@ CVE-2023-27621
 	RESERVED
 CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-27619
-	RESERVED
+CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability  ...)
+	TODO: check
 CVE-2023-27618
 	RESERVED
 CVE-2023-27617
@@ -12166,8 +12224,8 @@ CVE-2023-27107
 	RESERVED
 CVE-2023-27106
 	RESERVED
-CVE-2023-27105
-	RESERVED
+CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...)
+	TODO: check
 CVE-2023-27104
 	RESERVED
 CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via  ...)
@@ -12721,16 +12779,16 @@ CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows att
 	NOT-FOR-US: OpenCATS
 CVE-2023-26844
 	RESERVED
-CVE-2023-26843
-	RESERVED
+CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
+	TODO: check
 CVE-2023-26842
 	RESERVED
-CVE-2023-26841
-	RESERVED
-CVE-2023-26840
-	RESERVED
-CVE-2023-26839
-	RESERVED
+CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
+	TODO: check
+CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
+	TODO: check
+CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
+	TODO: check
 CVE-2023-26838
 	RESERVED
 CVE-2023-26837
@@ -14694,8 +14752,8 @@ CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint faile
 	NOT-FOR-US: Progress Flowmon
 CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...)
 	TODO: check
-CVE-2023-26098
-	RESERVED
+CVE-2023-26098 (An issue was discovered in the Open Document feature in Telindus Apsal ...)
+	TODO: check
 CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...)
 	TODO: check
 CVE-2023-26096
@@ -14777,10 +14835,10 @@ CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the
 	NOT-FOR-US: Nokia
 CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site  ...)
 	NOT-FOR-US: Nokia
-CVE-2023-26058
-	RESERVED
-CVE-2023-26057
-	RESERVED
+CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...)
+	TODO: check
+CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...)
+	TODO: check
 CVE-2023-0920
 	RESERVED
 CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter,  ...)
@@ -15561,8 +15619,8 @@ CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-ma
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25793
-	RESERVED
+CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...)
+	TODO: check
 CVE-2023-25792
 	RESERVED
 CVE-2023-25791
@@ -15953,8 +16011,8 @@ CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25710
-	RESERVED
+CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGI ...)
+	TODO: check
 CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR &#82 ...)
@@ -16836,8 +16894,8 @@ CVE-2023-25492
 	RESERVED
 CVE-2023-25491
 	RESERVED
-CVE-2023-25490
-	RESERVED
+CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
+	TODO: check
 CVE-2023-25489
 	RESERVED
 CVE-2023-25488
@@ -16846,10 +16904,10 @@ CVE-2023-25487
 	RESERVED
 CVE-2023-25486
 	RESERVED
-CVE-2023-25485
-	RESERVED
-CVE-2023-25484
-	RESERVED
+CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...)
+	TODO: check
+CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
+	TODO: check
 CVE-2023-25483
 	RESERVED
 CVE-2023-25482
@@ -16858,8 +16916,8 @@ CVE-2023-25481
 	RESERVED
 CVE-2023-25480
 	RESERVED
-CVE-2023-25479
-	RESERVED
+CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
+	TODO: check
 CVE-2023-25478
 	RESERVED
 CVE-2023-25477
@@ -17136,12 +17194,12 @@ CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When t
 	NOT-FOR-US: Faveo Helpdesk
 CVE-2023-25349
 	RESERVED
-CVE-2023-25348
-	RESERVED
-CVE-2023-25347
-	RESERVED
-CVE-2023-25346
-	RESERVED
+CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerabilit ...)
+	TODO: check
+CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3,  ...)
+	TODO: check
+CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5. ...)
+	TODO: check
 CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...)
 	NOT-FOR-US: swig-templates
 CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...)
@@ -17204,10 +17262,10 @@ CVE-2023-25316
 	RESERVED
 CVE-2023-25315
 	RESERVED
-CVE-2023-25314
-	RESERVED
-CVE-2023-25313
-	RESERVED
+CVE-2023-25314 (Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Netwo ...)
+	TODO: check
+CVE-2023-25313 (OS injection vulnerability in World Wide Broadcast Network AVideo vers ...)
+	TODO: check
 CVE-2023-25312
 	RESERVED
 CVE-2023-25311
@@ -20018,7 +20076,8 @@ CVE-2023-24370
 	RESERVED
 CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...)
 	NOT-FOR-US: UJCMS
-CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allo ...)
+CVE-2023-24368
+	REJECTED
 	NOT-FOR-US: Temenos
 CVE-2023-24367
 	REJECTED
@@ -21314,10 +21373,10 @@ CVE-2023-23840
 	RESERVED
 CVE-2023-23839
 	RESERVED
-CVE-2023-23838
-	RESERVED
-CVE-2023-23837
-	RESERVED
+CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...)
+	TODO: check
+CVE-2023-23837 (No exception handling vulnerability which revealed sensitive or excess ...)
+	TODO: check
 CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be susceptible to th ...)
 	NOT-FOR-US: SolarWinds
 CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...)
@@ -28367,8 +28426,8 @@ CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47609
 	RESERVED
-CVE-2022-47608
-	RESERVED
+CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
+	TODO: check
 CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47606
@@ -35025,8 +35084,8 @@ CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute Info ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45837
-	RESERVED
+CVE-2022-45837 (Reflected Cross-Site Scripting (XSS) vulnerability in Denis 微&# ...)
+	TODO: check
 CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45835
@@ -36760,8 +36819,8 @@ CVE-2022-45293
 	RESERVED
 CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire after bein ...)
 	NOT-FOR-US: Funkwhale
-CVE-2022-45291
-	RESERVED
+CVE-2022-45291 (PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 20 ...)
+	TODO: check
 CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...)
 	NOT-FOR-US: Kbase Doc
 CVE-2022-45289
@@ -47674,8 +47733,7 @@ CVE-2022-42337
 	RESERVED
 CVE-2022-42336
 	RESERVED
-CVE-2022-42335
-	RESERVED
+CVE-2022-42335 (x86 shadow paging arbitrary pointer dereference In environments where  ...)
 	- xen <unfixed> (bug #1034842)
 	[bullseye] - xen <not-affected> (Vulnerable code not present)
 	[buster] - xen <not-affected> (Vulnerable code not present)
@@ -52012,14 +52070,14 @@ CVE-2022-40727
 	RESERVED
 CVE-2022-40726
 	RESERVED
-CVE-2022-40725
-	RESERVED
-CVE-2022-40724
-	RESERVED
-CVE-2022-40723
-	RESERVED
-CVE-2022-40722
-	RESERVED
+CVE-2022-40725 (PingID Desktop prior to the latest released version 1.7.4 contains a v ...)
+	TODO: check
+CVE-2022-40724 (The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint ...)
+	TODO: check
+CVE-2022-40723 (The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS  ...)
+	TODO: check
+CVE-2022-40722 (A misconfiguration of RSA padding implemented in the PingID Adapter fo ...)
+	TODO: check
 CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
 	NOT-FOR-US: php uploader
 CVE-2022-40720 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -52678,8 +52736,8 @@ CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection v
 	NOT-FOR-US: Wedding Planner
 CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
 	NOT-FOR-US: Wedding Planner
-CVE-2022-40482
-	RESERVED
+CVE-2022-40482 (The authentication method in Laravel 8.x through 9.x before 9.32.0 was ...)
+	TODO: check
 CVE-2022-40481
 	RESERVED
 CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was dis ...)
@@ -77970,8 +78028,8 @@ CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL
 	NOT-FOR-US: Electrum
 CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to inject O ...)
 	NOT-FOR-US: mailcow
-CVE-2022-31244
-	RESERVED
+CVE-2022-31244 (Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows f ...)
+	TODO: check
 CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...)
 	NOT-FOR-US: Insyde
 CVE-2022-31242
@@ -101207,8 +101265,8 @@ CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne M
 	NOT-FOR-US: pingidentity
 CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...)
 	NOT-FOR-US: pingidentity
-CVE-2022-23721
-	RESERVED
+CVE-2022-23721 (PingID integration for Windows login prior to 2.9 does not handle dupl ...)
+	TODO: check
 CVE-2022-23720 (PingID Windows Login prior to 2.8 does not alert or halt operation if  ...)
 	NOT-FOR-US: PingID Integration for Windows Login
 CVE-2022-23719 (PingID Windows Login prior to 2.8 does not authenticate communication  ...)
@@ -107067,10 +107125,10 @@ CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) befor
 	NOT-FOR-US: ControlUp Real-Time Agent
 CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
 	NOT-FOR-US: ControlUp Real-Time Agent
-CVE-2021-44775
-	RESERVED
-CVE-2021-44465
-	RESERVED
+CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 ...)
+	TODO: check
+CVE-2021-44465 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
+	TODO: check
 CVE-2021-4187 (vim is vulnerable to Use After Free ...)
 	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -107650,20 +107708,20 @@ CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.
 	NOT-FOR-US: Rust crate derive-com-impl
 CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust.  ...)
 	NOT-FOR-US: Rust crate vec-const
-CVE-2021-45111
-	RESERVED
-CVE-2021-45071
-	RESERVED
-CVE-2021-44547
-	RESERVED
-CVE-2021-44476
-	RESERVED
+CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
+	TODO: check
+CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
+	TODO: check
+CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 all ...)
+	TODO: check
+CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+	TODO: check
 CVE-2021-44475
 	RESERVED
-CVE-2021-44461
-	RESERVED
-CVE-2021-44460
-	RESERVED
+CVE-2021-44461 (Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise  ...)
+	TODO: check
+CVE-2021-44460 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
+	TODO: check
 CVE-2021-4178 (A arbitrary code execution flaw was found in the Fabric 8 Kubernetes c ...)
 	NOT-FOR-US: fabric8io/kubernetes-client
 	NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
@@ -107674,16 +107732,16 @@ CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input
 	NOT-FOR-US: livehelperchat
 CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
-CVE-2021-26947
-	RESERVED
-CVE-2021-23186
-	RESERVED
-CVE-2021-23178
-	RESERVED
-CVE-2021-23176
-	RESERVED
-CVE-2021-23166
-	RESERVED
+CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
+	TODO: check
+CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+	TODO: check
+CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
+	TODO: check
+CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec module in O ...)
+	TODO: check
+CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+	TODO: check
 CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
 	NOT-FOR-US: Rust crate acc_reader
 CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
@@ -135485,10 +135543,10 @@ CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy, noVN
 	[stretch] - nova <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1927677
 	NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
-CVE-2021-26263
-	RESERVED
-CVE-2021-23203
-	RESERVED
+CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 ...)
+	TODO: check
+CVE-2021-23203 (Improper access control in reporting engine of Odoo Community 14.0 thr ...)
+	TODO: check
 CVE-2021-23184
 	RESERVED
 CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822a10814ff863e26684ae6884da0611abb1ced

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822a10814ff863e26684ae6884da0611abb1ced
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230425/b3bcb2b8/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list